DEV Community

Cover image for Day 2 - Teaching Nmap to Think Like a Pentester (Python + Regex)
Hafiz Shamnad
Hafiz Shamnad

Posted on • Edited on

Day 2 - Teaching Nmap to Think Like a Pentester (Python + Regex)

#cybersecurity #python #programming #regex

Day 2 of 30:

Yesterday was about relearning Python.
Today was about rewiring how I read scan results.

Instead of running Nmap, copying the output, and mentally mapping ports to services, I asked a simple question:

What if my script could do that thinking for me?

So Day 2 became about parsing, interpreting, and enriching Nmap output using Python.

What I worked on today

1. Parsing Nmap output properly

I used regular expressions to extract only open TCP/UDP ports, avoiding false positives like 22 matching 2222.

r"(\d+)/(?:tcp|udp)\s+open"
Enter fullscreen mode Exit fullscreen mode

This gave me a clean list of ports like:

['22', '80', '443', '3306']
Enter fullscreen mode Exit fullscreen mode

No noise. No guessing.

2. Building a port intelligence map

Instead of just printing ports, I created a dictionary that maps:

• port
• service
• common attack surface

Example:

22 → SSH → brute force, weak credentials  
80 → HTTP → XSS, SQLi, file upload  
3306 → MySQL → DB brute force, data dump
Enter fullscreen mode Exit fullscreen mode

This single step completely changed how the scan felt.

3. Turning raw output into a readable report

I refactored the script so it now:

• shows a banner
• runs ARP scan or target scan
• extracts open ports
• prints a structured scan report
• explains why each port matters
• handles unknown ports safely

Instead of this:

22/tcp open ssh
80/tcp open http
Enter fullscreen mode Exit fullscreen mode

I now see:

[+] Port 22
    Service : SSH
    Risk    : Bruteforce attack, weak password

[+] Port 80
    Service : HTTP
    Risk    : Web attack surface (XSS, SQLi)
Enter fullscreen mode Exit fullscreen mode

That difference matters.

Biggest takeaway from Day 2

The real skill isn’t running tools.
It’s interpreting what they tell you.

Nmap already had the data.
I just taught Python to explain it back to me.

This approach forces me to think like a pentester instead of a command runner.

What’s next (Day 3)

• auto-suggest enumeration tools based on ports
• example:
• 80 → gobuster
• 445 → enum4linux
• 22 → hydra
• cleaner CLI output
• modularize the code

30 days.
One terminal.
Building understanding, not shortcuts.

If you’re also learning cybersecurity or Python, feel free to follow along.
This challenge is less about speed and more about depth.

Top comments (0)