Port scanners are like cork-screws. There's never one around when you need one, and you generally need it right away. Even when you aren't in a hurry many distributions (particularly firewall or routing appliances) don't have a C compiler available, making a conventional port-scanner impossible.
This hack takes advantage of bash's little-known integral network support in /dev/tcp/hostname and /dev/udp/hostname to create a full open TCP/UDP port scanner. This version stresses simplicity (and ease of typing) over features, though filtering the output through /etc/services to provide labels for open ports or running multiple scans in parallel to speed the scanning process up would both be neat refinements. (invoke this script as
./scriptname hostname type, where
for a in $(yes scan | head -1024)
(( start++ ))
if [[ -n $(echo '' > /dev/$2/$1/$start && echo "up") ]];
echo "Port $start" >> scan;