Netmap.js: A Browser-Based Network Discovery and Port Scanning Tool
Motivation
As a developer, I often need a browser-based port scanner to handle my job. However, most existing modules are either inaccurate, slow, or not compatible with modern browsers. In this article, I’ll introduce Netmap.js, an optimized “ping” sweeper and TCP scanner that’s suitable for all modern browsers.
Quick Start
To get started with Netmap.js, you can install it using npm:
npm install --save netmap.js
Find Real-Time Hosts
To find real-time hosts on your local network, you can use the pingSweep method:
import NetMap from 'netmap.js';
const netmap = new NetMap();
const hosts = ['192.168.0.1', '192.168.0.254', '192.168.1.1', '192.168.1.254'];
netmap.pingSweep(hosts)
.then(results => {
console.log(results);
});
Host 192.168.1.1 is currently active.
TCP Port Scan
To perform a TCP port scan on a host, you can use the tcpScan method:
import NetMap from 'netmap.js';
const netmap = new NetMap();
const hosts = ['192.168.1.1', '192.168.99.100', 'google.co.uk'];
const ports = [80, 443, 8000, 8080, 27017];
netmap.tcpScan(hosts, ports)
.then(results => {
console.log(results);
});
Port Scan Results
The port scan results will indicate whether each port is open or closed. The results will also include the delta value, which represents the time it took for the browser to throw an error.
Port Blacklist
Netmap.js has a built-in blacklist of ports that are not supported by the browser. If you try to scan a port that’s on the blacklist, the scan will return a timeout.
Limitations
Netmap.js has some limitations, including:
- No TCP RST: Some hosts, such as Google’s servers, will not return a TCP RST packet when a port is closed. In this case, the
pingSweepmethod will not be reliable. - WebSockets and Ajax: While it’s possible to use WebSockets and Ajax to perform a network scan, the results will be unreliable.
Theory
The Netmap.js module uses the Image object to request cross-origin resources (test series http:// {host}: {port} URLs). The browser will throw an error or take longer to raise an error depending on the status of the host and port.
Standard Case
In the standard case, when attempting to connect to a closed port, the active host will typically use a TCP RST packet to respond relatively quickly. If the port is open, the browser will take longer to raise an error.
No TCP RST Case
Some hosts, such as Google’s servers, will not return a TCP RST packet when a port is closed. In this case, the pingSweep method will not be reliable.
WebSockets and Ajax
While it’s possible to use WebSockets and Ajax to perform a network scan, the results will be unreliable.
Netmap.js Constructor
The Netmap.js constructor takes an object that allows you to configure the options:
protocol: The scanning protocol (default is http)timeout: The port connection timeout (default is 1000 milliseconds)
import NetMap from 'netmap.js';
const netmap = new NetMap({
protocol: 'http',
timeout: 3000
});
Ping Sweep Method
The pingSweep method determines whether a given valid host array is connected to the main port by checking whether the time-out is achieved.
netmap.pingSweep([ '192.168.1.1'], {
maxConnections: 5,
port: 80
})
.then(results => {
console.log(results);
});
TCP Scan Method
The tcpScan method performs a port scan against a range of targets.
netmap.tcpScan([ '192.168.1.1'], [80, 27017], {
maxConnections: 5,
portCallback: result => {
console.log(result);
},
controlPort: 45000,
controlRatio: 0.8
})
.then(results => {
console.log(results);
});
I hope this article has provided a comprehensive overview of Netmap.js and its features. If you have any questions or need further assistance, please don’t hesitate to ask.