What is Nmap?
Nmap (Network Mapper) is a free, open-source tool used for network discovery, port scanning, and vulnerability assessment. It is widely used by ethical hackers and system administrators to gather information about systems, services, and potential attack vectors.
π Getting Started
Basic syntax of Nmap:
nmap [options] [target]Example - Quick Scan
nmap scanme.nmap.orgThis will perform a simple TCP connect scan on 1000 common ports.
π Common Scan Types
1. SYN Scan (Stealth Scan)
nmap -sS 192.168.1.1Performs a fast and stealthy TCP SYN scan. This is the most popular scan type.
2. Service and Version Detection
nmap -sV 192.168.1.1Identifies running services and attempts to determine their version numbers.
3. OS Detection
nmap -O 192.168.1.1Tries to determine the operating system of the target machine.
4. Aggressive Scan
nmap -A 192.168.1.1Combines OS detection, version detection, script scanning, and traceroute.
5. UDP Scan
nmap -sU 192.168.1.1Scans UDP ports (slower and more resource-intensive than TCP).
π§ Advanced Usage
Scan Multiple Targets
nmap 192.168.1.1 192.168.1.2 192.168.1.3Scan a Subnet
nmap 192.168.1.0/24Scan Specific Ports
nmap -p 22,80,443 192.168.1.1Use a Custom Wordlist
nmap -p- --top-ports 100 --script vuln target.comSave Results
nmap -oN output.txt 192.168.1.1π Real-World Example
Suppose youβre assessing a web server at webcorp.com. Here's how you'd start:
# Step 1: Basic discovery
nmap -sS -p 80,443 webcorp.com
# Step 2: Service and version detection
nmap -sV -p 80,443 webcorp.com
# Step 3: Full aggressive scan
nmap -A webcorp.com -oN webcorp-scan.txtThese steps help identify web servers, frameworks, and even misconfigured services.
π‘ Pro Tips
- Use
-T4for faster scans without being too noisy. - Combine with
--scriptfor advanced detection using NSE (Nmap Scripting Engine). - Always scan a controlled lab or authorized systems. Unauthorized scanning is illegal!
- Use
-Pnto skip host discovery (useful for stealth or firewalled targets).