Port scanning is a stage of enumeration in which the attacker tries to identify open ports on a target machine in order to define the attack surface.

Note that apart from using other automated tools, sometimes it can be helpful to connect to those ports with nc -z to diagnose problematic scan results.

Example

# nmap:
# ===========================================
#   pros: full-fledged, nmap scripts
#   cons: none, just gotta know how to use it
mkdir nmap
sudo nmap -vvv $IP -oA nmap/initial -p-
# The one above should finish rather quickly
# Replace $PORTS with the scan results from above
sudo nmap -vvv -sSVC -oA nmap/svc $IP -p$PORTS
 
# rustscan:
# ===========================================
#   pros: very fast without needing to specify options
#   cons: super noisy, can be unreliable, nmap can also be used
rustscan -a $IP

See also Bash port scanner.