NMAP is a very useful tool to scan open ports available on a system. It also has some scripts to autodetect vulnerabilities and other useful information like default login access.

This is the tool you want to start with when you begin a new CTF challenge, since it will tell you where to start looking. Most of the time, it will be ports 22(SSH), 80(HTTP) and 443(HTTPS) which will be open.


NMAP has an infinite amount of possible commands you can use, but generally, these are the most useful ones.

Aggressive Scan
sudo nmap -A -p- -T5 -Pn -vvv
Silent and discrete scan
sudo nmap -sS -p- -T2
Host discovery
sudo nmap -sn
UDP Scan
sudo nmap -sUV --top-ports 1000 -vvv


nmap -T5
Starting Nmap 7.92 ( ) at 2021-12-21 17:15 CET
Nmap scan report for localhost (
Host is up (0.00029s latency).
Not shown: 998 closed tcp ports (conn-refused)
3306/tcp open  mysql
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds