Nmap Top UDP Scan
reconchecklist
Summary
Run against discovered subdomains as well.
Walkthrough
Scan the top UDP ports for services like SNMP, DNS, or TFTP that TCP scans miss. A hit is any open UDP port with a recognizable service response; repeat against discovered subdomains and hostnames.
Commands
bash
nmap <IP> -sU -top-ports=100 --min-rate=20000