Nmap: A Comprehensive Network Scanning Tool

Nmap Commands Techhyme

In the realm of network security and administration, Nmap stands out as one of the most powerful and versatile tools available. Nmap (Network Mapper) is an open-source network scanning and exploration tool used to discover hosts, services, and vulnerabilities within a network. Its flexibility and effectiveness have made it a favorite among security professionals, system administrators, and ethical hackers.

In this article, we will explore some of the essential Nmap commands and their applications.

Before we delve into the commands, let’s set the IP address as a variable for convenience:

export ip=
export netw=

Detecting Live Hosts

To determine which hosts are active on a given network without scanning specific ports, we use the following command:

nmap -sn -n $netw | grep "report" | cut -d" " -f5

This command performs a “Ping Sweep” (ICMP echo request) on the network defined by `$netw`, and `grep` filters the live hosts from the output.

Stealth Scan

A Stealth Scan, also known as a SYN Scan, uses SYN packets to establish if ports are open or closed without completing a full TCP connection. The following command demonstrates how to perform a Stealth Scan on a single host defined by `$ip`:

nmap -sS $ip

Only Open Ports and Banner Grab

Banner grabbing is the process of retrieving service version information from open ports. The following command combines a SYN Scan with service version detection to display only open ports and grab banners:

nmap -n -Pn -sS $ip --open -sV

Stealth Scan using FIN Scan

A FIN Scan sends FIN packets to probe for open ports. It works by exploiting certain TCP stack implementations to differentiate between open and closed ports. To perform a FIN Scan on a specific IP (`$ip`), use the following command:

nmap -sF $ip

Aggressive Scan

The Aggressive Scan option is used for in-depth scanning without sending a ping to hosts, avoiding DNS resolution, and testing all TCP ports. This command reveals detailed information about the target system:

nmap -n -Pn -sS -A $ip --open -p-

Nmap Verbose Scan

The Verbose Scan enhances the output, providing detailed information about the scan. It includes syn stealth, T4 timing, OS and service version detection, traceroute, and running scripts against services. The following command performs a verbose scan on the specified IP (`$ip`):

nmap –v –sS –A –T4 $ip

OS Fingerprinting

Nmap’s OS Fingerprinting feature attempts to identify the target system’s operating system based on its responses to certain network packets. To perform OS fingerprinting on a target (`$ip`), use the following command:

nmap -O $ip

Quick Scan

For a faster scan that targets the most common ports, the Quick Scan is ideal. It uses a timing template of T4 and scans only the 100 most common ports. Use the following command for a Quick Scan of the network (`$netw`):

nmap -T4 -F $netw

Quick Scan Plus

The Quick Scan Plus option extends the Quick Scan by also performing service version detection and OS fingerprinting. This provides additional information about the target hosts. Use the following command for a Quick Scan Plus of the network (`$netw`):

nmap -sV -T4 -O -F --version-light $netw

Output to a File

Nmap allows users to save the scan results to a file for further analysis. To save the results to a specific file (nameFile), use the following command:

nmap -oN nameFile -p 1-65535 -sV -sS -A -T4 $ip

Output to a File Plus

To save scan results in various formats (normal, XML, and grepable) in a single file, use the following command:

nmap -oA nameFile -p 1-65535 -sV -sS -A -T4 $netw

Searching NMAP Scripts

Nmap comes with an extensive collection of scripts that provide advanced scanning and enumeration capabilities. To search for Nmap scripts related to a specific service, such as FTP, use the following command:

ls /usr/share/nmap/scripts/ | grep ftp

In conclusion, Nmap is a powerful and indispensable tool for any network administrator or security professional. Its versatility, efficiency, and extensive range of features make it an essential part of the arsenal for network exploration, vulnerability assessment, and security auditing.

Remember to use Nmap responsibly and only on systems you have explicit authorization to scan. Happy scanning!

You may also like:

Related Posts

Leave a Reply