Usually such tools as telnet, nmap or nc are used to find listening remote ports. However nmap and netcat are not included in default Linux installation, telnet is good for manual testing and is not friendly for scripting task. So sometime I am using cURL or wget to get information about open ports on remote devices, even for ports not related to http servers. If cURL connects to not http tcp port it tries to send http request, but does not receive expected http response or does not get any response at all, but the fact of connection can be registered.
There are 4 possible scenarios of connection to not http port with cURL.
1. Not connected to remote host (server is down or not exist)
Curl –-limit-rate 2000B Using a proxy to connect. Very handy if you are working on the DMZ server where you need to connect to the external world using a proxy. Curl -proxy yourproxy:port Test URL with injecting header. You can use curl by inserting a header with your data to test or troubleshoot the. DESCRIPTION curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user interaction. Curl will normally always first attempt to use EPRT, then LPRT before using PORT, but with this option, it will use PORT right away. EPRT and LPRT are extensions to the original FTP protocol, may not work on all servers but enable more functionality in a better way than the traditional PORT command. ./keycloak-curl.sh host:port realm username client It will prompt for the user password. You can use the JWT token for accessing secured resource or API endpoint sending token as an Authorization. I don't yet have the reputation necessary to comment on the post that claims curl isn't for ssh or telnet. That is not accurate. Curl handles a multitude of protocols, including telnet, ssh, scp, sftp, ftps, and more. This is the correct syntax for curl: curl -v telnet://127.0.0.1:22.
# curl -I –connect-timeout 10 http://10.195.18.1:3389 curl: (28) connect() timed out! |
2. Server is on but port 3389 is not open:
# curl -I --connect-timeout 10 http://10.195.18.10:3389 curl: (7) couldn't connect to host |
3. cURL connects to port 3389, sends GET http request, server does not properly responds and disconnects:
# curl -I --connect-timeout 10 http://10.195.18.19:3389 curl: (56) Failure when receiving data from the peer |
4. cURL connects to port 3389, sends GET http request and waits for response but server does not respond:
# curl -I --connect-timeout 10 --max-time 10 http://10.195.18.19:135 curl: (28) Operation timed out after 10002 milliseconds with 0 out of -1 bytes received |
Below is Linux script how to use cURL for port scanning:
#! /bin/bash start_message() { echo 'Correct argument required, IP range and port' echo 'Example: 192.168.1.0-127:1234' exit 1 } echo 'Pinging IP range' |
The script was tested on CentOS and Ubuntu devices. The script also can be downloaded from there.
Example of script execution:
1. Scanning port 3389 for IP range from 10.195.18.1 to 10.195.18.50
# ./curlscan.sh 10.195.18.1-50:3389 Connect this IP range and port: 10.195.18.1-50:3389 10.195.18.13. Listening on port 3389 10.195.18.17. Listening on port 3389 10.195.18.19. Listening on port 3389 10.195.18.21. Listening on port 3389 10.195.18.22. Listening on port 3389 10.195.18.23. Listening on port 3389 10.195.18.32. Listening on port 3389 10.195.18.33. Listening on port 3389 10.195.18.35. Listening on port 3389 10.195.18.36. Listening on port 3389 10.195.18.37. Listening on port 3389 10.195.18.38. Listening on port 3389 10.195.18.41. Listening on port 3389 10.195.18.42. Listening on port 3389 10.195.18.43. Listening on port 3389 10.195.18.49. Listening on port 3389 |
2. Scanning port 135 for IP range from 10.195.18.1 to 10.195.18.50
# ./curlscan.sh 10.195.18.1-50:135 10.195.18.190-250:135 Connect this IP range and port: 10.195.18.1-50:135 10.195.18.13. Listening on port 135 10.195.18.16. Listening on port 135 10.195.18.17. Listening on port 135 10.195.18.19. Listening on port 135 10.195.18.21. Listening on port 135 10.195.18.22. Listening on port 135 10.195.18.23. Listening on port 135 10.195.18.32. Listening on port 135 10.195.18.33. Listening on port 135 10.195.18.35. Listening on port 135 10.195.18.36. Listening on port 135 10.195.18.37. Listening on port 135 10.195.18.38. Listening on port 135 10.195.18.41. Listening on port 135 10.195.18.42. Listening on port 135 10.195.18.43. Listening on port 135 10.195.18.45. Listening on port 135 10.195.18.49. Listening on port 135 |
Test TCP connectivity with curl
You probably know about curl command: it’s great for downloading web pages or files from a Unix command line. But there’s another great usage curl command has: testing TCP ports connectivity.
Say, you’re helping with some firewall changes and need to confirm that connection from your server to some remote host and specific TCP port still works.
Here’s how you can do it using curl command and its telnet functionality.
Test SSH port connection with curl
In this example, SSH connection works because:
- We get the “Connected” status
- We see the SSH version prompt: SSH-2.0-OpenSSH_7.4
Test jBoss port 8080 with curl
This scenario shows that connection is refused (probably because there’s no service running on that port).
IMPORTANT: you would probably get a different message if firewall blocks the 8080 port. Connection refused is a clear sign that port is accessible, but nothing’s responding on it.
See Also
- Using wget and curl
- iptables: keep rules after reboot
Curl Specify Port