How to Install NMAP using apt

apt update

apt install nmap

How To Use NMAP to scan IPs

nmap nmap on an IP
nmap -sV -sC -p- nmap Service Enumeration and script scan on an IP
nc -nv 192.168.11 5754 Nmap -sV check banners of the scanned ports and prints them out. If it cannot identify versions try to use nc
nmap –script smb-os-discovery.nse -p445 nmap script on an IP
nmap --script <category> for example brute,malware. Specific Scripts Category
nmap -p 80 -Aaggressive option (-A) scans with multiple options
sC. sV, O, traceroute
more herettl time for os detection –packet-trace
nmap -p- -sV -sATCP ACK scan (-sA) method is much harder to filter for firewalls and IDS/IPS systems
nmap -sU -Pn -n --disable-arp-ping --packet-trace -p 137 --reasonDiscovering Open UDP Ports
nmap -p- -oA targetspecify the option (-oA) to save the results in all formats

xsltproc target.xml -o target.html
create HTML reports that are easy to read

NMAP Script Categories

authDetermination of authentication credentials.
broadcastScripts, which are used for host discovery by broadcasting and the discovered hosts, can be automatically added to the remaining scans.
bruteExecutes scripts that try to log in to the respective service by brute-forcing with credentials.
defaultDefault scripts executed by using the -sC option.
discoveryEvaluation of accessible services.
dosThese scripts are used to check services for denial of service vulnerabilities and are used less as it harms the services.
exploitThis category of scripts tries to exploit known vulnerabilities for the scanned port.
externalScripts that use external services for further processing.
fuzzerThis uses scripts to identify vulnerabilities and unexpected packet handling by sending different fields, which can take much time.
intrusiveIntrusive scripts that could negatively affect the target system.
malwareChecks if some malware infects the target system.
safeDefensive scripts that do not perform intrusive and destructive access.
versionExtension for service detection.
vulnIdentification of specific vulnerabilities.

Screenshots gallery

Like this article?

You may also enjoy these articles

SearchSploit: Guide to Exploit Database Search

Searchsploit is a command-line tool that allows users to search the Exploit Database, which is a repository of publicly disclosed vulnerabilities and exploitation techniques. It

fuzzing with ffuf tool

Guide to FFUF tool – Web Application Fuzzing

FFUF is a powerful and flexible open-source tool for performing web application fuzzing. Whether you’re a security professional looking to identify vulnerabilities or a developer

Guide to sqlmap tool – sql injection

SQLmap is an powerful open source tool used by hackers to detect and exploit SQL
injection flaws. SQLmap automates the process of detecting and exploiting


Hydra tool make password cracking to easy task, hydra can brute Force multiple protocols and services like ftp irc ldap2[s] ldap3 mongodb mssql mysql

Scroll to Top