User Tools

Site Tools

arms:nmap

This is an old revision of the document!

Table of Contents

Nmap

Nmap (Network Mapper) is a cross-platform command-line port scanner. It identifies which ports are open on a networked computer, which in turn can help identify what services are running on that computer. This is useful to both sysadmins and hackers alike for discovering potential points of attack in prospective targets. Its ability to scan entire networks is very useful when combined with WHOIS information about organizations you may be targeting.

Nmap isn't limited to just scanning for open ports, but features such abilities as host discovery, service and operating system detection, version identification, and more.

Download Nmap

Nmap is available for Linux, Windows, BSD & MacOS. Download options for all platforms can be found here. Some quick install instructions are below:

Debian/Ubuntu

$ sudo apt install nmap

Fedora/Red Hat

$ sudo dnf install nmap

Windows

Read the Windows install instructions.

MacOS

Read the MacOS install instructions.

Basic Usage

For this article, we will be using Nmap.org's free ScanMe service as our example target.

For basic usage, just run nmap followed by the domain you want to scan: 

$ nmap scanme.nmap.org

You can run it against IP addresses too. A whois on scanme.nmap.org says it is located at 45.33.32.156: 

$ nmap 45.33.32.156

Host Discovery

The first part of an Nmap scan is host discovery. To see if the host will even respond to Nmap in the first place, without waiting for a whole port scan that typically comes after, use the -sP flag: 

$ nmap -sP scanme.nmap.org

Sometimes a host may not respond to a standard ping. There are a multitude of -P* flags, which ping the host in different ways: 

$ nmap -PA -sP scanme.nmap.org
$ nmap -PN -sP scanme.nmap.org
$ nmap -PR -sP scanme.nmap.org

etc, etc

If your target is not responding to pings, try adding one of these flags to your command and see if that does the trick. For more information, read Host Discovery Techniques in the Nmap documentation.

Port Scanning

To skip host discovery and go straight to the port scan, use the -Pn flag: 

$ nmap -Pn scanme.nmap.org

Check to see if specific ports are open on one address: 

$ nmap -p T:21-25,80,443 45.33.32.156

Check to see if specific ports are open on a range of addresses: 

$ nmap -p T:21-25,80,443 45.33.32.156-254

Service & Version Identification

Identify information about services running on a host: 

$ nmap -sV scanme.nmap.org

OS Identification

Identify the operating system of a host: 

$ nmap -O scanme.nmap.org

Zenmap

There is a GUI version of Nmap called Zenmap, but you honestly do not really need it.

More Info

Nmap homepage

Nmap Man page

,
arms/nmap.1717748156.txt.gz ยท Last modified: 2024/08/06 05:53 (external edit)

Find this page online at: https://bestpoint.institute/arms/nmap