What is Namp/Zenmap?
Nmap/Zenmap is a tool for information security and cyber security Labs. It scans network and Vulnerability scanning.
It is tool free, you can download here
To do this you need to follow the steps below:
Step by step install Namp/Zenmap
You can find version for opera systems with OS windows (windows 10); or OS Linux (Ubuntu, Debian …), Max OS
- OS Windows
- version for windows had format: nmap-
-setup.exe - Ex: nmap-7.91-setup.exe.
- and run the installer.
- version for windows had format: nmap-
- OS Linux (Ubuntu, Debian)
- Update package: sudo apt-get update
- Install Nmap, run: sudo apt-get install nmap
- When you run this command, you will be prompted to enter Y/n for confirmation. Type in Y to start the installation process. Let the system do its work and install the packages.
- MAC OS
- nmap-
.dmg - Check if Nmap is Working: nmap –version
- nmap-
How to use Namp/Zenmap: Scan network, or Vulnerability scanning
- Finding out active hosts within a range of IP addresses
- nmap -sn 192.168.43.0-255
- nmap -sn 192.168.43.0/24
- Scanning a range of IPs
- nmap -sn 192.168.43.110-120
- Scanning a host with Nmap
- nmap 192.168.43.1
- nmap cyberseclabs.org
- nmap -F cyberseclabs.org ( F : Fast Scan)
- Scanning specific ports or a range of ports
- nmap -p 22 cyberseclabs.org
- nmap -p 1-100 cyberseclabs.org
- Scanning multiple hosts with Nmap
- nmap 192.168.43.0/24
- nmap -v 192.168.43.0/24 (enable the verbose output option using the, -v flag)
- nmap -v -p 20-23 cyberseclabs.org google.com (This command will scan port 20-23 for both scanme.nmap.org and google.com)
- Host Discovery techniques with Nmap
- -sL Flag (List Scan)
- -sn Flag (No port Scan)
- -Pn Flag (No Ping)
- -PS Flag (TCP SYN Ping)
- -PA Flag (TCP ACK Ping)
- -PU Flag (UDP Ping)
- Port scanning techniques with Nmap
- Port scanning basics: There are six states of the ports that are recognized by Nmap:
- Open: These are the ports that are accepting packets. Finding these ports are one of the primary goals of port scanning. They are the most interesting ports and attackers will always try to exploit an open port. This is why system administrators often block them or protect them with firewalls or rules.
- Closed: These ports are accessible and they respond to Nmap packets. They are shown as closed since no application is listening on them. These ports are still helpful and they reveal that the host is reachable.
- Filtered: These are the ports that Nmap cannot determine if they are open. This is because a firewall device or some kind of packet filtering system blocks the packets from reaching the ports. This state of the port provides only a little information about the port and it is highly desirable for enhanced security.
- Unfiltered: This means the port is accessible by Nmap but it cannot determine whether the port is open or closed. This state will only show up as a result of the ACK scan.
- Open | Filtered: This state means Nmap cannot determine if the port is open or filtered. This will come up later in the tutorial.
- Closed | Filtered: This state means Nmap cannot determine if the port is closed or filtered.
- Port scanning options
- sS (TCP SYN Scan)
- -sT (TCP Connect Scan)
- -sA (TCP ACK Scan)
- -sW (TCP Window Scan)
- -sU (UDP Scan)
- -sN / sF / sX (TCP Null, FIN, and Xmas Scan)
- -sI (TCP Idle Scan)
- Port scanning basics: There are six states of the ports that are recognized by Nmap:
- OS detection with Nmap
- OS detection with the flag -O on cyberseclabs.org: nmap -O cyberseclabs.org
- Miscellaneous Scans – Aggressive Scan
- Scan output
- -oN (Normal Output)
- -oX (XML Output)
- Nmap Scripting Engine – NSE
FAQs
Why is Nmap illegal?
Nmap itself is not illegal. It is a legitimate and widely used network scanning tool designed for network discovery and security auditing. However, its legality depends on how it is used:
- Authorized Use: When used by system administrators to scan their own networks for security vulnerabilities, it is legal.
- Unauthorized Use: Scanning networks or systems without permission is illegal and can be considered a cybercrime. Unauthorized scanning can lead to accusations of attempting to find vulnerabilities for malicious purposes.
What are the 3 main functions of Nmap?
- Host Discovery:
- Identifies active devices on a network by sending various types of probes and analyzing responses.
- Common methods include ICMP echo requests, TCP SYN requests, and ARP requests.
- Port Scanning:
- Determines which ports on a host are open, closed, or filtered.
- Helps identify which services are running on which ports.
- Service and Version Detection:
- Identifies the specific services running on open ports and their versions.
- This helps in understanding the potential vulnerabilities of the services detected.
Do real hackers use Nmap?
- Ethical Hackers: Use Nmap to identify vulnerabilities in systems they have permission to test. This is a legitimate and legal practice aimed at improving security.
- Malicious Hackers: May use Nmap to find vulnerabilities in unauthorized systems for illegal purposes. This is illegal and unethical.
How do I scan all 65535 ports in Nmap?
To scan all 65,535 ports on a target using Nmap, you can use the following command:
nmap -p-
- -p-: This option tells Nmap to scan all ports from 1 to 65,535.
: Replace
with the IP address or hostname of the target system.
nmap -p- 192.168.1.1
This command initiates a scan of all TCP ports on the target IP address 192.168.1.1. For a more detailed output, including service version detection, you can use:
nmap -p- -sV 192.168.1.1
- -sV: Enables version detection, providing more detailed information about the services running on the open ports.