Nmap Network Scanner

Port Scanners/ Networking Pentesting

Watch our 5 minute concise overview of the uses of Nmap (for beginners!)


Recommended Nmap Courses Recommended Nmap Books Similar Tools To Nmap (Zenmap)

What is Nmap?
Nmap is an abbreviation for ‘Network Mapper’ – ‘Network’ in an IT sense of the word. You can consider Nmap as being one of the best-known, and in fact, one of the most useful hacking tools out there. Period. If you are serious about pentesting, ethical hacking and IT Security in general, then learning Nmap is essential.

Is Nmap Free?
You betcha! In fact, a lot of other tools out there, Metasploit for example, pulls in Nmap for network discovery and security auditing. Many system admins will use Nmap along with other such tools as Wireshark (and perhaps even ‘Network Miner’) for a wide variety of port and network scanning. If you’re completely new to port and network scanning then we’d suggest this article here.

What is Network Scanning?
This concept refers to, somewhat obviously, scanning the network! ‘Ports’ on a network can be considered as being the entry points to a machine, or computer (box) that is connected to the Internet. An application or service that listens on a port functions by receiving data (bytes) from a client application, processing that data and then sending it back. If a network is hacked into, or compromosed, then a malicious client can be programmed to exploit vulnerabilities in the server code with the purpose of being able to gain access to sensitive data or execute malicious code remotely. The communication and commands would be administered through the implementation of a Remote Access Tool (RAT).

What is Port Scanning?
Network scanning and port scanning are often used interchangeably. Port scanners (of which there are several, such as Angry IP Scanner, NetScanTools, Unicornscan and NetworkMiner) are used by system and network administrators to verify security profiles of networks to prevent hackers from being able to identify services running on a host that have exploitable vulnerabilities. Of course, if a network admin (or any other IT professional) performing a scan discovers a vulnerability then there priority is to patch the hole without delay. Port scanning is a task performed in the initial phase of a penetration test (‘pentest’) in order to establish all network entry points into the target system.

Why are there so many ‘Network and Port Scanning’ tools?
At first it might seem that there are a ton of ‘similar’ tools. However, most of them service a particular need, or said in a more technical way, the tools have an expertize with regards to certain protocol scanning, for example, some are better at TCP ports scanning rather than UDP ports scanning and vica versa.

How does Nmap Work?
Nmap tool works by inspecting raw IP packets in creative ways to understand what hosts (servers) are available on the network, what services (application name and version) those hosts are using, what operating systems (including Operating System versions and possible patches) and what type and version of packet filters/ firewalls are being used by the target. In summary you’ve got to learn Nmap and if want to work in Cyber Security as a practioner.

Does Nmap Work on all Operating Systems?
Yes, Nmap works on all major computer operating systems, and official binary packages are available for Linux, Windows, Mac OS X, IRIX, and AmigaOS. Of course, there’s a much easier way to install Nmap – just use Kali Linux or use BackBox since it ships with Nmap and you’ll be able to update the progam with ease. We have a lot of information on Linux Pentesting ‘Ethical Hacking’ Distributions here.

Brief word about ‘Zenmap’
Zenmap is the GUI version of Nmap. Here’s our advice: learn how to use Nmap, but when you’re out in the field performing a penetration test etc., then fire-up Zenmap. The awesome thing about Zenmap is that it pre-loads all the command lines in one go so you don’t have to start tapping ‘nmap’ into the command terminal to load the command help prompts.

What are Typical Uses for Nmap?
The fundamental use of Nmap is that it can recognize and list, in a verbose format, open ports on a target host in preparation for security auditing. Specifically however, here are a bunch of uses for Nmap, including:

  • Host discovery: being able to identify hosts on a network. For example, you’d be able to listen to how a server responds and reacts to TCP and/ or ICMP requests;
  • Port scanning: enumerating possible open ports on target hosts (servers);
  • OS detection: determining the hardware characteristics and operating system of network devices;
  • Version detection: interrogating network services on remote devices to determine application name and version number;
  • In-depth Information Gathering: Nmap can provide further information on targets which includes device types, reverse DNS names and MAC addresses;
  • Scriptable interaction: accomplished via the Nmap Scripting Engine (NSE) and Lua programming language;
  • Auditing: the security of a device or firewall by identifying the network connections which can be made to, or through it;
  • Network inventory: network mapping, maintenance and asset management;
  • Generating traffic: to hosts on a network to test the response time measurement and response analysis;
  • Exploit vulnerabilities: Find the holes and patch them!

Recommended Nmap Courses & Training
Like any learning, especially cyber security hacking/ pentesting training, the more ‘hands-on’ the course is, the more we recommend it. We’ve selected our preferred courses here.


Recommended Nmap Courses


Recommended Nmap Tutorials
In this section we outline our favorite Nmap tutorials. If you have a tutorial or video to add then please get in contact with us.


Here’s our recommended Nmap Video Tutorial.


Similar Tools To Nmap (Zenmap)



Recommended Books