Nmap Guide

Advanced Nmap Guide — Zero to Advanced | CyberAsh

Advanced Nmap — Zero to Advanced

Master Nmap from basic network scanning to advanced NSE scripting, evasion techniques, and practical penetration testing workflows.

Contents
  1. What is Nmap & Why Use It
  2. Installation & Quick Checks
  3. Basic TCP/UDP Scans
  4. Port Selection & Service Detection
  5. OS Detection & Versioning
  6. NSE Scripting Engine (NSE)
  7. Output Formats & Reporting
  8. Performance Tuning & Timing
  9. Stealth & Evasion Techniques (Ethical)
  10. Large-Scale Scanning Tips
  11. Practical Lab Workflows
  12. Next Steps & References

1. What is Nmap & Why Use It

Nmap (Network Mapper) is a free, open-source network scanning tool. It is widely used by cybersecurity professionals to discover hosts, identify open ports, detect services and versions, and even find vulnerabilities using NSE scripts. Understanding Nmap is essential for ethical hacking, network auditing, and penetration testing.

2. Installation & Quick Checks

Install on Linux using:

sudo apt update
sudo apt install nmap -y
nmap --version

Verify Nmap works by scanning your own machine:

nmap 127.0.0.1

3. Basic TCP/UDP Scans

TCP SYN scan (default and fast):

nmap -sS 192.168.1.10

UDP scan (slower, use with -p):

nmap -sU -p 53 192.168.1.10

4. Port Selection & Service Detection

Scan specific ports:

nmap -p 22,80,443 192.168.1.10

Service version detection:

nmap -sV 192.168.1.10

5. OS Detection & Versioning

Nmap can guess operating systems and versions:

nmap -O 192.168.1.10

Combine with service detection for more accurate results:

nmap -A 192.168.1.10

6. NSE Scripting Engine (NSE)

The Nmap Scripting Engine automates discovery, vulnerability detection, brute force, and more. Scripts are stored in /usr/share/nmap/scripts and categorized as auth, vuln, discovery, brute.

Example: Enumerate SSL ciphers:

nmap --script ssl-enum-ciphers -p 443 example.com
Tip: Use --script-help <scriptname> to see usage and arguments.

7. Output Formats & Reporting

Nmap supports multiple output formats:

  • -oN Normal text
  • -oX XML
  • -oG Grepable
  • -oA All formats at once
nmap -sV -oA scan_results 192.168.1.10

Next Steps & References

For further learning, check:

Post a Comment

Previous Post Next Post