🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Nmap Recon

by @nsahal

Perform network reconnaissance and port scanning with Nmap to find open ports, detect services, identify vulnerabilities, and enumerate targets accurately.

Versionv1.0.0
Downloads4,088
Installs28
Stars⭐ 1
TERMINAL
clawhub install nmap-recon

πŸ“– About This Skill

Nmap Recon

Network reconnaissance and port scanning using Nmap. Use when asked to scan a target, find open ports, detect services, check for vulnerabilities, or perform network reconnaissance.

Triggers

  • "scan [target]", "port scan", "nmap", "what ports are open", "recon [target]", "service detection", "vulnerability scan"
  • Requirements

  • nmap must be installed (standard on Kali, available via package managers)
  • Root/sudo for SYN scans and OS detection
  • Usage

    Quick Scan (Top 1000 ports)

    nmap -sC -sV -oA scan_$(date +%Y%m%d_%H%M%S) TARGET
    

    Full Port Scan

    nmap -p- -sC -sV -oA fullscan_$(date +%Y%m%d_%H%M%S) TARGET
    

    Fast Scan (Quick check)

    nmap -F -T4 TARGET
    

    Stealth SYN Scan (requires root)

    sudo nmap -sS -sV -O -oA stealth_$(date +%Y%m%d_%H%M%S) TARGET
    

    UDP Scan (Top 100 ports)

    sudo nmap -sU --top-ports 100 -oA udp_$(date +%Y%m%d_%H%M%S) TARGET
    

    Vulnerability Scan

    nmap --script vuln -oA vulnscan_$(date +%Y%m%d_%H%M%S) TARGET
    

    Aggressive Scan (OS, version, scripts, traceroute)

    nmap -A -T4 -oA aggressive_$(date +%Y%m%d_%H%M%S) TARGET
    

    Output Parsing

    Nmap outputs in multiple formats with -oA:

  • .nmap - Human readable
  • .xml - Machine parseable
  • .gnmap - Greppable format
  • Parse open ports from greppable output:

    grep "open" scan.gnmap | awk -F'[/]' '{print $1}' | tr ',' '\n' | sort -u
    

    Extract service versions:

    grep -E "^[0-9]+/" scan.nmap | awk '{print $1, $3, $4}'
    

    Quick summary from XML:

    xmllint --xpath "//port[@state='open']" scan.xml 2>/dev/null
    

    Common Scan Profiles

    | Profile | Command | Use Case | |---------|---------|----------| | Quick | nmap -F -T4 | Fast initial recon | | Standard | nmap -sC -sV | Service detection + default scripts | | Full | nmap -p- -sC -sV | All 65535 ports | | Stealth | sudo nmap -sS -T2 | Evasive scanning | | Vuln | nmap --script vuln | Vulnerability detection | | Aggressive | nmap -A -T4 | Full enumeration |

    Script Categories

    # List available scripts
    ls /usr/share/nmap/scripts/

    Run specific category

    nmap --script=default,safe TARGET nmap --script=vuln TARGET nmap --script=exploit TARGET nmap --script=auth TARGET

    Run specific script

    nmap --script=http-title TARGET nmap --script=smb-vuln* TARGET

    Target Specification

    # Single host
    nmap 192.168.1.1

    CIDR range

    nmap 192.168.1.0/24

    Range

    nmap 192.168.1.1-254

    From file

    nmap -iL targets.txt

    Exclude hosts

    nmap 192.168.1.0/24 --exclude 192.168.1.1

    Timing Templates

  • -T0 Paranoid (IDS evasion)
  • -T1 Sneaky (IDS evasion)
  • -T2 Polite (slow)
  • -T3 Normal (default)
  • -T4 Aggressive (fast)
  • -T5 Insane (very fast, may miss ports)
  • Authorization Required

    ⚠️ Only scan targets you own or have explicit written authorization to test.

    Never scan:

  • Public infrastructure without permission
  • Networks you don't control
  • Production systems without approval
  • Example Workflow

    # 1. Quick scan to find live hosts
    nmap -sn 192.168.1.0/24 -oA live_hosts

    2. Fast port scan on discovered hosts

    nmap -F -T4 -iL live_hosts.gnmap -oA quick_ports

    3. Deep scan interesting hosts

    nmap -p- -sC -sV -oA deep_scan TARGET

    4. Vulnerability scan

    nmap --script vuln -oA vuln_scan TARGET

    πŸ’‘ Examples

    Quick Scan (Top 1000 ports)

    nmap -sC -sV -oA scan_$(date +%Y%m%d_%H%M%S) TARGET
    

    Full Port Scan

    nmap -p- -sC -sV -oA fullscan_$(date +%Y%m%d_%H%M%S) TARGET
    

    Fast Scan (Quick check)

    nmap -F -T4 TARGET
    

    Stealth SYN Scan (requires root)

    sudo nmap -sS -sV -O -oA stealth_$(date +%Y%m%d_%H%M%S) TARGET
    

    UDP Scan (Top 100 ports)

    sudo nmap -sU --top-ports 100 -oA udp_$(date +%Y%m%d_%H%M%S) TARGET
    

    Vulnerability Scan

    nmap --script vuln -oA vulnscan_$(date +%Y%m%d_%H%M%S) TARGET
    

    Aggressive Scan (OS, version, scripts, traceroute)

    nmap -A -T4 -oA aggressive_$(date +%Y%m%d_%H%M%S) TARGET