Pentesting network services
Port numbers range from 1 to 65,535, with the range of well-known ports 1 to 1,023 being reserved for privileged services. Port 0 is a reserved port in TCP/IP networking and is not used in TCP or UDP messages. If anything attempts to bind to port 0 (such as a service), it will bind to the next available port above port 1,024 because port 0 is treated as a "wild card" port.
See Pentesting network services.
To locate easily one: https://www.cheatsheet.wtf/PortNumbers/
All ports in raw: https://raw.githubusercontent.com/maraisr/ports-list/master/all.csv.
TCP
| Protocol | Acronym | Port | Description | Tools | |
|---|---|---|---|---|---|
| File Transfer Protocol | FTP |
20-21 |
Used to transfer files | ftp, lftp , ncftp, filezilla, crossftp | |
| Secure Shell | SSH |
22 |
Secure remote login service | ||
| Telnet | Telnet |
23 |
Remote login service | ||
| Simple Network Management Protocol | SNMP |
161-162 |
Manage network devices | ||
| Hyper Text Transfer Protocol | HTTP |
80 |
Used to transfer webpages | ||
| Hyper Text Transfer Protocol Secure | HTTPS |
443 |
Used to transfer secure webpages | ||
| Domain Name System | DNS |
53 |
Lookup domain names | ||
| Trivial File Transfer Protocol | TFTP |
69 |
Used to transfer files | ||
| Network Time Protocol | NTP |
123 |
Synchronize computer clocks | ||
| Simple Mail Transfer Protocol | SMTP |
25 |
Used for email transfer | Thunderbird, Claws, Geary, MailSpring, mutt, mailutils, sendEmail, swaks, sendmail. | |
| Post Office Protocol | POP3 |
110 |
Used to retrieve emails | ||
| Internet Message Access Protocol | IMAP |
143 |
Used to access emails | ||
| Server Message Block | SMB |
445 |
Used to transfer files | Samba Suite, smbclient, crackmapexec, SMBMap, smbexec.py, psexec.py, Impacket | |
| Network File System | NFS |
111, 2049 |
Used to mount remote systems | ||
| Bootstrap Protocol | BOOTP |
67, 68 |
Used to bootstrap computers | ||
| Kerberos | Kerberos |
88 |
Used for authentication and authorization | ||
| Lightweight Directory Access Protocol | LDAP |
389 |
Used for directory services | ||
| Remote Authentication Dial-In User Service | RADIUS |
1812, 1813 |
Used for authentication and authorization | ||
| Dynamic Host Configuration Protocol | DHCP |
67, 68 |
Used to configure IP addresses | ||
| Remote Desktop Protocol | RDP |
3389 |
Used for remote desktop access | ||
| Network News Transfer Protocol | NNTP |
119 |
Used to access newsgroups | ||
| Remote Procedure Call | RPC |
135, 137-139 |
Used to call remote procedures | ||
| Identification Protocol | Ident |
113 |
Used to identify user processes | ||
| Internet Control Message Protocol | ICMP |
0-255 |
Used to troubleshoot network issues | ||
| Internet Group Management Protocol | IGMP |
0-255 |
Used for multicasting | ||
| Oracle DB (Default/Alternative) Listener | oracle-tns |
1521/1526 |
The Oracle database default/alternative listener is a service that runs on the database host and receives requests from Oracle clients. | ||
| Ingres Lock | ingreslock |
1524 |
Ingres database is commonly used for large commercial applications and as a backdoor that can execute commands remotely via RPC. | ||
| Squid Web Proxy | http-proxy |
3128 |
Squid web proxy is a caching and forwarding HTTP web proxy used to speed up a web server by caching repeated requests. | ||
| Secure Copy Protocol | SCP |
22 |
Securely copy files between systems | ||
| Session Initiation Protocol | SIP |
5060 |
Used for VoIP sessions | ||
| Simple Object Access Protocol | SOAP |
80, 443 |
Used for web services | ||
| Secure Socket Layer | SSL |
443 |
Securely transfer files | ||
| TCP Wrappers | TCPW |
113 |
Used for access control | ||
| Network Time Protocol | NTP |
123 |
Synchronize computer clocks | ||
| Internet Security Association and Key Management Protocol | ISAKMP |
500 |
Used for VPN connections | ||
| Microsoft SQL Server | ms-sql-s |
1433 |
Used for client connections to the Microsoft SQL Server. | mssql-cli, mssqlclient.py, dbeaver | |
| Kerberized Internet Negotiation of Keys | KINK |
892 |
Used for authentication and authorization | ||
| Open Shortest Path First | OSPF |
520 |
Used for routing | ||
| Point-to-Point Tunneling Protocol | PPTP |
1723 |
Is used to create VPNs | ||
| Remote Execution | REXEC |
512 |
This protocol is used to execute commands on remote computers and send the output of commands back to the local computer. | ||
| Remote Login | RLOGIN |
513 |
This protocol starts an interactive shell session on a remote computer. | ||
| X Window System | X11 |
6000 |
It is a computer software system and network protocol that provides a graphical user interface (GUI) for networked computers. | ||
| Relational Database Management System | DB2 |
50000 |
RDBMS is designed to store, retrieve and manage data in a structured format for enterprise applications such as financial systems, customer relationship management (CRM) systems. |
UDP
| Protocol | Acronym | Port | Description |
|---|---|---|---|
| Domain Name System | DNS |
53 |
It is a protocol to resolve domain names to IP addresses. |
| Trivial File Transfer Protocol | TFTP |
69 |
It is used to transfer files between systems. |
| Network Time Protocol | NTP |
123 |
It synchronizes computer clocks in a network. |
| Simple Network Management Protocol | SNMP |
161 |
It monitors and manages network devices remotely. |
| Routing Information Protocol | RIP |
520 |
It is used to exchange routing information between routers. |
| Internet Key Exchange | IKE |
500 |
Internet Key Exchange |
| Bootstrap Protocol | BOOTP |
68 |
It is used to bootstrap hosts in a network. |
| Dynamic Host Configuration Protocol | DHCP |
67 |
It is used to assign IP addresses to devices in a network dynamically. |
| Telnet | TELNET |
23 |
It is a text-based remote access communication protocol. |
| MySQL | MySQL |
3306 |
It is an open-source database management system. |
| Terminal Server | TS |
3389 |
It is a remote access protocol used for Microsoft Windows Terminal Services by default. |
| NetBIOS Name | netbios-ns |
137 |
It is used in Windows operating systems to resolve NetBIOS names to IP addresses on a LAN. |
| Microsoft SQL Server | ms-sql-m |
1434 |
Used for the Microsoft SQL Server Browser service. |
| Universal Plug and Play | UPnP |
1900 |
It is a protocol for devices to discover each other on the network and communicate. |
| PostgreSQL | PGSQL |
5432 |
It is an object-relational database management system. |
| Virtual Network Computing | VNC |
5900 |
It is a graphical desktop sharing system. |
| X Window System | X11 |
6000-6063 |
It is a computer software system and network protocol that provides GUI on Unix-like systems. |
| Syslog | SYSLOG |
514 |
It is a standard protocol to collect and store log messages on a computer system. |
| Internet Relay Chat | IRC |
194 |
It is a real-time Internet text messaging (chat) or synchronous communication protocol. |
| OpenPGP | OpenPGP |
11371 |
It is a protocol for encrypting and signing data and communications. |
| Internet Protocol Security | IPsec |
500 |
IPsec is also a protocol that provides secure, encrypted communication. It is commonly used in VPNs to create a secure tunnel between two devices. |
| Internet Key Exchange | IKE |
11371 |
It is a protocol for encrypting and signing data and communications. |
| X Display Manager Control Protocol | XDMCP |
177 |
XDMCP is a network protocol that allows a user to remotely log in to a computer running the X11. |
