Nmap, short for Network Mapper, is a free and open-source utility widely used for network discovery and security auditing. Renowned for its versatility and powerful scanning capabilities, Nmap enables administrators, security professionals, and hackers to identify what devices are running on their networks, discover open ports, detect security risks, and map out network topologies. With its ability to adapt scans to network conditions including latency and congestion, Nmap provides comprehensive data about networked systems and the services they expose to the network.
Nmap’s functionality extends beyond mere scanning; it includes features for host discovery, port scanning, version detection, and scriptable interaction with the target network via its scripting engine, NSE (Nmap Scripting Engine). This allows users to automate a wide range of networking tasks, from monitoring and inventory to more complex security checks.
Due to its powerful and flexible nature, Nmap is a staple tool in the cybersecurity field, used not only for defensive purposes but also for ethical hacking and penetration testing to identify vulnerabilities before they can be exploited maliciously. Its command-line interface, though daunting to some beginners, offers extensive options that cater to a wide range of scenarios, making it an essential tool for anyone involved in network administration or security.
What you find through NMAP is essential to understand if you want to get to fun stuff and use the likes of Metasploit successfully.
nmap -sC -sV 10.129.68.177 - nmap sC runs script sV for services - more intrusive
nmap -p- -sV 10.129.154.178 -nmap ports and services, can take around half an hour to run
nmap -p- --min-rate=1000 -sV {target_IP} - --min-rate : This is used to specify the minimum number of packets that Nmap should send per second; it speeds up the scan as the number goes higher
nmap -T4 -A -v description = An intense, comprehensive scan. The -A option enables OS detection (-O), version detection (-sV), script scanning (-sC)
-sC : Equivalent to --script=default
-A : Enable OS detection, version detection, script scanning, and traceroute
-Pn : Treat all hosts as online -- skip host discovery