nmap-reconPerform network reconnaissance and port scanning with Nmap to find open ports, detect services, identify vulnerabilities, and enumerate targets accurately.
Install via ClawdBot CLI:
clawdbot install nsahal/nmap-reconNetwork reconnaissance and port scanning using Nmap. Use when asked to scan a target, find open ports, detect services, check for vulnerabilities, or perform network reconnaissance.
nmap must be installed (standard on Kali, available via package managers)nmap -sC -sV -oA scan_$(date +%Y%m%d_%H%M%S) TARGETnmap -p- -sC -sV -oA fullscan_$(date +%Y%m%d_%H%M%S) TARGETnmap -F -T4 TARGETsudo nmap -sS -sV -O -oA stealth_$(date +%Y%m%d_%H%M%S) TARGETsudo nmap -sU --top-ports 100 -oA udp_$(date +%Y%m%d_%H%M%S) TARGETnmap --script vuln -oA vulnscan_$(date +%Y%m%d_%H%M%S) TARGETnmap -A -T4 -oA aggressive_$(date +%Y%m%d_%H%M%S) TARGETNmap outputs in multiple formats with -oA:
.nmap - Human readable.xml - Machine parseable.gnmap - Greppable formatgrep "open" scan.gnmap | awk -F'[/]' '{print $1}' | tr ',' '\n' | sort -ugrep -E "^[0-9]+/" scan.nmap | awk '{print $1, $3, $4}'xmllint --xpath "//port[@state='open']" scan.xml 2>/dev/null| Profile | Command | Use Case |
|---------|---------|----------|
| Quick | nmap -F -T4 | Fast initial recon |
| Standard | nmap -sC -sV | Service detection + default scripts |
| Full | nmap -p- -sC -sV | All 65535 ports |
| Stealth | sudo nmap -sS -T2 | Evasive scanning |
| Vuln | nmap --script vuln | Vulnerability detection |
| Aggressive | nmap -A -T4 | Full enumeration |
# List available scripts
ls /usr/share/nmap/scripts/
# Run specific category
nmap --script=default,safe TARGET
nmap --script=vuln TARGET
nmap --script=exploit TARGET
nmap --script=auth TARGET
# Run specific script
nmap --script=http-title TARGET
nmap --script=smb-vuln* TARGET# Single host
nmap 192.168.1.1
# CIDR range
nmap 192.168.1.0/24
# Range
nmap 192.168.1.1-254
# From file
nmap -iL targets.txt
# Exclude hosts
nmap 192.168.1.0/24 --exclude 192.168.1.1-T0 Paranoid (IDS evasion)-T1 Sneaky (IDS evasion)-T2 Polite (slow)-T3 Normal (default)-T4 Aggressive (fast)-T5 Insane (very fast, may miss ports)ā ļø Only scan targets you own or have explicit written authorization to test.
Never scan:
# 1. Quick scan to find live hosts
nmap -sn 192.168.1.0/24 -oA live_hosts
# 2. Fast port scan on discovered hosts
nmap -F -T4 -iL live_hosts.gnmap -oA quick_ports
# 3. Deep scan interesting hosts
nmap -p- -sC -sV -oA deep_scan TARGET
# 4. Vulnerability scan
nmap --script vuln -oA vuln_scan TARGETGenerated Mar 1, 2026
Security teams use Nmap Recon to perform authorized vulnerability assessments on internal networks, identifying open ports and outdated services that could be exploited by attackers. This helps in compliance with regulations like PCI-DSS by ensuring secure configurations and patching vulnerabilities before audits.
IT administrators leverage the skill to scan medical device networks and hospital servers, detecting unauthorized services or misconfigurations that could compromise patient data. This supports HIPAA compliance by proactively securing electronic protected health information (ePHI) and preventing data breaches.
Cybersecurity professionals conduct simulated attacks on government networks to test defense mechanisms, using stealth scans and vulnerability detection to identify weaknesses. This enhances national security by providing actionable insights for improving incident response and threat mitigation strategies.
DevOps teams integrate Nmap Recon into automated workflows to regularly scan web servers and APIs, ensuring only necessary ports are open and services are up-to-date. This minimizes downtime and protects against DDoS attacks or data theft, maintaining customer trust and operational continuity.
Instructors use the skill in controlled environments to teach students about network reconnaissance, port scanning techniques, and ethical hacking principles. This hands-on approach builds practical skills for careers in cybersecurity, covering tools like Nmap in a safe, legal context.
Companies offer subscription-based security monitoring and vulnerability scanning services, using Nmap Recon to perform regular network assessments for clients. Revenue is generated through monthly or annual contracts, with tiered pricing based on scan frequency and report depth.
Freelancers or firms provide one-time or project-based security audits, leveraging the skill to conduct thorough reconnaissance and deliver detailed reports on network weaknesses. Revenue comes from fixed project fees or hourly rates, often tied to compliance requirements or pre-deployment testing.
Developers embed Nmap Recon into larger security platforms or custom tools, selling licenses or SaaS solutions that automate scanning and analysis. Revenue is generated through software sales, licensing fees, or API usage charges, targeting enterprises needing scalable security solutions.
š¬ Integration Tip
Integrate with CI/CD pipelines using scripts to automate pre-deployment scans, ensuring new deployments don't introduce security risks. Use output parsing commands to feed results into monitoring tools like SIEMs for real-time alerts.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.