Network mapped (nmap) is a network scanning and host detection tool that is very useful in the course of numerous steps of penetration checking out. Nmap isn’t confined to simply amassing facts and enumeration, however it’s also powerful utility that may be used as a vulnerability detector or a security scanner. So nmap is a multipurpose tool, and it is able to be run on many unique running structures such as windows, linux, bsd, and mac. Nmap is a very effective utility that can be used to:
1.Discover the live host at the network (host discovery)
2.Stumble on the open ports on the host (port discovery or enumeration)
3.Discover the software program and the model to the respective port (service discovery)
4.Hit upon the running machine, hardware deal with, and the software version
5.Discover the vulnerability and security holes (nmap scripts)
Nmap uses different techniques to perform scanning including: TCP connect() scanning, TCP reverse ident scanning, FTP bounce scanning and so on.
How to Use Nmap :
The use of nmap depends on the target machine.
Scanning the single system
$ nmap www.example.com
or if you have IP address of a target machine.
$ nmap IP address
If you want to scan the entire subnet, then the command is
You can scan more than two targets,
$ nmap target target1 target2
If you want to scan a range of IP addresses, but not the entire subnet. In this scenario, use this command:
$ nmap target-100
If you have a list of target machine then,
$ nmap -iL target.txt (note that text file will be on same directory)
Nmap Scanning Techniques :
TCP connect() scan (-sT) :
This the default scanning technique used, if and only if the SYN scan is not an option, because the SYN scan requires root privilege. Unlike the TCP SYN scan, it completes the normal TCP three way handshake process and requires the system to call connect(), which is a part of the operating system. Keep in mind that this technique is only applicable to find out the TCP ports, not the UDP ports.
$ nmap -sT Target
UDP Scan (-sU) :
As the name suggests, this technique is used to find an open UDP port of the target machine. It does not require any SYN packet to be sent because it is targeting the UDP ports. But we can make the scanning more effective by using -sS along with –sU.
$ nmap -sU Target
TCP SYN Scan (-sS) :
It is a basic scan, and it is also called half-open scanning because this technique allows Nmap to get information from the remote host without the complete TCP handshake process, Nmap sends SYN packets to the destination, but it does not create any sessions, As a result, the target computer can’t create any log of the interaction because no session was initiated, making this feature an advantage of the TCP SYN scan.
$ nmap -sS Target
OS Detection Nmap :
One of the most important feature that Nmap has is the ability to detect remote operating systems and software. It is very helpful during a penetration test to know about the operating system and the software used by the remote computer because you can easily predict the known vulnerabilities from this information.
$ nmap -O -PN Target