Nmap Pentest Scans

v0.1.0

Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.

⭐ 0· 900·7 current·8 all-time

byMuhammad Mazhar Saeed@0x-professor

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

ℹ

Purpose & Capability

Name/description promise matches the primary behavior: producing Nmap scan workflows, profiles, and artifacts. One mismatch: the description/README language implies the skill can 'orchestrate' live scans, but the included code only generates plans/commands and writes artifacts rather than invoking nmap or performing network operations. No Nmap binary is required (and none is installed), which is coherent with a planner but not with a fully automated runner.

✓

Instruction Scope

SKILL.md and the script are scoped to planning: validate scope, require explicit authorization for non-dry-run, build command sequences, and produce deterministic artifacts. The script validates scope and enforces --i-have-authorization for active runs. It reads input payload and scope files and writes artifacts under the output path — these file reads/writes are expected for this purpose. It does not perform network access or transmit data externally.

✓

Install Mechanism

There is no install spec (instruction-only plus a local Python script), so nothing is downloaded or extracted. Risk from installation is minimal.

✓

Credentials

No environment variables, credentials, or config paths are requested. The script reads a scope file and an input payload (expected for planning) but does not ask for unrelated secrets or platform keys.

✓

Persistence & Privilege

The skill is not always-enabled, is user-invocable, and does not request elevated or persistent platform privileges. It writes artifacts to the output path provided by the user, which is normal for a planner.

Assessment

This skill appears to be a planner that produces reproducible Nmap command sequences and reports; it enforces scope checks and requires an explicit authorization flag before non-dry-run execution. Before installing or running it: ensure the referenced shared module (autonomous-pentester/shared/pentest_common) is present and trusted in your environment, confirm you understand where the skill will read scope/input files and write artifacts, and be aware the skill will not actually execute nmap commands (you or another tool must run the generated commands). If you expected an automated runner that executes scans, note this skill only generates plans and findings artifacts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e92xfj4tw0gqd8515ftrs198204xm

900downloads

0stars

1versions

Updated 8h ago

v0.1.0

MIT-0

Nmap Pentest Scans

Stage

PTES: 2-3
MITRE: TA0007 - Discovery

Objective

Design reproducible Nmap scan workflows for authorized targets and produce deterministic scan-plan artifacts.

Required Workflow

Validate scope before any active action and reject out-of-scope targets.
Require explicit authorization for non-dry-run execution.
Select profile (stealth, balanced, fast) and build command sequence.
Produce normalized findings and export deterministic artifacts.

Execution

python skills/nmap-pentest-scans/scripts/nmap_pentest_scans.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

scan-plan.json
scan-plan.md
recommended-commands.txt
findings/nmap-pentest-findings.json
nmap-pentest-scans-report.json

References

references/tools.md
references/scan-profiles.md
skills/autonomous-pentester/shared/scope_schema.json
skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill prepares and can orchestrate live network scan workflows.
Use only with written authorization and approved scope.

Comments

Loading comments...