How to use Nmap – A Short Guide

2018.08.25

Hey! So in this post I thought I would quickly go over nmap, which IMO is the swiss army knife of IT. It was the very first tool I ever learned, and is my default for several things. Below are just a couple of commands I find myself using a lot of the time.
Edit: I just made a video for those who prefer videos over blog posts. It’s linked below and also at the bottom of this post.

• How to Use Nmap video

Download
Go to https://nmap.org/download.html and download nmap according to your machine.

Once downloaded, you can just type man nmap and it will provide the long descriptive manual.

Common Commands

nmap -Pn -T3 --open -p[ports] -oG outputFile.txt

Edit the ports section as need and remove the brackets
(for more info on ports, check out my Basic Ports To Know post)

-oG allows for a outpul file

Nmap scan report for [hostname.com] (192.168.1.1)
Host is up (0.0039s latency).
Not shown: [998] closed ports
PORT STATE SERVICE
80/tcp open http
443/tcp open http

Additionally you can grep out specific lines (How to Grep and Awk) , which will grab all lines containing the word your looking for. This is really useful if you are scanning multiple ip’s (like your home network).

nmap -Pn -T3 --open -p[ports] -oG outputFile.txt | grep nmap

Nmap scan report for [hostname0.com] (192.168.1.1)
Nmap scan report for [hostname1.com] (192.168.1.2)
Nmap scan report for [hostname2.com] (192.168.1.3)

NSE Scripts (Underrated feature)
You can also add a script to your nmap scan

nmap -Pn --open -T3 -p [ports] --script=[script name] -oG outputFile.txt | grep nmap

Some examples of the scripts are:

• ssl-heartbleed
• ssl-poodle
• ssl- drown
• whois-domain
• dns-nsid
• snmp-netstat

The complete list of the scripts can be found:
https://nmap.org/nsedoc/

But thats it. Hopefully thats helpful. Simple enough, but very useful! So now you know how to quickly use nmap and can check it out to scope out your own network.

Take care, Byeee! :]


#techtools


< >