π± Mobile Security Tips
Nina Kovacs — Consumer Security Analyst
What is nmap?
nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. It is commonly used to discover hosts and services on a computer network, thus creating a ‘map’ of the network. Its wide range of capabilities makes it a go-to for both security professionals and network administrators.
Installation
nmap can be installed on various operating systems including Linux, Windows, and macOS. To install on different systems:
- Linux: Use your package manager. For Ubuntu:
sudo apt install nmap - Windows: Download the installer from the official website nmap.org.
- macOS: Use Homebrew:
brew install nmap
Basic Syntax
The basic syntax of nmap is:
nmap [options]
Discovery
Host Discovery
This will help in finding live hosts in the network.
nmap -sn 192.168.1.0/24
Flags Explained:
| Flag | Description |
|---|---|
| -sn | Ping scan – disable port scanning |
ARP Ping Scan
To discover hosts using ARP requests (useful for local networks):
nmap -PR 192.168.1.0/24
Scanning
Service Version Detection
To identify service versions running on open ports:
nmap -sV 192.168.1.1
Flags Explained:
| Flag | Description |
|---|---|
| -sV | Service/Version detection |
Operating System Detection
To detect the OS of a target host:
nmap -O 192.168.1.1
Exploitation
While nmap is not an exploitation tool, its scanning capabilities are often used to prepare for exploitation. Integrate tools like Metasploit with nmap:
msfconsole -r nmap_scan.nmap
Analysis
Output Formats
nmap can output in various formats, useful for automation:
- XML:
nmap -oX output.xml 192.168.1.1 - Grepable:
nmap -oG output.gnmap 192.168.1.1
Evasion
Slow Scan
For evasion against IDS/IPS systems:
nmap -T1 192.168.1.1
Reporting
HTML Output
Generate HTML report for easy readability:
nmap -oX report.xml 192.168.1.1 && xsltproc -o report.html report.xml
Quick Reference Table
Hereβs a summarized reference of commonly used flags:
| Flag | Description |
|---|---|
| -sP | Ping scan (no port scan) |
| -sV | Detect service versions |
| -O | OS detection |
| -oX | Output in XML |
| -T1 | Slow scan |
Pro Tips
- Use
nmap --script=to use nmap scripting engine (NSE) for advanced scanning. - To prioritize specific hosts in a scan, use
-iLwith a file of target IPs.
Real-World Examples
Scanning a Specific Port
nmap -p 22 192.168.1.1
Scan for Open Ports and Services
nmap -sS -sV -A 192.168.1.0/24
This scans for TCP SYN, detects service versions, and enables OS detection.
Scan with Timing Options
nmap -T4 -p- 192.168.1.1
T4 is faster but raises the chances of being detected by intrusion detection systems.