Page MenuHomeVyOS Platform
Create Task
Maniphest T6181

A feature for checking popular ports.
Open, WishlistPublicFEATURE REQUEST
Actions

Description

As an additional feature, nmap can be used to scan host ports or domain names. You can create a command in the main mode of the system and bind it to a script. The script scans ports from a separate file which can be updated or added at any time to the required ports.

Also VyOS has the library - import nmap

ports.txt741 BDownload

scanport3.py1 KBDownload

Could you accept the feature to create a pull request?

root@k:/t# ./scanport3.py
Enter remote host: 1.1.1.1

Scanning completed.
Open ports:
Port    Description
53      DNS (Domain Name System)
80      HTTP (Hypertext Transfer Protocol)
443     HTTPS (HTTP Secure)
8080    HTTP Alternate

Closed ports:
Port    Description
21      FTP (File Transfer Protocol)
22      SSH (Secure Shell)
23      Telnet
25      SMTP (Simple Mail Transfer Protocol)
110     POP3 (Post Office Protocol version 3)
123     NTP (Network Time Protocol)
143     IMAP (Internet Message Access Protocol)
465     SMTPS (SMTP Secure)
500     IPSec VPN (Internet Protocol Security)
587     SMTP (Submission)
993     IMAPS (IMAP Secure)
995     POP3S (POP3 Secure)
1433    MS SQL Server
1521    Oracle Database
1701    L2TP (Layer 2 Tunneling Protocol)
1723    PPTP (Point-to-Point Tunneling Protocol)
3306    MySQL
3389    Remote Desktop Protocol (RDP)
5432    PostgreSQL
5900    VNC (Virtual Network Computing)

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

m.korobeinikov created this task.Mar 28 2024, 2:24 AM
m.korobeinikov added a subscriber: sever.

@sever what do you think about it?

pasik added a subscriber: pasik.Mar 28 2024, 10:26 AM
Viacheslav added a subscriber: Viacheslav.Sun, Mar 31, 11:28 AM

I'm not sure that a list of ports will be helpful in this way.
From time to time, we need to scan specific ports.
What about

force scan-port-host <x.x.x.x> proto <tcp|udp> port '8080-8081,9200'
force port--discovery-host <x.x.x.x> proto <tcp|udp> port '8080'
force port-scan host <x.x.x.x> proto <tcp|udp> port '8080'

And use native nmap binaries (as python3 nmap module is not installed by default)
Also, it has XML format if you want a custom table:

sudo nmap -oX - 127.0.0.1
Viacheslav triaged this task as Wishlist priority.Sun, Mar 31, 11:28 AM
m.korobeinikov added a comment.Mon, Apr 1, 12:58 AM

ok, i'll change a port list and nmap scenario

Apachez added a subscriber: Apachez.Mon, Apr 1, 8:11 AM

Personally I dont think its a good idea to be able to use VyOS as a jumphost towards victims of scanning.

Sure you can do this through bash mode but then also let this feature be available through bash mode only and not from regular op-mode?

That is you must have permission to enter bash mode and do sudo in order to run nmap.