Nmap Port Scanner

Nmap is the industry-standard tool for network discovery and security auditing. FortWatch uses Nmap to discover open ports, identify running services, and fingerprint operating systems on your assets.

What Nmap Scans

FortWatch runs Nmap against each asset with the following configuration:

Port range — Scans the top 1,000 most commonly used ports. This covers the vast majority of services typically exposed on internet-facing servers.
Service detection — Identifies what service is running on each open port (e.g., HTTP, SSH, FTP, MySQL).
Version detection — Determines the specific version of each detected service (e.g., OpenSSH 8.9, nginx 1.24.0).
OS fingerprinting — Attempts to identify the operating system running on the target.

Understanding Port Scan Results

Nmap results are displayed in the asset detail page under the Ports tab. Each entry shows:

Port number — The TCP port (e.g., 80, 443, 22).
State — Whether the port is open, closed, or filtered.
Service — The identified service running on the port.
Version — The detected version of the service, if available.

Why Port Scanning Matters

Open ports represent your attack surface. Every open port is a potential entry point for attackers. Common concerns include:

Unnecessary open ports — Ports like FTP (21), Telnet (23), or database ports (3306, 5432) should not be publicly accessible unless absolutely necessary.
Outdated service versions — Old versions of services may have known, exploitable vulnerabilities.
Unexpected services — Finding a service you did not expect to be running could indicate a misconfiguration or compromise.

Nmap and CDN/WAF

If an asset is behind a CDN or WAF (e.g., Cloudflare), Nmap results may reflect the CDN's infrastructure rather than your origin server. For the most accurate port scan results on CDN-protected assets, consider also adding the origin server's IP address as a separate asset.

← Previous

Nuclei Vulnerability Scanner

Scan Schedules