Skip to main content

Nmap - Network Mapper

 

 Introduction Of Nmap

Nmap is released under a custom license, which is based on (but not compatible with) GPLv2. The Nmap license allows free usage by end users, and we also offer a commercial license for companies that wish to redistribute Nmap technology with their products. See Nmap Copyright and Licensing for full details.

The latest version of this software as well as binary installers for Windows, macOS, and Linux (RPM) are available from Nmap.org

Full documentation is also available on the Nmap.org website.

Questions and suggestions may be sent to the Nmap-dev mailing list.


How To Install (Already Present In Kali Linux Operating System) 


Ideally, you should be able to just type:
./configure
make
make install 
 
 

Use Of Nmap 

Nmap is a powerful tool for discovering information about machines on a network or the Internet. It allows you to probe a machine with packets to detect everything from running services and open ports to the operating system and software versions. 

Like other security tools, Nmap should not be misused. Only scan networks and machines that you own or have permission to investigate. Probing other machines could be seen as an attack and be illegal.

That said, Nmap can go a long way in helping to secure your own network. It can also help you to ensure that your servers are properly configured and don't have any open and unsecured ports. It will also report if your firewall is correctly filtering ports that should not be externally accessible.

Nmap Commands


1. Scan Specific Host

To scan a specific host (this assumes that you already have the host's IP or hostname)  and reveal basic information, use the command:

$ nmap  IP-address
 
For example,

$ nmap 192.163.43.103
 
nmap command with examples

The command above is quick and generates output within a short time
You can also scan using the hostname instead of the IP address for example

$ nmap ubuntu-server
 
nmap hostname

To scan a range of IPs, use the syntax

$ nmap 192.163.43.1-103
 
The command will scan all hosts from IP 192.168.43.1 to 192.168.43.103

scan a range of IP addresses

2. Perform a thorough scan on a system

You can reveal all the information about a host system using the -A flag as shown below. This will reveal all the information pertaining to the host system such as the underlying OS, open ports, services running and their versions, etc.

$ nmap  -A 192.163.43.103
 
nmap aggressive scan

From the output, you can see that the command performs os and service detection, giving you detailed information such as the type of service and its version, and the port it is running on.  The command usually takes a while to run but it is thorough and gives you all you need about the particular host system.

3. Scanning a particular port

To scan a specific port and check if it is open use the -p flag in the syntax below:

$ nmap  -p port_number IP-address
 
For example, to scan port 80 on a host system run:

$ nmap  -p 80  192.168.43.103
 
nmap check port number

To scan a range of ports, for example between 80-433 use the syntax:
 
$ nmap  -p 25-443  192.168.43.13
or
$ nmap -p 80,443 192.168.43.13
 
nmap a range of ports

4. Find Host service name and its version

To check basic information about the services running on a host, then  use the -sV flag as shown:
 
$ nmap  -sV 192.168.43.103
nmap command with examples

5. Scanning an entire network subnet

To scan devices in a network subnet, use the CIDR notation as shown
 
$ nmap  192.168.43.0/24
 
scan a subnet with nmap

6. Exclude specific host on Scan

As you perform a full network scan, you can choose to exclude a specific host using the --exclude flag . In the example below, we shall exclude our Kali Linux machine from being scanned.
 
$ nmap 192.168.43.* --exclude 192.168.43.8

nmap exclude scanning host

 

7. Display host interfaces and routes

To display interfaces and routes on a particular host use the --iflist flag as shown.
 
$ nmap 192.168.43.103 --iflist

Display host interfaces and routes

8. Scan Remote Host using TCP ACK and TCP Syn

At times, firewalls can block ICMP requests interfering with the scan results. In that case, we use the TCP syn (PS)  and TCP ACK (PA) to achieve the desired results.
 
$ nmap -PS 192.168.43.103
nmap TCP ACK syn
 
$ nmap -PA 192.168.43.103
 
nmap TCP PA

9. Scan to detect firewall settings

You can use the Nmap tool to perform a scan to show whether the firewall is open or not as shown
$ nmap  -sA  192.168.43.223
 
Scan if firewall is open or not

In the first instance, the firewall is disabled and therefore not running. (Ports are unfiltered). In the second instance, the firewall has been enabled and chances of discovering open ports will be minimal.

10. Scanning TCP or UDP ports

To scan TCP ports that are open on the host, use the -sT flag as shown:
 
$ nmap  -sT  192.168.43.103

nmap command with examples

 To scan UDP ports, use the -sU flag
 
$ nmap  -sU  192.168.43.103

11.  Save scan results in a file

After you have completed your scan, you can save the results in a text file using the -oN flag and specifying the output file as shown below:
 
$ nmap  -oN scan.txt 192.168.43.103

The file will be created in your current working directory. To view the view simply use the cat command as shown:
 
$ cat results.txt
 
view output of cat command

Also, you can use the redirection symbol (>) greater than symbol to redirect the output to a different file for example,
 
$ nmap  192.168.43.103 > output.txt

save output

12. Scan with a set of Nmap scripts

Nmap comes packed with numerous and powerful scripts that are used for vulnerability scanning and thereby pointing out weaknesses in a system. To get the location of NSE scripts simply run the command:

$ locate *nse
 
check location of NSE scripts

You can load an Nmap script using the --script option as shown.
 
$ nmap -sV --script=mysql-info.nse 192.168.43.103

To scan with the most default scripts use the syntax

$ nmap -sC  192.168.43.103
 
namp command with scripts

If you are looking for automation then NSE is the answer (NMAP Scripting Engine)

Labels:

Comments

Post a Comment

Popular posts from this blog

Alert for Weaponized TeamViewer Installer that delivers njRAT

Alert for Weaponized TeamViewer Installer that  delivers  njRAT   Hazard actors relying on legitimate, 9aaf3f374c58e8c9dcdd1ebf10256fa5 software Team Viewer for exploitation has been a totally commonplace situation. There have been numerous cases in which risk actors used 9aaf3f374c58e8c9dcdd1ebf10256fa5 software to deliver malware to the sufferers. In addition, a latest file from Cyble research & Intelligence Labs stated that the maximum popularly used remote computing device support software program, “Team Viewer” has been exploited by threat actors to deliver njRAT malware. Other software that become turning in njRAT malware include Wireshark, system Hacker, and so on., NJ RAT is a far flung get admission to Trojan that could perform keylogging, password stealing, facts exfiltration, gaining access to webcams, and microphones, downloading extra documents, and plenty of others. It changed into first determined in 2012 and was attacking companies in middle Japanese c...
Post a Comment
Read more

SIM swap attack permits Hackers Port a phone quantity to a brand new SIM to Hack WhatsApp & Evasion 2FA.

SIM swap attack permits Hackers Port a phone quantity to a brand new SIM to Hack WhatsApp & Evasion 2FA. Cybercriminals are actively performing SIM swap attacks in diverse international locations to bypass 2 things Authentication and to compromise the numerous social media apps which include WhatsApp through porting a sufferer’s smartphone number to a brand new SIM card. This widespread assault brought on economic damages, stolen credentials, and seizes OTPs to bypass victims’ online money owed. There are various fraud facilities and thousands of operators are running round the arena to seamlessly port a cell phone wide variety to a new SIM with an excessive achievement ratio.   In this situation, countries like Brazil and Mozambique have an excessive fee of SIM swap fraud the use of various social engineering strategies, and phishing attacks. A hit tries of this assault allow fraudsters take manage of clients’ telephone numbers with a purpose to get hold of mobile money tran...
Post a Comment
Read more

Former protection Engineer Arrested for Stealing $9 Million from Crypto alternate.

  Former protection Engineer arrested for stealing $9 Million from Crypto alternate. Shakeeb Ahmed, a former safety engineer, has been arrested for defrauding a decentralized crypto trade and stealing over $nine million. A digital currency trading, also known as a crypto currency alternate (DCE), is an enterprise that permits individuals to trade crypto currencies or digital currencies for different property, inclusive of conventional fiat money or other digital currencies. This marks the first crook case involving a smart agreement operated via a decentralized alternate. Vulnerability in Crypto exchange’s clever Contracts In July 2022, Ahmed took gain of vulnerability in clever contracts and inserted fake pricing facts, ensuing in fraudulent gains of about $9 million. He also utilized “flash loans” to defraud the crypto trade. Using his specialised capabilities as a senior protection engineer, he forcefully carried out the assault through reverse engineering smart contracts ...
Post a Comment
Read more