Client Side Port Scanning
Current JavaScript or other Client Side Scanning Techniques:
1. IMG Scanner - using (img src=)
http://www.gnucitizen.org/projects/javascript-port-scanner/
http://www.spidynamics.com/spilabs/js-port-scan/
Limitations:
This is a nice technique for scanning but can be easily mitigated by disallowing external images. This effectively breaks both scanners (tested in Firefox). This includes SPI Dynamics PING feature. You can turn off external images as follows (instructions for Firefox):
> Tools
> Options
> Click “for the originating Web Site only”
2. XML Port Scanning - Haven’t looked into this to much
http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perimeter-firewalls.htm
3. JSEScanner - using (script src=)
http://michaeldaw.org/projects/jsescanner/
4. JSWebPing - using iframes
http://michaeldaw.org/projects/jswebping/