{"id":353793,"date":"2024-09-20T13:42:44","date_gmt":"2024-09-20T13:42:44","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/detectar-puertos-abiertos\/"},"modified":"2024-10-13T19:02:32","modified_gmt":"2024-10-13T19:02:32","slug":"detectar-puertos-abiertos","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/es\/script-hub\/detectar-puertos-abiertos\/","title":{"rendered":"C\u00f3mo utilizar PowerShell para detectar puertos abiertos y establecidos en Windows"},"content":{"rendered":"

En el panorama en constante evoluci\u00f3n de la seguridad y la gesti\u00f3n de TI, es crucial supervisar la actividad de la red e identificar posibles vulnerabilidades. Los puertos abiertos pueden servir como puntos de entrada para accesos no autorizados, por lo que es vital que los profesionales de TI los auditen y gestionen con regularidad.<\/p>\n

PowerShell<\/a>, con sus potentes capacidades de scripting, ofrece una forma flexible y eficaz de supervisar estos puertos. En este post, exploraremos un script PowerShell dise\u00f1ado para\u00a0detectar puertos abiertos y establecidos en un sistema Windows<\/strong>, discutiremos sus aplicaciones pr\u00e1cticas y proporcionaremos informaci\u00f3n sobre su funcionamiento y uso.<\/p>\n

Comprender la necesidad de la vigilancia portuaria<\/h2>\n

Los puertos son un aspecto esencial de la comunicaci\u00f3n en red, ya que permiten que diferentes servicios y aplicaciones interact\u00faen entre s\u00ed a trav\u00e9s de una red. Sin embargo, los puertos abiertos, especialmente los que no se supervisan activamente, pueden convertirse en riesgos para la seguridad.<\/p>\n

Los ciberdelincuentes suelen aprovecharse de estas vulnerabilidades para obtener acceso no autorizado a los sistemas. Esto hace que sea imperativo para los profesionales de TI, en particular los de los proveedores de servicios gestionados (MSP)<\/a>, auditar regularmente su red en busca de puertos abiertos, asegur\u00e1ndose de que s\u00f3lo los puertos necesarios est\u00e1n abiertos y escuchando.<\/p>\n

Este script PowerShell est\u00e1 dise\u00f1ado para ayudar a los profesionales de TI a detectar puertos abiertos y establecidos autom\u00e1ticamente y proporcionar informaci\u00f3n detallada sobre ellos. Tambi\u00e9n puede guardar los resultados en un campo personalizado, lo que facilita el seguimiento y la documentaci\u00f3n.<\/p>\n

El script para detectar puertos abiertos y establecidos<\/h2>\n
#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    Alert on specified ports that are Listening or Established and optionally save the results to a custom field.\r\n.DESCRIPTION\r\n    Will alert on open ports, regardless if a firewall is blocking them or not.\r\n    Checks for open ports that are in a 'Listen' or 'Established' state.\r\n    UDP is a stateless protocol and will not have a state.\r\n    Outputs the open ports, process ID, state, protocol, local address, and process name.\r\n    When a Custom Field is provided this will save the results to that custom field.\r\n\r\n.EXAMPLE\r\n    (No Parameters)\r\n    ## EXAMPLE OUTPUT WITHOUT PARAMS ##\r\n    [Alert] Found open port: 80, PID: 99, State: Listen, Local Address: 0.0.0.0, Process: nginx\r\n    [Alert] Found open port: 500, PID: 99, State: Listen, Local Address: 0.0.0.0, Process: nginx\r\n\r\nPARAMETER: -Port \"100,200,300-350, 400\"\r\n    A comma separated list of ports to check. Can include ranges (e.g. 100,200,300-350, 400)\r\n.EXAMPLE\r\n    -Port \"80,200,300-350, 400\"\r\n    ## EXAMPLE OUTPUT WITH Port ##\r\n    [Alert] Found open port: 80, PID: 99, State: Listen, Local Address: 0.0.0.0, Process: nginx\r\n\r\nPARAMETER: -CustomField \"ReplaceMeWithAnyMultilineCustomField\"\r\n    Name of the custom field to save the results to.\r\n.EXAMPLE\r\n    -Port \"80,200,300-350, 400\" -CustomField \"ReplaceMeWithAnyMultilineCustomField\"\r\n    ## EXAMPLE OUTPUT WITH CustomField ##\r\n    [Alert] Found open port: 80, PID: 99, State: Listen, Local Address: 0.0.0.0, Process: nginx\r\n    [Info] Saving results to custom field: ReplaceMeWithAnyMultilineCustomField\r\n    [Info] Results saved to custom field: ReplaceMeWithAnyMultilineCustomField\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Supported Operating Systems: Windows 10\/Windows Server 2016 or later with PowerShell 5.1\r\n    Release Notes: Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#>\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [String]$PortsToCheck,\r\n    [String]$CustomFieldName\r\n)\r\n\r\nbegin {\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n    function Set-NinjaProperty {\r\n        [CmdletBinding()]\r\n        Param(\r\n            [Parameter(Mandatory = $True)]\r\n            [String]$Name,\r\n            [Parameter()]\r\n            [String]$Type,\r\n            [Parameter(Mandatory = $True, ValueFromPipeline = $True)]\r\n            $Value,\r\n            [Parameter()]\r\n            [String]$DocumentName\r\n        )\r\n    \r\n        $Characters = $Value | Measure-Object -Character | Select-Object -ExpandProperty Characters\r\n        if ($Characters -ge 10000) {\r\n            throw [System.ArgumentOutOfRangeException]::New(\"Character limit exceeded, value is greater than 10,000 characters.\")\r\n        }\r\n        \r\n        # If we're requested to set the field value for a Ninja document we'll specify it here.\r\n        $DocumentationParams = @{}\r\n        if ($DocumentName) { $DocumentationParams[\"DocumentName\"] = $DocumentName }\r\n        \r\n        # This is a list of valid fields that can be set. If no type is given, it will be assumed that the input doesn't need to be changed.\r\n        $ValidFields = \"Attachment\", \"Checkbox\", \"Date\", \"Date or Date Time\", \"Decimal\", \"Dropdown\", \"Email\", \"Integer\", \"IP Address\", \"MultiLine\", \"MultiSelect\", \"Phone\", \"Secure\", \"Text\", \"Time\", \"URL\", \"WYSIWYG\"\r\n        if ($Type -and $ValidFields -notcontains $Type) { Write-Warning \"$Type is an invalid type! Please check here for valid types. https:\/\/ninjarmm.zendesk.com\/hc\/en-us\/articles\/16973443979789-Command-Line-Interface-CLI-Supported-Fields-and-Functionality\" }\r\n        \r\n        # The field below requires additional information to be set\r\n        $NeedsOptions = \"Dropdown\"\r\n        if ($DocumentName) {\r\n            if ($NeedsOptions -contains $Type) {\r\n                # We'll redirect the error output to the success stream to make it easier to error out if nothing was found or something else went wrong.\r\n                $NinjaPropertyOptions = Ninja-Property-Docs-Options -AttributeName $Name @DocumentationParams 2>&1\r\n            }\r\n        }\r\n        else {\r\n            if ($NeedsOptions -contains $Type) {\r\n                $NinjaPropertyOptions = Ninja-Property-Options -Name $Name 2>&1\r\n            }\r\n        }\r\n        \r\n        # If an error is received it will have an exception property, the function will exit with that error information.\r\n        if ($NinjaPropertyOptions.Exception) { throw $NinjaPropertyOptions }\r\n        \r\n        # The below type's require values not typically given in order to be set. The below code will convert whatever we're given into a format ninjarmm-cli supports.\r\n        switch ($Type) {\r\n            \"Checkbox\" {\r\n                # While it's highly likely we were given a value like \"True\" or a boolean datatype it's better to be safe than sorry.\r\n                $NinjaValue = [System.Convert]::ToBoolean($Value)\r\n            }\r\n            \"Date or Date Time\" {\r\n                # Ninjarmm-cli expects the  Date-Time to be in Unix Epoch time so we'll convert it here.\r\n                $Date = (Get-Date $Value).ToUniversalTime()\r\n                $TimeSpan = New-TimeSpan (Get-Date \"1970-01-01 00:00:00\") $Date\r\n                $NinjaValue = $TimeSpan.TotalSeconds\r\n            }\r\n            \"Dropdown\" {\r\n                # Ninjarmm-cli is expecting the guid of the option we're trying to select. So we'll match up the value we were given with a guid.\r\n                $Options = $NinjaPropertyOptions -replace '=', ',' | ConvertFrom-Csv -Header \"GUID\", \"Name\"\r\n                $Selection = $Options | Where-Object { $_.Name -eq $Value } | Select-Object -ExpandProperty GUID\r\n        \r\n                if (-not $Selection) {\r\n                    throw [System.ArgumentOutOfRangeException]::New(\"Value is not present in dropdown\")\r\n                }\r\n        \r\n                $NinjaValue = $Selection\r\n            }\r\n            default {\r\n                # All the other types shouldn't require additional work on the input.\r\n                $NinjaValue = $Value\r\n            }\r\n        }\r\n        \r\n        # We'll need to set the field differently depending on if its a field in a Ninja Document or not.\r\n        if ($DocumentName) {\r\n            $CustomField = Ninja-Property-Docs-Set -AttributeName $Name -AttributeValue $NinjaValue @DocumentationParams 2>&1\r\n        }\r\n        else {\r\n            $CustomField = $NinjaValue | Ninja-Property-Set-Piped -Name $Name 2>&1\r\n        }\r\n        \r\n        if ($CustomField.Exception) {\r\n            throw $CustomField\r\n        }\r\n    }\r\n}\r\nprocess {\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n    if ($env:portsToCheck -and $env:portsToCheck -ne 'null') {\r\n        $PortsToCheck = $env:portsToCheck\r\n    }\r\n    if ($env:customFieldName -and $env:customFieldName -ne 'null') {\r\n        $CustomFieldName = $env:customFieldName\r\n    }\r\n\r\n    # Remove any whitespace\r\n    $PortsToCheck = $PortsToCheck -replace '\\s', ''\r\n\r\n    # Parse the ports to check\r\n    $Ports = if ($PortsToCheck) {\r\n        # Split the ports by comma and handle ranges\r\n        $PortsToCheck -split ',' | ForEach-Object {\r\n            # Trim the whitespace\r\n            $Ports = \"$_\".Trim()\r\n            # If the port is a range, expand it\r\n            if ($Ports -match '-') {\r\n                # Split the range and expand it\r\n                $Range = $Ports -split '-' | ForEach-Object { \"$_\".Trim() } | Where-Object { $_ }\r\n                if ($Range.Count -ne 2) {\r\n                    Write-Host \"[Error] Invalid range formatting, must be two number with a dash in between them (eg 1-10): $PortsToCheck\"\r\n                    exit 1\r\n                }\r\n                try {\r\n                    $Range[0]..$Range[1]\r\n                }\r\n                catch {\r\n                    Write-Host \"[Error] Failed to parse range, must be two number with a dash in between them (eg 1-10): $PortsToCheck\"\r\n                    exit 1\r\n                }\r\n            }\r\n            else {\r\n                $Ports\r\n            }\r\n        }\r\n    }\r\n    else { $null }\r\n\r\n    if ($($Ports | Where-Object { [int]$_ -gt 65535 })) {\r\n        Write-Host \"[Error] Can not search for ports above 65535. Must be with in the range of 1 to 65535.\"\r\n        exit 1\r\n    }\r\n\r\n    # Get the open ports\r\n    $FoundPorts = $(\r\n        Get-NetTCPConnection | Select-Object @(\r\n            'LocalAddress'\r\n            'LocalPort'\r\n            'State'\r\n            @{Name = \"Protocol\"; Expression = { \"TCP\" } }\r\n            'OwningProcess'\r\n            @{Name = \"Process\"; Expression = { (Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue).ProcessName } }\r\n        )\r\n        Get-NetUDPEndpoint | Select-Object @(\r\n            'LocalAddress'\r\n            'LocalPort'\r\n            @{Name = \"State\"; Expression = { \"None\" } }\r\n            @{Name = \"Protocol\"; Expression = { \"UDP\" } }\r\n            'OwningProcess'\r\n            @{Name = \"Process\"; Expression = { (Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue).ProcessName } }\r\n        )\r\n    ) | Where-Object {\r\n        $(\r\n            <# When Ports are specified select just those ports. #>\r\n            if ($Ports) { $_.LocalPort -in $Ports }else { $true }\r\n        ) -and\r\n        (\r\n            <# Filter out anything that isn't listening or established. #>\r\n            $(\r\n                $_.Protocol -eq \"TCP\" -and\r\n                $(\r\n                    $_.State -eq \"Listen\" -or\r\n                    $_.State -eq \"Established\"\r\n                )\r\n            ) -or\r\n            <# UDP is stateless, return all UDP connections. #>\r\n            $_.Protocol -eq \"UDP\"\r\n        )\r\n    } | Sort-Object LocalPort | Select-Object * -Unique\r\n\r\n    if (-not $FoundPorts -or $FoundPorts.Count -eq 0) {\r\n        Write-Host \"[Info] No ports were found listening or established with the specified: $PortsToCheck\"\r\n    }\r\n\r\n    # Output the found ports\r\n    $FoundPorts | ForEach-Object {\r\n        Write-Host \"[Alert] Found open port: $($_.LocalPort), PID: $($_.OwningProcess), Protocol: $($_.Protocol), State: $($_.State), Local IP: $($_.LocalAddress), Process: $($_.Process)\"\r\n    }\r\n    # Save the results to a custom field if one was provided\r\n    if ($CustomFieldName -and $CustomFieldName -ne 'null') {\r\n        try {\r\n            Write-Host \"[Info] Saving results to custom field: $CustomFieldName\"\r\n            Set-NinjaProperty -Name $CustomFieldName -Value $(\r\n                $FoundPorts | ForEach-Object {\r\n                    \"Open port: $($_.LocalPort), PID: $($_.OwningProcess), Protocol: $($_.Protocol), State: $($_.State), Local Address: $($_.LocalAddress), Process: $($_.Process)\"\r\n                } | Out-String\r\n            )\r\n            Write-Host \"[Info] Results saved to custom field: $CustomFieldName\"\r\n        }\r\n        catch {\r\n            Write-Host $_.Exception.Message\r\n            Write-Host \"[Warn] Failed to save results to custom field: $CustomFieldName\"\r\n            exit 1\r\n        }\r\n    }\r\n}\r\nend {\r\n    \r\n    \r\n    \r\n}<\/pre>\n
 <\/p>\n\n
<\/h2>
<\/p><\/div>
<\/a><\/div><\/div>\n
C\u00f3mo funciona el script<\/h2>\n
El script para detectar puertos abiertos y establecidos est\u00e1 dise\u00f1ado con un objetivo claro: identificar e informar sobre los puertos TCP y UDP abiertos que se encuentran en estado \u00abEscuchando\u00bb o \u00abEstablecido\u00bb. A continuaci\u00f3n se detalla c\u00f3mo lo consigue el script:<\/p>\n
1. Configuraci\u00f3n inicial y funciones:<\/h3>\n