A few weeks ago fukami showed me a sample application he had written in Flash to do port scanning. It was actually really good, and accurate. It’s probably a preferred method, if the target uses flash since it’s pretty fast. He asked me to wait to post until after he had released it, and he has now done so. Please check out his demo and writeup here. You’ll need both JS and Flash enabled.
The basic premise is the error handler for the socket control can be used to detect raw sockets that are open. It also doesn’t seem to have restrictions against testing localhost, and not the server it’s hosted on, which is a pretty bad cross domain issue. He recommends downgrading flash to 8 and/or using Flash only on trusted sites (which is only helpful if the site isn’t vulnerable to XSS). Great demo, and nice work by fukami!