Choose a domain and get the name servers associated with it.
Using the same domain as the previous question, get the mail servers.
Find the IP addresses of the docker containers running on localhost.
Enumerate the services running on each of these containers. What versions are they? Are there known vulnerabilities?
Try running some NSE scripts against the containers. What scripts do you think would be useful to try? Why?
Find your home network IP address range and run an nmap scan against it. What machines are on your network? Are they running strange services?