How to Scan the Globe for Vulnerable Ports & Services


Welcome back, my hacker novitiates!

Finding vulnerabilities in systems can be one of the most time-consuming tasks for a hacker. There will be times, though, when you’ll find yourself in a position that you know that a particular port represents a vulnerable application or service.

The Story of Max Vision

For example, the gray-hat hacker, Max Bulter, aka Max Vision, the founder of arachNIDS who’s now serving 9 years in federal prison, found that the Aloha Point-of-Sale (POS) system had installed a remote backdoor to all their systems in order to provide technical assistance purposes to their customers.

These Aloha systems are used by small-to-medium sized restaurants that take thousands of credit card numbers each year. Knowing this, Max set a computer program to constantly scan the U.S. for systems that had port 5505 open. This would indicate that the computer was running Alaho’s POS system, as port 5505 is not used by any other common service, and that the vulnerable service was open and available.

When he found the port open, he would then execute an exploit against that port and service and scavenge all the credit card numbers he could. He then sold them for $5 to $50 each bringing him a tidy return for each hack.

How to Scan for Vulnerable Ports

In this tutorial, we’ll write a short script that does exactly what Max Vision was doing and send a report with every IP address of the vulnerable system.

Step 1 :- Open a Text Editor

To create our script, we need to open a text editor. Any of the Linux text editors will work; viemacsgedit (in the GNOME), Kate, or KWrite. In this guide, we’ll use the KWrite editor built into BackTrack5v3 KDE. We simply type in a terminal:

  • kwrite globalportscan.sh

We can name our script anything, but I have chosen to call it globalportscan.sh.

This will open a blank file editor for our script.

Step :- the Script

Now we need to type the following lines in our script file.

  • #!/bin/bash

The required opening of all BASH scripts.

  • nmap -sT -p 5505 -oG aloha

Does an nmap connect scan (-sT) to the subnet of google.com and looks for the port 5505 open and sends the output (-oG) to a file called aloha.

  • cat aloha | grep open > alohaopen

Opens the file aloha and filters (grep) for lines that say open, and stores those lines in a file called alohaopen.

  • cat alohaopen | cut -f2 -d “:” | cut -f1 -d “(” > alohavuln

Opens the file alohaopen and cuts it at the second field (-f2) defined by the delimiter (-d) semicolon (“:”), then pipes that to a second cut command that cuts the file at the first field (-f1) defined by the delimiter (-d) paren (“(“) and saves it into a file named alohavuln.

  • cat alohavuln

Finally, we open and display the file that contains all the IP addresses of systems with port 5505 open.

Step 3 :- Run the Script

Now that you have saved the script, it’s time to run it.

  • sh globalportscan.sh

Now, sit back and wait for your results. It could take a while depending upon how many IP addresses you’re scanning. In our example, we’re only scanning 255 addresses, so it only takes a few minutes, but you could very well set this up to scan millions of addresses, in which you might wait days for results.

Step 4 :- Final Results

We can run this script on any IP address or network. I just used google.com as an example (you’re not likely to find port 5505 open at google.com). You should see results that look something like this:

Of course, this vulnerability is likely closed in nearly all systems now, but this script can easily be edited to scan for other ports and other IP addresses depending upon your needs.

Lovepreet Singh

Bash (Shell) Scripting for Beginners

Previous article

Scripting for the Ambitous Hacker, Part 1 (BASH Basics)

Next article

You may also like


  1. Propecia De 5mg Cialis Mejor Que El Viagra Propecia Online Order Cheap [url=http://genericviabuy.com]viagra online pharmacy[/url] Viagra Online Canada Mastercard

  2. Hi there, You have done an incredible job. I will certainly digg
    it and personally recommend to my friends. I am sure they will be benefited from this site.

  3. I’m gone to say to my little brother, that he should also go to
    see this weblog on regular basis to get updated from newest information.

  4. Zithromax Without Prescription Price Viagra Prices Cephalexin For Dogs Non Perscription [url=http://leviprices.com]realcheaplevitra[/url] Viagra Costo A Confezione

  5. I’m not that much of a online reader to be honest but your sites really nice,
    keep it up! I’ll go ahead and bookmark your site to come back in the future.

    All the best

  6. It’s actually a nice and useful piece of information. I’m satisfied that
    you just shared this useful info with us. Please stay us up to date like this.

    Thank you for sharing.

  7. Everything is very open with a very clear explanation of
    the challenges. It was really informative. Your website is
    useful. Many thanks for sharing!

  8. Definitely believe that which you said. Your favorite justification appeared
    to be on the web the simplest thing to be aware of.
    I say to you, I certainly get irked while people think
    about worries that they plainly do not know about.
    You managed to hit the nail upon the top and also defined out the whole
    thing without having side effect , people can take a
    signal. Will likely be back to get more. Thanks

  9. Hello my family member! I wish to say that this post is amazing, great written and come
    with approximately all important infos. I’d like to look more posts like this .

  10. Wow, awesome blog format! How long have you been running a blog for?
    you made blogging glance easy. The overall look of your web site is wonderful,
    as neatly as the content!

  11. With havin so much content do you ever run into any problems of plagorism or copyright infringement?
    My website has a lot of exclusive content I’ve either authored myself or outsourced but it
    seems a lot of it is popping it up all over the web without my permission. Do you know any methods to help stop content
    from being ripped off? I’d definitely appreciate it.

  12. Nice post. I learn something new and challenging on sites I stumbleupon every day.
    It’s always useful to read content from other authors and practice a little something from their
    web sites.

  13. I constantly spent my half an hour to read
    this blog’s articles all the time along with
    a cup of coffee.

  14. I am really grateful to the holder of this site who
    has shared this enormous post at here.

  15. I think this is among the most vital information for me.
    And i am glad reading your article. But want to remark on few general things,
    The website style is ideal, the articles is really great : D.
    Good job, cheers

  16. … [Trackback]

    […] Read More Info here to that Topic: techandsecurity.net/how-to-scan-the-globe-for-vulnerable-ports-services.html […]

  17. … [Trackback]

    […] Here you will find 60287 more Info on that Topic: techandsecurity.net/how-to-scan-the-globe-for-vulnerable-ports-services.html […]

  18. Do you mind if I quote a few of your articles as long as I provide credit
    and sources back to your site? My website is in the exact same area of interest as yours and my users would
    certainly benefit from some of the information you present here.
    Please let me know if this ok with you. Thanks a lot!

  19. Hi! I could have sworn I’ve been to this blog before but after reading through some of the
    post I realized it’s new to me. Anyhow, I’m definitely happy I found it and I’ll be
    book-marking and checking back frequently!

  20. naturally like your website but you need to check the spelling
    on several of your posts. Many of them are rife with spelling problems and I to find it very bothersome to inform the reality
    nevertheless I’ll certainly come back again.

  21. Hi, always i used to check weblog posts here early in the break of day, since i love
    to find out more and more.

  22. Does your site have a contact page? I’m having a tough time locating it
    but, I’d like to shoot you an e-mail. I’ve got some
    creative ideas for your blog you might be interested in hearing.
    Either way, great site and I look forward to seeing it grow over time.

  23. … [Trackback]

    […] There you can find 61183 more Info to that Topic: techandsecurity.net/how-to-scan-the-globe-for-vulnerable-ports-services.html […]

  24. … [Trackback]

    […] Find More Information here to that Topic: techandsecurity.net/how-to-scan-the-globe-for-vulnerable-ports-services.html […]

  25. … [Trackback]

    […] Find More on that Topic: techandsecurity.net/how-to-scan-the-globe-for-vulnerable-ports-services.html […]

  26. Eh… You are hardly “scanning the globe” by scanning a 24 bit subnet, there does appear to be quite a few valid IP addresses in that scope..

    e.g. To get a list of valid hostnames in that subnet of 254 addresses do:

    for i in $(seq 1 254); do nslookup 74.125.225.${i} >> scan.txt; done && grep name scan.txt | awk {‘print $4’} | cut -d”.” -f1,2,3

    1. You are correct. I used that subnet, just as an example. Obviously, we can expand the IP address range to whatever scale we want. The larger the range, the more time it will take. If we expand the range to the whole globe it will take nearly forever. Its best to pick a small subnet and get a report and then scan another subnet, get a report and repeat…

      If you try to scan the entire globe, we will likely be dead before it has completed. Then our heirs could read the report, I suppose.


  27. Great tutorial! Kudos! Is there a way to set this to scan for multiple ports? For example, ports 1-500 or something like that.

    1. Joshua:

      Yes, but why would you want to do that? The whole point here is to find a port that reveals a particular vulnerability. If you just wanted to get a list of open ports, you could change the second line to read;

      nmap -sT -p 1-500 -oG aloha


  28. hello admin, you website is interesting and the posts are very fascinating. but the problem is , i’m a new bee and i couldn’t figure out where to start. could you suggest some posts for a beginner, related to hacking. And also , i couldn’t remember them after a day. what do you think should i do to learn them perfectly.

Leave a reply

Your email address will not be published. Required fields are marked *