Nmap reconnaissance profiles for safe internal assessments

I use nmap deliberately and with scope approval, not as a random curiosity tool against production assets. Version detection, default scripts, and targeted UDP checks usually provide enough visibility to prioritize hardening. The output becomes much more useful when you tie it back to known inventory and ownership.