# Run Structured Nmap Reconnaissance

Network assessments need repeatable scans, organized output, and clear service summaries. This skill guides authorized nmap workflows for discovery, service detection, and follow-up analysis.

## Install

```bash
npx skillstore add brownfinesecurity/nmap
```

## Metadata

- - Slug: brownfinesecurity-nmap
- - Version: 1.0.0
- - Author: BrownFineSecurity
- - GitHub username: BrownFineSecurity
- - License: MIT
- - Repository: https://github.com/BrownFineSecurity/iothackbot/tree/master/skills/nmap
- - Ref: master
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: high
- - Risk factors: external\_commands, network, filesystem
- - Quality score: 38
- - Quality tier: warning
- - Public page: https://skillstore.pages.dev/skills/brownfinesecurity-nmap
- - Manifest: https://skillstore.pages.dev/api/skills/brownfinesecurity-nmap/manifest

## Capabilities

- Builds a two-phase nmap workflow for port discovery and service detection.
- Recommends scan types for TCP, UDP, OS detection, and NSE scripts.
- Shows how to save nmap output in normal, XML, and grepable formats.
- Parses open ports from saved nmap output for targeted follow-up scans.
- Highlights IoT, web, SSH, RTSP, MQTT, and Modbus service checks.

## Use Cases

- Authorized Internal Assessment: Map open ports and service versions on approved internal hosts before a security review.
- IoT Device Enumeration: Identify camera, MQTT, RTSP, UPnP, and Modbus services on devices within a permitted lab scope.
- Scan Evidence Collection: Save repeatable nmap outputs and summarize key services for assessment notes and client reporting.

## Prompt Templates

### Plan a Basic Scan

```
I have authorization to scan one host. Help me choose a basic nmap command and explain what the results mean.
```

### Run Two-Phase Discovery

```
I have approval for this target. Guide me through a two-phase nmap scan with saved output and service detection.
```

### Analyze Saved Results

```
Review my saved nmap output summary and help identify important services, versions, and follow-up checks.
```

### Design an IoT Test Workflow

```
Within my authorized IoT lab scope, create an nmap workflow for web, RTSP, MQTT, UPnP, and Modbus services.
```

## Limitations

- Requires nmap to be installed on the user machine.
- Some scan modes require sudo or equivalent privileges.
- Must only be used against systems where scanning is authorized.
- Does not exploit vulnerabilities or confirm business impact.

## Best Practices

- Confirm written authorization and scope before every scan.
- Save outputs in a dedicated directory with clear scan names.
- Use targeted follow-up scans after initial port discovery.

## Anti Patterns

- Scanning public or third-party systems without permission.
- Running stealth, brute force, or vulnerability scripts outside approved scope.
- Leaving scan outputs with sensitive network details in shared locations.

## Security Audit

- - Safe to publish: false
- - Audited at: 2026-06-28T18:12:48.806\+00:00
- - Summary: Static findings for external commands, sudo usage, and network scanning are true positives in context: the skill instructs agents to run nmap scans, including all-port, stealth, UDP, and vulnerability scans. No prompt injection, credential theft, or covert exfiltration was found, so this is high-risk dual-use security tooling rather than confirmed malicious content.

## Stats

- - Views: 243
- - Downloads: 6
- - Favorites: 0
- - Popularity score: 0
