How to use Nmap | Enumeration and scanning using Nmap complete guide
How to use Nmap complete guide
Nmap is a powerful network scanning tool that can be used to explore and analyze networks. It is a popular tool among network administrators and security professionals as it provides many features to help identify security risks and vulnerabilities.
In this blog post, we will explore how to use Nmap and its features to get the most out of your network scanning. We will cover topics such as how to install and configure Nmap, how to use Nmap to scan different types of networks, and how to interpret the results.
first, we need to install Nmap in our system Nmap works fine with lots of platforms
the choice is always yours..
What is Nmap?
Nmap is an open source network discovery and security auditing tool. It is used by network administrators to identify active hosts on a network and to determine what services are offered by each device.
It can also be used to detect security vulnerabilities and to audit firewall configurations. Nmap can be used to scan a single host or an entire network. It can also be used to identify devices on a network, such as printers, routers, and switches.
To use Nmap, it is necessary to have a basic understanding of networking concepts and to be familiar with the command line. Once the scan is complete, the output is then used to identify active hosts and services, as well as any security vulnerabilities.
What Does Nmap Do?
Nmap (Network Mapper) is a network security scanner and network discovery tool used to identify hosts on a network, as well as the services they offer, and the operating systems they use.
Nmap can be used to determine what hosts are available on a network, the services they are using, and the operating systems they are running. It can also be used to detect security issues, such as open ports, and vulnerabilities.
Additionally, Nmap can be used to audit and monitor networks, as well as to scan for potential intrusions or malicious activity.
Nmap can also be used to gain information about a host or network, such as the operating system it is running, and the programs and services it is offering.
How to Use Nmap ?
Nmap is a powerful network mapping and port scanning tool used by network administrators and security professionals alike. To use Nmap, a user must first download the software and then run it in a command line window.
Nmap can then be used to scan for open ports, detect operating systems and services, identify hosts, and much more. To begin a scan, a user can specify the target IP address or hostname, the ports to scan, and other options.
Nmap can also be used to create detailed network diagrams, as well as generate reports to analyze the results of the scan. With adequate knowledge and practice, Nmap can be a valuable tool for network administrators and security professionals.
I have given a tutorial to install Nmap in Termux check it out here..
how to install Nmap in termux
apt install nmap
nmap
- spoof or decoy scan
When we are scanning machines that aren't ours, we frequently want to cover our IP (our identity). Obviously, every packet must contain our source address alternatively the response from the target system won't know where to return to.
nmap -sS 192.168.0.0 -D 10.0.0.1,10.0.0.2,10.0.0.4
- Output to a File
many times we need output of scans for later references and use with other tools. to save lots of output in NMAP simply use -oN switch.
add -oN command and after that name of the file you want to output in. Here, I have used a file named "nmapscan.txt"
nmap -sS 192.168.89.191 -oN nmapscan
now cat this output to see what's in it using the command
cat nmapscan
add -oN command and after that name of the file you want to output in. Here, I have used a file named "nmapscan.txt"
• OS detection, service detection in ports
-A is all in one command we can use to detect OS, Services, script scanning, and traceroute with ports status..
there are many vulnerabilities and exploits you can find for system services and use it in exploitation.
nmap -A (target IP)
![]() |
Nmap os and other services detection |
•Port Scanning Techniques:
NMAP ping sweeps
![]() |
Nmap ping sweep |
ARP scan (Address Resolution Protocol) :
In this method, a progression of ARP communication is sent, and the incentive for the objective IP address field is increased in each communication parcel to find dynamic gadgets on the neighborhood organize section. This sweep encourages us to outline the whole system.
nmap --arp-type ARP (target IP)
![]() |
Nmap ARP scan |
TCP connect scan:
TCP connect scan is the basic scanning technique that uses the connect system call of an OS to open a connection to all port that is available.
this image shows how it works..
![]() |
TCP ports scan in Nmap |
Half-open scan:
while TCP connection it does not connect with the server so it's stealthy scan
like TCP scan we send syn packet first.
then the server sends syn/ack packet to us..
but in the last instead of ack we send the server a reset packet in Half-open scan that's why its called stealth scan. the server didn't connect instead it resets and makes it undetectable..
nmap -sS (target Ip)
TCP XMAS Scan
nmap -sX (target Ip)
TCP FIN Scan
In FIN flag while closed ports send a reset response and
TCP packets sent to the target open ports don't respond.
nmap -sF (target Ip)
TCP ACK Scan:
by using TCP ACK Scan attacker can see the port status by an acknowledgment received
use command in Nmap
nmap -sA (target Ip)
Null Scan:
nmap -sN (target Ip)
Nmap Faq
Q: What are Some Nmap Alternatives?
Nmap is a popular open source network security scanner used by security professionals and network administrators.
It is used to perform network exploration, port scanning, and security auditing. However, there are other alternatives to Nmap that offer similar features. These include Metasploit, OpenVAS, Nessus, and Wireshark.
Metasploit is a powerful tool for discovering and exploiting vulnerabilities in networks and applications. OpenVAS is a free and open source vulnerability scanner that is used to audit networks and detect vulnerabilities.
Nessus is a popular commercial vulnerability scanner that provides comprehensive coverage of vulnerabilities. Wireshark is a great tool for analyzing network traffic and troubleshooting network issues. Each of these alternatives has their own unique features and advantages, so it is important to evaluate each one to determine which one is best suited for your needs.
Q: How Does Nmap Work?
Nmap is a powerful tool for network exploration and security auditing. It is used to scan networks and identify open ports, services, and hosts on a network.
To use Nmap, a user must first download and install the application. Once installed, the user can enter the command line to execute various commands and scan specific networks.
For example, a user can use the command "nmap -sS " to perform a stealth scan of the target IP address.
The output of the command will show all the open ports, services, and hosts on the target network.
Nmap can also be used to perform various other tests such as operating system fingerprinting, port scanning, and vulnerability scanning. Nmap is a powerful and versatile tool for network exploration and security auditing.
Nmap Scripting Engine.
The Nmap Scripting Engine (NSE) is a powerful tool that allows users to extend the capabilities of the Nmap network discovery and security scanner. NSE scripts are written in the Lua programming language and provide users with a wide range of functions and capabilities.
NSE scripts can be used to perform a broad range of tasks, including port scanning, vulnerability detection, service identification, and even creating custom network communication. NSE scripts are loaded using the -sC option and can be further customized using the -script option.
Additionally, users can take advantage of the Nmap Script Database to download existing scripts, or they can create their own. With the Nmap Scripting Engine, users have a powerful tool at their disposal to extend the capabilities of the Nmap scanner.
NSE SCRIPTS
![]() |
Nmap NetBIOS script |