🛡️ Mastering Nmap: From Basic Scans to Vulnerability Detection

 

🛡️ Mastering Nmap: From Basic Scans to Vulnerability Detection

Learn Nmap Commands with Real Examples (Beginner to Intermediate Guide)

Are you new to Nmap or looking to improve your network scanning skills? 👨‍💻

In this blog, I’ll walk you through Nmap basics, useful scanning techniques, and even Nmap scripting for vulnerability detection. This blog complements the video I posted on YouTube channel — if you haven’t seen it yet, check it out for a full walkthrough! 🎥

🔍 What is Nmap?

Nmap (Network Mapper) is a powerful open-source tool used for:

- Scanning networks
- Discovering hosts and services
- Detecting open ports 🔓
- Identifying vulnerabilities

🧰 How to Install Nmap

👉 Linux

sudo apt install nmap

👉 Windows

Download the setup from: https://nmap.org/download.html

🧪 Basic Nmap Commands

✅ 1. Simple Host Scan

nmap <target-ip>

Example:

nmap 192.168.1.1

📌 Scans for open ports on a single host.

✅ 2. Scan Multiple Hosts

nmap 192.168.1.1 192.168.1.2

Example:

nmap 192.168.1.1-50

📌 You can also scan a range.

✅ 3. Scan an Entire Subnet

nmap 192.168.1.0/24

📌 Useful in identifying all live hosts in a local network.

✅ 4. Aggressive Scan

nmap -A <target-ip>

📌 Includes OS detection, version detection, script scanning, and traceroute. ⚠️ Can be noisy — use with caution on live systems.

🔐 Intermediate Level: Nmap Scripting Engine (NSE)

✅ 5. Script Scan Example

nmap --script vuln <target-ip>

📌 Scans the target for common vulnerabilities using default NSE scripts.

✅ 6. Running Specific Script

nmap --script http-enum <target-ip>

📌 Enumerates directories on a web server.

✅ 7. Running Multiple Scripts

nmap --script "ftp*,http*" <target-ip>

📌 Scans using all FTP and HTTP-related scripts.

📂 Save Output to File

✅ 8. Save Scan Result to TXT

nmap -oN result.txt <target-ip>

📌 For documentation or reporting purposes.

🖼️ Sample Scan Output

Starting Nmap 7.93 ( https://nmap.org ) at 2025-05-23
Nmap scan report for 192.168.1.10
Host is up (0.0040s latency).
Not shown: 996 closed tcp ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https

🔄 Real-World Use Case

Let’s say you want to scan a web server to find possible vulnerabilities:

nmap -p 80,443 --script vuln <target-ip>

📌 This scans ports 80 and 443 with vulnerability scripts. Ideal for finding SSL or HTTP misconfigs.

⚠️ Responsible Usage

🛑 Always get permission before scanning any network you don’t own. Unauthorized scanning is illegal and unethical.

📚 Conclusion

Nmap is more than just a port scanner. With the right knowledge, you can use it to:
✔️ Detect services
✔️ Identify vulnerabilities
✔️ Automate scans
✔️ Generate reports

📽️ Watch the full video here for live demos and deeper explanation:
👉 [Your YouTube Video Link]