This blog post is part two of the Searching for your environment’s Internet-connected devices post made yesterday. It will focus on manually searching for services available on your public facing assets using open source tool NMAP to gather what services are available to the public on external facing assets. Below are the ports that Censys searches for when doing global scans: TCP: 110, 143, 22, 23, 2323, 25, 30005, 443, 4443, 465, 502, 7547, 80, 8000, 8080, 993, 995, 20000 UDP: 53, 9100, 47808, 20000 If you were to convert this into it will look like this:, This should help with an example of where to add your subnet that intelligence should be gathered on. Magic number 32 is a single host but this can be changed to /24 or /16 depending on your network. -sT - (TCP connect scan), Add this option for more reliable by establishing a connection. It is slower because it will require a full TCP connection. -sU (UDP scans) -sV (service version detection) –script=banner (This option allows you to import a NMAP script and we will use the banner.nse script to grab detect the banners) -oA outputfile.xml; This option will save the output it in all formats. gnmap, nmap and XML.

nmap -sT -p 110,143,22,23,2323,25,30005,443,4443,465,7547,80,8000,8080,993,995 –script=banner -oA outputfile.xml

Then we will convert the XML file into an interactive HTML page for easily visible documentation using XSLTPROC.

xsltproc nmap-output.xml -o nmap-output.html

After converting the XML file to HTML file the image below is the output. I highly encourage to make a request before scanning the environment. Disclaimers: Scan devices that are your own and if do scan devices that are not yours, In no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data arising out of, or in connection with, the use of this website.