2024-10-11
Before diving into advanced commands, let’s begin with the basics. The simplest way to use Nmap is to scan a single host for open ports:
nmap <target_ip_address>Replace <target_ip_address> with the IP address of the host you want to scan. For example, to scan the host with IP address 192.168.1.100:
nmap 192.168.1.100This command will perform a basic TCP SYN scan, identifying open ports and their associated services. The output will show a list of ports, their states (open, closed, filtered), and the service running on each open port.
Nmap offers a wide variety of scan types, each designed for different purposes. Let’s look at a few:
nmap -sS 192.168.1.100nmap -sU 192.168.1.100nmap -sV 192.168.1.100nmap -O 192.168.1.100-sC option runs a default set of scripts.nmap -sC 192.168.1.100Nmap efficiently handles scanning multiple hosts. You can specify a range of IP addresses using CIDR notation:
nmap 192.168.1.0/24This command scans all hosts within the 192.168.1.0/24 subnet. You can also specify individual IP addresses or hostnames separated by spaces:
nmap 192.168.1.100 192.168.1.101 example.comInstead of scanning all ports, you can specify a particular range:
nmap -p 21-25,80,443 192.168.1.100This scans ports 21 through 25, as well as ports 80 and 443.
Nmap’s power lies in its ability to combine multiple options. For a detailed scan including version detection, OS detection, and script scanning:
nmap -sS -sV -O -sC 192.168.1.100Nmap offers various output formats, including XML, Grepable output and more, which are useful for parsing and automating the results. For example to output in XML use:
nmap -oX output.xml 192.168.1.100This will save the scan results in an XML file named output.xml.
These examples offer a starting point for exploring Nmap’s capabilities. Remember to always obtain permission before scanning any network or system that you do not own or manage. Improper use of Nmap can be illegal.