Ethical Hacking Tutorials

Nmap: an essential tool for hacking ✅

One of the most useful tools in a hacker’s arsenal, Nmap is a powerful network reconnaissance scanner.

Read this bit first

👉 I strongly condemn any illegal use of this material as is outlined in my legal disclaimer. There are plenty of responsible applications for this content, and it is here to inform ethical hackers, penetration testers, and anyone who is intrigued as to how systems are compromised. Remember the golden rule and THINK before you type. 👈

Navigating the vast landscape of cybersecurity tools can be overwhelming, especially for those new to the field. Today, let’s shed light on one indispensable tool that stands out in the realm of network reconnaissance – Nmap. In this beginner’s guide, we’ll unravel the basics of Nmap, its functionalities, and how it can empower you in understanding and securing your network.

What is Nmap?

Nmap, short for Network Mapper, is an open-source tool designed for network exploration and security auditing. It excels in discovering hosts, services, and vulnerabilities within a computer network, making it an essential asset for cybersecurity professionals, administrators, and enthusiasts.

What can I achieve with Nmap?

Nmap’s core utility lies in it’s ability to uncover all services and hosts running on a target. It employs various methods, including ICMP (ping) requests, TCP and UDP probing, and ARP requests, to do so. In other words, Nmap scans thousands of ports and if it receives a response, it will notify you of this in the results it produces. Once you identify what hosts are running on your target, you can perform further probing and eventually uncover vulnerabilities ready to be exploited. 

Like with any hacking tool, it’s not the tool that counts; it’s the professional sitting behind the terminal and how they interpret and act on the information they receive. 

How to install Nmap

Whilst most penetration testing distributions such as Kali Linux or Parrot OS will ship with Nmap included, other Linux users running the likes of Mint or Ubuntu will have to install it through the command line. To do so, update your package manager and then install the latest version of Nmap. Using && allows you to run two commands from the terminal sequentially.

				
					sudo apt update && sudo apt install nmap
				
			

You can download and install Nmap for Windows by clicking on this link.

Due to it’s popularity, Nmap can be used through a GUI (Graphical User Interface). Enter Zenmap: a beginner friendly version of Nmap featuring a simple GUI. This requires a separate article, however. 

Running your first Nmap scan

Getting started with Nmap is simple. As with any ethical hacking campaign, the first step is to complete thorough reconnaissance on your target. In doing so, you can acquire essential information such as their IP addresses, along with useful information such as their security posture. The former is a necessity when using Nmap, and the latter can help you create more advanced scans tailored to bypass your target’s defenses. More on that later.

Let’s run our first scan. To start, type nmap followed by your target’s IP address as seen below.

				
					nmap (TARGET'S IP ADDRESS)
				
			

You may find utility in scanning a range of IP addresses; something Nmap is happy to accommodate.  To do so, you could enter a command such as the one listed below:

				
					nmap 192.168.1.1-254
				
			

For the uninitiated, the above IP address ships as a standard IP address for many home routers. I will prepare a more detailed guide to Nmap in the coming month or two offering much more information on target specification using Nmap – subscribe to my cybersecurity newsletter to be notified. This will include how to scan multiple IP addresses, domains, and how to scan from a file.

Some useful Nmap commands

Now that we have covered how to complete a foundational Nmap scan, we can proceed to creating more tailored, advanced scans. I will list some useful and frequently used commands below in no particular order.

Host Discovery With Nmap

Nmap excels in the crucial task of host discovery, revealing the active and responsive devices within a network. By employing a range of probing techniques, including ICMP (ping) requests, TCP, UDP, and ARP requests, Nmap systematically explores the network landscape. This process enables you to gain a comprehensive understanding of the scope and dynamics of your target’s  infrastructure. Whether you are managing a corporate network or ensuring the security of your home setup, Nmap’s host discovery feature lays the groundwork for subsequent in-depth analyses and security measures.

				
					nmap -sn 192.168.1.1
				
			

Port Scanning With Nmap

Once active hosts are identified, the next step involves delving into the intricate details of the services they offer. Nmap’s port scanning capabilities come to the forefront, allowing you to discover open ports on a target system. This information is invaluable for understanding the potential entry points into a device and comprehending the services that are actively running. By systematically scanning thousands of ports, Nmap provides a roadmap to the services available on a host, empowering network administrators and cybersecurity professionals to make informed decisions about network security and optimisation.

				
					nmap nmap -p 1-100 192.168.1.1
				
			

Service Version Discovery With Nmap (Very Useful)

Taking the exploration a step further, Nmap goes beyond identifying open ports by providing insights into the specific versions of services running on those ports. Service version detection is a powerful feature that enables you to gain a nuanced understanding of the software and protocols in use. This information is essential for security audits, as different versions of services may have varying vulnerabilities. Nmap’s ability to discern service versions enhances your capability to tailor security measures and ensures a proactive approach to safeguarding against potential threats. The precision offered by service version detection contributes significantly to the thorough analysis of a target system’s security posture.

				
					nmap -sV 192.168.1.1
				
			

Wrapping it all up...

The purpose of this post was to introduce Nmap as a concept; this is by no means a complete guide. However I will produce a complete and comprehensive Nmap guide in due course.

As you navigate the intricate world of cybersecurity, mastering tools like Nmap provides a solid foundation. This beginner’s guide serves as a stepping stone, allowing you to initiate basic scans and explore the capabilities of Nmap. Remember, responsible and ethical use of Nmap is crucial – always ensure you have proper authorisation before scanning any network. Failure to abide by this warning is illegal and can result in savage prison sentences.

In our future posts, we’ll delve deeper into Nmap’s advanced features and real-world applications. Stay tuned for more insights into the powerful arsenal of cybersecurity tools at your disposal.

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe 😇

More Hacking Guides

Hacking Computers With Powershell Empire 💀🔓

How I learned Hacking, and my tips for fast-tracking the learning journey 💻

This is how I hack WiFi networks 🥷

How I hack websites using Burpsuite💻

Nmap: an essential tool for hacking ✅

Hacking websites with WPScan 🧐

Fifteen Steps to maximising firefox privacy 🔒✅

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity. 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me 😇

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties 😇

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.