Mondoo
Docs
Networking

Scan Networks with Nmap and cnspec

Discover hosts, open ports, and services using Nmap with cnspec.

Discover hosts, open ports, and running services across your network with cnspec and the Nmap network scanner. Use the Nmap provider inside your own policies to check exposure, for example asserting that no host listens on Telnet or that SSH is reachable only from specific subnets.

Prerequisites

To scan networks with cnspec and Nmap, you must have:

Scan a network or host

Open a cnspec shell to scan a single host:

cnspec shell nmap 192.168.1.1

Scan a network range using CIDR notation:

cnspec shell nmap 192.168.1.0/24

Scan multiple networks:

cnspec shell nmap --networks 10.0.0.0/8,192.168.0.0/16

Example queries

List all discovered hosts

cnspec> nmap.network.hosts
nmap.network.hosts: [
  0: nmap.host name="192.168.1.1"
  1: nmap.host name="192.168.1.100"
  ...
]

Retrieve the Nmap version

cnspec> nmap.version
nmap.version: {
  version: "7.97"
  ...
}

Find all hosts with open SSH ports

cnspec> nmap.network.hosts.where(ports.one(port == 22 && state == "open"))

List all open ports across all hosts

cnspec> nmap.network.hosts { name ports.where(state == "open") { port protocol service } }

Learn more

IPinfo

Query IP address information from ipinfo.io with cnspec.

Shodan

Use cnspec with Shodan to discover internet-facing services and open ports.

On this page

PrerequisitesScan a network or hostExample queriesList all discovered hostsRetrieve the Nmap versionFind all hosts with open SSH portsList all open ports across all hostsLearn more