Nmap

• Nmap is one of the best tools for port scanning and reconnaissance that is out there. On this page, I'll detail some nmap commands and specifications to better highlight the uses and importance of this tool.

Basic Use and Commands

• Nmap can be used from the command line when installed, and for my examples I'm using nmap on Kali Linux. Below is a basic example of how to use Nmap to scan a host to see if it is up. You can see the output below when scanning for a host, we see if the host is up as well as some open ports.

• There are many use cases for nmap, some which I will now highlight below. If we want to scan multiple hosts or ports we do something below. The first example shows how to scan for one port or for many. When scanning for a range of hosts, the syntax is the same. Also, if we want to scan for specific ports not in a range, we can print the ports or hosts and separate them with a comma.

1. sudo nmap 10.0.17.145 -p 9999 or -p 1-9999

Different types of scans & commands

• An important part of nmap is the number of different scans we have access to. Below is a list of the commands for different scans and what they do.

1. -sV - This scan will provide more information about server versions and versions running on different ports and hosts.

2. -V - This will provide a very verbose scan, with version detection, script detection, and a lot of information on open hosts & ports.

3. -sN - This scan is a simpler scan, and is less verbose than most options. Use this to see which ports are open on a host and if it is online.

4. -F - This will scan the top 100 ports in the scan you are conducting.

5. -A - Turns on version detection in the scan against all active ports.