Hey there you anonymous nmap user!
Did you know that default mongod ports are NOT covered in a normal Top 1000 scan? Nmap considers the mongod ports to be 2684th - 2686th most common TCP ports.
Think of all the juicy mongodb's that you've missed. But wait! There's a solution
If you find yourself using nmap a lot and frequently rescanning hosts for specific custom ports, you should consider using your own custom nmap-service file! It's really easy!
cp /usr/share/nmap/nmap-services ~/.nmap/nmap-services
Now you can modify ~/.nmap/nmap-services and increase the probability field for the mongodb ports (or whatever ports you see a lot of in your environment).
Nmap will automatically look in ~/.nmap/nmap-services before falling back to /usr/share/nmap/nmap-services
If you don't want to automatically use your custom nmap-services file, you can instead just create a file called mynmap-services and refer to it using the --servicedb flag.
This is something I was very excited to learn about today, and it came from reading every page of the nmap documentation. There's lots of other cool stuff you can do, and even more ways to load a custom nmap-services list. You can learn more here https://nmap.org/book/data-files-replacing-data-files.html …
You can follow @0xdade.