Nmap Development mailing list archives
Re: OS fingerprinting - what are the TCP/UDP ports per device?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 15 Dec 2016 21:43:29 -0600
Jacek, Nmap doesn't really collect this kind of information in bulk; we'd have to scan the Internet for it, which is not entirely out of the question. From your private messages to me, I think you're looking to gather open-port data from the fingerprints that users submit via nmap.org. This could work somewhat, but would probably not have the depth that you're looking for, for a few reasons: * Each fingerprint only records one open port; even if there are others, the OS detection is only performed on one. * Other than for general-purpose OSs like Windows, OS X, Android, etc. we don't often get more than one or two submissions for a given device or OS. Once it's in the database, users will receive matches, not fingerprints to submit. * The data, if we still have it, goes back years upon years. Many of the existing database entries will not be represented by a fingerprint in the submission logs and backups. That said, I did some checking and what you want *can* be done via Shodan [1] for any description or search that produces matches in their data set, which covers the entire Internet. With an API key, you can use the command-line tool to get the top 10 ports open for any given search [2] by running: shodan stats --facets port <searchterm> Dan [1] https://shodan.io/ [2] https://twitter.com/achillean/status/809601146516017152 On Thu, Dec 8, 2016 at 12:32 PM, Jacek Wielemborek <d33tah () gmail com> wrote:
Hi, I just had this thought - it would be great if Nmap Project published a list of TCP/UDP ports that are usually open in the devices listed in nmap-os-db. In other words, if I was looking for, say, "AXIS 2120 Network Camera", which TCP/UDP ports should I scan to maximize the chances of finding this one? Could you please publish this kind of information? Cheers, d33tah
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- OS fingerprinting - what are the TCP/UDP ports per device? Jacek Wielemborek (Dec 08)
- Re: OS fingerprinting - what are the TCP/UDP ports per device? Daniel Miller (Dec 15)