Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans using tools that are brought onto a system.
Scan ports to check for listening ports
Supported Platforms: Linux, macOS
for port in {1..65535};
do
echo >/dev/tcp/192.168.1.1/$port && echo "port $port is open" || echo "port $port is closed" : ;
done
Scan ports to check for listening ports with Nmap.
Supported Platforms: Linux, macOS
| Name | Description | Type | Default Value |
|---|---|---|---|
| network_range | Network Range to Scan. | string | 192.168.1.0/24 |
| port | Ports to scan. | string | 80 |
| host | Host to scan. | string | 192.168.1.1 |
nmap -sS #{network_range} -p #{port}
telnet #{host} #{port}
nc -nv #{host} #{port}