NMAP stands for Network Mapper. It’s a free and open source utility for network exploration and security auditing. Originally written by Gordon Fyodor Lyon and made feature-rich by the open source community, it is the de facto tool for port scanning, host detection, and fingerprinting service and OS.
It uses raw IP packets in novel ways to determine
- What hosts are available on the network,
- What services (application name and version) those hosts are offering,
- Which operating system (and OS version) they are running,
- What type of packet filters/firewalls are in use,
- And more.
It was designed to rapidly scan large networks, but works fine with a single host.
The basic syntax of nmap is
nmap [options] target
The target can be host DNS names, IP addresses, CIDR network notations and more.
Running nmap without any options will by default do the
- Host detection
- Port scanning using SYN(stealth) scan
- Reverse DNS resolution
- Service fingerprinting
root@kali:~# nmap 184.108.40.206 Starting Nmap 6.46 ( http://nmap.org ) at 2015-07-31 15:21 IST Nmap scan report for 220.127.116.11 Host is up (0.00050s latency). Not shown: 975 closed ports PORT STATE SERVICE 7/tcp open echo 9/tcp open discard 13/tcp open daytime 17/tcp open qotd 19/tcp open chargen 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 1049/tcp open td-postman 1050/tcp open java-or-OTGfileshare 1051/tcp open optima-vnet 1060/tcp open polestar 1086/tcp open cplscrambler-lg 1087/tcp open cplscrambler-in 2003/tcp open finger 3389/tcp open ms-wbt-server 5000/tcp open upnp 5060/tcp open sip 5061/tcp open sip-tls 5080/tcp open onscreen 5357/tcp open wsdapi 5800/tcp open vnc-http 5900/tcp open vnc MAC Address: B8:CA:3A:8A:23:D7 (Dell) Nmap done: 1 IP address (1 host up) scanned in 15.75 seconds