This article may require copy editing for grammar, style, cohesion, tone, or spelling. You can assist by editing it. (August 2012)

Nmap Security Scanner

results of an Nmap scan
Original author(s)	Gordon Lyon (Fyodor)
Initial release	September 1997 (1997-09)
Stable release	6.25 / 29 November 2012; 5 months ago (2012-11-29)
Development status	Active
Written in	C, C++, Python, Lua
Operating system	Cross-platform
Available in	English
Type	computer security, network management
License	GNU General Public License
Website	nmap.org

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich)^[1] used to discover Host and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.

The software provides a variety of features for probing computer networks such as host discovery, service and operating system detection, and other more in depth system information. These features are further extended by scripts that can perform more advanced service detection,^[2] vulnerability detection,^[2] and other information. Besides providing a variety of information about what it is scanning, Nmap is also capable of adapting to network conditions like, latency and network congestion during a scan. These features, and new ones, are under continuous development and refinement by its active user community.

Originally Nmap was a Linux^[3] only utility, but it has since been ported to Microsoft Windows, Solaris, HP-UX, BSD variants (including Mac OS X), AmigaOS, and SGI IRIX.^[4] Linux is the most popular platform with Windows following it closely.^[5]

Features [edit]

Nmap features include:

• Host discovery - Identifying hosts on a network. For example, listing the hosts that respond to pings or have a particular port open.
• Port scanning - Enumerating the open ports on one or more target hosts.
• Version detection - Interrogating listening network services listening on remote devices to determine the application name and version number.^[6]
• OS detection - Remotely determining the operating system and hardware characteristics of network devices.
• Scriptable interaction with the target - using Nmap Scripting Engine (NSE) and Lua programming language, customized queries can be made.

In addition to these, Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.^[7]

Typical uses of Nmap:

• Auditing the security of a device by identifying the network connections which can be made to it.^{[citation needed]}
• Identifying open ports on a target host in preparation for auditing.^[8]
• Network inventory, network mapping, maintenance, and asset management.
• Auditing the security of a network by identifying unexpected new servers.^[9]

Basic commands working in Nmap [edit]

• For target specifications:

nmap <targets' URL's or IP's with spaces between them (can also use CIDR notation)> 
e.g. : scanme.nmap.org, gnu.org/24, 192.168.0.1; 10.0.0-255.1-254 (The command is nmap scanme.nmap.org 
and similar)

• For OS detection:

nmap -O <target-host's URL or IP>

• For Version detection:

nmap -sV <target-host's URL or IP>

• For configuring response timings (-T0 to -T5 :increasing in aggressiveness):

nmap -T0 -sV -O <target-host's URL or IP>

Graphical interfaces [edit]

NmapFE, originally written by Zach Smith, was Nmap's official GUI for Nmap versions 2.2 to 4.22.^[10] For Nmap 4.50 (originally in the 4.22SOC development series) NmapFE was replaced with Zenmap, a new official graphical user interface based on UMIT, developed by Adriano Monteiro Marques.

Various web-based interfaces have also been available for controlling Nmap remotely from a web browser. These include LOCALSCAN,^[11] nmap-web,^[12] and Nmap-CGI.^[13]

Microsoft Windows specific GUIs exist, including NMapWin,^[14] which has not been updated since v1.4.0 was released in June 2003, and NMapW^[15] by Syhunt.

Reporting results [edit]

Nmap provides four possible output formats for the scan results. All but the interactive output is saved to a file. All of the output formats in Nmap can be easily manipulated by text processing software, enabling the user to create customized reports.^[16]

Interactive 

presented and updated real time when a user runs the Nmap from the command line. Various options can be entered during the scan to facilitate monitoring.

XML 

a format that can be further processed by XML capable tools. It can be converted into a HTML report using XSLT.

Grepable 

output that is tailored to line-oriented processing tools such as grep, sed or awk.

Normal 

the output as seen while running Nmap from the command line, but saved to a file.

Script kiddie 

meant to be the funny way to format the interactive output replacing letters with their visually alike number representations. For example, Interesting ports becomes Int3rest|ng p0rtz.

History [edit]

Nmap was first published in September 1997, as an article in Phrack Magazine with source-code included.^[17] With the help and contributions of the computer security community, development continued at an ever increasing pace. Changes to the program included operating system fingerprinting, service fingerprinting,^[6] code rewrites (C to C++), additional scan types, protocol support (e.g. IPv6, SCTP^[18]) and new programs that complement Nmap's core features. Changes include:

December 12, 1998

Nmap 2.00 is released, including Operating System fingerprinting ^[19]

April 11, 1999

NmapFE, a GTK+ front end, is bundled with Nmap^[19]

December 7, 2000

Nmap ported to Windows^[10]

August 28, 2002

Rewrite from C to C++^[10]

September 16, 2003

Nmap 3.45 the first public release to include service version detection^[10]

August 31, 2004

Core scan engine rewritten for version 3.70. New engine is called ultra_scan^[20]

Summer 2005

Nmap selected for participation in Google Summer of Code.^[21] These and future students contributed major features like Zenmap, NSE, Ncat, and 2nd-generation OS detection.

December 13, 2007

Nmap 4.50, the 10th Anniversary Edition, is released. Includes the new Zenmap frontend, 2nd-generation OS detection, and the Nmap Scripting Engine^[22]

March 30, 2009

Emergency release of Nmap 4.85BETA5, which leverages NSE to detect Conficker infections^[23]

July 16, 2009

Nmap 5.00 includes netcat-replacement Ncat and Ndiff scan comparison tool^[24]

January 28, 2011

Nmap 5.50 released, including the new Nping packet generation tool^[25]

May 21, 2012

Nmap 6.00 released with full IPv6 support.

A full list of the changes in each release is recorded in the Nmap Changelog.^[10]

Purpose [edit]

Nmap is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services on a network, despite the fact that such services are nοt advertising themselves with a service discovery protocol. In addition, Nmap may be able to determine various details about the remote computers.

Ethical issues and legality [edit]

Like most tools used in computer security, Nmap can be used for black hat hacking,^[26] or attempting to gain unauthorized access to computer systems. It would typically be used to discover open ports which are likely to be running vulnerable services, in preparation for attacking those services with another program.^[27]

System administrators often use Nmap to search for unauthorized servers on their network, or for computers which don't meet the organization's minimum level of security.^[28]

Nmap is often confused with host vulnerability assessment tools such as Nessus, which go further in their exploration of a target by testing for common vulnerabilities in the open ports found.

In some jurisdictions, unauthorized port scanning may be illegal.^[29]

Nmap in popular culture [edit]

In The Matrix Reloaded, Trinity is seen using Nmap to access a power plant's computer system,^[30] allowing Neo to "physically" break in to a building. The appearance of Nmap in the film was widely discussed on internet forums and hailed as an unusually realistic example of hacking compared to other movies.^[31]

Nmap and NmapFE were used in the film The Listening, a 2006 movie about a former NSA officer who defects and mounts a clandestine counter-listening station high in the Italian alps.

Some Nmap source code can be seen in the movie Battle Royale, as well as brief views of the command line version of Nmap executing in Live Free or Die Hard and Bourne Ultimatum.^[30]

Nmap in academia [edit]

Nmap has long since become an integral part of academic activities. It has been used for research involving TCP/IP protocol suite and networking in general, with the security domain being the main beneficiary.^[32] Beyond being an aide-tool in researching various topics, Nmap has become the topic of research itself.^[33]

Output from Nmap [edit]

See also [edit]

Free software portal

• Metasploit Framework
• Netcat
• Wireshark

References [edit]

Bibliography [edit]

External links [edit]

• Official website
• nmap-online.com - Online tool to check your computer