Introduction

Nmap or Network Mapper is one of the popular cybersecurity tools for penetration testing. An open-source and free tool, the nmap tool helps in network mapping, port scanning, and vulnerability checking. One of the oldest in the block, Nmap still reigns strong in the cybersecurity circuit even after 25-long-years. A major reason behind Nmap’s everlasting gold standard is its huge bustling community of coders. Given the tool’s open-source nature, the coders are constantly updating its functionalities which enables Nmap to maintain its relevance with changing times. Nmap is pre-installed in Kali Linux and can be easily accessed.

Features of Nmap Tool

Some of the prominent features that make Nmap a favourite among cybersecurity experts are its open-source code base and flexibility. This can be further customized for use in a specialised environment. The popular features of Nmap include the following:

• Helps in the identification of various services that run on the system which includes DNS servers, and web servers. It also facilitates the detection of the application versions accurately and in detecting the already existing vulnerabilities within the system.
• Fetches information about the operating systems and provides a detailed knowledge of the version of OS.
• Able to recognise varied kinds of devices such as mobile devices, routers, servers
• Able to switch on multiple or single networks.
• Comes with a GUI (graphical user interface) called Zenmap. It aids in developing visual mapping of the network that supports better reporting and usability.

Common commands of Nmap framework

Here is a list of some of the common nmap commands -

Basic scan with Nmap

Scans the list of active devices that are present across the network.

• Ping scan: It scans the device list running and up on the given subnet. > nmap -sp 192.168.1.1/24


• Scan single host: Scans a single host for 1000 ports and these ports are used by SQL, apache, and SNTP > nmap scanme.nmap.org

Stealth scan

It is performed by sending the SYN packet and thereafter analysing the response. If you receive a SYN/ACK, it signifies that the port is open and you can also open the TCP connection. In the stealth scan, it’s challenging to complete a 3-way handshake. Hence, it is difficult to identify the scanning system. > nmap -sS scanme.nmap.org

Version scan

Nmap provides the service list and its respective versions. However, the version scan is not 100% accurate. > nmap -sV scanme.nmap.org

OS Scan

Nmap will provide information regarding the underlying OS with TCP/IP fingerprinting. > nmap -sV scanme.nmap.org

Aggressive Scan

Nmap includes aggressive mode which detects the OS, traceroute, scanning scripts, and also helps in version detection. > nmap -A scanme.nmap.org

Scanning of Multiple Hosts

Command to write all IP address in one single row and scanning all hosts at a time: > nmap 192.164.1.1 192.164.0.2 192.164.0.2 Asterix (*) to scan all the subnets in a single scan > nmap 192.164.1.* Adding commas in order to separate endings of addresses > nmap 192.164.0.1,2,3,4 Using hyphen for specifying the IP address range > nmap 192.164.0.0–255

Port Scanning

Scanning single port > nmap -p 973 192.164.0.1 Scanning information about a particular connection type > nmap -p T:7777, 973 192.164.0.1 Scanning range of ports > nmap -p 76–973 192.164.0.1 Scan top n ports > nmap --top-ports 10 scanme.nmap.org

Scan from file

Import file with the IP address list: > nmap -iL /input_ips.txt

Nmap Help

List the built-in help commands with the command below: > nmap -h

How does Nmap work?

The basic functionality of Nmap is port scanning which comprises the following stages:

• Network mapping: Nmap can identify the device types with the use of scanned ports. This is inclusive of routers, switches etc.
• Shadow IT hunt: Nmap can discover unauthorised devices within a corporate network. The devices that are officially unauthorised are called “shadow” as these are intentionally hidden by an individual.
• Port rule discovery: Nmap vulnerability scan can scan whether a port is closed or open, such as a firewall.
• Detection of operating system: Nmap uses OS fingerprinting to discover information regarding the OS and the name of vendor. Service discovery: Nmap penetration testing helps to trigger deep scans to identify the roles followed by discovered devices.
• Vulnerability scanning: The Nmap does not have a dedicated tool for vulnerability scanning as it does not maintain a particular database of the vulnerabilities. Despite that, the organizations extract the information regularly from threat sources so that they can check the susceptibility of specific threats.

Benefits of using Nmap

• Highly comprehensive network mapping and scanning
• Easily configurable
• Faster network mapping
• Multiple advanced port scanning techniques
• Able to search subdomains
• Able to search system queries of domain name
• NSE (Nmap scripting engine) can easily carry interact with target host
• Platform independent tool
• Compatibility with multiple OS
• Open-source tool
• Highly active community

Popular alternatives of Nmap

• Shodan
• Advanced Port Scanner
• Fing
• Zenmap
• Angry IP Scan

Conclusion

The nmap port scan tool has been evolving for years and has carved out a niche band of audience in the cybersecurity sector. If you want to learn about Nmap, you can sign up for cyber security training courses to master Nmap and other cybersecurity tools.
DataSpace Academy offers a wide range of EC-Council-accredited cybersecurity training programs from beginner to advanced level.