provocativo_
back to the arsenal
// arsenal·Recon & OSINTBeginnerFOSS

Nmap/en-map/

The Network Mapper — Fyodor's port-scanner and host-discovery framework.

Recon & OSINT

$ nmap --help

Nmap

Nmap output in a terminal showing port scan results
Nmap output in a terminal showing port scan resultsWikimedia Commons

// what it is

Description

Nmap (Network Mapper) is the most widely-deployed network discovery and security auditing tool. Implements SYN, connect, UDP, ACK, and stealth scans plus OS fingerprinting, version detection, and the Nmap Scripting Engine (NSE) with 600+ NSE scripts. Created by Gordon 'Fyodor' Lyon in 1997 and continuously maintained.

// use cases

What people use it for

  • Discover live hosts and open ports on a network
  • Fingerprint OS and service versions for vulnerability prioritization
  • Run scripted vuln checks via NSE (e.g. `--script vuln`)
  • Generate XML/grepable output as input for downstream tools

// commands

The commands you'll type

Full TCP + service + scripts

$ nmap -sV -sC -p- -T4 target.tld

Top 1000 UDP ports

$ nmap -sU --top-ports 1000 target.tld

NSE vuln scan

$ nmap --script vuln -p 80,443 target.tld

Stealthy SYN scan

$ nmap -sS -Pn -p 1-65535 target.tld

// facts

category
Recon & OSINT
platforms
LIN · WIN · MAC
license
FOSS
difficulty
Beginner

// links

// related in Recon & OSINT

Recon & OSINTIntermediate

Masscan

Internet-scale TCP port scanner — claims 10M packets/second on the right hardware.

FOSS
LIN·WIN·MAC
open entry →
Recon & OSINTBeginner

Shodan

Search engine for internet-connected devices — banners, certs, screenshots.

Freemium
WEB·LIN·WIN·MAC
open entry →
Recon & OSINTBeginner

Censys

Internet-scale scanning platform — Shodan's academic-origin sibling.

Freemium
WEB·LIN·WIN·MAC
open entry →