1. Enumeration

Port Scan

Extract opening TCP ports

ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//) 

nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt

Check for open UDP ports

nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt

Link IP to a domain name

echo {target ip address} {domain name} | sudo tee -a /etc/hosts