The Expert's Nmap Guide

A comprehensive guide to network discovery and security auditing with Nmap

Welcome to the comprehensive Nmap guide. This documentation provides detailed instructions on using Nmap (Network Mapper), one of the most powerful and versatile network scanning and security auditing tools available for penetration testing and network administration.

Nmap is an open-source utility for network discovery and security auditing. It uses raw IP packets in novel ways to determine what hosts are available on a network, what services (application name and version) those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it valuable for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Why Use Nmap?

Comprehensive Network Visibility: Provides detailed information about hosts, services, and vulnerabilities on your network
Versatility: Works across all major operating systems and can scan virtually any type of network
Efficiency: Rapidly scans large networks while providing accurate results
Customizability: Offers numerous options to tailor scans to specific requirements and network conditions
Active Community: Maintained by a large community that regularly updates the tool with new features and scripts
Free and Open Source: Available to everyone with extensive documentation and community support
Industry Standard: Widely recognized and used by security professionals worldwide

Getting Started with Nmap

Install Nmap

Nmap is available for all major operating systems:

Linux:

# Debian/Ubuntu
sudo apt install nmap

# Fedora/RHEL/CentOS
sudo dnf install nmap

macOS:

# Using Homebrew
brew install nmap

Windows: Download the installer from nmap.org/download.html

Verify Installation

Test your installation by running:

nmap -V

This should display the current version of Nmap.

Run Your First Scan

Try a basic scan against a target (replace example.com with your authorized target):

nmap example.com

This performs a basic scan showing open ports on the target.

Note: Always ensure you have permission to scan the target network or system.

Guide Structure

This guide is organized into several sections:

Core Operations: Basic syntax, scan types, and target selection methods
Advanced Techniques: Service detection, OS fingerprinting, timing options, and the Nmap Scripting Engine
Practical Applications: Network inventory, vulnerability assessment, and firewall evasion techniques
Best Practices: Optimization tips, ethical considerations, and recommended workflows

Each section provides detailed explanations, command examples, and real-world use cases to help you master Nmap for ethical network scanning and security assessment.

Let's begin with understanding the core operations and scanning techniques in Nmap.

PreviousBest Practices

NextCore Operations

Penetration Testing Guide

Hashcat Guide

Hydra Guide

Nikto Guide

OWASP ZAP Guide

Burp Suite Guide

XSS Guide

SQLMap Guide

Reverse Shells Guide

John the Ripper Guide

Nmap Guide