# Run Authorized Nmap Reconnaissance Network teams need repeatable scans that stay within approved scope. This skill structures Nmap discovery, enumeration, vulnerability checks, and reporting for authorized assessments. ## Install ```bash npx skillstore add agentsecops/recon-nmap ``` ## Metadata - - Slug: agentsecops-recon-nmap - - Version: 0.1.0 - - Author: AgentSecOps - - GitHub username: AgentSecOps - - License: MIT - - Repository: https://github.com/AgentSecOps/SecOpsAgentKit/tree/main/skills/offsec/recon-nmap - - Ref: main - - Supported tools: Claude, Codex, Claude Code - - Risk level: high - - Risk factors: external\_commands, network, filesystem, env\_access, scripts - - Quality score: 38 - - Quality tier: warning - - Public page: https://skillstore.pages.dev/skills/agentsecops-recon-nmap - - Manifest: https://skillstore.pages.dev/api/skills/agentsecops-recon-nmap/manifest ## Capabilities - Plans authorized host discovery and port scanning workflows with Nmap. - Explains service version detection, OS fingerprinting, and NSE script selection. - Shows reporting formats for normal, XML, grepable, and combined scan output. - Provides patterns for external perimeter, internal network, web, SMB, and database scans. - Maps scanning activity to security frameworks and compliance reporting needs. - Includes CI examples for controlled network security validation. ## Use Cases - Internal Asset Discovery: Build an approved scan plan to identify live hosts, exposed ports, and service versions on an internal network. - Perimeter Exposure Review: Check external IP ranges for unexpected services and generate evidence for remediation tracking. - Compliance Scan Preparation: Document scan scope, commands, timestamps, results, and false-positive validation for audit records. ## Prompt Templates ### Create a Basic Scan Plan ``` Create a cautious Nmap scan plan for my approved CIDR range. Include scope checks, rate limits, expected output files, and validation steps. ``` ### Enumerate Services Safely ``` Help me enumerate service versions on these approved hosts. Recommend Nmap flags, ports, timing, and a report format for remediation teams. ``` ### Design a Vulnerability Scan Workflow ``` Design an authorized Nmap NSE workflow for web, SMB, and database services. Separate safe scripts from intrusive scripts and explain approval requirements. ``` ### Build CI Network Validation ``` Draft a CI network security validation process for owned staging assets. Include scan scope controls, artifact handling, failure criteria, and audit logging. ``` ## Limitations - Requires Nmap and appropriate network permissions outside the skill. - Does not verify that a target is legally authorized for scanning. - Intrusive scripts and evasion techniques can disrupt services if misused. - Scan accuracy depends on firewall behavior, routing, timing, and target stability. ## Best Practices - Confirm written authorization, scope, timing, and emergency contacts before running any scan. - Start with safe discovery and conservative rate limits before deeper enumeration. - Store scan outputs securely because they contain sensitive network inventory data. ## Anti Patterns - Scanning public or third-party targets without explicit written permission. - Using intrusive, exploit, brute-force, or evasion options as a default scan profile. - Publishing raw scan results that expose hostnames, IP ranges, banners, or vulnerabilities. ## Security Audit - - Safe to publish: false - - Audited at: 2026-06-28T05:58:23.373\+00:00 - - Summary: Static findings are partly confirmed. Many command, script, secret, and weak-crypto hits are examples or templates, but SKILL.md provides operational Nmap workflows for intrusive scans, brute-force NSE scripts, exploit checks, and firewall or IDS evasion. No prompt injection attempt or covert exfiltration was found, but the skill remains high risk because it can materially support unauthorized reconnaissance if misused. ## Stats - - Views: 411 - - Downloads: 7 - - Favorites: 0 - - Popularity score: 0