#!/usr/bin/env bash
# HTB Blue — Enumeration Script
# Usage: TARGET=<ip> bash htb-blue-enum.sh
# Only run against authorized lab targets.

TARGET="${TARGET:-10.10.10.40}"

echo "[*] Starting Nmap full port scan on $TARGET"
nmap -sV -sC -p- --open -T4 -oN blue-nmap-full.txt "$TARGET"

echo "[*] Running SMB vuln scripts"
nmap -p 445 --script smb-vuln-ms17-010 -oN blue-smb-vuln.txt "$TARGET"

echo "[*] Nmap output written to blue-nmap-full.txt and blue-smb-vuln.txt"