Advanced Nmap — Zero to Advanced
Master Nmap from basic network scanning to advanced NSE scripting, evasion techniques, and practical penetration testing workflows.
- What is Nmap & Why Use It
- Installation & Quick Checks
- Basic TCP/UDP Scans
- Port Selection & Service Detection
- OS Detection & Versioning
- NSE Scripting Engine (NSE)
- Output Formats & Reporting
- Performance Tuning & Timing
- Stealth & Evasion Techniques (Ethical)
- Large-Scale Scanning Tips
- Practical Lab Workflows
- Next Steps & References
1. What is Nmap & Why Use It
Nmap (Network Mapper) is a free, open-source network scanning tool. It is widely used by cybersecurity professionals to discover hosts, identify open ports, detect services and versions, and even find vulnerabilities using NSE scripts. Understanding Nmap is essential for ethical hacking, network auditing, and penetration testing.
2. Installation & Quick Checks
Install on Linux using:
sudo apt update
sudo apt install nmap -y
nmap --version
Verify Nmap works by scanning your own machine:
nmap 127.0.0.1
3. Basic TCP/UDP Scans
TCP SYN scan (default and fast):
nmap -sS 192.168.1.10
UDP scan (slower, use with -p
):
nmap -sU -p 53 192.168.1.10
4. Port Selection & Service Detection
Scan specific ports:
nmap -p 22,80,443 192.168.1.10
Service version detection:
nmap -sV 192.168.1.10
5. OS Detection & Versioning
Nmap can guess operating systems and versions:
nmap -O 192.168.1.10
Combine with service detection for more accurate results:
nmap -A 192.168.1.10
6. NSE Scripting Engine (NSE)
The Nmap Scripting Engine automates discovery, vulnerability detection, brute force, and more. Scripts are stored in /usr/share/nmap/scripts
and categorized as auth
, vuln
, discovery
, brute
.
Example: Enumerate SSL ciphers:
nmap --script ssl-enum-ciphers -p 443 example.com
--script-help <scriptname>
to see usage and arguments.7. Output Formats & Reporting
Nmap supports multiple output formats:
-oN
Normal text-oX
XML-oG
Grepable-oA
All formats at once
nmap -sV -oA scan_results 192.168.1.10
Next Steps & References
For further learning, check: