Skip to main content
Zondex
login
Browse Stats Pricing Blog Dorks How-To Docs
lan

Exposed Network Service Dorks

Find exposed network services: SSH, FTP, Telnet, RDP, VNC, SMB, and more.

SSH Servers

low

SSH servers indexed across the internet. Check for weak passwords and outdated versions.

search port:22 service:ssh

Telnet Open

high

Telnet services transmit credentials in plaintext. Often found on legacy devices.

search port:23 service:telnet

RDP Exposed

high

Remote Desktop Protocol. Major target for brute-force and BlueKeep (CVE-2019-0708).

search port:3389 service:rdp

VNC Open

high

VNC remote desktop servers. Many run without authentication or with weak passwords.

search port:5900 service:vnc

FTP Anonymous

medium

FTP servers that may allow anonymous login and file listing.

search port:21 service:ftp

SMB Shares

high

SMB file sharing. Check for EternalBlue (MS17-010) and open shares.

search port:445 service:smb

SNMP Public

medium

SNMP with default "public" community string. Exposes device info and network topology.

search port:161 service:snmp

LDAP Open

high

LDAP directories accessible externally. May expose Active Directory structure.

search port:389 service:ldap

NFS Exports

medium

Network File System exports. May allow unauthorized file access.

search port:2049 service:nfs

PPTP VPN

medium

PPTP VPN servers with known cryptographic weaknesses.

search port:1723 service:pptp

Other Dork Categories

database Exposed Databases admin_panel_settings Admin Panels devices_other IoT Devices factory Industrial / SCADA cloud Cloud Misconfigurations bug_report CVE & Vulnerabilities language Web Technologies
support_agent
Zondex Support
Usually replies within minutes
Hi there!
Send us a message and we'll reply as soon as possible.