Request a Demo Contact Us
Bugcrowd Introduces Continuous Attack Surface Penetration Testing
Learn More

Nmap Vulnerability Scanner (“Network Mapper”)

The Nmap vulnerability scanner (also known as “Network Mapper”) is a popular, open-source tool for security auditing and related network discovery.

The Nmap vulnerability scanner (also known as “Network Mapper”) is a popular, open-source tool for security auditing and related network discovery. Authorized users can utilize Nmap to identify the devices running on their systems, hosts and the services that may be available. Nmap does a wonderful job of finding open ports and detecting and identifying security risks. Nmap can scale from monitoring one host to large networks that may include hundreds of thousands of devices and subnets.

Nmap has many features and capabilities but fundamentally it is a port-scan tool. Nmap sends packets to ports, monitors responses and then tags the ports as open, closed, or perhaps protected by a firewall. Port scanning is a method of ascertaining which ports on a network may be open and involved with sending or receiving data. Port scanning is also referred to as port discovery or enumeration. Port scanning is different from sniffing, which is the term to more generally monitor traffic on a network. Port scanning is used to determine vulnerabilities on a system that is unknown.

Nmap goes back almost 24 years. Nmap was originally written in C++ and first introduced complete with a full source listing. Nmap has been extended with C, Perl and Python and still benefits from community developers that have moved the code to Windows, macOS, a variety of Linux distributions and other operating systems.

Nmap functionality

Nmap packets go out and then return with IP addresses and other data. This allows an astute user to map the network, ascertain network key attributes, and develop an inventory of both hardware and software. Nmap uses a variety of different protocols to include TCP, UDP, SCTP, and ICMP. 

Nmap is particularly noteworthy for its depth and breadth of capability and power. Nmap provides other capabilities beyond basic port mapping to include:

  • Service discovery. Nmap identifies hosts and ascertains if they are acting as mail, web or name servers. Nmap can also determine the applications and versions of other software which they are using. 
  • Network mapping. Nmap host discovery can include servers, routers and switches, and how they’re physically connected. Host discovery is part of network reconnaissance. A threat actor or an ethical hacker would take a range of IP addresses on a target network and then use various techniques to identify the host at that IP address, if one exists. This technique is also called Ping scanning.
  • Operating system detection. Nmap can identify the operating system running on devices, including perhaps the vendor and software version. 
  • Security auditing and risk assessment. Once Nmap identifies the version and applications running on a specific host it can then further determine their open vulnerabilities. Network administrators can investigate against external alerts to determine if the vulnerable products and operating systems exist within their networks.

Nmap provides a comprehensive list of the targeted networks and servers you’ve scanned. Nmap scans can be very stealthy – it depends on the commands you use to set up the scan. Nmap includes a scripting engine using the Lua programming language to write, save and share scripts. Scripts, in turn, automate different sorts of scans. Lua is an efficient, lightweight, embeddable scripting language. Lua supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.

Ethical hacking’s tool of choice

Nmap is used by many ethical hackers and penetration testers as part of their reconnaissance of a chosen target. Nmap may also be used to support the activities of malicious hackers searching for vulnerabilities to exploit. Scanning should only be done pursuant to approval and authorization. Certain Nmap options, such as OS fingerprinting, will definitely require root privilege.

Nmap.org has it all

Here are the most relevant links from the Nmap website:

Download Nmap: https://nmap.org/download.html Nmap and Zenmap (the graphical front end) are available in several versions and formats. Recent source releases and binary packages are described below. Older versions (and sometimes newer test releases) are available from the dist directory (and really old ones are in dist-old). For the more advanced users, GPG detached signatures and SHA-1 hashes for each release are available in the sigs directory (verification instructions). Before downloading, be sure to read the relevant sections for your platform from the Nmap Install Guide. The most important changes (features, bug fixes, etc) in each Nmap version are described in the Changelog. Using Nmap is covered in the Reference Guide, and don’t forget to read the other available documentation, particularly the new book Nmap Network Scanning!

Installation Guide: https://nmap.org/book/install.html Nmap can often be installed or upgraded with a single command, so don’t let the length of this chapter scare you. Most readers will use the table of contents to skip directly to sections that concern them. This chapter describes how to install Nmap on many platforms, including both source code compilation and binary installation methods. Graphical and command-line versions of Nmap are described and contrasted. Nmap removal instructions are also provided in case you change your mind.

Reference Guide: https://nmap.org/book/man.html 

Get the Book:  https://nmap.org/book/ Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire.

Documentation: https://nmap.org/docs.html The Nmap project tries to defy the stereotype of some open source software being poorly documented by providing a comprehensive set of documentation for installing and using Nmap. This page links to official Insecure.Org documentation, and generous contributions from other parties.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.

Get started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.