Nmap is a powerful, an open-source tool employed to help system administrators and auditors to discover networks as well as to assess the security of the network. It can recognize the connected devices, opened ports, and running services within the networks and hence give a good insight of a network’s security.
Basic Scanning:
To begin, a simple scan targets the most common 1,000 TCP ports on a specific host with the command:
nmap <target_ip_or_domain>
Port and Range Scanning:
You can scan specific ports using the -p flag:
nmap -p 22,80,443 <target_ip_or_domain>
For a range, the command is:
nmap -p 1-1000 <target_ip_or_domain>
Verbose Output and OS Detection: Here is what some of you said:
For more details, use verbose mode:
nmap -v <target_ip_or_domain>
OS detection requires root privileges:
sudo nmap -O <target_ip_or_domain>
Service and Aggressive Scans:
Detect service versions with:
nmap -sV <target_ip_or_domain>
The -A option performs a comprehensive scan, including OS detection and traceroute:The -A option performs a comprehensive scan, including OS detection and traceroute:
sudo nmap -A <target_ip_or_domain>
Additional Features:
Timing templates can change scan speeds (-T0 through -T5) and you can scan for multiple targets and or subnets. Use the --exclude to not allow to connect to specific hosts. It is possible to save the results in normal or XML format and choose a ping scan for identification of alive hosts without performing the port scan.
Firewall Evasion and UDP Scanning: Let me know if there is something floating around out there with the title.
When you want to avoid getting trapped by firewalls use the command -Pn’ to disable host discovery. If the scanning of UDP ports is needed, use-sU` however this is much slower than other types of scans.
As we said, Nmap is a marvelous tool, but it should only be run on networks that are not ours without the owner’s permission. Illegal use of the product is prohibited and so is the unethical use of the product.
Top comments (0)