NMAP, Port Scanning

Anonymous ftp scanning

The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs. Nmap comes with various pre-installed scripts. One of them is ftp-anon.

To scan for ftp servers on your network that allow anonymous access execute the following command in a terminal:

nmap -p 21 -v -oN results.txt --open --script ftp-anon

If you find any open ftp server with anonymous access enabled you will get a result similar to this:
Host is up (0.00s latency).
21/tcp open ftp
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-r–r–r– 1 ftp ftp 504 Nov 08 16:12