Nmap (Network Mapper) is one of the most widely used tools for scanning and mapping networks. Nmap can identify active hosts, open ports, running services and software versions, making it a tool that's as simple as it is indispensable for anyone working in information security.

Installing Nmap on Linux

On Debian/Ubuntu-based distributions:

sudo apt update
sudo apt install nmap

On Fedora/CentOS-based distributions:

sudo dnf install nmap
# or on older versions
sudo yum install nmap

After installation, you can check the version with:

nmap --version

Basic scan

The simplest command to get started is:

nmap <ip_address>

For example:

nmap 192.168.1.1

This command detects the most common open ports on the target host.

Scanning specific ports

To limit the scan to specific ports:

nmap -p 22,80,443 192.168.1.1
  • -p specifies the ports to scan
  • You can use ranges, for example -p 1-1024 for the first 1024 ports

Advanced scanning and service identification

Nmap can also detect running services and software versions:

nmap -sV 192.168.1.1
  • -sV attempts to identify the service and version on open ports

For a more aggressive scan that also includes OS detection:

sudo nmap -A 192.168.1.1
  • -A enables: OS detection, version detection, script scanning and traceroute

Using Nmap scripts (NSE)

Nmap has a scripting engine (Nmap Scripting Engine - NSE) for advanced security tests:

nmap --script vuln 192.168.1.1
  • --script vuln runs scripts to find known vulnerabilities
  • You can also run specific scripts, for example:
nmap --script http-enum 192.168.1.1

Saving results

For later analysis, it's useful to save the output:

nmap -oN results.txt 192.168.1.1
  • -oN saves in human-readable format (normal)
  • Other available formats: -oX for XML, -oG for grepable

Best practices

  • Use Nmap only on networks you own or are authorized to test. Unauthorized use can be illegal.
  • Combine Nmap with other security tools to get a complete picture of the network.
  • Regularly update Nmap and its scripts to detect new vulnerabilities.

Useful resources

With Nmap, security professionals can quickly identify vulnerabilities and better understand network topology, essential for protecting systems and sensitive data.