How to perform a script and version scan
While performing penetration tests, reconnaissance is really important for informing the next steps of testing. Even though Nmap provides the open ports and the version of the service running on the port, you will need to know the exact version or the name of the service that is running to prepare further exploits or to gain further knowledge of the system.
The Nmap-service-probes database contains specific packet construction techniques to probe specific services and analyze the responses received from them. Nmap provides information about the service protocol, the application name, the version number, the hostname, the device type, and the OS family. It also sometimes determines whether the service is open to connections or if any default logins are available for the service:
-sV
(version detection): This flag enables Nmap to perform version detection on the particular host. This flag has options that can be used in conjunction with it.--allports
...