Introduction

Nmap, short for Network Mapper, is an open-source tool used for network discovery and security auditing. Developed by Gordon Lyon (also known as Fyodor), it has become the go-to tool for network administrators and penetration testers. This article will guide you through the core features of Nmap and provide useful commands to help you get started.

Why Use Nmap?

Nmap is favored by security professionals for several reasons:

  • Ease of Use: Quickly map out a network with simple commands.
  • Device Discovery: Identify all devices, including servers, routers, switches, and mobile devices on a network.
  • Service Detection: Detect services and applications running on devices, including their versions.
  • OS Detection: Gather detailed information about the operating system and its version.
  • Security Auditing: Use the Nmap Scripting Engine (NSE) to automate vulnerability scanning and exploit detection.
  • Graphical Interface: Zenmap provides a GUI for visual network mapping and reporting.

Basic Scans

Ping Scan

A ping scan checks which devices are up and running on a given subnet.

  nmap -sp 192.168.1.1/24
  

Single Host Scan

Scan a single host for 1000 well-known ports.

  nmap google.com
  

Stealth Scan

A stealth scan sends an SYN packet and analyzes the response without completing the TCP handshake, making it harder for the target to detect the scan.

  nmap -sS google.com
  

Version Scanning

Version scanning identifies the versions of services running on a host, which helps in detecting known vulnerabilities.

  nmap -sV google.com
  

OS Scanning

OS scanning uses TCP/IP fingerprinting to determine the operating system of the target.

  nmap -O google.com
  

You can use additional flags like --osscan-limit to limit the search to a few expected targets.

Aggressive Scanning

Aggressive scanning combines OS detection, version detection, script scanning, and traceroute.

  nmap -A google.com
  

Scanning Multiple Hosts

Nmap allows you to scan multiple hosts simultaneously using various methods:

List Multiple IPs

  nmap 192.164.1.1 192.164.0.2 192.164.0.3
  

Use Wildcards

  nmap 192.164.1.*
  

Use Commas

  nmap 192.164.0.1,2,3,4
  

Use Hyphens

  nmap 192.164.0.0-255
  

Port Scanning

Port scanning checks for open ports on a host.

Single Port

  nmap -p 973 192.164.0.1
  

Specify Connection Type

  nmap -p T:7777,973 192.164.0.1
  

Range of Ports

  nmap -p 76-973 192.164.0.1
  

Top Ports

  nmap --top-ports 10 google.com
  

Scanning from a File

You can scan a list of IP addresses from a file.

  nmap -iL /input_ips.txt
  

Verbosity and Exporting Scan Results

Verbose Output

Verbose mode provides additional details about the scan process.

  nmap -v google.com
  

Normal Output

Export scan results to a text file.

  nmap -oN output.txt google.com
  

XML Output

Export scan results to an XML file, preferred for compatibility with other pen-testing tools.

  nmap -oX output.xml google.com
  

Multiple Formats

Export results in all available formats.

  nmap -oA output google.com
  

Nmap Help

Nmap has a built-in help command that lists all available options and flags.

  nmap -h
  

Nmap Scripting Engine (NSE)

The Nmap Scripting Engine allows you to write and use scripts to automate network tasks and attacks. Scripts are written in Lua and can perform various functions such as vulnerability detection, exploitation, and reporting.

Zenmap

Zenmap is the graphical user interface for Nmap. It is a free and open-source tool that helps you visually map a network and save scan results for future use. Zenmap is especially useful for beginners who prefer a GUI over the command line.

Conclusion

Nmap is an indispensable tool for network discovery and security auditing. With its wide range of features, including device discovery, service detection, OS fingerprinting, and scripting capabilities, Nmap stands out as the greatest scanning tool of all time. Whether you are a network administrator, security professional, or penetration tester, mastering Nmap is essential for effective network management and security assessment.

Last updated 26 Jun 2024, 05:12 +0200 . history