Which tool is used to perform an XMAS scan in the described scenario?

Xmas scan is a TCP probing technique that sends packets with the FIN, PSH, and URG flags set to infer the state of ports. Nmap includes a specific scan type for this method, invoked with the -sX option, making it the go-to tool for performing an Xmas scan. The idea is that different TCP stacks respond in characteristic ways to these unusual packets, so open, closed, or filtered ports can be inferred from the presence or absence of responses like RSTs. However, results can be unreliable on modern networks due to firewalls and intrusion prevention systems that filter or drop odd packets. The other tools shown are for different purposes: Wireshark is a packet analyzer that captures and analyzes traffic rather than scanning, Metasploit is a exploitation framework with some scanning capabilities but not specifically the Xmas scan, and OpenVAS is a vulnerability scanner, not a port-state probe. Therefore, Nmap is the appropriate choice for performing an Xmas scan.