Network Mapper (Nmap) is a freely available open source tool for systems and network administrators, allowing them to perform tasks such as collecting enterprise network inventory, managing service upgrade schedules, basic security audits, and monitoring hosts or service up-time. Nmap is officially available for major computer operating system platforms such as Linux, Windows and macOS X.
Nmap binaries can be downloaded from https://nmap.org/download.html. After successful installation, you can check the version simply by passing the nmap -V command:
- Windows: Output on Windows shows that the program currently installed is Nmap version 7.60:
- Linux: Output on Linux shows that the program currently installed here is Nmap version 6.40:
Nmap can be run using the Linux/Unix shell or Windows Command Prompt interface with root or administrator privileges.
The base syntax of Nmap is as follows:
# nmap [scan type] [options] [target]
A very simple scan can be performed just by inputting the target IP address without any other options. The target field can be IPv4 address:1.1.1.1, IPv6 address :2001:db8:0:0:0:5678:d334:8af, hostname www.xyz.com, IP address range 192.168.0.1 - 192.168.0.10 and Classless Inter Domain Routing (CIDR) block 10.10.10.0/24:
- Example 1: Scan with host name myapptestsec.azurewebsites.net. By default, it will scan for one thousand ports. A total of nine hundred and ninety-eight ports are filtered, and two ports are open, as shown in the screenshot.
Please only mention the host name of the website:
Please refer to the help option for further information:
- Example 2: Scan host with specified port number. As we have seen, only one thousand ports are scanned by default, but Nmap gives you the flexibility to define port options by inputting the flag -p and then options such as port range -p <Port 1>-<Port 2>, port list -p <Port 1>,<Port 2>, and more:
Please refer to help options for more information:
- Example 3: Scan hosts with different scan types. You have options to specify multiple flags to do different types of scan. This includes syn scan -sS, host discovery without a port scan -sN, Version scan -sV, TCP connect scan -sT, and OS detection -O:
Please refer to help options for more information:
