Ticker

6/recent/ticker-posts

Advertisement

What is nmap

 Nmap (Network Mapper) is a powerful and widely used open-source tool for network discovery and security auditing. It can be used to discover hosts, services, operating systems, and other information on a computer network. Nmap is often used for tasks like vulnerability scanning, network inventory, and security auditing.

Basic Syntax

nmap [options] [target]

Common Nmap Commands and Options

  1. Simple Host Discovery To perform a basic scan to discover live hosts on a network:

nmap 192.168.1.0/24

This scans the entire 192.168.1.0 subnet (with a /24 mask) to discover active hosts.

  1. Port Scanning (Scan Specific Ports) To scan specific ports on a target host (e.g., port 80 and 443):

nmap -p 80,443 192.168.1.1

  1. Scan All Ports To scan all 65535 ports on a target:

nmap -p- 192.168.1.1

  1. Service Version Detection To detect the versions of services running on open ports:

nmap -sV 192.168.1.1

  1. Operating System Detection To attempt to identify the operating system of a target:

nmap -O 192.168.1.1

  1. Aggressive Scan An aggressive scan performs several tasks at once, including host discovery, port scanning, service version detection, and OS detection:

nmap -A 192.168.1.1

  1. Stealth Scan (SYN Scan) A SYN scan is faster and stealthier because it doesn’t complete the TCP handshake:

nmap -sS 192.168.1.1

    • -sS: SYN scan (stealth scan). 
  1. TCP Connect Scan A full TCP connection scan, which is less stealthy but more reliable:

nmap -sT 192.168.1.1

    • -sT: Connect scan (opens full connections). 
  1. UDP Scan To scan for open UDP ports (requires root/administrator privileges):

nmap -sU 192.168.1.1

    • -sU: UDP scan. 
  1. Scan a Range of IPs To scan a range of IP addresses (e.g., from 192.168.1.1 to 192.168.1.100):

nmap 192.168.1.1-100

  1. Scan a Subnet To scan an entire subnet:

nmap 192.168.1.0/24

  1. Scan for Specific Service To scan for a specific service (e.g., HTTP on port 80):

/nmap -p 80 --open 192.168.1.1

  1. Save Scan Results to a File To save the output of a scan to a file in various formats (e.g., XML or plain text):

nmap -oN scan_results.txt 192.168.1.1

    • -oN: Save the output in normal text format.
    • -oX: Save the output in XML format.
  1. Scan Using a Custom Host Discovery Method To specify the type of host discovery (e.g., skip host discovery or use ICMP echo requests):

nmap -Pn 192.168.1.1

    • -Pn: Treat all hosts as up (no host discovery).
  1. Scan a Range of Ports To scan a range of ports, for example, ports 1 to 1000:

nmap -p 1-1000 192.168.1.1

  1. Scan a Host for Specific Scripts Nmap has a scripting engine (NSE) that allows you to run various scripts against a target:

nmap --script=http-vuln-cve2014-3704 192.168.1.1

    • --script: Specify the script to run (e.g., vulnerability scans).
  1. Scan for Firewall or IDS Evasion To try to evade detection by a firewall or intrusion detection system (IDS), you can use packet fragmentation:

nmap -f 192.168.1.1

  1. Scan for Firewall Rules To determine if a firewall is blocking certain ports or hosts:

nmap -sA 192.168.1.1

    • -sA: TCP ACK scan (used for firewall detection).
  1. Service and OS Detection with Verbose Output To run a scan with service and OS detection and verbose output:

nmap -A -v 192.168.1.1

    • -v: Verbose output.

Nmap Scan Types and Options Overview

  • -sS: SYN scan (stealthy and fast).
  • -sT: TCP connect scan (less stealthy).
  • -sU: UDP scan.
  • -O: OS detection.
  • -sV: Version detection.
  • -A: Aggressive scan (includes OS detection, version detection, script scanning, and traceroute).
  • -p: Scan specific ports (e.g., -p 80,443 or -p 1-1000).
  • -Pn: Skip host discovery (assume all hosts are up).
  • -v: Verbose output.
  • -oN: Output in normal format.
  • -oX: Output in XML format.
  • -oG: Output in grepable format.
  • -f: Fragment packets to evade detection.
  • -T: Timing template (e.g., -T4 for faster scanning).

Example Use Cases

  1. Basic Network Discovery: Discover live hosts on a subnet:

nmap 192.168.1.0/24

  1. Port Scanning: Scan all ports on a target:

nmap -p- 192.168.1.1

  1. Service Version Detection: Identify services running on a target:

nmap -sV 192.168.1.1

  1. Operating System Detection: Detect the operating system of a target:

nmap -O 192.168.1.1

  1. Aggressive Scan: Perform an aggressive scan (OS, version, script, and traceroute):

nmap -A 192.168.1.1

  1. Vulnerability Scanning: Run a script to check for a specific vulnerability (e.g., Heartbleed):

nmap --script=ssl-heartbleed 192.168.1.1

Conclusion

Nmap is a highly flexible tool used for network discovery and security auditing. With its wide range of scanning capabilities, it’s used by network administrators and security professionals for identifying hosts, open ports, services, and vulnerabilities in their networks.


Post a Comment

0 Comments