NMAP is a very useful tool to scan open ports available on a system. It also has some scripts to autodetect vulnerabilities and other useful information like default login access.
This is the tool you want to start with when you begin a new CTF challenge, since it will tell you where to start looking. Most of the time, it will be ports 22(SSH), 80(HTTP) and 443(HTTPS) which will be open.
NMAP has an infinite amount of possible commands you can use, but generally, these are the most useful ones.
sudo nmap -A -p- -T5 -Pn -vvv 127.0.0.1sudo nmap -sS -p- -T2 127.0.0.1sudo nmap 192.168.1.1/24 -snsudo nmap -sUV --top-ports 1000 -vvv 127.0.0.1Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-21 17:15 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00029s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE
3306/tcp open mysql
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds