How hard is it to write a port scanner?
That depends on what you're willing to use. For building my own port scanner I took the software engineering proverb, "Don't re-invent the wheel" to heart.
Until recently my company did port scans by having a list of ports that were allowed to be open without connecting them to an IP address they were supposed to be open on. I'm sure you can see the wholes here (E.g. someone could start an FTP server on a webserver, and it would never get caught).
So in the interest of hardening up the port scans, I created this program. It allows you to specify an IP address and then add the ports that it is approved to have open behind it in a csv format (see the readme file in the git repository for details).
One thing that was important was that the reports need to be something our compliance department can look at and work with, hence the CSV format. My intention being to allow them to format them as they wished upon receipt.
I used nmap to do the actual port scanning. If you're familiar with nmap, you know that means I did very little work here of any real consequence. The program's real use is in parsing the output, comparing it to a list of approved ports and writing out easy to read reports of what's changed in an environment.
Without further ado, the program can be found here.