Swapping the port number and the descriptions. Adding to the easy ports lists.

2025-10-29 16:56:59 +00:00 · 2014-01-12 08:19:48 -05:00 · 2014-01-12 08:19:48 -05:00 · c72a02d96b
commit c72a02d96b
parent d21404df8e
1 changed files with 52 additions and 51 deletions
--- a/references/ports.md
+++ b/references/ports.md
@ -3,59 +3,60 @@
 ## TCP Discovery Ports: ##
 * easy copy - `7,21,22,23,25,80,88,110,111,139,143,389,443,445,514,515,631,1352,2049,3000,3389,4949,5060,5631,5632,5666,5900-5905,6000-6009,8000,8006,8080,8089,8443,8834,9080,9100,9443,17500`
- * FTP: 21
+ * 7 Finger
- * SSH: 22
+ * 21 FTP
- * Telnet: 23
+ * 22 SSH
- * SMTP: 25
+ * 23 Telnet
- * Finger: 7
+ * 25 SMTP
- * HTTP: 80
+ * 80 HTTP
- * Kerberos: 88
+ * 88 Kerberos
- * POP3: 110
+ * 110 POP3
- * SUNRPC (Unix RPC): 111 (think: rpcinfo)
+ * 111 SUNRPC(UnixRPC)
- * NetBIOS: 139
+ * 139 NetBIOS
- * IMAP 143
+ * 143 IMAP
- * LDAP: 389
+ * 389 LDAP
- * HTTPS: 443
+ * 443 HTTPS
- * LotusNotes: 1352
+ * 445 MicrosoftDS
- * Microsoft DS: 445
+ * 514 RSH
- * RSH: 514
+ * 515 Printers
- * CUPS: 631
+ * 631 CUPS
- * NFS: 2049
+ * 1352 LotusNotes
- * Webrick(Ruby Webserver): 3000
+ * 2049 NFS
- * RDP: 3389
+ * 3000 Webrick (Ruby Webserver)
- * Munin: 4949 
+ * 3389 RDP
- * SIP: 5060
+ * 4949 Munin
- * PCAnywhere: 5631 (5632)
+ * 5060 SIP
- * NRPE (*nix) /NSCLIENT++ (win): 5666 (evidence of Nagios server on network)
+ * 5631-5632 PCAnywhere
- * Alt-HTTP: 8080
+ * 5666(evidence of Nagios server on network) NRPE(*nix)/NSCLIENT++(win)
- * Alt-HTTP tomcat: 9080
+ * 5900-5906 (Same as X11; display over VNC. SPICE is usually in this range as well) VNC
- * Another HTTP: 8000 (mezzanine in development mode for example)
+ * 6000-6009 (seexspy, xwd, xkeyforexploitation) X11
- * Nessus HTTPS: 8834
+ * 8006 Proxmox
- * Proxmox: 8006
+ * 8080 Alt-HTTP
- * Splunk: 8089 (also on 8000)
+ * 8089(also on 8000) Splunk
- * Alt HTTPS: 8443
+ * 8000(mezzanine in development mode for example) AnotherHTTP
- * vSphere: 9443
+ * 8834 Nessus HTTPS
- * X11: 6000-6009 (+1 to portnum for additional displays) (see xspy, xwd, xkey for exploitation)
+ * 8443 AltHTTPS
- * VNC: 5900, 5901+ (Same as X11; +1 to portnum for each user/dipslay over VNC. SPICE is usually in this range as well)
+ * 9080 Alt-HTTPtomcat
-Printers: 9100, 515
+ * 9443 vSphere
- * Dropbox lansync: 17500
+ * 9100 Printers
 * 17500 Dropbox lansync
 ## UDP Discovery: ##
- * easy copy - `53,123,161,1434`
+ * easy copy - `53,111,123,161,177,500,514,1194,1434,1900,17185`
- * DNS: 53
+ * 53 DNS
- * XDMCP: 177 (via NSE script --script broadcast-xdmcp-discover, discover nix boxes hosting X)
+ * 111 SUNRPC (Unix RPC)
- * OpenVPN: 1194
+ * 123 Network Time Protocol (NTP)
- * MSSQL Ping: 1434
+ * 161 SNMP
- * SUNRPC (Unix RPC): 111 (yeah, it's UDP, too)
+ * 177 XDMCP (via NSE script --script broadcast-xdmcp-discover, discover *nix boxes hosting X)
- * SNMP 161
+ * 500 Isakmp (ike PSK Attack)
- * Network Time Protocol (NTP): 123 
+ * 514 syslog
- * syslog : 514
+ * 1194 OpenVPN
- * UPNP: 1900
+ * 1434 MSSQL Ping
- * Isakmp - 500 (ike PSK Attack)
+ * 1900 UPNP
- * vxworks debug: 17185 (udp)
+ * 17185 vxworks debug
-## Authentication Ports (other than ones already listed): ##
+## Authentication Ports: ##
- * easy copy - `1494`
+ * easy copy - `80,902,1494,5985,5986,6129,8200,9084`
 * Citrix: 1494
 * WinRM: 80, 5985 (HTTP), 5986 (HTTPS)
 * VMware Server: 8200, 902, 9084