Nmap is considered by most security professionals to be one of the most highly polished and effective tools within the Kali Linux platform. But as impressive and powerful as this tool is, comprehensive port scanning and service identification can be very time consuming. Rather than performing targeted scans against distinct service ports throughout a penetration test, it is a better approach to perform comprehensive scans of all possible TCP and UDP services and then just reference those results throughout the assessment. Nmap offers both XML and greppable output formats to aid in this process.

Ideally, you should become familiar enough with these formats that you can extract the desired information as needed from the output files. However, for reference, this recipe will provide an example script that can be used to extract all IP addresses identified to have a service running on a provided port.