Nmap, short for Network Mapper, is a powerful and widely used open-source network scanning tool. It allows network administrators and security professionals to discover devices, identify open ports, and gather valuable information about networks. This article will guide you through the step-by-step process of installing Nmap on a Linux operating system.
Step 1: Update Package Repositories
Before installing any software, it's recommended to update your package repositories to ensure you have the latest version of the available software packages. Open a terminal and run the following command:
```
sudo apt update
```
Step 2: Install Nmap
Once your repositories are updated, installing Nmap is a straightforward process. In the terminal, enter the following command:
```
sudo apt install nmap
```
This command will prompt you to enter your password, and then it will download and install Nmap along with its dependencies. Confirm the installation by typing "Y" when prompted.
Step 3: Verify the Installation
To verify that Nmap has been installed successfully, simply type the following command in the terminal:
```
nmap -v
```
This will display the version number of Nmap and various usage options. If you see the version information, it means that Nmap is installed correctly.
Step 4: Optional - Install Nmap Frontends (Optional)
While Nmap can be used from the command line, there are also graphical frontends available that provide a more user-friendly interface. These frontends offer additional features and make it easier to visualize scan results. Here are two popular options:
- a) Zenmap: Zenmap is the official graphical user interface (GUI) for Nmap. To install Zenmap, use the following command:
```
sudo apt install zenmap
```
- b) Nmapsi4: Nmapsi4 is another popular GUI for Nmap, providing a range of features such as scan profile management and result export capabilities. To install Nmapsi4, use the following command:
```
sudo apt install nmapsi4
```
Step 5: Start Scanning
With Nmap installed, you can now begin scanning your network. Nmap offers a wide range of scanning techniques and options, allowing you to customize your scans based on your requirements. To perform a basic scan, use the following command:
```
nmap [target]
```
Replace `[target]` with the IP address or hostname of the device or network you want to scan. Nmap will then initiate the scan and provide you with detailed information about open ports, services running, and other valuable data.
Installing Nmap on a Linux operating system is a simple and straightforward process that can be completed in a few steps. By following the instructions outlined in this guide, you'll have Nmap up and running on your Linux machine in no time. Nmap's versatility and powerful scanning capabilities make it an essential tool for network administrators and security professionals seeking to understand and secure their networks effectively. So, go ahead, install Nmap, and start exploring the vast possibilities it offers for network discovery and analysis.
- Run the below command to make sure all packages are up-to-date on the Ubuntu server.
sudo apt-get update
Copy
- Execute the below command to install
$sudo apt-get install nmap -yReading package lists... DoneBuilding dependency tree Reading state information... DoneThe following package was automatically installed and is no longer required: libnuma1Use 'sudo apt autoremove' to remove it. The following additional packages will be installed: libblas3 liblinear4 liblua5.3-0 lua-lpeg nmap-commonSuggested packages: liblinear-tools liblinear-dev ncat ndiff zenmapThe following NEW packages will be installed: libblas3 liblinear4 liblua5.3-0 lua-lpeg nmap nmap-common0 upgraded, 6 newly installed, 0 to remove and 30 not upgraded. Need to get 5669 kB of archives. After this operation, 26.8 MB of additional disk space will be used.
Get:1 http://us-west1.gce.archive.ubuntu.com/ubuntu focal/main amd64 libblas3 amd64 3.9.0-1build1 [142 kB]
Get:2 http://us-west1.gce.archive.ubuntu.com/ubuntu focal/universe amd64 liblinear4 amd64 2.3.0+dfsg-3build1 [41.7 kB]
Get:3 http://us-west1.gce.archive.ubuntu.com/ubuntu focal/main amd64 liblua5.3-0 amd64 5.3.3-1.1ubuntu2 [116 kB]
Get:4 http://us-west1.gce.archive.ubuntu.com/ubuntu focal/universe amd64 lua-lpeg amd64 1.0.2-1 [31.4 kB]
Get:5 http://us-west1.gce.archive.ubuntu.com/ubuntu focal/universe amd64 nmap-common all 7.80+dfsg1-2build1 [3676 kB]
Get:6 http://us-west1.gce.archive.ubuntu.com/ubuntu focal/universe amd64 nmap amd64 7.80+dfsg1-2build1 [1662 kB]
Fetched 5669 kB in 1s (7683 kB/s)Selecting previously unselected package libblas3:amd64.
(Reading database ... 62831 files and directories currently installed.)
Preparing to unpack .../0-libblas3_3.9.0-1build1_amd64.deb ...Unpacking libblas3:amd64 (3.9.0-1build1) ...Selecting previously unselected package liblinear4:amd64. Preparing to unpack .../1-liblinear4_2.3.0+dfsg-3build1_amd64.deb ...Unpacking liblinear4:amd64 (2.3.0+dfsg-3build1) ...Selecting previously unselected package liblua5.3-0:amd64.Preparing to unpack .../2-liblua5.3-0_5.3.3-1.1ubuntu2_amd64.deb ...Unpacking liblua5.3-0:amd64 (5.3.3-1.1ubuntu2) ...Selecting previously unselected package lua-lpeg:amd64.Preparing to unpack .../3-lua-lpeg_1.0.2-1_amd64.deb ...Unpacking lua-lpeg:amd64 (1.0.2-1) ...Selecting previously unselected package nmap-common.Preparing to unpack .../4-nmap-common_7.80+dfsg1-2build1_all.deb ...Unpacking nmap-common (7.80+dfsg1-2build1) ...Selecting previously unselected package nmap.Preparing to unpack .../5-nmap_7.80+dfsg1-2build1_amd64.deb ...Unpacking nmap (7.80+dfsg1-2build1) ...Setting up lua-lpeg:amd64 (1.0.2-1) ...Setting up libblas3:amd64 (3.9.0-1build1) ...update-alternatives: using /usr/lib/x86_64-linux-gnu/blas/libblas.so.3 to provide /usr/lib/x86_64-linux-gnu/libblas.so.3 (libblas.so.3-x86_64-linux-gnu) in auto modeSetting up nmap-common (7.80+dfsg1-2build1) ...Setting up liblua5.3-0:amd64 (5.3.3-1.1ubuntu2) ...Setting up liblinear4:amd64 (2.3.0+dfsg-3build1) ...Setting up nmap (7.80+dfsg1-2build1) ...Processing triggers for man-db (2.9.1-1) ...Processing triggers for libc-bin (2.31-0ubuntu9) ...
Copy
- And, run the -version to ensure it is installed.
$nmap -versionNmap version 7.80 ( https://nmap.org )Platform: x86_64-pc-linux-gnuCompiled with: liblua-5.3.3 openssl-1.1.1d nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.9.1 nmap-libdnet-1.12 ipv6Compiled without:Available nsock engines: epoll poll select
Installing Nmap On CentOS 6/7.x
- To install the Nmap package on CentOS, run the command:
sudo yum install nmap
Copy
$sudo yum install nmap
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.vcu.edu
* centos-sclo-rh: mirror.cc.columbia.edu
* centos-sclo-sclo: mirror.rackspace.com
* epel: reflector.westga.edu
* extras: centos5.zswap.net
* updates: mirror.jaleco.com
Resolving Dependencies
--> Running transaction check
---> Package nmap.x86_64 2:5.51-6.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================================================================================================================================
Installing:
nmap x86_64 2:5.51-6.el6 base 2.8 M
Transaction Summary
======================================================================================================================================================================================================================================================
Install 1 Package(s)
Total download size: 2.8 M
Installed size: 9.7 M
Is this ok [y/N]:
Copy
- The system will prompt to confirm and complete the installation. Type y and press Enter
Is this ok [y/N]: y
Downloading Packages:
nmap-5.51-6.el6.x86_64.rpm | 2.8 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 2:nmap-5.51-6.el6.x86_64 1/1
Verifying : 2:nmap-5.51-6.el6.x86_64 1/1
Installed:
nmap.x86_64 2:5.51-6.el6
Complete!
$
Copy
- Check if it was installed successfully and the version installed, execute the below command.
$nmap -version
Nmap version 5.51 ( http://nmap.org )
Installing Nmap on CentOS 8.x
- We will use DNF to install.
$sudo dnf install nmap -y
Last metadata expiration check: 0:58:54 ago on Fri 18 Sep 2020 07:04:54 PM UTC.
Dependencies resolved.
======================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================================================================================================================================================
Installing:
nmap x86_64 2:7.70-5.el8 AppStream 5.8 M
Installing dependencies:
nmap-ncat x86_64 2:7.70-5.el8 AppStream 237 k
Transaction Summary
======================================================================================================================================================================================================================================================
Install 2 Packages
Total download size: 6.1 M
Installed size: 25 M
Downloading Packages:
(1/2): nmap-ncat-7.70-5.el8.x86_64.rpm 669 kB/s | 237 kB 00:00
(2/2): nmap-7.70-5.el8.x86_64.rpm 9.2 MB/s | 5.8 MB 00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 8.0 MB/s | 6.1 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : nmap-ncat-2:7.70-5.el8.x86_64 1/2
Running scriptlet: nmap-ncat-2:7.70-5.el8.x86_64 1/2
Installing : nmap-2:7.70-5.el8.x86_64 2/2
Running scriptlet: nmap-2:7.70-5.el8.x86_64 2/2
Verifying : nmap-2:7.70-5.el8.x86_64 1/2
Verifying : nmap-ncat-2:7.70-5.el8.x86_64 2/2
Installed:
nmap-2:7.70-5.el8.x86_64 nmap-ncat-2:7.70-5.el8.x86_64
Complete!
$
Copy
With -y option, DNF/YUM will install the specified package without asking for confirmation.
DNF(Dandified Yum) is the new package manager in RHEL/CentOS 8 which can be used to install packages. It is the next-generation version of the YUM( Yellowdog Updater Modified) and intended to be a substitution of YUM in RPM-based systems.
- And, to verify the installation.
$nmap -version
Nmap version 7.70 ( https://nmap.org )
Platform: x86_64-redhat-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.1 libpcre-8.42 libpcap-1.9.0-PRE-GIT nmap-libdnet-1.12 ipv6
Compiled without: libssh2 libz
Available nsock engines: epoll poll select
Real-time Nmap Usage Example
We will see a few examples illustrating the usage of the Nmap command.
Scan for open ports
Syntax for nmap
nmap [Scan Type(s)] [Options] {target specification}
Target specification could be a hostname, IP address, domain name, network, subnet, etc.
Scan a domain
nmap scanme.nmap.org
Copy
$nmap scanme.nmap.org
Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-18 20:14 UTC
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.025s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
9929/tcp open nping-echo
31337/tcp open Elite
Nmap done: 1 IP address (1 host up) scanned in 1.73 seconds
Scan IP address
nmap 192.168.0.7
Copy
$nmap 192.168.0.7Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-18 20:12 UTCNmap scan report for server-1.geekflare.com (192.168.0.7)Host is up (0.034s latency).Not shown: 999 closed portsPORT STATE SERVICE22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds
Copy
Scan a subnet
nmap 192.168.0.0/24
Copy
$nmap 192.168.0.0/24Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-18 20:15 UTCNmap scan report for server-1.geekflare.com (192.168.0.7)Host is up (0.044s latency).Not shown: 999 closed portsPORT STATE SERVICE22/tcp open ssh Nmap scan report for server-2.geekflare.com (192.168.0.8)Host is up (0.046s latency).Not shown: 999 closed portsPORT STATE SERVICE22/tcp open ssh Nmap scan report for server-3.geekflare.com (192.168.0.9)Host is up (0.043s latency).Not shown: 999 closed portsPORT STATE SERVICE22/tcp open ssh Nmap scan report for server-4.geekflare.com (192.168.0.10)Host is up (0.044s latency).Not shown: 999 closed portsPORT STATE SERVICE22/tcp open ssh Nmap done: 256 IP addresses (4 hosts up) scanned in 4.67 seconds
Copy
Scanning multiple hosts
Scanning multiple hosts is easy!
- Add hostnames or IP addresses you want to scan one after another in a row
nmap 192.168.0.1 192.168.0.3 192.168.0.4
Copy
- Use comma
Above mentioned command could also be written as below to avoid mentioning the IP address again
nmap 192.168.0.1,3,4
Copy
- Use hyphens (-) to specify the IP address range as shown below
nmap 192.168.0.1-20
Copy
The above command will scan the first twenty hosts of the sub-network.
- Use wild cards to scan entire subnet –
nmap 192.168.0.*
Copy
The above command will scan for all 256 IP addresses in the subnet.
- Read Hosts from a file
You could specify all the hosts required to be scanned in a file and use the command below –
nmap -iL /tmp/hostfile
Copy
Example of host file –
cat /tmp/hostfile 192.168.0.1,2,4 scanme.nmap.org 10.0.0-255.1-254
Copy
- Exclude hosts from search
You could exclude a few hosts from a group search if you want.
nmap 192.168.0.* --exclude 192.168.0.2 nmap 192.168.0.1-40 --exclude 192.168.0.5,6,7
Copy
You could also exclude hosts from your search using the –excludefile flag
nmap 192.168.0.* --excludefile /tmp/hosts.txt
Ping Scan [-sn]
This is highly useful when you only need to know whether the host is alive or not and do not need information about open ports on the hosts.
This is often referred to as ‘Ping sweep’. In previously released versions of Nmap, -sn was known as -sP.
nmap -sn 192.168.1.0/24
Copy
$nmap -sn 192.168.1.0/24Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-18 19:39 UTCNmap scan report for server-7.geekflare.com (192.168.1.2)Host is up (0.033s latency).Nmap scan report for server-10.geekflare.com (192.168.1.3)Host is up (0.035s latency).Nmap scan report for server-13.geekflare.com (192.168.1.4)Host is up (0.10s latency).Nmap done: 256 IP addresses (3 hosts up) scanned in 9.85 seconds
Copy
In the above example, we could see, in the specified target subnet, out of 256 IP addresses scanned, only three hosts are up.
nmap -sn -n -v 192.168.0.0/24 -oG - | grep -iv down
Copy
-sn –> Ping scan.
-n –> Ignore the DNS resolution and speed up the scan.
-v –> Add verbose to get more information of scan.
-oG –> Provides the output in grepable format.
- –> Hyphen redirects the grepable output to standard output, which is then piped to grep.
-iv –> Ignore the lines having the word ‘down’.
$nmap -sn -n -v 192.168.0.0/24 -oG - | grep -iv down# Nmap 7.70 scan initiated Fri Sep 18 19:40:17 2020 as: nmap -sn -n -v -oG - 192.168.0.0/24# Ports scanned: TCP(0;) UDP(0;) SCTP(0;) PROTOCOLS(0;)Host: 192.168.0.7 () Status: UpHost: 192.168.0.8 () Status: UpHost: 192.168.0.9 () Status: UpHost: 192.168.0.10 () Status: Up# Nmap done at Fri Sep 18 19:40:20 2020 -- 256 IP addresses (4 hosts up) scanned in 2.91 seconds
Copy
We could see only four hosts are alive out of 256 IP addresses scanned in the subnet.
