Home > Network Management > nmap

nmap: Network Scanning and Security Auditing

nmap (Network Mapper) is a powerful open-source utility for network discovery and security auditing. It provides a wide range of features including host discovery, port scanning, OS detection, and service version detection, making it essential for understanding network infrastructure and identifying potential security vulnerabilities.

Overview

nmap is an indispensable tool for network administrators and security professionals to explore networks and audit security issues. It supports various scanning techniques and can extend its functionality through its scripting engine.

Key Features

  • Host Discovery (Identifying active hosts on the network)
  • Port Scanning (Checking for open ports and services)
  • Operating System (OS) Detection
  • Service Version Detection
  • Firewall and Filter Evasion
  • Extensibility via Nmap Scripting Engine (NSE)

Key Options

nmap offers a vast array of options. Here, we focus on the main scan types and output-related options.

Scan Types

Target Specification and Others

Generated command:

Try combining the commands.

Description:

`nmap` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Examples of utilizing nmap's various scanning capabilities.

Basic Port Scan

nmap scanme.nmap.org

Performs a SYN scan on the most common 1000 ports of the target host.

Scan Specific Ports

nmap -p 80,443 scanme.nmap.org

Scans only ports 80 (HTTP) and 443 (HTTPS) on the target host.

OS and Service Version Detection

nmap -A scanme.nmap.org

Detects the operating system and service versions of open ports on the target host.

Scan Entire Subnet

nmap 192.168.1.0/24

Scans all active hosts within a specified subnet (e.g., 192.168.1.0/24).

Save Scan Results to File

nmap -sS -oN results.txt -oX results.xml scanme.nmap.org

Saves scan results to both a plain text file and an XML file.

Installation

nmap is not typically included by default in most Linux distributions, so it needs to be installed via a package manager.

Debian/Ubuntu

sudo apt update && sudo apt install nmap

Installs nmap using the APT package manager.

CentOS/RHEL/Fedora

sudo yum install nmap
# or
sudo dnf install nmap

Installs nmap using the YUM or DNF package manager.

Arch Linux

sudo pacman -S nmap

Installs nmap using the Pacman package manager.

Tips & Precautions

Useful tips and precautions when using nmap.

Ethical Use

nmap is a powerful network scanning tool, so it must only be used on networks you own or have explicit permission to scan. Unauthorized scanning can be considered illegal.

  • Always obtain explicit permission for the target you are scanning.
  • Unauthorized scanning of public networks or other people's systems can lead to legal issues.

Firewall Evasion and Detection

nmap can use various techniques to evade firewalls or detect their presence. Options like `-f` (fragment packets), `--data-length` (add random data), and `--badsum` (send packets with bad checksum) can be utilized.

  • The `-Pn` option skips the ping scan, allowing scans to proceed even if a firewall blocks ICMP responses.
  • The `-T<0-5>` option adjusts scan speed to potentially avoid detection by IDS/IPS systems (0: Paranoid, 5: Insane).

Nmap Scripting Engine (NSE)

NSE is a powerful collection of scripts that extend nmap's capabilities. It can perform various tasks such as vulnerability detection, backdoor detection, and information gathering.

  • Use with the `--script <script_name>` or `--script <category>` options.
  • Example: `nmap --script vuln <target>` (common vulnerability scan)
  • Example: `nmap --script http-enum <target>` (web server directory enumeration)

Same category commands

curl

The Complete Guide to the Curl Command

dig

dig: DNS Information Lookup Tool

ftp

ftp: File Transfer Protocol Client

host

host: Simple DNS Information Lookup Tool

http

Mastering the HTTPie Command