what is Nmap | How to Install Nmap | How to use Nmap

By | January 14, 2021

What is Nmap?

Nmap is short for Network Mapper, it is an open-source Linux command tool that is used to scan IP addresses and ports in a network and the services running in the ports.

Nmap is used to find which devices are running on the network, discover open ports and services, and detect Vulnerabilities.

Features of Nmap:

  • It quickly recognizes all the devices  including servers, routers, switches, and mobile devices
  • It identifies the services that are running on a system including Web servers, DNS servers
  • It detects application versions with reasonable accuracy to help detect existing vulnerabilities.
  • Nmap can find information about Operating System running on the device it provides the OS version also which makes it easier to plan additional approaches during penetration testing.
  • Nmap has a graphical user interface called Zenmap. It helps you develop visual mappings of a network for better usability and reporting.

How to Install Nmap:

To install Nmap on Ubuntu or Debian Distribution:

sudo apt-get install nmap

To install Nmap on CentOs/RHEL

sudo yum install nmap


How to Use Nmap:

Ping scan — Scans the list of devices up and running on a given subnet.

nmap -sp







Scan a single host — Scans a single host for 1000 well-known ports. These ports are the ones used by popular services like SQL, SNTP, apache, HTTP, and others.

nmap scanme.nmap.org 







Stealth scan — Stealth scanning is performed by sending an SYN packet and analyzing the response. If SYN/ACK is received, it means the port is open, and you can open a TCP connection.

However, a stealth scan never completes the 3-way handshake, which makes it hard for the target to determine the scanning system.

nmap -sS scanme.nmap.org

Version scanning Finding application versions is a crucial part of penetration testing. It makes your life easier since you can find an existing vulnerability from the Common Vulnerabilities and Exploits (CVE) database for a particular version of the service. You can then use it to attack a machine using an exploitation tool like Metasploit.

nmap -sV scanme.nmap.org

Aggressive Scanning — Nmap has an aggressive mode that enables OS detection, version detection, script scanning, and traceroute. You can use the -A argument to perform an aggressive scan.

Aggressive scans provide far better information than regular scans. However, an aggressive scan also sends out more probes, and it is more likely to be detected during security audits.

nmap -A scanme.nmap.org

OS Scanning in addition to the services and their versions, Nmap can provide information about the underlying operating system using TCP/IP fingerprinting. Nmap will also try to find the system uptime during an OS scan.

nmap -O scanme.nmap.org


Scanning Multiple Hosts — Nmap has the capability of scanning multiple hosts simultaneously. This feature comes in real handy when you are managing vast network infrastructure.

You can scan multiple hosts through numerous approaches:

  • Write all the IP addresses in a single row to scan all of the hosts at the same time.
  • Use the asterisk (*) to scan all of the subnets at once.
    nmap 192.164.1.*
  • Add commas to separate the address’s endings instead of typing the entire domains.
  • Use a hyphen to specify a range of IP addresses

Port Scanning —Port scanning is one of the most fundamental features of Nmap. You can scan for ports in several ways.

  • Using the -p param to scan for a single port
    nmap -p 973
  • If you specify the type of port, you can scan for information about a particular type of connection, for example for a TCP connection.
    nmap -p T:7777, 973
  • A range of ports can be scanned by separating them with a hyphen.
    nmap -p 76–973
  • You can also use the -top-ports flag to specify the top n ports to scan.
    nmap --top-ports 10 scanme.nmap.org

Scanning from a File If you want to scan a large list of IP addresses, you can do it by importing a file with the list of IP addresses.

nmap -iL /input_ips.txt

Nmap Help Nmap has a built-in help command that lists all the flags and options you can use. It is often handy given the number of command-line arguments Nmap comes with.

nmap --help

Nmap Scripting Nmap Scripting has many inbuilt scripting which will make our work easily while pentesting the device 

We can find about the scripts by entering the help command

nmap --script-help "*"



Author: Ravi Sarode, founder of hackersdude.com I am an Ethical Hacker, Web Application Penetration Tester and Security Researcher

Leave a Reply

Your email address will not be published. Required fields are marked *