The Reverse Port Scan

Have you ever wanted to know which outbound ports are open in your school’s/workplace’s firewall? I know I have. And it always frustrated me that finding out seems like an impossible task. And it isn’t really that odd, either, as you would need a host listening on every single port from 1 to 65535 that you could attempt to connect to in order to find out if the firewall would let you through. Well, I’ve come up with a solution.

In an attempt to find out which outbound ports are open in my university’s firewall, I developed a small test suite consisting of 2 PHP scripts – a client and a server. The server script must be run on a host that has pretty much unrestricted access to the Internet. If you’re running it at home, on a host behind a NAT router, I recommend configuring it as the “DMZ host” on the router, as that basically forwards all ports to it.

The suite then works by having the client send a request to the server to open a specific port range to be tested. The client then attempts to connect to these, and when done, it requests the next range, until every port is tested. The server may discover that it is unable to open certain ports due to other services running on the host, and the client will be notified. These will show up as “Untested ports” in the test results.

Please take a look at each file in your favorite text editor – there are a few settings you probably need to adjust, including the server host name, last port to test and such.

Download here

Note: You will need the PHP interpreter to run the scripts. You can get a Windows build here. Also, you must enable the Sockets and cURL extensions for it to work.

Tip: If you have a dynamic IP address on your Internet connection, you can use services such as No-IP to get a dynamic DNS domain that always points home.

Warning: I made no attempts to implement any sort of security into this test suite, so you shouldn’t leave it running for any longer than absolutely necessary, nor can I recommend permanently having your computer as “DMZ host”.

Update: To test single ports without having to set up your own server, you can use http://portquiz.positon.org/