A tiny, ready-to-use Bash helper I use daily during pentests and CTFs to speed up Nmap enumeration and save results in multiple formats.
Use only on systems you own or have explicit authorization to test. Unauthorized scanning may be illegal.
- Phase 1 — fast full TCP port scan (
-p-) to discover every open port - Phase 2 — targeted
-sV -sC -Oscan only on discovered ports - (optional) Phase 3 — UDP top-20 ports scan (
-uflag)
Results are saved with -oA in three formats (.nmap, .gnmap, .xml) to a timestamped file:
<outdir>/<target>-YYYYMMDD-HHMMSS-tcp.{nmap,gnmap,xml}
The script auto-detects whether it is running as root and prepends sudo only when needed, ensuring SYN scan (-sS) is always used.
bashnmapsudo(only if not already running as root)tput,grep,cut,tr,sed(available on any standard Linux/macOS environment)
chmod +x basic-enum.sh
./basic-enum.sh [options] <target>| Option | Description | Default |
|---|---|---|
-u |
Include UDP top-20 ports scan | off |
-o <dir> |
Output directory | current directory |
-r <rate> |
--min-rate value passed to nmap |
1000 |
-h |
Show help | — |
Examples:
# Basic scan
./basic-enum.sh 10.10.10.10
# With UDP, custom output dir, and lower rate for noisy networks
./basic-enum.sh -u -o ./results -r 500 10.10.10.10
# CTF — aggressive rate
./basic-enum.sh -r 5000 10.10.11.42Output files:
results/10.10.10.10-20260518-143201-tcp.nmap
results/10.10.10.10-20260518-143201-tcp.gnmap
results/10.10.10.10-20260518-143201-tcp.xml