Back to All Modules

Automated Network Service Validation

#Input Format

Create a CSV containing only approved, discovered services:

host,port,protocol,service
192.0.2.10,443,tcp,https
192.0.2.20,445,tcp,smb
192.0.2.30,161,udp,snmp
CSV

#Paste-Ready Dispatcher

The dispatcher maps known services to non-destructive Nmap scripts. Unknown services are logged for manual review.

#!/usr/bin/env bash
set -Eeuo pipefail
umask 077

[[ $# -eq 1 ]] || { echo "Usage: $0 <approved-services.csv>"; exit 1; }
INPUT="$(realpath "$1")"
[[ -s "$INPUT" ]] || { echo "Service CSV is empty"; exit 1; }
[[ -n "${ENGAGEMENT_ROOT:-}" ]] || { echo "Load engagement.env first"; exit 1; }
command -v nmap >/dev/null 2>&1 || { echo "Missing dependency: nmap"; exit 1; }

OUT="$RAW_DIR/service-validation-$(date -u +%Y%m%dT%H%M%SZ)"
mkdir -p "$OUT"
printf 'host,port,protocol,service,status,output\n' > "$OUT/manifest.csv"

tail -n +2 "$INPUT" | while IFS=, read -r host port protocol service; do
  [[ -n "$host" && "$port" =~ ^[0-9]+$ ]] || continue
  id="${host//[:.]/_}-${protocol}-${port}"
  scripts=""

  case "${service,,}" in
    http|https|ssl/http)
      scripts="http-title,http-headers,http-methods,ssl-cert"
      ;;
    smb|microsoft-ds|netbios-ssn)
      scripts="smb-protocols,smb2-security-mode,smb2-time"
      ;;
    ftp)
      scripts="ftp-syst,ftp-anon"
      ;;
    ssh)
      scripts="ssh2-enum-algos,ssh-hostkey,ssh-auth-methods"
      ;;
    smtp)
      scripts="smtp-commands,smtp-open-relay"
      ;;
    snmp)
      scripts="snmp-info"
      ;;
    ldap|ldaps)
      scripts="ldap-rootdse"
      ;;
    rdp|ms-wbt-server)
      scripts="rdp-enum-encryption,rdp-ntlm-info"
      ;;
    *)
      echo "$host,$port,$protocol,$service,manual-review," >> "$OUT/manifest.csv"
      continue
      ;;
  esac

  scan_type="-sT"
  [[ "${protocol,,}" == "udp" ]] && scan_type="-sU"
  if nmap -Pn "$scan_type" -p "$port" -sV --version-light \
      --script "$scripts" "$host" -oA "$OUT/$id"; then
    echo "$host,$port,$protocol,$service,completed,$id.nmap" >> "$OUT/manifest.csv"
  else
    echo "$host,$port,$protocol,$service,error,$id.nmap" >> "$OUT/manifest.csv"
  fi
done

echo "Validation manifest: $OUT/manifest.csv"
BASH

#Validation Boundary

NSE output can identify insecure protocol versions, anonymous access, weak transport, or exposed metadata. It does not by itself authorize:

  • Password attacks.
  • Relay or coercion.
  • Remote code execution.
  • File upload or modification.
  • Service restart or denial-of-service testing.

Move confirmed candidates into the corresponding Network Service Exploitation page for an explicit operator decision.