What is Nmap? Nmap Tutorial

What is Nmap?

Nmap, short for "Network Mapper," is a powerful open-source tool used for network discovery and security auditing. It is a network scanning tool that allows users to discover hosts and services on a computer network, identifying open ports, services running on those ports, and other information about the network.

-sL: List scan - simply list targets to scan

Example: nmap -sL targets.txt

Explanation: This command performs a list scan, displaying the targets that would be scanned without actually scanning them.

-sn: No port scan, just host discovery

Example: nmap -sn target

Explanation: This command performs host discovery without scanning for open ports. Useful for identifying live hosts on the network.

-Pn: Treat all hosts as online

Example: nmap -Pn target

Explanation: This command treats all hosts as online, skipping host discovery and assuming that the specified targets are reachable.

-p <port ranges>: Specify ports to scan (e.g., -p 80,443)

Example: nmap -p 80,443 target

Explanation: This command scans specific ports on the target. Replace "80,443" with the desired port range.

-p-: Scan all 65535 ports

Example: nmap -p- target

Explanation: This command scans all 65535 ports on the target, providing a comprehensive view of open ports.

-sS: TCP SYN scan (e.g., nmap -sS target)

Example: nmap -sS target

Explanation: This command performs a TCP SYN scan, one of the most common and stealthy port scanning techniques.

-sT: TCP connect scan (e.g., nmap -sT target)

Example: nmap -sT target

Explanation: This command performs a TCP connect scan, establishing a full connection to each scanned port.

-sU: UDP scan (e.g., nmap -sU target)

Example: nmap -sU target

Explanation: This command performs a UDP scan, useful for discovering open UDP ports on the target.

-sF: TCP FIN scan (e.g., nmap -sF target)

Example: nmap -sF target

Explanation: This command performs a TCP FIN scan, sending a FIN packet to determine the status of ports.

-sN, -sX, -sY: NULL, Xmas, and FIN scans

Example: nmap -sN target

Explanation: These commands perform NULL, Xmas, and FIN scans, respectively, using different combinations of TCP flags for scanning.

-sV: Service version detection (e.g., nmap -sV target)

Example: nmap -sV target

Explanation: This command enables service version detection, providing information about the versions of services running on open ports.

--version-intensity <level>: Set version detection intensity

Example: nmap --version-intensity 5 target

Explanation: Adjusts the intensity of version detection. Higher levels may provide more details but increase scan time.

-O: Enable OS detection (e.g., nmap -O target)

Example: nmap -O target

Explanation: This command enables OS detection, attempting to identify the operating system running on the target.

--osscan-limit, --osscan-guess: Limit OS detection to promising targets

Example: nmap --osscan-guess target

Explanation: These options limit OS detection to targets that are identified as promising during initial scanning phases.

--script <script>: Execute a specific Nmap script (e.g., nmap --script smb-vuln-cve2017-0143 target)

Example: nmap --script smb-vuln-cve2017-0143 target

Explanation: Executes a specific Nmap script to check for vulnerabilities related to SMB on the target.

--script-help <script>: Show help for a specific script

Example: nmap --script-help smb-vuln-cve2017-0143

Explanation: Displays help and usage information for the specified Nmap script.

--script-args <args>: Provide arguments to scripts

Example: nmap --script smb-vuln-cve2017-0143 --script-args=unsafe=1 target

Explanation: Passes specific arguments to the Nmap script being executed.

-T<0-5>: Set timing template (e.g., nmap -T4 target)

Example: nmap -T4 target

Explanation: Sets the timing template for the scan. Higher values (0-5) increase aggressiveness but may also increase the likelihood of detection.

--max-retries <tries>: Set the maximum number of port scan probe retransmissions

Example: nmap --max-retries 3 target

Explanation: Sets the maximum number of retries for port scan probes before considering a port as unreachable or filtered.

--max-scan-delay <time>: Set the maximum delay between probes

Example: nmap --max-scan-delay 10s target

Explanation: Sets the maximum delay between probes during the scan, allowing for better evasion of detection mechanisms.

-oN <file>: Save normal output to a file

Example: nmap -oN scan_results.txt target

Explanation: Saves the normal output of the scan to the specified file for later analysis.

-oX <file>: Save results in XML format

Example: nmap -oX scan_results.xml target

Explanation: Saves the scan results in XML format, suitable for parsing and further processing.

--open: Show only open (or possibly open) ports

Example: nmap --open target

Explanation: Displays only open or possibly open ports in the scan results, filtering out closed and filtered ports.

-v, -vv, -vvv: Increase verbosity level

Example: nmap -v target

Explanation: Increases the verbosity level of the scan output. Additional 'v' flags enhance the level of detail.

--reason: Display the reason why a port is in a particular state

Example: nmap --reason target

Explanation: Provides additional information about why a port is in a specific state (open, closed, or filtered).

--traceroute: Show the route packets take to reach the target

Example: nmap --traceroute target

Explanation: Displays the route that packets take to reach the target, showing the network path.

--packet-trace: Show all sent and received packets during the scan

Example: nmap --packet-trace target

Explanation: Displays detailed information about all sent and received packets during the scan for debugging purposes.

-f, --mtu <val>: Fragment packets to get through narrow gaps

Example: nmap --mtu 8 target

Explanation: Fragments packets during the scan to overcome network restrictions or narrow gaps that may block larger packets.

--scanflags <flags>: Customize TCP scan flags

Example: nmap --scanflags SYN ACK target

Explanation: Customizes the TCP flags used in the scan, allowing for more specific scanning techniques.

--randomize-hosts: Randomize scanned hosts order

Example: nmap --randomize-hosts target1 target2 target3

Explanation: Randomizes the order in which hosts are scanned, making it more challenging for network defenders to anticipate the scanning sequence.

-S <IP>: Spoof source address

Example: nmap -S 192.168.1.100 target

Explanation: Spoofs the source IP address in the scan packets, making it appear as if the scan is originating from a different IP address.

-sI <zombie host>: Idle scan using another host as a 'zombie'

Example: nmap -sI zombie_host target

Explanation: Performs an idle scan using another host (zombie) to gather information about open ports on the target without directly scanning it.

--scan-delay <time>: Adjust the delay between probes

Example: nmap --scan-delay 5s target

Explanation: Sets the delay between probes during the scan, allowing for slower and more stealthy scanning to avoid detection.

Comments

Post a Comment

Popular posts from this blog

Web Security

Image
Introduction to Web Application Security In an era where digital interactions dominate, web applications have become the backbone of our online experiences. However, with great convenience comes the responsibility to ensure robust security. Understanding Web Application Security: Web application security is a critical aspect of safeguarding online platforms against various cyber threats. In an interconnected digital landscape, understanding and implementing robust security measures are essential for protecting sensitive data and ensuring the integrity of web applications. Common Web Application Vulnerabilities: Web applications are often targeted by attackers exploiting various vulnerabilities. Understanding these vulnerabilities is crucial for building secure systems. Here are some prevalent vulnerabilities: Cross-Site Scripting (XSS): Cross-Site Scripti...
Read more

Top 10 Best Programming Languages to Learn in 2024

Image
Top 10 Best Programming Languages To Learn in 2024 Programming languages evolve continuously, and in 2024, a diverse set of languages cater to different domains and applications: 1. Python Python continues to dominate the programming landscape. Its simplicity, readability, and extensive libraries make it an excellent choice for web development, data science, artificial intelligence, and automation. 2. JavaScript As the backbone of web development, JavaScript remains essential. With the rise of frontend frameworks like React and Vue.js, mastering JavaScript is crucial for creating dynamic and interactive web applications. 3. Rust Rust has gained popularity for its focus on safety, performance, and concurrency. It is particularly useful for building robust and secure applications, especially as the demand for system-leve...
Read more