Getting Started with Nmap

Nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. In this post, we’ll explore some of the basic features of Nmap, including how to perform different types of scans, interpret the results, and use various Nmap options.

Nmap Logo

Installation

Before we dive into using Nmap, let’s first ensure it’s installed on your system.

On Linux (Debian/Ubuntu)

You can install Nmap using apt:

sudo apt update
sudo apt install nmap

On macOS

You can install Nmap using brew:

brew install nmap

On Windows

Nmap can be installed using the official installer.

Basic Usage

The simplest way to use Nmap is to scan a single IP address:

nmap 192.168.1.1

This command will perform a basic scan on the target IP address, showing open ports and available services.

Scanning Multiple IPs

You can scan multiple IPs by listing them with spaces:

nmap 192.168.1.1 192.168.1.2 192.168.1.3

Or by specifying a range:

nmap 192.168.1.1-10

Scanning an Entire Subnet

Nmap also allows you to scan an entire subnet:

nmap 192.168.1.0/24

Types of Scans

Nmap supports several types of scans, each serving different purposes. Here are a few examples:

1. TCP SYN Scan (Default)

This is the most common type of scan. It is performed by default unless another scan type is specified:

nmap -sS 192.168.1.1

2. TCP Connect Scan

This scan completes the TCP handshake, which may be more detectable:

nmap -sT 192.168.1.1

3. UDP Scan

To scan UDP ports, you can use the following command:

nmap -sU 192.168.1.1

4. Service Version Detection

Nmap can also attempt to determine the version of services running on open ports:

nmap -sV 192.168.1.1

5. Operating System Detection

You can also use Nmap to detect the target system’s operating system:

nmap -O 192.168.1.1

Using Nmap Scripting Engine (NSE)

Nmap’s scripting engine allows for more advanced scans, such as vulnerability detection. For example, to check for known vulnerabilities, you might use:

nmap --script vuln 192.168.1.1

Output Formats

Nmap supports different output formats. Here are a few examples:

Normal output:
```
nmap 192.168.1.1 -oN output.txt
```
XML output:
```
nmap 192.168.1.1 -oX output.xml
```
Grepable output:
```
nmap 192.168.1.1 -oG output.gnmap
```
All formats at once:
```
nmap 192.168.1.1 -oA output
```

Example Scan Results

Here’s what a typical Nmap scan result might look like:

Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-10 12:34 UTC
Nmap scan report for 192.168.1.1
Host is up (0.0010s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.58 seconds

Conclusion

Nmap is a powerful tool that can be used for a variety of network scanning tasks, from simple pings to advanced vulnerability detection. This post covered some basic usage, but Nmap’s capabilities extend far beyond what we’ve discussed here.

For more information, you can visit the official Nmap documentation.

Table of Nmap Commands

Command	Description
`nmap 192.168.1.1`	Basic scan of a single IP
`nmap -sS 192.168.1.1`	TCP SYN scan
`nmap -sU 192.168.1.1`	UDP scan
`nmap -O 192.168.1.1`	Operating system detection
`nmap --script vuln 192.168.1.1`	Scan for vulnerabilities

Nmap Sheet