What is Nmap?
Nmap is an open-source tool used to discover hosts and services on a network. It works by sending packets and analyzing responses. System administrators and penetration testers use it for host discovery, port scanning, OS detection, and security audits. It’s a must-have tool for reconnaissance and information gathering.
Basic Nmap Syntax
The basic syntax for Nmap is:
The target can be a single IP, a range of IPs, a domain name, or a subnet. Examples include:
-
nmap 192.168.1.1 -
nmap example.com -
nmap 192.168.1.1-100 -
nmap 192.168.1.0/24
Quick Scans
Here are some useful quick scan commands:
-
nmap -sn 192.168.1.0/24– Ping scan to discover live hosts -
nmap -F 192.168.1.1– Fast scan of top 100 ports -
nmap -T4 192.168.1.1– Faster scanning with aggressive timing
Port Scanning
Some common port scanning examples:
-
nmap -p 22 192.168.1.1– Scan a specific port (e.g., SSH) -
nmap -p 1-1000 192.168.1.1– Scan a range of ports -
nmap -p- 192.168.1.1– Scan all 65535 ports -
nmap --top-ports 20 192.168.1.1– Scan top 20 most used ports
Service and Version Detection
Use these commands to detect service versions:
-
nmap -sV 192.168.1.1– Detect version of running services -
nmap -sV --version-intensity 9 192.168.1.1– Aggressive version detection -
nmap -A 192.168.1.1– Enables OS detection, version detection, script scanning, and traceroute
OS Detection
To identify the operating system of a target:
-
nmap -O 192.168.1.1– Basic OS detection -
nmap -A 192.168.1.1– Advanced detection with OS and more -
nmap -v -O 192.168.1.1– Verbose mode with OS detection
Output Formats
Nmap offers multiple output options for saving scan results:
-
nmap -oN output.txt 192.168.1.1– Normal text output -
nmap -oX output.xml 192.168.1.1– XML format -
nmap -oG output.gnmap 192.168.1.1– Grepable format -
nmap -oA myscan 192.168.1.1– Save all formats at once
Nmap Scripting Engine (NSE)
Nmap supports powerful scripting through NSE, useful for vulnerability scans and more:
-
nmap --script=default 192.168.1.1– Run default scripts -
nmap --script=vuln 192.168.1.1– Scan for vulnerabilities -
nmap --script=ssl* 192.168.1.1– Run all SSL-related scripts
Stealth and Evasion Scans
Useful for bypassing firewalls and IDS:
-
nmap -sS 192.168.1.1– TCP SYN (stealth) scan -
nmap -sN 192.168.1.1– Null scan (no TCP flags) -
nmap -D RND:10 192.168.1.1– Use decoys to mask your scan -
nmap -f 192.168.1.1– Fragment packets to bypass firewalls
Real-World Scan Examples
Some practical use cases for Nmap:
-
Discover active hosts on a network:
nmap -sn 10.0.0.0/24 -
Scan for vulnerabilities:
nmap -sV --script vuln 192.168.1.1 -
Full aggressive scan:
nmap -A -T4 192.168.1.1 -
Evade firewall with fragmented packets:
nmap -f 192.168.1.1
Bonus Tips
Use -v for verbose mode to get more output detail, and -vv for even more verbosity. Combine multiple flags for more thorough and customized scans. Always remember to scan responsibly and with permission—unauthorized scanning can be illegal.
Conclusion
Whether you’re scanning a small office network or performing an enterprise-level audit, Nmap is an indispensable tool. Bookmark this cheat sheet or print it out for quick reference. It’s a powerful ally in your cybersecurity toolkit.
Comments
0 comment