Posture lens
What the porch shows the street.
Porchlight is conservative — it only scans hosts it has already seen evidence for. Even so, some surfaces show up on more devices than you might guess. These are the lenses to skim first.
Lens
Exposed SSH
14 services on 14 hosts
Every host that answered on tcp/22. SSH is fine — it's just the single biggest doorway here, so it's worth knowing them by name.
192.168.16.127
192.168.16.127
tcp/22ssh
192.168.18.208
192.168.18.208
tcp/22ssh
6c63f8102ad08e0abb10959f956067dadbd7.id.ui.direct
192.168.18.62
tcp/22ssh
ACPro
192.168.17.230
tcp/22ssh
Laboratoryi5Air
192.168.18.39
tcp/22ssh
U6-Plus
192.168.17.223
tcp/22ssh
UNASACPro
192.168.19.229
tcp/22ssh
US8PoE150W
192.168.17.94
tcp/22ssh
USWProMax16PoE
192.168.17.215
tcp/22ssh
calliope
192.168.18.5
tcp/22ssh
clio
192.168.19.170
tcp/22ssh
euterpe
192.168.16.126
tcp/22ssh
mainsail
192.168.18.110
tcp/22ssh
unifi
192.168.16.1
tcp/22ssh
Lens
Bare RTSP cameras
3 services on 3 hosts
RTSP without a product banner is the fingerprint of a stock IP camera with default credentials. Treat as untrusted.
Lens
Plain :80 with no TLS twin
8 services on 8 hosts
Hosts that expose HTTP on :80 but nothing on :443. Admin panels here accept credentials in the clear.
Lens
Windows surfaces (SMB · RDP · NetBIOS)
6 services on 3 hosts
The combined Windows footprint. RDP + SMB on the same host is the classic lateral-movement pair.