What is Nmap?
Nmap (Network Mapper) is the world’s most powerful network scanning tool, used by ethical hackers and security professionals to discover hosts, open ports, service versions, and OS details.
Basic Usage
# Quick scan — 100 most common ports
nmap -F 192.168.1.1
# Full port scan (all 65535)
nmap -p- 192.168.1.1
# Subnet scan
nmap 192.168.1.0/24
Service and Version Detection
# Detect service versions
nmap -sV 192.168.1.1
# OS detection
nmap -O 192.168.1.1
# Recommended comprehensive scan
nmap -sV -sC -O -p- --min-rate 5000 192.168.1.1
Scan Types
| Type | Flag | Use Case |
|---|---|---|
| SYN Scan | -sS | Default, fast and stealthy |
| TCP Connect | -sT | When no root privileges |
| UDP Scan | -sU | For UDP services |
| NULL Scan | -sN | Firewall bypass |
| Xmas Scan | -sX | Firewall bypass |
sudo nmap -sS 192.168.1.1
sudo nmap -sU -p- 192.168.1.1
Nmap Scripting Engine (NSE)
The real power of Nmap lies in its script library.
# Default scripts
nmap -sC 192.168.1.1
# Vulnerability scripts
nmap --script vuln 192.168.1.1
# Specific scripts
nmap --script=smb-vuln-ms17-010 192.168.1.1
nmap --script=http-enum,http-headers,http-methods 192.168.1.1
Firewall Evasion
# Fragment packets
nmap -f 192.168.1.1
# Custom MTU
nmap --mtu 24 192.168.1.1
# Decoy scan (add fake IPs)
nmap -D RND:10 192.168.1.1
# Spoof source port
nmap --source-port 53 192.168.1.1
# Timing (T0=slowest/stealthiest, T5=fastest)
nmap -T1 192.168.1.1
Saving Output
nmap -oN output.txt 192.168.1.1 # Normal text
nmap -oX output.xml 192.168.1.1 # XML
nmap -oA all_formats 192.168.1.1 # All formats
Ready-to-Use Commands
# Full comprehensive scan
sudo nmap -sV -sC -p- --min-rate 5000 -oN full_scan.txt TARGET
# Quick CTF scan
nmap -sV -sC -p 21,22,80,443,445,8080 TARGET
# Web targeting
nmap --script=http-title,http-headers,http-methods -p 80,443 TARGET