results of an Nmap scan
|Original author(s)||Gordon Lyon (Fyodor)|
|Initial release||September 1997|
|Stable release||6.25 / 29 November 2012|
|Written in||C, C++, Python, Lua|
|Type||computer security, network management|
|License||GNU General Public License|
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.
The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap is also capable of adapting to network conditions including latency and congestion during a scan. Nmap is under development and refinement by its user community.
Nmap was originally a Linux-only utility, but it was ported to Microsoft Windows, Solaris, HP-UX, BSD variants (including Mac OS X), AmigaOS, and SGI IRIX. Linux is the most popular platform, followed closely by Windows.
Nmap features include:
- Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to pings or have a particular port open.
- Port scanning – Enumerating the open ports on target hosts.
- Version detection – Interrogating network services on remote devices to determine application name and version number.
- OS detection – Determining the operating system and hardware characteristics of network devices.
- Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.
Typical uses of Nmap:
- Auditing the security of a device by identifying the network connections which can be made to it.
- Identifying open ports on a target host in preparation for auditing.
- Network inventory, network mapping, maintenance and asset management.
- Auditing the security of a network by identifying new servers.
Basic commands working in Nmap
- For target specifications:
nmap <targets' URL's or IP's with spaces between them (can also use CIDR notation)> e.g. : scanme.nmap.org, gnu.org/24, 192.168.0.1; 10.0.0-255.1-254 (The command is nmap scanme.nmap.org and similar)
- For OS detection:
nmap -O <target-host's URL or IP>
- For Version detection:
nmap -sV <target-host's URL or IP>
- For configuring response timings (-T0 to -T5 :increasing in aggressiveness):
nmap -T0 -sV -O <target-host's URL or IP>
NmapFE, originally written by Zach Smith, was Nmap's official GUI for Nmap versions 2.2 to 4.22. For Nmap 4.50 (originally in the 4.22SOC development series) NmapFE was replaced with Zenmap, a new official graphical user interface based on UMIT, developed by Adriano Monteiro Marques.
Nmap provides four possible output formats. All but the interactive output is saved to a file. Nmap output can be manipulated by text processing software, enabling the user to create customized reports.
- presented and updated real time when a user runs Nmap from the command line. Various options can be entered during the scan to facilitate monitoring.
- a format that can be further processed by XML tools. It can be converted into a HTML report using XSLT.
- output that is tailored to line-oriented processing tools such as grep, sed or awk.
- the output as seen while running Nmap from the command line, but saved to a file.
- Script kiddie
- meant to be an amusing way to format the interactive output replacing letters with their visually alike number representations. For example, Interesting ports becomes Int3rest1ng p0rtz.
Nmap was first published in September 1997, as an article in Phrack Magazine with source-code included. With help and contributions of the computer security community, development continued. Enhancements included operating system fingerprinting, service fingerprinting, code rewrites (C to C++), additional scan types, protocol support (e.g. IPv6, SCTP) and new programs that complement Nmap's core features. Changes include:
- December 12, 1998—Nmap 2.00 is released, including Operating System fingerprinting 
- April 11, 1999—NmapFE, a GTK+ front end, is bundled with Nmap
- December 7, 2000—Windows port
- August 28, 2002—Rewrite from C to C++
- September 16, 2003—The first public release to include service version detection
- August 31, 2004—Core scan engine rewritten for version 3.70. New engine is called ultra_scan
- Summer 2005—Nmap selected for participation in Google Summer of Code. Added features included Zenmap, NSE, Ncat, and 2nd-generation OS detection.
- December 13, 2007—Nmap 4.50, the 10th Anniversary Edition, was released. Included Zenmap, 2nd-generation OS detection, and the Nmap Scripting Engine
- March 30, 2009—Emergency release of Nmap 4.85BETA5, leveraging NSE to detect Conficker infections
- July 16, 2009—5.00 included netcat-replacement Ncat and Ndiff scan comparison tool
- January 28, 2011—5.50 included Nping packet generation
- May 21, 2012—6.00 released with full IPv6 support.
The Nmap Changelog records all changes.
Ethical issues and legality
Nmap can be used for black hat hacking, to gain unauthorized access to computer systems. It would typically be used to discover open ports that may be running vulnerable services, in preparation for attacking those services with another program.
System administrators can use Nmap to search for unauthorized servers, or for computers that don't conform to security standards.
Nmap has been confused with host vulnerability assessment tools such as Nessus, which test for common vulnerabilities in open ports.
In some jurisdictions, unauthorized port scanning is illegal.
In popular culture
In The Matrix Reloaded, Trinity is seen using Nmap to access a power plant's computer system, allowing Neo to "physically" break in to a building. The appearance of Nmap in the film was widely discussed on Internet forums and hailed as an unusually realistic example of hacking.
Nmap and NmapFE were used in The Listening, a 2006 movie about a former NSA officer who defects and mounts a clandestine counter-listening station high in the Italian alps.
Nmap is an integral part of academic activities. It has been used for research involving the TCP/IP protocol suite and networking in general. As well as being a research tool, Nmap has become a research topic as well.
- "Matrix mixes life and hacking". BBC News. 2003-05-19. Retrieved 2009-01-14.
- Nmap Scripting Engine. Nmap.org. Retrieved on 2013-02-01.
- The History and Future of Nmap. Nmap.org. Retrieved on 2013-02-01.
- Other Platforms. Nmap.org. Retrieved on 2013-02-01.
- "Nmap Installation for Windows". nmap.org. Retrieved 2008-05-14.
- Service and Application Version Detection
- Chapter 15. Nmap Reference Guide. Nmap.org (2011-03-25). Retrieved on 2011-04-23.
- When Good Scanners Go Bad, From , ComputerWorld 22 March 1999
- nmap-audit – Network auditing with Nmap. heavyk.org
- [http—//nmap.org/changelog.html Nmap Change Log]. Nmap.org. Retrieved on 2011–09–17.
- [dead link]
- nmap-web: quick-n-dirty web interface to Nmap. Komar.org. Retrieved on 2011-09-17.
- nmap-cgi homepage. Nmap-cgi.tuxfamily.org. Retrieved on 2011-09-17.
- NMapWin v1.2.3. Nmapwin.sourceforge.net. Retrieved on 2011-09-17.
- Syhunt Technology: Web Application Security and Testing Tools. Syhunt.com (2010-10-23). Retrieved on 2011-09-17.
- Output. Nmap.org. Retrieved on 2011-12-10.
- Nmap Introduction – Phrack 51, Article 11. Phrack.org. Retrieved on 2011-09-17.
- SCTP Support for Nmap. Roe.ch (2007-01-26). Retrieved on 2011-09-17.
- [http—//nmap.org/book/history-future.html#history The History and Future of Nmap]
- [http—//seclists.org/nmap-hackers/2004/10 Nmap Hackers—Nmap 3.70 Released—Core Scan Engine Rewrite!]. Seclists.org. Retrieved on 2011–09–17.
- [http—//seclists.org/nmap-hackers/2005/7 Google sponsors Nmap summer student developers]. Seclists.org. Retrieved on 2011–09–17.
- [http—//insecure.org/stf/Nmap-4.50-Release.html Nmap 4.50 Press Release]. Insecure.org. Retrieved on 2011–09–17.
- [http—//seclists.org/nmap-dev/2009/q1/870 Nmap Development—Nmap 4.85BETA5—Now with Conficker detection!]. Seclists.org. Retrieved on 2011–09–17.
- [http—//nmap.org/5/ Nmap 5.00 Release Notes]. Nmap.org. Retrieved on 2011–09–17.
- [http—//seclists.org/nmap-hackers/2011/0 Nmap 5.50—Now with Gopher protocol support!]. Seclists.org. Retrieved on 2011–09–17.
- Hacking tool reportedly draws FBI subpoenas. Securityfocus.com (2004-11-24). Retrieved on 2011-09-17.
- SANS Institute – Intrusion Detection FAQ: What is AMap and how does it fingerprint applications?. Sans.org. Retrieved on 2011-09-17.
- "120 – How to conduct a security audit" (PDF). Tech Support Alert. Retrieved 2011-09-17.
- "First ruling by the Supreme Court of Finland on attempted break-in". Osborne Clarke. 2003. Retrieved 2010-02-21.
- "nmap in the movies".
- Kevin Poulsen (2003-05-16). "Matrix Sequel Has Hacker Cred". The Register.
- "Validation of Sensor Alert Correlators".
- "A Data Mining Based Analysis of Nmap Operating System Fingerprint Database".
- Fyodor Lyon, Gordon (January 1, 2009). Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure.com LLC. p. 468. ISBN 0-9799587-1-7.