From 16e48bb1b02889bf3264c1abe34de3d09f868df3 Mon Sep 17 00:00:00 2001
From: Swelc <shane@swelcher.com>
Date: Mon, 2 Jul 2018 20:50:37 -0500
Subject: [PATCH] Added additional Port Scanning options and cleaned up
 existing.

---
 atomics/T1046/T1046.yaml | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/atomics/T1046/T1046.yaml b/atomics/T1046/T1046.yaml
index e4570819..edae7b32 100644
--- a/atomics/T1046/T1046.yaml
+++ b/atomics/T1046/T1046.yaml
@@ -3,9 +3,9 @@ attack_technique: T1046
 display_name: Network Service Scanning
 
 atomic_tests:
-- name: Scan a bunch of ports to see if they are open
+- name: Port Scan
   description: |
-    xxx
+    Scan ports to check for listening ports
   supported_platforms:
     - linux
     - macos
@@ -16,3 +16,32 @@ atomic_tests:
       do
         echo >/dev/tcp/192.168.1.1/$port && echo "port $port is open" || echo "port $port is closed" : ;
       done
+
+- name: Port Scan Nmap
+  description: |
+    Scan ports to check for listening ports with Nmap.
+
+  supported_platforms:
+    - linux
+    - macos
+
+  input_arguments:
+    network_range:
+      description: Network Range to Scan.
+      type: string
+      default: 192.168.1.0/24
+    port:
+      description: Ports to scan.
+      type: string
+      default: 80
+    host:
+      description: Host to scan.
+      type: string
+      default: 192.168.1.1
+
+  executor:
+    name: sh
+    command: |
+      nmap -sS #{network_range} -p #{port}
+      telnet #{host} #{port}
+      nc -nv #{host} #{port}