# Safe External Inventory This repository contains a list of public IPv4 addresses in [public_ipv4_from_master.txt](public_ipv4_from_master.txt) and a helper script for a conservative external inventory pass. ## What the script does The script: - validates and deduplicates IPv4 addresses from the input file - runs a moderate `nmap` inventory against the top 20 TCP ports - performs light service detection - writes raw `nmap` outputs plus CSV and Markdown summaries It intentionally does not run aggressive vulnerability scripts, OS fingerprinting, or full port sweeps. ## Usage Install `nmap`, then run: ```bash chmod +x scripts/safe_external_inventory.sh scripts/safe_external_inventory.sh ``` Optional arguments: ```bash scripts/safe_external_inventory.sh \ public_ipv4_from_master.txt \ reports/custom-run ``` ## Output Each run creates a timestamped folder under [reports](reports) with: - `targets.txt` - cleaned list of validated IPs - `nmap_inventory.nmap` - normal `nmap` output - `nmap_inventory.gnmap` - grepable output - `nmap_inventory.xml` - XML output for tooling - `summary.csv` - one row per open port - `summary.md` - quick review queue sorted by host exposure ## Interpreting the results Prioritize hosts that expose: - multiple services to the internet - remote administration ports such as SSH, RDP, WinRM, or control panels - outdated or unexpected product banners - plaintext services such as Telnet, FTP, or HTTP admin endpoints Use the inventory as a review queue for patching, access reduction, ownership checks, and deeper manual assessment within your approved process.