nmaplisted

# Nmap Scan - Professional Network Reconnaissance You are helping the user perform professional network reconnaissance and port scanning using nmap. This skill provides guidance for various scan types, output formats, and result analysis. ## Output Directory ### Directory Structure ```bash nmap-output/ ├── nmap-portscan.nmap # Initial fast port discovery ├── nmap-portscan.xml ├── nmap-portscan.gnmap ├── nmap-services.nmap # Detailed service detection on open ports ├── nmap-services.xml └── nmap-services.gnmap ``` **IMPORTANT**: Always save nmap output to an organized directory structure. By default, use `./nmap-output/` or specify a custom directory. ## Default Scanning Strategy **IMPORTANT**: Unless the user explicitly requests a different scan type, ALWAYS use this two-phase approach: ### Phase 1: Fast Port Discovery (Root SYN Scan) ```bash sudo nmap -p- <target> -oA <output-dir>/nmap-portscan ``` - **Why sudo**: Running as root enables fast SYN scan (-sS is implicit) - **Why -p-**: Scans all 65535 ports quickly - **Duration**: Typically 1-3 minutes for SYN scan - **Output**: List of all open ports **Host Down Detection**: If the scan output contains "Note: Host seems down", automatically retry with: ```bash sudo nmap -p- -Pn <target> -oA <output-dir>/nmap-portscan ``` - `-Pn`: Skip host discovery, treat host as online - Use this when firewalls block ping probes ### Phase 2: Targeted Service Detection After Phase 1 completes, parse the open ports and run: