Get the FREE Ultimate OpenClaw Setup Guide →

nmap-pentest-scans

npx machina-cli add skill 0x-Professor/Agent-Skills-Hub/nmap-pentest-scans --openclaw
Files (1)
SKILL.md
1.4 KB

Nmap Pentest Scans

Stage

  • PTES: 2-3
  • MITRE: TA0007 - Discovery

Objective

Design reproducible Nmap scan workflows for authorized targets and produce deterministic scan-plan artifacts.

Required Workflow

  1. Validate scope before any active action and reject out-of-scope targets.
  2. Require explicit authorization for non-dry-run execution.
  3. Select profile (stealth, balanced, fast) and build command sequence.
  4. Produce normalized findings and export deterministic artifacts.

Execution

python skills/nmap-pentest-scans/scripts/nmap_pentest_scans.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

  • scan-plan.json
  • scan-plan.md
  • recommended-commands.txt
  • findings/nmap-pentest-findings.json
  • nmap-pentest-scans-report.json

References

  • references/tools.md
  • references/scan-profiles.md
  • skills/autonomous-pentester/shared/scope_schema.json
  • skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill prepares and can orchestrate live network scan workflows.
Use only with written authorization and approved scope.

Source

git clone https://github.com/0x-Professor/Agent-Skills-Hub/blob/main/skills/nmap-pentest-scans/SKILL.mdView on GitHub

Overview

Design reproducible Nmap scan workflows for authorized targets and produce deterministic scan-plan artifacts. It covers host discovery, port and service enumeration, NSE profiling, and structured reporting artifacts for in-scope targets.

How This Skill Works

The workflow validates scope before any active action, then selects a scan profile (stealth, balanced, fast) and builds a corresponding Nmap command sequence. A Python script orchestrates execution and exports deterministic artifacts such as scan-plan.json, scan-plan.md, and findings to support reproducible client deliverables.

When to Use It

  • When starting an authorized engagement and need a scoped, reproducible Nmap plan.
  • When you require deterministic artifacts (scan-plan.json, scan-plan.md, findings) for client deliverables.
  • When discovery is the focus and NSE profiling is needed to identify targets and services.
  • When validating scope with a dry-run before performing live scans.
  • When choosing a profile (stealth, balanced, or fast) to balance speed, stealth, and risk.

Quick Start

  1. Step 1: Prepare scope.json and specify target(s) and inputs.
  2. Step 2: Run a dry-run to generate and validate the scan plan (no live action).
  3. Step 3: Review outputs (scan-plan.json, scan-plan.md, findings) and proceed with authorized live scans.

Best Practices

  • Always validate and document scope before any active scan.
  • Obtain explicit authorization for non-dry-run execution.
  • Choose a scan profile that matches risk tolerance and objectives.
  • Produce and review deterministic artifacts to ensure reproducibility.
  • Keep scope, findings, and artifacts aligned with client requirements.

Example Use Cases

  • Internal pentest of 50 hosts using stealth profile and exporting scan-plan.json and findings.
  • External assessment with fast profile across a large IP range, producing a detailed nmap-pentest-findings.json.
  • Targeted enumeration of critical services with NSE profiling and deterministic artifact generation.
  • Dry-run validation to confirm scope and avoid accidental live scans.
  • Deliver client-ready artifacts including scan-plan.md and findings JSON for audit.

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers