What is Nmap ? Nmap is a tool to scan network or a device. It lets you see open ports in your server/website so that you can access security vulnerabilities. There are a bunch of other uses. So lets get started and see how interesting it is
Before we start, I recommend that you use a linux machine and be comfortable with basic linux commands.
sudo apt-get install nmap and rest of the things will take care of itself. Nmap can be used in Windows and Mac too but I am anti Windows guy and I do not have a Mac. So, figure out the installation yourself in Windows and Mac.
Very Important. It is illegal to scan any website in the Internet without it’s owner’s permission. In the examples below I will scan my own website i.e www.rishiraj.xyz.
Lets Finally Get Started
Open the terminal (Ctrl+ALt+T) and type
where example is your own website or any website in on which you have a scanning permission.You will see the result as shown in the snapshot. In the snapshot, I m showing you the result of www.rishiraj.xyz
Here we can see the IP address of my website. Also the STATE of the ports are ‘Open’. There can be other states like
- Open: Port is active and it will accept connections from the Internet
- Close: Port is responding but no services are running
- Filtered: Port is protected by a firewall
Okay, that was easy. Now lets quickly go through some more basic commands in Nmap.
I am using my own website as an example here. You can scan your own website
nmap -A rishiraj.xyz
This command will do a more aggressive (-A flag means Aggressive) scan and show a bunch of result. Be warned that it may take several minutes to show the result and your Internet connectivity be fluctuate during this time.
nmap --traceroute rishiraj.xyz
This will give a list of all the routers that your request hop through before reaching destination. This is a useful command to figure out which router is taking more time to accept the request. You can try out this command to find the bottleneck if you feel that a particular website is taking too long to respond. The result will be a long list or short depending upon the website. Here is a list which I got for my Internet connection connecting to my website.
nmap -sV rishiraj.xyz
-sV flag stands for Service Version. This command will show the version beside the services that are running.
There are 65 thousand ports in a server and only about 10% are actually used. Nmap scans only about a 1000 of most frequently used ports (like ftp, ssh, http, mysql, smtp, pop, submission etc) because it takes a lot of time to scan ports. So it will take like 2-3 hours to scan 65 thousand ports. There are options in nmap to do specific ports scan, say first 100 ports or so.
To scan the top 100 ports instead of the default 1000 type in terminal. This command will output the result 10 times faster then the default time taken.
nmap -F rishiraj.xyz
Now, let scan a range of port. Say port 10-30, type
nmap -p 10-30 rishiraj.xyz
Scanning a range of consecutive ports
nmap -p 20-25, 80-90 rishiraj.xyz
Scanning port by name
nmap -p http,ftp rishiraj.xyz
Scanning every port availble (I did not try this, as it will take centuries of time may be :P)
nmap -p- rishiraj.xyz
Scanning the top 1000 open ports, yes, only open ports. This is a useful command for obvious reason
nmap --open rishiraj.xyz
Saving nmap scan result in a file.
Suppose your choice of command is
nmap -F some website.com and you want to save the result in a file. The location of my file will be
To save the result in a regular text file, type
nmap nmap -F -oN Documents/Scan-result.txt rishiraj.xyz
To save the result in a xml file, type
nmap nmap -F -oX Documents/Scan-result.xml rishiraj.xyz
Other Useful Nmap commands
Performing ping sweeps. Useful in cases where you want to scan through the the devices attached to your home network. You should know you home IP address which should typically be 192.168.0.0/24
nmap -sP 192.XX.XX.XX/24 Replace those XX with your ip address values.
Stealth port scan of a particular ip.
nmap -sS XX.XX.XX.XX
WARNING: Performing scan on a website without permission may generate signatures that can set off alarm on a network’s intrusion detection system (IDS). Proceed with caution and avoid legal trouble. This tutorial in no way encourages illegal activity on the Internet.
Facebook Cover Image Source: i.ytimg.com