Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans using tools that are brought onto a system.Within cloud environments, adversaries may attempt to discover services running on other cloud hosts. Additionally, if the cloud environment is connected to a on-premises environment, adversaries may be able to identify services running on non-cloud systems as well.
Scan ports to check for listening ports.
Upon successful execution, sh will perform a network connection against a single host (192.168.1.1) and determine what ports are open in the range of 1-65535. Results will be via stdout.
Supported Platforms: Linux, macOS
for port in {1..65535};
do
echo >/dev/tcp/192.168.1.1/$port && echo "port $port is open" || echo "port $port is closed" : ;
doneScan ports to check for listening ports with Nmap.
Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of adresseses on port 80 to determine if listening. Results will be via stdout.
Supported Platforms: Linux, macOS
| Name | Description | Type | Default Value |
|---|---|---|---|
| host | Host to scan. | string | 192.168.1.1 |
| port | Ports to scan. | string | 80 |
| network_range | Network Range to Scan. | string | 192.168.1.0/24 |
nmap -sS #{network_range} -p #{port}
telnet #{host} #{port}
nc -nv #{host} #{port}if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1; echo "Install nmap on the machine to run the test."; exit 1;