*Top 44 Ports (Basics)*
1️⃣ FTP - Port 21
2️⃣ SSH - Port 22
3️⃣ Telnet - Port 23
4️⃣ SMTP | Port 25 and Submission Port 587
5️⃣ DNS - Port 53
6️⃣ Finger - Port 79
7️⃣ HTTP - Port 80
8️⃣ Kerberos - Port 88
9️⃣ POP3 - Port 110
1️⃣0️⃣ RPCInfo - Port 111
1️⃣1️⃣ Ident - Port 113
1️⃣2️⃣ NetBios
1️⃣3️⃣ SNMP - Port 161
1️⃣4️⃣ Check Point FireWall-1 Topology - Port 264
1️⃣5️⃣ LDAP - Port 389
1️⃣6️⃣ SMB - Port 445
1️⃣7️⃣ Rexec - Port 512
1️⃣8️⃣ Rlogin - Port 513
1️⃣9️⃣ RSH - port 514
2️⃣0️⃣ AFP - Apple Filing Protocol - Port 548
2️⃣1️⃣ Microsoft Windows RPC Services | Port 135 and Microsoft RPC Services over HTTP | Port 593
2️⃣2️⃣ HTTPS - Port 443 and 8443
2️⃣3️⃣ RTSP - Port 554 and 8554
2️⃣4️⃣ Rsync - Port 873
2️⃣5️⃣ Java RMI - Port 1099
2️⃣6️⃣ MS-SQL | Port 1433
2️⃣7️⃣ Oracle - Port 1521
2️⃣8️⃣ NFS - Port 2049
2️⃣9️⃣ ISCSI - Port 3260
3️⃣0️⃣ SAP Router | Port 3299
3️⃣1️⃣ MySQL | Port 3306
3️⃣2️⃣ Postgresql - Port 5432
3️⃣3️⃣ HPDataProtector RCE - Port 5555
3️⃣4️⃣ VNC - Port 5900
3️⃣5️⃣ CouchDB - Port 5984
3️⃣6️⃣ Redis - Port 6379
3️⃣7️⃣ AJP Apache JServ Protocol - Port 8009
3️⃣8️⃣ PJL - Port 9100
3️⃣9️⃣ Apache Cassandra - Port 9160
4️⃣0️⃣ Network Data Management Protocol (ndmp) - Port 10000
4️⃣1️⃣ Memcache - Port 11211
4️⃣2️⃣ MongoDB - Port 27017 and Port 27018
4️⃣3️⃣ EthernetIP-TCP-UDP - Port 44818
4️⃣4️⃣ UDP BACNet - Port 47808
*Perform A Ping sweep :* 🧹
$ nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 <IP>
$ nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 192.168.0.1
-sP = Scan Ports
-PE = ICMP echo, timestamp, and netmask request discovery probes
-PP = same as PE
-PS21,22.... = TCP SYN/ACK, UDP or SCTP discovery to given ports
-PA = same as PS
-T4 = Fast Scan
--source-port (source port from which we scan)
Scan 50000 IPs
$ nmap -n -sL -iR 50000 -oN -
*Scan Specific Target* 🧿
$ nmap -v -n -PE -Pn <target>
-n = never do DNS resolution
-v = verbose output -vv is higher verbosity level
-PE = ICMP echo, timestamp and netmask request discovery probes
-Pn = Bypassing Ping Probe Requests
$ nmap -v -n -PE -PO <target>
-PO = IP Protocol Ping
*Scan Specific Ports* 🔌
$ nmap -v -n -PS21-23,25,53,80,443,3389 -PO -PE -PM -PP <target>
$ nmap -sL 54.248.103.0/24 -oG -
-sL = List scan
-oG = Output scan
*Scan network with Firewall :* 🔥🚧
$ nmap --script firewalk --traceroute <target> -vv
$ traceroute 192.168.20.2
$ hping -R 192.168.20.2 -V
*TCP SYN/ACK, UDP or SCTP discovery to given ports*
$ nmap -PS/PA/PU/PY
*ICMP echo, timestamp, and netmask request discovery probes* 🕔
$ nmap -PE/PP/PM
*Never do DNS resolution/Always resolve [default: sometimes]* 🚫
Never do DNS resolution | -n
Always resolve | -R
*Scan Techniques*
1️⃣ TCP SYN scan -sS
2️⃣ Connect scan -sT
3️⃣ ACK scan -sA
4️⃣ Window scan-sW
5️⃣ Maimon scan -sM
6️⃣ UDP Scan -sU
7️⃣ TCP Null scan -sN
8️⃣ FIN scan -sF
9️⃣ Xmas scan -sX
1️⃣0️⃣ IP protocol scan -sO
*Scan UDP ports with Nmap, e.g.:*
$ nmap -sU -p U:53,161 <target>
*Scan "number" most common ports*
$ nmap -sS --top-ports "1000" <target>
*More :*
https://highon.coffee/blog/nmap-cheat-sheet/
This is a list of common ports that will give you a pretty good list of "alive" system when scanning internally or externally.
📄 *List of ports :*
1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,689,705,771,783,888,902,910,912,921,993,995,998,1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3389,3460,3500,3628,3632,3690,3780,3790,3817,4000,4322,4433,4444-4445,4659,4679,4848,5000,5038,5040,5051,5060-5061,5093,5168,5247,5250,5351,5353,5355,5400,5405,5432-5433,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6905,6988,7001,7021,7071,7080,7144,7181,7210,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7879,7902,8000-8001,8008,8014,8020,8023,8028,8030,8080-8082,8087,8090,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8800,8812,8834,8880,8888-8890,8899,8901-8903,9000,9002,9080-9081,9084,9090,9099-9100,9111,9152,9200,9390-9391,9495,9809-9815,9855,9999-10001,10008,10050-10051,10080,10098,10162,10202-10203,10443,10616,10628,11000,11099,11211,11234,11333,12174,12203,12221,12345,12397,12401,13364,13500,13838,14330,15200,16102,17185,17200,18881,19300,19810,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,27000,27017,27888,28222,28784,30000,30718,31001,31099,32764,32913,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48899,49152,50000-50004,50013,50500-50504,52302,55553,57772,62078,62514,65535
*UDP Discovery* 🔎
53,123,161,1434
*Authentication Ports* ⌨️
1494,80,5985,5986,8200,902,9084,6129
*Easy-win Ports* 🏆
1099,1098,8500,623,6002,700,4848,9060,10000,11211,3632,3299
*Database Ports* ⚗️
3306,1521-1527,5432,5433,1433,3050,3351,1583,8471,9471
*NoSQL Ports* 🚫
27017,28017,27080,5984,900,9160,7474,6379,8098
Enjoy! Follow us for more....
No comments:
Post a Comment