A Port Scanner using ActionScript 3 Socket in Macromedia Flash Player 8.5 alpha

I just wrote a simple port-scanner in AS3(ActionScript 3) using flash.net.Socket class in Macromedia Flash Player 8.5 alpha. I have used Macromedia FlexBuilder 2 alpha to create the user-interface but most of the code is in AS3.
I have used my own logic for port-scanning, I am not aware how it is done in actual port-scanners. Since it is a simple example, which means I have not taken care of performance, error-handling, user-input-validation etc.
I was looking for a port-scanner on internet and then this idea popped up. It works for me. I can check which all ports on my system are open. I can also check for open ports on a remote-host as well.
Here is code:


<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" xmlns="*" width="600" height="600">
<mx:Script>
<![CDATA[
import flash.net.*;
import flash.events.*;
private var socket:Socket;
private var currentPort:uint;
private var toPort:uint;
private function createSocket():void
{
socket = new Socket();
socket.addEventListener("connect", socket_connect);
socket.addEventListener("ioError", socket_ioError);
}
private function deleteSocket():void
{
socket.removeEventListener("connect",socket_connect);
socket.removeEventListener("ioError", socket_ioError);
socket.close ();
}
private function startScanning():void
{
createSocket();
currentPort = uint(fromPort_ti.text);
toPort = uint(toPort_ti.text);
scanPort(currentPort);
}
private function scanPort(port:uint):void
{
if(port <= toPort)
{
status.text = "Scanning port:" + port + "\n";
socket.connect(host.text, port);
enableControls(false);
}
else
{
enableControls(true);
deleteSocket();
status.text = "Scanning complete..";
}
}
private function socket_connect(event:Event):void
{
openPorts_ta.text += currentPort + "\n";
currentPort++;
socket.close();
scanPort(currentPort);
}
private function socket_ioError(event:IOErrorEvent):void
{
/*
Not sure, when there is ioError I am not able to reuse same socket object.
So deleting current socket object and recreating another socket object...
*/
deleteSocket();
createSocket();
scanPort(++currentPort);
}
private function enableControls(bEnable:Boolean):void
{
host.enabled = bEnable;
toPort_ti.enabled  = bEnable;
fromPort_ti.enabled = bEnable;
scanButton.enabled = bEnable;
}
]]>
</mx:Script>
<mx:Form>
<mx:FormItem label="Host:"><mx:TextInput id="host" text="127.0.0.1"/></mx:FormItem>
<mx:FormItem label="Start port:"><mx:TextInput id="fromPort_ti" text="1"/></mx:FormItem>
<mx:FormItem label="To port:"><mx:TextInput id="toPort_ti" text="65535"/></mx:FormItem>
<mx:FormItem><mx:Button id="scanButton" label="Start Scannning" click="startScanning()"/></mx:FormItem>
</mx:Form>
<mx:VBox>
<mx:Label text="Open Ports:"/>
<mx:TextArea id="openPorts_ta" width="400" height="250"/>
<mx:Label id="status"/>
</mx:VBox>
</mx:Application>


Download file


Update: This post was written when Adobe Flash Player 9 was not released and was known as Flash Player 8.5. I have updated the code for Adobe Flash Player 9.

  • Peter

    Since the scanning will be running locally from your machine, a scan on your own computer may not necesarily be correct, considering firewalls etc… Or am I wrong?

  • Nice! She works here G. Slooowwwww though. Thinking maybe I could open 5 sockets at a time, and then check each rather than 1 at a time? Know what the limit is or is it just system resources?

  • Peter- It worked on a remote-host(my workstation in office) from my home. It is simple example and I don’t really know how a port scanner should work. In case of firewalls or Intrusion detections it might not work or show port is closed…Which is right IMO. BTW! port-scanning remote-hosts is not good thing, one can use it locally or own-machines to check open-ports.
    There are better port scanners available, so I wont suggest using this. I just wanted to show that we can do such things using AS3 and Macromedia Flash Player 8.5
    Jesse- Yeah it is slow, I think it is because of the Socket works(asynchronous in Flash Player. I am sure, someone can write faster ones…
    But you are right, you can divide the port-range and start scanning using different Socket objects, it would surely take more resource and might speed up things…But since Flash Player is single threaded, I am not sure how much speed we can achieve..
    -abdul

  • pepe

    Could I ask you a Question??
    I got an error in scaning local port 1.
    It’s security something.
    [Error #2044: Unhandled SecurityErrorEvent: text=Error
    #2048: Security sandbox violation: ‘http://127.0.0.1/cfide/samples/portscan/PortScan.swf’ may not load data from ‘127.0.0.1:1’.]
    How should I change crossdomain.xml??
    or
    Should I change coldfusionsamples.xml??

  • pepe

    Could I ask you a question? I got a error in scaning local port 1. It said [Security sandbox violation]. What should I modify for this error??

  • pepe- I think, you need to run the SWF in standalone player. If you are using FlexBuilder 2 to compile the application, SWF would be able to access local as well as data from internet.
    If you are compiling using command-line mxmlc, then you need to use LocalContentUpdate utility to update SWF so that it can access local/internet data..
    -abdul

  • Peter

    Basically what I tried to say was that I suspect that you might get a
    different result targeting your own machine if the application is run on
    another machine than your own (the target machine), because of firewall
    and/or network configurations. It’s not my expertise however so I’m not
    sure. Nice demo of a very cool AS3 function in any case!

  • tm

    I don’t know if this is related but could I use this technique to send the host ID of a computer to an email address evey time a flash file is executed?

  • Not sure how would you find the host-id? But you can can use Socket to connect to POP3 etc..
    But there is good security sandbox around it..
    -abdul

  • Hey all,

    I wrote a simple Flash TCP/IP port scanner a few years back now. You can scan any remote port, domain, server or your own machine (default). A range can be selected so that you can check common ports.

    It employs PHP fsock functions as the backend and logs every scan as a simple text file on the server.

    It’s also rather slow. You can see it in action here:

    http://www.flashwebservices.co.uk/apps/flashport/

    Cheers.