List Nmap Top Ports
Purpose
If you're running a lengthy nmap
scan and do not want to enumerate all 65,535 TCP (or UDP) ports. You may opt to use the --top-ports
scan option to reduce the duration of the scan. But, you may wonder which ports exactly you may be targeting when you choose a top-ports scan.
Method
# Top TCP Ports
# Expands port ranges in ###-### notation to an array
# In addition to other ports in the array
num_ports=100
tcp_ports=( $(nmap -sT --top-ports $num_ports -v -oG - 2>/dev/null | grep TCP | cut -d ';' -f 2 | cut -d ')' -f 1 | tr ',', "\n") )
for port in $tcp_ports ; do
if [[ "$port" =~ '[0-9]{1,}\-[0-9]{1,}' ]]; then
startRange=$(echo $port | cut -d '-' -f 1)
endRange=$(echo $port | cut -d '-' -f 2)
for port in {$startRange..$endRange} ; do echo $port ; done
else
echo $port
fi
done
# Top UDP Ports
# Expands port ranges in ###-### notation to an array
# In addition to other ports in the array
num_ports=100
udp_ports=( $(sudo nmap -sU --top-ports $num_ports -v -oG - 2>/dev/null | grep UDP | cut -d ';' -f 3 | cut -d ')' -f 1 | tr ',', "\n") )
for port in $udp_ports ; do
if [[ "$port" =~ '[0-9]{1,}\-[0-9]{1,}' ]]; then
startRange=$(echo $port | cut -d '-' -f 1)
endRange=$(echo $port | cut -d '-' -f 2)
for port in {$startRange..$endRange} ; do echo $port ; done
else
echo $port
fi
done
This works by passing nothing to stdin
causing nmap
to scan no hosts, but still return the top ports output. You need sudo
privileges for the UDP output due to nmap
requiring root to create UDP packets.