Nmap is an acronym for Network Mapper, a free and open network discovery and intelligence tool used to discover a host and collect detailed information about it. Written in C, C++ and Python and first published in September 1997, nmap has become an indispensable tool for cybersecurity and digital forensic professionals who rely on nmap to identify detailed information about target hosts and potential vulnerabilities. Nmap reveals information such as which hosts are active on the network, open ports, discovering operating systems and services, and performing secret scans, to name but a few.
In this tutorial we will highlight some useful Nmap commands that can be used to get as much information as possible from host systems.
How to install nmap
Before we look at the different ways to use the nmap command, let’s see how to install this useful command line program. The universal and easiest way to install nmap is by using snap packages. Snaps are ready-made software with libraries and dependencies. They are readily available in all major Linux distributions. You can find tons of clicks in the shop. However, before installing Nmap from snap packages, you must first enable the snapd daemon. This allows you to download and install snapshot packages.
Follow this command to install Nmap using snapshots.
$ sudo sudo snap setup nmap
You can also choose to install Nmap with package managers unique to each family of Linux distributions.
For Ubuntu & Debian
For Ubuntu/Debian/Mint based distributions use the APT package manager as shown in the figure.
$ install sudo apt -y nmap
For CentOS 8 / RHEL 8 / Fedora 22 and more
For CentOS 8 / RHEL 8 and Fedora 22 and later, use the dnf package manager.
install sudo dnf -y nmap
For CentOS 7 and RHEL 7
For CentOS 7 / RHEL 7 and earlier versions use the Yum package manager.
$Set ship yum – nmap
For Arch Linux / Manjaro
For Arch-based systems, use the pacman packet manager, as shown in the figure.
$ sudo pacman -S nmap
After reviewing the installation of nmap, we now want to continue and look at 20 amazing examples of nmap commands under Linux.
1) Card command to scan a host
In its basic form, the nmap command can be used to scan a single host without passing arguments. Syntax, as shown in figure :
nfolder goal
For example;
nfolder 192.168.2.102
You can also enter the domain name instead of an IP address, as in the image :
nfolder scanme.nmap.org
2) Multi-Host scanning
Scanning multiple nodes while on the move is especially useful in large networks where you need to scan multiple nodes at the same time. This is a convenient way to scan hosts with a single command instead of scanning each host individually. For example, you can scan 10 or more hosts or an entire subnet while working on something else. There are several ways to solve this problem.
First, you can specify multiple IP addresses or domains on a line separated by a space, as shown in the figure ;
nfolder 192.168.2.1 192.168.2.103
Instead of entering the IP addresses in their entirety, you can separate the commas as shown in the figure.
US nfolder 192.168.2.1 102 103
You can also specify a range of IP addresses with a hyphen. For example, the following commands scan hosts from 192.168.2.1 to 192.168.2.100.
nfolder 192.168.2.1-100
3) Scan a subnetwork with nmap
You can also use a placeholder to scan the entire subnet, as shown in the figure :
nfolder 192.168.2.*
OR
$ nfolder 192.168.2.0/24
To refine the scan to detect only live hosts on a subnet, use the -sP option, as shown in the figure.
nfolder -sP 192.168.2.*
4) For more information use optionmultiple words.
To get a more reliable result when scanning nfolders, use the -v option. This option prints the details of the scan, such as the type of scan and the open ports found.
$ nfolder -v 192.168.2.1
5) Exclude hosts from Nmap-scan
If you scan multiple hosts, you can choose to exclude one host from the scan. Use the -exclude option. In the following example, we have excluded host 192.168.2.20 from the scan.
nfolder 192.168.2.0/24 – except 192.168.2.20
To exclude multiple hosts from Nmap, specify the hosts you want to exclude in the file and link the command to the file as shown in the image :
$ nmap 192.168.2.* -excluding the file other than .txt.
The above command excludes all hosts listed in the exception file.
6) Run a quick scan
As the name suggests, it is possible to speed up nfolder scanning by passing the -F flag as shown in the image :
n $ -F 173.82.202.201 Card
Warning – This scan offers fewer ports than a normal scan.
7) Scanning of active network nodes
It’s more like a ping scan. It detects active hosts on the subnet. To check the active hosts, type -sn followed by the IP address and subnet. For example:
nfolder -sn 192.168.2.0/24
8) Scan the hosts in file
If you have a segmented network, especially with a VLAN, you can have hosts on different subnets. An easy way to scan is to define their IP addresses in a text file and pass the file with the -iL option as argument.
nmap iL hosts.txt
Here is an example of a host file
$ cat hosts.txt
192.168.2.100
192.168.2.102
192.168.20.5-50
9) Firewall scan
The discovery of a firewall is especially useful for vulnerability testing or ethical hacking. This allows the system administrator to know whether the firewall on the target host is enabled or disabled. To find out the status of the firewall, use the -sA flag, as shown in the figure.
nfolder $ -sA 192.168.2.1
This triggers an ACK scan, which checks whether packets can pass without being filtered. Use the -n flag to prevent reverse DNS resolution on the target host.
10) Defining the operating system using nmap
Nfolder can also provide information about the target system’s operating system or about the operating system and version detection. To detect the operating system, skip the -O option as shown in the figure. We are going to scan a cloud VPS hosted on a Linux system and see what nmap has to offer.
NOTE : If you are a normal user, you must execute the sudo command, as sudo rights are required to determine the operating system.
$ ship nfolder -O 173.82.202.201
Nmap does its best to identify the operating system and its version, but the results are not always accurate.
11) Carrying out port scans
One of the most important tasks of nmap is to scan the ports on the host system. You can go hunting and specify a port to scan with the -p flag followed by the port number, as shown in the figure :
nfolder -p 80 173.82.202.201
command
You can also scan multiple ports by separating them with a comma, as shown in the figure :
nfolder -p 80 443 192.168.2.1 1
You can also define the range of ports to be scanned by separating them with a hyphen.
n Card 80-443 192.168.2.1
12) Scan on TCP/UDP ports
You can restrict the scan to TCP or UDP ports. To scan the TCP ports, use the -sT option as shown in the figure.
n Card $ -T 173.82.202.201
Run it for a specific TCP port, e.g. B. Port 80, offshore:
$ nmap -p T:80 173.82.202.201
For UDP ports, use the -sU option.
nfolder $ -sU 173.82.202.201
For a specific UDP port, enter z. B. Port 69 offshore :
$ nmap -p U:69 173.82.202.201
13) Open service version.
When scanning for potential vulnerabilities, it is very important to determine which services and their versions are running and which ports they are listening to. This way you can find out which services can be used by an attacker to compromise your system. If you know the versions and ports of the services, you can decide whether you want to upgrade the services to the latest version or uninstall them completely.
Use the -sV-flag to collect information about services and ports.
nfolder -sV 173.82.202.201
14) Performing a Hidden Mode Scan
Nmap scans are usually noisy and leave traces that can be marked and traced back to you by a reliable IDS (Intrusion Detection System). To remain anonymous, you can perform a hidden scan using the -sS option.
nfolder $ -sS 173.82.202.201
15) Identify supported IP protocols
Information on the protocols supported by the target system (ICMP, TCP, UDP, etc.) can be obtained via the -sO flag.
Sudo nmap -sO 173.82.202.201
command command
16) Run an aggressive scan
With the -A option, nmap provides highly detailed scanning results, including open ports and running service versions, detection of the operating system and even tracking of the target host(s).
n Map -A 173.82.202.201
17) Store the output of the national card in file
By default, nfolder prints the scan results on the terminal. However, if you need to save the results in a text file at the right time for further analysis, you can use the redirect operator as shown in the figure.
nfolder 173.82.202.201 > scanme.txt
To ensure that the scan results are saved, use the cat command as shown in the figure.
cat scanme.txt
You can also pass the -oN option and then pass the output file and host.
nmap -oN scanme.txt scanme.nmap.org
18) Printing of host interfaces and routes
Sometimes it is necessary to find host system interfaces and routes for troubleshooting. This can easily be done by passing the -iflist option.
nfolder –iflist
19) Help for the national card
To satisfy your curiosity with additional features of the national map, use the -h flag. This is equivalent to getting help with nfolder commands.
nmaph
20) Test of versionof the national card
To check the version of nmap you are using, run the command:
$ nmap -v
There are only 20 basic Nmap commands that can be used to list different host systems. There are still many nmap options that can be used to get more information about the target system, but the examples we have listed are a good starting point. We hope this guide has helped you become familiar with the nmap tool and the various example commands.
You can also read: Examples for 9 tee commands under Linux
Related Tags:
nmap commands pdf,nmap commands for windows,nmap sc command,nmap commands in kali linux,nmap linux install,what is smurf attacks?,nmap command in linux for open ports,nmap command in windows,questions about nmap,scan the system for multiple host using file,nmap commands linux,nmap commands in termux,nmap command in kali linux,nmap commands cheat sheet,nmap script example,nmap vulnerability scan command,nmap advanced commands,termux nmap commands,nmap bash script example,nmap 32 commands,nmap report