Open in app

Sign in

Write

Sign in

Nmap Commands Explained | Nmap GUI

ATTOUCHI MOHAMED
6 min readFeb 14, 2024

--

Introduction

First we need to have an idea about Nmap.

Nmap, or Network Mapper, is a free and open-source tool that is used for network discovery and security auditing, NMAP is comletely for free, it’s able to scan networks, servers and applications.

Nmap can easily detect open services on a specific host whether it’s a switch , router, firewall, printer, server or an application.

It can be used by hackers or even we can use it in networks troubleshooting, it make life much easier and gives a visibility answering multiple questions when troubleshooting new networks that we’re not used to work on!

1. How can I use Nmap? What Are Nmap command ?

We can use NMAP in different ways and for different goals.

The first example is in ethical hacking:

Nmap is used in hacking and pentesting, hackers can detect the Operating system of a host for example, than they can search for its vulnerabilities on the internet and try to penetrate into a network using the details and elements provided by nmap.

The second example is troubleshooting networks.

Here are 20 commonly used nmap commands with explanations:

1.1 : Basic TCP Scan:

nmap <target>

This command performs a basic TCP scan on the specified target. It scans the most common 1000 TCP ports by default.

1.2 : Scan Specific Ports:

nmap -p <port(s)> <target>

This command scans only the specified port(s) on the target.

1.3 : Scan All TCP Ports:

nmap -p- <target>

This command scans all 65535 TCP ports on the target.

1.4 : Scan UDP Ports:

nmap -sU <target>

This command performs a UDP scan on the target.

1.5 : Scan Both TCP and UDP Ports:

nmap -sS -sU <target>

This command performs a TCP and UDP scan on the target.

1.6 : Service Version Detection:

nmap -sV <target>

This command attempts to determine the version of the services running on the target.

1.7 : OS Detection:

nmap -O <target>

This command attempts to determine the operating system running on the target.

1.8 : Scan multiple targets:

nmap <target1> <target2> <target3>

This command scans multiple targets in a single command.

1.9 : Scan a Range of IPs:

nmap <start-ip> -<end-ip>

This command scans a range of IP addresses.

1.10 : Verbose Output:

nmap -v <target>

This command produces verbose output, providing more detailed information during the scan.

1.11 : Agressive Scan:

nmap -A <target>

This command enables aggressive scanning options including OS detection, version detection, script scanning, and traceroute.

1.12 : Scan for Vulnerabilities:

nmap --script vuln <target>

This command runs Nmap scripts to check for known vulnerabilities on the target.

1.13 : Save Output to a File:

nmap -oN output.txt <target>

This command saves the scan results to a file named output.txt.

1.14 : Output in XML Format:

nmap -oX output.xml <target>

This command saves the scan results in XML format.

1.15 : Output in grepable Format:

nmap -oG output.grep <target>

This command saves the scan results in grepable format.

1.16 : Ping Scan:

nmap -sn <target>

This command performs a ping scan to determine which hosts are online.

1.17 : Reverse DNS Resolution:

nmap -R <target>

This command performs reverse DNS resolution on the IP addresses discovered during the scan.

1.18 : Aggressive Timing:

nmap -T4 <target>

This command sets the timing template to ‘Aggressive’ to speed up the scan.

1.19 : Scan IPv6 Addresses:

nmap -6 <target>

This command scans IPv6 addresses.

1.20 : Scan for Common Vulnerabilities and Exposures (CVE):

nmap --script vulners <target>

This command runs Nmap scripts to check for vulnerabilities using the Vulners database. (link to Vulners database : https://vulners.com/ in short it’s a Vulnerability Database and search engine)

I hope you enjoyed the list of NMAP COMMANDS that I have chosen for you.

That was my selection for the moment, there are other nmap commands that I will be covering in this article so keep reading till the end.

Important :

Always make sure you have an authorization before you start working with these commands and launching scans on the network especially if you are scanning hosts or networks that you don’t manage yourself.

2. Install NMAP on different Operating Systems:

The 20 commands that have mentionned before we can use them on different operating systems and in different ways.

The First thing that we need to do is to instal nmap on any operating system fiorst.

2.1 : Installing nmap on windows :

Link https://nmap.org/book/inst-windows.html

Jump directly to this section “Installing the Nmap zip binaries”

Screen shot from nmap.org

2.2 : Nmap download on linux :

Link : https://nmap.org/book/inst-linux.html

Through this link you will find the installation process for these linux distributions:

Screen shot from nmap.org

Red Hat, Mandrake, SUSE, Fedora, Debian Linux and Derivatives such as Ubuntu all in the same page.

Screen shot from nmap.org

2.3 : Nmap download on MacOs :

Link : https://nmap.org/book/inst-macosx.html

You will find all the requirements in order to install nmap on MacOs through this link. https://nmap.org/book/inst-macosx.html

Screen shot from nmap.org

After downloading nmap on your operating system now you need to start using it of course!

3. How to use Nmap from the command line interface CLI ?

It’s really easy even if you don’t memorize nmap commands. You can use the list of commands that I have showed you in the first section of this article 😎(1. How can I use Nmap? What Are Nmap command ?).

4. How to use Nmap from Graphical user Interface GUI — ZenMap

It’s easier than ever to start using nmap through it’s friendly graphical user interface that we can download for Linux, Windows, MacOs BSD and other platforms too, all for free! from the official website

Official website : https://nmap.org

On this Page you can see the tab “Zenmap GUI” here you have a small description of the multi-platform interface that was developed for free.

Screen shot from nmap.org/zenmap

ZeNmap download:

Here are the links to download ZenMap : https://nmap.org/download

Screentshot from nmap.org/download

5. Other free tools that look like Nmapand Zenmap

Here are some scanners that you can easily download on a windows or linux machine, they will start doing the work for you right away!

3 Best Network Scanners That I Found Useful and Have Tested Personally

  1. Angry IP Scanner

An amazing tool that works just fine and easily gives you the ability to extract your results into an excel file and filter as you want.

Angry IP Scanner could be installed on windows, Mac or Linux.

Download Link : https://angryip.org/download/#windows

2. Advanced IP Scanner download

This one has only a windows version

I use it all the time, sometimes the same network scan could be applied in three scanners because of a small detail that we find in a particular scanner’s result and not in the other network scanner.

Download Link : https://www.advanced-ip-scanner.com/fr/

3. Nmap download

I use it all the time too and it’s basically my first step in scanning hosts.

Download Link : https://nmap.org/download

Conclusion

Nmap commands will make it easier to analyse networks and troubleshoot them, nmap commands also will give you the ability to discover open and closed network ports and services in your infrastructure and nmap commands will be your tool to start pentesting you networks.

I hope this network reminder helps you in the future, network scanners makes life easier for network engineers that’s my opinion.

Maybe the next update of this article will include some cases of use of the tools differently and my approach to using them.

Don’t forget to keep a comment if you like what you read !

Start Learning with Codecademy Here : Link
Start Learning with Coursera Here : Link
Let’s Become Friends Connect : INSTAGRAM

Nmap
Nmap Command
Nmap Scan
Nmap Scripting Engine
Nmapautomator

--

--

ATTOUCHI MOHAMED

Written by ATTOUCHI MOHAMED

4 Followers

Never STOP Learning

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams