nmap
Last Updated on 2019-03-19 by Sture
This page was last modified [last-modified]
Nmap is a utility for network exploration and security auditing.
It supports various types of host discovery (determine which hosts are up), many port scanning techniques for different protocols, version detection (determine service protocols and application versions listening behind ports), and TCP/IP stack fingerprinting (remote host OS or device identification). Nmap also offers flexible target and port specification, decoy/stealth scanning, sunRPC scanning, and much more.
Also included is Ncat, the nc(1) work-a-like of the Nmap project.
Refer to the separate port security/zenmap for those parts of the Nmap toolset which depend on python. The translated manual pages for Nmap are contained in security/nmap-i18n-man.
WWW: https://nmap.org/
Installation
Search for nmap in the remote package repositories with:
[root@gw ~]# pkg search nmap [enter]
lanmap-2006.03.07.r81_4 Lanmap sits quietly on a network and builds a picture of what it sees
nmap-7.70 Port scanning utility for large networks
p5-Encode-CNMap-0.32_2 Enhanced Chinese encodings with Simplified-Traditional auto-mapping
p5-Nmap-Parser-1.36 Parse nmap scan data with perl
p5-Nmap-Scanner-1.0_5 Perform and manipulate nmap scans using perl
php56-pear-Net_Nmap-1.0.5 Simple Wrapper Class for the Nmap Utility
php71-pear-Net_Nmap-1.0.5 Simple Wrapper Class for the Nmap Utility
php72-pear-Net_Nmap-1.0.5 Simple Wrapper Class for the Nmap Utility
php73-pear-Net_Nmap-1.0.5 Simple Wrapper Class for the Nmap Utility
py27-chainmap-1.0.2 Backport/clone of chainmap for py26, py32, and pypy3
py36-chainmap-1.0.2 Backport/clone of chainmap for py26, py32, and pypy3
rubygem-nmap-parser-0.3.5 Ruby interface to Nmap scan data
zenmap-7.70 GUI frontend for the Nmap scanning utility
[root@gw ~]#In this example nmap-7.70 will be installed.
Install nmap with:
[root@gw ~]# pkg install nmap [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
nmap: 7.70
Number of packages to be installed: 1
The process will require 26 MiB more space.
6 MiB to be downloaded.
Proceed with this action? [y/N]: y [enter]
[1/1] Fetching nmap-7.70.txz: 100% 6 MiB 5.8MB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Installing nmap-7.70...
[1/1] Extracting nmap-7.70: 100%
[root@gw ~]#Configuration
List installed files with:
[root@gw ~]# pkg info -l nmap | less [enter]
nmap-7.70:
/usr/local/bin/ncat
/usr/local/bin/nmap
/usr/local/bin/nping
.
.
.
/usr/local/share/nmap/scripts/xmlrpc-methods.nse
/usr/local/share/nmap/scripts/xmpp-brute.nse
/usr/local/share/nmap/scripts/xmpp-info.nse
(END)Hit key [Q] to exit the list:
[root@gw ~]#Run a host discovery or ping scan for your network – in this example 192.168.1.0/24 – with:
[root@gw ~]# nmap -sP 192.168.1.0/24 [enter]Example outputs:
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 15:05 UTC
Nmap scan report for winpc.example.net (192.168.1.25)
Host is up (0.00031s latency).
MAC Address: F0:xx:xx:xx:xx:F0 (Dell)
Nmap scan report for 192.168.1.81
Host is up (0.0011s latency).
MAC Address: D8:xx:xx:xx:xx:67 (Unknown)
Nmap scan report for 192.168.1.82
Host is up (-0.100s latency).
MAC Address: 18:xx:xx:xx:xx:A5 (Dell)
Nmap scan report for gw.example.net (192.168.1.1)
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 1.70 seconds
[root@gw ~]#Run a host discovery or ping scan and save output to a textfile in the Apache default Web Server directory /usr/local/www/apache24/data/with:
[root@gw ~]# nmap -sP 192.168.1.0/24 > /usr/local/www/apache24/data/nmap.txt [enter]
[root@gw ~]#Display the nmap scan result by entering the IP address as in this example: http://192.168.1.1/nmap.txt
Example outputs:
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 15:18 UTC
Nmap scan report for 192.168.1.2
Host is up (-0.14s latency).
MAC Address: 28:xx:xx:xx:xx:C0 (Netgear)
Nmap scan report for gw.example.net (192.168.1.1)
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 5.11 secondsN.B.: File nmap.txt will be replaced when command is repeated!
Show open (or possibly open) ports with:
[root@gw ~]# nmap --open 192.168.1.25 [enter]Example outputs:
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 15:11 UTC
Nmap scan report for winpc.example.net (192.168.1.25)
Host is up (-0.025s latency).
Not shown: 995 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5800/tcp open vnc-http
5900/tcp open vnc
MAC Address: F0:xx:xx:xx:xx:F0 (Dell)
Nmap done: 1 IP address (1 host up) scanned in 15.92 seconds
[root@gw ~]#Show host interfaces and routes with:
[root@gw ~]# nmap --iflist [enter]Example outputs:
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 15:16 UTC
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
igb0 (igb0) 192.168.1.1/24 ethernet up 1500 B4:xx:xx:xx:xx:6A
igb1 (igb1) 10.xxx.xx.xx/23 ethernet up 1500 B4:xx:xx:xx:xx:6B
lo0 (lo0) 127.0.0.1/8 loopback up 16384
lo0 (lo0) ::1/128 loopback up 16384
lo0 (lo0) fe80:3::1/64 loopback up 16384
pflog0 (pflog0) (none)/0 other up 33160
**************************ROUTES**************************
DST/MASK DEV METRIC GATEWAY
10.xxx.xx.xx/32 lo0 0
127.0.0.1/32 lo0 0
192.168.1.1/32 lo0 0
192.168.1.0/24 igb0 0
10.xxx.xx.0/23 igb1 0
0.0.0.0/0 igb1 0 10.xxx.xx.1
fe80::1/128 lo0 0
::1/128 lo0 0
::/96 lo0 0 ::1
::ffff:0.0.0.0/96 lo0 0 ::1
fe80::/64 lo0 0
ff02::/16 lo0 0 ::1
fe80::/10 lo0 0 ::1
[root@gw ~]#More examples: Top 32 Nmap Command Examples For Linux Sys/Network Admins