Scanning

Almost always scan this first.

nmap -sC -sV -Pn $target

Then once I have a baseline I start all ports.

nmap -sC -sV -p- $target

Or this if I feel good about ports already found.

nmap -p- $target

Got to scan UDP sometimes!

nmap -sU $target

I'll run autorecon generically or variations of no ping and slowing down if there's some issues. Or just reset the machine if it's a CTF.

See port enum pages for individual nmap scans targetting a spcific port!

Don't neglect the nse scripts, especially, ftp, smb, smtp, and http. It's worth it! Though autorecon usually tries these.

Scanning Through Proxychains (pivot point)

• Specify the port and always do -sT -Pn so it doesn't use icmp and only TCP scans

proxychains nmap -p53,88,135,139,389,445,464,593,636,3268,3269,3389 -sC -sT -Pn $target