What is NMAP?

NMAP is a free and open-source network scanner created by Gordon Lyon. NMAP is used to discover hosts and services on a computer network by sending packets and analyzing the responses. NMAP provides a number of features for probing computer networks, including host discovery and service and operating system detection.

What is NMAP Used For?

At its core, NMAP is a network scanning tool that uses IP packets to identify all the devices connected to a network and to provide information on the services and operating systems they are running.

What is it use in hacking?

NMAP can be used by hackers to gain access to uncontrolled ports on a system. All a hacker would need to do to successfully get into a targeted system would be to run NMAP on that system, look for vulnerabilities, and figure out how to exploit them. Hackers aren’t the only people who use the software platform, however.

Is it illegal to use NMAP?

While civil and (especially) criminal court cases are the nightmare scenario for NMAP users, these are very rare. After all, no United States federal laws explicitly criminalize port scanning. Unauthorized port scanning, for any reason, is strictly prohibited.


NMAP in a nutshell

  • Target Specification
  • Host Discovery
  • Port Specification
  • Service Discovery / Version Detection
  • Operating System Version Detection
  • Firewall / IDS Evasion and Spoofing
  • Time and Performance based Scan
  • Output of Scan
  • Vulnerability / Exploit Detection, using NMAP Scripts (NSE)
Target Specification

Scan a single IP


Scan specific IPs


Scan a Range


Scan a Domain / Host

nmap nmap scanme.nmap.org

Scan Targets from a File

namp -iL targets.txt

Exclude the Listed Host from the Target Range

nmap --exclude

Host Discovery

To List given targets only, no Scan

nmap -sL

To Disable Port Scanning, Host Discovery only

nmap -sn

To Disable Host Discovery. Port scan only

nmap -Pn

TCP SYN discovery on given port

nmap -PS 80,21

TCP ACK discovery on given port

nmap -PA 80,21

UDP discovery on given port

nmap -PU 53
Port Specification

Scan a given Port (i.e 21 here)

nmap -p 21

Scan the given Port Range

nmap -p 21-100

Scan the multiple TCP and UDP ports

nmap -p U:53,T:21-25,80

Scan all 65535 ports

nmap -p-

Scans the given Service Name

nmap -p http,https

Scans the Top 100 ports

nmap -F
Service Discovery / Version Detection

Detect Version of the Running Services

nmap -sV

To set intensity range between 0 to 9. Higher number increases possibility of correctness

nmap -sV --version-intensity 5

To enable the light mode(intensity =2). It is faster but have less possibility of correctness

nmap  -sV --version-light

To enables the intense mode(intensity =9). It is slower but have more possibility of correctness

nmap -sV --version-all
Operating System Version Detection

Detect the Operating system

nmap -sV

Aggressive mode i.e OS, Service Version, Trace route.

nmap -A
Firewall / IDS Evasion and Spoofing

Use tiny fragmented IP packets. Its harder for packet filters

nmap -f

Used to set our own offset size

nmap --mtu 32

Use the Spoofed IP to scan

nmap -D decoy-ip1,decoy-ip2, your-own-ip remote-host-ip

Scans target.com from example.com (Domain Name Spoofing)

nmap -S example.com target.com

Uses the given port as a source

nmap -g 53

Appends random data to sent packets

nmap --data-length 200
Time and Performance based Scan

Slow scan

nmap -T0

Sneaky scan

nmap -T1

Timely scan

nmap -T2

Default scan

nmap -T3

Aggressive scan

nmap -T4

Very Aggressive scan

nmap -T5
Output of Scan

To scan in the Verbose mode (-vv for greater effect)

nmap -v

Save the scan results to the scan.file

nmap -oN scan.file

Save the results in xml.file

nmap -oX xml.file

Save the results in grep.file

nmap -oG grep.file

Saves the Output in the three major formats at once

nmap -oA result

To scan in the debug mode (-dd for greater effect)

nmap -d

To see all the packets sent and received

nmap -T4 --packet-trace
Vulnerability / Exploit Detection, using Nmap Scripts (NSE)

Scan with default NSE Scripts

Scan with given NSE Script ( Example: nmap.nse )

nmap --script=nmap.nse

Use script with argumentsShell

nmap –script=nmap.nse --script-args user=admin


Anonymous Black Sec

Anonymous Black Sec

We are Anonymous Anonymous Black Sec (ABSHQ)

5 2 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x