1.6 KiB
1.6 KiB
Safe External Inventory
This repository contains a list of public IPv4 addresses in public_ipv4_from_master.txt and a helper script for a conservative external inventory pass.
What the script does
The script:
- validates and deduplicates IPv4 addresses from the input file
- runs a moderate
nmapinventory against the top 20 TCP ports - performs light service detection
- writes raw
nmapoutputs plus CSV and Markdown summaries
It intentionally does not run aggressive vulnerability scripts, OS fingerprinting, or full port sweeps.
Usage
Install nmap, then run:
chmod +x scripts/safe_external_inventory.sh
scripts/safe_external_inventory.sh
Optional arguments:
scripts/safe_external_inventory.sh \
public_ipv4_from_master.txt \
reports/custom-run
Output
Each run creates a timestamped folder under reports with:
targets.txt- cleaned list of validated IPsnmap_inventory.nmap- normalnmapoutputnmap_inventory.gnmap- grepable outputnmap_inventory.xml- XML output for toolingsummary.csv- one row per open portsummary.md- quick review queue sorted by host exposure
Interpreting the results
Prioritize hosts that expose:
- multiple services to the internet
- remote administration ports such as SSH, RDP, WinRM, or control panels
- outdated or unexpected product banners
- plaintext services such as Telnet, FTP, or HTTP admin endpoints
Use the inventory as a review queue for patching, access reduction, ownership checks, and deeper manual assessment within your approved process.