CircleCI Atomic Red Team doc generator
58 lines
1.6 KiB
Markdown
58 lines
1.6 KiB
Markdown
# T1046 - Network Service Scanning
|
|
## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1046)
|
|
<blockquote>Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans using tools that are brought onto a system.
|
|
|
|
Within cloud environments, adversaries may attempt to discover services running on other cloud hosts or cloud services enabled within the environment. Additionally, if the cloud environment is connected to a on-premises environment, adversaries may be able to identify services running on non-cloud systems.</blockquote>
|
|
|
|
## Atomic Tests
|
|
|
|
- [Atomic Test #1 - Port Scan](#atomic-test-1---port-scan)
|
|
|
|
- [Atomic Test #2 - Port Scan Nmap](#atomic-test-2---port-scan-nmap)
|
|
|
|
|
|
<br/>
|
|
|
|
## Atomic Test #1 - Port Scan
|
|
Scan ports to check for listening ports
|
|
|
|
**Supported Platforms:** Linux, macOS
|
|
|
|
|
|
#### Run it with `sh`!
|
|
```
|
|
for port in {1..65535};
|
|
do
|
|
echo >/dev/tcp/192.168.1.1/$port && echo "port $port is open" || echo "port $port is closed" : ;
|
|
done
|
|
```
|
|
|
|
|
|
|
|
<br/>
|
|
<br/>
|
|
|
|
## Atomic Test #2 - Port Scan Nmap
|
|
Scan ports to check for listening ports with Nmap.
|
|
|
|
**Supported Platforms:** Linux, macOS
|
|
|
|
|
|
#### Inputs
|
|
| Name | Description | Type | Default Value |
|
|
|------|-------------|------|---------------|
|
|
| network_range | Network Range to Scan. | string | 192.168.1.0/24|
|
|
| port | Ports to scan. | string | 80|
|
|
| host | Host to scan. | string | 192.168.1.1|
|
|
|
|
#### Run it with `sh`!
|
|
```
|
|
nmap -sS #{network_range} -p #{port}
|
|
telnet #{host} #{port}
|
|
nc -nv #{host} #{port}
|
|
```
|
|
|
|
|
|
|
|
<br/>
|