User Tools

Site Tools

arms:nmap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
arms:nmap [2024/06/07 07:22] Humphrey Boa-Gartarms:nmap [2024/08/06 05:48] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Nmap ====== ====== Nmap ======
  
-**Nmap** (**N**etwork **Map**per) is a command-line //port scanner//. It identifies which services are running on a networked computer. This is useful for discovering and identifying points of attack in potential targets. Its ability to scan entire networks is very useful when combined with Whois information about organizations you may be targeting.+**Nmap** (**N**etwork **Map**per) is a cross-platform command-line //port scanner//. It identifies which ports are open on a networked computer, which in turn can help identify what services are running on that computer. This is useful to both sysadmins and hackers alike for discovering potential exploitable vulnerabilities. Its ability to scan entire networks is very useful when combined with [[diy:network-recon#whois|WHOIS]] information about organizations you may be targeting
 + 
 +Nmap isn't limited to just scanning for open ports. It also features such abilities as host discovery, service and operating system detection, version identification, and more. 
 + 
 +**Note:** Port scanning is a fast way to get your IP address flagged by some hosts. For best results, pair this with a [[security:vpn|VPN]] and use a [[diy:change-mac|randomized MAC address]].
  
 ===== Download Nmap ===== ===== Download Nmap =====
Line 7: Line 11:
 Nmap is available for Linux, Windows, BSD & MacOS. Download options for all platforms can be [[https://nmap.org/download.html|found here]]. Some quick install instructions are below: Nmap is available for Linux, Windows, BSD & MacOS. Download options for all platforms can be [[https://nmap.org/download.html|found here]]. Some quick install instructions are below:
  
-=== Debian/Ubuntu ===+==== Debian/Ubuntu ====
  
   $ sudo apt install nmap   $ sudo apt install nmap
  
-=== Fedora/Red Hat ===+==== Fedora/Red Hat ====
  
   $ sudo dnf install nmap   $ sudo dnf install nmap
  
-=== Windows ===+==== Windows ====
  
 Read the [[https://nmap.org/book/inst-windows.html|Windows install instructions]]. Read the [[https://nmap.org/book/inst-windows.html|Windows install instructions]].
  
-=== MacOS ===+==== MacOS ====
  
 Read the [[https://nmap.org/book/inst-macosx.html|MacOS install instructions]]. Read the [[https://nmap.org/book/inst-macosx.html|MacOS install instructions]].
  
-==== Zenmap ====+===== Basic Usage =====
  
-There is a GUI version of Nmap called [[https://nmap.org/zenmap/|Zenmap]], but you honestly do not really need it.+For this article, we will be using Nmap.org'[[http://scanme.nmap.org/|free ScanMe service]] as our example target.
  
-===== Example Commands =====+For basic usage, just run ''nmap'' followed by the domain you want to scan:
  
-Basic usage (see which ports are open/filtered/closed):+  $ nmap scanme.nmap.org
  
-  nmap 192.168.1.150+You can run it against IP addresses too. A ''whois'' on scanme.nmap.org says it is located at ''45.33.32.156'', so let's try that:
  
-Identify services running on one computer:+  $ nmap 45.33.32.156
  
-  nmap -sV 192.168.1.150+==== Host Discovery ====
  
-Identify services running on one computer, which does not respond to pings:+The first part of an Nmap scan is host discovery. To see if the host will even respond to Nmap in the first place, without waiting for a whole port scan that typically comes after, use the ''-sP'' flag:
  
-  nmap -sV -PN 192.168.1.150+  nmap -sP scanme.nmap.org
  
-Check to see if specific ports are open on one computer:+Sometimes a host may not respond to a standard ping. There are a multitude of ''-P*'' flags, which ping the host in different ways:
  
-  nmap -p T:21-25,80,443 192.168.1.150+  nmap -PA scanme.nmap.org 
 +  $ nmap -PN scanme.nmap.org 
 +  $ nmap -PR scanme.nmap.org 
 +   
 +EtcetcetcFlags can be combined sequentially like so: 
 +   
 +  $ nmap -PN -sP scanme.nmap.org
  
-Check to see if specific ports are open on a range of computers:+If your target is not responding to pings, try adding one of these flags to your command and see if that does the trick. For more information, read [[https://nmap.org/book/host-discovery-techniques.html|Host Discovery Techniques]] in the Nmap documentation.
  
-  nmap -p T:21-25,80,443 192.168.1.150-254+==== Port Scanning ==== 
 + 
 +To skip host discovery and go straight to the port scan, use the ''-Pn'' flag: 
 + 
 +  $ nmap -Pn scanme.nmap.org 
 + 
 +Check to see if specific ports are open on one address: 
 + 
 +  $ nmap -p T:21-25,80,443 45.33.32.156 
 + 
 +Check to see if specific ports are open on a range of addresses: 
 + 
 +  $ nmap -p T:21-25,80,443 45.33.32.156-254 
 + 
 +==== Service & Version Identification ==== 
 + 
 +Identify information about services running on a host with the ''-sV'' flag: 
 + 
 +  $ nmap -sV scanme.nmap.org 
 + 
 +==== OS Identification ==== 
 + 
 +Identify the operating system of a host with the ''-O'' flag: 
 + 
 +  $ nmap -O scanme.nmap.org 
 + 
 + 
 +===== Zenmap ===== 
 + 
 +There is a GUI version of Nmap called [[https://nmap.org/zenmap/|Zenmap]], but you honestly do not really need it.
  
 ===== More Info ===== ===== More Info =====
  
-[[https://nmap.org|Nmap homepage]]+[[https://nmap.org|Nmap Homepage]] 
 + 
 +[[https://nmap.org/book/toc.html|Nmap User Manual]]
  
 [[http://linux.die.net/man/1/nmap|Nmap Man page]] [[http://linux.die.net/man/1/nmap|Nmap Man page]]
  
 {{tag>Armaments Recon}} {{tag>Armaments Recon}}
arms/nmap.1717744923.txt.gz · Last modified: 2024/08/06 05:53 (external edit)

Find this page online at: https://bestpoint.institute/arms/nmap