Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans using tools that are brought onto a system.Within cloud environments, adversaries may attempt to discover services running on other cloud hosts or cloud services enabled within the environment. Additionally, if the cloud environment is connected to a on-premises environment, adversaries may be able to identify services running on non-cloud systems.
Scan ports to check for listening ports
Supported Platforms: Linux, macOS
for port in {1..65535};
do
echo >/dev/tcp/192.168.1.1/$port && echo "port $port is open" || echo "port $port is closed" : ;
done
Scan ports to check for listening ports with Nmap.
Supported Platforms: Linux, macOS
| Name | Description | Type | Default Value |
|---|---|---|---|
| network_range | Network Range to Scan. | string | 192.168.1.0/24 |
| port | Ports to scan. | string | 80 |
| host | Host to scan. | string | 192.168.1.1 |
nmap -sS #{network_range} -p #{port}
telnet #{host} #{port}
nc -nv #{host} #{port}