NMAP, The Free and Open Source Tool

  • Post author:
  • Post category:General
NMAP, The Free and Open Source Tool


In an unsecured scenario, security tools are inevitable to safeguard your system. A plethora of security tools are available in the market for network administrators to make use of. These are paid tools, which are based on FOSS (Free and Open Source Software). Here, let’s have a look at Nmap.

Nmap stands for Network Mapper. The free and open source tool can be used for security scanning, network discovery and network exploration. By using Nmap, attackers can easily determine what ports are open on a system. Also it can be used in ethical hacking to find out loopholes and vulnerabilities in the system. It uses raw IP packets in different ways to carry out security scans and identify details like what type of hosts are available on a network, the services that are offered on the system, the operating system and the types of firewalls used in the system etc., apart from a wide variety of other characteristics.

It sends specially crafted packets to the target systems and analyses responses from these systems to gather the required information. Initially written by Gordon Lyon, it was started as a utility just for Linux. Now it has emerged as a cross platform utility available in Windows, Solaris and BSD variants. Nmap is not just limited to gathering information; it can be used as a vulnerability detector also.

Some of the key features of Nmap:

* It identifies hosts on a network and lists the hosts that respond to TCP/ICMP requests.

* It finds out open ports on target hosts.

* It investigates network services on target systems and determines application name and version details.

* It finds out the operating system of target host.

Using scrips functionalities of Nmap can be extended to enable more advanced detection. It provides both command line and graphical (GUI) versions that can be chosen upon your preferences. Nmap package comes with a GUI called zenmap. Nmap is not economically targeted and it aims at providing administrators an advanced tool for their networks. The source code is available for free and the same can be used to make modifications.

The Nmap command comes with lots of options that can make the utility more robust. The Nmap output comprises of a list of scanned targets, with supplemental information on each depending on the options used.

Format of using Nmap is as follows:

nmap [Scan Type] [Option] [target specification]

The complete summary of Nmap options can be obtained by running the command without passing any arguments.

Basic usages of Nmap are discussed below:

Nmap Target Selection:

Scan a single IP: nmap x.x.x.x

Scan a host: nmap thehostname.com

Scan a range of Ips: nmap x.x.x.x-20

Scan a subnet: nmap x.x.x.x/24

Scan targets from a text file: nmap -iL iplist.txt\

Nmap Port Selection:

Scan a single Port: nmap -p 22 x.x.x.x

Scan a range of ports: nmap -p 1-100 x.x.x.x

Scan 100 most common ports: nmap -F x.x.x.x

Scan all ports: nmap -p- x.x.x.x

Service and OS Detection:

Detect OS and Services: nmap -A x.x.x.x

Standard service detection: nmap -sV x.x.x.x

Nmap has gained widespread popularity and have reached thousands of people. Its flexibility, power and ease of use have led to the popularity of the tool..!

This Post Has One Comment

  1. Ravindra Upadhyay

    How do the Oracle SID brute force with nmap getting fail

    C:\Program Files\Nmap>nmap –script=oracle-sid-brute
    Starting Nmap 7.12 ( https://nmap.org ) at 2017-09-07 10:29 India Standard Time
    Nmap scan report for
    Host is up (0.094s latency).
    Not shown: 920 filtered ports, 59 closed ports
    21/tcp open ftp
    22/tcp open ssh
    23/tcp open telnet
    25/tcp open smtp
    79/tcp open finger
    111/tcp open rpcbind
    513/tcp open login
    514/tcp open shell
    587/tcp open submission
    1521/tcp open oracle
    1556/tcp open veritas_pbx
    4045/tcp open lockd
    6112/tcp open dtspc
    7100/tcp open font-service
    13782/tcp open netbackup
    32773/tcp open sometimes-rpc9
    32774/tcp open sometimes-rpc11
    32777/tcp open sometimes-rpc17
    32778/tcp open sometimes-rpc19
    32779/tcp open sometimes-rpc21
    32784/tcp open unknown

    Nmap done: 1 IP address (1 host up) scanned in 19.91 seconds

Leave a Reply