أخبار ساخنة

Nmap - A Detailed Explanation of Penetration Testing Tool To Perform Information Gathering 2022

Nmap  A Detailed Explanation of Penetration Testing Tool To Perform Information   Gathering


Nmap is an open source network observing and port examining device to find the hosts and administrations in the PC by sending the bundles to the objective host for network disclosure and security reviewing.

Various structures and framework administrators also believe that its useful for tasks, for instance, network stock, directing organization redesign schedules, and noticing host or organization uptime.

Nmap involves crude IP parcels in clever ways to figure out what hosts are accessible on the organization, what administrations (application name and variant) those hosts are offering, what working frameworks (and OS adaptations) they are running, what sort of bundle channels/firewalls are being used, and many different qualities.


It was intended to quickly check huge organizations, however turns out great against single hosts. it runs on all significant PC working frameworks, and official paired bundles are accessible for Linux, Windows, and Mac OS X.

Notwithstanding the exemplary order line Nmap executable, the Nmap suite remembers a high level GUI and results for the watcher (Zenmap), an adaptable information move, redirection, and troubleshooting device (Ncat), a utility for looking at filter results (Ndiff), and a parcel age and reaction investigation instrument (Nping).

You can likewise take Master in Ethical Hacking and Penetration Testing Online course where you can study NMAP and advance level Ethical hacking abilities.

Nmap is 

Adaptable: Supports many high level procedures for outlining networks loaded up with IP channels, firewalls, switches, and different obstructions.

 This incorporates many port examining components (both TCP and UDP), OS identification, variant recognition, ping breadths, from there, the sky is the limit. See the documentation page.

Strong: Nmap has been utilized to check gigantic organizations of in a real sense countless machines.

Convenient: Most working frameworks are upheld, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and then some.

Simple: While NMAP offers a rich arrangement of cutting edge highlights for influence clients, you can begin as just as "nmap - v - A targethost". Both conventional order line and graphical (GUI) forms are accessible to suit your inclination.

Free: The essential objectives of this NMAP Project is to assist with making the Internet somewhat more secure and to give overseers/reviewers/programmers with a high level instrument for investigating their organizations.

 it is accessible free of charge download, and furthermore accompanies full source code that you might adjust and rearrange under the provisions of the permit.

Irrefutably factual: Significant exertion has been put into thorough and up-to-date man pages, whitepapers, instructional exercises, and, surprisingly, an entire book! Track down them in numerous dialects here.

Upheld: While it accompanies no guarantee, it is very much upheld by an energetic local area of engineers and clients.

 The greater part of this cooperation happens on the Nmap mailing records. Most bug reports and questions ought to be shipped off the nmap-dev list, yet solely after you read the rules.

Acclaimed: Nmap has won different distinctions, including "Data Security Product of the Year" by Linux Journal, Info World and Codetalker Digest.

 It has been remembered for some magazine articles, a couple of films, many books, and one comic book plan. Visit the press page for additional nuances.

Well known: Thousands of individuals download consistently, and it is incorporated with many working frameworks (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, and so on).

 It is among the best ten (out of 30,000) programs at the Freshmeat.Net archive. This is significant in light of the fact that it loans Nmap its dynamic turn of events and client support networks.


1: To find out nmap version, run:

 # nmap --version

Sample outputs:

Nmap version 5.51 ( )

2: To scan an IP address or a host name (FQDN), run:

 # nmap
 # nmap localhost
 # nmap

3:  Information out of the remote system:

 # nmap -v -A
 # nmap -v -A

Sample outputs:

 Starting Nmap 5.00 ( ) at 2012-11-19 16:38 IST
 NSE: Loaded 30 scripts for scanning.
 Initiating ARP Ping Scan at 16:38
 Scanning [1 port]
 Completed ARP Ping Scan at 16:38, 0.04s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 16:38
 Completed Parallel DNS resolution of 1 host. at 16:38, 0.00s elapsed
 Initiating SYN Stealth Scan at 16:38
 Scanning [1000 ports]
 Discovered open port 80/tcp on
 Discovered open port 22/tcp on
 Completed SYN Stealth Scan at 16:38, 0.27s elapsed (1000 total ports)

4:  Scan multiple IP address or subnet (IPv4):

 ## works with same subnet i.e.

You can scan a range of IP address too:


You can scan a range of IP address using a wildcard:

nmap 192.168.1.*

Finally, you scan an entire subnet:


5: Find out if a host/network is protected by a firewall:

 nmap -sA
 nmap -sA

6: Turn on OS and version detection scanning script (IPv4):

 nmap -A
 nmap -v -A
 nmap -A -iL /tmp/scanlist.txt 

7:  Scan a host when protected by the firewall:

 nmap -PN
 nmap -PN

8: Scan an IPv6 host/address:

 The -6 option enable IPv6 scanning. The syntax is:

 nmap -6 IPv6-Address-Here
 nmap -6
 nmap -6 2607:f0d0:1002:51::4
 nmap -v A -6 2607:f0d0:1002:51::4

9:  How do I perform a fast scan:

 nmap -F

10: Display the reason a port is in a particular state:

 nmap --reason
 nmap --reason

11: Only show open (or possibly open) ports:

 nmap --open
 nmap --open

12: Show all packets sent and received:

 nmap --packet-trace
 nmap --packet-trace

13: Show host interfaces and routes:

This is useful for debugging (ip command or route command or netstat command like
 output using nmap)

 nmap --iflist

Sample outputs:

Starting Nmap 5.00 ( ) at 2012-11-27 02:01 IST
 lo (lo) loopback up
 eth0 (eth0) ethernet up B8:AC:6F:65:31:E5
 vmnet1 (vmnet1) ethernet up 00:50:56:C0:00:01
 vmnet8 (vmnet8) ethernet up 00:50:56:C0:00:08
 ppp0 (ppp0) point2point up

 DST/MASK DEV GATEWAY ppp0 eth0 eth0 vmnet1 vmnet8 eth0 ppp0 eth0

14: How do I scan specific ports:

 nmap -p [port] hostName
 ## Scan port 80
  nmap -p 80

## Scan TCP port 80
 nmap -p T:80

## Scan UDP port 53
 nmap -p U:53

## Scan two ports ##
 nmap -p 80,443

## Scan port ranges ##
 nmap -p 80-200

## Combine all options ##
 nmap -p U:53,111,137,T:21-25,80,139,8080
 nmap -p U:53,111,137,T:21-25,80,139,8080
 nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080

## Scan all ports with * wildcard ##
 nmap -p "*"

## Scan top ports i.e. scan $number most common ports ##
 nmap --top-ports 5
 nmap --top-ports 10

Sample outputs:

Starting Nmap 5.00 ( ) at 2012-11-27 01:23 IST
 Interesting ports on
 21/tcp closed ftp
 22/tcp open ssh
 23/tcp closed telnet
 25/tcp closed smtp
 80/tcp open http
 110/tcp closed pop3
 139/tcp closed netbios-ssn
 443/tcp closed https
 445/tcp closed microsoft-ds
 3389/tcp closed ms-term-serv
 MAC Address: BC:AE:C5:C3:16:93 (Unknown)

nmap done: 1 IP address (1 host up) scanned in 0.51 seconds


Nmap can perform different filtering activity and it has been driving examining device in the security business since its delivery in 1997, additionally its universes driving port scanners to figure out open ports and firewall. in any case, Nmap utilized by different associations and entrance analyzer to figure out circles and secure the organization.