Port Reference

Search common ports, triage scan output, build selected-port Nmap commands, and copy report-ready service notes for authorized assessments.

98
Total ports
98
Showing
0
Selected
39
High risk shown

Operator presets

Start from common assessment slices, then refine the selected ports.

Port table

Click a row for details, or select rows for copy/export actions.

SelectNotes
FTP data transfer
File SharinglowOften filtered, used with port 21
File Transfer Protocol control
File SharinghighAnonymous login, credential brute-force, bounce attacks
Secure Shell
Remote AccesshighBrute-force, key-based attacks, tunneling
Unencrypted remote access
Remote AccesshighCleartext credentials, legacy systems
Simple Mail Transfer Protocol
EmailhighOpen relay, user enumeration (VRFY)
Domain Name System
InfrastructuremediumZone transfers (AXFR), DNS tunneling
DHCP Server
InfrastructurelowRogue DHCP, starvation attacks
DHCP Client
InfrastructurelowClient-side attacks
Trivial File Transfer
File SharinghighNo authentication, file retrieval
Web Server
WebmediumWeb app attacks, directory bruteforce
Kerberos authentication
Directory / ADhighAS-REP roasting, Kerberoasting
Post Office Protocol
EmailmediumCredential brute-force
RPC Port Mapper
InfrastructuremediumEnumerate RPC services
Network Time Protocol
InfrastructuremediumNTP amplification DDoS
Microsoft RPC
InfrastructurehighRPC enumeration, WMI access
NetBIOS Name Service
InfrastructurelowName enumeration
NetBIOS Datagram
InfrastructurelowBrowser service attacks
NetBIOS Session
File SharinghighSMB over NetBIOS, null sessions
Internet Message Access Protocol
EmailmediumEmail access, credential attacks
Simple Network Management
InfrastructurehighCommunity string brute-force, info disclosure
SNMP Traps
InfrastructurelowTrap spoofing
Lightweight Directory Access
Directory / ADhighAnonymous bind, AD enumeration
HTTP over TLS
WebmediumSSL/TLS attacks, web app testing
Server Message Block
File SharinghighEternalBlue, relay attacks, shares
Kerberos password change
Directory / ADlowPassword attacks
IPSec/IKE VPN
VPN / TunnelingmediumVPN enumeration, aggressive mode
Industrial control protocol
OT / IoThighUnauthenticated OT control, device register reads/writes
System Logging
InfrastructuremediumLog injection, info gathering
Line Printer Daemon
InfrastructurelowPrinter exploitation
IBM DB2 Discovery
DatabaselowDatabase enumeration
Apple Filing Protocol
File SharingmediummacOS file sharing attacks
Real Time Streaming Protocol
WeblowCamera/streaming enumeration
SMTP Submission
EmailmediumEmail submission, credential attacks
Microsoft RPC over HTTP
WeblowExchange RPC
Intelligent Platform Management
InfrastructurehighHash dump, cipher zero attack
LDAP over SSL
Directory / ADmediumSecure LDAP enumeration
Remote Sync
File SharingmediumAnonymous access, file retrieval
IMAP over SSL
EmailmediumSecure email access
POP3 over SSL
EmailmediumSecure email retrieval
SOCKS Proxy
VPN / TunnelingmediumProxy pivoting
Java Remote Method Invocation
OtherhighDeserialization attacks
Microsoft SQL Server
DatabasehighSQL injection, xp_cmdshell
SQL Server Browser
DatabasemediumInstance enumeration
Oracle Database
DatabasehighTNS listener attacks
Point-to-Point Tunneling
VPN / TunnelingmediumVPN attacks, MS-CHAPv2 cracking
MQ Telemetry Transport
OT / IoTmediumIoT broker discovery, anonymous publish/subscribe checks
Universal Plug and Play discovery
OT / IoTmediumDevice discovery, amplification risk, unexpected perimeter exposure
Network File System
File SharingmediumShare enumeration, access
Docker API (unencrypted)
DevOps / AdminhighContainer escape, RCE
Docker API (TLS)
DevOps / AdminmediumCertificate attacks
etcd client API
DevOps / AdminhighKubernetes secret exposure, cluster state access
etcd peer communication
DevOps / AdminhighCluster membership exposure, peer trust review
Grafana dashboard or Node development server
Security ToolingmediumDefault credentials, exposed dashboards, dev stack leakage
AD Global Catalog
Directory / ADmediumAD enumeration
AD Global Catalog over SSL
Directory / ADmediumSecure AD enumeration
MySQL Database
DatabasehighCredential attacks, UDF
Remote Desktop Protocol
Remote AccesshighBlueKeep, brute-force, session hijacking
Frontend development server
DevOps / AdminmediumDevelopment build exposure, source maps, internal API clues
Erlang Port Mapper
MessaginglowRabbitMQ, distributed Erlang
Local AWS service emulator
DevOps / AdminmediumLocal cloud emulator exposure, test secrets, weak isolation
Common dev server port
DevOps / AdminmediumDocker Registry, Flask
PostgreSQL Database
DatabasehighDatabase attacks
Elastic dashboard interface
Security ToolingmediumUnauthenticated dashboards, saved objects, data exposure
Alternate Kibana or Elastic UI port
DevOps / AdminmediumExposed admin UI, plugin and version fingerprinting
RabbitMQ
MessagingmediumMessage queue attacks
Constrained Application Protocol
OT / IoTmediumIoT endpoint discovery, unauthenticated resource enumeration
CoAP over DTLS
OT / IoTmediumIoT secure transport review, weak DTLS or exposed resources
Virtual Network Computing
Remote AccesshighAuthentication bypass, brute-force
Windows Remote Management
Remote AccesshighPowerShell remoting
WinRM over HTTPS
Remote AccesshighSecure PS remoting
Redis Database
DatabasehighUnauthenticated access, RCE
Kubernetes API server
DevOps / AdminhighCluster API exposure, authz review, service account token impact
Internet Relay Chat
MessaginglowBotnet C2, info gathering
Oracle WebLogic administration/application port
DevOps / AdminhighAdmin console exposure, deserialization and patch review
Alternative HTTP
Security ToolingmediumDevelopment servers
HTTP Proxy/Alt
DevOps / AdminmediumTomcat, Jenkins, proxies
Artifact repository interface
DevOps / AdminhighRepository browsing, default credentials, dependency tampering risk
Alternate Nexus/Artifactory service port
DevOps / AdminhighExposed repositories, anonymous pull/push, stale components
Splunk management API
Security ToolingmediumAdmin API exposure, app upload impact, credential review
HashiCorp Vault API/UI
DevOps / AdminhighSecret store exposure, auth method and policy review
Alternative HTTPS
WebmediumManagement interfaces
HashiCorp Consul HTTP API/UI
DevOps / AdminhighService catalog exposure, KV secrets, remote exec/config risk
MQTT over TLS
OT / IoThighIoT broker TLS/auth review, certificate and topic access checks
Alternative HTTP
DevOps / AdminmediumJupyter, various apps
PHP-FPM, SonarQube
DevOps / AdminmediumFastCGI attacks
MinIO object storage console
DevOps / AdminmediumObject storage admin exposure, default credentials, bucket policy review
Prometheus metrics UI/API
Security ToolingmediumMetrics disclosure, target inventory, internal labels and secrets
Elasticsearch REST API
Security ToolinghighData exposure, RCE
Git Protocol
File SharingmediumRepository access
Container registry or admin HTTPS interface
DevOps / AdminmediumRegistry exposure, project permissions, image pull/push controls
Web administration interface
DevOps / AdminhighAdmin panel exposure, brute-force, patch and module review
Kubernetes kubelet API
DevOps / AdminhighNode/pod enumeration, exec/log access impact, authz review
Legacy read-only kubelet API
DevOps / AdminhighUnauthenticated pod/node metadata exposure on older clusters
Memcached Cache
DatabasehighData exposure, amplification
MongoDB Database
DatabasehighUnauthenticated access
MongoDB Shard
DatabasemediumShard server access
Building automation and control network
OT / IoTmediumBuilding system discovery, device/object enumeration
SAP Management Console
OthermediumSAP enumeration

Use in authorized environments only

Generated commands are lookup and enumeration helpers. Confirm scope, rate limits, and written authorization before scanning live systems.