In this article, we want to teach you How To Install and Use NMAP on Linux.
Introduction to NMAP
NMAP (Network Mapper) is a security scanning tool used by testers (penetration testers/ethical hackers). It is a command-line tool based on a Linux environment used to discover and audit networks, and scan and check vulnerabilities on IP addresses and ports for a given network.
With the NMAP tool:
- Network administrators can identify all devices that are running and accessing their systems.
- An administrator can identify all the hosts, and computers connected to their network, including the services that they offer.
- They can scan all the open ports, giving security a priority, that is, security threat detections.
- Also, they can scan or monitor a single host or thousands of devices connected.
How To Install and Use NMAP on Linux
To install and use NMAP on Linux. you need to log in to your server as a non-root user with sudo privileges.
Here you will learn to install NMAP on Debian / Ubuntu / Centos and RHEL.
The installation of NMAP is so easy. with a single command, you can install it on your server.
Install NMAP on Debian / Ubuntu
To install NMAP on Debian / Ubuntu Linux distribution run the following command:
sudo apt-get install nmap
You will be asked to confirm the installation by typing y.
After your installation is finished, you can verify that you have installed NMAP correctly by checking its version:
In your output you will see something similar to this:
Output Nmap version 7.80 ( https://nmap.org ) Platform: x86_64-pc-linux-gnu Compiled with: liblua-5.3.3 openssl-1.1.1d nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.9.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select
Install NMAP on Centos / RHEL
To install NMAP on Centos and RHEL based Linux distribution, you can use the following command:
sudo yum install nmap
Confirm the installation by typing y. Then verify that you have installed NMAP correctly by checking its version:
Your output should similar to this:
Output Nmap version 6.40 ( http://nmap.org ) Platform: x86_64-redhat-linux-gnu Compiled with: nmap-liblua-5.2.2 openssl-1.0.2k libpcre-8.32 libpcap-1.5.3 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select
After you finished the installation, let’s see how to use NMAP on Linux.
Use NMAP on Linux
When you have completed the installation process, Nmap commands are similar regardless of the Linux distribution.
Nmap provides a list of scanned targets along with supplemental information, based on the options and arguments used.
Note: Remember that port scanning to find open ports without permissions can be interpreted as malicious by third-party organizations.
Scan IP range or subnet
You can get general information about a remote system with the following command:
sudo nmap target_IP or domain.com
Also, you can use Nmap to scan a whole IP range by defining it in your command line instead of scanning individual IPs:
sudo nmap 192.168.1.5-200
You can scan the entire specified subnet with the following command:
sudo nmap 192.168.1.0/24
By default, Nmap scans the thousand most common ports for each protocol. It also offers options for specifying which ports are to be scanned.
The -p option allows you to specify port ranges:
sudo nmap –p 80,443 192.168.1.200
This command scans ports 80 and 443 for the defined host.
Port Scanning with Nmap
Nmap is a port scanner that recognizes six port states:
- open: actively accepting TCP connections, UDP datagrams, or SCTP associations.
- closed: accessible; however, no application is listening on the port.
- filtered: Nmap cannot determine whether the port is open due to packet filtering.
- unfiltered: the port is accessible; however, Nmap is unable to determine if it is open or closed.
- open|filtered: Nmap cannot determine if a port is open or filtered.
- closed|filtered: Nmap cannot establish if a port is closed or filtered.
TCP SYN scan
TCP SYN is a fast and simple scan. because this type of scan never completes TCP connections, it is often referred to as half-open scanning.
You can use the following command to run a TCP SYN scan:
sudo nmap -sS
Nmap has an option to define the speed and thoroughness of the scan.
scan speeds start at T0 and span to T5.
The –v option increases verbosity and forces Nmap to print more information about the scan in progress.
The -A option enables a comprehensive set of scan options:
- OS detection, you can use the -O option for this instead.
- version scanning, also available in the -sV option.
- script scanning, also available with the -sC option.
- traceroute, also available with the –traceroute option.
you can combine the options listed to detect the OS and version, script scanning, and traceroute. you can also use –A and –T4 for faster execution. Additionally, the –Pn option to tell the Nmap tool not to initiate a ping scan:
sudo nmap –A –T4 –v –Pn orcacore.com
For more details and more options you can use the following command:
Or you can access the NMAP page to get more information.
At this point, you learn How To Install and Use NMAP on Linux. Also, you know about the concepts and usage of Nmap along with its most commonly used commands to perform port scans.
Hope you enjoy this section of the Security Tutorials.