Automating Network Security: A Workflow for Discovering Open Ports for ASN

With the rise of remote work and online business, cybersecurity is more important than ever. Organizations must ensure their networks are secure to protect against unauthorized access, data breaches, and other cyber threats. One crucial aspect of network security is identifying open ports on a network and securing them to reduce the risk of cyber attacks.

In this blog post, we will present a workflow that can automate the process of discovering open ports for a given Autonomous System Number (ASN) - a unique identifier assigned to each network on the internet. By automating this process, organizations can more quickly and efficiently identify potential security vulnerabilities and take action to secure their networks.

Workflow Overview

The workflow for discovering open ports involves three main steps:

• Retrieving all ASNs and their corresponding subnets
• Scanning for open ports using Masscan
• Parsing the Masscan results

Let's explore each step in more detail.

Step 1: Retrieving ASNs and their corresponding subnets

The first step in the workflow is to retrieve a list of ASNs and their corresponding subnets. This step involves two sub-steps:

Retrieving all ASNs using recursively-cat-all

The recursively-cat-all script can be used to retrieve all of the ASNs provided in an input file. This script searches for files that match a specified pattern and concatenates their contents into a single output file. In this case, the input file would contain a list of ASNs for the organizations to be scanned.

Retrieving all subnets using file-splitter

Once the ASNs are retrieved, the file-splitter node can be used to get all of the prefixes (subnets) for each ASN. The file-splitter converts all of the lines in the input file to strings, making it possible to execute the next step in parallel for each ASN and retrieve all of the prefixes (subnets) for a specific ASN.

Step 2: Scanning for open ports using Masscan

Once all of the subnets have been retrieved, the workflow uses Masscan to scan each subnet for open ports. This step involves two sub-steps:

Scanning for open ports using Masscan

Masscan is a fast and efficient port scanner that can be used to quickly identify open ports on a network. By default, Masscan accepts an IP range and a list of ports to scan. The scanner can also gather additional information about the services running on the open ports by enabling the banners boolean flag.

The workflow uses the file-splitter node again to execute Masscan for each subnet found. This makes it possible to scan each subnet in parallel, saving time and increasing efficiency.

Step 3: Parsing the Masscan results

The final step in the workflow involves parsing the Masscan results to obtain the IP addresses and open ports.

A custom script can be used to parse the Masscan results and output the raw result, which will be available at out/results.txt, as well as the IP addresses and open ports in the format of ip:port, which will be available on out/output.txt. This step makes it possible to quickly identify potential security vulnerabilities and take action to secure the network.

find in -type f -exec cat {} + > out/results.txt
cat out/results | grep Host | awk -F" " '{print $4":"$7}' | awk -F"/" '{print $1}' > out/output.txt

Conclusion

In this blog post, we presented a workflow for discovering open ports using automation, which can help organizations quickly and efficiently identify potential security vulnerabilities and take action to secure their networks. If you are interested in scanning your cloud resources, you should check out our enumerating Cloud resources workflow. By automating both of these process, organizations can save time, increase efficiency, and improve their network security.

One of the advantages of this workflow is how easy it is to set up. All you need to do is provide a file containing a list of ASNs for the organizations you want to scan, and the workflow will do the rest. It is good to mention that the steps in the workflow can be executed in parallel.

However, the workflow can be further improved. For example, changing the machine type of the tools used and implementing mechanisms to schedule and notify of new results can help organizations further optimize their security practices.

If you are interested in automating your own network security workflows, sign up for a free trial of Trickest automated workflows. With Trickest, you can explore the power of automation in cybersecurity and discover new ways to improve your security practices.

Take action today and sign up for free on Trickest to discover how automation can help you secure your network!