Keeping attack surface minimal is one of the security best practices. Rogueport
identifies network ports which are not supposed to be open. It scans the
hostnames defined in the config file for open ports. Then it compares the scan
results with the expected state defined in the config file. NOTE: scan only your
hosts or hosts you have permission to scan!

Install binary:

git clone [email protected]:jreisinger/rogueport.git
cd rogueport
go install

Define ports you need to have open (i.e. you’re running services on them), for
example:

$ cat rogueport.json
[
    {
        "hostname": "scanme.nmap.org",
        "ports": [ "22/tcp" ]
    },
    {
        "hostname": "scanme2.nmap.org",
        "ports": [ "22/tcp", "80/tcp", "443/tcp" ]
    }
]

Check there are no unexpected ports open:

$ rogueport
scanme.nmap.org           22/tcp ✓ 80/tcp ✗
scanme2.nmap.org          22/tcp ✓ 25/tcp ✗ 80/tcp ✓ 443/tcp ✓

Rogueport uses nmap to do the scanning, so you need to have
it installed (e.g. apt get install nmap or brew install nmap).

GitHub

View Github