Pentesting network services
Port numbers range from 1 to 65,535, with the range of well-known ports 1 to 1,023 being reserved for privileged services. Port 0 is a reserved port in TCP/IP networking and is not used in TCP or UDP messages. If anything attempts to bind to port 0 (such as a service), it will bind to the next available port above port 1,024 because port 0 is treated as a "wild card" port.
See Pentesting network services.
To locate easily one: https://www.cheatsheet.wtf/PortNumbers/
All ports in raw: https://raw.githubusercontent.com/maraisr/ports-list/master/all.csv.
TCP
Protocol | Acronym | Port | Description | Tools | |
---|---|---|---|---|---|
File Transfer Protocol | FTP |
20-21 |
Used to transfer files | ftp, lftp , ncftp, filezilla, crossftp | |
Secure Shell | SSH |
22 |
Secure remote login service | ||
Telnet | Telnet |
23 |
Remote login service | ||
Simple Network Management Protocol | SNMP |
161-162 |
Manage network devices | ||
Hyper Text Transfer Protocol | HTTP |
80 |
Used to transfer webpages | ||
Hyper Text Transfer Protocol Secure | HTTPS |
443 |
Used to transfer secure webpages | ||
Domain Name System | DNS |
53 |
Lookup domain names | ||
Trivial File Transfer Protocol | TFTP |
69 |
Used to transfer files | ||
Network Time Protocol | NTP |
123 |
Synchronize computer clocks | ||
Simple Mail Transfer Protocol | SMTP |
25 |
Used for email transfer | Thunderbird, Claws, Geary, MailSpring, mutt, mailutils, sendEmail, swaks, sendmail. | |
Post Office Protocol | POP3 |
110 |
Used to retrieve emails | ||
Internet Message Access Protocol | IMAP |
143 |
Used to access emails | ||
Server Message Block | SMB |
445 |
Used to transfer files | Samba Suite, smbclient, crackmapexec, SMBMap, smbexec.py, psexec.py, Impacket | |
Network File System | NFS |
111 , 2049 |
Used to mount remote systems | ||
Bootstrap Protocol | BOOTP |
67 , 68 |
Used to bootstrap computers | ||
Kerberos | Kerberos |
88 |
Used for authentication and authorization | ||
Lightweight Directory Access Protocol | LDAP |
389 |
Used for directory services | ||
Remote Authentication Dial-In User Service | RADIUS |
1812 , 1813 |
Used for authentication and authorization | ||
Dynamic Host Configuration Protocol | DHCP |
67 , 68 |
Used to configure IP addresses | ||
Remote Desktop Protocol | RDP |
3389 |
Used for remote desktop access | ||
Network News Transfer Protocol | NNTP |
119 |
Used to access newsgroups | ||
Remote Procedure Call | RPC |
135 , 137-139 |
Used to call remote procedures | ||
Identification Protocol | Ident |
113 |
Used to identify user processes | ||
Internet Control Message Protocol | ICMP |
0-255 |
Used to troubleshoot network issues | ||
Internet Group Management Protocol | IGMP |
0-255 |
Used for multicasting | ||
Oracle DB (Default/Alternative) Listener | oracle-tns |
1521 /1526 |
The Oracle database default/alternative listener is a service that runs on the database host and receives requests from Oracle clients. | ||
Ingres Lock | ingreslock |
1524 |
Ingres database is commonly used for large commercial applications and as a backdoor that can execute commands remotely via RPC. | ||
Squid Web Proxy | http-proxy |
3128 |
Squid web proxy is a caching and forwarding HTTP web proxy used to speed up a web server by caching repeated requests. | ||
Secure Copy Protocol | SCP |
22 |
Securely copy files between systems | ||
Session Initiation Protocol | SIP |
5060 |
Used for VoIP sessions | ||
Simple Object Access Protocol | SOAP |
80 , 443 |
Used for web services | ||
Secure Socket Layer | SSL |
443 |
Securely transfer files | ||
TCP Wrappers | TCPW |
113 |
Used for access control | ||
Network Time Protocol | NTP |
123 |
Synchronize computer clocks | ||
Internet Security Association and Key Management Protocol | ISAKMP |
500 |
Used for VPN connections | ||
Microsoft SQL Server | ms-sql-s |
1433 |
Used for client connections to the Microsoft SQL Server. | mssql-cli, mssqlclient.py, dbeaver | |
Kerberized Internet Negotiation of Keys | KINK |
892 |
Used for authentication and authorization | ||
Open Shortest Path First | OSPF |
520 |
Used for routing | ||
Point-to-Point Tunneling Protocol | PPTP |
1723 |
Is used to create VPNs | ||
Remote Execution | REXEC |
512 |
This protocol is used to execute commands on remote computers and send the output of commands back to the local computer. | ||
Remote Login | RLOGIN |
513 |
This protocol starts an interactive shell session on a remote computer. | ||
X Window System | X11 |
6000 |
It is a computer software system and network protocol that provides a graphical user interface (GUI) for networked computers. | ||
Relational Database Management System | DB2 |
50000 |
RDBMS is designed to store, retrieve and manage data in a structured format for enterprise applications such as financial systems, customer relationship management (CRM) systems. |
UDP
Protocol | Acronym | Port | Description |
---|---|---|---|
Domain Name System | DNS |
53 |
It is a protocol to resolve domain names to IP addresses. |
Trivial File Transfer Protocol | TFTP |
69 |
It is used to transfer files between systems. |
Network Time Protocol | NTP |
123 |
It synchronizes computer clocks in a network. |
Simple Network Management Protocol | SNMP |
161 |
It monitors and manages network devices remotely. |
Routing Information Protocol | RIP |
520 |
It is used to exchange routing information between routers. |
Internet Key Exchange | IKE |
500 |
Internet Key Exchange |
Bootstrap Protocol | BOOTP |
68 |
It is used to bootstrap hosts in a network. |
Dynamic Host Configuration Protocol | DHCP |
67 |
It is used to assign IP addresses to devices in a network dynamically. |
Telnet | TELNET |
23 |
It is a text-based remote access communication protocol. |
MySQL | MySQL |
3306 |
It is an open-source database management system. |
Terminal Server | TS |
3389 |
It is a remote access protocol used for Microsoft Windows Terminal Services by default. |
NetBIOS Name | netbios-ns |
137 |
It is used in Windows operating systems to resolve NetBIOS names to IP addresses on a LAN. |
Microsoft SQL Server | ms-sql-m |
1434 |
Used for the Microsoft SQL Server Browser service. |
Universal Plug and Play | UPnP |
1900 |
It is a protocol for devices to discover each other on the network and communicate. |
PostgreSQL | PGSQL |
5432 |
It is an object-relational database management system. |
Virtual Network Computing | VNC |
5900 |
It is a graphical desktop sharing system. |
X Window System | X11 |
6000-6063 |
It is a computer software system and network protocol that provides GUI on Unix-like systems. |
Syslog | SYSLOG |
514 |
It is a standard protocol to collect and store log messages on a computer system. |
Internet Relay Chat | IRC |
194 |
It is a real-time Internet text messaging (chat) or synchronous communication protocol. |
OpenPGP | OpenPGP |
11371 |
It is a protocol for encrypting and signing data and communications. |
Internet Protocol Security | IPsec |
500 |
IPsec is also a protocol that provides secure, encrypted communication. It is commonly used in VPNs to create a secure tunnel between two devices. |
Internet Key Exchange | IKE |
11371 |
It is a protocol for encrypting and signing data and communications. |
X Display Manager Control Protocol | XDMCP |
177 |
XDMCP is a network protocol that allows a user to remotely log in to a computer running the X11. |