Listen to this Post
Nmap (Network Mapper) is a powerful open-source tool for network discovery and security auditing. It helps cybersecurity professionals identify devices, services, vulnerabilities, and operating systems on a network. Below are essential commands, practical examples, and advanced techniques to leverage Nmap effectively.
Essential Nmap Commands for Security Assessments
1. Basic Network Scan
nmap <target_IP>
Scans the target IP for open ports and services.
2. Service Version Detection
nmap -sV <target_IP>
Detects versions of running services for vulnerability assessment.
3. OS Fingerprinting
nmap -O <target_IP>
Attempts to identify the operating system of the target.
4. Aggressive Scan (OS, Versions, Scripts)
nmap -A <target_IP>
Combines OS detection, version detection, and script scanning.
5. Vulnerability Scanning with NSE Scripts
nmap --script vuln <target_IP>
Runs vulnerability detection scripts from Nmap Scripting Engine (NSE).
6. Stealth Scan (SYN Scan)
nmap -sS <target_IP>
Performs a stealthy SYN scan to avoid detection.
7. UDP Port Scanning
nmap -sU <target_IP>
Scans for open UDP ports (often overlooked in security assessments).
8. Scanning Multiple Targets
nmap <IP1> <IP2> <IP3>
Scans multiple IPs in a single command.
9. Output Results to a File
nmap -oN output.txt <target_IP>
Saves scan results in a text file.
You Should Know: Advanced Nmap Techniques
1. Custom Port Range Scan
nmap -p 20-100 <target_IP>
Scans only ports 20 to 100.
2. Fast Scan (Top 100 Ports)
nmap -F <target_IP>
Scans the most common 100 ports quickly.
3. Bypassing Firewalls with Fragmentation
nmap -f <target_IP>
Sends fragmented packets to evade basic firewall rules.
4. Using Decoy IPs for Anonymity
nmap -D RND:10 <target_IP>
Hides your real IP among decoy addresses.
5. HTTP Vulnerability Scanning
nmap --script http-sql-injection,http-xss <target_IP>
Checks for SQLi and XSS vulnerabilities in web services.
6. Detecting Heartbleed Vulnerability
nmap -p 443 --script ssl-heartbleed <target_IP>
Tests if a server is vulnerable to Heartbleed (CVE-2014-0160).
7. Brute-Force Attack Testing
nmap --script ssh-brute <target_IP>
Tests SSH weak credentials (use only in authorized environments).
What Undercode Say
Nmap is indispensable for cybersecurity professionals, penetration testers, and network administrators. It provides deep insights into network security postures, identifies misconfigurations, and detects vulnerabilities before attackers exploit them. However, always ensure you have explicit authorization before scanning any network to avoid legal consequences.
For further learning, check:
Expected Output:
[plaintext]
Starting Nmap 7.92 ( https://nmap.org )
Nmap scan report for target_IP
Host is up (0.045s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1
80/tcp open http Apache httpd 2.4.29
443/tcp open ssl/http Apache httpd 2.4.29
3306/tcp open mysql MySQL 5.7.32
8080/tcp open http-proxy Squid http proxy 4.10
[/plaintext]
Master Nmap, and you’ll have a critical tool in your cybersecurity arsenal. 🚀
Expected Output:
A detailed Nmap scan report showing open ports, services, and versions.
References:
Reported By: Amaechi Ofili1 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
