#4: Start Using Nmap
#4: Start Using Nmap
Embedded Files
Learning Nmap can feel overwhelming at first. There are many commands, options, and scripts to explore. To make it easier, weβll use a simple framework:
π Nmap 1β2β3: Scan, Script, Skill (3S)
This approach helps beginners learn step by step inside their WSL Ubuntu terminal.
1. Scan β Basic Options
The first step is learning how to scan. Options control how Nmap behaves.
These basic options control how Nmap scans. The most important categories:
Host Discovery
β’ -sn β Ping scan (find live hosts).
β’ -Pn β Treat all hosts as online (skip ping).
Port Selection
β’ -p β Specify ports (e.g. -p 22,80,443).
β’ -p-Β β Scan all 65,535 ports.
Scan Techniques
β’ -sS β SYN scan (stealthy).
Service & OS Detection
β’ -sV β Detect service versions.
β’ -O β Detect operating system.
Aggressive Scan
β’ -A β Enables OS detection, version detection, script scanning, and traceroute.
2. Script β Nmap Scripting Engine (NSE)
Next, add intelligence with scripts. Nmapβs Scripting Engine (NSE) automates tasks like service discovery and vulnerability checks.
These add intelligence to scans. Categories include:
β’ Discovery β http-title, dns-brute
β’ Auth β ftp-anon, ssh-brute
β’ Vuln β ssl-heartbleed, smb-vuln-ms17-010
β’ Malware β irc-botnet-channels
3. Skill β Advanced Techniques
These are extra capabilities that go beyond basic scanning and scripting.
Examples:
β’ Timing & Performance βΒ -T0 to -T5
β’ Firewall Evasion β -f, --spoof-mac, -D
β’ Target Specification β ranges, CIDR, input files (-iL)
β’ Integration & Automation β feeding results into Metasploit, Python scripts, or reporting tools
Example of Nmap Usage
Scan - Basic Option
Example
open WSL Ubuntu terminal & type
no option, just regular scan
> nmap www.atc123.xyz
Result
> 1000 ports scanned , 998 filterd
> port numner 80; open; http
> port numner 443; open; secured http
since port number 80 & 443 is common port for http & https service, we can scan the port directly without scanning all 1000 ports
option : -Pn , -p
> nmap -Pn -p 80,443 www.atc123.xyz
Result
> port numner 80; open; http
> port numner 443; open; secured http
> scan result faster 0.13 second (compared with above result 55 sec)
happy scanning guys !!!!
try with Nmap - Zenmap GUIΒ
Page updated
Google Sites
Report abuse