Nmap


Nmap is a free and open-source network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.
Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap can adapt to network conditions including latency and congestion during a scan.
Nmap started as a Linux utility and was ported to other systems including Windows, macOS, and BSD. It is most popular on Linux, followed by Windows.

Features

Nmap features include:
Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.
Typical uses of Nmap:
NmapFE, originally written by Kanchan, was Nmap's official GUI for Nmap versions 2.2 to 4.22. For Nmap 4.50 NmapFE was replaced with Zenmap, a new official graphical user interface based on UMIT, developed by Adriano Monteiro Marques.
Web-based interfaces exists that allow either controlling Nmap or analysing Nmap results from a web browser, such as IVRE.

Output

Nmap provides four possible output formats. All but the interactive output is saved to a file. Nmap output can be manipulated by text processing software, enabling the user to create customized reports.
; Interactive: presented and updated real time when a user runs Nmap from the command line. Various options can be entered during the scan to facilitate monitoring.
; XML: a format that can be further processed by XML tools. It can be converted into a HTML report using XSLT.
; Grepable: output that is tailored to line-oriented processing tools such as grep, sed or awk.
; Normal: the output as seen while running Nmap from the command line, but saved to a file.
; Script kiddie:meant to be an amusing way to format the interactive output replacing letters with their visually alike number representations. For example, Interesting ports becomes Int3rest1ng p0rtz. This is known as Leet.

History

Nmap was first published in September 1997, as an article in Phrack Magazine with source-code included. With help and contributions of the computer security community, development continued. Enhancements included operating system fingerprinting, service fingerprinting, code rewrites, additional scan types, protocol support and new programs that complement Nmap's core features
Major releases include:
DateVersionSignificance
12 December 1998Nmap 2.00Nmap 2.00 is released, including Operating System fingerprinting
11 April 1999NmapFEA GTK+ front end, is bundled with Nmap
7 December 2000Windows port
28 August 2002Rewrite from C to C++
16 September 2003The first public release to include service version detection
31 August 2004Nmap 3.70Core scan engine rewritten for version 3.70. New engine is called ultra_scan
Summer 2005Nmap selected for participation in Google Summer of Code. Added features included Zenmap, Nmap Scripting Engine, Ncat, and 2nd-generation OS detection.
13 December 2007Nmap 4.50Nmap 4.50, the 10th Anniversary Edition, was released. Included Zenmap, 2nd-generation OS detection, and the Nmap Scripting Engine
30 March 2009Nmap 4.85BETA5Emergency release of Nmap 4.85BETA5, leveraging NSE to detect Conficker infections
16 July 2009Nmap 5.00Included netcat-replacement Ncat and Ndiff scan comparison tool
28 January 2011Nmap 5.50Included Nping packet generation response analysis and response time measurement, including TCP, UDP and ICMP probe modes.
21 May 2012Nmap 6.00Released with full IPv6 support.
Nmap 7.00
Nmap 7.40
Nmap 7.70
Nmap 7.80

Legal issues

Nmap is a tool that can be used to discover services running on Internet connected systems. Like any tool, it could potentially be used for black hat hacking, as a precursor to attempts to gain unauthorized access to computer systems; however, Nmap is also used by security and systems administration to assess their own networks for vulnerabilities.
System administrators can use Nmap to search for unauthorized servers, or for computers that do not conform to security standards.
In some jurisdictions, unauthorized port scanning is illegal.

License

Nmap was originally distributed under the GNU Public License. In later releases, Nmap's authors added clarifications and specific interpretations to the license where they felt the GPL was unclear or lacking. For instance, Nmap 3.50 specifically revoked the license of SCO Group to distribute Nmap software because of their views on the SCO-Linux controversies.

In popular culture

In The Matrix Reloaded, Trinity is seen using Nmap to access a power plant's computer system, allowing Neo to "physically" break into a building. The appearance of Nmap in the film was widely discussed on Internet forums and hailed as an unusually realistic example of hacking.
Nmap and NmapFE were used in The Listening, a 2006 movie about a former NSA officer who defects and mounts a clandestine counter-listening station high in the Italian alps.
Nmap source code can be seen in the movie Battle Royale, as well as brief views of the command line version of Nmap executing in Live Free or Die Hard and Bourne Ultimatum. In 2013, Nmap continued to make appearances in movies including popular sci-fi movie Elysium.
The film Dredd, a film adaptation of the famous Judge Dredd comics, was released in 2012 and also contains multiple Nmap scenes. Nmap is used for network reconnaissance and exploitation of the slum tower network. It is even seen briefly in the movie's trailer.
The command Nmap is widely used in the video game Hacknet, allowing to probe the network ports of a target system to hack it.
In Snowden, Nmap is used in the aptitude test scene about 14 minutes into the movie.

In academia

Nmap is an integral part of academic activities. It has been used for research involving the TCP/IP protocol suite and networking in general. As well as being a research tool, Nmap has become a research topic.

Examples


$ nmap -A scanme.nmap.org
Starting Nmap 6.47 at 2014-12-29 20:02 CET
Nmap scan report for scanme.nmap.org
Host is up.
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7.1
80/tcp open http Apache httpd 2.2.14 )
9929/tcp open nping-echo Nping echo
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|phone|storage-misc|WAP
Running : Linux 2.6.X|3.X|2.4.X, Netgear RAIDiator 4.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.38 cpe:/o:linux:linux_kernel:3 cpe:/o:netgear:raidiator:4 cpe:/o:linux:linux_kernel:2.4
Aggressive OS guesses: Linux 2.6.38, Linux 3.0, Linux 2.6.32 - 3.0, Linux 2.6.18, Linux 2.6.39, Linux 2.6.32 - 2.6.39, Linux 2.6.38 - 3.0, Linux 2.6.38 - 2.6.39, Linux 2.6.35, Linux 2.6.37
No exact OS matches for host.
Network Distance: 13 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 14.21 ms 151.217.192.1
2 5.27 ms ae10-0.mx240-iphh.shitty.network
3 13.16 ms hmb-s2-rou-1102.DE.eurorings.net
4 6.83 ms blnb-s1-rou-1041.DE.eurorings.net
5 8.30 ms blnb-s3-rou-1041.DE.eurorings.net
6 9.42 ms as6939.bcix.de
7 24.56 ms 10ge10-6.core1.ams1.he.net
8 30.60 ms 100ge9-1.core1.lon2.he.net
9 93.54 ms 100ge1-1.core1.nyc4.he.net
10 181.14 ms 10ge9-6.core1.sjc2.he.net
11 169.54 ms 10ge3-2.core3.fmt2.he.net
12 164.58 ms router4-fmt.linode.com
13 164.32 ms scanme.nmap.org
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/.
Nmap done: 1 IP address scanned in 28.98 seconds