TCP Scanning

If you cannot get your own tools onto an Oracle server, why not use it to do your scanning for you by creating a procedure.  It may not be fast but should get you the results you require. This procedure is documented on several sites and was also demonstrated on the Blackhat Breaking into Oracle Server class given by David Litchfield of NGS Software.

CREATE OR REPLACE PACKAGE TCP_SCAN IS
PROCEDURE SCAN(HOST VARCHAR2, START_PORT NUMBER, END_PORT NUMBER, VERBOSE NUMBER DEFAULT 0);
PROCEDURE CHECK_PORT(HOST VARCHAR2, TCP_PORT NUMBER, VERBOSE NUMBER DEFAULT 0);
END TCP_SCAN;
/
SHOW ERRORS

CREATE OR REPLACE PACKAGE BODY TCP_SCAN IS PROCEDURE SCAN(HOST VARCHAR2, START_PORT NUMBER, END_PORT NUMBER, VERBOSE NUMBER DEFAULT 0) AS I NUMBER := START_PORT;
BEGIN
FOR I IN START_PORT..END_PORT LOOP
CHECK_PORT(HOST,I,VERBOSE);
END LOOP;

EXCEPTION WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('An error occured.');
END SCAN;

PROCEDURE CHECK_PORT(HOST VARCHAR2, TCP_PORT NUMBER, VERBOSE NUMBER DEFAULT 0) AS
CN SYS.UTL_TCP.CONNECTION;
NETWORK_ERROR EXCEPTION;
PRAGMA EXCEPTION_INIT(NETWORK_ERROR,-29260);
BEGIN
DBMS_OUTPUT.ENABLE(1000000);
CN := UTL_TCP.OPEN_CONNECTION(HOST, TCP_PORT);
DBMS_OUTPUT.PUT_LINE('TCP Port ' || TCP_PORT || ' on ' || HOST || ' is open.');

EXCEPTION WHEN NETWORK_ERROR THEN
IF VERBOSE !=0 THEN
DBMS_OUTPUT.PUT_LINE('TCP Port ' || TCP_PORT || ' on ' || HOST || ' is not open.');
END IF;
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('There was an error.');

END CHECK_PORT;

END TCP_SCAN;
/
SHOW ERRORS
 

The procedure in text only format can be found here.

Expected output:

SQL> set serveroutput on
SQL> exec tcp_scan.scan('192.168.0.25',130, 140);
TCP Port 135 on 192.168.0.24 is open.
TCP Port 135 on 192.168.0.18 is open.
TCP Port 139 on 192.168.0.18 is open.
TCP Port 135 on 192.168.0.17 is open.
TCP Port 139 on 192.168.0.17 is open.
TCP Port 135 on 192.168.0.25 is open.
TCP Port 135 on 192.168.0.25 is open.

PL/SQL procedure successfully completed.