What is NMAP?

NMAP is a free and open-source network scanner created by Gordon Lyon. NMAP is used to discover hosts and services on a computer network by sending packets and analyzing the responses. NMAP provides a number of features for probing computer networks, including host discovery and service and operating system detection.

What is NMAP Used For?

At its core, NMAP is a network scanning tool that uses IP packets to identify all the devices connected to a network and to provide information on the services and operating systems they are running.

What is it use in hacking?

NMAP can be used by hackers to gain access to uncontrolled ports on a system. All a hacker would need to do to successfully get into a targeted system would be to run NMAP on that system, look for vulnerabilities, and figure out how to exploit them. Hackers aren’t the only people who use the software platform, however.

Is it illegal to use NMAP?

While civil and (especially) criminal court cases are the nightmare scenario for NMAP users, these are very rare. After all, no United States federal laws explicitly criminalize port scanning. Unauthorized port scanning, for any reason, is strictly prohibited.

LETS GET STARTED!!!

NMAP in a nutshell

  • Target Specification
  • Host Discovery
  • Port Specification
  • Service Discovery / Version Detection
  • Operating System Version Detection
  • Firewall / IDS Evasion and Spoofing
  • Time and Performance based Scan
  • Output of Scan
  • Vulnerability / Exploit Detection, using NMAP Scripts (NSE)
Target Specification

Scan a single IP

nmap 192.168.1.1

Scan specific IPs

nmap 192.168.1.1 192.168.1.5

Scan a Range

nmap 192.168.1.1-254

Scan a Domain / Host

nmap nmap scanme.nmap.org

Scan Targets from a File

namp -iL targets.txt

Exclude the Listed Host from the Target Range

nmap --exclude 192.168.1.5 192.168.1.1-10

Host Discovery

To List given targets only, no Scan

nmap -sL 192.168.1.1-3

To Disable Port Scanning, Host Discovery only

nmap -sn 192.168.1.1/24

To Disable Host Discovery. Port scan only

nmap -Pn 192.168.1.1-5

TCP SYN discovery on given port

nmap -PS 80,21 192.168.1.1

TCP ACK discovery on given port

nmap -PA 80,21 192.168.1.1

UDP discovery on given port

nmap -PU 53 192.168.1.1
Port Specification

Scan a given Port (i.e 21 here)

nmap -p 21 192.168.1.1

Scan the given Port Range

nmap -p 21-100 192.168.1.1

Scan the multiple TCP and UDP ports

nmap -p U:53,T:21-25,80 192.168.1.1

Scan all 65535 ports

nmap -p- 192.168.1.1

Scans the given Service Name

nmap -p http,https 192.168.1.1

Scans the Top 100 ports

nmap -F 192.168.1.1
Service Discovery / Version Detection

Detect Version of the Running Services

nmap -sV 192.168.1.1

To set intensity range between 0 to 9. Higher number increases possibility of correctness

nmap -sV --version-intensity 5 192.168.1.1

To enable the light mode(intensity =2). It is faster but have less possibility of correctness

nmap  -sV --version-light 192.168.1.1

To enables the intense mode(intensity =9). It is slower but have more possibility of correctness

nmap -sV --version-all 192.168.1.1
Operating System Version Detection

Detect the Operating system

nmap -sV 192.168.1.1

Aggressive mode i.e OS, Service Version, Trace route.

nmap -A 192.168.1.1
Firewall / IDS Evasion and Spoofing

Use tiny fragmented IP packets. Its harder for packet filters

nmap -f 192.168.1.1

Used to set our own offset size

nmap --mtu 32 192.168.1.1

Use the Spoofed IP to scan

nmap -D decoy-ip1,decoy-ip2, your-own-ip remote-host-ip

Scans target.com from example.com (Domain Name Spoofing)

nmap -S example.com target.com

Uses the given port as a source

nmap -g 53 192.168.1.1

Appends random data to sent packets

nmap --data-length 200 192.168.1.1
Time and Performance based Scan

Slow scan

nmap -T0 192.168.1.1

Sneaky scan

nmap -T1 192.168.1.1

Timely scan

nmap -T2 192.168.1.1

Default scan

nmap -T3 192.168.1.1

Aggressive scan

nmap -T4 192.168.1.1

Very Aggressive scan

nmap -T5 192.168.1.1
Output of Scan

To scan in the Verbose mode (-vv for greater effect)

nmap -v 192.168.1.1

Save the scan results to the scan.file

nmap 192.168.1.1 -oN scan.file

Save the results in xml.file

nmap 192.168.1.1 -oX xml.file

Save the results in grep.file

nmap 192.168.1.1 -oG grep.file

Saves the Output in the three major formats at once

nmap 192.168.1.1 -oA result

To scan in the debug mode (-dd for greater effect)

nmap 192.168.1.1 -d

To see all the packets sent and received

nmap 192.168.1.1 -T4 --packet-trace
Vulnerability / Exploit Detection, using Nmap Scripts (NSE)

Scan with default NSE Scripts

Scan with given NSE Script ( Example: nmap.nse )

nmap 192.168.1.1 --script=nmap.nse

Use script with argumentsShell

nmap 192.168.1.1 –script=nmap.nse --script-args user=admin

WARNING: THIS ARTICLE IS ONLY FOR EDUCATIONAL PURPOSE AND IF YOU ARE RESPONSIBLE FOR ANY ILLEGAL ACT PERFORMED BY YOU!!

Anonymous Black Sec

Anonymous Black Sec

We are Anonymous Anonymous Black Sec (ABSHQ)

5 2 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x