Generated docs from job=generate-docs branch=master [ci skip]

README.md

@@ -2,7 +2,7 @@
 
 # Atomic Red Team
 
-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1715-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1716-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
 
 
 Atomic Red Team™ is a library of tests mapped to the

atomics/Indexes/Indexes-CSV/index.csv

@@ -2014,6 +2014,7 @@ discovery,T1046,Network Service Discovery,8,WinPwn - fruit,bb037826-cbe8-4a41-93
 discovery,T1046,Network Service Discovery,9,Network Service Discovery for Containers,06eaafdb-8982-426e-8a31-d572da633caa,sh
 discovery,T1046,Network Service Discovery,10,Port-Scanning /24 Subnet with PowerShell,05df2a79-dba6-4088-a804-9ca0802ca8e4,powershell
 discovery,T1046,Network Service Discovery,11,Remote Desktop Services Discovery via PowerShell,9e55750e-4cbf-4013-9627-e9a045b541bf,powershell
+discovery,T1046,Network Service Discovery,12,Port Scan using nmap (Port range),0d5a2b03-3a26-45e4-96ae-89485b4d1f97,sh
 discovery,T1518,Software Discovery,1,Find and Display Internet Explorer Browser Version,68981660-6670-47ee-a5fa-7e74806420a4,command_prompt
 discovery,T1518,Software Discovery,2,Applications Installed,c49978f6-bd6e-4221-ad2c-9e3e30cc1e3b,powershell
 discovery,T1518,Software Discovery,3,Find and Display Safari Browser Version,103d6533-fd2a-4d08-976a-4a598565280f,sh

atomics/Indexes/Indexes-CSV/linux-index.csv

@@ -385,6 +385,7 @@ discovery,T1018,Remote System Discovery,14,Remote System Discovery - netstat,d27
 discovery,T1018,Remote System Discovery,15,Remote System Discovery - ip tcp_metrics,6c2da894-0b57-43cb-87af-46ea3b501388,sh
 discovery,T1046,Network Service Discovery,1,Port Scan,68e907da-2539-48f6-9fc9-257a78c05540,bash
 discovery,T1046,Network Service Discovery,2,Port Scan Nmap,515942b0-a09f-4163-a7bb-22fefb6f185f,sh
+discovery,T1046,Network Service Discovery,12,Port Scan using nmap (Port range),0d5a2b03-3a26-45e4-96ae-89485b4d1f97,sh
 discovery,T1124,System Time Discovery,3,System Time Discovery in FreeBSD/macOS,f449c933-0891-407f-821e-7916a21a1a6f,sh
 execution,T1053.003,Scheduled Task/Job: Cron,1,Cron - Replace crontab with referenced file,435057fb-74b1-410e-9403-d81baf194f75,sh
 execution,T1053.003,Scheduled Task/Job: Cron,2,Cron - Add script to all cron subfolders,b7d42afa-9086-4c8a-b7b0-8ea3faa6ebb0,bash

atomics/Indexes/Indexes-CSV/macos-index.csv

@@ -255,6 +255,7 @@ discovery,T1018,Remote System Discovery,6,Remote System Discovery - arp nix,acb6
 discovery,T1018,Remote System Discovery,7,Remote System Discovery - sweep,96db2632-8417-4dbb-b8bb-a8b92ba391de,sh
 discovery,T1046,Network Service Discovery,1,Port Scan,68e907da-2539-48f6-9fc9-257a78c05540,bash
 discovery,T1046,Network Service Discovery,2,Port Scan Nmap,515942b0-a09f-4163-a7bb-22fefb6f185f,sh
+discovery,T1046,Network Service Discovery,12,Port Scan using nmap (Port range),0d5a2b03-3a26-45e4-96ae-89485b4d1f97,sh
 discovery,T1518,Software Discovery,3,Find and Display Safari Browser Version,103d6533-fd2a-4d08-976a-4a598565280f,sh
 discovery,T1124,System Time Discovery,3,System Time Discovery in FreeBSD/macOS,f449c933-0891-407f-821e-7916a21a1a6f,sh
 execution,T1053.003,Scheduled Task/Job: Cron,1,Cron - Replace crontab with referenced file,435057fb-74b1-410e-9403-d81baf194f75,sh

atomics/Indexes/Indexes-Markdown/index.md

@@ -2716,6 +2716,7 @@
   - Atomic Test #9: Network Service Discovery for Containers [containers]
   - Atomic Test #10: Port-Scanning /24 Subnet with PowerShell [windows]
   - Atomic Test #11: Remote Desktop Services Discovery via PowerShell [windows]
+  - Atomic Test #12: Port Scan using nmap (Port range) [linux, macos]
 - [T1518 Software Discovery](../../T1518/T1518.md)
   - Atomic Test #1: Find and Display Internet Explorer Browser Version [windows]
   - Atomic Test #2: Applications Installed [windows]

atomics/Indexes/Indexes-Markdown/linux-index.md

@@ -796,6 +796,7 @@
 - [T1046 Network Service Discovery](../../T1046/T1046.md)
   - Atomic Test #1: Port Scan [linux, macos]
   - Atomic Test #2: Port Scan Nmap [linux, macos]
+  - Atomic Test #12: Port Scan using nmap (Port range) [linux, macos]
 - T1518 Software Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1622 Debugger Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1124 System Time Discovery](../../T1124/T1124.md)

atomics/Indexes/Indexes-Markdown/macos-index.md

@@ -699,6 +699,7 @@
 - [T1046 Network Service Discovery](../../T1046/T1046.md)
   - Atomic Test #1: Port Scan [linux, macos]
   - Atomic Test #2: Port Scan Nmap [linux, macos]
+  - Atomic Test #12: Port Scan using nmap (Port range) [linux, macos]
 - [T1518 Software Discovery](../../T1518/T1518.md)
   - Atomic Test #3: Find and Display Safari Browser Version [macos]
 - T1622 Debugger Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)

atomics/Indexes/index.yaml

@@ -109432,6 +109432,41 @@ discovery:
           '
         name: powershell
         elevation_required: true
+    - name: Port Scan using nmap (Port range)
+      auto_generated_guid: 0d5a2b03-3a26-45e4-96ae-89485b4d1f97
+      description: 'Scan multiple ports to check for listening ports with nmap
+
+        '
+      supported_platforms:
+      - linux
+      - macos
+      input_arguments:
+        host:
+          description: Host(s) to scan.
+          type: string
+          default: 127.0.0.1
+        port_range:
+          description: Port range(s) to scan.
+          type: string
+          default: 0-65535
+      dependency_executor_name: sh
+      dependencies:
+      - description: 'Check if nmap command exists on the machine
+
+          '
+        prereq_command: 'if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1;
+          fi;
+
+          '
+        get_prereq_command: "(which yum && yum -y install epel-release nmap)||(which
+          apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap)||(which
+          pkg && pkg install -y nmap)||(which brew && brew install nmap)\n"
+      executor:
+        command: 'nmap -Pn -sV -p #{port_range} #{host}
+
+          '
+        elevation_required: true
+        name: sh
   T1518:
     technique:
       modified: '2024-04-16T00:16:06.689Z'

atomics/Indexes/linux-index.yaml

@@ -63484,6 +63484,41 @@ discovery:
           nc -nv #{host} #{port}
         name: sh
         elevation_required: true
+    - name: Port Scan using nmap (Port range)
+      auto_generated_guid: 0d5a2b03-3a26-45e4-96ae-89485b4d1f97
+      description: 'Scan multiple ports to check for listening ports with nmap
+
+        '
+      supported_platforms:
+      - linux
+      - macos
+      input_arguments:
+        host:
+          description: Host(s) to scan.
+          type: string
+          default: 127.0.0.1
+        port_range:
+          description: Port range(s) to scan.
+          type: string
+          default: 0-65535
+      dependency_executor_name: sh
+      dependencies:
+      - description: 'Check if nmap command exists on the machine
+
+          '
+        prereq_command: 'if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1;
+          fi;
+
+          '
+        get_prereq_command: "(which yum && yum -y install epel-release nmap)||(which
+          apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap)||(which
+          pkg && pkg install -y nmap)||(which brew && brew install nmap)\n"
+      executor:
+        command: 'nmap -Pn -sV -p #{port_range} #{host}
+
+          '
+        elevation_required: true
+        name: sh
   T1518:
     technique:
       modified: '2024-04-16T00:16:06.689Z'

atomics/Indexes/macos-index.yaml

@@ -58513,6 +58513,41 @@ discovery:
           nc -nv #{host} #{port}
         name: sh
         elevation_required: true
+    - name: Port Scan using nmap (Port range)
+      auto_generated_guid: 0d5a2b03-3a26-45e4-96ae-89485b4d1f97
+      description: 'Scan multiple ports to check for listening ports with nmap
+
+        '
+      supported_platforms:
+      - linux
+      - macos
+      input_arguments:
+        host:
+          description: Host(s) to scan.
+          type: string
+          default: 127.0.0.1
+        port_range:
+          description: Port range(s) to scan.
+          type: string
+          default: 0-65535
+      dependency_executor_name: sh
+      dependencies:
+      - description: 'Check if nmap command exists on the machine
+
+          '
+        prereq_command: 'if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1;
+          fi;
+
+          '
+        get_prereq_command: "(which yum && yum -y install epel-release nmap)||(which
+          apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap)||(which
+          pkg && pkg install -y nmap)||(which brew && brew install nmap)\n"
+      executor:
+        command: 'nmap -Pn -sV -p #{port_range} #{host}
+
+          '
+        elevation_required: true
+        name: sh
   T1518:
     technique:
       modified: '2024-04-16T00:16:06.689Z'

atomics/T1046/T1046.md

@@ -34,6 +34,8 @@ Within macOS environments, adversaries may use the native Bonjour application to
 
 - [Atomic Test #11 - Remote Desktop Services Discovery via PowerShell](#atomic-test-11---remote-desktop-services-discovery-via-powershell)
 
+- [Atomic Test #12 - Port Scan using nmap (Port range)](#atomic-test-12---port-scan-using-nmap-port-range)
+
 
 <br/>
 
@@ -520,4 +522,50 @@ Get-Service -Name "Remote Desktop Services", "Remote Desktop Configuration"
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #12 - Port Scan using nmap (Port range)
+Scan multiple ports to check for listening ports with nmap
+
+**Supported Platforms:** Linux, macOS
+
+
+**auto_generated_guid:** 0d5a2b03-3a26-45e4-96ae-89485b4d1f97
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| host | Host(s) to scan. | string | 127.0.0.1|
+| port_range | Port range(s) to scan. | string | 0-65535|
+
+
+#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
+
+
+```sh
+nmap -Pn -sV -p #{port_range} #{host}
+```
+
+
+
+
+#### Dependencies:  Run with `sh`!
+##### Description: Check if nmap command exists on the machine
+##### Check Prereq Commands:
+```sh
+if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1; fi;
+```
+##### Get Prereq Commands:
+```sh
+(which yum && yum -y install epel-release nmap)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap)||(which pkg && pkg install -y nmap)||(which brew && brew install nmap)
+```
+
+
+
+
 <br/>

atomics/T1046/T1046.yaml

@@ -278,6 +278,7 @@ atomic_tests:
     name: powershell
     elevation_required: true
 - name: Port Scan using nmap (Port range)
+  auto_generated_guid: 0d5a2b03-3a26-45e4-96ae-89485b4d1f97
   description: |
     Scan multiple ports to check for listening ports with nmap
   supported_platforms:

atomics/used_guids.txt

@@ -1739,3 +1739,4 @@ a4b74723-5cee-4300-91c3-5e34166909b4
 7b5d350e-f758-43cc-a761-8e3f6b052a03
 8e139e1f-1f3a-4be7-901d-afae9738c064
 1aea6d15-70f1-4b4e-8b02-397b5d5ffe75
+0d5a2b03-3a26-45e4-96ae-89485b4d1f97