nmap-pentest-scans
Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.
About this skill
This skill is designed to streamline and standardize Nmap-based penetration testing activities. It guides an AI agent through the process of defining scan objectives, selecting appropriate Nmap profiles (stealth, balanced, fast), and executing scans against specified, authorized targets. The skill ensures that all actions adhere to a predefined scope and requires explicit authorization for live execution. It produces a suite of structured outputs, including a detailed `scan-plan.json`, a list of `recommended-commands.txt`, normalized `nmap-pentest-findings.json`, and a comprehensive `nmap-pentest-scans-report.json`. These artifacts facilitate integration into broader reporting, compliance checks, or subsequent analysis workflows. Users would employ this skill to ensure consistency, reduce manual errors, and accelerate the initial reconnaissance phase of a penetration test. It provides structured outputs, making it easier to integrate Nmap results into broader reporting or subsequent analysis workflows, while also enforcing ethical and legal boundaries through its authorization requirements.
Best use case
The primary use case for this skill is automating the initial discovery and enumeration phases of a penetration test or vulnerability assessment. It enables security teams and AI-powered penetration testing agents to conduct Nmap scans systematically, ensuring all activities are within an authorized scope and producing standardized output artifacts for further analysis and reporting. Cybersecurity professionals and ethical hackers benefit most from this skill by gaining efficiency and consistency in their reconnaissance efforts.
Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.
The user should expect structured JSON and Markdown reports detailing the scan plan, recommended commands, and normalized Nmap findings, all within the authorized scope.
Practical example
Example input
Initiate a Nmap pentest scan for `192.168.1.100` following a 'fast' profile, using the `scope.json` file for authorization and outputting all artifacts to `reports/nmap_scan_results`.
Example output
A `scan-plan.json` detailing the chosen profile and commands, a `nmap-pentest-findings.json` containing normalized host and service enumeration results (e.g., open ports, service versions), and a comprehensive `nmap-pentest-scans-report.json` summarizing the entire operation.
When to use this skill
- Performing authorized network reconnaissance on defined targets.
- Automating repeatable Nmap scanning tasks in a penetration test.
- Generating standardized host discovery and port enumeration reports.
- Ensuring Nmap activities adhere to a specific scope and authorization.
When not to use this skill
- Scanning unauthorized networks or systems.
- Requiring highly customized, ad-hoc Nmap commands outside predefined profiles.
- When deep manual analysis of raw Nmap output is preferred over structured findings.
- On production systems without prior dry-run or explicit authorization due to potential disruption.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/nmap-pentest-scans/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How nmap-pentest-scans Compares
| Feature / Agent | nmap-pentest-scans | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agent for Product Research
Browse AI agent skills for product research, competitive analysis, customer discovery, and structured product decision support.
SKILL.md Source
# Nmap Pentest Scans ## Stage - PTES: 2-3 - MITRE: TA0007 - Discovery ## Objective Design reproducible Nmap scan workflows for authorized targets and produce deterministic scan-plan artifacts. ## Required Workflow 1. Validate scope before any active action and reject out-of-scope targets. 2. Require explicit authorization for non-dry-run execution. 3. Select profile (stealth, balanced, fast) and build command sequence. 4. Produce normalized findings and export deterministic artifacts. ## Execution ```bash python skills/nmap-pentest-scans/scripts/nmap_pentest_scans.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run ``` ## Outputs - `scan-plan.json` - `scan-plan.md` - `recommended-commands.txt` - `findings/nmap-pentest-findings.json` - `nmap-pentest-scans-report.json` ## References - `references/tools.md` - `references/scan-profiles.md` - `skills/autonomous-pentester/shared/scope_schema.json` - `skills/autonomous-pentester/shared/finding_schema.json` ## Legal and Ethical Notice ```text WARNING AUTHORIZED USE ONLY This skill prepares and can orchestrate live network scan workflows. Use only with written authorization and approved scope. ```
Related Skills
pentest-c2-operator
Set up authorized C2 simulation workflows and measure defensive detection outcomes.
pentest-auth-bypass
Test authentication and session management controls for bypass and account takeover scenarios.
pentest-api-attacker
Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.
pentest-active-directory
Assess Active Directory identity attack paths including roasting, relay, and delegation abuse.
HIPAA Compliance for AI Agents
Generate HIPAA compliance checklists, risk assessments, and audit frameworks for healthcare organizations deploying AI agents.
Data Governance Framework
Assess, score, and remediate your organization's data governance posture across 6 domains.
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
afrexai-cybersecurity-engine
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.
Compliance & Audit Readiness Engine
Your AI compliance officer. Guides startups and scale-ups through SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS — from zero to audit-ready. No consultants needed.
Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
AI Safety Audit
Comprehensive AI safety and alignment audit framework for businesses deploying AI agents. Built around the UK AI Security Institute Alignment Project standards (2026), EU AI Act requirements, and NIST AI RMF.
clickhouse-github-forensics
Query GitHub event data via ClickHouse for supply chain investigations, actor profiling, and anomaly detection. Use when investigating GitHub-based attacks, tracking repository activity, analyzing actor behavior patterns, detecting tag/release tampering, or reconstructing incident timelines from public GitHub data. Triggers on GitHub supply chain attacks, repo compromise investigations, actor attribution, tag poisoning, or "query github events".