Nmap is an essential open-source tool for Ethical Hackers and Penetration testers. It was initially created by Gordon Lyon (aka Fyodor).
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
Lets decryptinfo about nmap
NMAP TARGETING
Nmap is an interesting tool that can be used in various ways. You can scan one single target or multiple targets. Here is a list of examples, showing the ways you can target something:
1. nmap 192.168.1.1
2. nmap www.domain.com
3. nmap 192.168.1.1-100
4. nmap 192.168.1.1/24
5. nmap -iL list.txt
NMAP SCAN TYPES
Besides the basic nmap < target > , we can also use various scanning types in Nmap. Each of them has their own unique capabilities, but also often come with the downside of one being noisier than the other. Let us see which types we have:
1. nmap -sS <_target>
Root/Sudo:Required
2. nmap -sT <_target>
Root/Sudo:Not Required
3. nmap -sU <_target>
Root/Sudo:Required
4. nmap -sn <_target(s)>
Root/Sudo:Not Required
5. nmap -sV <_target>
Root/Sudo:Not Required
6. nmap -O <_target>
Root/Sudo:Required
7. nmap -A <_target>
Root/Sudo:Required
Also Read:
- Top 70 Nmap commands with syntax 2023
- Top 101 Basic Full forms in Computer
- Everything about Top command in ubuntu 22.04
- Top 30 cybersecurity search engines of 2022(Page 2 of 2)
- Top 30 cybersecurity search engines of 2022(Page 1 of 2 )
- 2022: English Top 25 Idioms Commonly Used In Daily Language
NMAP PORT SCANNING
Sometimes you want to know if a certain port is open on a target, or perhaps you want to know ALL open ports on the target. Luckily, Nmap provides its users with ways to specify this:
1. nmap -p <_port> <_target>
2. nmap -p <_port_range_begin><_port_range_end> <_target>
3. nmap -p <_port_a>, <_port_n> <_port_c> <_target>
4. nmap -p U:<_udp_port>, T: <_tcp_port> <_target>
5. nmap -F <_target>
6. nmap -top-ports <_amount <_target>
7. nmap -p- <_target>
NMAP TIMING OPTIONS
Nmap allows for the use of “timing templates”, which allows the user to specify how aggressive they wish to be with their scans, while leaving Nmap to pick the exact timing values. There are 6 timing templates:
1. nmap -T0 <_target>
2. nmap -T1 <_target>
3. nmap -T2 <_target>
4. nmap -T3 <_target>
5. nmap -T4 <_target>
6. nmap -T5 <_target>
Also Read:
NMAP SCRIPTS
Last but not least. Nmap provides us with scripts. These scripts come in categories:
• auth
• broadcast
• default. discovery
• dos
• exploit
• external
• fuzzer
• intrusive
• malware
• safe
• version
• vuln
We run a script in the following way:
nmap –script <_script/_script_group> <_taget>
Some scripts are very noisy, some not at all. Therefore, it is important to read what each script does and if it is easily detectable by the target or not. Do note that you need to run –script scans as root/sudo.
EXTRAS & ADDITIONAL RESOURCES
When you are doing a pentest, it is useful to use the -oN option to output your scan to a text file. This way, you can copy-paste it later into your pentest report. Here is how to do it:
nmap -oN <_filename.txt> <_target>
You can also use multiple options in one scan. For example, this is probably the most common scan you will perform: sudo nmap -sS <_target> -oN <_filename.txt>