Scan Annoymus FTP Script

I needed to scan all my subnets for FTP’s that had annoymus FTP access enabled. Below is the script I used this requires nmap.

Nmap can be downloaded from this site:

I useally add nmap as a system variable so I can call the exe without specifying path.

  1. From the desktop, right click on This PC and then click “properties”.
  2. In the System Properties window, click the “Advanced” tab.
  3. Click the “Environment Variables” button.
  4. Choose path from the system variables section, then hit edit.
  5. Add a semi-colon and then your Nmap directory (e.g. C:\Program Files (x86)\Nmap) to the end of the value.

You can add or remove subnets ranges by changing the subnets variable (which is marked as red in the script below). The range can be specified by setting the range variable this can be set from 1 to 254 to restrict the scan. Below are two examples:

Example for a Single range
.\FTPCheck.ps1 -exportpath c:\temp -Range 20 -subnets 192.168.0.
Example for Multiple ranges
.\FTPCheck.ps1 -exportpath c:\temp -Range 254 -subnets 192.168.0.,10.10.10.
Scan for Open FTP sites on subnets
The script will run through each address on the specified subnets
and scan for any open FTP sites and output any sites to a csv files
.PARAMETER exportpath
The export parameter is used to specify the export path location.
This parameter is used to set the scan range this can be set from 1 to 254 depending of
how much of the subnet range needs to be scanned.
This parameter is used to specify the subnets to be scanned.
.\FTPCheck.ps1 -exportpath c:\temp -Range 20 -subnets 192.168.0.
.\FTPCheck.ps1 -exportpath c:\temp -Range 20 -subnets 192.168.0.,10.10.10.
Scan-FTP -exportpath c:\temp\export -Range 254
This script requires nmap to check for Open FTP sites
param (
[parameter(Mandatory = $true)]
[parameter(Mandatory = $true)]
[parameter(Mandatory = $true)]
if(Test-Path $exportpath){
foreach($subnet in $subnets){
$i = 1
while($i -le $Range){
$results = $subnet + $i
foreach ($result in $results)
$report = @()
Write-Host “Checking IP” $result -ForegroundColor DarkGreen
$Scan = nmap -p 21 -v –open –script ftp-anon $result -A
$report1 = $Scan | Select-String -Pattern “Nmap scan report for “
$report2 = $Scan | Select-String -Pattern “21/tcp open ftp”
$report3 = $Scan | Select-String -Pattern “(FTP code 230)”
$report4 = $Scan | Select-String -Pattern “MAC Address:”
$Properties = @{
“FTP Site” = $report1
“FTP Site Responses” = $report2
“FTP Site Access” = $report3
“FTP MAC” = $report4
$report += New-Object psobject -Property $properties
if ($report1 -ne $null){
$report | select “FTP Site”,”FTP Site Responses”,”FTP Site Access”,”FTP MAC” | Export-Csv “$exportpath\FTPScan.csv” -Append -NoClobber -NoTypeInformation
Write-Warning “FTP site responded”
Write-Warning “Path does not exist”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s