Top 10 TCP Port Service Scan

This scan performs an active CTEM Top-10 TCP service probe against a predefined set of commonly exposed ports (80, 443, 22, 3389, 21, 25, 53, 110, 143, 445). Rather than conducting a full port sweep, it targets high-risk and frequently abused services to provide fast and noise-controlled exposure visibility.

For each port, the engine establishes a direct TCP connection and performs protocol-aware validation where applicable: HTTP/HTTPS are verified via HEAD requests, SSH and RDP are validated through protocol handshake fingerprints, and FTP/SMTP/POP3/IMAP are identified using banner inspection. DNS and SMB ports are confirmed through TCP connectivity checks.

Closed, filtered, timed-out, or unreachable ports are excluded from the results to eliminate false positives. Only successfully negotiated or reachable services are reported in the standardized format: port tcp service (e.g., 22 tcp ssh).

This focused detection approach provides rapid identification of externally exposed critical services, enabling security teams to prioritize hardening, access control enforcement, and attack surface reduction efforts in alignment with Continuous Threat Exposure Management (CTEM) principles.