Module 02 · Port Scanning¶
Flag: --skip-portscan
Runs nmap against the target and performs automated risk analysis on every open port.
Port profiles¶
--ports value | nmap flag | Use case |
|---|---|---|
top-100 | --top-ports 100 | Quick check |
top-1000 (default) | --top-ports 1000 | Standard |
full | -p- | Full coverage (slow) |
Mode behaviour¶
| Mode | Extra flags |
|---|---|
| Normal | -sV -sC --open -T4 |
| Aggressive | Adds -A -O --script=vuln,auth,default,discovery |
| Stealth | -sS -T2 -f --data-length 32 --randomize-hosts |
Automated risk analysis¶
Every open port is evaluated against a built-in risk table:
| Port | Service | Severity | Reason |
|---|---|---|---|
| 21 | FTP | CRITICAL | Plaintext credentials |
| 23 | Telnet | CRITICAL | Unencrypted remote shell |
| 2375 | Docker API | CRITICAL | Unauthenticated container access |
| 445 | SMB | HIGH | EternalBlue / ransomware risk |
| 3306 | MySQL | HIGH | DB exposed to internet |
| 3389 | RDP | HIGH | Brute-force target |
| 5432 | PostgreSQL | HIGH | DB exposed to internet |
| 6379 | Redis | HIGH | Often unauthenticated |
| 9200 | Elasticsearch | HIGH | Often unauthenticated |
| 27017 | MongoDB | HIGH | Often unauthenticated |
| 25 | SMTP | MEDIUM | Open relay risk |
| 8080/8443 | HTTP alt | LOW | Admin panel exposure |