#!/usr/local/bin/perl -w

#PortXamin written by Nick (see http://illx.org for more details)
#For more information visit http://illx.org

#This program runs nmap to check the localhost for unknown ports.
#If it finds them, it further investigates the ports by
# (using fuser) to see which processes are running on what ports.

#Please Note: This program should be run as root, otherwise
# fuser can't do its job (most of the time)

use strict;
use warnings;
my ($port,$state,$service,$pid,$psoutput);

print "Written by Nick \n",
      "Visit http://illx.org for more information\n\n";

#exec our port scan
my @rawoutput = `nmap -p 1-65535 localhost |grep tcp`;

#go thru our output from nmap
print "Port          State            Service\n";
format STDOUT = 
@<<<<<<<<<    @<<<<<<<<<<      @<<<<<<<<<<<<<
$port,               $state,             $service
.

format MyOUT = 
   PID @<<<<<<<   @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
       $pid,      $psoutput
.

foreach my $line (@rawoutput) {
    chomp $line;
    ($port,$state,$service) = split(/\s+/, $line);
    write;
    if($service eq 'unknown') {
	#get the actual port  (its in format port/protocol)
	my @aport = split(/\//, $port);
	print "Warning! Unknown port $aport[0]: checking PID(s)....\n";

	#get which PID's the port is bound to
	my $fuseroutput = `fuser -n tcp $aport[0]`;
	#remove newlines
	chomp $fuseroutput;

	#get the actual PID's
	my @fusersplit = split(':', $fuseroutput);
	#remove leading/trailing spaces
	$fusersplit[1] =~ s/\s+$//;
	$fusersplit[1] =~ s/^\s+//;

	my @pids = split(/\s+/, $fusersplit[1]);
	#go thru all of the PIDs we received from fuser
	foreach $pid (@pids) {
	    #get the actual command name
	    $psoutput = `ps --no-headers -o cmd $pid`;
	    chomp $psoutput;
	    $~ = "MyOUT";
	    write;
	    $~ = "STDOUT";
	}
	print "\n";
    }
}