Does Elixir have any modules that facilitate checking for open ports?

SoldierCoder · April 24, 2025, 2:16am

I recently took a course and completed a certification from INE as a Enterprise Defense Administrator. To understand the role one has to understand how an attacker learns about a network, scans for vulnerabilities, exploits those vulnerabilities and exfiltatres and or damages your data according to their motives. So I am wondering, does Elixir have any modules that facilitate checking for open ports? Trying to establish connections via the 3-way handshake? Figuring out which OS is running on a particular server or which version of software is being used for that software or service?

muelthe · April 24, 2025, 7:27am

Perhaps not the answer you’re looking for, but a good place to start might be System?

Whilst not necessarily Elixir-specific, you do have functions such as cmd/3 that give you the ability to interact with the host and run system commands (System — Elixir v1.18.3)

There are a few good resources that may guide you to a better answer, such as Erlang Ecosystem Foundation - Supporting the BEAM community and https://paraxial.io/

hauleth · April 24, 2025, 7:30am

Testing for open ports is quite easy (assuming that you want just check if the port is actively listened to). I once have created toy project to check how fast it would be to compare it against someones implementation of similar thing in Rust. They haven’t used any form of concurrency though, so it was slow as heck. But here you are with quick and dirty TCP checker:

defmodule PortScan do
  def run(targets, ports) do
    to_scan =
      for target <- targets,
        port <- ports,
        do: {target, port}

    Task.async_stream(to_scan, fn {host, port} ->
      case :gen_tcp.connect(String.to_charlist(host), port, [active: false, mode: :binary], 20_000) do
        {:ok, sock} ->
          :gen_tcp.close(sock)
          {host, port}
        {:error, err} when err in [:timeout, :econnrefused] ->
          nil
      end
    end, ordered: false, max_concurrency: 5_000, timeout: :infinity)
    |> Enum.sort()
    |> Enum.map(fn
      {:ok, {target, port}} -> "#{inspect(target)} -> #{port}\n"
      _ -> []
    end)
    |> IO.puts()
  end
end

dimitarvp · April 24, 2025, 9:59am

Was that scanner the one you tried?

hauleth · April 24, 2025, 11:25am

No, it was some toy scanner that someone posted on one of the Discord servers. Nothing serious like this one (TBH my code also isn’t serious, it is just PoC of how you can do it fairly fast in Elixir).

EDIT: Found the project, it is in C++ not Rust, but the thing still stands.

entone · April 24, 2025, 4:31pm

A quick search on hex.pm for “nmap” returned this hades | Hex

SoldierCoder · April 24, 2025, 6:16pm

Thanks for your answer. Is there an Elixir equivalent to the Erlang Ecosystem Foundation?

SoldierCoder · April 24, 2025, 6:19pm

OMG, such a perfect find! Thank you very much!

LostKobrakai · April 24, 2025, 6:22pm

The erlang ecosystem the foundation is about includes elixir.

muelthe · April 24, 2025, 10:17pm

They support other BEAM languages. I read an article just recently about their involvement with Gleam and the work done to assist with the process of supply chain security and just recently they’ve taken responsibility of a great resource for security coding that is specific to Elixir (GitHub - erlef/elixir-secure-coding: An interactive cybersecurity curriculum designed for enterprise use at software companies using Elixir).