NMAP, which stands for Network Mapper, is an open-source tool used for network exploration and security auditing. It is widely used in the field of ethical hacking and cybersecurity for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Installation of NMAP
Installation of NMAP varies depending on the operating system. For Linux distributions like Ubuntu, you can use the following command:
sudo apt-get install nmap
For Red Hat Enterprise Linux or Fedora, use:
dnf -y install nmap
After installation, you can run the nmap command without arguments to display all of its options. You should also consult the NMAP man page by running:
man nmap
Using NMAP
Let's assume your local network is 192.168.0.0/24, and you want to run a scan on this network. Running a scan without any argument except the network address yields the following:
nmap 192.168.0.0/24
If we want to run a quick scan of machines in our network without trying to see if any port is open, we run:
nmap -sn 192.168.0.0/24
Advanced NMAP Scanning
NMAP also offers advanced scanning options. For instance, you can trace a packet on a single IP using the following command:
nmap -vv -n -sn -PE -T4 --packet-trace 192.168.2.3
You can also use NMAP to check if a website is protected by a Web Application Firewall (WAF) with the following command:
nmap -p443 --script http-waf-detect --script-args="http-waf-detect.aggro,http-waf-detect.detectBodyChanges" www.example.com
NSE Scripts
NMAP is equipped with many advanced features, one of which is NSE (Nmap Scripting Engine) scripts. Using NSE scripts with NMAP allows you to scan different hosts and find vulnerabilities in services running on the host and possibly log in by brute-forcing these services. The use of NSE script syntax is as follows:
nmap --script="name_of_script" --script-args="argument=arg" target
For instance, you can use an NSE script to check if a website is vulnerable:
nmap -Pn -sV --script=vulners 37.xx.xx.xx