This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 71%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EX%3C/text%3E%3C/svg%3E)
Hello
I am looking for a way in powershell to retrieve all web services accross a network and have an output such as:
Computer Port Full URL
192.168.1.7 8443 https://192.168.1.7:8443
10.250.7.3 8009 https://10.250.7.3:8009
Ideally with the service (eg HP Printer, Konica...)
I know how to parse from a CSV file (I already have a CSV with all my computers), and I know how to loop.
Just I tried with Get-CmiInstance to list services but it doesnt give the output I am looking for, and I tried and Get-ChildItem Cert:\ -Recurse but I didnt find the certificates I am looking for, and anyway it doesnt give me the port and URL
Could you pls give me some hints how to achieve what I am looking for?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Can you explain what you mean by "web services"? Are you limiting your scope to just the HTTPS protocol? What about HTTP? RPC? Do you mean to check all 65,000 ports on entire class B (or even class C) networks for an HTTP/S listener? Are you limiting the checking to just IPv4? What about IPv6? Do you want to know if HTTP and HTTPS are listening?
Why do you need a "Full URL" if you know the IP address, the port, and the protocol? Seems redundant, but it's easy enough to do.
I wouldn't use the Invoke-WebRequest cmdlet for this -- it'd take forever. Use either the WebClient of HttpClient .Net class.
I would suggest that you explain what the root problem is that you are trying to solve. IE, why do you want that information.
You might be better off using Nmap. https://nmap.org/
Well I need this to identify in a network all web services because I need to test all of them, are their certificate up to date? Which service do they run (printer...)? then I have additional tasks to perform such as testing if they are accessible via default creds (yes sometimes admins are lazy and I have to make sure they created a specific account to access those web services, meaning log in).
I do use nmap but its output doesn't suit me, I would prefer to have a table that look like as above. Just imagine in a network with different subnets, nmap is too verbose and its a hell to parse it.
I am not looking for RPC, just links that I can access via HTTP or HTTPS.
However they are not always on 80 or 443, sometimes they have different ports, and this is why I want to list all of them to make sure I don't miss any.
I honestly didn't think of Ipv6 but good point, yes I am looking for listing web services on both Ipv4 and Ipv6, on all ports
Here's what I think you'd need to do. It is, of course, just a rough skeleton of the code you'd need (and it doesn't cover IPv6!):
$ports = 1024..64536
$networks = "192.168.1.0/16", "10.250.7.0/16"
$networks |
ForEach-Object{
# get the number of hosts in the subnet
# start at the 1st host
# increment by 1 and check the the octet doesn't exceed 255 (or 254?)
# adjust octets accordingly
# OR
# convert subnet to decimal and increment while in range
# remember that decimal numbers are treated as IPv4 addresses!
$ports |
ForEach-Object{
# use [System.Net.WebClient] or [system.net.http.httpclient]
# to try connecting
# create a PSCustomObject to hold results
}
} | Export-Csv SomeFile.csv -NoTypeInformation
You'd also do well to use PowerShell jobs to get some parallelism! Testing that many ports is bound to take some time, and a lot of the time is going to be spend waiting for a connection to reply or to time-out. I don't know how many networks you have, or how much of your networks address space is unused.