Port & Service Enumeration - Nmap (full service & script scan)
Discover services, version, and run safe NSE scripts.
sudo nmap -sC -sV -p- -T4 -oA ~/engagements/<engagement>/nmap_full <target>
Full TCP port scan (-p-), version detection (-sV), default NSE script (-sC), faster timing -T4, saves outputs.
nmap -p 22,80,443 -sV -oN <target>_common_ports <target>
Scans specific common ports with version information and save a normal output file.
nmap --script vuln -sV -oA <target>_vuln <target>
Run vulnerability NSE scripts for a quick check (use cautiously).
nmap -A -Pn -T4 -oA <target>_aggr <target>
Aggressive scan (OS, version, scripts). -Pn skip host discovery when already know host is up.
nmap -sU -p- -oA <target>_udp <target>
UDP full port scan (slow but important).