PortScanner (remote-method-guesser 5.1.0 API)

java.lang.Object
- eu.tneitzel.rmg.operations.PortScanner

```
public class PortScanner
extends Object
```
The PortScanner class implements a simple RMI service scan that can be used to identify RMI endpoints on a target. By default, it takes a list of ports from the remote-method-guesser configuration file and attempts to perform an RMI call on them. Calls are first dispatched without TLS, but for each port that is open and that does not behave like an RMI port for plain text connections, a second attempt with TLS is made. The PortScanner class is not meant to be used as a replacement for tools like nmap. It is e.g. less reliable, as it does not implement retries and may misses some open ports. However, it can still be useful in certain situations. A common scenario is, that you encounter a product that is often deployed together with RMI services like e.g. JBoss. Or that you already encountered a non registry RMI port and just want to know where the registry is located. In these cases, a quick port scan that only targets common RMI ports using RMI service probes might be a good choice. Concerning TLS protected ports, the PortScanner class might even be more reliable than nmap regarding the service detection. In the past, we encountered several TLS protected RMI ports where nmap was unable to detect the service correctly.

Author:

Tobias Neitzel (@qtc_de)

Constructor Summary

Constructors
Constructor	Description
`PortScanner(String host, int[] rmiPorts)`	The PortScanner class obtains the target host as a String and the ports to scan as an array of int.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`int`	`portScan()`	Performs the port scan.
`static void`	`setSocketTimeouts(int read, int connect)`	Set the socket timeout values.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - PortScanner
```
public PortScanner(String host,
                   int[] rmiPorts)
```
    The PortScanner class obtains the target host as a String and the ports to scan as an array of int.
    
    Parameters:
    
    host - target for the port scan
    
    rmiPorts - ports to scan
- Method Detail
  - portScan
```
public int portScan()
```
    Performs the port scan. For each port to scan a PortScanWorker is created and is executed within a ThreadPool. The function may performs two runs per port. In the first run, a plain text connection is attempted. Closed ports are ignored, but for open ports that do not behave like RMI ports on a plain text connection, a second attempt using TLS is made. The function uses a ForkJoinPool as ExecutorService, as the TLS scans are dispatched by the non TLS worker threads.
    
    Returns:
    
    number of identified open ports as int
  - setSocketTimeouts
```
public static void setSocketTimeouts(int read,
                                     int connect)
```
    Set the socket timeout values. By default, RMI connections have long connect and read timeouts, which makes the defaults difficult to use for portscans.
    
    Parameters:
    
    read - timeout for read operations on the sockets
    
    connect - timeout for the initial socket connect