216.73.217.80

T0846.001: Port Scan

View on MITRE ATT&CK The MITRE Corporation · Published 20/04/2026 22:54 · Modified 04/05/2026 16:52

Essential information

MITRE technique ID
T0846.001
Confidence
75/100
Revoked
No
Published
20/04/2026 22:54
Modified
04/05/2026 16:52
Author / Source
The MITRE Corporation

Description

Adversaries may perform a port scan on a system, device, or network to identify live hosts, enumerate open ports and running services, identify operating systems, and map out the network.(Citation: NIST SP 800-82r3) The results of a port scan may inform adversary [Discovery](https://attack.mitre.org/tactics/TA0102), [Lateral Movement](https://attack.mitre.org/tactics/TA0109), and vulnerability exploitation decisions ([Exploitation for Evasion](https://attack.mitre.org/techniques/T0820), [Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T0890), [Exploitation of Remote Services](https://attack.mitre.org/techniques/T0866)). Some common tools for executing a port scan include `nmap`, `netcat`, and the Advanced Port Scanner.

Kill chain phases

Kill chainPhase
mitre-ics-attack-v19 discovery
mitre-ics-attack discovery

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references