Introduction
Nmap (Network Mapper) is an open-source tool specialized in network exploration and security auditing, originally published by Gordon "Fyodor" Lyon. The official website (http://nmap.org) describes it as follows:
Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
There are many other port scanners out there, but none of them even comes close to offering the flexibility and advanced options of Nmap.
The Nmap Scripting Engine (NSE) has revolutionized the possibilities of a port scanner by allowing users to write scripts that perform custom tasks using the host information collected by Nmap.
Additionally, the Nmap Project includes other great tools:
Zenmap: A graphical interface for Nmap
Ndiff: A tool for scan result comparison
Nping: An excellent tool for packet generation and traffic analysis
Ncrack: An Nmap-compatible tool for brute forcing network logins
Ncat: A debugging utility to read and write data across networks
Needless to say, it is essential that every security professional and network administrator master this tool to conduct security assessments, monitor, and administer networks efficiently.
Nmap's community is very active, and new features are added every week. I encourage you to always keep an updated copy in your arsenal, if you haven't done this already; and even better, to subscribe to the development mailing list at http://cgi.insecure.org/mailman/listinfo/nmap-dev.
This chapter describes how to do some of the most common tasks with Nmap, including port scanning and target enumeration. It also includes recipes that illustrate how handy Zenmap's profiles are, how to use Nping for NAT detection, and different applications of Ndiff, including how to set up a remote monitoring system with some help of bash scripting and cron. I've added as many reference links with additional material as possible; I recommend you visit them to learn more about the inner workings of the advanced scanning techniques performed by Nmap.
I've also created the website http://nmap-cookbook.com to post new, related material and additional recipes, so make sure you stop by from time to time.
