Beginners Guide for Nmap.

NMAP is also known as Network-Mapper which is used for network discovery and security auditing.

Nmap can also detect :

  • Running Operating Systems
  • Open Ports (UDP/TCP)
  • Identify Number of Devices in Networks
  • Versions of Software Running on the target
  • Scripts for Network Discovery and Vulnerability detection
  • Scan targets which have ICMP (ping) disabled (generally windows dont respond to pings).
  • IPv6 networks

Please Note : Do NOT run nmap against anything you do not have permission to. You can get into serious trouble.

Basic Usage

The most common flags for scanning are-

-sn : Disable Port scan.
-Pn : Disable Ping scan. (Treat all hosts as online -- skip host discovery)
-sU : UDP Scans
-sS : Syn Scan
-O : OS detection
-oG : Save the output in Grepable output
-oN : Save the output in Normal output
-6 : Enable IPv6 scanning
-T<0-5> : Make the scan faster.
-sC : Equivalent to --script=default
-sV : Version detection
-v : Increase verbosity level
-n : Never do DNS resolution
-R : Do DNS resolution (NMAP resolves DNS sometimes)
-A : Aggressive mode (Enable OS detection, version detection, script scanning, and traceroute)
-p : Specify particular port/s to scan nmap -p 21 or nmap -p min-max - Specify range of ports to scan nmap -p 100-200
-p-
: Scan all ports. (By default nmap scans first common 1000 ports for each protocol)
--script vuln : Very useful. Activates all of the scripts in the vuln category (Very helpful command. Really helped me during my eJPT)

Practical Usage

Basic nmap command nmap IP

Let’s try a simple -p to scan a particular port.

Let’s scan the version of the port using the -sV (I have added the -T4 flag to make the scan faster).

Let’s do an OS detection scan -O (It requires root permission)

Let’s do an aggressive scan using the -A switch

Importance of Service Detection

The service detection is very useful. It can tell you the version of software running on the system. With this info we can search google for that specific version and find a vulnerability.

MiniServ 1.890 seems like an outdated version. We can search for a exploit using metasploit

After booting metasploit with msfconsole we can search for webmin 1.890 We can see that there is an exploit available. We can type use 0 (as the index number for the exploit is 0) or use exploit/linux/http/webmin_backdoor ( as it is the full path for the exploit)

Then set these options required

I just demonstrated how we can use Nmap’s version detection to gain root (highest authority) on the target system. Hope you had fun

Personal Experience

I like to use RustScan a tool for scanning open ports, then going back to nmap and scanning those specific ports together instead of scanning all. It can save a lot of time as nmap takes a lot of time to scan all the 65535 ports.

I would recommend to use RustScan only during THM boxes.

You can also use nmap inside rustscan using the -- feature

example: rustscan -a IP -- -sV

This command will scan all ports on the target IP and then do a service detection (-sV)on them using nmap

Thanks for reading my blog. If you think some change or anything is required please message me on discord : UкауLэvфl#5330

--

--

--

Hi, I’m Aksheet. Interested in Cyber Security and Aviation. eJPT certified

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to join Infinite Launch Private Sale

November|Dante Network Fortnightly Report 11.16–11.30

MOST POPULAR PENETRATION TESTING TOOLS IN KALI UNIX

ICPSwap — Dex floor on ICP takes a step further in Defi When building ICPswap on the ICP ecosystem…

Wisconsin towards a European Privacy Model

Stopping (https) phishing

Key Takeaways from Verizon’s 2020 Data Breach Investigations Report

TEESLION CUSTOMER CARE HELPLINE NUMBER*6299325726//6299325726*HELP REFUND KE LIYE CALL KAREIN THANK…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aksheet V

Aksheet V

Hi, I’m Aksheet. Interested in Cyber Security and Aviation. eJPT certified

More from Medium

TryHackMe | Beginner | Advent of Cyber 3 (2021) | Blue Teaming | Powershell | Day-23— PowershELlF…

THM Linux Fundamentals PT 2

Top 9 Cyber Attacks In History

HackerU Cyber Security Red Team Specialist Course Review.