Disclaimer
⚠️ This guide is for educational and cybersecurity awareness purposes only. Unauthorized scanning of networks is illegal and punishable by law. Always get permission before scanning any system.
Introduction to Nmap
Nmap (Network Mapper) is an open-source tool used for **network scanning, security auditing, and penetration testing**. It helps in identifying active devices, open ports, running services, operating systems, and potential vulnerabilities.
Step 1: Installing Nmap
🔹 Linux (Kali, Ubuntu, Debian, etc.):
sudo apt update && sudo apt install nmap -y
🔹 macOS (Homebrew required):
brew install nmap
🔹 Windows:
Download the installer from the official Nmap website and follow the setup instructions.
Step 2: Basic Scanning
To check if a system is online:
nmap <target-ip>
Example:
nmap 192.168.1.1
🔹 This scans the target and lists open ports.
Step 3: Scanning Multiple Targets
To scan multiple IPs at once:
nmap 192.168.1.1 192.168.1.2 192.168.1.3
To scan an entire network:
nmap 192.168.1.0/24
Step 4: Scanning Specific Ports
🔹 Scan **specific** ports (e.g., 22, 80, 443):
nmap -p 22,80,443 192.168.1.1
🔹 Scan a **range** of ports:
nmap -p 1-1000 192.168.1.1
Step 5: Detecting Running Services
Nmap can identify services and software versions running on a system:
nmap -sV 192.168.1.1
Step 6: Operating System Detection
To guess the target system’s OS:
nmap -O 192.168.1.1
Step 7: Aggressive Scanning
This mode gathers **maximum** information:
nmap -A 192.168.1.1
Step 8: Stealth Scanning (Avoiding Detection)
To avoid being detected by firewalls:
nmap -sS 192.168.1.1
🔹 This is a **SYN scan**, which is less likely to trigger alerts.
Step 9: Detecting Firewalls and IDS
To check if a firewall is blocking ports:
nmap -sA 192.168.1.1
Step 10: Saving Scan Results
Save results to a file:
nmap -oN output.txt 192.168.1.1
Step 11: Website Scanning
To check a website for open ports:
nmap -p 80,443 example.com
Step 12: Vulnerability Scanning
🔹 Use **Nmap Scripting Engine (NSE)** to check for vulnerabilities:
nmap --script=vuln 192.168.1.1
Step 13: Brute Force Login Testing
🔹 Test SSH login using brute force:
nmap --script=ssh-brute -p 22 192.168.1.1
Step 14: Hiding Your IP (Decoys)
🔹 Hide your real IP using **decoys**:
nmap -D RND:5 192.168.1.1
Step 15: Using Nmap with Metasploit
🔹 Import Nmap scan results into **Metasploit**:
db_nmap -sV 192.168.1.1
Final Thoughts
Nmap is an essential tool for ethical hackers, pentesters, and security analysts. Mastering these commands allows you to efficiently scan networks, detect vulnerabilities, and enhance cybersecurity.