Which tool is commonly used to enumerate open ports and services on a host during security testing?

Port scanning to map the attack surface is the key idea. Nmap is the best fit here because it actively probes a target to reveal which ports are accepting connections and what services are bound to those ports. It can perform TCP and UDP scans, determine port state (open, closed, filtered), and fingerprint the running services and even the operating system. This makes it the standard tool for enumerating open ports and services during security testing. Tracert traces the path to a host and doesn’t reveal port status. Pinging simply checks whether a host is reachable, not what ports are listening. Netstat shows open sockets on the machine you’re running it on, not on a remote target, so it doesn’t help you enumerate a distant host’s ports. So for discovering open ports and their services on a target, Nmap is the right tool.