Have you ever wanted to run a quick test of egress ports from userland from a windows machine?

Well worry not, I didn’t even have to write anything, the nice people at Black Hills security have done it for us. However I did decide that there’s a few other things we might want to do, so I made a quick modification, now we have colours, randomisation and some sleeps.

# Test Risky Egress - mRr3b00t
# based off https://www.blackhillsinfosec.com/poking-holes-in-the-firewall-egress-testing-with-allports-exposed/
# added colours and randomisation
write-host "Checking Risky Ports" -ForegroundColor Cyan
Get-Date
$portlist = @()
$portlist = (21,22,80,443,8080,25,53,445,137,138,138,3389,5965,5966,666, 50050)

$portlist = $portlist | Sort-Object {Get-Random}

foreach($port in $portlist){
write-host "Testing TCP: $port" -ForegroundColor Gray
write-host "Sleeping..." -ForegroundColor Cyan
$sleeptime = Get-Random -Minimum 1 -Maximum 20
sleep -Seconds $sleeptime
$port |% {$test= new-object system.Net.Sockets.TcpClient; $wait =$test.beginConnect("allports.exposed",$_,$null,$null); ($wait.asyncwaithandle.waitone(250,$false)); if($test.Connected){write-host "$_ open" -ForegroundColor red }else{write-host "$_ closed" -ForegroundColor Green}} | select-string " "
}

Thanks to https://www.blackhillsinfosec.com/poking-holes-in-the-firewall-egress-testing-with-allports-exposed/ and a little bit of extra sauce we have some egress testing. There’s a ton of other fun things you could do with this as well 😉