Skip to content

Tool for checking hosts against a defined service catalogue


Notifications You must be signed in to change notification settings




Servicedef lets you compare a list of service definitions against a list of hosts.

Servicedefinitions are a JSON structure and can be created manually or could be generated from existing documentation. services.json:

	"id":"Load Balancer",
	"description":"main httpd",

	"description":"ssh jumpservice",

Hosts are also stored in a flat JSON structure. hosts.json:


Running servicedef with this examples can produce the following output:

2021/08/18 00:39:21 servicedef v0
2021/08/18 00:39:21 parsing services file...
2021/08/18 00:39:21 Services #: 2
2021/08/18 00:39:21 Service: Load Balancer [80 443] - main httpd
2021/08/18 00:39:21 Service: Jumpservice [22] - ssh jumpservice
2021/08/18 00:39:21 parsing services file finished
2021/08/18 00:39:21 parsing hosts file...
2021/08/18 00:39:21 Host: datacenter
2021/08/18 00:39:21 parsing hosts file finished
2021/08/18 00:39:21 portscanning hosts, this might take a really long time...
2021/08/18 00:39:21 [worker_1] scanning
2021/08/18 00:39:21 [worker_1] [localhost] nmap done: 1 hosts up scanned in 0.330000 seconds
2021/08/18 00:39:21 [worker_1] finished queue
2021/08/18 00:39:40 scanning hosts finished
2021/08/18 00:39:40 checking services...
2021/08/18 00:39:40 ! [] 5222 open: no service definition found (ssh 7.9p1 Debian 10+deb10u2)
2021/08/18 00:39:40 finished checking services
2021/08/18 00:39:40 finished

In this case servicedef reported an unknown open port 5222 with a running sshd.

Results can also be exported as graphviz dot file:

Tree view of scan results

Service Rules

Service rules can be used to add additional checks to your service catalog. Currently the available rule checker is "http" for status codes and http headers:

	"id":"Load Balancer",
	"description":"main httpd",

"uri" is used for the probing, which might produce false results if you use techniques like dns round robin load balancing.

To check the rules use -r rules.json and define them:

"rules":[{"location":"https://example-service.tld", "contains":"Basic realm="}]
"rules":[{"name":"WWW-Authenticate", "contains":"Basic realm="}]
"rules":[{"name":"location", "contains":"https://idp.example-service.tld"}]

Rule mismatches will be reported during service evaluation and are part of the graphviz export:

scan results with rules check


Servicedef uses nmap for host discovery and portscanning. Nmap must be installed on the system.

It also uses syn scans by default which requires root privileges. Use -c to switch back to nmaps connect scans (-sT).

If you run into the following error check privileges:

unable to run nmap scan: unable to parse nmap output, see warnings for details exit status 1


./servicedef hosts.json [services.json]
Switch Default Description
-r file.json false use rules file
-p 60 print nmap progress, set 0 to disable
-e file.json false export results as json file
-g false export results as graphviz dotfile
-t 3 number of parallel nmap scanning instances
-c false Use nmap connect scan (doesn't require root privileges)
-f false Use nmap fast scan instead of scanning for all ports
-ll info set loglevel (trace, debug, info, error, fatal) use panic to disable output
-j false format logoutput as json
-h Print list of options and default values

Graphviz Export

cat | dot -Grankdir=LR -Tpdf > graph.pdf && open graph.pdf


The `docker build -t servicedef .' command builds the application and runs with golang-alpine.

It might be not advised to run inside a container given the docker network stack.

hosts.json, services.json and rules.json can be mounted to /opt/servicedef inside the container and referenced during start, for example:

$ docker run -v ~/hosts.json:/opt/servicedef/hosts.json servicedef -f -g hosts.json


Tool for checking hosts against a defined service catalogue




Code of conduct





No releases published


No packages published