English 
Français 
العربية 
Nmap, short for Network Mapper, is a powerful open-source tool designed for network exploration and security auditing. Originally created to quickly scan large networks, Nmap is equally effective when used against individual hosts. It leverages raw IP packets in innovative ways to gather information about network hosts, including available services, operating systems, and security measures such as firewalls or packet filters. Nmap is invaluable for system administrators and network security professionals for tasks like network inventory, service monitoring, and vulnerability assessment.
Features of Nmap:
Host Discovery:
- Ping Scanning: Nmap can identify which hosts on a network are up by sending ICMP echo requests, TCP ACK packets, or other probe packets to elicit responses.
- ARP Scanning: On local networks, Nmap can perform ARP scans to quickly identify active devices, bypassing firewalls that may block typical ICMP requests.
Port Scanning:
- TCP Connect Scan (-sT): This scan attempts to complete the three-way handshake with each port, identifying which ports are open.
- SYN Scan (-sS): Often referred to as a "half-open" scan, this method only sends SYN packets, making it stealthier than a full TCP connect scan.
- UDP Scan (-sU): Nmap sends UDP packets to each port to determine whether they are open, closed, or filtered.
- FIN, Xmas, and NULL Scans: These scans attempt to evade firewalls by sending unusual packet flags (e.g., FIN, URG, and PSH in an Xmas scan) to probe port states.
- ACK Scan (-sA): Used to determine whether a firewall is stateful by sending ACK packets and analyzing responses.
- Window Scan (-sW): A variation of the ACK scan that checks TCP window size to infer port state.
- Maimon Scan: Similar to FIN, Xmas, and NULL scans but uses a FIN/ACK flag combination.
Service Version Detection:
- Service Fingerprinting: Nmap can connect to open ports and attempt to identify the application and version running on each, allowing for more detailed vulnerability analysis.
- Banner Grabbing: By analyzing the banners returned by services, Nmap can provide additional details about the software running on a target.
OS Detection:
- TCP/IP Stack Fingerprinting: Nmap can determine the operating system of a host by analyzing subtle differences in the responses to its probes, providing insights into the target's security posture.
Network Mapping:
- Traceroute (-tr): Nmap can trace the path packets take to reach a target, helping map network topology and identify intermediate devices like routers and firewalls.
- Network Inventory: Administrators can use Nmap to create detailed maps of their networks, identifying devices and services across large environments.
Security Auditing:
- Vulnerability Scanning: While not a full-fledged vulnerability scanner, Nmap can be used to identify common vulnerabilities by detecting outdated or misconfigured services.
- Firewall Evasion and Spoofing: Nmap offers numerous options to evade detection and bypass firewalls, including IP fragmentation, decoy scans, and source address spoofing.
- Timing and Performance Options: Nmap allows users to adjust the speed and aggressiveness of scans, balancing thoroughness with stealth and network impact.
Scriptable Interaction:
- Nmap Scripting Engine (NSE): A powerful feature that allows users to write custom scripts to automate tasks, from advanced vulnerability detection to network inventory collection. Hundreds of pre-written scripts are available for common tasks.
- Lua Scripting Language: NSE scripts are written in Lua, a lightweight scripting language that is easy to learn and versatile.
Output Formats:
- Interactive Output: Nmap displays results in real-time on the console, allowing users to monitor the progress of scans.
- Machine-Readable Formats: Nmap supports output in formats such as XML, Nmap's native format, and grepable output, enabling easy integration with other tools and automation scripts.
- Post-Scan Data Analysis: Tools like Zenmap (Nmap's GUI) can be used to visualize and analyze Nmap's output, making it easier to identify patterns and anomalies.
Advanced Features:
- IP Protocol Scanning (-sO): Nmap can enumerate the IP protocols supported by a target, such as TCP, UDP, ICMP, and others.
- IPv6 Scanning: Nmap fully supports IPv6, allowing for discovery and scanning of hosts using the latest Internet Protocol.
- MAC Address Detection: Nmap can identify the MAC addresses of devices on the network, which can be used to infer device manufacturers and sometimes device types.
Additional Information Gathering:
- Reverse DNS Resolution: Nmap can resolve IP addresses to domain names, providing additional context about each target.
- Device Type Identification: By analyzing responses, Nmap can make educated guesses about the type of device (e.g., router, printer, desktop) it is scanning.
- Grepable Output (-oG): Allows users to generate output in a format suitable for further parsing and processing with tools like grep.
Use Cases:
- Network Inventory: Nmap helps administrators create a comprehensive inventory of network devices and services, facilitating better management and planning.
- Vulnerability Assessment: Security professionals use Nmap to identify potential weaknesses in network security, such as open ports and outdated software.
- Firewall Testing: Nmap can test the effectiveness of firewalls and intrusion detection systems by simulating various attack vectors and probing firewall rules.
- Service Monitoring: Continuous or periodic Nmap scans can be used to monitor the uptime and availability of critical services, alerting administrators to potential issues.
Nmap’s versatility, extensibility, and efficiency have made it an indispensable tool in the arsenal of network and security professionals worldwide. Its ability to provide detailed insights into the structure and security of networks makes it essential for proactive security management.
Nmap - Changelog.