The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs. Nmap comes with various pre-installed scripts. One of them is ftp-anon.
To scan for ftp servers on your network that allow anonymous access execute the following command in a terminal:
nmap -p 21 -v -oN results.txt --open --script ftp-anon 192.168.1.0/24
If you find any open ftp server with anonymous access enabled you will get a result similar to this:
Host is up (0.00s latency).
PORT STATE SERVICE
21/tcp open ftp
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-r–r–r– 1 ftp ftp 504 Nov 08 16:12