Study Note: Introduction to NMAP
Overview of NMAP NMAP (Network Mapper) is a powerful network reconnaissance tool
used to discover devices on a network, identify open ports, and find potential
vulnerabilities. It is pre-installed on Kali Linux, making it easily accessible for users.
Key Functions of NMAP
1. Device Discovery
To find devices connected to a network, use the command:
nmap -sP <IP address>
This command scans the specified network and lists active devices. For
example, scanning a network may reveal five active hosts.
2. Port Scanning
To identify open ports on devices, use:
sudo nmap -sT <IP address>
This command performs a TCP connect scan to list all devices and their open
ports.
For specific ports (e.g., 80 and 443), modify the command:
sudo nmap -sT -p 80,443 <IP address>
This helps identify web servers running on those ports.
3. Stealth Scanning
To avoid detection by firewalls, use stealth mode:
sudo nmap -sS <IP address>
This method minimizes the chances of being detected while scanning.
4. Operating System Detection
To determine the operating system of a device, use:
sudo nmap -O <local IP>
This command attempts to guess the OS running on the target device.
5. Aggressive Scanning
Page 1 of 2
� For a comprehensive scan that includes OS detection and version checks,
use:
sudo nmap -A <IP address>
This mode provides detailed information but takes longer to execute.
6. Scripting Engine
NMAP has a powerful scripting engine that allows users to run custom scripts
for various tasks, including vulnerability scanning. To run all vulnerability
scripts:
sudo nmap --script vuln <target device>
This command scans for known vulnerabilities on the specified device.
Conclusion
NMAP is an essential tool for network reconnaissance, providing capabilities for device
discovery, port scanning, stealthy operations, OS detection, and vulnerability
assessment. Mastering NMAP can significantly enhance your skills in network security
and penetration testing.
For further exploration, consider diving deeper into the official NMAP documentation
and experimenting with various commands in a controlled environment.
Page 2 of 2
