Initial Scanning Methodology

When doing my initial scans on a machine I use two tools. These are:

RustScan
Nmap

RustScan Usage

I use RustScan as it is very quick to return open ports. I use the -g flag when running it so that the ports are returned in an array that I can copy into an nmap scan:

rustscan -g -a <IP-ADDR> --ulimit 5000

Nmap Usage

I run nmap passing the ports found by RustScan in the -p flag. I then add -sC for default scripts, -sV to probe ports and get service/version information, and I add -oA to output the scan results into three different file formats. An example scan would look like this:

nmap -p 21,22,80 -sC -sV -oA Nmap/rustports <IP-ADDR>