← Port Encyclopedia
5985
WinRM-HTTP
TCP
Windows Critical Risk
WinRM HTTP — Windows remote management, PowerShell remoting, lateral movement

🔍 How to Scan Port 5985

nmap -sV -p 5985 target
nmap -sV -sC --script=banner -p 5985 target
nc -zv target 5985

🛡️ Security Considerations

  • Scan port 5985 with nmap -sV to identify the exact service and version
  • If WinRM-HTTP is not needed, close or firewall this port immediately
  • Check for default credentials if a management interface runs on this port
  • Use searchsploit winrm-http to find known exploits
  • Monitor traffic on port 5985 with Wireshark or tcpdump for anomalies
  • Ensure the service is patched to the latest version to prevent known CVE exploitation

🔗 Related Windows Ports

Port 135
MSRPC
Port 137
NetBIOS-NS
Port 138
NetBIOS-DGM
Port 139
NetBIOS-SSN
Port 445
SMB
Port 593
MS-DCOM
Port 5357
WSDAPI
Port 5986
WinRM-HTTPS
Port 35871
SMB-Alt
Port 47001
WinRM-Alt

📍 Nearby Ports

Port 5984
CouchDB
Port 5986
WinRM-HTTPS
📚 Learn Network Scanning — Free Course