The abbreviation Nmap stands for Network Mapper. It is a Linux command-line tool that is open-source and used to scan IP addresses and ports in a network and find installed applications.
Security experts choose Nmap over other scanning tools for a broad range of reasons.
Some of common nmap commands are:-
# | Nmap command | Description |
1 | nmap www.example.com | To scan a System with Hostname |
2 | nmap 192.168.1.12 | To scan a System with IP address |
3 | nmap 192.168.1.12 192.168.1.26 192.168.1.34 | We can scan multiple hosts by writing IP addresses or hostnames with nmap. |
4 | nmap 192.168.1.* | We can scan a whole subnet or IP range with nmap by providing “*” with it. It will scan a whole subnet and give the information about those hosts which are Up in the Network. |
5 | nmap -sA 192.168.1.23 | To detect firewall settings we use the “-sA” option. This will provide you with information about the firewall being active on the host. It uses an ACK scan to receive the information. |
6 | nmap -sS 192.168.1.25 | Stealth scanning is performed by sending an SYN packet and analyzing the response. If SYN/ACK is received, it means the port is open, and you can open a TCP connection. However, a stealth scan never completes the 3-way handshake, which makes it hard for the target to determine the scanning system. |
7 | nmap -p- 192.168.1.25 | Nmap by default will scan the commonly used ports. This command will scan all ports from 0 to 65536 . This command can be combined with “-sT” and “-sU” to scan all tcp and all udp ports respectively. |
8 | nmap -p 127 192.168.1.25 | Using the -p param to scan for a single port |
9 | nmap -p T:7777, 973 192.168.1.25 | If you specify the type of port, you can scan for information about a particular type of connection, for example for a TCP connection. |
10 | nmap -p 53–3306 192.168.1.25 | A range of ports can be scanned by separating them with a hyphen. |
11 | nmap --top-ports 10 192.168.1.25 | You can also use the -top-ports flag to specify the top n ports to scan. |
12 | Nmap -sV 192.168.1.25 | The services run on each discovered port along with its version can be enumerated using the “-sV” option. |
13 | nmap -v 192.168.1.25 | The verbose output provides additional information about the scan being performed. It is useful to monitor step by step actions Nmap performs on a network, especially if you are an outsider scanning a client’s network. |
14 | nmap -oN output.txt 192.168.1.25 | Nmap scans can also be exported to a text file. It will be slightly different from the original command line output, but it will capture all the essential scan results. |
15 | nmap -oX output.xml 192.168.1.25 | Nmap scans can also be exported to XML. It is also the preferred file format of most pen-testing tools, making it easily parsable when importing scan results. |
16 | nmap –script=http-headers 192.168.1.25 | Get HTTP headers of web services |
17 | nmap –script=vuln 192.168.1.25 | These Nmap vulnerability scan scripts are used to examine common known vulnerabilities. Also known as CVE scan. |
18 | nmap -A 192.168.1.25 | Nmap has an aggressive mode that enables OS detection, version detection, script scanning, and traceroute. You can use the -A argument to perform an aggressive scan. |