This script runs a nmap scan and checks the discovered ports against a whitelist


  • --host | -h: Host that shall be scanned by nmap
  • --portrange | -p: Ports that shall be scanned (nmap format)
  • --known | -k: A port number that is expected to be open
  • --input | -i: Use input file instead of a real nmap scan (for testing)
  • --debug | -d: More debugging output, cannot be used with icinga2
  • all arguments after -- are passed to nmap


  • CRITICAL: if any expected port is open