nmap
Scan network for open ports and services
TLDR
Scan the top 1000 ports of a remote host with various [v]erbosity levels
Run a ping sweep over an entire subnet or individual hosts very aggressively
Enable OS detection, version detection, script scanning, and traceroute of hosts from a file
Scan a specific list of ports (use -p- for all ports from 1 to 65535)
Perform service and version detection of the top 1000 ports using default NSE scripts, writing results (-oA) to output files
Scan target(s) carefully using default and safe NSE scripts
Scan for web servers running on standard ports 80 and 443 using all available http-* NSE scripts
Attempt evading IDS/IPS detection by using an extremely slow scan (-T0), decoy source addresses (-D), [f]ragmented packets, random data and other methods
SYNOPSIS
nmap [Scan Type(s)] [Options] {target specification}
PARAMETERS
-iL
Input from list. Scan targets from a list of hosts/networks.
-iR
Choose random targets. Scans a number of randomly chosen hosts.
-sS/sT/sA/sW/sM
TCP SYN/Connect()/ACK/Window/Maimon scans.
-sU
UDP Scan.
-sN/sF/sX
TCP Null, FIN, and Xmas scans.
-sV
Version detection. Determines service and software version.
-O
Enable operating system detection.
-p
Only scan specified ports. E.g. -p22; -p1-65535; -p U:53,111,T:21-25,80,139,8080
-F
Fast mode. Scan fewer ports than the default scan.
-T<0-5>
Set timing template (higher is faster). 0 is paranoid, 5 is insane.
-A
Aggressive scan mode. Enables OS detection, version detection, script scanning, and traceroute.
-v
Increase verbosity level. (use -vv or more for greater effect)
-oN
Output scan in normal format to the given filename.
-oX
Output scan in XML format to the given filename.
--script=
Runs the specific nmap script.
DESCRIPTION
Nmap (Network Mapper) is a free and open-source utility for network discovery and security auditing. It's used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a wide range of features for probing computer networks, including host discovery, port scanning, version detection, and operating system detection.
Nmap is widely used by security professionals for tasks such as vulnerability scanning, penetration testing, and network inventory. It can also be used by system administrators for network monitoring and troubleshooting. Nmap can be used to scan a single host, a range of IP addresses, or an entire network. The results of a scan can be displayed on the screen or saved to a file for later analysis. Nmap offers a lot of advanced techniques to avoid being detected by network security tools.
CAVEATS
Scanning networks without permission is illegal and unethical. Ensure you have proper authorization before running Nmap.
TARGET SPECIFICATION
Targets can be specified as IP addresses, hostnames, networks, or using wildcards. For example, 'scanme.nmap.org', '192.168.1.0/24', '10.0.0.*'.
SCRIPTING ENGINE (NSE)
Nmap Scripting Engine (NSE) allows users to write and share scripts to automate a wide variety of networking tasks. These scripts can be used for tasks such as vulnerability detection, service discovery, and authentication.
HISTORY
Nmap was originally written by Gordon Lyon (Fyodor Vaskovich) in 1997. It was designed to be a more flexible and powerful port scanner than existing tools at the time. Nmap has been continuously developed and improved since then, becoming one of the most popular and widely used network scanning tools.