Bug Bounty for Beginners - Reference Little Book
  • 📘Little Bug Bounty Book
  • ❓What is Bug Bounty
  • 🎯Bug Bounty Platforms
  • 🪜Phases of Bug Hunting
  • ⚠️Required Knowledge
  • 📣So, where do I start?
    • Network Security
    • Application Security
    • Mobile Security
    • Code Review and SAST
    • OWASP?
  • 🔎Reconnaissance Phase
    • Footprinting
      • OSINT
      • Google Dorks
      • Censys
      • Shodan
    • Subdomain Enumeration
      • Amass
      • Subfinder
      • Assetfinder
      • Aquatone
      • DNSrecon
      • DNSEnum
      • HTTPX
      • ReconFTW
    • Fingerprint
      • Nmap
      • Rustscan
      • Masscan
  • 🐞Scanning Phase
    • OpenVAS
    • Nuclei
    • OWASP Zap
    • NMAP
    • Looking for Parameters with Katana
    • Searching for XSS
    • SQL Injection (SQLi)
  • ♨️Testing Phase
    • Manual Validation
    • Severity Assessment in Vulnerability Testing
    • Exploitation Phase
    • Documentation of Findings
  • 📖Reporting Phase
Powered by GitBook
On this page
  • Introduction to Nmap
  • Installation
  • Basic Usage
  • Example Output
  • Additional Resources
  1. Scanning Phase

NMAP

Introduction to Nmap

Nmap, short for Network Mapper, is a free and open-source tool used for network exploration and security auditing. It allows users to discover hosts and services on a computer network, thus creating a "map" of the network. Nmap is widely used for network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Installation

Nmap is available for various operating systems, including Windows, Linux, and macOS. To install Nmap:

  • Windows: Download the installer from the official Nmap download page and follow the on-screen instructions.

  • Linux: Use your distribution's package manager. For example, on Debian-based systems:

    sudo apt-get install nmap

  • macOS: Use a package manager like Homebrew:

    brew install nmap

Basic Usage

Once installed, Nmap can be used to perform various network scanning tasks. Here are some basic examples:

1. Scanning a Single Host

To scan a single host and list open ports:

nmap 192.168.1.1

This command will display the open ports and the services running on them.

2. Scanning Multiple Hosts

To scan multiple hosts:

nmap 192.168.1.1 192.168.1.2 192.168.1.3

Or, to scan a range of IP addresses:

nmap 192.168.1.1-10

3. Scanning an Entire Subnet

To scan an entire subnet:

nmap 192.168.1.0/24

This will scan all 256 IP addresses in the subnet.

4. Service Version Detection

To detect the version of services running on open ports:

nmap -sV 192.168.1.1

This provides detailed information about the services detected.

5. Operating System Detection

To detect the operating system of a host:

nmap -O 192.168.1.1

This attempts to determine the operating system of the target host.

6. Combining Scans

You can combine different scan options. For example, to perform service version detection and operating system detection together:

nmap -sV -O 192.168.1.1

Example Output

Here is an example of Nmap output for a scan on a single host:

Starting Nmap 7.80 ( https://nmap.org ) at 2024-11-05 10:23 UTC
Nmap scan report for 192.168.1.1
Host is up (0.00097s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https

This output indicates that the host at 192.168.1.1 has ports 22, 80, and 443 open, corresponding to SSH, HTTP, and HTTPS services, respectively.

Additional Resources

For more detailed information and advanced usage, refer to the Nmap Reference Guide.

PreviousOWASP ZapNextLooking for Parameters with Katana

Last updated 4 months ago

🐞