Nmap, or Network Mapper, is a very popular open-source tool used to scan and evaluate networks. Designed by Gordon Lyon, Nmap was originally used only for network mapping. However, it has now become one of the essential tools in cybersecurity, both for network administrators and security researchers.

With Nmap, we can map networks to identify connected devices, running services, open ports, and other important information. Nmap can also be used to identify the operating system of connected devices.

Why Use Nmap on Kali Linux?

Kali Linux is a well-known Linux distribution in cybersecurity circles, equipped with various tools for penetration testing and digital forensics. One of the tools that comes by default on Kali Linux is Nmap, which makes it very easy to access and use for network mapping and scanning.

Installing Nmap

Before using Nmap, make sure it is installed on your system. On Kali Linux, Nmap is usually installed by default. However, you can verify or reinstall it with the following command:

sudo apt update
sudo apt install nmap -y

After installation, check the installed Nmap version by typing:

nmap -version

If successful, you will see the Nmap version installed on your system.

Nmap Command Basics

Nmap uses some basic commands that you should know before proceeding to more advanced usage. Here are some examples of basic commands:

• Scanning a single host: To scan a single device, you can use:

nmap <IP address>

Example: nmap 192.168.1.1

• Scanning multiple hosts: You can also scan multiple hosts at once by separating the IPs using spaces or hyphens for ranges.

nmap 192.168.1.1 192.168.1.2 192.168.1.3
nmap 192.168.1.1-5

• Scan the entire network: To scan the entire local network, use the mask flag, like so:

nmap 192.168.1.0/24

Scanning Ports

Nmap allows you to scan specific ports or ranges of ports on a device. Here are some examples:

• Scanning Specific Ports: If you want to scan a specific port, such as port 80, use the command:

nmap -p 80 <IP address>

• Scanning Port Ranges: To scan a range of ports, use the format:

nmap -p 1-100 <IP address>

• Scanning All Ports: To scan all ports on a host, use the -p- option:

nmap -p- <IP address>

Scanning Services and Versions

With Nmap, you can also identify the services and their versions running on a device. This is very useful for identifying applications or servers running on a network.

• Use the -sV option to scan for service versions:

nmap -sV <IP address>

The output will display the service name and version for each open port.

Scanning the Operating System

Nmap has the ability to identify a device’s operating system. It does this using a fingerprinting technique, where Nmap compares the device’s response to a database of specific OS signatures.

• To scan for the operating system, use the -O option:

nmap -O <IP address>

Nmap will try to guess the OS based on information gathered from the network. However, not all devices can be identified accurately.

Stealth Scanning

In some situations, you may want to scan without drawing attention to yourself from the target system. Nmap provides a stealth mode known as a “SYN scan” or “half-open scan.”

• Use the -sS option to perform a stealth scan:

nmap -sS <IP address>

This mode sends a SYN packet to the target but does not complete the TCP handshake, thereby avoiding detection by some network security systems.

UDP Scanning

In addition to TCP scanning, Nmap can also perform UDP scanning, which is often used for applications that do not require a persistent connection, such as DNS or SNMP.

• Use the -sU option for a UDP scan:

nmap -sU <IP address>

UDP scanning can be slower than TCP, but can be very useful in identifying UDP-based services.

Saving Scan Results

If you want to save scan results for further analysis, Nmap supports several output formats that can be imported into other tools.

• Save as text:

nmap <IP address> -oN results.txt

• Save as XML:

nmap <IP address> -oX results.xml

The XML format is often used for import into other security tools that support XML parsing.

Using Scripts with Nmap

Nmap has a feature known as NSE (Nmap Scripting Engine), which allows the use of custom scripts to perform more in-depth scans, such as checking for vulnerabilities or identifying malware. An example of a script that can be used is http-title which displays the title of a web page.

• Use the following command to run the http-title script:

nmap --script http-title <IP address>

You can also combine multiple scripts together for more complex scans.

Tips and Tricks

• Use the verbose (-v) option: Add this option to see more information as the scan runs.

nmap -v <IP address>

• Increase scan speed: Nmap has various speed settings from -T0 (very slow) to -T5 (very fast). Use with caution as scanning too fast can lead to false positives or even get blocked by the target.

nmap -T4 <IP address>

Conclusion

Nmap is a very powerful tool for network scanning, both for network administrators and penetration testers. With a variety of options and configurations, you can customize your scans to your needs, from simple scans to very complex scans using scripts. Understanding the basics of Nmap will help you identify devices, services, and potential vulnerabilities in the networks you manage.

Always use Nmap responsibly and only on networks that you own or have authorized.

That’s all the articles from Admin, hopefully useful… Thank you for stopping by…