T0846.001: Port Scan
Essential information
- MITRE technique ID
T0846.001- Confidence
- 75/100
- Revoked
- No
- Published
- 20/04/2026 22:54
- Modified
- 04/05/2026 16:52
- Author / Source
- The MITRE Corporation
Description
Adversaries may perform a port scan on a system, device, or network to identify live hosts, enumerate open ports and running services, identify operating systems, and map out the network.(Citation: NIST SP 800-82r3) The results of a port scan may inform adversary [Discovery](https://attack.mitre.org/tactics/TA0102), [Lateral Movement](https://attack.mitre.org/tactics/TA0109), and vulnerability exploitation decisions ([Exploitation for Evasion](https://attack.mitre.org/techniques/T0820), [Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T0890), [Exploitation of Remote Services](https://attack.mitre.org/techniques/T0866)).
Some common tools for executing a port scan include `nmap`, `netcat`, and the Advanced Port Scanner.
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-ics-attack-v19 | discovery |
| mitre-ics-attack | discovery |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.