Unique Ports for NMAP Scan

At times, it is nice to have a list of ports for an entire nmap scan.  This can help speed up (but not verify) the work of a vulnerability scanner.  Lets go ahead and kick off our NMAP scan:

root@bt:~# nmap -p 1-65535 -oA test

We get screen output similar to this:

Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-30 10:06 EDT
Interesting ports on xxx.yyy (
Not shown: 65529 filtered ports
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
912/tcp   open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
MAC Address: 11:11:11:11:11:11 (xxx)

So in this case, its very simple 135, 139, 445…  But if we scanned several IPs or even several class C networks, this could be difficult.  So we need a way to do to from a console.

root@bt:~# cat test.nmap | grep '/tcp' | grep -v filtered | cut -d / -f1 | sort -u | tr '\n' ','

Good to go!


Comments are closed