Getting Started with NMAP
Introduction to NMAP
Nmap (short for Network Mapper) is one of the most popular and powerful open-source tools used for network discovery and security auditing. It was created by Gordon Lyon (also known by his alias Fyodor Vaskovich) in 1997. Lyon, a security researcher, developed Nmap to address the need for a tool that could help network administrators, security professionals, and penetration testers to map out networks, identify active devices, and uncover potential security risks.
Nmap was created to fill a gap in the available network analysis tools at the time. The tool was designed to help users discover devices on a network, find open ports, and gather information about the services running on those ports, all with the aim of identifying vulnerabilities. It was also built with a focus on performance, accuracy, and ease of use, as well as the ability to remain relatively stealthy in scans. Over the years, Nmap has become an indispensable tool in both the IT and cybersecurity fields.
What NMAP is used for.
Nmap is used for a wide range of tasks related to network exploration, security auditing, and vulnerability scanning. Some of its most common uses include:
Network Discovery: Nmap helps users identify devices on a network, discover their IP addresses, and determine if they are live or inactive.
Port Scanning: It can scan a target to identify which ports are open, which can help administrators understand which services are accessible externally.
Service and Version Detection: Nmap can probe open ports to determine which services are running and their versions, which helps security professionals identify potential vulnerabilities.
Operating System Detection: It can guess the operating system of a device based on its network responses, providing valuable information for both administrators and attackers.
Vulnerability Scanning: Through the Nmap Scripting Engine (NSE), it can run scripts that check for known vulnerabilities in services and software.
Security Auditing: Network security teams use Nmap to perform audits, checking for misconfigurations, unprotected services, and other security weaknesses.
Penetration Testing: Penetration testers rely on Nmap to identify points of entry into a target system and gather intelligence to assist in ethical hacking exercises.
Which Ports are scanned by Default?
NMAP doesn’t scan all ports by default! Gordon Lyon, the creator of Nmap, decided to use the 1,000 most common ports by default based on several practical considerations, mainly to balance speed and comprehensiveness. Over time, data from millions of scans performed by Nmap users helped inform the decision on which ports to scan by default. By analyzing scans from a wide variety of networks, Lyon could observe which ports were most commonly open and relevant to real-world usage. However, if you need to scan all ports, you can adjust the options to meet your specific needs. Just be prepared for longer scan times when doing so!
Installing NMAP
NMAP is a free download from nmap.org, and is available for Windows, Linux and Mac OS.
Getting Started With Network Discovery
The following section of this article will introduce you to some commonly used commands to get you started using NMAP. Please note that this is in no way a comprehensive list and I would encourage you to investigate additional commands and options for yourself
For more information on NMAP scripting please check out the official documentation – https://nmap.org/book/nse.html
Basic Scanning
Host Scan (IP or DNS Name) – Scans the specified hosts for available services.
nmap 192.168.1.10
Subnet Scan – Scans all hosts within a given subnet
nmap -sn 192.168.1.0/24
Scan Specific Ports – Scans specific ports on a host or subnet.
nmap -p 80,443 192.168.1.1
Scan Top Ports – Scans the top x number of common ports.
nmap --top-ports 8 1.1.1.1
Text File Scan – Scans IPs and Hosts listed in a text file
nmap -iL list.txt
Save Your Results to a File – Saves Scan Results to a Text File
nmap -oX file.xml 1.1.1.1
TCP Ports – Scanning of TCP ports
nmap -sT 192.168.1.10
UDP Ports – Scanning of UDP ports
nmap -sU 192.168.1.10
Service and OS Detection
Service Version Detection – Detects service versions listening on open ports.
nmap -sV 192.168.1.10
OS Detection – Attempts to detect the Operating System of the target.
nmap -O 192.168.1.10
NMAP Scripting Engine (NSE)
This scripting engine enables users to either utilize a predefined set of scripts or create their own using the Lua programming language.
Vulnerability Scan – Runs a vulnerability scan against the target
nmap -Pn --script vuln 10.1.1.1
Brute Force – Runs a brute force attack against a variety of services.
nmap --script ftp-brute -p 21 10.1.1.1
Malware Scan – Detect Malware & Backdoors.
nmap -sV --script=http-malware-host 10.1.1.1
Final Thoughts
That wraps up our guide on using Nmap for network scanning! Remember, while Nmap is a powerful tool for security and network management, it’s crucial to always have proper authorization before scanning any system. Unauthorized scanning can lead to legal consequences and potential damage to systems or networks. Always ensure you have explicit permission to test or assess any network or device. Stay ethical, stay responsible, and happy scanning!
