Nmap Basic commands — 1
Introduction
Nmap is a free and open-source network scanner created by Gordon Lyon. It was written in C++ and first introduced, with source code, in Phrack Magazine in September 1997. The work of Nmap is to be used to discover the host and the services of a computer, Nmap reads and interprets the response that comes back and uses the information to create a map of the network. The map that is created includes detailed information on which port is doing and who is using it, how the hosts are connecting, what is and is not making it through the firewall, and listing any security issues that come up. Using Nmap, you can check a single host or a complete network.
In this article, we will see the Nmap software program and multiple commands. Nmap is an open-source tool used by network administrators to scan ports and map networks. In this tutorial, we will cover several basic as well as advanced Nmap commands.
But why you should learn about it?
So, if you are planning to launch your career in hacking, this revolutionary tool can be super useful to you. And even if your aim is just to expand your cyber security and network knowledge, knowing the basics of Nmap can be a good idea.
“Fixing a hole is far more effective than trying to hide it. That approach is also less stressful than constantly worrying that attackers may find the vulnerabilities.” But, now the question arises how you can scan your network using Nmap?
To scan your network using Nmap, you have to first install it on your computer. Visit nmap.org and download Nmap for your operating system. And then you can use the appropriate Nmap command to perform the required task.
However, if you are using Kali Linux, Parrot OS, or Ubuntu it comes pre-installed.
Important Commands of Nmap
1. NMAP PORT SCAN COMMAND
If you wish to scan a port or even an entire port range on remote or local servers, you will have to execute the Nmap port scan command. Here is what the Nmap port scan command will be:
Nmap -p 1–65535 localhost
Now, in this example, you scanned 65535 ports on the local host computer. You can change the values according to your need, and the number of ports getting scanned will also change completely. Nmap command to scan all ports can also help execute the process better and in an easy way.
2. NMAP SCAN AGAINST HOST AND IP ADDRESS
While this is included in the Nmap basic commands, the scan against the host or IP address can come in handy. The command that can help in executing this process is:
nmap 1.1.1.1
The above example is for the host’s IP address, but you will just have to replace the address with the name when you wish to scan the hostname.
For Example
nmap cloudflare.com
3. PING SCAN USING NMAP
The Nmap command list is vast and extensive. Several examples can be listed, but if you wish to ping scan using Nmap, here is what you need to do:
nmap -sp 192.168.5.0/24
This is probably one of the most used and popular Nmap commands to help host detection on any network.
4. MULTIPLE IP ADDRESS SCAN
The list of Nmap commands also includes the IP address scanner. If you wish to scan one IP address, follow the code given in point number 2, but if you have multiple IP addresses to scan, you need to follow the steps listed below.
nmap 1.1.1.1 8.8.8.8
This syntax will help in scanning multiple addresses. You do have other syntaxes for consecutive IP addresses.
5 6. POPULAR PORTS SCANNING
There is a syntax for everything in Nmap, but you will have to use the one given below for popular ports scanning.
nmap –top-ports 20 192.168.1.106
Using top ports with specific numbers can help the user scan the top ‘X’ number of the common ports in the given example. You can replace the number 20 from the above syntax, and here are the outputs that can be expected.
[root@securitytrails:~]nmap –top-ports 20 localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2018–10–01 10:02 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000016s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
21/tcp closed ftp
22/tcp closed ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed domain
80/tcp filtered http
110/tcp closed pop3
111/tcp closed rpcbind
135/tcp closed msrpc
139/tcp closed netbios-ssn
143/tcp closed imap
443/tcp filtered https
445/tcp closed microsoft-ds
993/tcp closed imaps
995/tcp closed pop3s
1723/tcp closed pptp
3306/tcp closed mysql
3389/tcp closed ms-wbt-server
5900/tcp closed vnc
8080/tcp closed http-proxy
5. SCANNING IP ADDRESSES AND SCAN HOST FROM A TEXT FILE
Nmap is proficient in the scanning process; one can use a few of its syntaxes to read text files. The only thing that you need to keep in mind is that it contains IPs and hosts inside. To use this Nmap command, you need first to create a list.txt file and ensure that the file contains this syntax:
192.168.1.106
cloudflare.com
microsoft.com
securitytrails.com
The iL parameter in the syntax will help you read the file and scan the host simultaneously. The syntax is:
6.SCANNING IP RANGE
A Nmap scan command helps in scanning the entire IP range. This syntax will help in knowing the entire CIDR range of IP addresses. Example:
nmap -p 8.8.8.0/28
Like the other syntaxes, even in IP range scanning, you will have to select the random ranges. Several syntaxes can help scan alternate IPs in the range, and some others can scan consecutive IPs.5. SCANNING IP RANGE
A Nmap scan command helps in scanning the entire IP range. This syntax will help in knowing the entire CIDR range of IP addresses. Example:
nmap -p 8.8.8.0/28
Like the other syntaxes, even in IP range scanning, you will have to select the random ranges. Several syntaxes can help scan alternate IPs in the range, and some others can scan consecutive IPs.
Note- With the right Nmap commands, you can quickly find out information about ports, routes, and firewalls.
Nmap has several settings and flags for a system administrator to explore. In addition to being able to run in a cloaked mode, initiate decoys, and aggressively and quickly scan for potential vulnerabilities
Thank you for your visit — Anany Sharma
