Skip to content

Configuration: Unusually high number of ports open

Identifier: unusually_high_open_ports

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Hosts that expose an unusually high number of ports to the internet have a wider attack surface than necessary: every additional service is one more component an attacker can probe, fingerprint, and target with vulnerabilities or misconfigurations.

How we test: During port scanning we count, on each host, the open ports observed from a public Escape proxy. If that count strictly exceeds the configured threshold, we raise a low-severity finding so the team can review whether all those services need to be reachable from the internet. The check only runs when at least one public proxy is available.

Configuration

Example

Example configuration:

---
security_tests:
  unusually_high_open_ports:
    detection_threshold: 5
    skip: false

Reference

detection_threshold

Type : integer

Trigger the issue when the number of open ports observed from a public proxy strictly exceeds this threshold.

skip

Type : boolean

Skip the test if true.