- 48
- 2
1. Download Nmap from the official website (nmap.org) and install it on your machine or within your hacking virtual machine. Windows users can also use the Zenmap GUI version.
2. Open a terminal or command prompt. On Windows, open Command Prompt as an administrator. On Linux or Mac, open Terminal.
3. Perform your first scan by typing “nmap 192.168.1.1” replacing the IP with your target. This basic scan covers the most common 1,000 ports on that single IP address.
4. Scan a range of IP addresses. For example, use “nmap 192.168.1.1-100” to scan 100 IPs or “nmap 192.168.1.0/24” to scan an entire subnet. You can also use “nmap 192.168.1.1,2,3” to scan specific IPs.
5. Identify live hosts on a network by using “nmap -sn 192.168.1.0/24”. This ping scan sends ICMP requests to every IP address and displays which ones respond, providing a quick way to find active devices.
6. Scan for specific ports by using “nmap -p 80,443,22 192.168.1.1”. This targets only ports 80, 443, and 22. Alternatively, use “nmap -p 1-1000” for a custom range or “nmap -p-“ to scan all 65,535 ports.
7. Detect operating systems by enabling OS detection with “nmap -O 192.168.1.1”. Nmap uses TCP stack fingerprinting to guess the target’s operating system. This requires root or admin privileges.
8. Identify service versions by using “nmap -sV 192.168.1.1”. This probes open ports and reveals the software running on them, displaying version numbers like Apache 2.4.41 or OpenSSH 7.9.
9. To bypass firewalls, use different scan types. The SYN stealth scan requires root access and is denoted by “-sS”. The TCP connect scan doesn’t need root and is denoted by “-sT”. The UDP scan is denoted by “-sU” and is slower but can find open UDP services.
10. Save scan results to a file. Use “-oN output.txt” for normal output, “-oX output.xml” for XML format, or “-oG output.gnmap” for grepable output. Saved scans can be analysed later or shared.
11. Combine multiple options. For example, “nmap -sV -O -p 80,443,8080 -oN scan.txt 192.168.1.1” runs version detection OS detection scans three ports and saves the output.
12. Use Nmap scripts for advanced discovery. The “—script vuln” option checks for known vulnerabilities, “—script default” runs the default script set, and “—script brute” brute forces login pages. These scripts add powerful functionality.
2. Open a terminal or command prompt. On Windows, open Command Prompt as an administrator. On Linux or Mac, open Terminal.
3. Perform your first scan by typing “nmap 192.168.1.1” replacing the IP with your target. This basic scan covers the most common 1,000 ports on that single IP address.
4. Scan a range of IP addresses. For example, use “nmap 192.168.1.1-100” to scan 100 IPs or “nmap 192.168.1.0/24” to scan an entire subnet. You can also use “nmap 192.168.1.1,2,3” to scan specific IPs.
5. Identify live hosts on a network by using “nmap -sn 192.168.1.0/24”. This ping scan sends ICMP requests to every IP address and displays which ones respond, providing a quick way to find active devices.
6. Scan for specific ports by using “nmap -p 80,443,22 192.168.1.1”. This targets only ports 80, 443, and 22. Alternatively, use “nmap -p 1-1000” for a custom range or “nmap -p-“ to scan all 65,535 ports.
7. Detect operating systems by enabling OS detection with “nmap -O 192.168.1.1”. Nmap uses TCP stack fingerprinting to guess the target’s operating system. This requires root or admin privileges.
8. Identify service versions by using “nmap -sV 192.168.1.1”. This probes open ports and reveals the software running on them, displaying version numbers like Apache 2.4.41 or OpenSSH 7.9.
9. To bypass firewalls, use different scan types. The SYN stealth scan requires root access and is denoted by “-sS”. The TCP connect scan doesn’t need root and is denoted by “-sT”. The UDP scan is denoted by “-sU” and is slower but can find open UDP services.
10. Save scan results to a file. Use “-oN output.txt” for normal output, “-oX output.xml” for XML format, or “-oG output.gnmap” for grepable output. Saved scans can be analysed later or shared.
11. Combine multiple options. For example, “nmap -sV -O -p 80,443,8080 -oN scan.txt 192.168.1.1” runs version detection OS detection scans three ports and saves the output.
12. Use Nmap scripts for advanced discovery. The “—script vuln” option checks for known vulnerabilities, “—script default” runs the default script set, and “—script brute” brute forces login pages. These scripts add powerful functionality.