Nmap is free and is one of the most powerful network scanning tools available for both Windows and Linux platforms. Nmap can help both network administrators and cybersecurity professionals in many ways.
Nmap features include the following:
- Creating a network inventory
- Checking for live hosts
- Determining operating systems
- Determining running services and their version
- Identifying vulnerabilities on a host
- Detecting sniffers
- Determining whether a firewall is present on a network
We will go over, to begin with, the basics of Nmap and move gradually on to advanced scanning techniques. As penetration testers, we must ensure that we have an arsenal of tools that will help us to perform our jobs efficiently. However, as professionals, we must also ensure that we are very familiar with, and know how to use, each tool available to us.
So, we are going to start by performing a basic scan on a target:
- Let's begin by opening a new Terminal and using the following syntax: nmap <target IP or hostname>.
- We are going to scan a website that has given us legal permission to perform a scan. Let's use the nmap scanme.nmap.org command:
- Observing the output, Nmap was able to identify the open ports, determine whether the open ports are TCP or UDP, identify the application layer protocols, and find out the IP addresses (IPv4 and IPv6) of the target.
Identifying open ports on a target is like discovering an open door into the system, and identifying services can help us to narrow our scope in searching for, and exploiting, vulnerabilities.
Nmap isn't that difficult, right? Let's take a few more steps with Nmap in the upcoming sections.