Nmap usage

Nmap usage
Written by Nilima PaulJanuary 13, 2022
8 min read
Nilima Paul

Technology Security Analyst

We will know in this article, what's Nmap usage.

Introduction to Nmap usage

The Nmap represents Network Mapper. It's a Linux order line instrument that filters an organization for IP locations and ports, just as distinguishes introduced applications. Nmap helps network executives to find which frameworks are connected to their organization, find accessible ports and administrations, and quest for weaknesses.

Nmap is picked by security experts over other examining strategies for an assortment of purposes. To start, Nmap permits you to effectively outline an organization utilizing essential orders and designs. Simple orders, for example, checking whether a host is up and complex prearranging are both upheld by the Nmap prearranging motor.


Nmap additionally has the accompanying highlights:

Capacity to quickly recognize all gadgets on solitary or different organizations, including cell phones, switches, servers, switches, etc.

DNS servers, Web servers, and other well-known applications are among the administrations that can be distinguished on a framework. Nmap can likewise distinguish application adaptations with precision, which can help in the discovery of existing weaknesses.

Nmap can look into insights concerning a gadget's working framework. It will incorporate explicit subtleties, for example, working framework models, making it more straightforward to plan further entrance testing draws near. You can utilize Nmap to assault networks utilizing existing contents from the Nmap Scripting Engine for weakness checking and security examining.

The graphical UI for Nmap is called Zenmap. It helps in the advancement of organization visual mappings for further developed openness, announcing, and checking.

List of Commands

Here is a list of various commands to use Nmap.

Basic Scans

The first step in network mapping is to scan the list of active devices on the network.

1. Ping scan — Scans the list of active devices on a given subnet.

> Nmap -sp

2. Scan a single host — Searches for 1000 well-known ports on a single host. These are the ports that common services such as SNTP, SQL, Apache, and others use.

> map scanme.nmap.org

Stealth scan

Sending n SYN packet and processing the result is how stealth scanning is done. the port is open when SYN/ACK is received, then a TCP link can be started.

A stealth scan, on the other hand, never completes the three-way handshake, making it difficult for the target to identify the scanning device.

> nmap -sS scanme.nmap.org

To perform a stealth scan, the -sS command is used. stealth scanning is less aggressive and slower than other scanning types, so users may have to wait a while for a response.

Version scanning

In penetration testing, finding versions of the application is important. It makes your life easy so you can find an existing vulnerability for a certain version of the service in the Common Vulnerabilities and Exploits (CVE) database. Then, using an exploitation technique like Metasploit, you can use it to target a computer.

> nmap -sV scanme.nmap.org

the ‘-sV’ command is used to run a version scan. Nmap can generate a list of services along with their respective versions. Version scans aren’t always 100 % correct, but it helps to gain access to a system.

Scanning the Operating System

Nmap can provide an understanding of the underlying operating system using TCP/IP fingerprinting. During an OS scan, Nmap can also attempt to evaluate the device uptime.

> nmap -sV scanme.nmap.org

Aggressive Scanning

Nmap has an aggressive mode that allows it to detect the operating system, search scripts, version, and traceroutes. To execute an offensive scan -A parameter is used.

> Nmap -A scanme.nmap.org

Multiple Hosts Scanning

Nmap can scan many hosts at the same time. When you’re in charge of a large network system, this function comes in handy.

There are various approaches to scan multiple hosts

To scan all of the hosts simultaneously, write all of the IP addresses in a single row.

> map

After that to scan all of the subnets at the same time, Use the asterisk *

> map 192.164.1.*

Then Add commas to separate the address's endings. Because of this, there is no need to type the entire domain.

> map,2,3,4

To specify a range of IP addresses, add a hyphen.

> map–255

Port Scanning

Nmap’s port scanning is one of the most basic features. There are many ways to scan for ports.

To scan for a single port, add -p parameter.

> Nmap -p 413

-top-ports flag is used to specify the top n ports to scan.

> Nmap –top-ports 10 scanme.nmap.org

Scanning from a File

A large number of IP addresses can be scanned by importing a file that contains the list of IP addresses.

> Nmap -iL /input_ips.txt

Nmap Help

Nmap provides a built-in help command which lists all of the available flags and options. Given the large number of command-line arguments provided by Nmap, it is often useful.

Nmap -h

Ethical hacking
Nmap usage
Cyber Security
Was this blog helpful?
You must be Logged in to comment
Code Block
Nilima Paul
Technology Security Analyst
201 Blog Posts
0 Discussion Threads
Trending Technologies
Frontend Development24
Backend Development20
Server Administration17
Linux Administration26
Data Center24
Penetration Testing16

Techiio is on the journey to build an ocean of technical knowledge, scouring the emerging stars in process and proffering them to the corporate world.

Follow us on:

Subscribe to get latest updates

You can unsubscribe anytime from getting updates from us
Developed and maintained by Wikiance
Developed and maintained by Wikiance