Nmap or Network Mapper is one of the popular cybersecurity tools for penetration testing. An open-source and free tool, the nmap tool helps in network mapping, port scanning, and vulnerability checking. One of the oldest in the block, Nmap still reigns strong in the cybersecurity circuit even after 25-long-years. A major reason behind Nmap’s everlasting gold standard is its huge bustling community of coders. Given the tool’s open-source nature, the coders are constantly updating its functionalities which enables Nmap to maintain its relevance with changing times. Nmap is pre-installed in Kali Linux and can be easily accessed.
Some of the prominent features that make Nmap a favourite among cybersecurity experts are its open-source code base and flexibility. This can be further customized for use in a specialised environment.
The popular features of Nmap include the following:
Here is a list of some of the
common nmap commands -
Scans the list of active devices that are present across the network.
It is performed by sending the SYN packet and thereafter analysing the response. If you receive a SYN/ACK, it signifies that the port is open and you can also open the TCP connection. In the stealth scan, it’s challenging to complete a 3-way handshake. Hence, it is difficult to identify the scanning system.
> nmap -sS scanme.nmap.org
Nmap provides the service list and its respective versions. However, the version scan is not 100% accurate.
> nmap -sV scanme.nmap.org
Nmap will provide information regarding the underlying OS with TCP/IP fingerprinting.
> nmap -sV scanme.nmap.org
Nmap includes aggressive mode which detects the OS, traceroute, scanning scripts, and also helps in version detection.
> nmap -A scanme.nmap.org
Command to write all IP address in one single row and scanning all hosts at a time:
> nmap 192.164.1.1 192.164.0.2 192.164.0.2
Asterix (*) to scan all the subnets in a single scan
> nmap 192.164.1.*
Adding commas in order to separate endings of addresses
> nmap 192.164.0.1,2,3,4
Using hyphen for specifying the IP address range
> nmap 192.164.0.0–255
Scanning single port
> nmap -p 973 192.164.0.1
Scanning information about a particular connection type
> nmap -p T:7777, 973 192.164.0.1
Scanning range of ports
> nmap -p 76–973 192.164.0.1
Scan top n ports
> nmap --top-ports 10 scanme.nmap.org
Import file with the IP address list:
> nmap -iL /input_ips.txt
List the built-in help commands with the command below:
> nmap -h
The basic functionality of Nmap is port scanning which comprises the following stages:
The
nmap port scan tool has been evolving for years and has carved out a niche band of audience in the cybersecurity sector. If you want to learn about Nmap, you can sign up for
cyber security training courses to master Nmap and other cybersecurity tools.
DataSpace Academy offers a wide range of EC-Council-accredited
cybersecurity training programs from beginner to advanced level.