Nmap Network Scan

What is nmap?

nmap is a powerful and versatile open-source network scanning tool used for network discovery and security auditing. It enables users to identify live hosts, open ports, running services, and their versions, as well as operating systems on a network. Network administrators and penetration testers commonly use nmap to assess network security, detect vulnerabilities, and map network structures. By using various scanning techniques, nmap provides valuable insights into the status and configuration of networked devices.

Python API

Here are the APIs I used for testing purposes. You can find more details and test them by visiting the link below.

For these tests, I used virtual machines running Kali Linux and the API available at the provided link.

Command: sudo nmap 192.168.56.101

This command scans the host 192.168.56.101 for open TCP ports. Below is the output:

                
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-05 15:52 GMT
Nmap scan report for 192.168.56.101
Host is up (0.00092s latency).
Not shown: 995 filtered tcp ports (no-response)
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 4.92 seconds
                
            

Findings:

• Ports 21 (FTP), 22 (SSH), 80 (HTTP), 443 (HTTPS), and 8080 (HTTP-Proxy) are open.
• This information can be used to identify running services and potential vulnerabilities.

Command: sudo nmap -iL /home/lukasz/Documents/nmap/ip.txt -oN /home/lukasz/Documents/nmap/output.txt

This command scans multiple IPs listed in a file and outputs the result to a file. Below is the example:

                
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-05 16:30 GMT
Nmap scan report for 192.168.56.101
Host is up (0.0016s latency).
Not shown: 995 filtered tcp ports (no-response)
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 5.10 seconds
                
            

Advantages:

• Scans multiple hosts efficiently.
• Output is saved to output.txt for offline analysis.

Command: sudo nmap -p http,https 192.168.56.101

This command focuses only on HTTP and HTTPS-related ports. Below is the output:

                
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-05 16:12 GMT
Nmap scan report for 192.168.56.101
Host is up (0.0014s latency).

PORT     STATE    SERVICE
80/tcp   open     http
443/tcp  open     https
8008/tcp filtered http

Nmap done: 1 IP address (1 host up) scanned in 1.33 seconds
                
            

Findings:

• Ports 80 and 443 are open, while 8008 is filtered.
• Filtering indicates potential firewalls or access control in place.

sudo nmap -sP 192.168.1.0/24

The -sP option in nmap is used for a ping scan, which identifies live hosts in a specified network range. This command scans the subnet 192.168.1.0/24 and returns a list of active devices.

Example output:
Starting Nmap 7.94 ( https://nmap.org ) at 2025-01-05 17:00 GMT
Nmap scan report for 192.168.1.1
Host is up (0.0012s latency).
Nmap scan report for 192.168.1.101
Host is up (0.0021s latency).
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.35 seconds

This command helps quickly identify which hosts are active within a network.

sudo nmap -sP -iL /home/lukasz/Documents/nmap/ip.txt -oN /home/lukasz/Documents/nmap/output.txt

This command performs a ping scan on IP addresses listed in the file ip.txt and saves the output to output.txt. The -iL option specifies an input list, and -oN writes the output in normal format.

Example output:
Starting Nmap 7.94 ( https://nmap.org ) at 2025-01-05 17:10 GMT
Nmap scan report for 192.168.1.1
Host is up (0.0011s latency).
Nmap scan report for 192.168.1.50
Host is up (0.0030s latency).
Nmap done: 10 IP addresses (2 hosts up) scanned in 1.25 seconds

This approach is useful for scanning a predefined list of IP addresses and saving the results for further analysis.

sudo nmap -O 192.168.1.35

The -O option enables OS detection. This command attempts to identify the operating system running on the target host 192.168.1.35.

Example output:
Starting Nmap 7.94 ( https://nmap.org ) at 2025-01-05 17:20 GMT
Nmap scan report for 192.168.1.35
Host is up (0.00087s latency).
Device type: general purpose
Running: Linux 5.X
OS CPE: cpe:/o:linux:linux_kernel:5
OS details: Linux 5.4 - 5.8
Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds

This command is useful for determining the operating system version and type of a device.

sudo nmap -A 192.168.1.35

The -A option enables aggressive scanning, including OS detection, version detection, script scanning, and traceroute.

Example output:
Starting Nmap 7.94 ( https://nmap.org ) at 2025-01-05 17:30 GMT
Nmap scan report for 192.168.1.35
Host is up (0.0010s latency).
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
80/tcp open  http    Apache httpd 2.4.38 ((Debian))
Device type: general purpose
Running: Linux 5.X
OS CPE: cpe:/o:linux:linux_kernel:5
OS details: Linux 5.4 - 5.8
Traceroute:
1  192.168.1.1 (192.168.1.1)  0.502 ms
2  192.168.1.35 (192.168.1.35)  0.671 ms
Nmap done: 1 IP address (1 host up) scanned in 5.72 seconds

This command provides a comprehensive analysis of the target host, including services, versions, and operating system information.