One thing that I often like to build as a sort of starter project is a simple port scanner, which you can use to determine which ports are open on a given server.

To show how this works, let's go ahead and create a simple project called port scanner. And I'm going to go in and use the

go mod init dreamsofco.io/portscan

Again, we're going to create a main function, which will pretty much look the same as we've already had in this video. Import the net package and func main. Again, then in order to do this, we want to take a host name, a host, which we're going to set as the os.args[1] as follows. We should do some error handling here in a production setting, but for this video, if we don't pass in an argument, we're happy to just panic.

Then for our port scanner to work, we're going to want to iterate over every port on the given host, which there are 65536. Well, there are 35 in total, but we want to go up to 65536, using the for i := range. Let's go ahead and change this to be the port to make it a little easier to understand. Then in order to connect, we can use the

net.Dial

function. In this case, we're only going to check open ports on the TCP protocol, which we can do as follows. Then for the address, we can use the fmt.Sprintf method, passing in the host followed by the actual port itself, which in this case, we can then pass host and port. Then we can do

con, err := 

as follows. Then next, let's do the if err function. If we have an error, we'll just continue. Otherwise, we can close this connection using

defer con.Close

just to tidy up resources. We'll do printf, passing in the port, and we need to use a new line character. With that, we can go ahead and now test our port scanner.

Now, if we go ahead and run against localhost using the following command, you can see that there should be a number of ports open on your system. If we go ahead and back to our echo server and use the

go run

commands, which opens up port 8080, then we can go ahead and run our port scanner again. You can see that this time 8080 should appear on the actual port list. As well as scanning localhost, you can also use this to scan remote hosts as well. However, be advised, you should only ever run port scanning against machines that you either own or explicitly have permission to do so.

One machine, which I actually own, is the zenful.cloud domain name, which is a VPS that I've used inside of my YouTube videos. Whilst this server is up and running, you can go ahead and actually use this. Whilst this server is up and running and maintained by myself, you can go ahead and use this in your own port scanning adventures, which you can do as follows. However, when I go to run this, you can see not much is actually happening. Instead, we're actually blocked.

In order to see what's happening, let's go ahead and print out the port that we're currently on, to see if we're actually making any progress. Now, when I go and run this again, you can see that our port scanner is scanning port 0, and then getting stuck. This is because the VPS that is running the zenful.cloud domain name actually has a firewall set up, which means that any ports that aren't allowed by this firewall are initially stuck. Therefore, in order to resolve this, we can use another function of the net package, which is the DialTimeout function, which will take a timeout, which takes a time.Duration to timeout the request by, if it doesn't receive a response.

Let's go ahead and set this to be

time.Second

which means if we don't receive a response within a second, we'll timeout. Additionally, to make sure that I can see that everything is progressing, let's go ahead and actually print out the port number. Now, if we go ahead and run this, you can see after each second, we're scanning each initial port, climbing through them one by one.

However, as you can tell, this is rather slow. Given how many ports there are on there, it will take quite a long time to scan every port to see which ones are open. As you can see, when we get to port 22, it does tell us that this port is open, which is the port I have set up for SSH. So, how can we actually speed this up? One way we can do this is to reduce the actual timeout that we want, although a second feels like a good amount of time to really be sure that the port isn't running. Therefore, another way we can do this is to make use of concurrency. Let's go ahead and use concurrency to speed up this operation.

If we first create a wait group as follows, then use the

wg.Add

command and run our actual connection code inside of a goroutine as follows, making sure to defer the wait group and we'll return instead of continuing. Then all that we need to do is use the

wg.Wait

command. Now, it should only take a second for us to scan every port. However, when I run this, you'll see that we only receive port 22 as being open, which isn't actually correct, as I also have port 80 and port 443 open on this machine as well. To prove so, let me go ahead and change this code as follows. There's

range

and we'll do a slice of

int{80, 443}

Yeah, we don't need the i here. Now, when I run this code, you should see that both ports are defined as open. To see why this isn't working, let's revert back to ranging over every port and log out the error of why we're not actually working. Now, when I go ahead and run this code, you'll see we're receiving a number of IO timeouts. This is because we're trying to open too many services at the same time.

Therefore, in order to solve this, rather than trying to connect to every port all at once using a goroutine, we should instead constrain the number of ports we try to access at once. In Go, there are a number of different ways to do this. However, my favorite way is to use the

slices.Chunk

function, which allows you to return an iterator that will iterate over consecutive subslices of a slice. Therefore, let's begin by putting all of the ports inside of an actual slice called

ports

which we can set to the size of or set to the capacity of 65535. Then, in order to populate each port, as we iterate over, we can just go ahead and append each port as follows.

ports = append(ports, port)

Next, let's go ahead and use the

slices.Chunk

method to iterate over these port values in subslices of 10, which we can do as follows. Let's make sure to use the range keyword as we have here. Then, for each of the subslices, we're going to want to perform concurrency on each one. So, we can do another for loop inside, which is

for ports := range excess {

And our code is as follows. We also want to make sure that we use a wait group here. Let's go ahead and set this wait group at this point. Now, if we go ahead and run this code using the

go run

command, passing in our zenful.cloud, we should now only have concurrency of 10 ports at a time, which means we won't overwhelm both either our machine or the remote server with too many network requests. And we should be able to scan each port in a reasonable amount of time. Although, doing 10 ports a second is still pretty long.

That covers the basics of using the net package. Whilst it's a great package for things such as DNS resolution or simple TCP UDP networking, if you want to start doing more advanced networking things such as TLS or HTTP, then it's much more preferable to use one of the dedicated packages for it in the standard library. For example, using the

net/http

package when it comes to working with HTTP requests. Which is what we'll take a look at in the next lesson where we create an HTTP client. I'll see you there.