Nmap is an open-source network monitoring and port scanning tool to find the hosts and services in the computer by sending the packets to the target host for network discovery and security auditing.
Numerous frameworks and system admins additionally think that it’s helpful for assignments, for example, network inventory, overseeing administration overhaul timetables, and observing host or administration uptime.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
It was designed to rapidly scan large networks but works fine against single hosts. it runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results in the viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
You can also take a Master in Ethical Hacking & Penetration Testing Online course where you can learn more about NMAP and advance level Ethical hacking skills.
TOP NMAP COMMEANDS: 1: To find out nmap version, run: # nmap --version Sample outputs: Nmap version 5.51 ( http://nmap.org ) 2: To scan an IP address or a host name (FQDN), run: # nmap 1.2.3.4 # nmap localhost # nmap 192.168.1.1 3: Information out of the remote system: # nmap -v -A scanme.nmap.org # nmap -v -A 192.168.1.1 Sample outputs: Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-19 16:38 IST NSE: Loaded 30 scripts for scanning. Initiating ARP Ping Scan at 16:38 Scanning 192.168.1.1 [1 port] Completed ARP Ping Scan at 16:38, 0.04s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 16:38 Completed Parallel DNS resolution of 1 host. at 16:38, 0.00s elapsed Initiating SYN Stealth Scan at 16:38 Scanning 192.168.1.1 [1000 ports] Discovered open port 80/tcp on 192.168.1.1 Discovered open port 22/tcp on 192.168.1.1 Completed SYN Stealth Scan at 16:38, 0.27s elapsed (1000 total ports) 4: Scan multiple IP address or subnet (IPv4): nmap 192.168.1.1 192.168.1.2 192.168.1.3 ## works with same subnet i.e. 192.168.1.0/24 nmap 192.168.1.1,2,3 You can scan a range of IP address too: nmap 192.168.1.1-20 You can scan a range of IP address using a wildcard: nmap 192.168.1.* Finally, you scan an entire subnet: nmap 192.168.1.0/24 5: Find out if a host/network is protected by a firewall: nmap -sA 192.168.1.254 nmap -sA server1.gbhackers.com 6: Turn on OS and version detection scanning script (IPv4): nmap -A 192.168.1.254 nmap -v -A 192.168.1.1 nmap -A -iL /tmp/scanlist.txt 7: Scan a host when protected by the firewall: nmap -PN 192.168.1.1 nmap -PN server1.gbhackers.com 8: Scan an IPv6 host/address: The -6 option enable IPv6 scanning. The syntax is: nmap -6 IPv6-Address-Here nmap -6 server1.gbhackers.com nmap -6 2607:f0d0:1002:51::4 nmap -v A -6 2607:f0d0:1002:51::4 9: How do I perform a fast scan: nmap -F 192.168.1.1 10: Display the reason a port is in a particular state: nmap --reason 192.168.1.1 nmap --reason server1.gbhackers.com 11: Only show open (or possibly open) ports: nmap --open 192.168.1.1 nmap --open server1.gbhackers.com 12: Show all packets sent and received: nmap --packet-trace 192.168.1.1 nmap --packet-trace server1.gbhackers.com 13: Show host interfaces and routes: This is useful for debugging (ip command or route command or netstat command like output using nmap) nmap --iflist Sample outputs: Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 02:01 IST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo (lo) 127.0.0.1/8 loopback up eth0 (eth0) 192.168.1.5/24 ethernet up B8:AC:6F:65:31:E5 vmnet1 (vmnet1) 192.168.121.1/24 ethernet up 00:50:56:C0:00:01 vmnet8 (vmnet8) 192.168.179.1/24 ethernet up 00:50:56:C0:00:08 ppp0 (ppp0) 10.1.19.69/32 point2point up **************************ROUTES************************** DST/MASK DEV GATEWAY 10.0.31.178/32 ppp0 209.133.67.35/32 eth0 192.168.1.2 192.168.1.0/0 eth0 192.168.121.0/0 vmnet1 192.168.179.0/0 vmnet8 169.254.0.0/0 eth0 10.0.0.0/0 ppp0 0.0.0.0/0 eth0 192.168.1.2 14: How do I scan specific ports: nmap -p [port] hostName ## Scan port 80 nmap -p 80 192.168.1.1 ## Scan TCP port 80 nmap -p T:80 192.168.1.1 ## Scan UDP port 53 nmap -p U:53 192.168.1.1 ## Scan two ports ## nmap -p 80,443 192.168.1.1 ## Scan port ranges ## nmap -p 80-200 192.168.1.1 ## Combine all options ## nmap -p U:53,111,137,T:21-25,80,139,8080 192.168.1.1 nmap -p U:53,111,137,T:21-25,80,139,8080 server1.cyberciti.biz nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.1.254 ## Scan all ports with * wildcard ## nmap -p "*" 192.168.1.1 ## Scan top ports i.e. scan $number most common ports ## nmap --top-ports 5 192.168.1.1 nmap --top-ports 10 192.168.1.1 Sample outputs: Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 01:23 IST Interesting ports on 192.168.1.1: PORT STATE SERVICE 21/tcp closed ftp 22/tcp open ssh 23/tcp closed telnet 25/tcp closed smtp 80/tcp open http 110/tcp closed pop3 139/tcp closed netbios-ssn 443/tcp closed https 445/tcp closed microsoft-ds 3389/tcp closed ms-term-serv MAC Address: BC:AE:C5:C3:16:93 (Unknown) nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
Nmap can perform various scanning operations and it has been the leading scanning tool in the security industry since its release in 1997, also the world’s leading port scanner to find out open ports and firewalls.
still, Nmap is used by various organizations and penetration testers to find out loops and secure the network.
You can follow us on Linkedin, Twitter, and Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.
SPARTA – Network Penetration Testing GUI Toolkit
Masscan – World’s Fastest Scanner – Scan the Entire Internet in Under 6 Minutes
scanless – A Pentesting Tool to Perform Anonymous Port Scan on Target Websites
theHarvester-Advanced Information Gathering Tool for Pentesters & Ethical Hackers
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…
View Comments
super
Guruji super, i'm expecting hping3&setoolkit soon...
Nice work.. Many thanks... If possible could please prepare a clean for zombie scan.. I'm unable to catch the best one..
Thanks Rakhil...We are working on it ..we will post zombie scan soon as per you Expectation..keep following us..