CRITICAL: Accessible ADB Report

DESCRIPTION LAST UPDATED: 2023-12-07

DEFAULT SECURITY LEVEL: CRITICAL

This report identifies hosts that have the Android Debug Bridge (ADB) running, bound to a network port (5555/tcp) and accessible on the Internet.

See https://developer.android.com/studio/command-line/adb for more information.

Make sure to block external access to ADB as it is often abused by malware and other threat actors. If you receive a report from us, check for signs of compromise!

You can view current ADB scan results on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filename: scan_adb

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the ADB response came on (always TCP)
  • port
    Port that the ADB response came from (5555/TCP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    This will always be adb
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • name
    The device's internal codename as defined by the vendor (usually)
  • model
    Marketing name for the device
  • device
    Also the device's codename, may be the same as the 'name' field
  • features
    Specific bits of the code that the device is advertising
  • device_vendor
    Device vendor
  • device_type
    Device type
  • device_model
    Device model
  • device_version
    Device version
  • device_sector
    Sector

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","name","model","device","features","device_vendor","device_type","device_model","device_version","device_sector","sector"
"2010-02-10 00:00:00",critical,192.168.0.1,tcp,5555,node01.example.com,adb,64512,ZZ,Region,City,0,ptr,heroqlteuc,SAMSUNG-SM-G930A,heroqlteatt,"cmd,stat_v2,shell_v2",,,,,,"Retail Trade"
"2010-02-10 00:00:01",critical,192.168.0.2,tcp,5555,node02.example.com,adb,64512,ZZ,Region,City,0,,starltexx,SM-G960F,starlte,"cmd,stat_v2,shell_v2",,,,,,
"2010-02-10 00:00:02",critical,192.168.0.3,tcp,5555,node03.example.com,adb,64512,ZZ,Region,City,0,ptr,heroqlteuc,SAMSUNG-SM-G930A,heroqlteatt,"cmd,stat_v2,shell_v2",,,,,,"Retail Trade"

Our 131 Report Types

« Back to Network Reporting