nmap-I have a list of ip addresses I want to scan on only port 21

[Quinnifer]

I have done this before but it has been forever and I can't find how I used to do it. Using nmap, I have a list of ip addresses I want to scan on only port 21. My breakdown would be to tell nmap to check a txt file for the ip's and then scan each one for accessible ports on port 21 and return a list of those ports. In case there is a better way than I have stated here is more info on what I am doing. I used an old spider I wrote years ago to locate ftp's that are open (no user/pass) and it made me a txt file of the ones it found. Used to this list would mean I only had to ftp in and I was ok. But now for some reason the list it returned of ip's will only let me ftp into maybe 1 out of every 4 or 5. This spider I wrote back in 99 or 2000 so things have changed somewhere. I have not needed to do this for that long so it has been sitting. Now I have a need to locate open/unsecured ftps and have spent the day trying to find a better way between taking calls so I am finally asking for help! Thanks

[digininja]

what are you looking for these services for?

[Quinnifer]

Brushing up on my auditing skills because in a couple of months I start a new job where my main responsibility will be auditing  large blocks of ftp for an isp.

[digininja]

This should work

nmap -iL <list of IPs> -p 21 -oA ftp_test  --script ftp-anon

 

[Quinnifer]

My eyes are buggin here. Correct me if I am wrong which I may be, but this cannot be modified to can more ip's can it. To do more IP's would require a .cvs file or something? I also didn't realize there was a script for this.  I knew I needed some brushing up on nmap but I may need more than I thought.

[digininja]

-iL takes a file full of IPs, subnets or anything else that resolves to a host you want to give it. It can be as long as you want.

[Quinnifer]

I made a mistake with that question. I meant ports.

[digininja]

To specify other ports add them to -p

-p 21,2121,1234

[digip]

Off topic, just wondering if your first name is Quinn? Just curious, as that is my oldest daughters name, and also one of her nicknames is Quinnifer.

[0phoi5]

11 hours ago, digip said:

Off topic, just wondering if your first name is Quinn? Just curious, as that is my oldest daughters name, and also one of her nicknames is Quinnifer.

Potential long-lost father/daughter hacker team? I feel a movie coming on.

[Quinnifer]

Since I only get 4 posts per day right now I am gonna use this to cram a good bit in.

digip, I am the opposite of your daughter my birth name is Quinnifer but I am called Quinn. Quinn in my mothers maiden name and she is related to Anthony Quinn. My mothers first name is Jennifer so she carried her maiden name over with her name thus I am named Quinnifer.

 

digininja, using your

nmap -iL <list of IPs> -p 21 -oA ftp_test  --script ftp-anon

I couldn't get to work. I played around a bit though and found that this worked 

nmap -p21 --script ftp-anon -iL c:\<ip's>.txt

If I may add to the original question. Using my nmap -p21 --script ftp-anon -iL c:\<ip's>.txt can I change it some and have nmap scan a range of ip's and then I can do away with my program I wrote years ago and use nmap for the whole thing. Right now I am using my old program to scan a range of ip's then exporting a list to a .txt file and then having nmap scan that list of IP's for open ftp's. The process is lengthy. When I start my new job I will be working from home but nmap proficiency is required, so I am trying to cram in more to what I know and hate wasted steps.

I also want to thank you for your assistance thus far.

 

[digininja]

As the difference is the -oA, it probably failed trying to write the log file out if you were in a directory you didn't have write access to.

Which bit is nmap not doing for you? You give it a list or range of IPs and it will scan them for the open ports and then test for anonymous access on any it finds. What additional work is your own script doing?

 

 

[Quinnifer]

So your saying using the .txt with the range like (example 24.235.100.000/200.000 or like this 24.235.100.000- 24.235.200.000) and it will scan through. I am using a program I wrote years ago to perform the search for open ports between ranges and then exporting to a file for nmap to scan to see which ones are able to be logged into. Way back when I wrote the program there wasn't anything around that did what I wanted it to do. So if I can use nmap to perform everything then that is what I would like to do.

[digininja]

They have a whole range of ways to specify the ranges

https://nmap.org/book/man-target-specification.html

When did you last do this as nmap has been out since early 1999

[Quinnifer]

On 5/23/2017 at 1:54 PM, Quinnifer said:

This spider I wrote back in 99 or 2000 so things have changed somewhere.

I have used nmap off and on but was moving in a different direction so I only played with it. Till now anyways. This may be my last posting allowed so I was wondering how long the limit lasts.

[digininja]

Not sure what the limit is, @Digi-p will know though.

[digip]

What I miss? limit for what now?

[digininja]

New members have a limit on the number of posts they can do in a day or something like that. Just wondering when it clears.

[digip]

I didn't know there was a daily limit for new users. I knew they put limits on show many posts before you can edit and post links generally, but I see a lot of that has changed over the years. I'm not a forum admin, so I don't see any of that side of things, but mrprotocol or seb would probably know.

[Quinnifer]

Yes, if I post 4 times then on the 5th I do not have the "Reply To This Post" and it includes private messages also.

[digininja]

Back on topic, is your port scanning problem answered now?

[Quinnifer]

Yes and I thank you all very much. This thread I suppose is done. I have been playing with nmap like crazy and I am picking it up pretty well although I am sure I will have more questions but maybe now I can browse more and be of some help to some others.