ASM Port Scanning¶
Overview¶
Port scanning is a critical component of Attack Surface Management discovery, enabling identification of network services and web applications running on non-standard ports. By probing specific TCP ports on discovered hosts, ASM can detect services that would otherwise remain invisible through standard web discovery methods.
Effective port scanning configuration balances comprehensive service discovery against scan duration and network overhead. This document describes default port scanning behavior and custom port configuration options for tailoring discovery to specific infrastructure requirements.
Default Port Scanning Behavior¶
ASM performs port scanning during Asset discovery using a predefined set of commonly utilized ports. This default port list is optimized to efficiently identify running services while minimizing scan duration and network traffic.
The default port set typically includes:
- Standard web service ports (HTTP, HTTPS)
- Frequently used alternative web ports
- Common API and development service ports
This conservative default approach ensures that the majority of web-accessible services are discovered without exhaustive port enumeration, providing an efficient balance between discovery thoroughness and scan performance.
Custom Port Configuration¶
Port scanning behavior can be customized through the port_scanning.ports configuration parameter in the Global Configuration. This parameter accepts an explicit list of TCP ports to be scanned, enabling precise control over the service discovery process based on organizational infrastructure characteristics.
Configuration Syntax¶
The following configuration demonstrates custom port specification:
port_scanning:
ports:
- 80 # HTTP
- 443 # HTTPS
- 22 # SSH
- 8080 # Alternative HTTP
- 8443 # Alternative HTTPS
- 3000 # Common development port
- 5000 # Common API port
Configuration Behavior¶
Explicit Port List:
When the ports parameter is specified with a non-empty list, only the enumerated ports are scanned. This provides complete control over port scanning scope.
Default Port Fallback:
If the ports parameter is omitted or specified as an empty list, the default set of common ports is scanned. This behavior ensures that service discovery functions without requiring explicit port configuration.
Service Identification:
Port scanning identifies web services and APIs operating on non-standard ports, expanding the discoverable attack surface beyond conventional HTTP/HTTPS ports (80/443).
Use Cases for Custom Port Configuration¶
Custom Application Port Discovery¶
Organizations with applications deployed on non-standard ports can extend the port list to include infrastructure-specific ports. This ensures that all relevant web services are discovered regardless of deployment conventions.
Example Scenario:
An organization deploying microservices on ports 9000-9010 can configure port scanning to include this range, ensuring all service endpoints are identified during discovery.
Scan Optimization¶
Port scanning can be restricted to a minimal set of known application ports to reduce scan duration and network overhead. This optimization is particularly valuable in environments with large host inventories where comprehensive port enumeration would be prohibitively time-consuming.
Example Scenario:
An organization with standardized deployment practices (services only on ports 80, 443, and 8443) can limit port scanning to these three ports, significantly reducing scan time without sacrificing discovery completeness.
Non-Standard Service Detection¶
Internal APIs, development environments, and staging services are frequently hosted on non-standard ports. Custom port configuration ensures these services are included in attack surface visibility.
Example Scenario:
Development APIs running on port 3000 and 5000 can be explicitly included in port scanning configuration, ensuring that pre-production environments are monitored for security vulnerabilities.
Configuration Reference¶
Complete port scanning parameter documentation, including advanced configuration options and default port specifications, is available in the Configuration Reference.
Summary¶
ASM port scanning provides flexible service discovery through both default and custom port configurations. The default port set offers efficient discovery of common web services, while custom port configuration enables precise control for organizations with specific infrastructure characteristics or optimization requirements. Proper port configuration ensures comprehensive attack surface visibility while maintaining scan efficiency.