dade @0xdade Red team by day. Hackers cosplayer by night. Tweets are personal do not reflect employer. He/him. Feb. 07, 2019 1 min read

Hey there you anonymous nmap user!

Did you know that default mongod ports are NOT covered in a normal Top 1000 scan? Nmap considers the mongod ports to be 2684th - 2686th most common TCP ports.

Think of all the juicy mongodb's that you've missed. But wait! There's a solution

If you find yourself using nmap a lot and frequently rescanning hosts for specific custom ports, you should consider using your own custom nmap-service file! It's really easy!

mkdir ~/.nmap
cp /usr/share/nmap/nmap-services ~/.nmap/nmap-services

Now you can modify ~/.nmap/nmap-services and increase the probability field for the mongodb ports (or whatever ports you see a lot of in your environment).

Nmap will automatically look in ~/.nmap/nmap-services before falling back to /usr/share/nmap/nmap-services

If you don't want to automatically use your custom nmap-services file, you can instead just create a file called mynmap-services and refer to it using the --servicedb flag.

This is something I was very excited to learn about today, and it came from reading every page of the nmap documentation. There's lots of other cool stuff you can do, and even more ways to load a custom nmap-services list. You can learn more here 

You can follow @0xdade.


Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.