Nmap complete tutorial
Introduction to Nmap
Nmap (Network Mapper) is a powerful open-source network scanning tool used for network discovery and security auditing. It helps administrators map networks, detect open ports, identify services running on those ports, and find potential vulnerabilities. This tutorial will guide you through the basic and advanced features of Nmap.
Installation
On Linux
bashCopy codesudo apt update
sudo apt install nmap
On macOS
bashCopy codebrew install nmap
On Windows
Download the installer from the Nmap download page.
Run the installer and follow the instructions.
Basic Usage
Scanning a Single Host
To scan a single host, use the following command:
bashCopy codenmap <target>
For example:
bashCopy codenmap 192.168.1.1
Scanning Multiple Hosts
To scan multiple hosts, specify a range or list of IPs:
bashCopy codenmap 192.168.1.1-10
or
bashCopy codenmap 192.168.1.1 192.168.1.2 192.168.1.3
Scanning a Subnet
To scan an entire subnet, use CIDR notation:
bashCopy codenmap 192.168.1.0/24
Common Scan Options
-sP: Ping scan - only check if the hosts are up.-sS: SYN scan - faster and stealthier than a full TCP scan.-sT: TCP connect scan - fully opens a connection, slower and noisier.-O: Enable OS detection.-sV: Version detection - determine what service and version is running.-A: Enable OS detection, version detection, script scanning, and traceroute.
Advanced Scanning Techniques
Port Scanning
By default, Nmap scans the 1,000 most common ports. To scan specific ports, use the -p option:
bashCopy codenmap -p 80,443 192.168.1.1
To scan a range of ports:
bashCopy codenmap -p 1-65535 192.168.1.1
Service and Version Detection
To detect services and their versions running on open ports, use the -sV option:
bashCopy codenmap -sV 192.168.1.1
OS Detection
To detect the operating system of the target, use the -O option:
bashCopy codenmap -O 192.168.1.1
Aggressive Scan
An aggressive scan combines various Nmap options for comprehensive information gathering:
bashCopy codenmap -A 192.168.1.1
Script Scanning
Nmap includes the Nmap Scripting Engine (NSE) for advanced scanning with custom scripts. Use the -sC option to run default scripts:
bashCopy codenmap -sC 192.168.1.1
To run specific scripts, use:
bashCopy codenmap --script <script-name> 192.168.1.1
Example: Vulnerability Scan
To run vulnerability scripts, you can use:
bashCopy codenmap --script vuln 192.168.1.1
Output Options
Nmap can output results in various formats for further analysis and reporting.
Simple Text Output
bashCopy codenmap -oN output.txt 192.168.1.1
XML Output
bashCopy codenmap -oX output.xml 192.168.1.1
Grepable Output
bashCopy codenmap -oG output.gnmap 192.168.1.1
Multiple Formats
bashCopy codenmap -oN output.txt -oX output.xml -oG output.gnmap 192.168.1.1
Practical Examples
Scan the Top 100 Ports on a Host
bashCopy codenmap --top-ports 100 192.168.1.1
Perform a Stealth SYN Scan
bashCopy codenmap -sS 192.168.1.1
Detect Firewalls
bashCopy codenmap -sA 192.168.1.1
Perform a UDP Scan
bashCopy codenmap -sU 192.168.1.1
Save Output in All Formats
bashCopy codenmap -oA output 192.168.1.1
Conclusion
Nmap is an essential tool for network administrators and security professionals. It provides a wealth of information about network hosts, services, and potential vulnerabilities. By mastering Nmap's basic and advanced features, you can effectively secure your network and identify potential threats.
For more information and advanced usage, refer to the official Nmap documentation. Happy scanning!
