There are times where you want to run a quick Nmap scan to see what ports are open, and then rerun a more in-depth Nmap scan on those specific ports. Doing it this way will allow you to lessen the amount of time it takes to run the scan, as you aren’t wasting time trying to run Nmap scripts or enumerate version information on ports that aren’t open.

Your initial scan make look something like this.

sudo nmap -p- <target> -oA nmap/quick

You can then run the following to retrieve a command separated list of open ports you can copy/paste to your next command.

cat nmap/quick | grep open | awk -F/ '{print $1}' ORS=','; echo