Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OS fingerprinting - what are the TCP/UDP ports per device?

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 15 Dec 2016 21:43:29 -0600
Jacek,

Nmap doesn't really collect this kind of information in bulk; we'd have to
scan the Internet for it, which is not entirely out of the question. From
your private messages to me, I think you're looking to gather open-port
data from the fingerprints that users submit via nmap.org. This could work
somewhat, but would probably not have the depth that you're looking for,
for a few reasons:
* Each fingerprint only records one open port; even if there are others,
the OS detection is only performed on one.
* Other than for general-purpose OSs like Windows, OS X, Android, etc. we
don't often get more than one or two submissions for a given device or OS.
Once it's in the database, users will receive matches, not fingerprints to
submit.
* The data, if we still have it, goes back years upon years. Many of the
existing database entries will not be represented by a fingerprint in the
submission logs and backups.

That said, I did some checking and what you want *can* be done via Shodan
[1] for any description or search that produces matches in their data set,
which covers the entire Internet. With an API key, you can use the
command-line tool to get the top 10 ports open for any given search [2] by
running: shodan stats --facets port <searchterm>

Dan

[1] https://shodan.io/
[2] https://twitter.com/achillean/status/809601146516017152

On Thu, Dec 8, 2016 at 12:32 PM, Jacek Wielemborek <d33tah () gmail com> wrote:


Hi,

I just had this thought - it would be great if Nmap Project published a
list of TCP/UDP ports that are usually open in the devices listed in
nmap-os-db. In other words, if I was looking for, say, "AXIS 2120
Network Camera", which TCP/UDP ports should I scan to maximize the
chances of finding this one?

Could you please publish this kind of information?

Cheers,
d33tah



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: