Network Mapped (Nmap) is a network scanning and host detection tool that is very useful during several steps of penetration testing. Nmap is not limited to merely gathering information and enumeration, but it is also powerful utility that can be used as a vulnerability detector or a security scanner. So Nmap is a multipurpose tool, and it can be run on many different operating systems including Windows, Linux, BSD, and Mac. Nmap is a very powerful utility that can be used to:
- Detect the live host on the network (host discovery)
- Detect the open ports on the host (port discovery or enumeration)
- Detect the software and the version to the respective port (service discovery)
- Detect the operating system, hardware address, and the software version
- Detect the vulnerability and security holes (Nmap scripts)
Nmap is a very common tool, and it is available for both the command line interface and the graphical user interface.
I this post, I will show you how to use Nmap for port scanning and OS fingerprinting purposes.
Nmap Port Scannig
$ nmap target
Here target can be host URL/IP or network address(for scanning the entire subnet).
You can also add multiple targets to Namp (target1 target2 target3 …). There are a bundle of options for port scanning which are not discussed in this post. You can refer man pages for more details.
Nmap OS Fingerprinting
OS fingerprinting is one of the best known features of Nmap. It sends a series of TCP and UDP packets to the host and examines the reply to from the host. It compares the responses on it nmap-os-db database of more than 2500 OS fingerprints and displays the fingerprint of the OS that matches. This is possible only if at least one open port and one closed port is found.
You can use the following command to scan the fingerprint of the target OS.
$ namp -O target
You should have administrative rights to perform the above tasks.
My sample OS Fingerprint is shown