Nmap (Network Mapper) is an open-source tool for port and network service scanning.

What is Nmap?

Nmap is a security tool that allows discovering hosts and services on a network, as well as identifying vulnerabilities.

Main Features

Port Scanning

• **TCP": TCP scanning
• **UDP": UDP scanning
• **SYN": SYN scanning
• **ACK": ACK scanning

Service Detection

• **Version detection": Version detection
• **OS detection": Operating system detection
• **Scripts": NSE scripts
• **Vulnerabilities": Vulnerability detection

Network Scanning

• **Host discovery": Host discovery
• **Port scanning": Port scanning
• **Service detection": Service detection
• **OS fingerprinting": OS fingerprinting

Basic Commands

Simple Scanning

1
2
3
4
5
6
7
8

# Basic scan
nmap 192.168.1.1

# Range scan
nmap 192.168.1.1-254

# Subnet scan
nmap 192.168.1.0/24

Advanced Scanning

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# TCP SYN scan
nmap -sS 192.168.1.1

# UDP scan
nmap -sU 192.168.1.1

# Version detection scan
nmap -sV 192.168.1.1

# OS detection scan
nmap -O 192.168.1.1

Port Scanning

1
2
3
4
5
6
7
8

# Specific port scan
nmap -p 80,443,22,21 192.168.1.1

# Port range scan
nmap -p 1-1000 192.168.1.1

# Common ports scan
nmap --top-ports 1000 192.168.1.1

NSE Scripts

Security Scripts

1
2
3
4
5
6
7
8

# Vulnerability scripts
nmap --script vuln 192.168.1.1

# Authentication scripts
nmap --script auth 192.168.1.1

# Discovery scripts
nmap --script discovery 192.168.1.1

Specific Scripts

1
2
3
4
5
6
7
8

# HTTP script
nmap --script http-enum 192.168.1.1

# SSH script
nmap --script ssh-hostkey 192.168.1.1

# SMB script
nmap --script smb-enum-shares 192.168.1.1

Use Cases

Security Auditing

• **Inventory": Asset inventory
• **Vulnerabilities": Vulnerability identification
• **Services": Service identification
• **Ports": Open port identification

Network Monitoring

• **Availability": Verify service availability
• **Changes": Detect network changes
• **Inventory": Maintain updated inventory
• **Compliance": Verify compliance

Penetration Testing

• **Reconnaissance": Reconnaissance phase
• **Scanning": Target scanning
• **Enumeration": Service enumeration
• **Vulnerability assessment": Vulnerability assessment

Best Practices

Ethical Use

• **Authorization": Obtain authorization
• **Scope": Define scan scope
• **Documentation": Document activities
• **Responsibility": Take responsibility

Techniques

• **Stealth": Use stealth techniques
• **Timing": Adjust scan timing
• **Fragmentation": Use fragmentation
• **Decoy": Use decoys

Analysis

• **Results": Analyze results
• **False positives": Identify false positives
• **Correlation": Correlate with other data
• **Documentation": Document findings

Related Concepts

• Ethical Hacking - Methodology that uses Nmap
• Penetration Testing - Technique that uses Nmap
• Vulnerability Assessment - Assessment that includes Nmap
• Nessus - Scanner complementary to Nmap
• Metasploit - Framework that uses Nmap
• Firewall - Device that Nmap can test
• VPN - Connection that Nmap can analyze
• VLAN - Segment that Nmap can scan
• Routers - Devices that Nmap identifies
• Switches - Devices that Nmap scans
• Logs - Nmap scan logs
• Dashboards - Nmap results visualization

References

• Nmap Official
• Nmap Documentation
• Nmap Scripting Engine
• Nmap Network Scanning