Nmap 🗺️ - HackMD

--- tags: Nmap, Cyber Shujaa --- tags: `Nmap` `Cyber Shujaa` # Nmap 🗺️ ![](https://i.imgur.com/1YGZk0t.png) Nmap is a network scanning tool that identifies all the devices connected to a network and provides information on the services and operating systems they are running. The program is most commonly used via a command-line interface and is available for many different operating systems. Its popularity has been supported by an active and enthusiastic user support community. ### Use Cases: a. **Ping Scanning:** A ping scan will return information on every IP active on your network. > nmap -sp 192.168.3.10/24 b. **Host Scanning:** Host scanning gives you detailed information on a specific host, including their latency, MAC address, and any description associated with that address. This will allow you to identify and eliminate suspicious hosts on your network. It can be used in any of the below forms. - Listing all the IPs: > $nmap 192.164.4.1 192.164.1.21 192.164.9.66 - Using comma to seperate IPs: > $nmap 192.164.6.1,2,3,4 - Using asterisk to denate ALL IPs: > $nmap 192.164.5.* - Using hyphen to list IPs: > $nmap 192.164.0.0–255 c. **Port Scan:** The difference between different types of port scans are whether or not they cover TCP or UDP ports. Port scanning comes in various forms as below: `i. Single-port scan: Here we use the -p param to refer the port` > nmap -p 21 192.168.1.15 `ii. Range of ports: Here we specify a range of ports to scan.` > nmap -p 10-700 192.168.1.15 `iii. Scan using -top-ports flag: specifying the top n ports to scan` > nmap --top-ports 10 scanme.nmap.org d. **OS Scan:** Operating system detection, script scanning, version detection, and traceroute can be provided by Nmap. One of the most powerful features of the tool is OS scanning. OS scanning involves Nmap sending packets to a port. The response to the operating systems database is compared and the information is returned. > nmap -sV scanme.nmap.org e. **Stealth Scan:** After sending an SYN packet, running a stealth Scan involves analyzing the response. If SYN or ACK is received, the port is open and you can connect to the internet. *NB: The target may face difficulty determining the scanning system because a stealth Scan never completes the 3-way handshake.* > nmap -sS scanme.nmap.org ### Conclusion: Nmap has a ton of various commands that can be used for scanning. The above is a sample of the most common commands used with Nmap. ---- ### Bonus: - You can access the complete list of Nmap command options from below link for use: https://nmap.org/book/man-briefoptions.html