Skip to content
Tools

Nmap

Nmap (Network Mapper) is a free, open-source network scanning and security auditing tool. It is used to discover hosts, services, open ports, and identify operating systems on computer networks.

What is Nmap?

Nmap Definition

Nmap (Network Mapper) is a free, open-source command-line tool for network exploration and security auditing. It is one of the most popular and widely used tools by network administrators, security professionals, and penetration testers worldwide.

How Does Nmap Work?

Nmap sends specially crafted packets to target hosts and analyzes the responses:

  • Host discovery - identifying active devices on the network
  • Port scanning - checking for open, closed, and filtered ports
  • Service detection - identifying applications listening on ports
  • OS fingerprinting - recognizing the host’s operating system
  • Version detection - determining running service versions

Key Nmap Features

Scanning Techniques

  • TCP SYN Scan (-sS) - fast, stealthy “half-open” scanning
  • TCP Connect Scan (-sT) - full TCP connection
  • UDP Scan (-sU) - UDP port scanning
  • ACK Scan (-sA) - firewall detection
  • Idle Scan (-sI) - scanning through zombie host

Host Discovery

  • ICMP, TCP, UDP ping
  • ARP discovery in local networks
  • Reverse DNS lookup

NSE Scripts

Nmap Scripting Engine (NSE) enables:

  • Automatic vulnerability detection
  • Service enumeration
  • Login brute-forcing
  • Backdoor detection
  • Domain information gathering

Typical Nmap Usage

# Basic scanning
nmap 192.168.1.1

# Scanning entire subnet
nmap 192.168.1.0/24

# Scanning specific ports
nmap -p 80,443,22 target.com

# Operating system detection
nmap -O target.com

# Service version detection
nmap -sV target.com

# Aggressive scanning (OS, versions, scripts, traceroute)
nmap -A target.com

# Fast scanning of most common ports
nmap -F target.com

# Using NSE scripts
nmap --script vuln target.com

Nmap Applications

Security Auditing

  • Identifying unauthorized services
  • Detecting weak configurations
  • Attack surface mapping

Penetration Testing

  • Active reconnaissance
  • Network enumeration
  • Attack vector identification

Network Administration

  • Host and service inventory
  • Network change monitoring
  • Firewall rule verification

Compliance

  • PCI-DSS audits
  • Security policy verification
  • Infrastructure documentation

Zenmap - GUI for Nmap

Zenmap is a graphical interface for Nmap, offering:

  • Network topology visualization
  • Scanning profiles
  • Scan result comparison
  • Easier target management

Network scanning is legal only when:

  • You scan your own infrastructure
  • You have written owner consent
  • You act within authorized security testing

Unauthorized scanning may be considered a computer crime.

Nmap Alternatives

  • Masscan - very fast scanning of large IP ranges
  • Zmap - internet-wide scanning
  • Angry IP Scanner - simple scanner with GUI
  • Netcat - basic port scanning

Nmap in Security Context

Nmap is an essential tool for:

  • Red Team - reconnaissance and target identification
  • Blue Team - detecting unauthorized services
  • SOC - alert verification and incident analysis
  • Pentesters - first phase of penetration testing

Nmap knowledge is a fundamental competency for every IT security professional.

Tags:

nmap network scanning penetration testing security audit ports

Want to Reduce IT Risk and Costs?

Book a free consultation - we respond within 24h

Response in 24h Free quote No obligations
Book a Call +48 22 487 86 36

Or download free guide:

Download NIS2 Checklist