├── .gitignore
├── LICENSE
├── README.md
├── config.py
├── dict
    ├── dns_servers.txt
    ├── next_sub.txt
    ├── next_sub_full.txt
    ├── nmap-services.txt
    ├── port_service.json
    ├── sample_qq.com.txt
    ├── subnames.txt
    ├── subnames_all_5_letters.txt
    └── subnames_full.txt
├── helper.py
├── input
    ├── alldomians.txt
    └── domain.txt
├── output
    └── blank
├── passive
    ├── DuckDuckSearch.py
    ├── GSDFA.py
    ├── certspotter.py
    ├── crtsh.py
    ├── fofa.py
    ├── hacktarget.py
    ├── passive_total.py
    ├── threatcrowd.py
    └── virustotal.py
├── recv.py
├── requirements.txt
├── run.py
├── subDomainsBrute
    ├── .gitignore
    ├── README.md
    ├── __init__.py
    ├── dict
    │   ├── dns_servers.txt
    │   ├── next_sub.txt
    │   ├── next_sub_full.txt
    │   ├── sample_qq.com.txt
    │   ├── subnames.txt
    │   ├── subnames_all_5_letters.txt
    │   └── subnames_full.txt
    ├── lib
    │   ├── __init__.py
    │   └── consle_width.py
    ├── screenshot.png
    └── subDomainsBrute.py
├── takeover
    ├── cloudfront.py
    ├── github_pages.py
    ├── heroku.py
    ├── herokudns.py
    ├── instapage.py
    ├── microsoft_azure_cloudapp.py
    ├── microsoft_trafficmanager.py
    ├── s3.py
    ├── shopify.py
    └── tumblr.py
└── tools.py


/.gitignore:
--------------------------------------------------------------------------------
  1 | .DS_Store
  2 | 
  3 | # Byte-compiled / optimized / DLL files
  4 | __pycache__/
  5 | *.py[cod]
  6 | *$py.class
  7 | 
  8 | # C extensions
  9 | *.so
 10 | 
 11 | # Distribution / packaging
 12 | .Python
 13 | env/
 14 | build/
 15 | develop-eggs/
 16 | dist/
 17 | downloads/
 18 | eggs/
 19 | .eggs/
 20 | lib64/
 21 | parts/
 22 | sdist/
 23 | var/
 24 | wheels/
 25 | *.egg-info/
 26 | .installed.cfg
 27 | *.egg
 28 | 
 29 | # PyInstaller
 30 | #  Usually these files are written by a python script from a template
 31 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 32 | *.manifest
 33 | *.spec
 34 | 
 35 | # Installer logs
 36 | pip-log.txt
 37 | pip-delete-this-directory.txt
 38 | 
 39 | # Unit test / coverage reports
 40 | htmlcov/
 41 | .tox/
 42 | .coverage
 43 | .coverage.*
 44 | .cache
 45 | nosetests.xml
 46 | coverage.xml
 47 | *.cover
 48 | .hypothesis/
 49 | 
 50 | # Translations
 51 | *.mo
 52 | *.pot
 53 | 
 54 | # Django stuff:
 55 | *.log
 56 | local_settings.py
 57 | 
 58 | # Flask stuff:
 59 | instance/
 60 | .webassets-cache
 61 | 
 62 | # Scrapy stuff:
 63 | .scrapy
 64 | 
 65 | # Sphinx documentation
 66 | docs/_build/
 67 | 
 68 | # PyBuilder
 69 | target/
 70 | 
 71 | # Jupyter Notebook
 72 | .ipynb_checkpoints
 73 | 
 74 | # pyenv
 75 | .python-version
 76 | 
 77 | # celery beat schedule file
 78 | celerybeat-schedule
 79 | 
 80 | # SageMath parsed files
 81 | *.sage.py
 82 | 
 83 | # dotenv
 84 | .env
 85 | 
 86 | # virtualenv
 87 | .venv
 88 | venv/
 89 | ENV/
 90 | 
 91 | # Spyder project settings
 92 | .spyderproject
 93 | .spyproject
 94 | 
 95 | # Rope project settings
 96 | .ropeproject
 97 | 
 98 | # mkdocs documentation
 99 | /site
100 | 
101 | # mypy
102 | .mypy_cache/
103 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 5alt
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # ZeroScan
 2 | 
 3 | ZeroScan is a tool that auto gathers subdomains and scan ports.
 4 | 
 5 | ## Ussage
 6 | 
 7 | Put domain name to `input/domain.txt`, then `sudo python run.py`.
 8 | 
 9 | You will get a report in html format and all the detailed scan results in `output` dir.
10 | 
11 | ## License
12 | 
13 | MIT
14 | 
15 | ## Contact
16 | 
17 | http://5alt.me
18 | 
19 | md5_salt [AT] qq.com
20 | 
21 | ## Special Thanks
22 | 
23 | https://github.com/lijiejie/subDomainsBrute
24 | 
25 | https://github.com/AnthraX1/InsightScan
26 | 
27 | https://github.com/We5ter/GSDF
28 | 
29 | https://github.com/michenriksen/aquatone
30 | 
31 | hearmenqin


--------------------------------------------------------------------------------
/config.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | 
 3 | INPUT_DIR = "input"
 4 | INPUT_DOMAIN_FILE = os.path.join(INPUT_DIR, "domain.txt")
 5 | INPUT_ALL_DOMAINS_FILE = os.path.join(INPUT_DIR, "alldomains.txt")
 6 | 
 7 | OUTPUT_DIR = "output"
 8 | 
 9 | IPS = "ips.txt"
10 | REPORT_FILENAME = "report.html"
11 | 
12 | 
13 | ## API Keys
14 | os.environ['virustotal_key'] = ""
15 | os.environ['passivetotal_key'] = ""
16 | os.environ['passivetotal_secret'] = ""
17 | os.environ['fofa_username'] = ""
18 | os.environ['fofa_password'] = ""
19 | 
20 | PASSIVE_SEARCH_DIR = "passive"
21 | TAKEOVER_DIR = 'takeover'


--------------------------------------------------------------------------------
/dict/dns_servers.txt:
--------------------------------------------------------------------------------
1 | 223.5.5.5
2 | 223.6.6.6
3 | 119.29.29.29
4 | 182.254.116.116


--------------------------------------------------------------------------------
/dict/next_sub.txt:
--------------------------------------------------------------------------------
  1 | test
  2 | test2
  3 | t
  4 | dev
  5 | 1
  6 | 2
  7 | 3
  8 | s1
  9 | s2
 10 | s3
 11 | admin
 12 | adm
 13 | a
 14 | ht
 15 | adminht
 16 | webht
 17 | web
 18 | gm
 19 | sys
 20 | system
 21 | manage
 22 | manager
 23 | mgr
 24 | b
 25 | c
 26 | passport
 27 | bata
 28 | wei
 29 | weixin
 30 | wechat
 31 | wx
 32 | wiki
 33 | upload
 34 | ftp
 35 | pic
 36 | jira
 37 | zabbix
 38 | nagios
 39 | bug
 40 | bugzilla
 41 | sql
 42 | mysql
 43 | db
 44 | stmp
 45 | pop
 46 | imap
 47 | mail
 48 | zimbra
 49 | exchange
 50 | forum
 51 | bbs
 52 | list
 53 | count
 54 | counter
 55 | img
 56 | img01
 57 | img02
 58 | img03
 59 | img04
 60 | api
 61 | cache
 62 | js
 63 | css
 64 | app
 65 | apps
 66 | wap
 67 | m
 68 | sms
 69 | zip
 70 | monitor
 71 | proxy
 72 | update
 73 | upgrade
 74 | stat
 75 | stats
 76 | data
 77 | portal
 78 | blog
 79 | autodiscover
 80 | en
 81 | search
 82 | so
 83 | oa
 84 | database
 85 | home
 86 | sso
 87 | help
 88 | vip
 89 | s
 90 | w
 91 | down 
 92 | download
 93 | downloads
 94 | dl
 95 | svn
 96 | git
 97 | log
 98 | staff
 99 | vpn
100 | sslvpn
101 | ssh
102 | scanner
103 | sandbox
104 | ldap
105 | lab
106 | go
107 | demo
108 | console
109 | cms
110 | auth
111 | crm
112 | erp
113 | res
114 | static
115 | old
116 | new
117 | beta
118 | image
119 | service
120 | login
121 | 3g
122 | docs
123 | it
124 | e
125 | live
126 | library
127 | files
128 | i
129 | d
130 | cp
131 | connect
132 | gateway
133 | lib
134 | preview
135 | backup
136 | share
137 | status
138 | assets
139 | user
140 | vote
141 | bugs
142 | cas
143 | feedback
144 | id
145 | edm
146 | survey
147 | union
148 | ceshi
149 | dev1
150 | updates
151 | phpmyadmin
152 | pma
153 | edit
154 | master
155 | xml
156 | control
157 | profile
158 | zhidao
159 | tool
160 | toolbox
161 | boss
162 | activity
163 | www
164 | 


--------------------------------------------------------------------------------
/dict/next_sub_full.txt:
--------------------------------------------------------------------------------
  1 | {alphnum}
  2 | {alphnum}{alphnum}
  3 | test
  4 | test2
  5 | t
  6 | dev
  7 | 1
  8 | 2
  9 | 3
 10 | s1
 11 | s2
 12 | s3
 13 | admin
 14 | adm
 15 | a
 16 | ht
 17 | adminht
 18 | webht
 19 | web
 20 | gm
 21 | sys
 22 | system
 23 | manage
 24 | manager
 25 | mgr
 26 | b
 27 | c
 28 | passport
 29 | bata
 30 | wei
 31 | weixin
 32 | wechat
 33 | wx
 34 | wiki
 35 | upload
 36 | ftp
 37 | pic
 38 | jira
 39 | zabbix
 40 | nagios
 41 | bug
 42 | bugzilla
 43 | sql
 44 | mysql
 45 | db
 46 | stmp
 47 | pop
 48 | imap
 49 | mail
 50 | zimbra
 51 | exchange
 52 | forum
 53 | bbs
 54 | list
 55 | count
 56 | counter
 57 | img
 58 | img01
 59 | img02
 60 | img03
 61 | img04
 62 | api
 63 | cache
 64 | js
 65 | css
 66 | app
 67 | apps
 68 | wap
 69 | m
 70 | sms
 71 | zip
 72 | monitor
 73 | proxy
 74 | update
 75 | upgrade
 76 | stat
 77 | stats
 78 | data
 79 | portal
 80 | blog
 81 | autodiscover
 82 | en
 83 | search
 84 | so
 85 | oa
 86 | database
 87 | home
 88 | sso
 89 | help
 90 | vip
 91 | s
 92 | w
 93 | down
 94 | download
 95 | downloads
 96 | dl
 97 | svn
 98 | git
 99 | log
100 | staff
101 | vpn
102 | sslvpn
103 | ssh
104 | scanner
105 | sandbox
106 | ldap
107 | lab
108 | go
109 | demo
110 | console
111 | cms
112 | auth
113 | crm
114 | erp
115 | res
116 | static
117 | old
118 | new
119 | beta
120 | image
121 | service
122 | login
123 | 3g
124 | docs
125 | it
126 | e
127 | live
128 | library
129 | files
130 | i
131 | d
132 | cp
133 | connect
134 | gateway
135 | lib
136 | preview
137 | backup
138 | share
139 | status
140 | assets
141 | user
142 | vote
143 | bugs
144 | cas
145 | feedback
146 | id
147 | edm
148 | survey
149 | union
150 | ceshi
151 | dev1
152 | updates
153 | phpmyadmin
154 | pma
155 | edit
156 | master
157 | xml
158 | control
159 | profile
160 | zhidao
161 | tool
162 | toolbox
163 | boss
164 | activity
165 | www
166 | smtp
167 | webmail
168 | mx
169 | pop3
170 | ns1
171 | ns2
172 | webdisk
173 | www2
174 | news
175 | cpanel
176 | whm
177 | shop
178 | sip
179 | ns
180 | mobile
181 | www1
182 | email
183 | support
184 | mail2
185 | media
186 | lyncdiscover
187 | secure
188 | video
189 | my
190 | staging
191 | images
192 | dns
193 | info
194 | ns3
195 | mail1
196 | intranet
197 | cdn
198 | lists
199 | dns1
200 | www3
201 | dns2
202 | mobilemail
203 | store
204 | remote
205 | cn
206 | owa
207 | cs
208 | stage
209 | online
210 | jobs
211 | calendar
212 | community
213 | forums
214 | services
215 | dialin
216 | chat
217 | meet
218 | blogs
219 | hr
220 | office
221 | ww
222 | ftp2
223 | legacy
224 | b2b
225 | ns4
226 | v
227 | pda
228 | events
229 | av
230 | edu
231 | down
232 | ads
233 | health
234 | es
235 | english
236 | ad
237 | extranet
238 | helpdesk
239 | training
240 | photo
241 | finance
242 | tv
243 | fr
244 | sc
245 | job
246 | cloud
247 | im
248 | careers
249 | game
250 | archive
251 | get
252 | gis
253 | access
254 | member
255 | mx1
256 | newsletter
257 | de
258 | qa
259 | direct
260 | alumni
261 | mx2
262 | hk
263 | sp
264 | gw
265 | relay
266 | jp
267 | content
268 | file
269 | citrix
270 | vpn2
271 | soft
272 | ssl
273 | server
274 | club
275 | ws
276 | host
277 | book
278 | www4
279 | sh
280 | tools
281 | mail3
282 | ms
283 | mailhost
284 | ca
285 | ntp
286 | ask
287 | sites
288 | sz
289 | spam
290 | wwww
291 | tw
292 | videos
293 | send
294 | music
295 | project
296 | uk
297 | start
298 | mall
299 | ns5
300 | outlook
301 | reports
302 | us
303 | partner
304 | mssql
305 | bj
306 | sharepoint
307 | link
308 | metrics
309 | partners
310 | smtp2
311 | webproxy
312 | mdm
313 | marketing
314 | ts
315 | security
316 | map
317 | ir
318 | fs
319 | origin
320 | travel
321 | feeds
322 | meeting
323 | u
324 | photos
325 | hq
326 | tj
327 | research
328 | pt
329 | members
330 | ru
331 | bm
332 | business
333 | eq
334 | cc
335 | w3
336 | student
337 | auto
338 | dx
339 | p
340 | rs
341 | dns3
342 | vc
343 | gmail
344 | uc
345 | press
346 | web1
347 | localhost
348 | ent
349 | tuan
350 | dj
351 | web2
352 | ss
353 | cnc
354 | vpn1
355 | pay
356 | time
357 | sx
358 | hd
359 | games
360 | lt
361 | projects
362 | g
363 | sales
364 | stream
365 | gb
366 | forms
367 | www5
368 | wt
369 | abc
370 | weather
371 | zb
372 | smtp1
373 | maps
374 | x
375 | register
376 | design
377 | radio
378 | software
379 | china
380 | math
381 | open
382 | view
383 | fax
384 | event
385 | pm
386 | test1
387 | alpha
388 | irc
389 | sg
390 | cq
391 | ftp1
392 | idc
393 | labs
394 | da
395 | directory
396 | developer
397 | reg
398 | catalog
399 | rss
400 | wh
401 | sd
402 | tg
403 | bb
404 | digital
405 | hb
406 | house
407 | site
408 | conference
409 | rt
410 | temp
411 | fw
412 | tz
413 | tech
414 | education
415 | biz
416 | f
417 | gallery
418 | gh
419 | car
420 | dc
421 | agent
422 | mis
423 | eng
424 | flash
425 | cx
426 | pub
427 | ticket
428 | doc
429 | card
430 | account
431 | code
432 | promo
433 | net
434 | kb
435 | jk
436 | social
437 | sports
438 | ems
439 | tp
440 | public
441 | mm
442 | pms
443 | mrtg
444 | as
445 | jw
446 | corp
447 | tr
448 | investor
449 | dm
450 | sts
451 | th
452 | bi
453 | 123
454 | st
455 | br
456 | wp
457 | art
458 | shopping
459 | global
460 | money
461 | prod
462 | students
463 | cj
464 | iphone
465 | vps
466 | ag
467 | food
468 | sb
469 | ly
470 | local
471 | sj
472 | server1
473 | testing
474 | brand
475 | sy
476 | buy
477 | life
478 | groups
479 | nl
480 | tour
481 | lms
482 | pro
483 | bc
484 | rtx
485 | hao
486 | exam
487 | fb
488 | in
489 | ams
490 | msoid
491 | idp
492 | vod
493 | cm
494 | dk
495 | hs
496 | usa
497 | ww2
498 | jwc
499 | lp
500 | rsc
501 | jd
502 | cf
503 | rms
504 | ec
505 | jabber
506 | streaming
507 | webdev
508 | dms
509 | investors
510 | bookstore
511 | kr
512 | cd
513 | corporate
514 | mail4
515 | fz
516 | order
517 | transfer
518 | hotel
519 | work
520 | bt
521 | au
522 | pages
523 | sm
524 | client
525 | r
526 | y
527 | audio
528 | cz
529 | ci
530 | se
531 | potala
532 | ch
533 | webservices
534 | dy
535 | cvs
536 | ra
537 | apple
538 | barracuda
539 | ip
540 | ja
541 | mkt
542 | archives
543 | www0
544 | intra
545 | gate
546 | youth
547 | internal
548 | mailgw
549 | customer
550 | linux
551 | registration
552 | movie
553 | mailgate
554 | q
555 | xx
556 | mx3
557 | mars
558 | phone
559 | desktop
560 | ds
561 | zz
562 | love
563 | show
564 | nc
565 | redmine
566 | ce
567 | pl
568 | wireless
569 | inside
570 | fx
571 | mp
572 | hz
573 | listserv
574 | analytics
575 | ks
576 | redirect
577 | accounts
578 | report
579 | hermes
580 | ae
581 | mobi
582 | ps
583 | edge
584 | resources
585 | img1
586 | law
587 | pr
588 | international
589 | ml
590 | trac
591 | rd
592 | market
593 | mailer
594 | cert
595 | hg
596 | cl
597 | img2
598 | development
599 | gs
600 | google
601 | space
602 | www6
603 | gd
604 | post
605 | voip
606 | ac
607 | push
608 | m2
609 | sq
610 | fc
611 | ar
612 | asp
613 | dr
614 | seo
615 | mobil
616 | sync
617 | kf
618 | be
619 | about
620 | mail01
621 | sns
622 | board
623 | pc
624 | links
625 | jj
626 | history
627 | mailman
628 | campus
629 | mms
630 | storage
631 | ns0
632 | cdn2
633 | cacti
634 | hy
635 | enterprise
636 | noc
637 | ic
638 | cgi
639 | track
640 | world
641 | act
642 | wl
643 | product
644 | ls
645 | sf
646 | affiliates
647 | android
648 | payment
649 | n
650 | gz
651 | web3
652 | learning
653 | signup
654 | z
655 | tao
656 | top
657 | wifi
658 | yy
659 | password
660 | cw
661 | wm
662 | ess
663 | ex
664 | resource
665 | print
666 | gc
667 | w2
668 | canada
669 | cr
670 | mc
671 | 0
672 | me
673 | keys
674 | sentry
675 | smtp3
676 | journal
677 | mt
678 | team
679 | orion
680 | edi
681 | test3
682 | tc
683 | main
684 | zs
685 | faq
686 | click
687 | hub
688 | tu
689 | golf
690 | phoenix
691 | bd
692 | build
693 | free
694 | ee
695 | int
696 | cdn1
697 | v2
698 | sa
699 | pos
700 | fi
701 | router
702 | rc
703 | mirror
704 | tracker
705 | ct
706 | special
707 | cal
708 | ns6
709 | atlas
710 | ids
711 | affiliate
712 | nj
713 | tt
714 | nz
715 | db1
716 | bg
717 | mercury
718 | family
719 | courses
720 | ipv6
721 | jupiter
722 | no
723 | venus
724 | nb
725 | beijing
726 | summer
727 | ma
728 | yp
729 | ocs
730 | star
731 | traveler
732 | multimedia
733 | fm
734 | study
735 | lb
736 | up
737 | shanghai
738 | bk
739 | www7
740 | join
741 | tfs
742 | feed
743 | h
744 | ns01
745 | php
746 | stock
747 | km
748 | books
749 | eu
750 | md
751 | 2013
752 | whois
753 | sw
754 | mailserver
755 | mb
756 | tms
757 | monitoring
758 | ys
759 | ga
760 | radius
761 | group
762 | mtest
763 | j
764 | www8
765 | wb
766 | m1
767 | billing
768 | aaa
769 | pf
770 | products
771 | faculty
772 | em
773 | opac
774 | cis
775 | xmpp
776 | nanjing
777 | taobao
778 | zp
779 | teacher
780 | co
781 | contact
782 | nt
783 | ky
784 | qq
785 | mp3
786 | gps
787 | hn
788 | users
789 | gl
790 | domain
791 | newsroom
792 | dh
793 | csc
794 | repo
795 | zw
796 | ismart
797 | pp
798 | gg
799 | wms
800 | ims
801 | www9
802 | 2014
803 | solutions
804 | at
805 | bak
806 | sl
807 | cwc
808 | firewall
809 | wordpress
810 | school
811 | nms
812 | developers
813 | pki
814 | pe
815 | v2-ag
816 | devel
817 | hp
818 | titan
819 | pluto
820 | kids
821 | sport
822 | mail5
823 | server2
824 | nas
825 | xh
826 | ap
827 | red
828 | mas
829 | translate
830 | dealer
831 | ipad
832 | demo2
833 | 2012
834 | dns4
835 | hh
836 | green
837 | dz
838 | hybrid
839 | discover
840 | adserver
841 | japan
842 | mi
843 | xf
844 | zeus
845 | am
846 | people
847 | aa
848 | win
849 | sk
850 | db2
851 | jenkins
852 | xb
853 | oss
854 | sdc
855 | wc
856 | its
857 | dw
858 | yun
859 | acs
860 | asia
861 | daj
862 | webadmin
863 | crl
864 | ebook
865 | mag
866 | csg
867 | blue
868 | bank
869 | one
870 | o
871 | horizon
872 | orders
873 | apis


--------------------------------------------------------------------------------
/dict/nmap-services.txt:
--------------------------------------------------------------------------------
   1 | tcpmux;1/tcp;0.001995;# TCP Port Service Multiplexer [rfc-1078]
   2 | compressnet;2/tcp;0.000013;# Management Utility
   3 | compressnet;3/tcp;0.001242;# Compression Process
   4 | discard;9/tcp;0.003764;# sink null
   5 | systat;11/tcp;0.000075;# Active Users
   6 | qotd;17/tcp;0.002346;# Quote of the Day
   7 | chargen;19/tcp;0.002559;# ttytst source Character Generator
   8 | ftp-data;20/tcp;0.001079;# File Transfer [Default Data]
   9 | ftp;21/tcp;0.197667;# File Transfer [Control]
  10 | ssh;22/tcp;0.182286;# Secure Shell Login
  11 | priv-mail;24/tcp;0.001154;# any private mail system
  12 | smtp;25/tcp;0.131314;# Simple Mail Transfer
  13 | rsftp;26/tcp;0.007991;# RSFTP
  14 | nsw-fe;27/tcp;0.000138;# NSW User System FE
  15 | msg-icp;29/tcp;0.000025;# MSG ICP
  16 | msg-auth;31/tcp;0.000025;# MSG Authentication
  17 | dsp;33/tcp;0.001016;# Display Support Protocol
  18 | priv-print;35/tcp;0.000038;# any private printer server
  19 | time;37/tcp;0.003161;# timserver
  20 | rap;38/tcp;0.000025;# Route Access Protocol
  21 | nameserver;42/tcp;0.000803;# Host Name Server
  22 | whois;43/tcp;0.000314;# nicname
  23 | mpm-flags;44/tcp;0.000025;# MPM FLAGS Protocol
  24 | mpm;45/tcp;0.000050;# Message Processing Module [recv]
  25 | ni-ftp;47/tcp;0.000075;# NI FTP
  26 | auditd;48/tcp;0.000013;# Digital Audit Daemon
  27 | tacacs;49/tcp;0.000665;# Login Host Protocol (TACACS)
  28 | re-mail-ck;50/tcp;0.000050;# Remote Mail Checking Protocol
  29 | la-maint;51/tcp;0.000038;# IMP Logical Address Maintenance
  30 | xns-time;52/tcp;0.000063;# XNS Time Protocol
  31 | domain;53/tcp;0.048463;# Domain Name Server
  32 | xns-ch;54/tcp;0.000013;# XNS Clearinghouse
  33 | isi-gl;55/tcp;0.000125;# ISI Graphics Language
  34 | xns-auth;56/tcp;0.000013;# XNS Authentication
  35 | priv-term;57/tcp;0.000125;# any private terminal access
  36 | xns-mail;58/tcp;0.000025;# XNS Mail
  37 | priv-file;59/tcp;0.000088;# any private file service
  38 | tacacs-ds;65/tcp;0.000013;# TACACS-Database Service
  39 | sqlnet;66/tcp;0.000075;# Oracle SQL*NET
  40 | dhcps;67/tcp;0.000013;# DHCP/Bootstrap Protocol Server
  41 | dhcpc;68/tcp;0.000063;# DHCP/Bootstrap Protocol Client
  42 | tftp;69/tcp;0.000038;# Trivial File Transfer
  43 | netrjs-1;71/tcp;0.000025;# Remote Job Service
  44 | netrjs-2;72/tcp;0.000013;# Remote Job Service
  45 | netrjs-3;73/tcp;0.000025;# Remote Job Service
  46 | netrjs-4;74/tcp;0.000025;# Remote Job Service
  47 | priv-dial;75/tcp;0.000063;# any private dial out service
  48 | deos;76/tcp;0.000063;# Distributed External Object Store
  49 | priv-rje;77/tcp;0.000113;# any private RJE service, netrjs
  50 | http;80/tcp;0.484143;# World Wide Web HTTP
  51 | hosts2-ns;81/tcp;0.012056;# HOSTS2 Name Server
  52 | xfer;82/tcp;0.002923;# XFER Utility
  53 | mit-ml-dev;83/tcp;0.000539;# MIT ML Device
  54 | ctf;84/tcp;0.000276;# Common Trace Facility
  55 | mit-ml-dev;85/tcp;0.000690;# MIT ML Device
  56 | mfcobol;86/tcp;0.000138;# Micro Focus Cobol
  57 | priv-term-l;87/tcp;0.000125;# any private terminal link, ttylink
  58 | kerberos-sec;88/tcp;0.006072;# Kerberos (v5)
  59 | su-mit-tg;89/tcp;0.000376;# SU/MIT Telnet Gateway
  60 | dnsix;90/tcp;0.000652;# DNSIX Securit Attribute Token Map
  61 | mit-dov;91/tcp;0.000063;# MIT Dover Spooler
  62 | npp;92/tcp;0.000050;# Network Printing Protocol
  63 | dcp;93/tcp;0.000025;# Device Control Protocol
  64 | objcall;94/tcp;0.000025;# Tivoli Object Dispatcher
  65 | supdup;95/tcp;0.000025;# BSD supdupd(8)
  66 | dixie;96/tcp;0.000013;# DIXIE Protocol Specification
  67 | swift-rvf;97/tcp;0.000038;# Swift Remote Virtural File Protocol
  68 | metagram;99/tcp;0.000326;# Metagram Relay
  69 | newacct;100/tcp;0.002133;# [unauthorized use]
  70 | hostname;101/tcp;0.000063;# hostnames NIC Host Name Server
  71 | iso-tsap;102/tcp;0.000138;# tsap ISO-TSAP Class 0
  72 | gppitnp;103/tcp;0.000038;# Genesis Point-to-Point Trans Net, or x400 ISO Email
  73 | acr-nema;104/tcp;0.000063;# ACR-NEMA Digital Imag. & Comm. 300
  74 | pop3pw;106/tcp;0.005934;# Eudora compatible PW changer
  75 | snagas;108/tcp;0.000013;# SNA Gateway Access Server
  76 | pop2;109/tcp;0.000188;# PostOffice V.2
  77 | pop3;110/tcp;0.077142;# PostOffice V.3
  78 | rpcbind;111/tcp;0.030034;# portmapper, rpcbind
  79 | mcidas;112/tcp;0.000050;# McIDAS Data Transmission Protocol
  80 | ident;113/tcp;0.012370;# ident, tap, Authentication Service
  81 | audionews;114/tcp;0.000025;# Audio News Multicast
  82 | sftp;115/tcp;0.000025;# Simple File Transfer Protocol
  83 | ansanotify;116/tcp;0.000013;# ANSA REX Notify
  84 | uucp-path;117/tcp;0.000013;# UUCP Path Service
  85 | sqlserv;118/tcp;0.000025;# SQL Services
  86 | nntp;119/tcp;0.003262;# Network News Transfer Protocol
  87 | ntp;123/tcp;0.000138;# Network Time Protocol
  88 | ansatrader;124/tcp;0.000013;# ANSA REX Trader
  89 | locus-map;125/tcp;0.000176;# Locus PC-Interface Net Map Ser
  90 | locus-con;127/tcp;0.000113;# Locus PC-Interface Conn Server
  91 | gss-xlicen;128/tcp;0.000013;# GSS X License Verification
  92 | pwdgen;129/tcp;0.000025;# Password Generator Protocol
  93 | cisco-fna;130/tcp;0.000013;# cisco FNATIVE
  94 | cisco-sys;132/tcp;0.000013;# cisco SYSMAINT
  95 | statsrv;133/tcp;0.000025;# Statistics Service
  96 | msrpc;135/tcp;0.047798;# Microsoft RPC services
  97 | profile;136/tcp;0.000025;# PROFILE Naming System
  98 | netbios-ns;137/tcp;0.000038;# NETBIOS Name Service
  99 | netbios-dgm;138/tcp;0.000025;# NETBIOS Datagram Service
 100 | netbios-ssn;139/tcp;0.050809;# NETBIOS Session Service
 101 | emfis-cntl;141/tcp;0.000013;# EMFIS Control Service
 102 | bl-idm;142/tcp;0.000013;# Britton-Lee IDM
 103 | imap;143/tcp;0.050420;# Interim Mail Access Protocol v2
 104 | news;144/tcp;0.004981;# NewS window system
 105 | cronus;148/tcp;0.000013;# CRONUS-SUPPORT
 106 | aed-512;149/tcp;0.000013;# AED 512 Emulation Service
 107 | knet-cmp;157/tcp;0.000113;# KNET/VM Command/Message Protocol
 108 | pcmail-srv;158/tcp;0.000063;# PCMail Server
 109 | snmptrap;162/tcp;0.000013;# snmp-trap
 110 | cmip-man;163/tcp;0.000590;# CMIP/TCP Manager
 111 | xdmcp;177/tcp;0.000025;# X Display Mgr. Control Proto
 112 | bgp;179/tcp;0.010538;# Border Gateway Protocol
 113 | ris;180/tcp;0.000038;# Intergraph
 114 | audit;182/tcp;0.000038;# Unisys Audit SITP
 115 | qft;189/tcp;0.000013;# Queued File Transport
 116 | gacp;190/tcp;0.000013;# Gateway Access Control Protocol
 117 | prospero;191/tcp;0.000013;# Prospero Directory Service
 118 | osu-nms;192/tcp;0.000013;# OSU Network Monitoring System
 119 | srmp;193/tcp;0.000025;# Spider Remote Monitoring Protocol
 120 | irc;194/tcp;0.000038;# Internet Relay Chat
 121 | dn6-smm-red;196/tcp;0.000025;# DNSIX Session Mgt Module Audit Redir
 122 | smux;199/tcp;0.015945;# SNMP Unix Multiplexer
 123 | src;200/tcp;0.000025;# IBM System Resource Controller
 124 | at-rtmp;201/tcp;0.000038;# AppleTalk Routing Maintenance
 125 | at-nbp;202/tcp;0.000025;# AppleTalk Name Binding
 126 | at-echo;204/tcp;0.000025;# AppleTalk Echo
 127 | at-5;205/tcp;0.000013;# AppleTalk Unused
 128 | at-zis;206/tcp;0.000025;# AppleTalk Zone Information
 129 | tam;209/tcp;0.000013;# Trivial Authenticated Mail Protocol
 130 | z39.50;210/tcp;0.000125;# wais, ANSI Z39.50
 131 | 914c-g;211/tcp;0.000427;# Texas Instruments 914C/G Terminal
 132 | anet;212/tcp;0.000364;# ATEXSSTR
 133 | atls;216/tcp;0.000013;# Access Technology License Server
 134 | dbase;217/tcp;0.000013;# dBASE Unix
 135 | uarps;219/tcp;0.000063;# Unisys ARPs
 136 | imap3;220/tcp;0.000113;# Interactive Mail Access Protocol v3
 137 | fln-spx;221/tcp;0.000050;# Berkeley rlogind with SPX auth
 138 | rsh-spx;222/tcp;0.000941;# Berkeley rshd with SPX auth
 139 | cdc;223/tcp;0.000125;# Certificate Distribution Center
 140 | fw1-secureremote;256/tcp;0.000163;# also "rap"
 141 | fw1-mc-fwmodule;257/tcp;0.000100;# FW1 management console for communication w/modules and also secure electronic transaction (set) port
 142 | fw1-mc-gui;258/tcp;0.000013;# also yak winsock personal chat
 143 | esro-gen;259/tcp;0.000201;# efficient short remote operations
 144 | nsiiops;261/tcp;0.000025;# iiop name service over tls/ssl
 145 | td-service;267/tcp;0.000013;# Tobit David Service Layer
 146 | td-replica;268/tcp;0.000050;# Tobit David Replica
 147 | novastorbakcup;308/tcp;0.000025;# novastor backup
 148 | asip-webadmin;311/tcp;0.001857;# appleshare ip webadmin
 149 | rtsps;322/tcp;0.000013;# RTSPS
 150 | texar;333/tcp;0.000113;# Texar Security Port
 151 | zserv;346/tcp;0.000013;# Zebra server
 152 | matip-type-a;350/tcp;0.000025;# MATIP Type A
 153 | matip-type-b;351/tcp;0.000013;# MATIP Type B or bhoetty also safetp
 154 | dtag-ste-sb;352/tcp;0.000013;# DTAG, or bhoedap4
 155 | srssend;362/tcp;0.000025;# SRS Send
 156 | legent-1;373/tcp;0.000013;# Legent Corporation (now Computer Associates Intl.)
 157 | is99s;380/tcp;0.000013;# TIA/EIA/IS-99 modem server
 158 | hp-alarm-mgr;383/tcp;0.000013;# hp performance data alarm manager
 159 | unidata-ldm;388/tcp;0.000088;# Unidata LDM Version 4
 160 | ldap;389/tcp;0.004717;# Lightweight Directory Access Protocol
 161 | synotics-relay;391/tcp;0.000013;# SynOptics SNMP Relay Port
 162 | synotics-broker;392/tcp;0.000013;# SynOptics Port Broker Port
 163 | mptn;397/tcp;0.000025;# Multi Protocol Trans. Net.
 164 | iso-tsap-c2;399/tcp;0.000025;# ISO-TSAP Class 2
 165 | work-sol;400/tcp;0.000075;# Workstation Solutions
 166 | ups;401/tcp;0.000025;# Uninterruptible Power Supply
 167 | genie;402/tcp;0.000038;# Genie Protocol
 168 | imsp;406/tcp;0.000163;# Interactive Mail Support Protocol
 169 | prm-sm;408/tcp;0.000013;# Prospero Resource Manager Sys. Man.
 170 | decladebug;410/tcp;0.000025;# DECLadebug Remote Debug Protocol
 171 | rmt;411/tcp;0.000088;# Remote MT Protocol
 172 | synoptics-trap;412/tcp;0.000025;# Trap Convention Port
 173 | onmux;417/tcp;0.000226;# Meeting maker
 174 | opc-job-start;423/tcp;0.000013;# IBM Operations Planning and Control Start
 175 | svrloc;427/tcp;0.005382;# Server Location
 176 | https;443/tcp;0.208669;# secure http (SSL)
 177 | snpp;444/tcp;0.004466;# Simple Network Paging Protocol
 178 | microsoft-ds;445/tcp;0.056944;# SMB directly over IP
 179 | ddm-ssl;448/tcp;0.000050;# ddm-byte
 180 | as-servermap;449/tcp;0.000063;# AS Server Mapper
 181 | sfs-smp-net;451/tcp;0.000013;# Cray Network Semaphore server
 182 | sfs-config;452/tcp;0.000013;# Cray SFS config server
 183 | appleqtc;458/tcp;0.000314;# apple quick time
 184 | kpasswd5;464/tcp;0.001192;# Kerberos (v5)
 185 | smtps;465/tcp;0.013888;# smtp protocol over TLS/SSL (was ssmtp)
 186 | powerburst;485/tcp;0.000013;# Air Soft Power Burst
 187 | saft;487/tcp;0.000013;# saft Simple Asynchronous File Transfer
 188 | ticf-1;492/tcp;0.000050;# Transport Independent Convergence for FNA
 189 | ticf-2;493/tcp;0.000025;# Transport Independent Convergence for FNA
 190 | fcp;510/tcp;0.000063;# FirstClass Protocol
 191 | exec;512/tcp;0.000841;# BSD rexecd(8)
 192 | login;513/tcp;0.005595;# BSD rlogind(8)
 193 | shell;514/tcp;0.011078;# BSD rshd(8)
 194 | printer;515/tcp;0.007214;# spooler (lpd)
 195 | ntalk;518/tcp;0.000013;# (talkd)
 196 | timed;525/tcp;0.000063;# timeserver
 197 | tempo;526/tcp;0.000013;# newdate
 198 | custix;528/tcp;0.000013;# Customer IXChange
 199 | courier;530/tcp;0.000013;# rpc
 200 | netwall;533/tcp;0.000013;# for emergency broadcasts
 201 | uucp;540/tcp;0.000138;# uucpd
 202 | klogin;543/tcp;0.005282;# Kerberos (v4/v5)
 203 | kshell;544/tcp;0.005269;# krcmd Kerberos (v4/v5)
 204 | ekshell;545/tcp;0.000276;# Kerberos encrypted remote shell -kfall
 205 | afp;548/tcp;0.012395;# AFP over TCP
 206 | rtsp;554/tcp;0.008104;# Real Time Stream Control Protocol
 207 | remotefs;556/tcp;0.000125;# rfs, rfs_server, Brunhoff remote filesystem
 208 | rmonitor;560/tcp;0.000038;# rmonitord
 209 | 9pfs;564/tcp;0.000013;# plan 9 file service
 210 | ms-shuttle;568/tcp;0.000025;# Microsoft shuttle
 211 | ms-rome;569/tcp;0.000013;# Microsoft rome
 212 | meter;570/tcp;0.000013;# demon
 213 | umeter;571/tcp;0.000013;# udemon
 214 | philips-vc;583/tcp;0.000013;# Philips Video-Conferencing
 215 | http-alt;591/tcp;0.000075;# FileMaker, Inc. - HTTP Alternate
 216 | http-rpc-epmap;593/tcp;0.001242;# HTTP RPC Ep Map
 217 | sco-websrvrmg3;598/tcp;0.000013;# SCO Web Server Manager 3
 218 | acp;599/tcp;0.000013;# Aeolon Core Protocol
 219 | ipcserver;600/tcp;0.000100;# Sun IPC server
 220 | syslog-conn;601/tcp;0.000025;# Reliable Syslog Service
 221 | xmlrpc-beep;602/tcp;0.000100;# XML-RPC over BEEP
 222 | mnotes;603/tcp;0.000063;# CommonTime Mnotes PDA Synchronization
 223 | tunnel;604/tcp;0.000025;# TUNNEL
 224 | soap-beep;605/tcp;0.000050;# SOAP over BEEP
 225 | urm;606/tcp;0.000088;# Cray Unified Resource Manager
 226 | sift-uft;608/tcp;0.000025;# Sender-Initiated/Unsolicited File Transfer
 227 | hmmp-ind;612/tcp;0.000013;# HMMP Indication
 228 | hmmp-op;613/tcp;0.000013;# HMMP Operation
 229 | sshell;614/tcp;0.000013;# SSLshell
 230 | sco-inetmgr;615/tcp;0.000063;# Internet Configuration Manager
 231 | sco-sysmgr;616/tcp;0.000289;# SCO System Administration Server
 232 | sco-dtmgr;617/tcp;0.000226;# SCO Desktop Administration Server or Arkeia (www.arkeia.com) backup software
 233 | dei-icda;618/tcp;0.000013;# DEI-ICDA
 234 | compaq-evm;619/tcp;0.000025;# Compaq EVM
 235 | sco-websrvrmgr;620/tcp;0.000063;# SCO WebServer Manager
 236 | escp-ip;621/tcp;0.000088;# ESCP
 237 | collaborator;622/tcp;0.000038;# Collaborator
 238 | oob-ws-http;623/tcp;0.000151;# DMTF out-of-band web services management protocol
 239 | cryptoadmin;624/tcp;0.000038;# Crypto Admin
 240 | apple-xsrvr-admin;625/tcp;0.001869;# Apple Mac Xserver admin
 241 | apple-imap-admin;626/tcp;0.000025;# Apple IMAP mail admin
 242 | passgo-tivoli;627/tcp;0.000050;# PassGo Tivoli
 243 | qmqp;628/tcp;0.000038;# Qmail Quick Mail Queueing
 244 | 3com-amp3;629/tcp;0.000063;# 3Com AMP3
 245 | rda;630/tcp;0.000050;# RDA
 246 | ipp;631/tcp;0.006160;# Internet Printing Protocol -- for one implementation see http://www.cups.org (Common UNIX Printing System)
 247 | servstat;633/tcp;0.000038;# Service Status update (Sterling Software)
 248 | rlzdbase;635/tcp;0.000075;# RLZ DBase
 249 | ldapssl;636/tcp;0.002083;# LDAP over SSL
 250 | msdp;639/tcp;0.000151;# MSDP
 251 | esro-emsdp;642/tcp;0.000075;# ESRO-EMSDP V1.3
 252 | sanity;643/tcp;0.000013;# SANity
 253 | pssc;645/tcp;0.000025;# PSSC
 254 | ldp;646/tcp;0.006549;# Label Distribution
 255 | dhcp-failover;647/tcp;0.000050;# DHCP Failover
 256 | rrp;648/tcp;0.000577;# Registry Registrar Protocol (RRP)
 257 | cadview-3d;649/tcp;0.000063;# Cadview-3d - streaming 3d models over the internet
 258 | ieee-mms;651/tcp;0.000050;# IEEE MMS
 259 | hello-port;652/tcp;0.000013;# HELLO_PORT
 260 | repscmd;653/tcp;0.000063;# RepCmd
 261 | aodv;654/tcp;0.000038;# AODV
 262 | tinc;655/tcp;0.000100;# TINC
 263 | spmp;656/tcp;0.000038;# SPMP
 264 | rmc;657/tcp;0.000113;# RMC
 265 | tenfold;658/tcp;0.000050;# TenFold
 266 | mac-srvr-admin;660/tcp;0.000100;# MacOS Server Admin
 267 | hap;661/tcp;0.000050;# HAP
 268 | pftp;662/tcp;0.000013;# PFTP
 269 | purenoise;663/tcp;0.000050;# PureNoise
 270 | sun-dr;665/tcp;0.000063;# Sun DR
 271 | doom;666/tcp;0.000289;# Id Software Doom
 272 | disclose;667/tcp;0.000238;# campaign contribution disclosures - SDR Technologies
 273 | mecomm;668/tcp;0.000213;# MeComm
 274 | meregister;669/tcp;0.000088;# MeRegister
 275 | vacdsm-sws;670/tcp;0.000038;# VACDSM-SWS
 276 | vpps-qua;672/tcp;0.000025;# VPPS-QUA
 277 | cimplex;673/tcp;0.000050;# CIMPLEX
 278 | acap;674/tcp;0.000113;# ACAP server of Communigate (www.stalker.com)
 279 | dctp;675/tcp;0.000038;# DCTP
 280 | vpps-via;676/tcp;0.000038;# VPPS Via
 281 | vpp;677/tcp;0.000025;# Virtual Presence Protocol
 282 | ggf-ncp;678/tcp;0.000075;# GNU Generation Foundation NCP
 283 | xfr;682/tcp;0.000063;# XFR
 284 | corba-iiop-ssl;684/tcp;0.000113;# CORBA IIOP SSL
 285 | mdc-portmapper;685/tcp;0.000038;# MDC Port Mapper
 286 | hcp-wismar;686/tcp;0.000025;# Hardware Control Protocol Wismar
 287 | realm-rusd;688/tcp;0.000025;# ApplianceWare managment protocol
 288 | nmap;689/tcp;0.000038;# NMAP
 289 | vatp;690/tcp;0.000088;# Velazquez Application Transfer Protocol
 290 | resvc;691/tcp;0.000376;# The Microsoft Exchange 2000 Server Routing Service
 291 | hyperwave-isp;692/tcp;0.000038;# Hyperwave-ISP
 292 | ieee-mms-ssl;695/tcp;0.000063;# IEEE-MMS-SSL
 293 | rushd;696/tcp;0.000050;# RUSHD
 294 | uuidgen;697/tcp;0.000025;# UUIDGEN
 295 | olsr;698/tcp;0.000025;# OLSR
 296 | accessnetwork;699/tcp;0.000025;# Access Network
 297 | epp;700/tcp;0.000289;# Extensible Provisioning Protocol
 298 | lmp;701/tcp;0.000151;# Link Management Protocol (LMP)
 299 | iris-beep;702/tcp;0.000050;# IRIS over BEEP
 300 | elcsd;704/tcp;0.000038;# errlog copy/server daemon
 301 | agentx;705/tcp;0.000414;# AgentX
 302 | silc;706/tcp;0.000075;# Secure Internet Live Conferencing -- http://silcnet.org
 303 | borland-dsj;707/tcp;0.000063;# Borland DSJ
 304 | entrustmanager;709/tcp;0.000125;# EntrustManager - NorTel DES auth network see 389/tcp
 305 | entrustmanager;709/udp;0.000741;# EntrustManager - NorTel DES auth network see 389/tcp
 306 | entrust-ash;710/tcp;0.000151;# Entrust Administration Service Handler
 307 | cisco-tdp;711/tcp;0.000401;# Cisco TDP
 308 | tbrpf;712/tcp;0.000025;# TBRPF
 309 | iris-xpc;713/tcp;0.000125;# IRIS over XPC
 310 | iris-xpcs;714/tcp;0.000226;# IRIS over XPCS
 311 | iris-lwz;715/tcp;0.000088;# IRIS-LWZ
 312 | omfs;723/tcp;0.000038;# OpenMosix File System
 313 | netviewdm1;729/tcp;0.000100;# IBM NetView DM/6000 Server/Client
 314 | netviewdm2;730/tcp;0.000100;# IBM NetView DM/6000 send/tcp
 315 | netviewdm2;730/udp;0.000758;# IBM NetView DM/6000 send/tcp
 316 | netviewdm3;731/tcp;0.000100;# IBM NetView DM/6000 receive/tcp
 317 | netviewdm3;731/udp;0.000741;# IBM NetView DM/6000 receive/tcp
 318 | netcp;740/tcp;0.000088;# NETscout Control Protocol
 319 | netrcs;742/tcp;0.000013;# Network based Rev. Cont. Sys.
 320 | flexlm;744/tcp;0.000013;# Flexible License Manager
 321 | fujitsu-dev;747/tcp;0.000025;# Fujitsu Device Control
 322 | ris-cm;748/tcp;0.000113;# Russell Info Sci Calendar Manager
 323 | kerberos-adm;749/tcp;0.000326;# Kerberos 5 admin/changepw
 324 | kerberos;750/tcp;0.000063;# kdc Kerberos (v4)
 325 | kerberos_master;751/tcp;0.000038;# Kerberos `kadmin' (v4)
 326 | krb_prop;754/tcp;0.000088;# kerberos/v5 server propagation
 327 | krbupdate;760/tcp;0.000050;# kreg Kerberos (v4) registration
 328 | kpasswd;761/tcp;0.000050;# kpwd Kerberos (v4) "passwd"
 329 | phonebook;767/tcp;0.000013;# phone
 330 | multiling-http;777/tcp;0.000226;# Multiling HTTP
 331 | hp-collector;781/tcp;0.000013;# hp performance data collector
 332 | hp-managed-node;782/tcp;0.000100;# hp performance data managed node
 333 | spamassassin;783/tcp;0.000163;# Apache SpamAssassin spamd
 334 | controlit;799/tcp;0.000038;# Remotely possible
 335 | ccproxy-http;808/tcp;0.002296;# CCProxy HTTP/Gopher/FTP (over HTTP) proxy
 336 | fcp-udp;810/tcp;0.000063;# FCP
 337 | pkix-3-ca-ra;829/tcp;0.000125;# PKIX-3 CA/RA
 338 | netconf-ssh;830/tcp;0.000075;# NETCONF over SSH
 339 | netconf-beep;831/tcp;0.000050;# NETCONF over BEEP
 340 | netconfsoaphttp;832/tcp;0.000038;# NETCONF for SOAP over HTTPS
 341 | netconfsoapbeep;833/tcp;0.000063;# NETCONF for SOAP over BEEP
 342 | dhcp-failover2;847/tcp;0.000063;# dhcp-failover 2
 343 | gdoi;848/tcp;0.000025;# GDOI
 344 | iscsi;860/tcp;0.000063;# iSCSI
 345 | owamp-control;861/tcp;0.000063;# OWAMP-Control
 346 | twamp-control;862/tcp;0.000100;# Two-way Active Measurement Protocol (TWAMP) Control
 347 | supfilesrv;871/tcp;0.000025;# SUP server
 348 | rsync;873/tcp;0.003400;# Rsync server ( http://rsync.samba.org )
 349 | iclcnet-locate;886/tcp;0.000038;# ICL coNETion locate server
 350 | iclcnet_svinfo;887/tcp;0.000025;# ICL coNETion server info
 351 | accessbuilder;888/tcp;0.000928;# or Audio CD Database
 352 | sun-manageconsole;898/tcp;0.000339;# Solaris Management Console Java listener (Solaris 8 & 9)
 353 | omginitialrefs;900/tcp;0.000452;# OMG Initial Refs
 354 | samba-swat;901/tcp;0.000552;# Samba SWAT tool.  Also used by ISS RealSecure.
 355 | iss-realsecure;902/tcp;0.001468;# ISS RealSecure Sensor
 356 | iss-console-mgr;903/tcp;0.000176;# ISS Console Manager
 357 | kink;910/tcp;0.000013;# Kerberized Internet Negotiation of Keys (KINK)
 358 | apex-mesh;912/tcp;0.000527;# APEX relay-relay service
 359 | apex-edge;913/tcp;0.000151;# APEX endpoint-relay service
 360 | oftep-rpc;950/tcp;0.000050;# Often RPC.statd (on Redhat Linux)
 361 | rndc;953/tcp;0.000138;# RNDC is used by BIND 9 (& probably other NS)
 362 | ftps-data;989/tcp;0.000063;# ftp protocol, data, over TLS/SSL
 363 | ftps;990/tcp;0.005570;# ftp protocol, control, over TLS/SSL
 364 | nas;991/tcp;0.000038;# Netnews Administration System
 365 | telnets;992/tcp;0.000903;# telnet protocol over TLS/SSL
 366 | imaps;993/tcp;0.027199;# imap4 protocol over TLS/SSL
 367 | ircs;994/tcp;0.000038;# irc protocol over TLS/SSL
 368 | pop3s;995/tcp;0.029921;# POP3 protocol over TLS/SSL
 369 | xtreelic;996/tcp;0.000100;# XTREE License Server
 370 | windows-icfw;1002/tcp;0.000690;# Windows Internet Connection Firewall or Internet Locator Server for NetMeeting.
 371 | ufsd;1008/tcp;0.000125;# ufsd;;# UFS-aware server
 372 | exp1;1021/tcp;0.000301;# RFC3692-style Experiment 1 (*)    [RFC4727]
 373 | exp2;1022/tcp;0.001217;# RFC3692-style Experiment 2 (*)    [RFC4727]
 374 | netvenuechat;1023/tcp;0.000953;# Nortel NetVenue Notification, Chat, Intercom
 375 | kdm;1024/tcp;0.002722;# K Display Manager (KDE version of xdm)
 376 | NFS-or-IIS;1025/tcp;0.022406;# IIS, NFS, or listener RFS remote_file_sharing
 377 | LSA-or-nterm;1026/tcp;0.010237;# nterm remote_login network_terminal
 378 | iad1;1030/tcp;0.002860;# BBN IAD
 379 | iad2;1031/tcp;0.002221;# BBN IAD
 380 | iad3;1032/tcp;0.001719;# BBN IAD
 381 | netinfo;1033/tcp;0.001342;# Netinfo is apparently on many OS X boxes.
 382 | zincite-a;1034/tcp;0.001064;# Zincite.A backdoor
 383 | multidropper;1035/tcp;0.001216;# A Multidropper Adware, or PhoneFree
 384 | nsstp;1036/tcp;0.001216;# Nebula Secure Segment Transfer Protocol
 385 | ams;1037/tcp;0.001216;# AMS
 386 | mtqp;1038/tcp;0.002053;# Message Tracking Query Protocol
 387 | sbl;1039/tcp;0.002129;# Streamlined Blackhole
 388 | netsaint;1040/tcp;0.001342;# Netsaint status daemon
 389 | danf-ak2;1041/tcp;0.002433;# AK2 Product
 390 | afrog;1042/tcp;0.000988;# Subnet Roaming
 391 | boinc;1043/tcp;0.000841;# BOINC Client Control or Microsoft IIS
 392 | dcutility;1044/tcp;0.002205;# Dev Consortium Utility
 393 | fpitp;1045/tcp;0.000380;# Fingerprint Image Transfer Protocol
 394 | wfremotertm;1046/tcp;0.000380;# WebFilter Remote Monitor
 395 | neod1;1047/tcp;0.000760;# Sun's NEO Object Request Broker
 396 | neod2;1048/tcp;0.002357;# Sun's NEO Object Request Broker
 397 | td-postman;1049/tcp;0.002357;# Tobit David Postman VPMN
 398 | java-or-OTGfileshare;1050/tcp;0.001669;# J2EE nameserver, also OTG, also called Disk/Application extender. Could also be MiniCommand backdoor OTGlicenseserv
 399 | ddt;1052/tcp;0.000760;# Dynamic DNS tools
 400 | remote-as;1053/tcp;0.002357;# Remote Assistant (RA)
 401 | brvread;1054/tcp;0.002357;# BRVREAD
 402 | vfo;1056/tcp;0.002357;# VFO
 403 | startron;1057/tcp;0.000380;# STARTRON
 404 | kiosk;1061/tcp;0.000380;# KIOSK
 405 | kyoceranetdev;1063/tcp;0.000380;# KyoceraNetDev
 406 | jstel;1064/tcp;0.002357;# JSTEL
 407 | syscomlan;1065/tcp;0.002357;# SYSCOMLAN
 408 | instl_boots;1067/tcp;0.000728;# Installation Bootstrap Proto. Serv.
 409 | instl_bootc;1068/tcp;0.000941;# Installation Bootstrap Proto. Cli.
 410 | gmrupdateserv;1070/tcp;0.000380;# GMRUpdateSERV
 411 | bsquare-voip;1071/tcp;0.002205;# BSQUARE-VOIP
 412 | cardax;1072/tcp;0.000380;# CARDAX
 413 | bridgecontrol;1073/tcp;0.000380;# Bridge Control
 414 | warmspotMgmt;1074/tcp;0.001216;# Warmspot Management Protocol
 415 | rdrmshc;1075/tcp;0.000380;# RDRMSHC
 416 | sns_credit;1076/tcp;0.000213;# Shared Network Services (SNS) for Canadian credit card authorizations
 417 | imgames;1077/tcp;0.000380;# IMGames
 418 | avocent-proxy;1078/tcp;0.000380;# Avocent Proxy Protocol
 419 | asprovatalk;1079/tcp;0.000380;# ASPROVATalk
 420 | pvuniwien;1081/tcp;0.000380;# PVUNIWIEN
 421 | amt-esd-prot;1082/tcp;0.000380;# AMT-ESD-PROT
 422 | ansoft-lm-1;1083/tcp;0.000427;# Anasoft License Manager
 423 | ansoft-lm-2;1084/tcp;0.000263;# Anasoft License Manager
 424 | webobjects;1085/tcp;0.000380;# Web Objects
 425 | cplscrambler-lg;1086/tcp;0.000456;# CPL Scrambler Logging
 426 | cplscrambler-in;1087/tcp;0.000304;# CPL Scrambler Internal
 427 | cplscrambler-al;1088/tcp;0.000456;# CPL Scrambler Alarm Log
 428 | ff-annunc;1089/tcp;0.000304;# FF Annunciation
 429 | ff-fms;1090/tcp;0.000228;# FF Fieldbus Message Specification
 430 | ff-sm;1091/tcp;0.000228;# FF System Management
 431 | obrpd;1092/tcp;0.000152;# Open Business Reporting Protocol
 432 | proofd;1093/tcp;0.000380;# PROOFD
 433 | rootd;1094/tcp;0.000380;# ROOTD
 434 | nicelink;1095/tcp;0.000152;# NICELink
 435 | cnrprotocol;1096/tcp;0.000380;# Common Name Resolution Protocol
 436 | sunclustermgr;1097/tcp;0.000456;# Sun Cluster Manager
 437 | rmiactivation;1098/tcp;0.000380;# RMI Activation
 438 | rmiregistry;1099/tcp;0.000380;# RMI Registry
 439 | mctp;1100/tcp;0.000380;# MCTP
 440 | pt2-discover;1101/tcp;0.000076;# PT2-DISCOVER
 441 | adobeserver-1;1102/tcp;0.000152;# ADOBE SERVER 1
 442 | xaudio;1103/tcp;0.000151;# Xaserver;# X Audio Server
 443 | xrl;1104/tcp;0.000380;# XRL
 444 | ftranhc;1105/tcp;0.000152;# FTRANHC
 445 | isoipsigport-1;1106/tcp;0.000380;# ISOIPSIGPORT-1
 446 | isoipsigport-2;1107/tcp;0.000380;# ISOIPSIGPORT-2
 447 | kpop;1109/tcp;0.000151;# Pop with Kerberos
 448 | nfsd-status;1110/tcp;0.005809;# Cluster status info
 449 | lmsocialserver;1111/tcp;0.001140;# LM Social Server
 450 | msql;1112/tcp;0.000276;# mini-sql server
 451 | ltp-deepspace;1113/tcp;0.000152;# Licklider Transmission Protocol
 452 | mini-sql;1114/tcp;0.000228;# Mini SQL
 453 | ardus-cntl;1116/tcp;0.000076;# ARDUS Control
 454 | ardus-mtrns;1117/tcp;0.000228;# ARDUS Multicast Transfer
 455 | sacred;1118/tcp;0.000076;# SACRED
 456 | bnetgame;1119/tcp;0.000228;# Battle.net Chat/Game Protocol
 457 | rmpp;1121/tcp;0.000152;# Datalode RMPP
 458 | murray;1123/tcp;0.000152;# Murray
 459 | hpvmmcontrol;1124/tcp;0.000304;# HP VMM Control
 460 | hpvmmagent;1125/tcp;0.000076;# HP VMM Agent
 461 | hpvmmdata;1126/tcp;0.000152;# HP VMM Agent
 462 | supfiledbg;1127/tcp;0.000088;# SUP debugging
 463 | saphostctrl;1128/tcp;0.000076;# SAPHostControl over SOAP/HTTP
 464 | casp;1130/tcp;0.000152;# CAC App Service Protocol
 465 | caspssl;1131/tcp;0.000228;# CAC App Service Protocol Encripted
 466 | kvm-via-ip;1132/tcp;0.000152;# KVM-via-IP Management Service
 467 | aplx;1134/tcp;0.000076;# MicroAPL APLX
 468 | omnivision;1135/tcp;0.000076;# OmniVision Communication Service
 469 | hhb-gateway;1136/tcp;0.000076;# HHB Gateway Control
 470 | trim;1137/tcp;0.000152;# TRIM Workgroup Service
 471 | encrypted_admin;1138/tcp;0.000228;# encrypted admin requests
 472 | cce3x;1139/tcp;0.000063;# ClearCommerce Engine 3.x ( www.clearcommerce.com)
 473 | mxomss;1141/tcp;0.000152;# User Message Service
 474 | imyx;1143/tcp;0.000076;# Infomatryx Exchange
 475 | fuscript;1144/tcp;0.000076;# Fusion Script
 476 | x9-icue;1145/tcp;0.000152;# X9 iCue Show Control
 477 | capioverlan;1147/tcp;0.000152;# CAPIoverLAN
 478 | elfiq-repl;1148/tcp;0.000380;# Elfiq Replication Service
 479 | bvtsonar;1149/tcp;0.000152;# BVT Sonar Service
 480 | blaze;1150/tcp;0.000076;# Blaze File Server
 481 | unizensus;1151/tcp;0.000228;# Unizensus Login Server
 482 | winpoplanmess;1152/tcp;0.000304;# Winpopup LAN Messenger
 483 | c1222-acse;1153/tcp;0.000076;# ANSI C12.22 Port
 484 | resacommunity;1154/tcp;0.000152;# Community Service
 485 | iascontrol-oms;1156/tcp;0.000076;# iasControl OMS
 486 | iascontrol;1157/tcp;0.000076;# Oracle iASControl
 487 | lsnr;1158/tcp;0.000138;# Oracle DB listener
 488 | oracle-oms;1159/tcp;0.000076;# Oracle OMS
 489 | health-trap;1162/tcp;0.000076;# Health Trap
 490 | sddp;1163/tcp;0.000152;# SmartDialer Data Protocol
 491 | qsm-proxy;1164/tcp;0.000152;# QSM Proxy Service
 492 | qsm-gui;1165/tcp;0.000152;# QSM GUI Service
 493 | qsm-remote;1166/tcp;0.000152;# QSM RemoteExec
 494 | cisco-ipsla;1167/tcp;0.000076;# Cisco IP SLAs Control Protocol
 495 | vchat;1168/tcp;0.000076;# VChat Conference Service
 496 | tripwire;1169/tcp;0.000380;# TRIPWIRE
 497 | d-cinema-rrp;1173/tcp;0.000076;# D-Cinema Request-Response
 498 | fnet-remote-ui;1174/tcp;0.000152;# FlashNet Remote Admin
 499 | dossier;1175/tcp;0.000228;# Dossier Server
 500 | indigo-server;1176/tcp;0.000076;# Indigo Home Server
 501 | skkserv;1178/tcp;0.000050;# SKK (kanji input)
 502 | b2n;1179/tcp;0.000076;# Backup To Neighbor
 503 | mc-client;1180/tcp;0.000076;# Millicent Client Proxy
 504 | accelenet;1182/tcp;0.000076;# AcceleNet Control
 505 | llsurfup-http;1183/tcp;0.000304;# LL Surfup HTTP
 506 | llsurfup-https;1184/tcp;0.000076;# LL Surfup HTTPS
 507 | catchpole;1185/tcp;0.000152;# Catchpole port
 508 | mysql-cluster;1186/tcp;0.000304;# MySQL Cluster Manager
 509 | alias;1187/tcp;0.000152;# Alias Service
 510 | hp-webadmin;1188/tcp;0.000076;# HP Web Admin
 511 | commlinx-avl;1190/tcp;0.000076;# CommLinx GPS / AVL System
 512 | gpfs;1191/tcp;0.000076;# General Parallel File System
 513 | caids-sensor;1192/tcp;0.000152;# caids sensors channel
 514 | openvpn;1194/tcp;0.000076;# OpenVPN
 515 | rsf-1;1195/tcp;0.000076;# RSF-1 clustering
 516 | netmagic;1196/tcp;0.000076;# Network Magic
 517 | cajo-discovery;1198/tcp;0.000152;# cajo reference discovery
 518 | dmidi;1199/tcp;0.000228;# DMIDI
 519 | scol;1200/tcp;0.000076;# SCOL
 520 | nucleus-sand;1201/tcp;0.000228;# Nucleus Sand Database Server
 521 | ssslog-mgr;1204/tcp;0.000076;# Log Request Listener
 522 | metasage;1207/tcp;0.000076;# MetaSage
 523 | seagull-ais;1208/tcp;0.000076;# SEAGULL AIS
 524 | ipcd3;1209/tcp;0.000076;# IPCD3
 525 | eoss;1210/tcp;0.000076;# EOSS
 526 | groove-dpp;1211/tcp;0.000076;# Groove DPP
 527 | mpc-lifenet;1213/tcp;0.000152;# MPC LIFENET
 528 | fasttrack;1214/tcp;0.000050;# Kazaa File Sharing
 529 | scanstat-1;1215/tcp;0.000076;# scanSTAT 1.0
 530 | etebac5;1216/tcp;0.000152;# ETEBAC 5
 531 | hpss-ndapi;1217/tcp;0.000152;# HPSS NonDCE Gateway
 532 | aeroflight-ads;1218/tcp;0.001064;# AeroFlight ADs
 533 | quicktime;1220/tcp;0.000151;# Apple Darwin and QuickTime Streaming Administration Servers
 534 | sweetware-apps;1221/tcp;0.000076;# SweetWARE Apps
 535 | nerv;1222/tcp;0.000138;# SNI R&D network
 536 | tgp;1223/tcp;0.000076;# TrulyGlobal Protocol
 537 | florence;1228/tcp;0.000076;# FLORENCE
 538 | zented;1229/tcp;0.000076;# ZENworks Tiered Electronic Distribution
 539 | univ-appserver;1233/tcp;0.000152;# Universal App Server
 540 | nmsd;1239/tcp;0.000076;# NMSD
 541 | instantia;1240/tcp;0.000076;# Instantia
 542 | nessus;1241/tcp;0.000113;# Nessus or remote message server
 543 | serialgateway;1243/tcp;0.000076;# SerialGateway
 544 | visionpyramid;1247/tcp;0.000304;# VisionPyramid
 545 | mesavistaco;1249/tcp;0.000076;# Mesa Vista Co
 546 | opennl-voice;1259/tcp;0.000152;# Open Network Library Voice
 547 | qnts-orb;1262/tcp;0.000076;# QNTS-ORB
 548 | prat;1264/tcp;0.000076;# PRAT
 549 | propel-msgsys;1268/tcp;0.000076;# PROPEL-MSGSYS
 550 | ssserver;1270/tcp;0.000138;# Sun StorEdge Configuration Service
 551 | excw;1271/tcp;0.000228;# eXcW
 552 | cspmlockmgr;1272/tcp;0.000380;# CSPMLockMgr
 553 | miva-mqs;1277/tcp;0.000152;# mqs
 554 | dellwebadmin-2;1279/tcp;0.000076;# Dell Web Admin 2
 555 | emperion;1282/tcp;0.000076;# Emperion
 556 | routematch;1287/tcp;0.000152;# RouteMatch Com
 557 | winjaserver;1290/tcp;0.000076;# WinJaServer
 558 | seagulllms;1291/tcp;0.000076;# SEAGULLLMS
 559 | h323hostcallsc;1300/tcp;0.000152;# H323 Host Call Secure
 560 | ci3-software-1;1301/tcp;0.000152;# CI3-Software-1
 561 | ci3-software-2;1302/tcp;0.000076;# CI3-Software-2
 562 | re-conn-proto;1306/tcp;0.000076;# RE-Conn-Proto
 563 | pacmand;1307/tcp;0.000076;# Pacmand
 564 | odsi;1308/tcp;0.000076;# Optical Domain Service Interconnect (ODSI)
 565 | jtag-server;1309/tcp;0.000152;# JTAG server
 566 | husky;1310/tcp;0.000380;# Husky
 567 | pdps;1314/tcp;0.000076;# Photoscript Distributed Printing System
 568 | els;1315/tcp;0.000076;# E.L.S., Event Listener Service
 569 | exbit-escp;1316/tcp;0.000076;# Exbit-ESCP
 570 | amx-icsp;1319/tcp;0.000076;# AMX-ICSP
 571 | pip;1321/tcp;0.000076;# PIP
 572 | novation;1322/tcp;0.000152;# Novation
 573 | ultrex;1327/tcp;0.000076;# Ultrex
 574 | ewall;1328/tcp;0.000152;# EWALL
 575 | streetperfect;1330/tcp;0.000076;# StreetPerfect
 576 | ischat;1336/tcp;0.000076;# Instant Service Chat
 577 | waste;1337/tcp;0.000088;# Nullsoft WASTE encrypted P2P app
 578 | naap;1340/tcp;0.000076;# NAAP
 579 | alta-ana-lm;1346/tcp;0.000050;# Alta Analytics License Manager
 580 | bbn-mmc;1347/tcp;0.000151;# multi media conferencing
 581 | bbn-mmx;1348/tcp;0.000038;# multi media conferencing
 582 | sbook;1349/tcp;0.000050;# Registration Network Protocol
 583 | editbench;1350/tcp;0.000113;# Registration Network Protocol
 584 | equationbuilder;1351/tcp;0.000113;# Digital Tool Works (MIT)
 585 | lotusnotes;1352/tcp;0.001154;# Lotus Note
 586 | relief;1353/tcp;0.000100;# Relief Consulting
 587 | rightbrain;1354/tcp;0.000038;# RightBrain Software
 588 | intuitive-edge;1355/tcp;0.000025;# Intuitive Edge
 589 | cuillamartin;1356/tcp;0.000050;# CuillaMartin Company
 590 | pegboard;1357/tcp;0.000100;# Electronic PegBoard
 591 | ndm-requester;1363/tcp;0.000013;# Network DataMover Requester
 592 | ndm-server;1364/tcp;0.000063;# Network DataMover Server
 593 | adapt-sna;1365/tcp;0.000025;# Network Software Associates
 594 | netware-csp;1366/tcp;0.000063;# Novell NetWare Comm Service Platform
 595 | gv-us;1369/tcp;0.000038;# GlobalView to Unix Shell
 596 | us-gv;1370/tcp;0.000050;# Unix Shell to GlobalView
 597 | fc-cli;1371/tcp;0.000013;# Fujitsu Config Protocol
 598 | fc-ser;1372/tcp;0.000038;# Fujitsu Config Protocol
 599 | molly;1374/tcp;0.000013;# EPI Software Systems
 600 | ibm-pps;1376/tcp;0.000025;# IBM Person to Person Software
 601 | dbreporter;1379/tcp;0.000038;# Integrity Solutions
 602 | apple-licman;1381/tcp;0.000038;# Apple Network License Manager
 603 | gwha;1383/tcp;0.000013;# GW Hannaway Network License Manager
 604 | os-licman;1384/tcp;0.000050;# Objective Solutions License Manager
 605 | atex_elmd;1385/tcp;0.000050;# Atex Publishing License Manager
 606 | checksum;1386/tcp;0.000025;# CheckSum License Manager
 607 | cadsi-lm;1387/tcp;0.000038;# Computer Aided Design Software Inc LM
 608 | objective-dbc;1388/tcp;0.000050;# Objective Solutions DataBase Cache
 609 | iclpv-dm;1389/tcp;0.000050;# Document Manager
 610 | iclpv-sc;1390/tcp;0.000025;# Storage Controller
 611 | iclpv-sas;1391/tcp;0.000013;# Storage Access Server
 612 | iclpv-nls;1393/tcp;0.000025;# Network Log Server
 613 | iclpv-nlc;1394/tcp;0.000025;# Network Log Client
 614 | iclpv-wsm;1395/tcp;0.000013;# PC Workstation Manager software
 615 | dvl-activemail;1396/tcp;0.000013;# DVL Active Mail
 616 | audio-activmail;1397/tcp;0.000025;# Audio Active Mail
 617 | video-activmail;1398/tcp;0.000025;# Video Active Mail
 618 | cadkey-licman;1399/tcp;0.000050;# Cadkey License Manager
 619 | cadkey-tablet;1400/tcp;0.000050;# Cadkey Tablet Daemon
 620 | goldleaf-licman;1401/tcp;0.000038;# Goldleaf License Manager
 621 | prm-sm-np;1402/tcp;0.000050;# Prospero Resource Manager
 622 | prm-nm-np;1403/tcp;0.000038;# Prospero Resource Manager
 623 | igi-lm;1404/tcp;0.000050;# Infinite Graphics License Manager
 624 | ibm-res;1405/tcp;0.000038;# IBM Remote Execution Starter
 625 | dbsa-lm;1407/tcp;0.000013;# DBSA License Manager
 626 | sophia-lm;1408/tcp;0.000013;# Sophia License Manager
 627 | here-lm;1409/tcp;0.000025;# Here License Manager
 628 | hiq;1410/tcp;0.000025;# HiQ License Manager
 629 | af;1411/tcp;0.000013;# AudioFile
 630 | ibm-mqseries;1414/tcp;0.000088;# IBM MQSeries
 631 | novell-lu6.2;1416/tcp;0.000013;# Novell LU6.2
 632 | timbuktu-srv1;1417/tcp;0.000201;# Timbuktu Service 1 Port
 633 | timbuktu-srv2;1418/tcp;0.000013;# Timbuktu Service 2 Port
 634 | timbuktu-srv3;1419/tcp;0.000013;# Timbuktu Service 3 Port
 635 | timbuktu-srv4;1420/tcp;0.000063;# Timbuktu Service 4 Port
 636 | autodesk-lm;1422/tcp;0.000025;# Autodesk License Manager
 637 | essbase;1423/tcp;0.000013;# Essbase Arbor Software
 638 | hybrid;1424/tcp;0.000025;# Hybrid Encryption Protocol
 639 | sas-1;1426/tcp;0.000025;# Satellite-data Acquisition System 1
 640 | mloadd;1427/tcp;0.000013;# mloadd monitoring tool
 641 | nms;1429/tcp;0.000013;# Hypercom NMS
 642 | tpdu;1430/tcp;0.000013;# Hypercom TPDU
 643 | blueberry-lm;1432/tcp;0.000025;# Blueberry Software License Manager
 644 | ms-sql-s;1433/tcp;0.007929;# Microsoft-SQL-Server
 645 | ms-sql-m;1434/tcp;0.000201;# Microsoft-SQL-Monitor
 646 | sas-2;1436/tcp;0.000025;# Satellite-data Acquisition System 2
 647 | eicon-server;1438/tcp;0.000025;# Eicon Security Agent/Server
 648 | eicon-x25;1439/tcp;0.000025;# Eicon X25/SNA Gateway
 649 | eicon-slp;1440/tcp;0.000013;# Eicon Service Location Protocol
 650 | cadis-1;1441/tcp;0.000075;# Cadis License Management
 651 | cadis-2;1442/tcp;0.000025;# Cadis License Management
 652 | ies-lm;1443/tcp;0.000238;# Integrated Engineering Software
 653 | marcam-lm;1444/tcp;0.000075;# Marcam License Management
 654 | proxima-lm;1445/tcp;0.000050;# Proxima License Manager
 655 | ora-lm;1446/tcp;0.000025;# Optical Research Associates License Manager
 656 | oc-lm;1448/tcp;0.000013;# OpenConnect License Manager
 657 | infoman;1451/tcp;0.000013;# IBM Information Management
 658 | genie-lm;1453/tcp;0.000013;# Genie License Manager
 659 | interhdl_elmd;1454/tcp;0.000025;# interHDL License Manager
 660 | esl-lm;1455/tcp;0.000176;# ESL License Manager
 661 | valisys-lm;1457/tcp;0.000013;# Valisys License Manager
 662 | nrcabq-lm;1458/tcp;0.000013;# Nichols Research Corp.
 663 | proshare1;1459/tcp;0.000013;# Proshare Notebook Application
 664 | ibm_wrless_lan;1461/tcp;0.000188;# IBM Wireless LAN
 665 | world-lm;1462/tcp;0.000013;# World License Manager
 666 | msl_lmd;1464/tcp;0.000013;# MSL License Manager
 667 | pipes;1465/tcp;0.000050;# Pipes Platform
 668 | oceansoft-lm;1466/tcp;0.000038;# Ocean Software License Manager
 669 | aal-lm;1469/tcp;0.000013;# Active Analysis Limited License Manager
 670 | uaiact;1470/tcp;0.000013;# Universal Analytics
 671 | taligent-lm;1475/tcp;0.000038;# Taligent License Manager
 672 | miteksys-lm;1482/tcp;0.000013;# Miteksys License Manager
 673 | afs;1483/tcp;0.000025;# AFS License Manager
 674 | confluent;1484/tcp;0.000050;# Confluent License Manager
 675 | fhc;1499/tcp;0.000025;# Federico Heinz Consultora
 676 | vlsi-lm;1500/tcp;0.000627;# VLSI License Manager
 677 | sas-3;1501/tcp;0.000602;# Satellite-data Acquisition System 3
 678 | shivadiscovery;1502/tcp;0.000013;# Shiva
 679 | imtc-mcs;1503/tcp;0.000640;# Databeam
 680 | funkproxy;1505/tcp;0.000013;# Funk Software, Inc.
 681 | robcad-lm;1509/tcp;0.000013;# Robcad, Ltd. License Manager
 682 | mvx-lm;1510/tcp;0.000025;# Midland Valley Exploration Ltd. Lic. Man.
 683 | fujitsu-dtc;1513/tcp;0.000025;# Fujitsu Systems Business of America, Inc
 684 | vpad;1516/tcp;0.000113;# Virtual Places Audio data
 685 | vpac;1517/tcp;0.000050;# Virtual Places Audio control
 686 | vpvd;1518/tcp;0.000013;# Virtual Places Video data
 687 | vpvc;1519/tcp;0.000025;# Virtual Places Video control
 688 | oracle;1521/tcp;0.001568;# Oracle Database
 689 | rna-lm;1522/tcp;0.000100;# Ricardo North America License Manager
 690 | ingreslock;1524/tcp;0.000276;# ingres
 691 | orasrv;1525/tcp;0.000088;# oracle or Prospero Directory Service non-priv
 692 | pdap-np;1526/tcp;0.000113;# Prospero Data Access Prot non-priv
 693 | tlisrv;1527/tcp;0.000038;# oracle
 694 | support;1529/tcp;0.000025;# prmsd gnatsd;# cygnus bug tracker
 695 | virtual-places;1533/tcp;0.000238;# Virtual Places Software
 696 | intellistor-lm;1539/tcp;0.000038;# Intellistor License Manager
 697 | axon-lm;1548/tcp;0.000025;# Axon License Manager
 698 | shivahose;1549/tcp;0.000025;# Shiva Hose
 699 | 3m-image-lm;1550/tcp;0.000125;# Image Storage license manager 3M Company
 700 | veritas_pbx;1556/tcp;0.000152;# VERITAS Private Branch Exchange
 701 | asci-val;1560/tcp;0.000076;# ASCI-RemoteSHADOW
 702 | winddlb;1565/tcp;0.000076;# WinDD
 703 | corelvideo;1566/tcp;0.000076;# CORELVIDEO
 704 | slp;1605/tcp;0.000076;# Salutation Manager (Salutation Protocol)
 705 | netbill-auth;1615/tcp;0.000076;# NetBill Authorization Server
 706 | pammratc;1632/tcp;0.000076;# PAMMRATC
 707 | edb-server1;1635/tcp;0.000076;# EDB Server 1
 708 | ismc;1638/tcp;0.000076;# ISP shared management control
 709 | invision;1641/tcp;0.000152;# InVision
 710 | sightline;1645/tcp;0.000076;# SightLine
 711 | rsvp-encap-2;1699/tcp;0.000076;# RSVP-ENCAPSULATION-2
 712 | registrar;1712/tcp;0.000076;# resource monitoring service
 713 | conferencetalk;1713/tcp;0.000076;# ConferenceTalk
 714 | H.323/Q.931;1720/tcp;0.014277;# Interactive media
 715 | hks-lm;1722/tcp;0.000076;# HKS License Manager
 716 | pptp;1723/tcp;0.032468;# Point-to-point tunnelling protocol
 717 | privatechat;1735/tcp;0.000076;# PrivateChat
 718 | sslp;1750/tcp;0.000076;# Simple Socket Library's PortMaster
 719 | lofr-lm;1752/tcp;0.000076;# Leap of Faith Research License Manager
 720 | wms;1755/tcp;0.003350;# Windows media service
 721 | landesk-rc;1761/tcp;0.001756;# LANDesk Remote Control
 722 | landesk-rc;1762/tcp;0.000038;# LANDesk Remote Control
 723 | landesk-rc;1763/tcp;0.000025;# LANDesk Remote Control
 724 | ea1;1791/tcp;0.000076;# EA1
 725 | netrisk;1799/tcp;0.000076;# NETRISK
 726 | ansys-lm;1800/tcp;0.000076;# ANSYS-License manager
 727 | msmq;1801/tcp;0.002585;# Microsoft Message Queuing
 728 | enl-name;1805/tcp;0.000152;# ENL-Name
 729 | musiconline;1806/tcp;0.000076;# Musiconline
 730 | fhsp;1807/tcp;0.000076;# Fujitsu Hot Standby Protocol
 731 | oracle-vp2;1808/tcp;0.000076;# Oracle-VP2
 732 | scientia-sdb;1811/tcp;0.000076;# Scientia-SDB
 733 | radius;1812/tcp;0.000152;# RADIUS
 734 | unisys-lm;1823/tcp;0.000076;# Unisys Natural Language License Manager
 735 | direcpc-video;1825/tcp;0.000076;# DirecPC Video
 736 | pcm;1827/tcp;0.000025;# PCM Agent (AutoSecure Policy Compliance Manager
 737 | ardusmul;1835/tcp;0.000076;# ARDUS Multicast
 738 | privateark;1858/tcp;0.000076;# PrivateArk
 739 | lecroy-vicp;1861/tcp;0.000076;# LeCroy VICP
 740 | mysql-cm-agent;1862/tcp;0.000228;# MySQL Cluster Manager Agent
 741 | msnp;1863/tcp;0.000684;# MSN Messenger
 742 | canocentral0;1871/tcp;0.000076;# Cano Central 0
 743 | westell-stats;1875/tcp;0.000152;# westell stats
 744 | upnp;1900/tcp;0.003977;# Universal PnP
 745 | fjicl-tep-a;1901/tcp;0.000076;# Fujitsu ICL Terminal Emulator Program A
 746 | mtp;1911/tcp;0.000076;# Starlight Networks Multimedia Transport Protocol
 747 | elm-momentum;1914/tcp;0.000152;# Elm-Momentum
 748 | can-nds;1918/tcp;0.000076;# IBM Tivole Directory Service - NDS
 749 | xiip;1924/tcp;0.000076;# XIIP
 750 | videte-cipc;1927/tcp;0.000076;# Videte CIPC Port
 751 | rtmp;1935/tcp;0.001179;# Macromedia FlasComm Server
 752 | sentinelsrm;1947/tcp;0.000380;# SentinelSRM
 753 | abr-api;1954/tcp;0.000076;# ABR-API (diskbridge)
 754 | dxadmind;1958/tcp;0.000076;# CA Administration Daemon
 755 | netop-school;1971/tcp;0.000152;# NetOp School
 756 | intersys-cache;1972/tcp;0.000152;# Cache
 757 | dlsrap;1973/tcp;0.000076;# Data Link Switching Remote Access Protocol
 758 | drp;1974/tcp;0.000152;# DRP
 759 | tcoflashagent;1975/tcp;0.000076;# TCO Flash Agent
 760 | tcoregagent;1976/tcp;0.000076;# TCO Reg Agent
 761 | p2pq;1981/tcp;0.000076;# p2pQ
 762 | bigbrother;1984/tcp;0.000201;# Big Brother monitoring server - www.bb4.com
 763 | licensedaemon;1986/tcp;0.000025;# cisco license management
 764 | tr-rsrb-p1;1987/tcp;0.000013;# cisco RSRB Priority 1 port
 765 | tr-rsrb-p2;1988/tcp;0.000050;# cisco RSRB Priority 2 port
 766 | tr-rsrb-p3;1989/tcp;0.000075;# cisco RSRB Priority 3 port
 767 | stun-p1;1990/tcp;0.000025;# cisco STUN Priority 1 port
 768 | stun-p2;1991/tcp;0.000050;# cisco STUN Priority 2 port
 769 | stun-p3;1992/tcp;0.000025;# cisco STUN Priority 3 port
 770 | snmp-tcp-port;1993/tcp;0.000013;# cisco SNMP TCP port
 771 | stun-port;1994/tcp;0.000025;# cisco serial tunnel port
 772 | perf-port;1995/tcp;0.000038;# cisco perf port
 773 | tr-rsrb-port;1996/tcp;0.000038;# cisco Remote SRB port
 774 | gdp-port;1997/tcp;0.000038;# cisco Gateway Discovery Protocol
 775 | x25-svc-port;1998/tcp;0.001731;# cisco X.25 service (XOT)
 776 | tcp-id-port;1999/tcp;0.000364;# cisco identification port
 777 | cisco-sccp;2000/tcp;0.010112;# cisco SCCP (Skinny Client Control Protocol)
 778 | dc;2001/tcp;0.007339;# or nfr20 web queries
 779 | finger;2003/tcp;0.001179;# GNU finger (cfingerd)
 780 | deslogin;2005/tcp;0.001731;# encrypted symmetric telnet/login
 781 | search;2010/tcp;0.000803;# Or nfr411
 782 | raid-cc;2011/tcp;0.000113;# raid
 783 | nfs;2049/tcp;0.006110;# networked file system
 784 | icg-swp;2062/tcp;0.000076;# ICG SWP Port
 785 | dnet-keyproxy;2064/tcp;0.000038;# A closed-source client for solving the RSA cryptographic challenge. This is the keyblock proxy port.
 786 | dlsrpn;2065/tcp;0.000815;# Data Link Switch Read Port Number
 787 | dlswpn;2067/tcp;0.000113;# Data Link Switch Write Port Number
 788 | advocentkvm;2068/tcp;0.000201;# Advocent KVM Server
 789 | event-port;2069/tcp;0.000076;# HTTP Event Port
 790 | ah-esp-encap;2070/tcp;0.000076;# AH and ESP Encapsulated in UDP packet
 791 | autodesk-nlm;2080/tcp;0.000076;# Autodesk NLM (FLEXlm)
 792 | kme-trap-port;2081/tcp;0.000076;# KME PRINTER TRAP PORT
 793 | infowave;2082/tcp;0.000076;# Infowave Mobility Server
 794 | radsec;2083/tcp;0.000076;# Secure Radius Service
 795 | gnunet;2086/tcp;0.000076;# GNUnet
 796 | eli;2087/tcp;0.000076;# ELI - Event Logging Integration
 797 | nbx-ser;2095/tcp;0.000076;# NBX SER
 798 | nbx-dir;2096/tcp;0.000076;# NBX DIR
 799 | h2250-annex-g;2099/tcp;0.000152;# H.225.0 Annex G
 800 | amiganetfs;2100/tcp;0.000380;# Amiga Network Filesystem
 801 | zephyr-clt;2103/tcp;0.002661;# Zephyr serv-hm connection
 802 | zephyr-hm;2104/tcp;0.000076;# Zephyr hostmanager
 803 | eklogin;2105/tcp;0.002120;# Kerberos (v4) encrypted rlogin
 804 | ekshell;2106/tcp;0.000238;# Kerberos (v4) encrypted rshell
 805 | msmq-mgmt;2107/tcp;0.002737;# Microsoft Message Queuing (IANA calls this bintec-admin)
 806 | rkinit;2108/tcp;0.000013;# Kerberos (v4) remote initialization
 807 | kx;2111/tcp;0.000263;# X over kerberos
 808 | kip;2112/tcp;0.000088;# IP over kerberos
 809 | kdm;2115/tcp;0.000076;# Key Distribution Manager
 810 | gsigatekeeper;2119/tcp;0.000380;# GSIGATEKEEPER
 811 | kauth;2120/tcp;0.000050;# Remote kauth
 812 | ccproxy-ftp;2121/tcp;0.005834;# CCProxy FTP Proxy
 813 | elatelink;2124/tcp;0.000076;# ELATELINK
 814 | pktcable-cops;2126/tcp;0.000304;# PktCable-COPS
 815 | avenue;2134/tcp;0.000076;# AVENUE
 816 | gris;2135/tcp;0.000380;# Grid Resource Information Server
 817 | tdmoip;2142/tcp;0.000076;# TDM OVER IP
 818 | lv-ffx;2144/tcp;0.000380;# Live Vault Fast Object Transfer
 819 | veritas-ucl;2148/tcp;0.000076;# Veritas Universal Communication Layer
 820 | dynamic3d;2150/tcp;0.000076;# DYNAMIC3D
 821 | apc-2160;2160/tcp;0.000380;# APC 2160
 822 | apc-agent;2161/tcp;0.001521;# American Power Conversion
 823 | eyetv;2170/tcp;0.000152;# EyeTV Server Port
 824 | vmrdp;2179/tcp;0.000304;# Microsoft RDP for virtual machines
 825 | ssmc;2187/tcp;0.000076;# Sepehr System Management Control
 826 | tivoconnect;2190/tcp;0.000380;# TiVoConnect Beacon
 827 | tvbus;2191/tcp;0.000304;# TvBus Messaging
 828 | mnp-exchange;2197/tcp;0.000076;# MNP data exchange
 829 | ici;2200/tcp;0.000152;# ICI
 830 | ats;2201/tcp;0.000100;# Advanced Training System Program
 831 | b2-runtime;2203/tcp;0.000076;# b2 Runtime Protocol
 832 | EtherNet/IP-1;2222/tcp;0.000608;# EtherNet/IP I/O
 833 | efi-mg;2224/tcp;0.000076;# Easy Flexible Internet/Multiplayer Games
 834 | ivs-video;2232/tcp;0.000151;# IVS Video default
 835 | ivsd;2241/tcp;0.000151;# IVS Daemon
 836 | dif-port;2251/tcp;0.000304;# Distributed Framework Port
 837 | dtv-chan-req;2253/tcp;0.000076;# DTV Channel Request
 838 | apc-2260;2260/tcp;0.000380;# APC 2260
 839 | comotionmaster;2261/tcp;0.000076;# CoMotion Master Server
 840 | comotionback;2262/tcp;0.000076;# CoMotion Backup Server
 841 | apx500api-2;2265/tcp;0.000076;# Audio Precision Apx500 API Port 2
 842 | mikey;2269/tcp;0.000076;# MIKEY
 843 | starschool;2270/tcp;0.000076;# starSchool
 844 | mmcals;2271/tcp;0.000076;# Secure Meeting Maker Scheduling
 845 | lnvpoller;2280/tcp;0.000076;# LNVPOLLER
 846 | netml;2288/tcp;0.000152;# NETML
 847 | eapsp;2291/tcp;0.000076;# EPSON Advanced Printer Share Protocol
 848 | mib-streaming;2292/tcp;0.000076;# Sonus Element Management Services
 849 | cvmmon;2300/tcp;0.000076;# CVMMON
 850 | compaqdiag;2301/tcp;0.001242;# Compaq remote diagnostic/management
 851 | binderysupport;2302/tcp;0.000076;# Bindery Support
 852 | attachmate-uts;2304/tcp;0.000076;# Attachmate UTS
 853 | wanscaler;2312/tcp;0.000076;# WANScaler Communication Service
 854 | iapp;2313/tcp;0.000076;# IAPP (Inter Access Point Protocol)
 855 | ansysli;2325/tcp;0.000076;# ANSYS Licensing Interconnect
 856 | idcp;2326/tcp;0.000076;# IDCP
 857 | tscchat;2330/tcp;0.000076;# TSCCHAT
 858 | ace-proxy;2335/tcp;0.000076;# ACE Proxy
 859 | wrs_registry;2340/tcp;0.000076;# WRS Registry
 860 | worldwire;2371/tcp;0.000076;# Compaq WorldWire Port
 861 | lanmessenger;2372/tcp;0.000076;# LanMessenger
 862 | compaq-https;2381/tcp;0.000380;# Compaq HTTPS
 863 | ms-olap4;2383/tcp;0.001369;# MS OLAP 4
 864 | 3com-net-mgmt;2391/tcp;0.000076;# 3COM Net Management
 865 | ms-olap1;2393/tcp;0.000228;# SQL Server Downlevel OLAP Client Support
 866 | ms-olap2;2394/tcp;0.000228;# SQL Server Downlevel OLAP Client Support
 867 | fmpro-fdal;2399/tcp;0.000380;# FileMaker, Inc. - Data Access Layer
 868 | cvspserver;2401/tcp;0.001480;# CVS network server
 869 | fjitsuappmgr;2425/tcp;0.000076;# Fujitsu App Manager
 870 | optilogic;2435/tcp;0.000076;# OptiLogic
 871 | topx;2436/tcp;0.000076;# TOP/X
 872 | msp;2438/tcp;0.000076;# MSP
 873 | sybasedbsynch;2439/tcp;0.000076;# SybaseDBSynch
 874 | ratl;2449/tcp;0.000076;# RATL
 875 | lsi-raid-mgmt;2463/tcp;0.000076;# LSI RAID Management
 876 | c3;2472/tcp;0.000076;# C3
 877 | groove;2492/tcp;0.000380;# GROOVE
 878 | rtsserv;2500/tcp;0.000464;# Resource Tracking system server
 879 | rtsclient;2501/tcp;0.000151;# Resource Tracking system client
 880 | ppcontrol;2505/tcp;0.000076;# PowerPlay Control
 881 | windb;2522/tcp;0.000304;# WinDb
 882 | ms-v-worlds;2525/tcp;0.000456;# MS V-Worlds
 883 | ito-e-gui;2531/tcp;0.000076;# ITO-E GUI
 884 | ovtopmd;2532/tcp;0.000076;# OVTOPMD
 885 | ads;2550/tcp;0.000076;# ADS
 886 | isg-uda-server;2551/tcp;0.000076;# ISG UDA Server
 887 | pclemultimedia;2558/tcp;0.000076;# PCLE Multi Media
 888 | hp-3000-telnet;2564/tcp;0.000013;# HP 3000 NS/VT block mode telnet
 889 | clp;2567/tcp;0.000076;# Cisco Line Protocol
 890 | tributary;2580/tcp;0.000076;# Tributary
 891 | mon;2583/tcp;0.000076;# MON
 892 | citriximaclient;2598/tcp;0.000076;# Citrix MA Client
 893 | zebrasrv;2600/tcp;0.000088;# zebra service
 894 | zebra;2601/tcp;0.002032;# zebra vty
 895 | ripd;2602/tcp;0.000790;# RIPd vty
 896 | ospfd;2604/tcp;0.000765;# OSPFd vty
 897 | bgpd;2605/tcp;0.000514;# BGPd vty
 898 | netmon;2606/tcp;0.000076;# Dell Netmon
 899 | connection;2607/tcp;0.000380;# Dell Connection
 900 | wag-service;2608/tcp;0.000228;# Wag Service
 901 | metricadbc;2622/tcp;0.000076;# MetricaDBC
 902 | lmdp;2623/tcp;0.000076;# LMDP
 903 | webster;2627/tcp;0.000025;# Network dictionary
 904 | dict;2628/tcp;0.000125;# Dictionary service (RFC2229)
 905 | sitaradir;2631/tcp;0.000076;# Sitara Dir
 906 | sybase;2638/tcp;0.000251;# Sybase database
 907 | travsoft-ipx-t;2644/tcp;0.000076;# Travsoft IPX Tunnel
 908 | itinternet;2691/tcp;0.000076;# ITInternet ISM Server
 909 | ncdmirroring;2706/tcp;0.000076;# NCD Mirroring
 910 | sso-service;2710/tcp;0.000152;# SSO Service
 911 | sso-control;2711/tcp;0.000076;# SSO Control
 912 | aocp;2712/tcp;0.000076;# Axapta Object Communication Protocol
 913 | pn-requester;2717/tcp;0.003345;# PN REQUESTER
 914 | pn-requester2;2718/tcp;0.000380;# PN REQUESTER 2
 915 | watchdog-nt;2723/tcp;0.000076;# WatchDog NT Protocol
 916 | msolap-ptp2;2725/tcp;0.000228;# SQL Analysis Server
 917 | sqdr;2728/tcp;0.000076;# SQDR
 918 | ccs-software;2734/tcp;0.000076;# CCS Software
 919 | listen;2766/tcp;0.000013;# System V listener port
 920 | acc-raid;2800/tcp;0.000152;# ACC RAID
 921 | dvr-esm;2804/tcp;0.000076;# March Networks Digital Video Recorders and Enterprise Service Manager products
 922 | corbaloc;2809/tcp;0.000439;# Corba
 923 | gsiftp;2811/tcp;0.000380;# GSI FTP
 924 | aimpp-port-req;2847/tcp;0.000076;# AIMPP Port Req
 925 | metaconsole;2850/tcp;0.000076;# MetaConsole
 926 | icslap;2869/tcp;0.002129;# Universal Plug and Play Device Host, SSDP Discovery Service
 927 | dxmessagebase2;2875/tcp;0.000380;# DX Message Base Transport Protocol
 928 | ndtp;2882/tcp;0.000076;# NDTP
 929 | spcsdlobby;2888/tcp;0.000076;# SPCSDLOBBY
 930 | rsom;2889/tcp;0.000076;# RSOM
 931 | appliance-cfg;2898/tcp;0.000076;# APPLIANCE-CFG
 932 | allstorcns;2901/tcp;0.000076;# ALLSTORCNS
 933 | netaspi;2902/tcp;0.000076;# NET ASPI
 934 | extensisportfolio;2903/tcp;0.000100;# Portfolio Server by Extensis Product Group
 935 | funk-dialout;2909/tcp;0.000228;# Funk Dialout
 936 | tdaccess;2910/tcp;0.000152;# TDAccess
 937 | roboeda;2920/tcp;0.000152;# roboEDA
 938 | amx-weblinx;2930/tcp;0.000076;# AMX-WEBLINX
 939 | jmact5;2957/tcp;0.000076;# JAMCT5
 940 | jmact6;2958/tcp;0.000076;# JAMCT6
 941 | symantec-av;2967/tcp;0.002357;# Symantec AntiVirus (rtvscan.exe)
 942 | enpp;2968/tcp;0.000152;# ENPP
 943 | svnetworks;2973/tcp;0.000076;# SV Networks
 944 | hpidsadmin;2984/tcp;0.000076;# HPIDSADMIN
 945 | hippad;2988/tcp;0.000076;# HIPPA Reporting Protocol
 946 | wkstn-mon;2991/tcp;0.000076;# WKSTN-MON
 947 | rebol;2997/tcp;0.000076;# REBOL
 948 | iss-realsec;2998/tcp;0.000351;# ISS RealSecure IDS Remote Console Admin port
 949 | ppp;3000/tcp;0.004115;# User-level ppp daemon, or chili!soft asp
 950 | nessus;3001/tcp;0.003124;# Nessus Security Scanner (www.nessus.org) Daemon or chili!soft asp
 951 | exlm-agent;3002/tcp;0.000076;# EXLM Agent
 952 | cgms;3003/tcp;0.000228;# CGMS
 953 | deslogin;3005/tcp;0.000477;# encrypted symmetric telnet/login
 954 | lotusmtap;3007/tcp;0.000152;# Lotus Mail Tracking Agent Protocol
 955 | trusted-web;3011/tcp;0.000304;# Trusted Web
 956 | gilatskysurfer;3013/tcp;0.000152;# Gilat Sky Surfer
 957 | broker_service;3014/tcp;0.000076;# Broker Service
 958 | event_listener;3017/tcp;0.000380;# Event Listener
 959 | slnp;3025/tcp;0.000125;# SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
 960 | arepa-cas;3030/tcp;0.000304;# Arepa Cas
 961 | eppc;3031/tcp;0.000380;# Remote AppleEvents/PPC Toolbox
 962 | slnp;3045/tcp;0.000063;# SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
 963 | cfs;3049/tcp;0.000063;# cryptographic file system (nfs) (proposed)
 964 | goahead-fldup;3057/tcp;0.000076;# GoAhead FldUp
 965 | dnet-tstproxy;3064/tcp;0.000063;# distributed.net (a closed source crypto-cracking project) proxy test port
 966 | csd-mgmt-port;3071/tcp;0.000380;# ContinuStor Manager Port
 967 | orbix-loc-ssl;3077/tcp;0.000304;# Orbix 2000 Locator SSL
 968 | sj3;3086/tcp;0.000050;# SJ3 (kanji input)
 969 | ptk-alink;3089/tcp;0.000076;# ParaTek Agent Linking
 970 | slslavemon;3102/tcp;0.000076;# SoftlinK Slave Mon Port
 971 | autocuesmi;3103/tcp;0.000076;# Autocue SMI Protocol
 972 | pkagent;3118/tcp;0.000076;# PKAgent
 973 | d2000kernel;3119/tcp;0.000152;# D2000 Kernel Port
 974 | sflm;3162/tcp;0.000152;# SFLM
 975 | nowcontact;3167/tcp;0.000076;# Now Contact Public Server
 976 | poweronnud;3168/tcp;0.000228;# Now Up-to-Date Public Server
 977 | csvr-proxy;3190/tcp;0.000076;# ConServR Proxy
 978 | tick-port;3200/tcp;0.000076;# Press-sense Tick Port
 979 | flamenco-proxy;3210/tcp;0.000076;# Flamenco Networks Proxy
 980 | avsecuremgmt;3211/tcp;0.000380;# Avocent Secure Management
 981 | xnm-ssl;3220/tcp;0.000076;# XML NM over SSL
 982 | xnm-clear-text;3221/tcp;0.000228;# XML NM over TCP
 983 | triomotion;3240/tcp;0.000076;# Trio Motion Control Port
 984 | iscsi;3260/tcp;0.001064;# iSCSI
 985 | winshadow;3261/tcp;0.000304;# winShadow
 986 | ecolor-imager;3263/tcp;0.000076;# E-Color Enterprise Imager
 987 | ccmail;3264/tcp;0.000038;# cc:mail/lotus
 988 | globalcatLDAP;3268/tcp;0.001229;# Global Catalog LDAP
 989 | globalcatLDAPssl;3269/tcp;0.001142;# Global Catalog LDAP over ssl
 990 | vs-server;3280/tcp;0.000076;# VS Server
 991 | sysopt;3281/tcp;0.000076;# SYSOPT
 992 | netassistant;3283/tcp;0.000760;# Apple Remote Desktop Net Assistant reporting feature
 993 | sah-lm;3291/tcp;0.000076;# S A Holditch & Associates - LM
 994 | meetingmaker;3292/tcp;0.000038;# Meeting maker time management software
 995 | saprouter;3299/tcp;0.000125;# SAProuter
 996 | opsession-srvr;3304/tcp;0.000152;# OP Session Server
 997 | mysql;3306/tcp;0.045390;# mySQL
 998 | opsession-prxy;3307/tcp;0.000152;# OP Session Proxy
 999 | dyna-access;3310/tcp;0.000076;# Dyna Access
1000 | mcns-tel-ret;3311/tcp;0.000076;# MCNS Tel Ret
1001 | sdt-lmd;3319/tcp;0.000076;# SDT License Manager
1002 | active-net;3322/tcp;0.000228;# Active Networks
1003 | active-net;3323/tcp;0.000380;# Active Networks
1004 | active-net;3324/tcp;0.000228;# Active Networks
1005 | active-net;3325/tcp;0.000380;# Active Networks
1006 | dec-notes;3333/tcp;0.000790;# DEC Notes
1007 | directv-web;3334/tcp;0.000076;# Direct TV Webcasting
1008 | btrieve;3351/tcp;0.000380;# Btrieve port
1009 | dj-ilm;3362/tcp;0.000076;# DJ ILM
1010 | nati-vi-server;3363/tcp;0.000076;# NATI Vi Server
1011 | contentserver;3365/tcp;0.000076;# Content Server
1012 | satvid-datalnk;3367/tcp;0.000380;# Satellite Video Data Link
1013 | satvid-datalnk;3368/tcp;0.000076;# Satellite Video Data Link
1014 | satvid-datalnk;3369/tcp;0.000304;# Satellite Video Data Link
1015 | satvid-datalnk;3370/tcp;0.000304;# Satellite Video Data Link
1016 | satvid-datalnk;3371/tcp;0.000304;# Satellite Video Data Link
1017 | msdtc;3372/tcp;0.000339;# MS distributed transaction coordinator
1018 | cluster-disc;3374/tcp;0.000076;# Cluster Disc
1019 | cdbroker;3376/tcp;0.000152;# CD Broker
1020 | cbserver;3388/tcp;0.000076;# CB Server
1021 | ms-wbt-server;3389/tcp;0.083904;# Microsoft Remote Display Protocol (aka ms-term-serv, microsoft-rdp)
1022 | dsc;3390/tcp;0.000228;# Distributed Service Coordinator
1023 | printer_agent;3396/tcp;0.000076;# Printer Agent
1024 | saposs;3397/tcp;0.000038;# SAP Oss
1025 | sapcomm;3398/tcp;0.000063;# SAPcomm
1026 | sapeps;3399/tcp;0.000100;# SAP EPS
1027 | csms2;3400/tcp;0.000152;# CSMS2
1028 | networklenss;3410/tcp;0.000152;# NetworkLens SSL Event
1029 | wip-port;3414/tcp;0.000076;# BroadCloud WIP Port
1030 | bcinameservice;3415/tcp;0.000076;# BCI Name Service
1031 | softaudit;3419/tcp;0.000076;# Isogon SoftAudit
1032 | bmap;3421/tcp;0.000013;# Bull Apprise portmapper
1033 | agps-port;3425/tcp;0.000076;# AGPS Access Port
1034 | ssdispatch;3430/tcp;0.000076;# Scott Studios Dispatch
1035 | hri-port;3439/tcp;0.000076;# HRI Interface Port
1036 | ov-nnm-websrv;3443/tcp;0.000076;# OpenView Network Node Manager WEB Server
1037 | vat;3456/tcp;0.000100;# VAT default data
1038 | vat-control;3457/tcp;0.000025;# VAT default control
1039 | nppmp;3476/tcp;0.000532;# NVIDIA Mgmt Protocol
1040 | twrpc;3479/tcp;0.000076;# 2Wire RPC
1041 | slim-devices;3483/tcp;0.000076;# Slim Devices Protocol
1042 | celatalk;3485/tcp;0.000076;# CelaTalk
1043 | ifsf-hb-port;3486/tcp;0.000076;# IFSF Heartbeat Port
1044 | nut;3493/tcp;0.000304;# Network UPS Tools
1045 | ipether232port;3497/tcp;0.000076;# ipEther232Port
1046 | lsp-ping;3503/tcp;0.000076;# MPLS LSP-echo Port
1047 | ccmcomm;3505/tcp;0.000076;# CCM communications port
1048 | apc-3506;3506/tcp;0.000076;# APC 3506
1049 | webmail-2;3511/tcp;0.000076;# WebMail/2
1050 | arcpd;3513/tcp;0.000076;# Adaptec Remote Protocol
1051 | must-p2p;3514/tcp;0.000152;# MUST Peer to Peer
1052 | must-backplane;3515/tcp;0.000076;# MUST Backplane
1053 | 802-11-iapp;3517/tcp;0.000228;# IEEE 802.11 WLANs WG IAPP
1054 | nvmsgd;3519/tcp;0.000076;# Netvion Messenger Port
1055 | galileolog;3520/tcp;0.000076;# Netvion Galileo Log Port
1056 | starquiz-port;3526/tcp;0.000076;# starQuiz Port
1057 | beserver-msg-q;3527/tcp;0.000228;# VERITAS Backup Exec Server
1058 | gf;3530/tcp;0.000076;# Grid Friendly
1059 | peerenabler;3531/tcp;0.000025;# P2PNetworking/PeerEnabler protocol
1060 | raven-rmp;3532/tcp;0.000076;# Raven Remote Management Control
1061 | apcupsd;3551/tcp;0.000380;# Apcupsd Information Port
1062 | config-port;3577/tcp;0.000076;# Configuration Port
1063 | nati-svrloc;3580/tcp;0.000380;# NATI-ServiceLocator
1064 | emprise-lsc;3586/tcp;0.000076;# License Server Console
1065 | quasar-server;3599/tcp;0.000076;# Quasar Accounting Server
1066 | trap-daemon;3600/tcp;0.000076;# text relay-answer
1067 | infiniswitchcl;3602/tcp;0.000076;# InfiniSwitch Mgr Client
1068 | int-rcv-cntrl;3603/tcp;0.000076;# Integrated Rcvr Control
1069 | ep-nsp;3621/tcp;0.000076;# EPSON Network Screen Port
1070 | ff-lr-port;3622/tcp;0.000076;# FF LAN Redundancy Port
1071 | distccd;3632/tcp;0.000100;# Distributed compiler daemon
1072 | servistaitsm;3636/tcp;0.000076;# SerVistaITSM
1073 | scservp;3637/tcp;0.000076;# Customer Service Port
1074 | vxcrnbuport;3652/tcp;0.000076;# VxCR NBU Default Port
1075 | tsp;3653/tcp;0.000076;# Tunnel Setup Protocol
1076 | abatjss;3656/tcp;0.000076;# ActiveBatch Job Scheduler
1077 | ps-ams;3658/tcp;0.000076;# PlayStation AMS (Secure)
1078 | apple-sasl;3659/tcp;0.000380;# Apple SASL
1079 | dtp;3663/tcp;0.000076;# DIRECWAY Tunnel Protocol
1080 | casanswmgmt;3669/tcp;0.000076;# CA SAN Switch Management
1081 | smile;3670/tcp;0.000076;# SMILE TCP/UDP Interface
1082 | lispworks-orb;3672/tcp;0.000076;# LispWorks ORB
1083 | npds-tracker;3680/tcp;0.000076;# NPDS Tracker
1084 | bts-x73;3681/tcp;0.000076;# BTS X73 Port
1085 | bmc-ea;3683/tcp;0.000076;# BMC EDV/EA
1086 | faxstfx-port;3684/tcp;0.000152;# FAXstfX
1087 | rendezvous;3689/tcp;0.002283;# Rendezvous Zeroconf (used by Apple/iTunes)
1088 | svn;3690/tcp;0.001597;# Subversion
1089 | nw-license;3697/tcp;0.000152;# NavisWorks License System
1090 | lrs-paging;3700/tcp;0.000152;# LRS NetPage
1091 | adobeserver-3;3703/tcp;0.002357;# Adobe Server 3
1092 | sentinel-ent;3712/tcp;0.000076;# Sentinel Enterprise
1093 | e-woa;3728/tcp;0.000076;# Ericsson Web on Air
1094 | smap;3731/tcp;0.000152;# Service Manager
1095 | xpanel;3737/tcp;0.000304;# XPanel Daemon
1096 | cst-port;3742/tcp;0.000076;# CST - Configuration & Service Tracker
1097 | cimtrak;3749/tcp;0.000076;# CimTrak
1098 | rtraceroute;3765/tcp;0.000076;# Remote Traceroute
1099 | bfd-control;3784/tcp;0.000380;# BFD Control Protocol
1100 | fintrx;3787/tcp;0.000076;# Fintrx
1101 | isrp-port;3788/tcp;0.000076;# SPACEWAY Routing port
1102 | quickbooksrds;3790/tcp;0.000076;# QuickBooks RDS
1103 | sitewatch;3792/tcp;0.000152;# e-Watch Corporation SiteWatch
1104 | dcsoftware;3793/tcp;0.000076;# DataCore Software
1105 | myblast;3795/tcp;0.000076;# myBLAST Mekentosj port
1106 | spw-dialer;3796/tcp;0.000076;# Spaceway Dialer
1107 | minilock;3798/tcp;0.000076;# Minilock
1108 | radius-dynauth;3799/tcp;0.000076;# RADIUS Dynamic Authorization
1109 | pwgpsi;3800/tcp;0.000228;# Print Services Interface
1110 | ibm-mgr;3801/tcp;0.000380;# ibm manager service
1111 | soniqsync;3803/tcp;0.000076;# SoniqSync
1112 | wsmlb;3806/tcp;0.000076;# Remote System Manager
1113 | sun-as-iiops-ca;3808/tcp;0.000152;# Sun App Svr-IIOPClntAuth
1114 | apocd;3809/tcp;0.000228;# Java Desktop System Configuration Agent
1115 | wlanauth;3810/tcp;0.000076;# WLAN AS server
1116 | amp;3811/tcp;0.000076;# AMP
1117 | neto-wol-server;3812/tcp;0.000076;# netO WOL Server
1118 | rap-ip;3813/tcp;0.000076;# Rhapsody Interface Protocol
1119 | neto-dcs;3814/tcp;0.000228;# netO DCS
1120 | tapeware;3817/tcp;0.000076;# Yosemite Tech Tapeware
1121 | scp;3820/tcp;0.000152;# Siemens AuD SCP
1122 | acp-conduit;3823/tcp;0.000076;# Compute Pool Conduit
1123 | acp-policy;3824/tcp;0.000152;# Compute Pool Policy
1124 | ffserver;3825/tcp;0.000076;# Antera FlowFusion Process Simulation
1125 | wormux;3826/tcp;0.000228;# Wormux server
1126 | netmpi;3827/tcp;0.000380;# Netadmin Systems MPI service
1127 | neteh;3828/tcp;0.000304;# Netadmin Systems Event Handler
1128 | cernsysmgmtagt;3830/tcp;0.000076;# Cerner System Management Agent
1129 | dvapps;3831/tcp;0.000076;# Docsvault Application Service
1130 | mkm-discovery;3837/tcp;0.000076;# MARKEM Auto-Discovery
1131 | amx-rms;3839/tcp;0.000076;# AMX Resource Management Suite
1132 | nhci;3842/tcp;0.000076;# NHCI status port
1133 | an-pcp;3846/tcp;0.000152;# Astare Network PCP
1134 | msfw-control;3847/tcp;0.000076;# MS Firewall Control
1135 | item;3848/tcp;0.000152;# IT Environmental Monitor
1136 | spw-dnspreload;3849/tcp;0.000152;# SPACEWAY DNS Preload
1137 | qtms-bootstrap;3850/tcp;0.000076;# QTMS Bootstrap Protocol
1138 | spectraport;3851/tcp;0.000304;# SpectraTalk Port
1139 | sse-app-config;3852/tcp;0.000152;# SSE App Configuration
1140 | sscan;3853/tcp;0.000152;# SONY scanning protocol
1141 | informer;3856/tcp;0.000076;# INFORMER
1142 | nav-port;3859/tcp;0.000152;# Navini Port
1143 | sasp;3860/tcp;0.000076;# Server/Application State Protocol (SASP)
1144 | asap-tcp;3863/tcp;0.000152;# RSerPool ASAP (TCP)
1145 | diameter;3868/tcp;0.000076;# DIAMETER
1146 | ovsam-mgmt;3869/tcp;0.000228;# hp OVSAM MgmtServer Disco
1147 | ovsam-d-agent;3870/tcp;0.000152;# hp OVSAM HostAgent Disco
1148 | avocent-adsap;3871/tcp;0.000304;# Avocent DS Authorization
1149 | oem-agent;3872/tcp;0.000152;# OEM Agent
1150 | dl_agent;3876/tcp;0.000076;# DirectoryLockdown Agent
1151 | fotogcad;3878/tcp;0.000228;# FotoG CAD interface
1152 | appss-lm;3879/tcp;0.000076;# appss license manager
1153 | igrs;3880/tcp;0.000304;# IGRS
1154 | msdts1;3882/tcp;0.000076;# DTS Service Port
1155 | ciphire-serv;3888/tcp;0.000152;# Ciphire Services
1156 | dandv-tester;3889/tcp;0.000228;# D and V Tester Control Port
1157 | ndsconnect;3890/tcp;0.000076;# Niche Data Server Connect
1158 | sdo-ssh;3897/tcp;0.000076;# Simple Distributed Objects over SSH
1159 | itv-control;3899/tcp;0.000076;# ITV Port
1160 | udt_os;3900/tcp;0.000050;# Unidata UDT OS
1161 | nimsh;3901/tcp;0.000076;# NIM Service Handler
1162 | nimaux;3902/tcp;0.000076;# NIMsh Auxiliary Port
1163 | omnilink-port;3904/tcp;0.000076;# Arnet Omnilink Port
1164 | mupdate;3905/tcp;0.000228;# Mailbox Update (MUPDATE) protocol
1165 | topovista-data;3906/tcp;0.000076;# TopoVista elevation data
1166 | imoguia-port;3907/tcp;0.000152;# Imoguia Port
1167 | hppronetman;3908/tcp;0.000076;# HP Procurve NetManagement
1168 | surfcontrolcpa;3909/tcp;0.000076;# SurfControl CPA
1169 | prnstatus;3911/tcp;0.000076;# Printer Status Port
1170 | listcrt-port;3913/tcp;0.000076;# ListCREATOR Port
1171 | listcrt-port-2;3914/tcp;0.000228;# ListCREATOR Port 2
1172 | agcat;3915/tcp;0.000076;# Auto-Graphics Cataloging
1173 | wysdmc;3916/tcp;0.000152;# WysDM Controller
1174 | pktcablemmcops;3918/tcp;0.000304;# PacketCableMultimediaCOPS
1175 | hyperip;3919/tcp;0.000076;# HyperIP
1176 | exasoftport1;3920/tcp;0.000228;# Exasoft IP Port
1177 | sor-update;3922/tcp;0.000076;# Soronti Update Port
1178 | symb-sb-port;3923/tcp;0.000076;# Symbian Service Broker
1179 | netboot-pxe;3928/tcp;0.000076;# PXE NetBoot Manager
1180 | smauth-port;3929/tcp;0.000152;# AMS Port
1181 | syam-webserver;3930/tcp;0.000076;# Syam Web Server Port
1182 | msr-plugin-port;3931/tcp;0.000152;# MSR Plugin Port
1183 | sdp-portmapper;3935/tcp;0.000076;# SDP Port Mapper Protocol
1184 | mailprox;3936/tcp;0.000076;# Mailprox
1185 | dvbservdsc;3937/tcp;0.000076;# DVB Service Discovery
1186 | xecp-node;3940/tcp;0.000076;# XeCP Node Service
1187 | homeportal-web;3941/tcp;0.000152;# Home Portal Web Server
1188 | tig;3943/tcp;0.000076;# TetraNode Ip Gateway
1189 | sops;3944/tcp;0.000152;# S-Ops Management
1190 | emcads;3945/tcp;0.000228;# EMCADS Server Port
1191 | backupedge;3946/tcp;0.000076;# BackupEDGE Server
1192 | apdap;3948/tcp;0.000076;# Anton Paar Device Administration Protocol
1193 | drip;3949/tcp;0.000076;# Dynamic Routing Information Protocol
1194 | i3-sessionmgr;3952/tcp;0.000076;# I3 Session Manager
1195 | gvcp;3956/tcp;0.000076;# GigE Vision Control
1196 | mqe-broker;3957/tcp;0.000152;# MQEnterprise Broker
1197 | proaxess;3961/tcp;0.000076;# ProAxess Server
1198 | sbi-agent;3962/tcp;0.000076;# SBI Agent Protocol
1199 | thrp;3963/tcp;0.000152;# Teran Hybrid Routing Protocol
1200 | sasggprs;3964/tcp;0.000076;# SASG GPRS
1201 | ppsms;3967/tcp;0.000076;# PPS Message Service
1202 | ianywhere-dbns;3968/tcp;0.000152;# iAnywhere DBNS
1203 | landmarks;3969/tcp;0.000152;# Landmark Messages
1204 | lanrevserver;3971/tcp;0.000228;# LANrev Server
1205 | iconp;3972/tcp;0.000152;# ict-control Protocol
1206 | airshot;3975/tcp;0.000076;# Air Shot
1207 | smwan;3979/tcp;0.000076;# Smith Micro Wide Area Network Service
1208 | acms;3980/tcp;0.000076;# Aircraft Cabin Management System
1209 | starfish;3981/tcp;0.000152;# Starfish System Admin
1210 | eis;3982/tcp;0.000076;# ESRI Image Server
1211 | eisp;3983/tcp;0.000076;# ESRI Image Service
1212 | mapper-nodemgr;3984/tcp;0.000013;# MAPPER network node manager
1213 | mapper-mapethd;3985/tcp;0.000075;# MAPPER TCP/IP server
1214 | mapper-ws_ethd;3986/tcp;0.003977;# MAPPER workstation server
1215 | bv-queryengine;3989/tcp;0.000076;# BindView-Query Engine
1216 | bv-is;3990/tcp;0.000152;# BindView-IS
1217 | bv-smcsrv;3991/tcp;0.000076;# BindView-SMCServer
1218 | bv-ds;3992/tcp;0.000076;# BindView-DirectoryServer
1219 | bv-agent;3993/tcp;0.000152;# BindView-Agent
1220 | iss-mgmt-ssl;3995/tcp;0.000304;# ISS Management Svcs SSL
1221 | abcsoftware;3996/tcp;0.000076;# abcsoftware-01
1222 | agentsease-db;3997/tcp;0.000076;# aes_db
1223 | dnx;3998/tcp;0.000380;# Distributed Nagios Executor Service
1224 | remoteanything;3999/tcp;0.000088;# neoworx remote-anything slave file browser
1225 | remoteanything;4000/tcp;0.001794;# neoworx remote-anything slave remote control
1226 | newoak;4001/tcp;0.002129;# NewOak
1227 | mlchat-proxy;4002/tcp;0.000765;# mlnet - MLChat P2P chat proxy
1228 | netcheque;4008/tcp;0.000075;# NetCheque accounting
1229 | chimera-hwm;4009/tcp;0.000152;# Chimera HWM
1230 | samsung-unidex;4010/tcp;0.000076;# Samsung Unidex
1231 | talarian-mcast2;4016/tcp;0.000076;# Talarian Mcast
1232 | trap;4020/tcp;0.000076;# TRAP Port
1233 | dnox;4022/tcp;0.000076;# DNOX
1234 | tnp1-port;4024/tcp;0.000076;# TNP1 User Port
1235 | partimage;4025/tcp;0.000076;# Partition Image Port
1236 | ip-qsig;4029/tcp;0.000076;# IP Q signaling protocol
1237 | wap-push-http;4035/tcp;0.000076;# WAP Push OTA-HTTP port
1238 | wap-push-https;4036/tcp;0.000076;# WAP Push OTA-HTTP secure
1239 | fazzt-admin;4039/tcp;0.000076;# Fazzt Administration
1240 | yo-main;4040/tcp;0.000152;# Yo.net main service
1241 | lms;4056/tcp;0.000076;# Location Message Service
1242 | kingfisher;4058/tcp;0.000076;# Kingfisher protocol
1243 | avanti_cdp;4065/tcp;0.000076;# Avanti Common Data
1244 | lorica-in;4080/tcp;0.000152;# Lorica inside facing
1245 | applusservice;4087/tcp;0.000076;# APplus Service
1246 | omasgport;4090/tcp;0.000076;# OMA BCAST Service Guide
1247 | bre;4096/tcp;0.000152;# BRE (Bridge Relay Element)
1248 | igo-incognito;4100/tcp;0.000076;# IGo Incognito Data Port
1249 | brlp-0;4101/tcp;0.000076;# Braille protocol
1250 | xgrid;4111/tcp;0.000304;# Xgrid
1251 | apple-vpns-rp;4112/tcp;0.000076;# Apple VPN Server Reporting Protocol
1252 | aipn-reg;4113/tcp;0.000076;# AIPN LS Registration
1253 | netscript;4118/tcp;0.000076;# Netadmin Systems NETscript service
1254 | assuria-slm;4119/tcp;0.000076;# Assuria Log Manager
1255 | e-builder;4121/tcp;0.000076;# e-Builder Application Communication
1256 | rww;4125/tcp;0.000188;# Microsoft Remote Web Workplace on Small Business Server
1257 | ddrepl;4126/tcp;0.000380;# Data Domain Replication Service
1258 | nuauth;4129/tcp;0.000380;# NuFW authentication protocol
1259 | nuts_dem;4132/tcp;0.000025;# NUTS Daemon
1260 | nuts_bootp;4133/tcp;0.000013;# NUTS Bootp Server
1261 | cl-db-attach;4135/tcp;0.000076;# Classic Line Database Server Attach
1262 | oirtgsvc;4141/tcp;0.000076;# Workflow Server
1263 | oidsr;4143/tcp;0.000152;# Document Replication
1264 | wincim;4144/tcp;0.000025;# pc windows compuserve.com protocol
1265 | vrxpservman;4147/tcp;0.000152;# Multum Service Manager
1266 | stat-cc;4158/tcp;0.000076;# STAT Command Center
1267 | omscontact;4161/tcp;0.000076;# OMS Contact
1268 | silverpeakcomm;4164/tcp;0.000152;# Silver Peak Communication Protocol
1269 | sieve;4190/tcp;0.000076;# ManageSieve Protocol
1270 | azeti;4192/tcp;0.000076;# Azeti Agent Service
1271 | eims-admin;4199/tcp;0.000063;# Eudora Internet Mail Service (EIMS) admin
1272 | vrml-multi-use;4200/tcp;0.000152;# VRML Multi User Systems
1273 | vrml-multi-use;4206/tcp;0.000076;# VRML Multi User Systems
1274 | vrml-multi-use;4220/tcp;0.000076;# VRML Multi User Systems
1275 | xtell;4224/tcp;0.000226;# Xtell messenging server
1276 | vrml-multi-use;4234/tcp;0.000076;# VRML Multi User Systems
1277 | vrml-multi-use;4242/tcp;0.000456;# VRML Multi User Systems
1278 | vrml-multi-use;4252/tcp;0.000152;# VRML Multi User Systems
1279 | vrml-multi-use;4262/tcp;0.000076;# VRML Multi User Systems
1280 | vrml-multi-use;4279/tcp;0.000228;# VRML Multi User Systems
1281 | vrml-multi-use;4294/tcp;0.000076;# VRML Multi User Systems
1282 | vrml-multi-use;4297/tcp;0.000076;# VRML Multi User Systems
1283 | vrml-multi-use;4298/tcp;0.000076;# VRML Multi User Systems
1284 | corelccam;4300/tcp;0.000076;# Corel CCam
1285 | d-data-control;4302/tcp;0.000076;# Diagnostic Data Control
1286 | rwhois;4321/tcp;0.000276;# Remote Who Is
1287 | geognosisman;4325/tcp;0.000076;# Cadcorp GeognoSIS Manager Service
1288 | jaxer-manager;4328/tcp;0.000076;# Jaxer Manager Command Protocol
1289 | msql;4333/tcp;0.000113;# mini-sql server
1290 | lisp-cons;4342/tcp;0.000076;# LISP-CONS Control
1291 | qsnet-workst;4355/tcp;0.000076;# QSNet Workstation
1292 | qsnet-assist;4356/tcp;0.000076;# QSNet Assistant
1293 | qsnet-cond;4357/tcp;0.000076;# QSNet Conductor
1294 | qsnet-nucl;4358/tcp;0.000076;# QSNet Nucleus
1295 | epmd;4369/tcp;0.000076;# Erlang Port Mapper Daemon
1296 | psi-ptt;4374/tcp;0.000076;# PSI Push-to-Talk Protocol
1297 | tolteces;4375/tcp;0.000076;# Toltec EasyShare
1298 | bip;4376/tcp;0.000076;# BioAPI Interworking
1299 | ds-srvr;4401/tcp;0.000076;# ASIGRA Televaulting DS-System Service
1300 | nacagent;4407/tcp;0.000076;# Network Access Control Agent
1301 | rsqlserver;4430/tcp;0.000152;# REAL SQL Server
1302 | saris;4442/tcp;0.000076;# Saris
1303 | krb524;4444/tcp;0.001041;# Kerberos 5 to 4 ticket xlator
1304 | upnotifyp;4445/tcp;0.000228;# UPNOTIFYP
1305 | n1-fwp;4446/tcp;0.000304;# N1-FWP
1306 | n1-rmgmt;4447/tcp;0.000076;# N1-RMGMT
1307 | privatewire;4449/tcp;0.000380;# PrivateWire
1308 | nssagentmgr;4454/tcp;0.000076;# NSS Agent Manager
1309 | proxy-plus;4480/tcp;0.000038;# Proxy+ HTTP proxy port
1310 | worldscores;4545/tcp;0.000076;# WorldScores
1311 | gds-adppiw-db;4550/tcp;0.000228;# Perman I Interbase Server
1312 | rsip;4555/tcp;0.000152;# RSIP Port
1313 | fax;4557/tcp;0.000050;# FlexFax FAX transmission service
1314 | hylafax;4559/tcp;0.000151;# HylaFAX client-server protocol
1315 | tram;4567/tcp;0.000228;# TRAM
1316 | a17-an-an;4599/tcp;0.000076;# A17 (AN-AN)
1317 | piranha1;4600/tcp;0.000152;# Piranha1
1318 | piranha2;4601/tcp;0.000076;# Piranha2
1319 | mtsserver;4602/tcp;0.000076;# EAX MTS Server
1320 | playsta2-app;4658/tcp;0.000152;# PlayStation2 App Port
1321 | mosmig;4660/tcp;0.000050;# OpenMOSix MIGrates local processes
1322 | edonkey;4662/tcp;0.000828;# eDonkey file sharing (Donkey)
1323 | contclientms;4665/tcp;0.000076;# Container Client Message Service
1324 | rfa;4672/tcp;0.000013;# remote file access server
1325 | nst;4687/tcp;0.000076;# Network Scanner Tool FTP
1326 | altovacentral;4689/tcp;0.000076;# Altova DatabaseCentral
1327 | netxms-agent;4700/tcp;0.000076;# NetXMS Agent
1328 | pulseaudio;4713/tcp;0.000076;# Pulse Audio UNIX sound framework
1329 | fmp;4745/tcp;0.000076;# Funambol Mobile Push
1330 | iims;4800/tcp;0.000076;# Icona Instant Messenging System
1331 | appserv-http;4848/tcp;0.000228;# App Server - Admin HTTP
1332 | radmin;4899/tcp;0.003337;# Radmin (www.radmin.com) remote PC control software
1333 | hfcs;4900/tcp;0.000228;# HyperFileSQL Client/Server Database Engine
1334 | lutap;4912/tcp;0.000076;# Technicolor LUT Access Protocol
1335 | munin;4949/tcp;0.000152;# Munin Graphing Framework
1336 | hfcs-manager;4999/tcp;0.000076;# HyperFileSQL Client/Server Database Engine Manager
1337 | upnp;5000/tcp;0.006423;# Universal PnP, also Free Internet Chess Server
1338 | rfe;5002/tcp;0.000765;# Radio Free Ethernet
1339 | filemaker;5003/tcp;0.001756;# Filemaker Server - http://www.filemaker.com/ti/104289.html
1340 | avt-profile-1;5004/tcp;0.000532;# RTP media data [RFC 3551][RFC 4571]
1341 | avt-profile-2;5005/tcp;0.000076;# RTP control protocol [RFC 3551][RFC 4571]
1342 | airport-admin;5009/tcp;0.004416;# Apple AirPort WAP Administration
1343 | nsp;5012/tcp;0.000076;# NetOnTap Service
1344 | fmpro-v6;5013/tcp;0.000076;# FileMaker, Inc. - Proprietary transport
1345 | fmwp;5015/tcp;0.000076;# FileMaker, Inc. - Web publishing
1346 | htuilsrv;5023/tcp;0.000076;# Htuil Server for PLD2
1347 | surfpass;5030/tcp;0.000380;# SurfPass
1348 | mmcc;5050/tcp;0.002584;# multimedia conference control tool
1349 | ida-agent;5051/tcp;0.003649;# Symantec Intruder Alert
1350 | ita-manager;5052/tcp;0.000076;# ITA Manager
1351 | rlm;5053/tcp;0.000076;# RLM License Server
1352 | rlm-admin;5054/tcp;0.000304;# RLM administrative interface
1353 | unot;5055/tcp;0.000076;# UNOT
1354 | sip;5060/tcp;0.010613;# Session Initiation Protocol (SIP)
1355 | sip-tls;5061/tcp;0.000228;# SIP-TLS
1356 | csrpc;5063/tcp;0.000152;# centrify secure RPC
1357 | stanag-5066;5066/tcp;0.000076;# STANAG-5066-SUBNET-INTF
1358 | vtsas;5070/tcp;0.000076;# VersaTrans Server Agent Service
1359 | alesquery;5074/tcp;0.000152;# ALES Query
1360 | onscreen;5080/tcp;0.000228;# OnScreen Data Collection Service
1361 | sdl-ets;5081/tcp;0.000152;# SDL - Ent Trans Server
1362 | admd;5100/tcp;0.000778;# (chili!soft asp admin port) or Yahoo pager
1363 | admdog;5101/tcp;0.005156;# (chili!soft asp)
1364 | admeng;5102/tcp;0.000602;# (chili!soft asp)
1365 | taep-as-svc;5111/tcp;0.000076;# TAEP AS service
1366 | ev-services;5114/tcp;0.000076;# Enterprise Vault Services
1367 | nbt-pc;5133/tcp;0.000076;# Policy Commander
1368 | ctsd;5137/tcp;0.000076;# MyCTS server port
1369 | esri_sde;5151/tcp;0.000152;# ESRI SDE Instance
1370 | sde-discovery;5152/tcp;0.000076;# ESRI SDE Instance Discovery
1371 | aol;5190/tcp;0.004190;# America-Online.  Also can be used by ICQ
1372 | aol-1;5191/tcp;0.000050;# AmericaOnline1
1373 | aol-3;5193/tcp;0.000013;# AmericaOnline3
1374 | targus-getdata;5200/tcp;0.000304;# TARGUS GetData
1375 | targus-getdata1;5201/tcp;0.000076;# TARGUS GetData 1
1376 | targus-getdata2;5202/tcp;0.000076;# TARGUS GetData 2
1377 | 3exmp;5221/tcp;0.000228;# 3eTI Extensible Management Protocol for OAMP
1378 | xmpp-client;5222/tcp;0.000380;# XMPP Client Connection
1379 | hpvirtgrp;5223/tcp;0.000152;# HP Virtual Machine Group Management
1380 | hp-server;5225/tcp;0.000760;# HP Server
1381 | hp-status;5226/tcp;0.000760;# HP Status
1382 | sgi-dgl;5232/tcp;0.000050;# SGI Distributed Graphics
1383 | eenet;5234/tcp;0.000076;# EEnet communications
1384 | galaxy-network;5235/tcp;0.000076;# Galaxy Network Service
1385 | soagateway;5250/tcp;0.000076;# soaGateway
1386 | movaz-ssc;5252/tcp;0.000076;# Movaz SSC
1387 | xmpp-server;5269/tcp;0.000380;# XMPP Server Connection
1388 | xmpp-bosh;5280/tcp;0.000304;# Bidirectional-streams Over Synchronous HTTP (BOSH)
1389 | presence;5298/tcp;0.000304;# XMPP Link-Local Messaging
1390 | hacl-hb;5300/tcp;0.000050;# HA cluster heartbeat
1391 | hacl-gs;5301/tcp;0.000025;# HA cluster general services
1392 | hacl-cfg;5302/tcp;0.000025;# HA cluster configuration
1393 | hacl-probe;5303/tcp;0.000013;# HA cluster probing
1394 | mdns;5353/tcp;0.000152;# Multicast DNS
1395 | wsdapi;5357/tcp;0.005474;# Web Services for Devices
1396 | pcduo-old;5400/tcp;0.000050;# RemCon PC-Duo - old port
1397 | pcduo;5405/tcp;0.000314;# RemCon PC-Duo - new port
1398 | statusd;5414/tcp;0.000380;# StatusD
1399 | virtualuser;5423/tcp;0.000076;# VIRTUALUSER
1400 | postgresql;5432/tcp;0.004090;# PostgreSQL database server
1401 | pyrrho;5433/tcp;0.000076;# Pyrrho DBMS
1402 | connect-proxy;5490/tcp;0.000013;# Many HTTP CONNECT proxies
1403 | hotline;5500/tcp;0.000690;# Hotline file sharing client/server
1404 | secureidprop;5510/tcp;0.000339;# ACE/Server services
1405 | sdlog;5520/tcp;0.000125;# ACE/Server services
1406 | sdserv;5530/tcp;0.000038;# ACE/Server services
1407 | sdadmind;5550/tcp;0.000853;# ACE/Server services
1408 | sgi-eventmond;5553/tcp;0.000076;# SGI Eventmond Port
1409 | sgi-esphttp;5554/tcp;0.000076;# SGI ESP HTTP
1410 | farenet;5557/tcp;0.000076;# Sandlab FARENET
1411 | isqlplus;5560/tcp;0.000238;# Oracle web enabled SQL interface (version 10g+)
1412 | westec-connect;5566/tcp;0.000608;# Westec Connect
1413 | tmosms0;5580/tcp;0.000076;# T-Mobile SMS Protocol Message 0
1414 | tmosms1;5581/tcp;0.000076;# T-Mobile SMS Protocol Message 1
1415 | beorl;5633/tcp;0.000380;# BE Operations Request Listener
1416 | nrpe;5666/tcp;0.006614;# Nagios NRPE
1417 | amqp;5672/tcp;0.000076;# AMQP
1418 | rrac;5678/tcp;0.000228;# Remote Replication Agent Connection
1419 | activesync;5679/tcp;0.000590;# Microsoft ActiveSync PDY synchronization
1420 | canna;5680/tcp;0.000151;# Canna (Japanese Input)
1421 | proshareaudio;5713/tcp;0.000013;# proshare conf audio
1422 | prosharevideo;5714/tcp;0.000013;# proshare conf video
1423 | prosharenotify;5717/tcp;0.000013;# proshare conf notify
1424 | dpm;5718/tcp;0.000380;# DPM Communication Server
1425 | dtpt;5721/tcp;0.000076;# Desktop Passthru Service
1426 | msdfsr;5722/tcp;0.000076;# Microsoft DFS Replication Service
1427 | omhs;5723/tcp;0.000076;# Operations Manager - Health Service
1428 | unieng;5730/tcp;0.000228;# Steltor's calendar access
1429 | vnc-http;5800/tcp;0.005947;# Virtual Network Computer HTTP Access, display 0
1430 | vnc-http-1;5801/tcp;0.000841;# Virtual Network Computer HTTP Access, display 1
1431 | vnc-http-2;5802/tcp;0.000276;# Virtual Network Computer HTTP Access, display 2
1432 | vnc-http-3;5803/tcp;0.000125;# Virtual Network Computer HTTP Access, display 3
1433 | spt-automation;5814/tcp;0.000076;# Support Automation
1434 | wherehoo;5859/tcp;0.000304;# WHEREHOO
1435 | vnc;5900/tcp;0.023560;# Virtual Network Computer display 0
1436 | vnc-1;5901/tcp;0.002145;# Virtual Network Computer display 1
1437 | vnc-2;5902/tcp;0.000715;# Virtual Network Computer display 2
1438 | vnc-3;5903/tcp;0.000326;# Virtual Network Computer display 3
1439 | cm;5910/tcp;0.000380;# Context Management
1440 | cpdlc;5911/tcp;0.000380;# Controller Pilot Data Link Communication
1441 | fis;5912/tcp;0.000076;# Flight Information Services
1442 | indy;5963/tcp;0.000304;# Indy Application Server
1443 | ncd-pref-tcp;5977/tcp;0.000075;# NCD preferences tcp port
1444 | ncd-diag-tcp;5978/tcp;0.000050;# NCD diagnostic tcp port
1445 | wsman;5985/tcp;0.000076;# WBEM WS-Management HTTP
1446 | wsmans;5986/tcp;0.000076;# WBEM WS-Management HTTP over TLS/SSL
1447 | wbem-rmi;5987/tcp;0.000380;# WBEM RMI
1448 | wbem-http;5988/tcp;0.000380;# WBEM CIM-XML (HTTP)
1449 | wbem-https;5989/tcp;0.000380;# WBEM CIM-XML (HTTPS)
1450 | ncd-pref;5997/tcp;0.000025;# NCD preferences telnet port
1451 | ncd-diag;5998/tcp;0.000163;# NCD diagnostic telnet port
1452 | ncd-conf;5999/tcp;0.000213;# NCD configuration telnet port
1453 | X11;6000/tcp;0.005683;# X Window server
1454 | X11:1;6001/tcp;0.011730;# X Window server
1455 | X11:2;6002/tcp;0.001518;# X Window server
1456 | X11:3;6003/tcp;0.000351;# X Window server
1457 | X11:4;6004/tcp;0.002597;# X Window server
1458 | X11:5;6005/tcp;0.000602;# X Window server
1459 | X11:6;6006/tcp;0.000188;# X Window server
1460 | X11:7;6007/tcp;0.000238;# X Window server
1461 | X11:8;6008/tcp;0.000125;# X Window server
1462 | X11:9;6009/tcp;0.000201;# X Window server
1463 | x11;6010/tcp;0.000076;# X Window System
1464 | x11;6015/tcp;0.000076;# X Window System
1465 | xmail-ctrl;6017/tcp;0.000088;# XMail CTRL server
1466 | x11;6021/tcp;0.000076;# X Window System
1467 | x11;6025/tcp;0.000228;# X Window System
1468 | x11;6030/tcp;0.000076;# X Window System
1469 | arcserve;6050/tcp;0.000100;# ARCserve agent
1470 | x11;6051/tcp;0.000152;# X Window System
1471 | x11;6052/tcp;0.000076;# X Window System
1472 | x11;6055/tcp;0.000076;# X Window System
1473 | X11:59;6059/tcp;0.000760;# X Window server
1474 | x11;6060/tcp;0.000152;# X Window System
1475 | x11;6062/tcp;0.000076;# X Window System
1476 | x11;6063/tcp;0.000076;# X Window System
1477 | winpharaoh;6065/tcp;0.000076;# WinPharaoh
1478 | gsmp;6068/tcp;0.000152;# GSMP
1479 | konspire2b;6085/tcp;0.000076;# konspire2b p2p network
1480 | synchronet-db;6100/tcp;0.000228;# SynchroNet-db
1481 | backupexec;6101/tcp;0.000452;# Backup Exec UNIX and 95/98/ME Aent
1482 | RETS-or-BackupExec;6103/tcp;0.000125;# Backup Exec Agent Accelerator and Remote Agent also sql server and cisco works blue
1483 | isdninfo;6106/tcp;0.000314;# i4lmond
1484 | softcm;6110/tcp;0.000063;# HP SoftBench CM
1485 | spc;6111/tcp;0.000025;# HP SoftBench Sub-Process Control
1486 | dtspc;6112/tcp;0.001656;# CDE subprocess control
1487 | dayliteserver;6113/tcp;0.000076;# Daylite Server
1488 | xic;6115/tcp;0.000076;# Xic IPC Service
1489 | backup-express;6123/tcp;0.000380;# Backup Express
1490 | meta-corp;6141/tcp;0.000013;# Meta Corporation License Manager
1491 | aspentec-lm;6142/tcp;0.000025;# Aspen Technology License Manager
1492 | watershed-lm;6143/tcp;0.000038;# Watershed License Manager
1493 | statsci2-lm;6145/tcp;0.000025;# StatSci License Manager - 2
1494 | lonewolf-lm;6146/tcp;0.000025;# Lone Wolf Systems License Manager
1495 | montage-lm;6147/tcp;0.000025;# Montage License Manager
1496 | patrol-ism;6161/tcp;0.000076;# PATROL Internet Srv Mgr
1497 | radmind;6222/tcp;0.000151;# Radmind protocol
1498 | tl1-raw-ssl;6251/tcp;0.000076;# TL1 Raw Over SSL/TLS
1499 | gnutella;6346/tcp;0.000226;# Gnutella file sharing protocol
1500 | gnutella2;6347/tcp;0.000050;# Gnutella2 file sharing protocol
1501 | adap;6350/tcp;0.000076;# App Discovery and Access Protocol
1502 | crystalreports;6400/tcp;0.000025;# Seagate Crystal Reports
1503 | crystalenterprise;6401/tcp;0.000050;# Seagate Crystal Enterprise
1504 | servicetags;6481/tcp;0.000152;# Service Tags
1505 | boks;6500/tcp;0.000152;# BoKS Master
1506 | netop-rc;6502/tcp;0.000314;# NetOp Remote Control (by Danware Data A/S)
1507 | boks_clntd;6503/tcp;0.000076;# BoKS Clntd
1508 | mcer-port;6510/tcp;0.000228;# MCER Port
1509 | sane-port;6566/tcp;0.000228;# SANE Control Port
1510 | esp;6567/tcp;0.000228;# eSilo Storage Protocol
1511 | affiliate;6579/tcp;0.000076;# Affiliate
1512 | parsec-master;6580/tcp;0.000380;# Parsec Masterserver
1513 | analogx;6588/tcp;0.000038;# AnalogX HTTP proxy port
1514 | mshvlm;6600/tcp;0.000152;# Microsoft Hyper-V Live Migration
1515 | afesc-mc;6628/tcp;0.000076;# AFE Stock Channel M/C
1516 | radmind;6662/tcp;0.000100;# Radmind protocol (deprecated)
1517 | irc;6665/tcp;0.000050;# Internet Relay Chat
1518 | irc;6666/tcp;0.001179;# internet relay chat server
1519 | irc;6667/tcp;0.000652;# Internet Relay Chat
1520 | irc;6668/tcp;0.000176;# Internet Relay Chat
1521 | irc;6669/tcp;0.000176;# Internet Relay Chat
1522 | irc;6670/tcp;0.000088;# Internet Relay Chat
1523 | tsa;6689/tcp;0.000228;# Tofino Security Appliance
1524 | napster;6699/tcp;0.000251;# Napster File (MP3) sharing  software
1525 | carracho;6700/tcp;0.000025;# Carracho file sharing
1526 | carracho;6701/tcp;0.000038;# Carracho file sharing
1527 | smc-http;6788/tcp;0.000380;# SMC-HTTP
1528 | ibm-db2-admin;6789/tcp;0.000760;# IBM DB2
1529 | bittorrent-tracker;6881/tcp;0.000640;# BitTorrent tracker
1530 | muse;6888/tcp;0.000076;# MUSE
1531 | jetstream;6901/tcp;0.000380;# Novell Jetstream messaging protocol
1532 | afs3-fileserver;7000/tcp;0.001995;# file server itself, msdos
1533 | weblogic;7001/tcp;0.000891;# callbacks to cache managers
1534 | afs3-prserver;7002/tcp;0.000351;# users & groups database
1535 | afs3-vlserver;7003/tcp;0.000125;# volume location database
1536 | afs3-kaserver;7004/tcp;0.000201;# AFS/Kerberos authentication service
1537 | afs3-volser;7005/tcp;0.000075;# volume managment server
1538 | afs3-errors;7006/tcp;0.000025;# error interpretation service
1539 | afs3-bos;7007/tcp;0.000314;# basic overseer process
1540 | afs3-update;7008/tcp;0.000025;# server-to-server updater
1541 | afs3-rmtsys;7009/tcp;0.000038;# remote cache manager service
1542 | ups-onlinet;7010/tcp;0.000113;# onlinet uninterruptable power supplies
1543 | vmsvc;7024/tcp;0.000152;# Vormetric service
1544 | vmsvc-2;7025/tcp;0.000228;# Vormetric Service II
1545 | iwg1;7071/tcp;0.000076;# IWGADTS Aircraft Housekeeping Message
1546 | empowerid;7080/tcp;0.000152;# EmpowerID Communication
1547 | font-service;7100/tcp;0.000928;# X Font Service
1548 | elcn;7101/tcp;0.000076;# Embedded Light Control Network
1549 | virprot-lm;7121/tcp;0.000076;# Virtual Prototypes License Manager
1550 | fodms;7200/tcp;0.000439;# FODMS FLIP
1551 | watchme-7272;7272/tcp;0.000152;# WatchMe Monitoring 7272
1552 | openmanage;7273/tcp;0.000050;# Dell OpenManage
1553 | oma-dcdocbs;7278/tcp;0.000152;# OMA Dynamic Content Delivery over CBS
1554 | itactionserver2;7281/tcp;0.000152;# ITACTIONSERVER 2
1555 | swx;7300/tcp;0.000076;# The Swiss Exchange
1556 | swx;7320/tcp;0.000076;# The Swiss Exchange
1557 | swx;7325/tcp;0.000076;# The Swiss Exchange
1558 | icb;7326/tcp;0.000013;# Internet Citizen's Band
1559 | swx;7345/tcp;0.000076;# The Swiss Exchange
1560 | rtps-discovery;7400/tcp;0.000076;# RTPS Discovery
1561 | rtps-dd-mt;7402/tcp;0.000304;# RTPS Data-Distribution Meta-Traffic
1562 | oracleas-https;7443/tcp;0.000304;# Oracle Application Server HTTPS
1563 | pythonds;7464/tcp;0.000013;# Python Documentation Server
1564 | silhouette;7500/tcp;0.000076;# Silhouette User
1565 | ovbus;7501/tcp;0.000076;# HP OpenView Bus Daemon
1566 | qaz;7597/tcp;0.000050;# Quaz trojan worm
1567 | soap-http;7627/tcp;0.000380;# SOAP Service Port
1568 | zen-pawn;7628/tcp;0.000076;# Primary Agent Work Notification
1569 | hddtemp;7634/tcp;0.000025;# A cross-platform hard disk temperature monitoring daemon
1570 | imqbrokerd;7676/tcp;0.000228;# iMQ Broker Rendezvous
1571 | nitrogen;7725/tcp;0.000152;# Nitrogen Service
1572 | scriptview;7741/tcp;0.000380;# ScriptView Network
1573 | raqmon-pdu;7744/tcp;0.000152;# RAQMON PDU
1574 | interwise;7778/tcp;0.000380;# Interwise
1575 | office-tools;7789/tcp;0.000076;# Office Tools Pro Receive
1576 | asr;7800/tcp;0.000228;# Apple Software Restore
1577 | mevent;7900/tcp;0.000152;# Multicast Event
1578 | qo-secure;7913/tcp;0.000152;# QuickObjects secure port
1579 | nsrexecd;7937/tcp;0.001455;# Legato NetWorker
1580 | lgtomapper;7938/tcp;0.001229;# Legato portmapper
1581 | irdmi2;7999/tcp;0.000228;# iRDMI2
1582 | http-alt;8000/tcp;0.009710;# A common alternative http port
1583 | vcom-tunnel;8001/tcp;0.000532;# VCOM Tunnel
1584 | teradataordbms;8002/tcp;0.001216;# Teradata ORDBMS
1585 | mcreport;8003/tcp;0.000076;# Mulberry Connect Reporting Service
1586 | mxi;8005/tcp;0.000076;# MXI Generation II for z/OS
1587 | ajp12;8007/tcp;0.000477;# Apache JServ Protocol 1.x
1588 | http;8008/tcp;0.006843;# IBM HTTP server
1589 | ajp13;8009/tcp;0.004642;# Apache JServ Protocol 1.3
1590 | xmpp;8010/tcp;0.002129;# XMPP File Transfer
1591 | qbdb;8019/tcp;0.000152;# QB DB Dynamic Port
1592 | ftp-proxy;8021/tcp;0.000627;# Common FTP proxy port
1593 | ca-audit-da;8025/tcp;0.000076;# CA Audit Distribution Agent
1594 | fs-agent;8042/tcp;0.000228;# FireScope Agent
1595 | senomix01;8052/tcp;0.000076;# Senomix Timesheets Server
1596 | slnp;8076/tcp;0.000050;# SLNP (Simple Library Network Protocol) by Sisis Informationssysteme GmbH
1597 | http-proxy;8080/tcp;0.042052;# Common HTTP proxy/second web server port
1598 | blackice-icecap;8081/tcp;0.006147;# ICECap user console
1599 | blackice-alerts;8082/tcp;0.000878;# BlackIce Alerts sent to this port
1600 | us-srv;8083/tcp;0.000532;# Utilistor (Server)
1601 | d-s-n;8086/tcp;0.000380;# Distributed SCADA Networking Rendezvous Port
1602 | simplifymedia;8087/tcp;0.000380;# Simplify Media SPP Protocol
1603 | radan-http;8088/tcp;0.000608;# Radan HTTP
1604 | sac;8097/tcp;0.000152;# SAC Port Id
1605 | xprint-server;8100/tcp;0.000304;# Xprint Server
1606 | cp-cluster;8116/tcp;0.000076;# Check Point Clustering
1607 | privoxy;8118/tcp;0.000138;# Privoxy, www.privoxy.org
1608 | polipo;8123/tcp;0.000038;# Polipo open source web proxy cache
1609 | sophos;8192/tcp;0.000760;# Sophos Remote Management System
1610 | sophos;8193/tcp;0.000760;# Sophos Remote Management System
1611 | sophos;8194/tcp;0.000760;# Sophos Remote Management System
1612 | trivnet1;8200/tcp;0.000228;# TRIVNET
1613 | trivnet2;8201/tcp;0.000076;# TRIVNET
1614 | blp3;8292/tcp;0.000228;# Bloomberg professional
1615 | hiperscan-id;8293/tcp;0.000152;# Hiperscan Identification Service
1616 | blp4;8294/tcp;0.000152;# Bloomberg intelligent client
1617 | tmi;8300/tcp;0.000228;# Transport Management Interface
1618 | m2mservices;8383/tcp;0.000228;# M2m Services
1619 | https-alt;8443/tcp;0.009986;# Common alternative https port
1620 | cisco-avp;8470/tcp;0.000076;# Cisco Address Validation Protocol
1621 | pim-port;8471/tcp;0.000076;# PIM over Reliable Transport
1622 | otv;8472/tcp;0.000076;# Overlay Transport Virtualization (OTV)
1623 | noteshare;8474/tcp;0.000076;# AquaMinds NoteShare
1624 | fmtp;8500/tcp;0.000304;# Flight Message Transfer Protocol
1625 | asterix;8600/tcp;0.000380;# Surveillance Data
1626 | sun-as-jmxrmi;8686/tcp;0.000152;# Sun App Server - JMX/RMI
1627 | ultraseek-http;8765/tcp;0.000152;# Ultraseek HTTP
1628 | apple-iphoto;8770/tcp;0.000025;# Apple iPhoto sharing
1629 | sunwebadmin;8800/tcp;0.000228;# Sun Web Server Admin Service
1630 | dxspider;8873/tcp;0.000380;# dxspider linking protocol
1631 | cddbp-alt;8880/tcp;0.000076;# CDDBP
1632 | sun-answerbook;8888/tcp;0.016522;# Sun Answerbook HTTP server.  Or gnump3d streaming music server
1633 | ddi-tcp-2;8889/tcp;0.000152;# Desktop Data TCP 1
1634 | seosload;8892/tcp;0.000038;# From the new Computer Associates eTrust ACX
1635 | jmb-cds1;8900/tcp;0.000076;# JMB-CDS 1
1636 | cumulus-admin;8954/tcp;0.000076;# Cumulus Admin Port
1637 | bctp;8999/tcp;0.000076;# Brodos Crypto Trade Protocol
1638 | cslistener;9000/tcp;0.002129;# CSlistener
1639 | tor-orport;9001/tcp;0.001216;# Tor ORPort
1640 | dynamid;9002/tcp;0.000380;# DynamID authentication
1641 | pichat;9009/tcp;0.000456;# Pichat Server
1642 | sdr;9010/tcp;0.000380;# Secure Data Replicator Protocol
1643 | tambora;9020/tcp;0.000076;# TAMBORA
1644 | panagolin-ident;9021/tcp;0.000076;# Pangolin Identification
1645 | paragent;9022/tcp;0.000076;# PrivateArk Remote Agent
1646 | tor-trans;9040/tcp;0.000301;# Tor TransPort, www.torproject.org
1647 | tor-socks;9050/tcp;0.000703;# Tor SocksPort, www.torproject.org
1648 | tor-control;9051/tcp;0.000025;# Tor ControlPort, www.torproject.org
1649 | glrpc;9080/tcp;0.000380;# Groove GLRPC
1650 | aurora;9084/tcp;0.000076;# IBM AURORA Performance Visualizer
1651 | zeus-admin;9090/tcp;0.002747;# Zeus admin server
1652 | jetdirect;9100/tcp;0.003287;# HP JetDirect card
1653 | jetdirect;9101/tcp;0.000602;# HP JetDirect card
1654 | jetdirect;9102/tcp;0.002133;# HP JetDirect card. Also used (and officially registered for) Bacula File Daemon (an open source backup system)
1655 | jetdirect;9103/tcp;0.000188;# HP JetDirect card
1656 | jetdirect;9104/tcp;0.000050;# HP JetDirect card
1657 | jetdirect;9105/tcp;0.000038;# HP JetDirect card
1658 | jetdirect;9106/tcp;0.000038;# HP JetDirect card
1659 | jetdirect;9107/tcp;0.000038;# HP JetDirect card
1660 | DragonIDSConsole;9111/tcp;0.000251;# Dragon IDS Console
1661 | dddp;9131/tcp;0.000076;# Dynamic Device Discovery
1662 | sun-as-jpda;9191/tcp;0.000152;# Sun AppSvr JPDA
1663 | wap-wsp;9200/tcp;0.000228;# WAP connectionless session services
1664 | wap-wsp-s;9202/tcp;0.000076;# WAP secure connectionless session service
1665 | wap-vcal-s;9207/tcp;0.000532;# WAP vCal Secure
1666 | oma-mlp;9210/tcp;0.000076;# OMA Mobile Location Protocol
1667 | oma-mlp-s;9211/tcp;0.000076;# OMA Mobile Location Protocol Secure
1668 | cumulus;9287/tcp;0.000076;# Cumulus
1669 | vrace;9300/tcp;0.000076;# Virtual Racing Service
1670 | mpidcmgr;9343/tcp;0.000076;# MpIdcMgr
1671 | sec-t4net-srv;9400/tcp;0.000076;# Samsung Twain for Network Server
1672 | git;9418/tcp;0.000228;# Git revision control system
1673 | tungsten-https;9443/tcp;0.000152;# WSO2 Tungsten HTTPS
1674 | wso2esb-console;9444/tcp;0.000152;# WSO2 ESB Administration Console HTTPS
1675 | ldgateway;9592/tcp;0.000076;# LANDesk Gateway
1676 | cba8;9593/tcp;0.000760;# LANDesk Management Agent (cba8)
1677 | msgsys;9594/tcp;0.000760;# Message System
1678 | pds;9595/tcp;0.000760;# Ping Discovery System
1679 | micromuse-ncpw;9600/tcp;0.000152;# MICROMUSE-NCPW
1680 | erunbook_agent;9616/tcp;0.000076;# eRunbook Agent
1681 | condor;9618/tcp;0.000380;# Condor Collector Service
1682 | odbcpathway;9628/tcp;0.000076;# ODBC Pathway Service
1683 | xmms2;9667/tcp;0.000076;# Cross-platform Music Multiplexing System
1684 | client-wakeup;9694/tcp;0.000076;# T-Mobile Client Wakeup Message
1685 | board-roar;9700/tcp;0.000076;# Board M.I.T. Service
1686 | sapv1;9875/tcp;0.000076;# Session Announcement v1
1687 | sd;9876/tcp;0.000602;# Session Director
1688 | monkeycom;9898/tcp;0.000228;# MonkeyCom
1689 | iua;9900/tcp;0.000380;# IUA
1690 | sype-transport;9911/tcp;0.000076;# SYPECom Transport Protocol
1691 | nping-echo;9929/tcp;0.000163;# Nping echo server mode - http://nmap.org/book/nping-man-echo-mode.html - The port frequency is made up to keep it (barely) in top 1000 TCP
1692 | apc-9950;9950/tcp;0.000076;# APC 9950
1693 | nsesrvr;9988/tcp;0.000152;# Software Essentials Secure HTTP server
1694 | osm-appsrvr;9990/tcp;0.000076;# OSM Applet Server
1695 | issa;9991/tcp;0.000063;# ISS System Scanner Agent
1696 | issc;9992/tcp;0.000138;# ISS System Scanner Console
1697 | palace-4;9995/tcp;0.000076;# Palace-4
1698 | distinct32;9998/tcp;0.000304;# Distinct32
1699 | abyss;9999/tcp;0.004441;# Abyss web server remote web management interface
1700 | snet-sensor-mgmt;10000/tcp;0.011692;# SecureNet Pro Sensor https management server or apple airport admin
1701 | scp-config;10001/tcp;0.001292;# SCP Configuration
1702 | documentum;10002/tcp;0.000380;# EMC-Documentum Content Server Product
1703 | documentum_s;10003/tcp;0.000228;# EMC-Documentum Content Server Product
1704 | emcrmirccd;10004/tcp;0.000304;# EMC Replication Manager Client
1705 | stel;10005/tcp;0.000151;# Secure telnet
1706 | mvs-capacity;10007/tcp;0.000076;# MVS Capacity
1707 | octopus;10008/tcp;0.000152;# Octopus Multiplexer
1708 | swdtp-sv;10009/tcp;0.000228;# Systemwalker Desktop Patrol
1709 | rxapi;10010/tcp;0.002889;# ooRexx rxapi services
1710 | amandaidx;10082/tcp;0.000213;# Amanda indexing
1711 | amidxtape;10083/tcp;0.000125;# Amanda tape indexing
1712 | ezmeeting-2;10101/tcp;0.000076;# eZmeeting
1713 | netiq-endpt;10115/tcp;0.000076;# NetIQ Endpoint
1714 | qb-db-server;10160/tcp;0.000152;# QB Database Server
1715 | irisa;11000/tcp;0.000076;# IRISA
1716 | metasys;11001/tcp;0.000076;# Metasys
1717 | vce;11111/tcp;0.000228;# Viral Computing Environment (VCE)
1718 | pksd;11371/tcp;0.000038;# PGP Public Key Server
1719 | sysinfo-sp;11967/tcp;0.000380;# SysInfo Service Protocol
1720 | cce4x;12000/tcp;0.000427;# ClearCommerce Engine 4.x (www.clearcommerce.com)
1721 | entextnetwk;12001/tcp;0.000076;# IBM Enterprise Extender SNA COS Network Priority
1722 | entexthigh;12002/tcp;0.000076;# IBM Enterprise Extender SNA COS High Priority
1723 | dbisamserver1;12005/tcp;0.000076;# DBISAM Database Server - Regular
1724 | dbisamserver2;12006/tcp;0.000152;# DBISAM Database Server - Admin
1725 | nupaper-ss;12121/tcp;0.000076;# NuPaper Session Service
1726 | netbus;12345/tcp;0.000527;# NetBus backdoor trojan or Trend Micro Office Scan
1727 | netbus;12346/tcp;0.000088;# NetBus backdoor trojan
1728 | netbackup;13701/tcp;0.000013;# vmd           server
1729 | netbackup;13713/tcp;0.000025;# tl4d          server
1730 | netbackup;13714/tcp;0.000013;# tsdd          server
1731 | netbackup;13715/tcp;0.000013;# tshd          server
1732 | netbackup;13718/tcp;0.000013;# lmfcd         server
1733 | netbackup;13720/tcp;0.000038;# bprd          server
1734 | netbackup;13721/tcp;0.000013;# bpdbm         server
1735 | netbackup;13722/tcp;0.000314;# bpjava-msvc   client
1736 | vnetd;13724/tcp;0.000152;# Veritas Network Utility
1737 | netbackup;13782/tcp;0.000728;# bpcd          client
1738 | netbackup;13783/tcp;0.000389;# vopied        client
1739 | scotty-ft;14000/tcp;0.000380;# SCOTTY High-Speed Filetransfer
1740 | sua;14001/tcp;0.000076;# SUA
1741 | bo2k;14141/tcp;0.000038;# Back Orifice 2K BoPeep mouse/keyboard input
1742 | hydap;15000/tcp;0.001064;# Hypack Hydrographic Software Packages Data Acquisition
1743 | bo2k;15151/tcp;0.000013;# Back Orifice 2K BoPeep video output
1744 | bex-xr;15660/tcp;0.000380;# Backup Express Restore Server
1745 | fmsas;16000/tcp;0.000228;# Administration Server Access
1746 | fmsascon;16001/tcp;0.000380;# Administration Server Connector
1747 | osxwebadmin;16080/tcp;0.000251;# Apple OS X WebAdmin
1748 | sun-sea-port;16161/tcp;0.000076;# Solaris SEA Port
1749 | overnet;16444/tcp;0.000025;# Overnet file sharing
1750 | newbay-snc-mc;16900/tcp;0.000076;# Newbay Mobile Client Update Service
1751 | amt-soap-http;16992/tcp;0.000760;# Intel(R) AMT SOAP/HTTP
1752 | amt-soap-https;16993/tcp;0.000760;# Intel(R) AMT SOAP/HTTPS
1753 | kuang2;17300/tcp;0.000013;# Kuang2 backdoor
1754 | db-lsp;17500/tcp;0.000076;# Dropbox LanSync Protocol
1755 | biimenu;18000/tcp;0.000138;# Beckman Instruments, Inc.
1756 | opsec-cvp;18181/tcp;0.000025;# Check Point OPSEC
1757 | opsec-ufp;18182/tcp;0.000038;# Check Point OPSEC
1758 | opsec-sam;18183/tcp;0.000025;# Check Point OPSEC
1759 | opsec-lea;18184/tcp;0.000038;# Check Point OPSEC
1760 | opsec-ela;18187/tcp;0.000013;# Check Point OPSEC
1761 | gkrellm;19150/tcp;0.000013;# GKrellM remote system activity meter daemon
1762 | keysrvr;19283/tcp;0.000304;# Key Server for SASSAFRAS
1763 | keyshadow;19315/tcp;0.000304;# Key Shadow for SASSAFRAS
1764 | dnp;20000/tcp;0.000380;# DNP
1765 | microsan;20001/tcp;0.000076;# MicroSAN
1766 | commtact-http;20002/tcp;0.000152;# Commtact HTTP
1767 | btx;20005/tcp;0.000401;# xcept4 (Interacts with German Telekom's CEPT videotext service)
1768 | ipulse-ics;20222/tcp;0.000380;# iPulse-ICS
1769 | dcap;22125/tcp;0.000076;# dCache Access Protocol
1770 | gsidcap;22128/tcp;0.000076;# GSI dCache Access Protocol
1771 | wnn6;22273/tcp;0.000075;# Wnn6 (Japanese input)
1772 | CodeMeter;22350/tcp;0.000076;# CodeMeter Standard
1773 | vocaltec-wconf;22555/tcp;0.000076;# Vocaltec Web Conference
1774 | binkp;24554/tcp;0.000076;# BINKP
1775 | minecraft;25565/tcp;0.000076;# A video game - http://en.wikipedia.org/wiki/Minecraft
1776 | wnn6_DS;26208/tcp;0.000025;# Wnn6 (Dserver)
1777 | flexlm0;27000/tcp;0.000640;# FlexLM license manager additional ports
1778 | flexlm1;27001/tcp;0.000075;# FlexLM license manager additional ports
1779 | flexlm2;27002/tcp;0.000013;# FlexLM license manager additional ports
1780 | flexlm3;27003/tcp;0.000013;# FlexLM license manager additional ports
1781 | flexlm5;27005/tcp;0.000013;# FlexLM license manager additional ports
1782 | flexlm7;27007/tcp;0.000013;# FlexLM license manager additional ports
1783 | flexlm9;27009/tcp;0.000013;# FlexLM license manager additional ports
1784 | flexlm10;27010/tcp;0.000063;# FlexLM license manager additional ports
1785 | subseven;27374/tcp;0.000050;# Subseven Windows trojan
1786 | Trinoo_Master;27665/tcp;0.000038;# Trinoo distributed attack tool Master server control port
1787 | pago-services1;30001/tcp;0.000076;# Pago Services 1
1788 | Elite;31337/tcp;0.000163;# Sometimes interesting stuff can be found here
1789 | boinc;31416/tcp;0.000075;# BOINC Client Control
1790 | filenet-powsrm;32767/tcp;0.000076;# FileNet BPM WS-ReliableMessaging Client
1791 | filenet-tms;32768/tcp;0.009199;# Filenet TMS
1792 | filenet-rpc;32769/tcp;0.000760;# Filenet RPC
1793 | sometimes-rpc3;32770/tcp;0.000903;# Sometimes an RPC port on my Solaris box
1794 | sometimes-rpc5;32771/tcp;0.001367;# Sometimes an RPC port on my Solaris box (rusersd)
1795 | sometimes-rpc7;32772/tcp;0.000891;# Sometimes an RPC port on my Solaris box (status)
1796 | sometimes-rpc9;32773/tcp;0.000602;# Sometimes an RPC port on my Solaris box (rquotad)
1797 | sometimes-rpc11;32774/tcp;0.000602;# Sometimes an RPC port on my Solaris box (rusersd)
1798 | sometimes-rpc13;32775/tcp;0.000427;# Sometimes an RPC port on my Solaris box (status)
1799 | sometimes-rpc15;32776/tcp;0.000364;# Sometimes an RPC port on my Solaris box (sprayd)
1800 | sometimes-rpc17;32777/tcp;0.000301;# Sometimes an RPC port on my Solaris box (walld)
1801 | sometimes-rpc19;32778/tcp;0.000289;# Sometimes an RPC port on my Solaris box (rstatd)
1802 | sometimes-rpc21;32779/tcp;0.000301;# Sometimes an RPC port on my Solaris box
1803 | sometimes-rpc23;32780/tcp;0.000263;# Sometimes an RPC port on my Solaris box
1804 | sometimes-rpc25;32786/tcp;0.000075;# Sometimes an RPC port (mountd)
1805 | sometimes-rpc27;32787/tcp;0.000075;# Sometimes an RPC port dmispd (DMI Service Provider)
1806 | safetynetp;40000/tcp;0.000152;# SafetyNET p
1807 | crestron-cip;41794/tcp;0.000076;# Crestron Control Port
1808 | crestron-ctp;41795/tcp;0.000076;# Crestron Terminal Port
1809 | caerpc;42510/tcp;0.000988;# CA eTrust RPC
1810 | tinyfw;44334/tcp;0.000088;# tiny personal firewall admin port
1811 | coldfusion-auth;44442/tcp;0.000163;# ColdFusion Advanced Security/Siteminder Authentication Port (by Allaire/Netegrity)
1812 | coldfusion-auth;44443/tcp;0.000201;# ColdFusion Advanced Security/Siteminder Authentication Port (by Allaire/Netegrity)
1813 | dbbrowse;47557/tcp;0.000038;# Databeam Corporation
1814 | directplaysrvr;47624/tcp;0.000076;# Direct Play Server
1815 | ap;47806/tcp;0.000076;# ALC Protocol
1816 | Memecache;11211/tcp;0.000075;# Back Orifice 2K Default Port
1817 | hadoop;50070/tcp;0.000075;# Back Orifice 2K Default Port
1818 | compaqdiag;49400/tcp;0.000276;# Compaq Web-based management
1819 | ibm-db2;50000/tcp;0.001317;# (also Internet/Intranet Input Method Server Framework?)
1820 | iiimsf;50002/tcp;0.000351;# Internet/Intranet Input Method Server Framework
1821 | telnet;23/tcp;0.000351;# Internet/Intranet Input Method Server Framework
1822 | zookeeper;2181/tcp;0.000075;# Back Orifice 2K Default Port
1823 | elasticsearch;9200/tcp;0.000075;# Back Orifice 2K Default Port
1824 | SXF_SSH;22345/tcp;0.000075;# Back Orifice 2K Default Port
1825 | Rundeck;4440/tcp;0.000075;# Back Orifice 2K Default Port
1826 | Mongo;27017/tcp;0.000075;# Back Orifice 2K Default Port
1827 | bo2k;54320/tcp;0.000075;# Back Orifice 2K Default Port
1828 | redis;6379/tcp;0.000075;# Back Orifice 2K Default Port
1829 | iphone-sync;62078/tcp;0.000304;# Apparently used by iPhone while syncing - http://code.google.com/p/iphone-elite/source/browse/wiki/Port_62078.wiki


--------------------------------------------------------------------------------
/dict/port_service.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"21": "ftp",
 3 | 	"22": "ssh",
 4 | 	"23": "telnet",
 5 | 	"25": "smtp",
 6 | 	"53": "dns",
 7 | 	"80": "http",
 8 | 	"110": "pop3",
 9 | 	"139": "samba",
10 | 	"143": "imap",
11 | 	"161": "snmp",
12 | 	"389": "ldap",
13 | 	"443": "https",
14 | 	"445": "smb",
15 | 	"512": "rlogin",
16 | 	"513": "rlogin",
17 | 	"514": "rlogin",
18 | 	"873": "rsync",
19 | 	"1080": "socks",
20 | 	"1433": "mssql",
21 | 	"1521": "oracle",
22 | 	"2049": "nfs",
23 | 	"2181": "zookeeper",
24 | 	"2601": "zebra",
25 | 	"2604": "zebra",
26 | 	"3128": "squid",
27 | 	"3306": "mysql",
28 | 	"3389": "rdp",
29 | 	"4440": "rundeck",
30 | 	"4848": "glassfish",
31 | 	"5000": "sybase|flask",
32 | 	"5432": "postgresql",
33 | 	"5900": "vnc",
34 | 	"6379": "redis",
35 | 	"7001": "weblogic",
36 | 	"8069": "zabbix",
37 | 	"8649": "ganglia",
38 | 	"9000": "fastcgi",
39 | 	"9043": "websphere",
40 | 	"9200": "elasticsearch",
41 | 	"9300": "elasticsearch",
42 | 	"11211": "memcacache",
43 | 	"27017": "mongodb",
44 | 	"50070": "hadoop",
45 | 	"50075": "hbase",
46 | 	"50090": "hdfs",
47 | 	"60000": "hbase"
48 | }


--------------------------------------------------------------------------------
/dict/subnames_all_5_letters.txt:
--------------------------------------------------------------------------------
1 | {alphnum}
2 | {alphnum}{alphnum}
3 | {alphnum}{alphnum}{alphnum}
4 | {alphnum}{alphnum}{alphnum}{alphnum}
5 | {alphnum}{alphnum}{alphnum}{alphnum}{alphnum}


--------------------------------------------------------------------------------
/helper.py:
--------------------------------------------------------------------------------
  1 | # coding=utf8
  2 | import config
  3 | import sqlite3 as db
  4 | import os
  5 | import requests
  6 | 
  7 | def load_domain_from_file():
  8 | 	with open(config.INPUT_DOMAIN_FILE, 'r') as f:
  9 | 		data = f.read().strip()
 10 | 	return set(data.split('\n'))
 11 | 
 12 | def load_alldomains_from_file():
 13 | 	with open(config.INPUT_ALL_DOMAINS_FILE, 'r') as f:
 14 | 		data = f.read().strip()
 15 | 	return set(data.split('\n'))
 16 | 
 17 | 
 18 | def load_ips_from_file():
 19 | 	with open(os.path.join(config.OUTPUT_DIR,config.IPS), 'r') as f:
 20 | 		data = f.read().strip()
 21 | 	return set(data.split('\n'))
 22 | 
 23 | def parse_domains_brute(domain, extip=None):
 24 | 	'''
 25 | 	如果域名泛解析，则通过HTTP请求的Host来判断是否真的绑定在webserver上
 26 | 	在检查响应的时候，一般同一个错误页面的响应长度是一样的，除非响应中包含 host，所以需要在替换掉host之后再比较长度
 27 | 	'''
 28 | 	def get_error_page(extip, fhost):
 29 | 		error_page = ''
 30 | 		try:
 31 | 			error_page = requests.get('https://%s' % extip, headers={'host': fhost}, verify=True).text.replace(fhost, "")
 32 | 		except Exception as e:
 33 | 			pass
 34 | 		if not error_page:
 35 | 			try:
 36 | 				fhost = 'salt66666666.'+domain
 37 | 				error_page = requests.get('http://%s' % extip, headers={'host': fhost}).text.replace(fhost, "")
 38 | 			except Exception as e:
 39 | 				pass
 40 | 		return len(error_page)
 41 | 
 42 | 	with open(os.path.join(config.OUTPUT_DIR, '%s.txt'%domain), 'r') as f:
 43 | 		data = f.read().strip()
 44 | 	ret = {}
 45 | 
 46 | 	if extip:
 47 | 		fhost = 'salt66666666.'+domain
 48 | 		error_page = get_error_page(extip, fhost)
 49 | 
 50 | 	for line in data.split('\n'):
 51 | 		if not line.strip():
 52 | 			continue
 53 | 		line = line.replace(' ', '').replace('\t', '')
 54 | 		parts = line.split(domain)
 55 | 		if extip and extip in line:
 56 | 			if not error_page:
 57 | 				continue
 58 | 			else:
 59 | 				page = get_error_page(extip, parts[0]+domain)
 60 | 				if page == error_page:
 61 | 					continue
 62 | 
 63 | 		ret[parts[0]+domain] = parts[1]
 64 | 	return ret
 65 | 
 66 | def get_domains_conn():
 67 | 	sqlitepath = os.path.join(config.OUTPUT_DIR, "domains.db")
 68 | 	conn = db.connect(sqlitepath)
 69 | 	conn.text_factory = str
 70 | 	return conn
 71 | 
 72 | 
 73 | def get_ports_conn():
 74 | 	sqlitepath = os.path.join(config.OUTPUT_DIR, "ports.db")
 75 | 	conn = db.connect(sqlitepath)
 76 | 	conn.text_factory = str
 77 | 	return conn
 78 | 
 79 | 
 80 | def insert_port(ip, port, service=None):
 81 | 	conn = get_ports_conn()
 82 | 	cursor = conn.cursor()
 83 | 	sql = "INSERT INTO open(ip, port, service) VALUES(?, ?, ?)"
 84 | 	try:
 85 | 		status = cursor.execute(sql, (ip, port, service))
 86 | 		conn.commit()
 87 | 	except Exception as e:
 88 | 		print e
 89 | 	conn.close()
 90 | 
 91 | def check_port_scanned(ip, port):
 92 | 	conn = get_ports_conn()
 93 | 	cursor = conn.cursor()
 94 | 	sql = "SELECT * FROM open WHERE ip=? and port=?"
 95 | 	cursor.execute(sql, (ip, port))
 96 | 	rows = cursor.fetchall()
 97 | 	if rows:
 98 | 		return True
 99 | 	else:
100 | 		return False
101 | 
102 | 
103 | def install_ports():
104 | 	sqlitepath = os.path.join(config.OUTPUT_DIR, "ports.db")
105 | 	install = ''
106 | 	if not os.path.exists(sqlitepath):
107 | 		install = '''
108 | 	CREATE TABLE open(
109 | 		`ip` VARCHAR(64) NOT NULL,
110 | 		`port` INTEGER,
111 | 		`service` varchar(64),
112 | 		`comment` TEXT,
113 | 		PRIMARY KEY(`ip`, `port`)
114 | 	);
115 | 	'''
116 | 	if install:
117 | 		conn = conn = get_ports_conn()
118 | 		cursor = conn.cursor()
119 | 		cursor.execute(install)
120 | 		conn.commit()
121 | 		conn.close()
122 | 
123 | 
124 | def install_domains():
125 | 	sqlitepath = os.path.join(config.OUTPUT_DIR, "domains.db")
126 | 	install = ''
127 | 	if not os.path.exists(sqlitepath):
128 | 		install = '''
129 | 	CREATE TABLE `domains`(
130 | 		`domain` varchar(255) NOT NULL,
131 | 		`ip` TEXT NOT NULL,
132 | 		`cname` varchar(255),
133 | 		`cdn` INTEGER,
134 | 		`internal` INTEGER,
135 | 		PRIMARY KEY(`domain`, `ip`)
136 | 	);
137 | 	'''
138 | 	if install:
139 | 		conn = get_domains_conn()
140 | 		cursor = conn.cursor()
141 | 		cursor.execute(install)
142 | 		conn.commit()
143 | 		conn.close()
144 | 
145 | 
146 | if __name__ == '__main__':
147 | 	conn = get_domains_conn()
148 | 	cur = conn.cursor()
149 | 	cur.execute("SELECT * FROM domains")
150 | 	rows = cur.fetchall()
151 | 	for row in rows:
152 | 		print row
153 | 


--------------------------------------------------------------------------------
/input/alldomians.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/5alt/ZeroScan/6811ca6a03cf7d6d4cdb81498a9391e175ae6aa0/input/alldomians.txt


--------------------------------------------------------------------------------
/input/domain.txt:
--------------------------------------------------------------------------------
1 | 5alt.me


--------------------------------------------------------------------------------
/output/blank:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/passive/DuckDuckSearch.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | from lxml import html
 3 | from urlparse import urlparse
 4 | 
 5 | class duckduckgo(object):
 6 |     def __init__(self):
 7 |         self.url = []
 8 |         self.page = 0
 9 |         self.maxPage = 0
10 | 
11 |     def search(self,query,s=0,dc=0,nextParams=None, maxPage=None):
12 |         if nextParams == None:
13 |             self.page = 0
14 |         if maxPage:
15 |             self.maxPage = maxPage
16 |         if self.maxPage and self.page >= self.maxPage:
17 |             return self.url
18 | 
19 |         self.page += 1
20 |         self.query = query
21 |         url = 'https://duckduckgo.com/html/'
22 |         params = {'q':query,'dc':dc,'s':s,'nextParams':nextParams,'v':'l','o':'json','api':'/d.js'}
23 |         r = requests.post(url,data=params)
24 |         tree = html.fromstring(r.content)
25 |         self.find(tree)
26 |         return self.url
27 | 
28 |     def find(self,tree):
29 |         links,nextParams,s,dc = [tree.xpath('//*[@id="links"]/div/div/h2/a/@href'),tree.xpath('//*[@class="nav-link"]/form/input[4]/@value'),tree.xpath('//*[@class="nav-link"]/form/input[3]/@value'),tree.xpath('//*[@class="nav-link"]/form/input[7]/@value')]
30 |         for link in links:
31 |             self.url.append(link)
32 |         if len(s) == 1:
33 |             self.search(self.query,s=s[0],dc=dc[0],nextParams=nextParams[0])
34 |         elif len(s) >= 2:
35 |             self.search(self.query,s=s[1],dc=dc[1],nextParams=nextParams[0])
36 | 
37 | def subdomain(domain):
38 |     domains = set()
39 |     dd = duckduckgo()
40 |     urls = dd.search('site:'+domain, maxPage=5)
41 |     for url in urls:
42 |         domains.add(urlparse(url).netloc.split(":")[0])
43 |     return list(domains)
44 | 
45 | def passive_search(domain):
46 |     return subdomain(domain)
47 | 
48 | if __name__ == '__main__':
49 |     import json
50 |     domains = ['tencent.com']
51 |     for domain in domains:
52 |         data = subdomain(domain)
53 |         if data:
54 |             json.dump(data, open('../input/%s_duck.json' % domain, 'w'))
55 | 
56 | 
57 | 


--------------------------------------------------------------------------------
/passive/GSDFA.py:
--------------------------------------------------------------------------------
 1 | # GoogleSSLdomainFinder Api Version
 2 | # -*- coding: utf-8 -*-
 3 | __author__ = 'Wester'
 4 | 
 5 | import requests
 6 | import re
 7 | import json
 8 | import os,cmd,sys
 9 | import argparse
10 | import time,datetime
11 | from tqdm import tqdm
12 | 
13 | #domainfinde function
14 | class GoogleSSLdomainFinder:
15 |     def __init__(self,search_domain,show_expired):
16 |         self.search_domain = search_domain
17 |         self.show_expired = show_expired
18 |         self.domains = {}
19 |         self.page_token = ''
20 |         self.headers = {"User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36"}
21 |         self.indexUrl = 'https://transparencyreport.google.com/transparencyreport/api/v3/httpsreport/ct/certsearch?include_subdomains=true'
22 |         self.nextUrl = 'https://transparencyreport.google.com/transparencyreport/api/v3/httpsreport/ct/certsearch/page?p='
23 |         #self.proxies = {
24 |         #    'http': 'http://127.0.0.1:1087',
25 |         #    'https': 'http://127.0.0.1:1087',
26 |         #}
27 |         requests.packages.urllib3.disable_warnings()
28 | 
29 |     def get_domain(self):
30 |         if self.page_token != '':
31 |             req = requests.get(self.nextUrl+self.page_token,headers=self.headers,verify=False)
32 |         else:
33 |             if self.show_expired == 'show':
34 |                 req = requests.get(self.indexUrl+'&domain='+self.search_domain+'&include_expired=true',headers=self.headers,verify=False)
35 |             else:
36 |                 req = requests.get(self.indexUrl+'&domain='+self.search_domain,headers=self.headers,verify=False)
37 |         rep = (req.text).encode('utf-8').lstrip(")]}'")
38 |         rep = re.sub(r'\[\[\"https\.ct\.cdsr\"\,','[',rep)
39 |         rep = rep.replace('\n','').replace('\\','')
40 |         rep = rep[:-1]
41 |         rep = json.loads(rep)              
42 |         for y in rep[0]:
43 |             if not self.domains.has_key(y[1]):
44 |                 self.domains[y[1]] = {}
45 |                 self.domains[y[1]]['expired_time'] = int((str(y[4]))[:-3])
46 |                 self.domains[y[1]]['is_expired'] = 0
47 |             else:
48 |                 if self.domains[y[1]]['expired_time'] < int((str(y[4]))[:-3]):
49 |                     self.domains[y[1]]['expired_time'] = int((str(y[4]))[:-3])
50 |                     now = time.time()
51 |                     if now >int((str(y[4]))[:-3]):
52 |                         self.domains[y[1]]['is_expired'] = 1
53 |                     else:
54 |                         self.domains[y[1]]['is_expired'] = 0
55 |                 else:
56 |                     continue
57 |         if rep[2][1] != None:
58 |             self.page_token = rep[2][1]
59 |             self.get_domain()
60 | 
61 |     def list(self):
62 |         try:
63 |            self.get_domain()
64 |            return self.domains
65 |         except:
66 |             self.domains = {}
67 |             return self.domains
68 | 
69 | def passive_search(domain):
70 |     return GoogleSSLdomainFinder(domain,'show').list().keys()
71 | 
72 | if __name__ == '__main__':
73 |     print GoogleSSLdomainFinder("chaitin.cn",'show').list().keys()
74 | 


--------------------------------------------------------------------------------
/passive/certspotter.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import json
 3 | 
 4 | def certspotter_api(domain):
 5 |     data_set = set()
 6 |     url = "https://certspotter.com/api/v0/certs?domain={}".format(domain)
 7 |     subdomain_data = []
 8 |     response = requests.get(url)
 9 |     for i in range(0, len(response.json())):
10 |         try:
11 |             subdomain_data += response.json()[i]['dns_names']
12 |         except:
13 |             continue
14 |     return set(subdomain_data)
15 | 
16 | def passive_search(domain):
17 |     return certspotter_api(domain)
18 | 
19 | if __name__ == '__main__':
20 |     print certspotter_api('5alt.me') 
21 | 


--------------------------------------------------------------------------------
/passive/crtsh.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import json
 3 | 
 4 | def certsh_api(domain):
 5 |     data_set = set()
 6 |     url = "https://crt.sh/?q=%25.{0}&output=json".format(domain)
 7 |     resp = requests.get(url)
 8 |     if resp.status_code != 200:
 9 |         return []
10 |     #fixed_raw = '[%s]' % str(resp.text).replace('}{', '},{')
11 |     for cert in json.loads(resp.text):
12 |         data_set.update([cert.get('name_value')])
13 |     return data_set
14 | 
15 | def passive_search(domain):
16 |     return certsh_api(domain)
17 | 
18 | if __name__ == '__main__':
19 |     print passive_search('5alt.me') 
20 | 


--------------------------------------------------------------------------------
/passive/fofa.py:
--------------------------------------------------------------------------------
 1 | # encoding=utf-8
 2 | import os
 3 | import requests
 4 | import base64
 5 | import re
 6 | # from urllib.parse import urlparse
 7 | from urlparse import urlparse
 8 | 
 9 | def fofa_search(domain):
10 | 	if not os.environ.get('fofa_username') or not os.environ.get('fofa_password'):
11 | 		return []
12 | 	data_set = set()
13 | 
14 | 	# get访问登录页面，获取到token，session，It，这三个数据时页面随机生成的，请求数据时需要加上
15 | 	loginurl='https://i.nosec.org/login'
16 | 	getlogin=requests.get(loginurl)
17 | 	token0=re.findall('<input type="hidden" name="authenticity_token" value="(.*)" />',getlogin.text)
18 | 	session0=re.findall('(_nosec_cas_session=.*); path=/',getlogin.headers['Set-Cookie'])
19 | 	It0=re.findall('<input type="hidden" name="lt" id="lt" value="(.*)" />',getlogin.text)
20 | 	token=token0[0]
21 | 	session1=session0[0]
22 | 	It=It0[0]
23 | 	# 设置data数据和header头，将我们获取的数据加到里面
24 | 	datas={
25 | 	    'utf8':'%E2%9C%93',
26 | 	    'authenticity_token': token,
27 | 	    'lt': It,
28 | 		'username': os.environ.get('fofa_username'),
29 | 		'password': os.environ.get('fofa_password'),
30 | 		'rememberMe':'1',
31 | 		'button': ''
32 | 	}
33 | 	headers={
34 | 	'Host': 'i.nosec.org',
35 | 	'Connection': 'close',
36 | 	'Content-Length': '302',
37 | 	'Cache-Control': 'max-age=0',
38 | 	'Origin': 'https://i.nosec.org',
39 | 	'Upgrade-Insecure-Requests': '1',
40 | 	'Content-Type': 'application/x-www-form-urlencoded',
41 | 	'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36',
42 | 	'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
43 | 	'Referer': 'https://i.nosec.org/login',
44 | 	'Accept-Encoding': 'gzip, deflate, br',
45 | 	'Cookie': '__lnkrntdmcvrd=-1; '+session1,
46 | 	'Accept-Language': 'zh-CN,zh;q=0.9'
47 | 	}
48 | 	# 使用session登录，可以保证在之后的访问中保持登录信息
49 | 	session=requests.Session()
50 | 	postlogin=session.post(loginurl,headers=headers,data=datas)
51 | 	sess_headers={
52 | 		'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36',
53 | 		'X-Requested-With': 'XMLHttpRequest',
54 | 		'Accept': 'text/javascript'
55 | 	}
56 | 	# fofa的登陆界面和一般网站不同，他是类似于一个第三方的登录界面，在nosec登录成功后，你直接访问fofa是出于未登录状态，因为只是存在nosec的cookie，并没有fofa的cookie，
57 | 	# 需要访问该链接才会生成fofa的cookie
58 | 	signlogin=session.get('https://fofa.so/users/sign_in',headers=sess_headers)
59 | 
60 | 	search='domain="%s"' % domain
61 | 	#searchbs64=(str(base64.b64encode(search.encode('utf-8')),'utf-8'))
62 | 	searchbs64=str(base64.b64encode(search.encode('utf-8')))
63 | 	pageurl=session.get('https://fofa.so/result?full=true&qbase64='+searchbs64)
64 | 	pagenum=re.findall('>(\d*)</a> <a class="next_page" rel="next"',pageurl.text)
65 | 	pagenum=int(pagenum[0]) if pagenum else 1
66 | 	session.headers.update(sess_headers)
67 | 	for i in range(1, pagenum+1):
68 | 		finurl=session.get('https://fofa.so/result?full=true&page='+str(i)+'&qbase64='+searchbs64)
69 | 		finurl=re.findall(r'<a target=\\\"_blank\\\" href=\\\"(.*?)\\\">.*?<i class=\\\"fa fa-link\\\"><\\/i>',finurl.text)
70 | 		for j in finurl:
71 | 			data_set.add(urlparse(j).hostname)
72 | 	return data_set
73 | 
74 | def passive_search(domain):
75 |     return fofa_search(domain)
76 | 
77 | if __name__ == '__main__':
78 |     print(fofa_search('5alt.me'))


--------------------------------------------------------------------------------
/passive/hacktarget.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import json
 3 | 
 4 | def passive_domain(domain):
 5 | 	try:
 6 | 		# hackertarget
 7 | 		url = 'https://api.hackertarget.com/hostsearch/?q=%s' % domain
 8 | 		ret = [i.split(',')[0] for i in requests.get(url).text.split('\n') if i]
 9 | 	except Exception as e:
10 | 		return []
11 | 	return set(ret)
12 | 
13 | def passive_search(domain):
14 | 	return passive_domain(domain)
15 | 
16 | 
17 | if __name__ == '__main__':
18 | 	print passive_domain("5alt.me")
19 | 


--------------------------------------------------------------------------------
/passive/passive_total.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import os
 3 | 
 4 | def pt_query(value):
 5 |     if not os.environ.get('passivetotal_key') or not os.environ.get('passivetotal_secret'):
 6 |         return []
 7 |     url = 'https://api.passivetotal.org/v2/enrichment/subdomains'
 8 |     auth = (os.environ.get('passivetotal_key'), os.environ.get('passivetotal_secret'))
 9 |     params = {'query': value}
10 |     try:
11 |         # Timeout can also act as a quasi break on hosting sites/large return values - remove the timeout if you really want the nodes
12 |         pt_response = requests.get(url, params=params, auth=auth, timeout=60)
13 |         if pt_response.status_code == 504: # Gateway Timeout error
14 |             return []
15 |         else:
16 |             api_result = pt_response.json()
17 |             return api_result['subdomains']
18 |     except:
19 |         pass
20 |     return []
21 |     
22 | 
23 | def passive_search(domain):
24 |     return pt_query(domain)
25 | 
26 | if __name__ == '__main__':
27 |     os.environ['passivetotal_key'] = ""
28 |     os.environ['passivetotal_secret'] = ""
29 |     print pt_query('5alt.me')


--------------------------------------------------------------------------------
/passive/threatcrowd.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import json
 3 | 
 4 | def passive_domain(domain):
 5 | 	try:
 6 | 		# hackertarget
 7 | 		url = 'https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=%s' % domain
 8 | 		ret = requests.get(url).json()["subdomains"]
 9 | 	except Exception as e:
10 | 		return []
11 | 	return set(ret)
12 | 
13 | def passive_search(domain):
14 | 	return passive_domain(domain)
15 | 
16 | 
17 | if __name__ == '__main__':
18 | 	print passive_domain("5alt.me")
19 | 


--------------------------------------------------------------------------------
/passive/virustotal.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import json
 3 | import os
 4 | 
 5 | def passive_domain(domain):
 6 | 	subdomains = set()
 7 | 	try:
 8 | 		# virusTotalApi
 9 | 		virusTotalApiKey = os.environ.get('virustotal_key')
10 | 		if not virusTotalApiKey: return []
11 | 		url = 'https://www.virustotal.com/vtapi/v2/domain/report'
12 | 		parameters = {'domain': domain, 'apikey': virusTotalApiKey}
13 | 		domains = requests.get(url, params = parameters).json()["subdomains"]
14 | 		for i in domains: subdomains.add(i)
15 | 	except Exception as e:
16 | 		print e
17 | 	return subdomains
18 | 
19 | def passive_search(domain):
20 |     return passive_domain(domain)
21 | 
22 | 
23 | if __name__ == '__main__':
24 | 	print passive_domain("5alt.me")
25 | 


--------------------------------------------------------------------------------
/recv.py:
--------------------------------------------------------------------------------
 1 | #! /usr/bin/env python
 2 | from scapy.all import *
 3 | 
 4 | import config
 5 | import helper
 6 | from tools import check_port_service
 7 | 
 8 | # http://biot.com/capstats/bpf.html
 9 | # http://www.freebuf.com/sectool/94507.html
10 | helper.install_ports()
11 | whitelist = helper.load_ips_from_file()
12 | 
13 | f="tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack != 0"
14 | 
15 | def callback(pkt):
16 | 	#pkt.show()
17 | 	if pkt[IP].src in whitelist:
18 | 		print "%s:%s"%(pkt[IP].src, pkt[TCP].sport)
19 | 		if helper.check_port_scanned(pkt[IP].src, pkt[TCP].sport):
20 | 			return
21 | 		service = check_port_service(pkt[IP].src, pkt[TCP].sport)
22 | 		helper.insert_port(pkt[IP].src, pkt[TCP].sport, service)
23 | 
24 | sniff(prn=callback, filter=f, store=0)


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | gevent
2 | requests
3 | scapy
4 | dnspython
5 | tldextract
6 | lxml
7 | bs4
8 | tqdm


--------------------------------------------------------------------------------
/run.py:
--------------------------------------------------------------------------------
  1 | #! /usr/bin/env python
  2 | from scapy.all import *
  3 | import os, sys
  4 | import subprocess
  5 | import time
  6 | import sqlite3 as db
  7 | import json
  8 | import imp
  9 | 
 10 | import config
 11 | import helper, tools
 12 | import subDomainsBrute.subDomainsBrute as subDomainsBrute
 13 | 
 14 | class subDomainsBruteOpt:
 15 |     def __init__(self, domain, dictionary="subnames.txt"):
 16 |         self.file= "subDomainsBrute"+os.sep+"dict"+os.sep+dictionary
 17 |         self.threads = 200
 18 |         self.output = os.path.join(config.OUTPUT_DIR, '%s.txt'%domain)
 19 |         self.i = False
 20 |         self.full_scan = False
 21 | 
 22 | def load_modules(path):
 23 |     modules = []
 24 |     for f in os.listdir(path):
 25 |         if f.endswith('.py') and not f.endswith('__init__.py'):
 26 |             modules.append(imp.load_source(f[:-3], path + os.sep + f))
 27 |     return modules
 28 | 
 29 | 
 30 | class DomainInfoCollection:
 31 |     def __init__(self,domains):
 32 |         self.domains = set()
 33 |         self.subdomains = set()
 34 |         for domain in domains:
 35 |             if domain.startswith('*.'):
 36 |                 domain = domain[2:]
 37 |             base_domain = tools.get_domain(domain)
 38 |             if domain == base_domain:
 39 |                 self.domains.add(base_domain)
 40 |             else:
 41 |                 self.subdomains.add(domain)
 42 | 
 43 |         self.cdn_domain = set()
 44 |         self.extensive_domain = set()
 45 |         self.ips = set()
 46 |         self.domain_ip = {}
 47 |         self.internal_domain = set()
 48 |         self.ip_all = {}
 49 |         self.takeover_domain = set()
 50 |         self.takeover_domain_check = set()
 51 | 
 52 |     def passive_search(self):
 53 |         modules = load_modules(config.PASSIVE_SEARCH_DIR)
 54 |         for domain in self.domains:
 55 |             for module in modules:
 56 |                 subdomains = module.passive_search(domain)
 57 |                 subdomains = filter(lambda x: x and x.endswith(domain), subdomains)
 58 |                 subdomains = map(lambda x: x.lower(), subdomains)
 59 |                 self.subdomains.update(subdomains)
 60 | 
 61 |     def active_search(self):
 62 |         scanable_domain = set()
 63 |         for d in self.subdomains:
 64 |             scanable_domain.update(tools.scanable_subdomain(d))
 65 | 
 66 |         self.subdomains = set(filter(lambda x: not x.startswith('*.'), self.subdomains))
 67 |         scanable_domain.update(self.domains)
 68 | 
 69 |         for domain in scanable_domain:
 70 |             isext, ip = tools.check_extensive_domain(domain)
 71 |             if isext:
 72 |                 self.extensive_domain.add(domain)
 73 |             if not os.path.exists(os.path.join(config.OUTPUT_DIR, '%s.txt'%domain)):
 74 |                 if tools.get_domain(domain) == domain:
 75 |                     d = subDomainsBrute.SubNameBrute(target=domain, options=subDomainsBruteOpt(domain))
 76 |                 else:
 77 |                     d = subDomainsBrute.SubNameBrute(target=domain, options=subDomainsBruteOpt(domain, "next_sub.txt"))
 78 |                 d.run()
 79 |                 d.outfile.flush()
 80 |                 d.outfile.close()
 81 |             r = helper.parse_domains_brute(domain, ip)
 82 |             self.subdomains.update(r.keys())
 83 |             self.domain_ip.update(r)
 84 | 
 85 |     def process_subdomain(self):
 86 |         helper.install_domains()
 87 |         sqlitepath = os.path.join(config.OUTPUT_DIR,'domains.db')
 88 |         conn = db.connect(sqlitepath)
 89 |         conn.text_factory = str
 90 |         cursor = conn.cursor()
 91 |         sql = "INSERT INTO domains(domain, ip, cname, cdn, internal) VALUES(?, ?, ?, ?, ?)"
 92 | 
 93 |         ips = set()
 94 |         cdn_ip = set()
 95 | 
 96 |         self.subdomains.update(self.domains)
 97 | 
 98 |         for domain in self.subdomains:
 99 |             cname = tools.get_cname(domain)
100 |             cdn = tools.get_cdn(domain, cname)
101 |             ipl = self.domain_ip.get(domain, None)
102 |             if cdn:
103 |                 self.cdn_domain.add(domain)
104 |             if not ipl:
105 |                 ipl = tools.resolve_host_ip(domain)
106 |             else:
107 |                 ipl = ipl.split(",")
108 |             for ip in ipl:
109 |                 internal = tools.is_internal_ip(ip)
110 |                 if not cdn and not internal:
111 |                     ips.add(ip)
112 |                 elif cdn:
113 |                     self.takeover_domain_check.add((domain, ip, cname))
114 |                     cdn_ip.add(ip)
115 |                 if not internal:
116 |                     self.internal_domain.add(domain)
117 |                 try:
118 |                     status = cursor.execute(sql, (domain, ip, cname, cdn, internal))
119 |                     conn.commit()
120 |                 except Exception as e:
121 |                     print e
122 |         self.ips = ips-cdn_ip
123 |         with open(os.path.join(config.OUTPUT_DIR,config.IPS), 'w') as f:
124 |             f.write('\n'.join(self.ips).strip())
125 | 
126 |     def takeover(self):
127 |         modules = load_modules(config.TAKEOVER_DIR)
128 |         for domain, ip, cname in self.takeover_domain_check:
129 |             for m in modules:
130 |                 if m.detector(domain, ip, cname):
131 |                     self.takeover_domain.add(domain)
132 |                     break
133 | 
134 |     def port_scan(self):
135 |         recv_process = None
136 |         if self.ips:
137 |             recv_process = subprocess.Popen(["python", "recv.py"])
138 | 
139 |         time.sleep(5)
140 | 
141 |         dst_port = (1, 65535)
142 |         for ip in self.ips:
143 |             try:
144 |                 send(IP(dst=ip)/TCP(dport=dst_port,flags="S"))
145 |             except KeyboardInterrupt:
146 |                 break
147 |             except Exception as e:
148 |                 print e
149 |                 continue
150 |             time.sleep(3)
151 | 
152 |         print "send done"
153 |         time.sleep(120)
154 | 
155 |         scanned_ips = set()
156 |         conn = helper.get_ports_conn()
157 |         cur = conn.cursor()
158 |         cur.execute("SELECT * FROM open")
159 |         rows = cur.fetchall()
160 |         for row in rows:
161 |             ip, port, service, comment = row
162 |             scanned_ips.add(ip)
163 |         conn.close()
164 | 
165 |         second_stage_ips = self.ips - scanned_ips
166 | 
167 |         dst_port = (1, 65535)
168 |         for ip in second_stage_ips:
169 |             try:
170 |                 send(IP(dst=ip)/TCP(dport=dst_port,flags="S"))
171 |             except KeyboardInterrupt:
172 |                 break
173 |             except Exception as e:
174 |                 print e
175 |                 continue
176 |             time.sleep(3)
177 | 
178 |         print "second stage send done"
179 |         time.sleep(120)
180 | 
181 |         recv_process.kill()
182 | 
183 |     def report_subdomain(self):
184 |         domains = set()
185 |         conn = helper.get_domains_conn()
186 |         cur = conn.cursor()
187 |         cur.execute("SELECT * FROM domains WHERE cdn=0 and internal=0")
188 |         rows = cur.fetchall()
189 |         for row in rows:
190 |             domain, ip, cname, cdn, internal = row
191 |             domains.add(domain)
192 |         json.dump(list(domains), open(os.path.join(config.OUTPUT_DIR, "all_subdomains.json"), "w"))
193 | 
194 |     def collate(self):
195 |         conn = helper.get_domains_conn()
196 |         cur = conn.cursor()
197 |         cur.execute("SELECT * FROM domains WHERE cdn=0")
198 |         rows = cur.fetchall()
199 |         for row in rows:
200 |             domain, ip, cname, cdn, internal = row
201 |             if internal:
202 |                 self.internal_domain.add(domain)
203 |                 continue
204 |             if not self.ip_all.get(ip, None):
205 |                 self.ip_all[ip] = {'domain': [], 'ports': [], 'service': []}
206 |             if domain not in self.ip_all[ip]['domain']:
207 |                 self.ip_all[ip]['domain'].append(domain)
208 |         conn.close()
209 | 
210 |         conn = helper.get_ports_conn()
211 |         cur = conn.cursor()
212 |         cur.execute("SELECT * FROM open")
213 |         rows = cur.fetchall()
214 |         for row in rows:
215 |             ip, port, service, comment = row
216 |             self.ip_all[ip]['ports'].append(port)
217 |             self.ip_all[ip]['service'].append(service)
218 |         conn.close()
219 | 
220 |     def report(self):
221 |         json.dump(self.ip_all, open(os.path.join(config.OUTPUT_DIR, "ip_all.json"), "w"))
222 |         json.dump(list(self.cdn_domain), open(os.path.join(config.OUTPUT_DIR, "cdn_domain.json"), "w"))
223 |         json.dump(list(self.internal_domain), open(os.path.join(config.OUTPUT_DIR, "internal_domain.json"), "w"))
224 |         json.dump(list(self.extensive_domain), open(os.path.join(config.OUTPUT_DIR, "extensive_domain.json"), "w"))
225 | 
226 |         with open(os.path.join(config.OUTPUT_DIR, 'domain_takeover.txt'), 'a') as f:
227 |             f.write('\n'.join(self.takeover_domain).strip())
228 |         tools.report(self.ip_all, outname=config.REPORT_FILENAME)
229 |         
230 | 
231 | def runall():
232 |     targets = helper.load_domain_from_file()
233 |     domain_info_coll = DomainInfoCollection(targets)
234 |     domain_info_coll.passive_search()
235 |     domain_info_coll.active_search()
236 |     domain_info_coll.process_subdomain()
237 |     domain_info_coll.takeover()
238 |     domain_info_coll.port_scan()
239 |     domain_info_coll.collate()
240 |     domain_info_coll.report()
241 | 
242 | def runportscan():
243 |     targets = helper.load_alldomains_from_file()
244 |     domain_info_coll = DomainInfoCollection([])
245 |     domain_info_coll.subdomains = targets
246 |     domain_info_coll.process_subdomain()
247 |     domain_info_coll.takeover()
248 |     domain_info_coll.port_scan()
249 |     domain_info_coll.collate()
250 |     domain_info_coll.report()
251 | 
252 | def runsubdomain():
253 |     targets = helper.load_domain_from_file()
254 |     domain_info_coll = DomainInfoCollection(targets)
255 |     domain_info_coll.passive_search()
256 |     domain_info_coll.active_search()
257 |     domain_info_coll.process_subdomain()
258 |     domain_info_coll.report_subdomain()
259 | 
260 | '''
261 | main
262 | '''
263 | if __name__ == '__main__':
264 |     if sys.argv[1] == "runportscan":
265 |         runportscan()
266 |     elif sys.argv[1] == "runsubdomain":
267 |         runsubdomain()
268 |     else:
269 |         runall()
270 | 
271 | 
272 | 


--------------------------------------------------------------------------------
/subDomainsBrute/.gitignore:
--------------------------------------------------------------------------------
1 | *.py[cod]
2 | .idea/*


--------------------------------------------------------------------------------
/subDomainsBrute/README.md:
--------------------------------------------------------------------------------
 1 | subDomainsBrute 1.0.6
 2 | ======
 3 | 
 4 | A simple and fast sub domain brute tool for pentesters. It can rearch as fast as 1000 DNS queries per second.
 5 | 
 6 | 这个脚本的主要目标是发现其他工具无法探测到的域名, 如Google，aizhan，fofa。高频扫描每秒DNS请求数可超过1000次。
 7 | 
 8 | ## Change Log (2017-6-3) ##
 9 | * 增加CNAME扫描，扫描时间将增加
10 | * Bug fix: normal_lines remove deep copy issus, thanks @BlueIce
11 | 
12 | 
13 | ## Change Log (2017-5-4) ##
14 | * 使用协程替代了多线程
15 | * 使用了优化级队列，来减小队列的长度
16 | * 增加了占位符{next_sub}
17 | 
18 | 
19 | ## Dependencies ##
20 | > pip install dnspython gevent
21 | 
22 | 
23 | ## Usage ##
24 | 
25 | 	Usage: subDomainsBrute.py [options] target.com
26 | 	
27 | 	Options:
28 | 	  --version             show program's version number and exit
29 | 	  -h, --help            show this help message and exit
30 | 	  -f FILE               A file contains new line delimited subs, default is
31 | 	                        subnames.txt.
32 | 	  --full                Full scan, NAMES FILE subnames_full.txt will be used
33 | 	                        to brute
34 | 	  -i, --ignore-intranet
35 | 	                        Ignore domains pointed to private IPs
36 | 	  -t THREADS, --threads=THREADS
37 | 	                        Num of scan threads, 200 by default
38 | 	  -o OUTPUT, --output=OUTPUT
39 | 	                        Output file name. default is {target}.txt
40 | 
41 | 
42 | ## Screenshot ##
43 | 
44 | 如下图所示，小字典扫描qq.com，发现758个域名，耗时在100s以内。
45 | 
46 | ![screenshot](screenshot.png)
47 | 
48 | Output file could be like: [https://github.com/lijiejie/subDomainsBrute/blob/master/dict/sample_qq.com.txt](https://github.com/lijiejie/subDomainsBrute/blob/master/dict/sample_qq.com.txt)
49 | 
50 | From [http://www.lijiejie.com](http://www.lijiejie.com)


--------------------------------------------------------------------------------
/subDomainsBrute/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/5alt/ZeroScan/6811ca6a03cf7d6d4cdb81498a9391e175ae6aa0/subDomainsBrute/__init__.py


--------------------------------------------------------------------------------
/subDomainsBrute/dict/dns_servers.txt:
--------------------------------------------------------------------------------
1 | 119.29.29.29
2 | 182.254.116.116
3 | 114.114.115.115
4 | 114.114.114.114


--------------------------------------------------------------------------------
/subDomainsBrute/dict/next_sub.txt:
--------------------------------------------------------------------------------
  1 | test
  2 | test2
  3 | t
  4 | dev
  5 | 1
  6 | 2
  7 | 3
  8 | s1
  9 | s2
 10 | s3
 11 | admin
 12 | adm
 13 | a
 14 | ht
 15 | adminht
 16 | webht
 17 | web
 18 | gm
 19 | sys
 20 | system
 21 | manage
 22 | manager
 23 | mgr
 24 | b
 25 | c
 26 | passport
 27 | bata
 28 | wei
 29 | weixin
 30 | wechat
 31 | wx
 32 | wiki
 33 | upload
 34 | ftp
 35 | pic
 36 | jira
 37 | zabbix
 38 | nagios
 39 | bug
 40 | bugzilla
 41 | sql
 42 | mysql
 43 | db
 44 | stmp
 45 | pop
 46 | imap
 47 | mail
 48 | zimbra
 49 | exchange
 50 | forum
 51 | bbs
 52 | list
 53 | count
 54 | counter
 55 | img
 56 | img01
 57 | img02
 58 | img03
 59 | img04
 60 | api
 61 | cache
 62 | js
 63 | css
 64 | app
 65 | apps
 66 | wap
 67 | m
 68 | sms
 69 | zip
 70 | monitor
 71 | proxy
 72 | update
 73 | upgrade
 74 | stat
 75 | stats
 76 | data
 77 | portal
 78 | blog
 79 | autodiscover
 80 | en
 81 | search
 82 | so
 83 | oa
 84 | database
 85 | home
 86 | sso
 87 | help
 88 | vip
 89 | s
 90 | w
 91 | down 
 92 | download
 93 | downloads
 94 | dl
 95 | svn
 96 | git
 97 | log
 98 | staff
 99 | vpn
100 | sslvpn
101 | ssh
102 | scanner
103 | sandbox
104 | ldap
105 | lab
106 | go
107 | demo
108 | console
109 | cms
110 | auth
111 | crm
112 | erp
113 | res
114 | static
115 | old
116 | new
117 | beta
118 | image
119 | service
120 | login
121 | 3g
122 | docs
123 | it
124 | e
125 | live
126 | library
127 | files
128 | i
129 | d
130 | cp
131 | connect
132 | gateway
133 | lib
134 | preview
135 | backup
136 | share
137 | status
138 | assets
139 | user
140 | vote
141 | bugs
142 | cas
143 | feedback
144 | id
145 | edm
146 | survey
147 | union
148 | ceshi
149 | dev1
150 | updates
151 | phpmyadmin
152 | pma
153 | edit
154 | master
155 | xml
156 | control
157 | profile
158 | zhidao
159 | tool
160 | toolbox
161 | boss
162 | activity
163 | www
164 | 


--------------------------------------------------------------------------------
/subDomainsBrute/dict/next_sub_full.txt:
--------------------------------------------------------------------------------
  1 | {alphnum}
  2 | {alphnum}{alphnum}
  3 | test
  4 | test2
  5 | t
  6 | dev
  7 | 1
  8 | 2
  9 | 3
 10 | s1
 11 | s2
 12 | s3
 13 | admin
 14 | adm
 15 | a
 16 | ht
 17 | adminht
 18 | webht
 19 | web
 20 | gm
 21 | sys
 22 | system
 23 | manage
 24 | manager
 25 | mgr
 26 | b
 27 | c
 28 | passport
 29 | bata
 30 | wei
 31 | weixin
 32 | wechat
 33 | wx
 34 | wiki
 35 | upload
 36 | ftp
 37 | pic
 38 | jira
 39 | zabbix
 40 | nagios
 41 | bug
 42 | bugzilla
 43 | sql
 44 | mysql
 45 | db
 46 | stmp
 47 | pop
 48 | imap
 49 | mail
 50 | zimbra
 51 | exchange
 52 | forum
 53 | bbs
 54 | list
 55 | count
 56 | counter
 57 | img
 58 | img01
 59 | img02
 60 | img03
 61 | img04
 62 | api
 63 | cache
 64 | js
 65 | css
 66 | app
 67 | apps
 68 | wap
 69 | m
 70 | sms
 71 | zip
 72 | monitor
 73 | proxy
 74 | update
 75 | upgrade
 76 | stat
 77 | stats
 78 | data
 79 | portal
 80 | blog
 81 | autodiscover
 82 | en
 83 | search
 84 | so
 85 | oa
 86 | database
 87 | home
 88 | sso
 89 | help
 90 | vip
 91 | s
 92 | w
 93 | down
 94 | download
 95 | downloads
 96 | dl
 97 | svn
 98 | git
 99 | log
100 | staff
101 | vpn
102 | sslvpn
103 | ssh
104 | scanner
105 | sandbox
106 | ldap
107 | lab
108 | go
109 | demo
110 | console
111 | cms
112 | auth
113 | crm
114 | erp
115 | res
116 | static
117 | old
118 | new
119 | beta
120 | image
121 | service
122 | login
123 | 3g
124 | docs
125 | it
126 | e
127 | live
128 | library
129 | files
130 | i
131 | d
132 | cp
133 | connect
134 | gateway
135 | lib
136 | preview
137 | backup
138 | share
139 | status
140 | assets
141 | user
142 | vote
143 | bugs
144 | cas
145 | feedback
146 | id
147 | edm
148 | survey
149 | union
150 | ceshi
151 | dev1
152 | updates
153 | phpmyadmin
154 | pma
155 | edit
156 | master
157 | xml
158 | control
159 | profile
160 | zhidao
161 | tool
162 | toolbox
163 | boss
164 | activity
165 | www
166 | smtp
167 | webmail
168 | mx
169 | pop3
170 | ns1
171 | ns2
172 | webdisk
173 | www2
174 | news
175 | cpanel
176 | whm
177 | shop
178 | sip
179 | ns
180 | mobile
181 | www1
182 | email
183 | support
184 | mail2
185 | media
186 | lyncdiscover
187 | secure
188 | video
189 | my
190 | staging
191 | images
192 | dns
193 | info
194 | ns3
195 | mail1
196 | intranet
197 | cdn
198 | lists
199 | dns1
200 | www3
201 | dns2
202 | mobilemail
203 | store
204 | remote
205 | cn
206 | owa
207 | cs
208 | stage
209 | online
210 | jobs
211 | calendar
212 | community
213 | forums
214 | services
215 | dialin
216 | chat
217 | meet
218 | blogs
219 | hr
220 | office
221 | ww
222 | ftp2
223 | legacy
224 | b2b
225 | ns4
226 | v
227 | pda
228 | events
229 | av
230 | edu
231 | down
232 | ads
233 | health
234 | es
235 | english
236 | ad
237 | extranet
238 | helpdesk
239 | training
240 | photo
241 | finance
242 | tv
243 | fr
244 | sc
245 | job
246 | cloud
247 | im
248 | careers
249 | game
250 | archive
251 | get
252 | gis
253 | access
254 | member
255 | mx1
256 | newsletter
257 | de
258 | qa
259 | direct
260 | alumni
261 | mx2
262 | hk
263 | sp
264 | gw
265 | relay
266 | jp
267 | content
268 | file
269 | citrix
270 | vpn2
271 | soft
272 | ssl
273 | server
274 | club
275 | ws
276 | host
277 | book
278 | www4
279 | sh
280 | tools
281 | mail3
282 | ms
283 | mailhost
284 | ca
285 | ntp
286 | ask
287 | sites
288 | sz
289 | spam
290 | wwww
291 | tw
292 | videos
293 | send
294 | music
295 | project
296 | uk
297 | start
298 | mall
299 | ns5
300 | outlook
301 | reports
302 | us
303 | partner
304 | mssql
305 | bj
306 | sharepoint
307 | link
308 | metrics
309 | partners
310 | smtp2
311 | webproxy
312 | mdm
313 | marketing
314 | ts
315 | security
316 | map
317 | ir
318 | fs
319 | origin
320 | travel
321 | feeds
322 | meeting
323 | u
324 | photos
325 | hq
326 | tj
327 | research
328 | pt
329 | members
330 | ru
331 | bm
332 | business
333 | eq
334 | cc
335 | w3
336 | student
337 | auto
338 | dx
339 | p
340 | rs
341 | dns3
342 | vc
343 | gmail
344 | uc
345 | press
346 | web1
347 | localhost
348 | ent
349 | tuan
350 | dj
351 | web2
352 | ss
353 | cnc
354 | vpn1
355 | pay
356 | time
357 | sx
358 | hd
359 | games
360 | lt
361 | projects
362 | g
363 | sales
364 | stream
365 | gb
366 | forms
367 | www5
368 | wt
369 | abc
370 | weather
371 | zb
372 | smtp1
373 | maps
374 | x
375 | register
376 | design
377 | radio
378 | software
379 | china
380 | math
381 | open
382 | view
383 | fax
384 | event
385 | pm
386 | test1
387 | alpha
388 | irc
389 | sg
390 | cq
391 | ftp1
392 | idc
393 | labs
394 | da
395 | directory
396 | developer
397 | reg
398 | catalog
399 | rss
400 | wh
401 | sd
402 | tg
403 | bb
404 | digital
405 | hb
406 | house
407 | site
408 | conference
409 | rt
410 | temp
411 | fw
412 | tz
413 | tech
414 | education
415 | biz
416 | f
417 | gallery
418 | gh
419 | car
420 | dc
421 | agent
422 | mis
423 | eng
424 | flash
425 | cx
426 | pub
427 | ticket
428 | doc
429 | card
430 | account
431 | code
432 | promo
433 | net
434 | kb
435 | jk
436 | social
437 | sports
438 | ems
439 | tp
440 | public
441 | mm
442 | pms
443 | mrtg
444 | as
445 | jw
446 | corp
447 | tr
448 | investor
449 | dm
450 | sts
451 | th
452 | bi
453 | 123
454 | st
455 | br
456 | wp
457 | art
458 | shopping
459 | global
460 | money
461 | prod
462 | students
463 | cj
464 | iphone
465 | vps
466 | ag
467 | food
468 | sb
469 | ly
470 | local
471 | sj
472 | server1
473 | testing
474 | brand
475 | sy
476 | buy
477 | life
478 | groups
479 | nl
480 | tour
481 | lms
482 | pro
483 | bc
484 | rtx
485 | hao
486 | exam
487 | fb
488 | in
489 | ams
490 | msoid
491 | idp
492 | vod
493 | cm
494 | dk
495 | hs
496 | usa
497 | ww2
498 | jwc
499 | lp
500 | rsc
501 | jd
502 | cf
503 | rms
504 | ec
505 | jabber
506 | streaming
507 | webdev
508 | dms
509 | investors
510 | bookstore
511 | kr
512 | cd
513 | corporate
514 | mail4
515 | fz
516 | order
517 | transfer
518 | hotel
519 | work
520 | bt
521 | au
522 | pages
523 | sm
524 | client
525 | r
526 | y
527 | audio
528 | cz
529 | ci
530 | se
531 | potala
532 | ch
533 | webservices
534 | dy
535 | cvs
536 | ra
537 | apple
538 | barracuda
539 | ip
540 | ja
541 | mkt
542 | archives
543 | www0
544 | intra
545 | gate
546 | youth
547 | internal
548 | mailgw
549 | customer
550 | linux
551 | registration
552 | movie
553 | mailgate
554 | q
555 | xx
556 | mx3
557 | mars
558 | phone
559 | desktop
560 | ds
561 | zz
562 | love
563 | show
564 | nc
565 | redmine
566 | ce
567 | pl
568 | wireless
569 | inside
570 | fx
571 | mp
572 | hz
573 | listserv
574 | analytics
575 | ks
576 | redirect
577 | accounts
578 | report
579 | hermes
580 | ae
581 | mobi
582 | ps
583 | edge
584 | resources
585 | img1
586 | law
587 | pr
588 | international
589 | ml
590 | trac
591 | rd
592 | market
593 | mailer
594 | cert
595 | hg
596 | cl
597 | img2
598 | development
599 | gs
600 | google
601 | space
602 | www6
603 | gd
604 | post
605 | voip
606 | ac
607 | push
608 | m2
609 | sq
610 | fc
611 | ar
612 | asp
613 | dr
614 | seo
615 | mobil
616 | sync
617 | kf
618 | be
619 | about
620 | mail01
621 | sns
622 | board
623 | pc
624 | links
625 | jj
626 | history
627 | mailman
628 | campus
629 | mms
630 | storage
631 | ns0
632 | cdn2
633 | cacti
634 | hy
635 | enterprise
636 | noc
637 | ic
638 | cgi
639 | track
640 | world
641 | act
642 | wl
643 | product
644 | ls
645 | sf
646 | affiliates
647 | android
648 | payment
649 | n
650 | gz
651 | web3
652 | learning
653 | signup
654 | z
655 | tao
656 | top
657 | wifi
658 | yy
659 | password
660 | cw
661 | wm
662 | ess
663 | ex
664 | resource
665 | print
666 | gc
667 | w2
668 | canada
669 | cr
670 | mc
671 | 0
672 | me
673 | keys
674 | sentry
675 | smtp3
676 | journal
677 | mt
678 | team
679 | orion
680 | edi
681 | test3
682 | tc
683 | main
684 | zs
685 | faq
686 | click
687 | hub
688 | tu
689 | golf
690 | phoenix
691 | bd
692 | build
693 | free
694 | ee
695 | int
696 | cdn1
697 | v2
698 | sa
699 | pos
700 | fi
701 | router
702 | rc
703 | mirror
704 | tracker
705 | ct
706 | special
707 | cal
708 | ns6
709 | atlas
710 | ids
711 | affiliate
712 | nj
713 | tt
714 | nz
715 | db1
716 | bg
717 | mercury
718 | family
719 | courses
720 | ipv6
721 | jupiter
722 | no
723 | venus
724 | nb
725 | beijing
726 | summer
727 | ma
728 | yp
729 | ocs
730 | star
731 | traveler
732 | multimedia
733 | fm
734 | study
735 | lb
736 | up
737 | shanghai
738 | bk
739 | www7
740 | join
741 | tfs
742 | feed
743 | h
744 | ns01
745 | php
746 | stock
747 | km
748 | books
749 | eu
750 | md
751 | 2013
752 | whois
753 | sw
754 | mailserver
755 | mb
756 | tms
757 | monitoring
758 | ys
759 | ga
760 | radius
761 | group
762 | mtest
763 | j
764 | www8
765 | wb
766 | m1
767 | billing
768 | aaa
769 | pf
770 | products
771 | faculty
772 | em
773 | opac
774 | cis
775 | xmpp
776 | nanjing
777 | taobao
778 | zp
779 | teacher
780 | co
781 | contact
782 | nt
783 | ky
784 | qq
785 | mp3
786 | gps
787 | hn
788 | users
789 | gl
790 | domain
791 | newsroom
792 | dh
793 | csc
794 | repo
795 | zw
796 | ismart
797 | pp
798 | gg
799 | wms
800 | ims
801 | www9
802 | 2014
803 | solutions
804 | at
805 | bak
806 | sl
807 | cwc
808 | firewall
809 | wordpress
810 | school
811 | nms
812 | developers
813 | pki
814 | pe
815 | v2-ag
816 | devel
817 | hp
818 | titan
819 | pluto
820 | kids
821 | sport
822 | mail5
823 | server2
824 | nas
825 | xh
826 | ap
827 | red
828 | mas
829 | translate
830 | dealer
831 | ipad
832 | demo2
833 | 2012
834 | dns4
835 | hh
836 | green
837 | dz
838 | hybrid
839 | discover
840 | adserver
841 | japan
842 | mi
843 | xf
844 | zeus
845 | am
846 | people
847 | aa
848 | win
849 | sk
850 | db2
851 | jenkins
852 | xb
853 | oss
854 | sdc
855 | wc
856 | its
857 | dw
858 | yun
859 | acs
860 | asia
861 | daj
862 | webadmin
863 | crl
864 | ebook
865 | mag
866 | csg
867 | blue
868 | bank
869 | one
870 | o
871 | horizon
872 | orders
873 | apis


--------------------------------------------------------------------------------
/subDomainsBrute/dict/subnames_all_5_letters.txt:
--------------------------------------------------------------------------------
1 | {alphnum}
2 | {alphnum}{alphnum}
3 | {alphnum}{alphnum}{alphnum}
4 | {alphnum}{alphnum}{alphnum}{alphnum}
5 | {alphnum}{alphnum}{alphnum}{alphnum}{alphnum}


--------------------------------------------------------------------------------
/subDomainsBrute/lib/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/5alt/ZeroScan/6811ca6a03cf7d6d4cdb81498a9391e175ae6aa0/subDomainsBrute/lib/__init__.py


--------------------------------------------------------------------------------
/subDomainsBrute/lib/consle_width.py:
--------------------------------------------------------------------------------
 1 | """ getTerminalSize()
 2 |  - get width and height of console
 3 |  - works on linux,os x,windows,cygwin(windows)
 4 | """
 5 | 
 6 | __all__ = ['getTerminalSize']
 7 | 
 8 | 
 9 | def getTerminalSize():
10 |     import platform
11 |     current_os = platform.system()
12 |     tuple_xy = None
13 |     if current_os == 'Windows':
14 |         tuple_xy = _getTerminalSize_windows()
15 |         if tuple_xy is None:
16 |             tuple_xy = _getTerminalSize_tput()
17 |             # needed for window's python in cygwin's xterm!
18 |     if current_os == 'Linux' or current_os == 'Darwin' or current_os.startswith('CYGWIN'):
19 |         tuple_xy = _getTerminalSize_linux()
20 |     if tuple_xy is None:
21 |         print "default"
22 |         tuple_xy = (80, 25)  # default value
23 |     return tuple_xy
24 | 
25 | 
26 | def _getTerminalSize_windows():
27 |     res = None
28 |     try:
29 |         from ctypes import windll, create_string_buffer
30 | 
31 |         # stdin handle is -10
32 |         # stdout handle is -11
33 |         # stderr handle is -12
34 | 
35 |         h = windll.kernel32.GetStdHandle(-12)
36 |         csbi = create_string_buffer(22)
37 |         res = windll.kernel32.GetConsoleScreenBufferInfo(h, csbi)
38 |     except:
39 |         return None
40 |     if res:
41 |         import struct
42 |         (bufx, bufy, curx, cury, wattr,
43 |          left, top, right, bottom, maxx, maxy) = struct.unpack("hhhhHhhhhhh", csbi.raw)
44 |         sizex = right - left + 1
45 |         sizey = bottom - top + 1
46 |         return sizex, sizey
47 |     else:
48 |         return None
49 | 
50 | 
51 | def _getTerminalSize_tput():
52 |     # get terminal width
53 |     # src: http://stackoverflow.com/questions/263890/how-do-i-find-the-width-height-of-a-terminal-window
54 |     try:
55 |         import subprocess
56 |         proc = subprocess.Popen(["tput", "cols"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
57 |         output = proc.communicate(input=None)
58 |         cols = int(output[0])
59 |         proc = subprocess.Popen(["tput", "lines"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
60 |         output = proc.communicate(input=None)
61 |         rows = int(output[0])
62 |         return (cols, rows)
63 |     except:
64 |         return None
65 | 
66 | 
67 | def _getTerminalSize_linux():
68 |     def ioctl_GWINSZ(fd):
69 |         try:
70 |             import fcntl, termios, struct, os
71 |             cr = struct.unpack('hh', fcntl.ioctl(fd, termios.TIOCGWINSZ, '1234'))
72 |         except:
73 |             return None
74 |         return cr
75 | 
76 |     cr = ioctl_GWINSZ(0) or ioctl_GWINSZ(1) or ioctl_GWINSZ(2)
77 |     if not cr:
78 |         try:
79 |             fd = os.open(os.ctermid(), os.O_RDONLY)
80 |             cr = ioctl_GWINSZ(fd)
81 |             os.close(fd)
82 |         except:
83 |             pass
84 |     if not cr:
85 |         try:
86 |             cr = (env['LINES'], env['COLUMNS'])
87 |         except:
88 |             return None
89 |     return int(cr[1]), int(cr[0])
90 | 
91 | 
92 | if __name__ == "__main__":
93 |     sizex, sizey = getTerminalSize()
94 |     print  'width =', sizex, 'height =', sizey
95 | 


--------------------------------------------------------------------------------
/subDomainsBrute/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/5alt/ZeroScan/6811ca6a03cf7d6d4cdb81498a9391e175ae6aa0/subDomainsBrute/screenshot.png


--------------------------------------------------------------------------------
/subDomainsBrute/subDomainsBrute.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- encoding: utf-8 -*-
  3 | """
  4 |     subDomainsBrute 1.0.6
  5 |     A simple and fast sub domains brute tool for pentesters
  6 |     my[at]lijiejie.com (http://www.lijiejie.com)
  7 | """
  8 | 
  9 | import gevent
 10 | from gevent import monkey
 11 | monkey.patch_all()
 12 | from gevent.pool import Pool
 13 | from gevent.queue import PriorityQueue
 14 | import sys
 15 | import re
 16 | import dns.resolver
 17 | import time
 18 | import optparse
 19 | import os
 20 | from lib.consle_width import getTerminalSize
 21 | 
 22 | 
 23 | class SubNameBrute:
 24 |     def __init__(self, target, options):
 25 |         self.start_time = time.time()
 26 |         self.target = target.strip()
 27 |         self.options = options
 28 |         self.ignore_intranet = options.i
 29 |         self.scan_count = self.found_count = 0
 30 |         self.console_width = getTerminalSize()[0] - 2
 31 |         self.resolvers = [dns.resolver.Resolver(configure=False) for _ in range(options.threads)]
 32 |         for _ in self.resolvers:
 33 |             _.lifetime = _.timeout = 10.0
 34 |         self.print_count = 0
 35 |         self.STOP_ME = False
 36 |         self._load_dns_servers()
 37 |         self._load_next_sub()
 38 |         self.queue = PriorityQueue()
 39 |         self.priority = 0
 40 |         self._load_sub_names()
 41 |         if options.output:
 42 |             outfile = options.output
 43 |         else:
 44 |             _name = os.path.basename(self.options.file).replace('subnames', '')
 45 |             if _name != '.txt':
 46 |                 _name = '_' + _name
 47 |             outfile = target + _name if not options.full_scan else target + '_full' + _name
 48 |         self.outfile = open(outfile, 'w')
 49 |         self.ip_dict = {}
 50 |         self.found_subs = set()
 51 |         self.ex_resolver = dns.resolver.Resolver(configure=False)
 52 |         self.ex_resolver.nameservers = self.dns_servers
 53 | 
 54 |     def _load_dns_servers(self):
 55 |         print '[+] Validate DNS servers ...'
 56 |         self.dns_servers = []
 57 |         pool = Pool(30)
 58 |         for server in open('dict/dns_servers.txt').xreadlines():
 59 |             server = server.strip()
 60 |             if server:
 61 |                 pool.apply_async(self._test_server, (server,))
 62 |         pool.join()
 63 | 
 64 |         self.dns_count = len(self.dns_servers)
 65 |         sys.stdout.write('\n')
 66 |         print '[+] Found %s available DNS Servers in total' % self.dns_count
 67 |         if self.dns_count == 0:
 68 |             print '[ERROR] No DNS Servers available.'
 69 |             sys.exit(-1)
 70 | 
 71 |     def _test_server(self, server):
 72 |         resolver = dns.resolver.Resolver()
 73 |         resolver.lifetime = resolver.timeout = 10.0
 74 |         try:
 75 |             resolver.nameservers = [server]
 76 |             answers = resolver.query('public-dns-a.baidu.com')    # test lookup a existed domain
 77 |             if answers[0].address != '180.76.76.76':
 78 |                 raise Exception('incorrect DNS response')
 79 |             try:
 80 |                 resolver.query('test.bad.dns.lijiejie.com')    # Non-existed domain test
 81 |                 with open('bad_dns_servers.txt', 'a') as f:
 82 |                     f.write(server + '\n')
 83 |                 self._print_msg('[+] Bad DNS Server found %s' % server)
 84 |             except:
 85 |                 self.dns_servers.append(server)
 86 |             self._print_msg('[+] Check DNS Server %s < OK >   Found %s' % (server.ljust(16), len(self.dns_servers)))
 87 |         except:
 88 |             self._print_msg('[+] Check DNS Server %s <Fail>   Found %s' % (server.ljust(16), len(self.dns_servers)))
 89 | 
 90 |     def _load_sub_names(self):
 91 |         self._print_msg('[+] Load sub names ...')
 92 |         if self.options.full_scan and self.options.file == 'subnames.txt':
 93 |             _file = 'dict/subnames_full.txt'
 94 |         else:
 95 |             if os.path.exists(self.options.file):
 96 |                 _file = self.options.file
 97 |             elif os.path.exists('dict/%s' % self.options.file):
 98 |                 _file = 'dict/%s' % self.options.file
 99 |             else:
100 |                 self._print_msg('[ERROR] Names file not exists: %s' % self.options.file)
101 |                 exit(-1)
102 | 
103 |         normal_lines = []
104 |         wildcard_lines = []
105 |         wildcard_list = []
106 |         regex_list = []
107 |         lines = set()
108 |         with open(_file) as f:
109 |             for line in f.xreadlines():
110 |                 sub = line.strip()
111 |                 if not sub or sub in lines:
112 |                     continue
113 |                 lines.add(sub)
114 | 
115 |                 if sub.find('{alphnum}') >= 0 or sub.find('{alpha}') >= 0 or sub.find('{num}') >= 0:
116 |                     wildcard_lines.append(sub)
117 |                     sub = sub.replace('{alphnum}', '[a-z0-9]')
118 |                     sub = sub.replace('{alpha}', '[a-z]')
119 |                     sub = sub.replace('{num}', '[0-9]')
120 |                     if sub not in wildcard_list:
121 |                         wildcard_list.append(sub)
122 |                         regex_list.append('^' + sub + '$')
123 |                 else:
124 |                     normal_lines.append(sub)
125 |         pattern = '|'.join(regex_list)
126 |         if pattern:
127 |             _regex = re.compile(pattern)
128 |             if _regex:
129 |                 for line in normal_lines[:]:
130 |                     if _regex.search(line):
131 |                         normal_lines.remove(line)
132 | 
133 |         for item in normal_lines:
134 |             self.priority += 1
135 |             self.queue.put((self.priority, item))
136 | 
137 |         for item in wildcard_lines:
138 |             self.queue.put((88888888, item))
139 | 
140 |     def _load_next_sub(self):
141 |         self._print_msg('[+] Load next level subs ...')
142 |         self.next_subs = []
143 |         _set = set()
144 |         _file = 'dict/next_sub.txt' if not self.options.full_scan else 'dict/next_sub_full.txt'
145 |         with open(_file) as f:
146 |             for line in f:
147 |                 sub = line.strip()
148 |                 if sub and sub not in self.next_subs:
149 |                     tmp_set = {sub}
150 |                     while len(tmp_set) > 0:
151 |                         item = tmp_set.pop()
152 |                         if item.find('{alphnum}') >= 0:
153 |                             for _letter in 'abcdefghijklmnopqrstuvwxyz0123456789':
154 |                                 tmp_set.add(item.replace('{alphnum}', _letter, 1))
155 |                         elif item.find('{alpha}') >= 0:
156 |                             for _letter in 'abcdefghijklmnopqrstuvwxyz':
157 |                                 tmp_set.add(item.replace('{alpha}', _letter, 1))
158 |                         elif item.find('{num}') >= 0:
159 |                             for _letter in '0123456789':
160 |                                 tmp_set.add(item.replace('{num}', _letter, 1))
161 |                         elif item not in _set:
162 |                             _set.add(item)
163 |                             self.next_subs.append(item)
164 | 
165 |     def _print_msg(self, _msg=None, _found_msg=False):
166 |         if _msg is None:
167 |             self.print_count += 1
168 |             if self.print_count < 100:
169 |                 return
170 |             self.print_count = 0
171 |             msg = '%s Found| %s Groups| %s scanned in %.1f seconds' % (
172 |                 self.found_count, self.queue.qsize(), self.scan_count, time.time() - self.start_time)
173 |             sys.stdout.write('\r' + ' ' * (self.console_width - len(msg)) + msg)
174 |         elif _msg.startswith('[+] Check DNS Server'):
175 |             sys.stdout.write('\r' + _msg + ' ' * (self.console_width - len(_msg)))
176 |         else:
177 |             sys.stdout.write('\r' + _msg + ' ' * (self.console_width - len(_msg)) + '\n')
178 |             if _found_msg:
179 |                 msg = '%s Found| %s Groups| %s scanned in %.1f seconds' % (
180 |                     self.found_count, self.queue.qsize(), self.scan_count, time.time() - self.start_time)
181 |                 sys.stdout.write('\r' + ' ' * (self.console_width - len(msg)) + msg)
182 |         sys.stdout.flush()
183 | 
184 |     @staticmethod
185 |     def is_intranet(ip):
186 |         ret = ip.split('.')
187 |         if len(ret) != 4:
188 |             return True
189 |         if ret[0] == '10':
190 |             return True
191 |         if ret[0] == '172' and 16 <= int(ret[1]) <= 32:
192 |             return True
193 |         if ret[0] == '192' and ret[1] == '168':
194 |             return True
195 |         return False
196 | 
197 |     def put_item(self, item):
198 |         num = item.count('{alphnum}') + item.count('{alpha}') + item.count('{num}')
199 |         if num == 0:
200 |             self.priority += 1
201 |             self.queue.put((self.priority, item))
202 |         else:
203 |             self.queue.put((self.priority + num * 10000000, item))
204 | 
205 |     def _scan(self, j):
206 |         self.resolvers[j].nameservers = [self.dns_servers[j % self.dns_count]]
207 |         while not self.queue.empty():
208 |             try:
209 |                 item = self.queue.get(timeout=1.0)[1]
210 |                 self.scan_count += 1
211 |             except:
212 |                 break
213 |             self._print_msg()
214 |             try:
215 |                 if item.find('{alphnum}') >= 0:
216 |                     for _letter in 'abcdefghijklmnopqrstuvwxyz0123456789':
217 |                         self.put_item(item.replace('{alphnum}', _letter, 1))
218 |                     continue
219 |                 elif item.find('{alpha}') >= 0:
220 |                     for _letter in 'abcdefghijklmnopqrstuvwxyz':
221 |                         self.put_item(item.replace('{alpha}', _letter, 1))
222 |                     continue
223 |                 elif item.find('{num}') >= 0:
224 |                     for _letter in '0123456789':
225 |                         self.put_item(item.replace('{num}', _letter, 1))
226 |                     continue
227 |                 elif item.find('{next_sub}') >= 0:
228 |                     for _ in self.next_subs:
229 |                         self.queue.put((0, item.replace('{next_sub}', _, 1)))
230 |                     continue
231 |                 else:
232 |                     sub = item
233 | 
234 |                 if sub in self.found_subs:
235 |                     continue
236 | 
237 |                 cur_sub_domain = sub + '.' + self.target
238 |                 _sub = sub.split('.')[-1]
239 |                 try:
240 |                     answers = self.resolvers[j].query(cur_sub_domain)
241 |                 except dns.resolver.NoAnswer, e:
242 |                     answers = self.ex_resolver.query(cur_sub_domain)
243 | 
244 |                 if answers:
245 |                     self.found_subs.add(sub)
246 |                     ips = ', '.join(sorted([answer.address for answer in answers]))
247 |                     if ips in ['1.1.1.1', '127.0.0.1', '0.0.0.0']:
248 |                         continue
249 | 
250 |                     if self.ignore_intranet and SubNameBrute.is_intranet(answers[0].address):
251 |                         continue
252 | 
253 |                     try:
254 |                         self.scan_count += 1
255 |                         answers = self.resolvers[j].query(cur_sub_domain, 'cname')
256 |                         cname = answers[0].target.to_unicode().rstrip('.')
257 |                         if cname.endswith(self.target) and cname not in self.found_subs:
258 |                             self.found_subs.add(cname)
259 |                             cname_sub = cname[:len(cname) - len(self.target) - 1]    # new sub
260 |                             self.queue.put((0, cname_sub))
261 | 
262 |                     except:
263 |                         pass
264 | 
265 |                     if (_sub, ips) not in self.ip_dict:
266 |                         self.ip_dict[(_sub, ips)] = 1
267 |                     else:
268 |                         self.ip_dict[(_sub, ips)] += 1
269 | 
270 |                     if ips not in self.ip_dict:
271 |                         self.ip_dict[ips] = 1
272 |                     else:
273 |                         self.ip_dict[ips] += 1
274 | 
275 |                     if self.ip_dict[(_sub, ips)] > 3 or self.ip_dict[ips] > 6:
276 |                         continue
277 | 
278 |                     self.found_count += 1
279 |                     msg = cur_sub_domain.ljust(30) + ips
280 |                     self._print_msg(msg, _found_msg=True)
281 |                     self._print_msg()
282 |                     self.outfile.write(cur_sub_domain.ljust(30) + '\t' + ips + '\n')
283 |                     self.outfile.flush()
284 |                     try:
285 |                         self.resolvers[j].query('lijiejietest.' + cur_sub_domain)
286 |                     except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer) as e:
287 |                         self.queue.put((999999999, '{next_sub}.' + sub))
288 |                     except:
289 |                         pass
290 | 
291 |             except (dns.resolver.NXDOMAIN, dns.name.EmptyLabel) as e:
292 |                 pass
293 |             except (dns.resolver.NoNameservers, dns.resolver.NoAnswer, dns.exception.Timeout) as e:
294 |                 pass
295 |             except Exception as e:
296 |                 import traceback
297 |                 traceback.print_exc()
298 |                 with open('errors.log', 'a') as errFile:
299 |                     errFile.write('[%s] %s %s\n' % (type(e), cur_sub_domain, e))
300 |             self._print_msg()
301 | 
302 |     def run(self):
303 |         threads = [gevent.spawn(self._scan, i) for i in range(self.options.threads)]
304 | 
305 |         try:
306 |             gevent.joinall(threads)
307 |         except KeyboardInterrupt, e:
308 |             msg = '[WARNING] User aborted.'
309 |             sys.stdout.write('\r' + msg + ' ' * (self.console_width - len(msg)) + '\n\r')
310 |             sys.stdout.flush()
311 | 
312 | 
313 | if __name__ == '__main__':
314 |     parser = optparse.OptionParser('usage: %prog [options] target.com', version="%prog 1.0.6")
315 |     parser.add_option('-f', dest='file', default='subnames.txt',
316 |                       help='File contains new line delimited subs, default is subnames.txt.')
317 |     parser.add_option('--full', dest='full_scan', default=False, action='store_true',
318 |                       help='Full scan, NAMES FILE subnames_full.txt will be used to brute')
319 |     parser.add_option('-i', '--ignore-intranet', dest='i', default=False, action='store_true',
320 |                       help='Ignore domains pointed to private IPs')
321 |     parser.add_option('-t', '--threads', dest='threads', default=100, type=int,
322 |                       help='Num of scan threads, 100 by default')
323 |     parser.add_option('-o', '--output', dest='output', default=None,
324 |                       type='string', help='Output file name. default is {target}.txt')
325 | 
326 |     (options, args) = parser.parse_args()
327 |     if len(args) < 1:
328 |         parser.print_help()
329 |         sys.exit(0)
330 | 
331 |     d = SubNameBrute(target=args[0], options=options)
332 |     d.run()
333 |     d.outfile.flush()
334 |     d.outfile.close()
335 | 


--------------------------------------------------------------------------------
/takeover/cloudfront.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | APEX_VALUES          = None
 4 | CNAME_VALUE          = [".cloudfront.net"]
 5 | RESPONSE_FINGERPRINT = "The request could not be satisfied"
 6 | 
 7 | def detector(domain, ip, cname):
 8 | 	if APEX_VALUES:
 9 | 		if ip in APEX_VALUES:
10 | 			return True
11 | 	if filter(lambda x: x in cname, CNAME_VALUE):
12 | 		try:
13 | 			if RESPONSE_FINGERPRINT in requests.get('http://%s' % domain).text:
14 | 				return True
15 | 		except Exception as e:
16 | 			pass
17 | 	return False


--------------------------------------------------------------------------------
/takeover/github_pages.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | APEX_VALUES          = ['192.30.252.153', '192.30.252.154', '185.199.108.153', '185.199.109.153', '185.199.110.153', '185.199.111.153']
 4 | CNAME_VALUE          = [".github.io"]
 5 | RESPONSE_FINGERPRINT = "There isn't a GitHub Pages site here."
 6 | 
 7 | def detector(domain, ip, cname):
 8 | 	if APEX_VALUES:
 9 | 		if ip in APEX_VALUES:
10 | 			return True
11 | 	if filter(lambda x: x in cname, CNAME_VALUE):
12 | 		return True
13 | 	try:
14 | 		if RESPONSE_FINGERPRINT in requests.get('http://%s' % domain).text:
15 | 			return True
16 | 	except Exception as e:
17 | 		pass
18 | 	return False


--------------------------------------------------------------------------------
/takeover/heroku.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | APEX_VALUES          = None
 4 | CNAME_VALUE          = ['.herokudns.com', '.herokussl.com', '.herokuapp.com']
 5 | RESPONSE_FINGERPRINT = "<title>No such app</title>"
 6 | 
 7 | def detector(domain, ip, cname):
 8 | 	if APEX_VALUES:
 9 | 		if ip in APEX_VALUES:
10 | 			return True
11 | 	#if CNAME_VALUE in cname:
12 | 	if filter(lambda x: x in cname, CNAME_VALUE):
13 | 		try:
14 | 			if RESPONSE_FINGERPRINT in requests.get('http://%s' % domain).text:
15 | 				return True
16 | 		except Exception as e:
17 | 			pass
18 | 	return False


--------------------------------------------------------------------------------
/takeover/herokudns.py:
--------------------------------------------------------------------------------
 1 | # https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
 2 | # https://xz.aliyun.com/t/4673
 3 | import requests
 4 | from tools import resolve_host_ip
 5 | 
 6 | APEX_VALUES          = None
 7 | CNAME_VALUE          = [".herokudns.com"]
 8 | 
 9 | def detector(domain, ip, cname):
10 | 	if APEX_VALUES:
11 | 		if ip in APEX_VALUES:
12 | 			return True
13 | 	if filter(lambda x: x in cname, CNAME_VALUE):
14 | 		try:
15 | 			if resolve_host_ip(cname):
16 | 				return True
17 | 		except Exception as e:
18 | 			pass
19 | 	return False
20 | 


--------------------------------------------------------------------------------
/takeover/instapage.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | APEX_VALUES          = None
 4 | CNAME_VALUE          = ["pageserve.co", "secure.pageserve.co"]
 5 | RESPONSE_FINGERPRINT = "You've Discovered A Missing Link. Our Apologies!"
 6 | 
 7 | def detector(domain, ip, cname):
 8 | 	if APEX_VALUES:
 9 | 		if ip in APEX_VALUES:
10 | 			return True
11 | 	if filter(lambda x: x in cname, CNAME_VALUE):
12 | 		return True
13 | 	try:
14 | 		if RESPONSE_FINGERPRINT in requests.get('http://%s' % domain).text:
15 | 			return True
16 | 	except Exception as e:
17 | 		pass
18 | 	return False


--------------------------------------------------------------------------------
/takeover/microsoft_azure_cloudapp.py:
--------------------------------------------------------------------------------
 1 | # https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
 2 | # https://xz.aliyun.com/t/4673
 3 | import requests
 4 | from tools import resolve_host_ip
 5 | 
 6 | APEX_VALUES          = None
 7 | CNAME_VALUE          = [".cloudapp.azure.com"]
 8 | 
 9 | def detector(domain, ip, cname):
10 | 	if APEX_VALUES:
11 | 		if ip in APEX_VALUES:
12 | 			return True
13 | 	if filter(lambda x: x in cname, CNAME_VALUE):
14 | 		try:
15 | 			if resolve_host_ip(cname):
16 | 				return True
17 | 		except Exception as e:
18 | 			pass
19 | 	return False
20 | 


--------------------------------------------------------------------------------
/takeover/microsoft_trafficmanager.py:
--------------------------------------------------------------------------------
 1 | # https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
 2 | # https://xz.aliyun.com/t/4673
 3 | import requests
 4 | from tools import resolve_host_ip
 5 | 
 6 | APEX_VALUES          = None
 7 | CNAME_VALUE          = [".trafficmanager.net", ".trafficmanager.cn"]
 8 | 
 9 | def detector(domain, ip, cname):
10 | 	if APEX_VALUES:
11 | 		if ip in APEX_VALUES:
12 | 			return True
13 | 	if filter(lambda x: x in cname, CNAME_VALUE):
14 | 		try:
15 | 			if resolve_host_ip(cname):
16 | 				return True
17 | 		except Exception as e:
18 | 			pass
19 | 	return False
20 | 


--------------------------------------------------------------------------------
/takeover/s3.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | APEX_VALUES          = None
 4 | CNAME_VALUE          = [".amazonaws.com"]
 5 | RESPONSE_FINGERPRINT = "NoSuchBucket"
 6 | 
 7 | def detector(domain, ip, cname):
 8 | 	if APEX_VALUES:
 9 | 		if ip in APEX_VALUES:
10 | 			return True
11 | 	#if CNAME_VALUE in cname:
12 | 	if filter(lambda x: x in cname, CNAME_VALUE):
13 | 		try:
14 | 			if RESPONSE_FINGERPRINT in requests.get('http://%s' % domain).text:
15 | 				return True
16 | 		except Exception as e:
17 | 			pass
18 | 	return False


--------------------------------------------------------------------------------
/takeover/shopify.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | APEX_VALUES          = ['23.227.38.32']
 4 | CNAME_VALUE          = ["shops.myshopify.com"]
 5 | RESPONSE_FINGERPRINT = "Sorry, this shop is currently unavailable."
 6 | 
 7 | def detector(domain, ip, cname):
 8 | 	if APEX_VALUES:
 9 | 		if ip in APEX_VALUES:
10 | 			return True
11 | 	if filter(lambda x: x in cname, CNAME_VALUE):
12 | 		return True
13 | 	try:
14 | 		if RESPONSE_FINGERPRINT in requests.get('http://%s' % domain).text:
15 | 			return True
16 | 	except Exception as e:
17 | 		pass
18 | 	return False


--------------------------------------------------------------------------------
/takeover/tumblr.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | APEX_VALUES          = ['66.6.44.4']
 4 | CNAME_VALUE          = ["domains.tumblr.com"]
 5 | RESPONSE_FINGERPRINT = "Whatever you were looking for doesn't currently exist at this address."
 6 | 
 7 | def detector(domain, ip, cname):
 8 | 	if APEX_VALUES:
 9 | 		if ip in APEX_VALUES:
10 | 			return True
11 | 	if filter(lambda x: x in cname, CNAME_VALUE):
12 | 		return True
13 | 	try:
14 | 		if RESPONSE_FINGERPRINT in requests.get('http://%s' % domain).text:
15 | 			return True
16 | 	except Exception as e:
17 | 		pass
18 | 	return False


--------------------------------------------------------------------------------
/tools.py:
--------------------------------------------------------------------------------
  1 | # coding=utf8
  2 | import dns.resolver
  3 | import os
  4 | import socket
  5 | import tldextract
  6 | import requests
  7 | import json
  8 | import re
  9 | '''
 10 | answers = dns.resolver.query('www.qq.com', 'CNAME')
 11 | print ' query qname:', answers.qname, ' num ans.', len(answers)
 12 | for rdata in answers:
 13 | 	print ' cname target address:', rdata.target
 14 | '''
 15 | 
 16 | def check_port_service_static(port):
 17 | 	port = str(port)
 18 | 	data = json.load(open("dict/port_service.json", "r"))
 19 | 	return data.get(port)
 20 | 
 21 | def check_port_service_nmap(port):
 22 | 	port = str(port)
 23 | 	f = open("dict/nmap-services.txt", "r")
 24 | 	data = f.read()
 25 | 	for line in data.split("\n"):
 26 | 		parts = line.split(";")
 27 | 		nmap_port = parts[1].split("/")[0]
 28 | 		if port == nmap_port:
 29 | 			return parts[0]
 30 | 	return None
 31 | 
 32 | def check_port_service(host, port):
 33 | 	service = check_port_service_static(port)
 34 | 	if service: return service
 35 | 	service = check_port_service_dynamic(host, port)
 36 | 	if service != "Unknown": return service
 37 | 	service = check_port_service_nmap(port)
 38 | 	if service: return service
 39 | 	return None
 40 | 
 41 | def get_domain(domain):
 42 | 	r = tldextract.extract(domain)
 43 | 	return "%s.%s" % (r.domain, r.suffix)
 44 | 
 45 | def get_cname(domain):
 46 | 	try:
 47 | 		return str(dns.resolver.query(domain, 'CNAME')[0].target).strip('.')
 48 | 	except:
 49 | 		return False
 50 | 
 51 | def get_cdn(domain, cname=None):
 52 | 	'''
 53 | 	cdn if has cname and cname do not match
 54 | 	'''
 55 | 	if not cname:
 56 | 		cname = get_cname(domain)
 57 | 	return get_domain(cname) != get_domain(domain) if cname else False
 58 | 
 59 | def check_extensive_domain(domain):
 60 | 	try:
 61 | 		#dns.resolver.query('fuckyou23333333.'+domain, 'A')
 62 | 		return True, dns.resolver.query('salt66666666666.'+domain, 'A').response.answer[0][0].address
 63 | 	except:
 64 | 		return False, None
 65 | 
 66 | def check_ip(domain):
 67 | 	parts = domain.split('.')
 68 | 	if len(parts) == 4:
 69 | 		for p in parts:
 70 | 			if not p.isdigit():
 71 | 				return False
 72 | 		return True
 73 | 	return False	
 74 | 
 75 | def scanable_subdomain(domain):
 76 | 	ret = []
 77 | 	if check_ip(domain):
 78 | 		return ret
 79 | 	if domain.startswith('*.'):
 80 | 		return [domain[2:]]
 81 | 	if list(domain).count('.') >= 3:
 82 | 		parts = domain.split('.')
 83 | 		ret.append('.'.join(parts[1:]))
 84 | 		ret += scanable_subdomain('.'.join(parts[1:]))
 85 | 	return ret
 86 | 
 87 | def ip2int(ip):
 88 | 	return reduce(lambda x,y:(x<<8)+y,map(int,ip.split('.')))
 89 | 
 90 | def is_internal_ip(ip):
 91 | 	try:
 92 | 		ip = ip2int(ip)
 93 | 	except:
 94 | 		return False
 95 | 	net_a = ip2int('10.255.255.255') >> 24
 96 | 	net_b = ip2int('172.31.255.255') >> 20
 97 | 	net_c = ip2int('192.168.255.255') >> 16
 98 | 	return ip >> 24 == net_a or ip >>20 == net_b or ip >> 16 == net_c
 99 | 
100 | def resolve_host_ip(host):
101 | 	ret = set()
102 | 	try:
103 | 		r = socket.getaddrinfo(host, None)
104 | 		for i in r:
105 | 			if ':' not in i[4][0]:
106 | 				ret.add(i[4][0])
107 | 	except Exception as e:
108 | 		pass
109 | 	return list(ret)
110 | 
111 | def check_cloud(ip):
112 | 	cloud = [u'腾讯云', u'阿里云']
113 | 	ret = requests.get('http://ip.cn/index.php?ip='+ip, headers={'User-Agent': 'curl/7.54.0'}).text
114 | 
115 | 	for c in cloud:
116 | 		if c in ret:
117 | 			return True
118 | 
119 | 	return False
120 | 
121 | def report(data, outname="report.html"):
122 | 	table_first_template = '''<tr>
123 | 			  <th scope="row" rowspan="{num}">{ip}</th>
124 | 			  <td rowspan="{num}">{ports}</td>
125 | 			  <td><a href="http://{domain}">{domain}</a></td>
126 | 			</tr>
127 | 	'''
128 | 
129 | 	table_other_template = '''<tr>
130 | 			  <td><a href="http://{domain}">{domain}</a></td>
131 | 			</tr>
132 | 	'''
133 | 
134 | 	html_file = '''
135 | 	<head>
136 | 	<!-- 最新版本的 Bootstrap 核心 CSS 文件 -->
137 | 	<link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
138 | 
139 | 	<!-- 可选的 Bootstrap 主题文件（一般不用引入） -->
140 | 	<link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
141 | 
142 | 	<!-- 最新的 Bootstrap 核心 JavaScript 文件 -->
143 | 	<script src="https://cdn.bootcss.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
144 | 	</head>
145 | 	<table class="table table-bordered">
146 | 		  <thead>
147 | 			<tr>
148 | 			  <th scope="row">ip</th>
149 | 			  <th>开放端口</th>
150 | 			  <th>绑定域名</th>
151 | 			</tr>
152 | 		  </thead>
153 | 		  <tbody>
154 | 		  %s
155 | 		  </tbody>
156 | 		</table>
157 | 	'''
158 | 	html = ''
159 | 
160 | 	ips =  data.keys()
161 | 	ips.sort()
162 | 
163 | 	for ip in ips:
164 | 		domains = data[ip]["domain"]
165 | 		tmp = []
166 | 		for i in range(len(data[ip]["ports"])):
167 | 			tmp.append("%d(%s)" % (data[ip]["ports"][i], data[ip]["service"][i]))
168 | 		ports = ", ".join(tmp)
169 | 		for i in range(len(domains)):
170 | 			if i == 0:
171 | 				html += table_first_template.format(ip=ip, ports=ports, domain=domains[i], num=len(domains))
172 | 			else:
173 | 				html += table_other_template.format(domain=domains[i])
174 | 
175 | 	with open("show.html", "w") as f:
176 | 		f.write(html_file % html)
177 | 
178 | def check_port_service_dynamic(host, port):
179 | 	TIMEOUT=3
180 | 
181 | 	PROBES=[
182 | 	'\r\n\r\n',
183 | 	'GET / HTTP/1.0\r\n\r\n',
184 | 	'GET / \r\n\r\n',
185 | 	'\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08',
186 | 	'\x80\0\0\x28\x72\xFE\x1D\x13\0\0\0\0\0\0\0\x02\0\x01\x86\xA0\0\x01\x97\x7C\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0',
187 | 	'\x03\0\0\x0b\x06\xe0\0\0\0\0\0',
188 | 	'\0\0\0\xa4\xff\x53\x4d\x42\x72\0\0\0\0\x08\x01\x40\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x40\x06\0\0\x01\0\0\x81\0\x02PC NETWORK PROGRAM 1.0\0\x02MICROSOFT NETWORKS 1.03\0\x02MICROSOFT NETWORKS 3.0\0\x02LANMAN1.0\0\x02LM1.2X002\0\x02Samba\0\x02NT LANMAN 1.0\0\x02NT LM 0.12\0',
189 | 	'\x80\x9e\x01\x03\x01\x00u\x00\x00\x00 \x00\x00f\x00\x00e\x00\x00d\x00\x00c\x00\x00b\x00\x00:\x00\x009\x00\x008\x00\x005\x00\x004\x00\x003\x00\x002\x00\x00/\x00\x00\x1b\x00\x00\x1a\x00\x00\x19\x00\x00\x18\x00\x00\x17\x00\x00\x16\x00\x00\x15\x00\x00\x14\x00\x00\x13\x00\x00\x12\x00\x00\x11\x00\x00\n\x00\x00\t\x00\x00\x08\x00\x00\x06\x00\x00\x05\x00\x00\x04\x00\x00\x03\x07\x00\xc0\x06\x00@\x04\x00\x80\x03\x00\x80\x02\x00\x80\x01\x00\x80\x00\x00\x02\x00\x00\x01\xe4i<+\xf6\xd6\x9b\xbb\xd3\x81\x9f\xbf\x15\xc1@\xa5o\x14,M \xc4\xc7\xe0\xb6\xb0\xb2\x1f\xf9)\xe8\x98',
190 | 	'\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\x08\0\x06\0\x03\x01\0',
191 | 	'< NTP/1.2 >\n',
192 | 	'< NTP/1.1 >\n',
193 | 	'< NTP/1.0 >\n',
194 | 	'\0Z\0\0\x01\0\0\0\x016\x01,\0\0\x08\0\x7F\xFF\x7F\x08\0\0\0\x01\0 \0:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\04\xE6\0\0\0\x01\0\0\0\0\0\0\0\0(CONNECT_DATA=(COMMAND=version))',
195 | 	'\x12\x01\x00\x34\x00\x00\x00\x00\x00\x00\x15\x00\x06\x01\x00\x1b\x00\x01\x02\x00\x1c\x00\x0c\x03\x00\x28\x00\x04\xff\x08\x00\x01\x55\x00\x00\x00\x4d\x53\x53\x51\x4c\x53\x65\x72\x76\x65\x72\x00\x48\x0f\x00\x00',
196 | 	'\0\0\0\0\x44\x42\x32\x44\x41\x53\x20\x20\x20\x20\x20\x20\x01\x04\0\0\0\x10\x39\x7a\0\x01\0\0\0\0\0\0\0\0\0\0\x01\x0c\0\0\0\0\0\0\x0c\0\0\0\x0c\0\0\0\x04',
197 | 	'\x01\xc2\0\0\0\x04\0\0\xb6\x01\0\0\x53\x51\x4c\x44\x42\x32\x52\x41\0\x01\0\0\x04\x01\x01\0\x05\0\x1d\0\x88\0\0\0\x01\0\0\x80\0\0\0\x01\x09\0\0\0\x01\0\0\x40\0\0\0\x01\x09\0\0\0\x01\0\0\x40\0\0\0\x01\x08\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x01\0\0\x40\0\0\0\x40\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x04\0\0\0\x02\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\0\0\0\0\x01\0\0\x40\0\0\0\0\x04\0\0\0\x04\0\0\x80\0\0\0\x01\x04\0\0\0\x04\0\0\x80\0\0\0\x01\x04\0\0\0\x03\0\0\x80\0\0\0\x01\x04\0\0\0\x04\0\0\x80\0\0\0\x01\x08\0\0\0\x01\0\0\x40\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x10\0\0\0\x01\0\0\x80\0\0\0\x01\x10\0\0\0\x01\0\0\x80\0\0\0\x01\x04\0\0\0\x04\0\0\x40\0\0\0\x01\x09\0\0\0\x01\0\0\x40\0\0\0\x01\x09\0\0\0\x01\0\0\x80\0\0\0\x01\x04\0\0\0\x03\0\0\x80\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\x01\x04\0\0\x01\0\0\x80\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\x40\0\0\0\x01\0\0\0\0\x01\0\0\x40\0\0\0\0\x20\x20\x20\x20\x20\x20\x20\x20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x7f',
198 | 	'\x41\0\0\0\x3a\x30\0\0\xff\xff\xff\xff\xd4\x07\0\0\0\0\0\0test.$cmd\0\0\0\0\0\xff\xff\xff\xff\x1b\0\0\0\x01serverStatus\0\0\0\0\0\0\0\xf0\x3f\0'
199 | 	]
200 | 
201 | 	SIGNS=[
202 | 	'http|^HTTP.*',
203 | 	'ssh|SSH-2.0-OpenSSH.*',
204 | 	'ssh|SSH-1.0-OpenSSH.*',
205 | 	'netbios|^\x79\x08.*BROWSE',
206 | 	'netbios|^\x79\x08.\x00\x00\x00\x00',
207 | 	'netbios|^\x05\x00\x0d\x03',
208 | 	'netbios|^\x83\x00',
209 | 	'netbios|^\x82\x00\x00\x00',
210 | 	'netbios|\x83\x00\x00\x01\x8f',
211 | 	'backdoor-fxsvc|^500 Not Loged in',
212 | 	'backdoor-shell|GET: command',
213 | 	'backdoor-shell|sh: GET:',
214 | 	'bachdoor-shell|[a-z]*sh: .* command not found',
215 | 	'backdoor-shell|^bash[$#]',
216 | 	'backdoor-shell|^sh[$#]',
217 | 	'backdoor-cmdshell|^Microsoft Windows .* Copyright .*>',
218 | 	'db2|.*SQLDB2RA',
219 | 	'db2jds|^N\x00',
220 | 	'dell-openmanage|^\x4e\x00\x0d',
221 | 	'finger|^\r\n	Line	  User',
222 | 	'finger|Line	 User',
223 | 	'finger|Login name: ',
224 | 	'finger|Login.*Name.*TTY.*Idle',
225 | 	'finger|^No one logged on',
226 | 	'finger|^\r\nWelcome',
227 | 	'finger|^finger:',
228 | 	'finger|^must provide username',
229 | 	'finger|finger: GET: ',
230 | 	'ftp|^220.*\n331',
231 | 	'ftp|^220.*\n530',
232 | 	'ftp|^220.*FTP',
233 | 	'ftp|^220 .* Microsoft .* FTP',
234 | 	'ftp|^220 Inactivity timer',
235 | 	'ftp|^220 .* UserGate',
236 | 	'http|^HTTP/0.',
237 | 	'http|^HTTP/1.',
238 | 	'http|<HEAD>.*<BODY>',
239 | 	'http|<HTML>.*',
240 | 	'http|<html>.*',
241 | 	'http|<!DOCTYPE.*',
242 | 	'http|^Invalid requested URL ',
243 | 	'http|.*<?xml',
244 | 	'http|^HTTP/.*\nServer: Apache/1',
245 | 	'http|^HTTP/.*\nServer: Apache/2',
246 | 	'http-iis|.*Microsoft-IIS',
247 | 	'http-iis|^HTTP/.*\nServer: Microsoft-IIS',
248 | 	'http-iis|^HTTP/.*Cookie.*ASPSESSIONID',
249 | 	'http-iis|^<h1>Bad Request .Invalid URL.</h1>',
250 | 	'http-jserv|^HTTP/.*Cookie.*JServSessionId',
251 | 	'http-tomcat|^HTTP/.*Cookie.*JSESSIONID',
252 | 	'http-weblogic|^HTTP/.*Cookie.*WebLogicSession',
253 | 	'http-vnc|^HTTP/.*VNC desktop',
254 | 	'http-vnc|^HTTP/.*RealVNC/',
255 | 	'ldap|^\x30\x0c\x02\x01\x01\x61',
256 | 	'ldap|^\x30\x32\x02\x01',
257 | 	'ldap|^\x30\x33\x02\x01',
258 | 	'ldap|^\x30\x38\x02\x01',
259 | 	'ldap|^\x30\x84',
260 | 	'ldap|^\x30\x45',
261 | 	'smb|^\0\0\0.\xffSMBr\0\0\0\0.*',
262 | 	'msrdp|^\x03\x00\x00\x0b',
263 | 	'msrdp|^\x03\x00\x00\x11',
264 | 	'msrdp|^\x03\0\0\x0b\x06\xd0\0\0\x12.\0$',
265 | 	'msrdp|^\x03\0\0\x17\x08\x02\0\0Z~\0\x0b\x05\x05@\x06\0\x08\x91J\0\x02X$',
266 | 	'msrdp|^\x03\0\0\x11\x08\x02..}\x08\x03\0\0\xdf\x14\x01\x01$',
267 | 	'msrdp|^\x03\0\0\x0b\x06\xd0\0\0\x03.\0$',
268 | 	'msrdp|^\x03\0\0\x0b\x06\xd0\0\0\0\0\0',
269 | 	'msrdp|^\x03\0\0\x0e\t\xd0\0\0\0[\x02\xa1]\0\xc0\x01\n$',
270 | 	'msrdp|^\x03\0\0\x0b\x06\xd0\0\x004\x12\0',
271 | 	'msrdp-proxy|^nmproxy: Procotol byte is not 8\n$',
272 | 	'msrpc|^\x05\x00\x0d\x03\x10\x00\x00\x00\x18\x00\x00\x00\x00\x00',
273 | 	'msrpc|\x05\0\r\x03\x10\0\0\0\x18\0\0\0....\x04\0\x01\x05\0\0\0\0$',
274 | 	'mssql|^\x04\x01\0C..\0\0\xaa\0\0\0/\x0f\xa2\x01\x0e.*',
275 | 	'mssql|^\x05\x6e\x00',
276 | 	'mssql|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15.*',
277 | 	'mssql|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15.*',
278 | 	'mssql|^\x04\x01\x00\x25\x00\x00\x01\x00\x00\x00\x15.*',
279 | 	'mssql|^\x04\x01\x00.\x00\x00\x01\x00\x00\x00\x15.*',
280 | 	'mssql|^\x04\x01\0\x25\0\0\x01\0\0\0\x15\0\x06\x01.*',
281 | 	'mssql|^\x04\x01\x00\x25\x00\x00\x01.*',
282 | 	'telnet|^xff\xfb\x01\xff\xfb\x03\xff\xfb\0\xff\xfd.*',
283 | 	'mssql|;MSSQLSERVER;',
284 | 	'mysql|^\x19\x00\x00\x00\x0a',
285 | 	'mysql|^\x2c\x00\x00\x00\x0a',
286 | 	'mysql|hhost \'',
287 | 	'mysql|khost \'',
288 | 	'mysql|mysqladmin',
289 | 	'mysql|whost \'',
290 | 	'mysql-blocked|^\(\x00\x00',
291 | 	'mysql-secured|this MySQL',
292 | 	'mongodb|^.*version.....([\.\d]+)',
293 | 	'nagiosd|Sorry, you \(.*are not among the allowed hosts...',
294 | 	'nessus|< NTP 1.2 >\x0aUser:',
295 | 	'oracle-tns-listener|\(ERROR_STACK=\(ERROR=\(CODE=',
296 | 	'oracle-tns-listener|\(ADDRESS=\(PROTOCOL=',
297 | 	'oracle-dbsnmp|^\x00\x0c\x00\x00\x04\x00\x00\x00\x00',
298 | 	'oracle-https|^220- ora',
299 | 	'oracle-rmi|\x00\x00\x00\x76\x49\x6e\x76\x61',
300 | 	'oracle-rmi|^\x4e\x00\x09',
301 | 	'postgres|Invalid packet length',
302 | 	'postgres|^EFATAL',
303 | 	'rlogin|login: ',
304 | 	'rlogin|rlogind: ',
305 | 	'rlogin|^\x01\x50\x65\x72\x6d\x69\x73\x73\x69\x6f\x6e\x20\x64\x65\x6e\x69\x65\x64\x2e\x0a',
306 | 	'rpc-nfs|^\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00',
307 | 	'rpc|\x01\x86\xa0',
308 | 	'rpc|\x03\x9b\x65\x42\x00\x00\x00\x01',
309 | 	'rpc|^\x80\x00\x00',
310 | 	'rsync|^@RSYNCD:.*',
311 | 	'smux|^\x41\x01\x02\x00',
312 | 	'snmp-public|\x70\x75\x62\x6c\x69\x63\xa2',
313 | 	'snmp|\x41\x01\x02',
314 | 	'socks|^\x05[\x00-\x08]\x00',
315 | 	'ssh|^SSH-',
316 | 	'ssh|^SSH-.*openssh',
317 | 	'ssl|^..\x04\0.\0\x02',
318 | 	'ssl|^\x16\x03\x01..\x02...\x03\x01',
319 | 	'ssl|^\x16\x03\0..\x02...\x03\0',
320 | 	'ssl|SSL.*GET_CLIENT_HELLO',
321 | 	'ssl|-ERR .*tls_start_servertls',
322 | 	'ssl|^\x16\x03\0\0J\x02\0\0F\x03\0',
323 | 	'ssl|^\x16\x03\0..\x02\0\0F\x03\0',
324 | 	'ssl|^\x15\x03\0\0\x02\x02\.*',
325 | 	'ssl|^\x16\x03\x01..\x02...\x03\x01',
326 | 	'ssl|^\x16\x03\0..\x02...\x03\0',
327 | 	'sybase|^\x04\x01\x00',
328 | 	'telnet|^\xff\xfd',
329 | 	'telnet|Telnet is disabled now',
330 | 	'telnet|^\xff\xfe',
331 | 	'tftp|^\x00[\x03\x05]\x00',
332 | 	'http-tomcat|.*Servlet-Engine',
333 | 	'uucp|^login: password: ',
334 | 	'vnc|^RFB.*',
335 | 	'webmin|.*MiniServ',
336 | 	'webmin|^0\.0\.0\.0:.*:[0-9]',
337 | 	'websphere-javaw|^\x15\x00\x00\x00\x02\x02\x0a']
338 | 
339 | 
340 | 	def prepsigns():
341 | 		signlist=[]
342 | 		for 	item in SIGNS:
343 | 			#print item
344 | 			(label,pattern)=item.split('|',2)
345 | 			sign=(label,pattern)
346 | 			signlist.append(sign)	
347 | 		return signlist	
348 | 		
349 | 	def matchbanner(banner,slist):
350 | 		for item in slist:
351 | 			p=re.compile(item[1])
352 | 			if p.search(banner)!=None:
353 | 				return item[0]
354 | 		return 'Unknown'
355 | 
356 | 	signs = prepsigns()
357 | 
358 | 	sd=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
359 | 	sd.settimeout(TIMEOUT)
360 | 	service='Unknown'
361 | 	try:
362 | 		sd.connect((host,port))
363 | 	except Exception as e:
364 | 		print e
365 | 		pass
366 | 	try:
367 | 		result = sd.recv(256)
368 | 		service=matchbanner(result,signs)
369 | 	except:
370 | 		for probe in PROBES:
371 | 			try:
372 | 				sd.close()
373 | 				sd=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
374 | 				sd.settimeout(TIMEOUT)
375 | 				sd.connect((host,port))
376 | 				sd.sendall(probe)
377 | 			except:
378 | 				continue	
379 | 			try:
380 | 				result = sd.recv(256)
381 | 				service=matchbanner(result,signs)
382 | 				if service!='Unknown':
383 | 					break
384 | 			except Exception as e:
385 | 				pass
386 | 	return service
387 | 
388 | if __name__ == '__main__':
389 | 	print get_cdn('5alt.me')
390 | 


--------------------------------------------------------------------------------