nmap

{{short description|Network scanner}}

{{Distinguish|mmap}}

{{Infobox software

| name = Nmap Security Scanner

| logo =

| screenshot = Nmap-behind-31c3.png

| screenshot size = 260px

| caption = Nmap scan results

| author = Gordon Lyon (Fyodor)

| developer =

| released = {{Start date and age|1997|09|df=yes}}

| latest release version = {{wikidata|property|preferred|references|edit|P348|P548=Q2804309}} | latest release date = {{Start date and age|{{wikidata|qualifier|preferred|single|P348|P548=Q2804309|P577}}|df=yes}}

| programming language = C, C++, Python, Lua

| operating system = Cross-platform

| platform =

| language = English

| genre = Network security

| license = NPSL{{cite web|title=Nmap Public Source License|url=https://svn.nmap.org/nmap/LICENSE|access-date=2021-12-15}} or modified GPLv2{{cite web|title=Nmap license|url=https://svn.nmap.org/nmap/COPYING|access-date=2019-01-21|archive-date=2018-07-20|archive-url=https://web.archive.org/web/20180720051328/https://svn.nmap.org/nmap/COPYING|url-status=dead}} or proprietary

| website = {{URL|https://nmap.org/}}

}}

Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich).{{cite news |title=Matrix mixes life and hacking |url=http://news.bbc.co.uk/2/hi/technology/3039329.stm |newspaper=BBC News |access-date=2018-10-28 |date=2003-05-19}} Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.{{Cite web|last=Joshi|first=Sagar|date=2021-02-25|title=What is Nmap And Why You Should Use It?|url=http://thehackreport.com/what-is-nmap-and-why-you-should-use-it/|access-date=2021-03-01|website=The Hack Report|language=en-US}}

Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection,{{cite web |url=https://nmap.org/book/nse.html#nse-intro |title=Nmap Scripting Engine: Introduction |website=Nmap.org |access-date=2018-10-28}} vulnerability detection, and other features. Nmap can adapt to network conditions including latency and congestion during a scan.

Nmap started as a Linux utility{{cite web |url=https://nmap.org/book/history-future.html |title=The History and Future of Nmap |website=Nmap.org |access-date=2018-10-28}} and was ported to other systems including Windows, macOS, and BSD.{{cite web |url=https://nmap.org/book/inst-other-platforms.html |title=Other Platforms |website=Nmap.org |access-date=2018-10-28}} It is most popular on Linux, followed by Windows.{{cite web |url=https://nmap.org/install/inst-windows.html |title=Nmap Installation for Windows |website=Nmap.org |access-date=2018-10-28}}

Features

Nmap features include:

  • Fast scan (nmap -F [target]) – Performing a basic port scan for fast result.
  • Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
  • Port scanning – Enumerating the open ports on target hosts.
  • Version detection – Interrogating network services on remote devices to determine application name and version number.{{cite web |url=https://nmap.org/book/vscan.html |title=Service and Application Version Detection |website=Nmap.org |access-date=2018-10-28}}
  • Ping Scan – Check host by sending ping requests.
  • TCP/IP stack fingerprinting – Determining the operating system and hardware characteristics of network devices based on observations of network activity of said devices.
  • Scriptable interaction with the target – using Nmap Scripting Engine{{cite web |url=https://nmap.org/book/nse.html |title=Nmap Scripting Engine |website=Nmap.org |access-date=2018-10-28}} (NSE) and Lua programming language.

Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.{{cite web |url=https://nmap.org/book/man.html |title=Nmap Reference Guide |website=Nmap.org |access-date=2018-10-28}}

Typical uses of Nmap:

  • Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.[https://nmap.org/book/nmap-overview-and-demos.html Nmap Overview and Demonstration].
  • Identifying open ports on a target host in preparation for auditing.[https://nmap.org/press/computerworld_when_good_scanners_go_bad.txt When Good Scanners Go Bad], From [http://www.computerworld.com/home/print.nsf/all/9903229872] {{Webarchive|url=https://web.archive.org/web/20000614043859/http://www.computerworld.com/home/print.nsf/all/9903229872|date=2000-06-14}}, Computerworld 22 March 1999
  • Network inventory, network mapping, maintenance and asset management.{{Cite web |title=Linux.lat |url=https://linux.lat/mastering-nmap-nse-script-development-a-comprehensive-guide/ |access-date=2024-07-01 |website=Google News |date=27 June 2024 |language=en-US}}
  • Auditing the security of a network by identifying new servers.{{cite web |url=http://heavyk.org/nmap-audit/nmap-audit-pod.html |archive-url=https://web.archive.org/web/20090401141545/http://heavyk.org/nmap-audit/nmap-audit-pod.html |title=nmap-audit – Network auditing with Nmap |website=heavyk.org |url-status=dead |archive-date=2009-04-01 |access-date=2018-10-28}}
  • Generating traffic to hosts on a network, response analysis and response time measurement.{{cite web

|url=https://nmap.org/nping/

|title=Nping - Network packet generation tool / ping utility

|website=Nmap.org

|access-date=2018-10-28}}

  • Finding and exploiting vulnerabilities in a network.{{cite web

|last=Leyden

|first=John |title=Revealed ... GCHQ's incredible hacking tool to sweep net for vulnerabilities: Nmap |url=https://www.theregister.co.uk/2014/08/15/gchq_port_scan_hacienda/ |date=2014-08-15 |website=TheRegister.co.uk

|access-date=2018-10-28}}

User interfaces

NmapFE, originally written by Kanchan, was Nmap's official GUI for Nmap versions 2.2 to 4.22. For Nmap 4.50 (originally in the 4.22SOC development series) NmapFE was replaced with Zenmap, a new official graphical user interface based on UMIT, developed by Adriano Monteiro Marques.

Web-based interfaces exist that allow either controlling Nmap or analysing Nmap results from a web browser, such as IVRE.{{cite web |url=https://ivre.rocks/ |title=IVRE homepage |access-date=2018-10-28}}

Image:Zenmap.png|Zenmap, showing results for a port scan against Wikipedia

Image:Nmapfe screenshot.png|NmapFE, showing results for a port scan against Wikipedia

Image:Xnmap.png|XNmap, a Mac OS X GUI

Output

Four different output formats are offered by Nmap. Everything is saved to a file except the interactive output. Text processing software can be used to modify Nmap output, allowing the user to customize reports.{{cite web |url=https://nmap.org/book/man-output.html |title=Nmap Reference Guide: Output |website=Nmap.org |access-date=2018-10-29}}

; Interactive: presented and updated real time when a user runs Nmap from the command line. Various options can be entered during the scan to facilitate monitoring.

; XML: a format that can be further processed by XML tools. It can be converted into a HTML report using XSLT.

; Grepable: output that is tailored to line-oriented processing tools such as grep, sed, or awk.

; Normal: the output as seen while running Nmap from the command line, but saved to a file.

; Script kiddie:meant to be an amusing way to format the interactive output replacing letters with their visually alike number representations. For example, Interesting ports becomes Int3rest1ng p0rtz. This is known as Leet.

History

Nmap was first published in September 1997, as an article in Phrack Magazine with source-code included.{{cite magazine |url=http://phrack.org/issues/51/11.html#article |magazine=Phrack Magazine|title=The Art of Port Scanning |volume=7 |issue=51 |date=1997-09-01 |access-date=2018-10-29}} With help and contributions of the computer security community, development continued. Enhancements included operating system fingerprinting, service fingerprinting, code rewrites (C to C++), additional scan types, protocol support (e.g. IPv6, SCTP{{cite web |url=https://www.roe.ch/Nmap_SCTP |title=SCTP Support for Nmap |website=Roe.ch |date=2011-05-10 |access-date=2018-10-29}}) and new programs that complement Nmap's core features.

Major releases include:

class="wikitable"
DateVersionSignificance
style="text-align:right;white-space:nowrap;" | {{Start date and age|1998|12|12}}Nmap 2.00Nmap 2.00 is released, including Operating System fingerprinting{{cite web |url=https://nmap.org/book/history-future.html#history |title=The History and Future of Nmap |publisher=Nmap.org |access-date=2018-10-29}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|1999|04|11}}NmapFEA GTK+ front end, is bundled with Nmap
style="text-align:right;white-space:nowrap;" | {{Start date and age|2000|12|07}}Windows port{{cite web |url=https://nmap.org/changelog.html |title=Nmap Changelog |publisher=Nmap.org |access-date=2018-10-29}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|2002|08|28}}Rewrite from C to C++
style="text-align:right;white-space:nowrap;" | {{Start date and age|2003|09|16}}The first public release to include service version detection
style="text-align:right;white-space:nowrap;" | {{Start date and age|2004|08|31}}Nmap 3.70Core scan engine rewritten for version 3.70. New engine is called ultra_scan{{cite web |url=https://seclists.org/nmap-announce/2004/10 |title=Nmap 3.70 Released—Core Scan Engine Rewrite! |publisher=Seclists.org |date=2004-08-31 |access-date=2018-10-29}}
style="text-align:center;" | Summer 2005Nmap selected for participation in Google Summer of Code.{{cite web |url=https://seclists.org/nmap-announce/2005/7 |title=Google sponsors Nmap summer student developers |publisher=Seclists.org |date=2005-06-02 |access-date=2018-10-29}} Added features included Zenmap, Nmap Scripting Engine (NSE), Ncat, and 2nd-generation OS detection.
style="text-align:right;white-space:nowrap;" | {{Start date and age|2007|12|13}}Nmap 4.50Nmap 4.50, the 10th Anniversary Edition, was released. Included Zenmap, 2nd-generation OS detection, and the Nmap Scripting Engine{{cite web |url=https://insecure.org/stf/Nmap-4.50-Release.html |title=Nmap 4.50 Press Release |publisher=Insecure.org |date=2007-12-13 |access-date=2018-10-29}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|2009|03|30}}style="white-space:nowrap;" | Nmap 4.85BETA5Emergency release of Nmap 4.85BETA5, leveraging NSE to detect Conficker infections{{cite web |url=https://seclists.org/nmap-dev/2009/q1/870 |title=Nmap 4.85BETA5: Now with Conficker detection! |publisher=Seclists.org |date=2009-03-30 |access-date=2018-10-29}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|2009|07|16}}Nmap 5.00Included netcat-replacement Ncat and Ndiff scan comparison tool{{cite web |url=https://nmap.org/5/ |title=Nmap 5.00 Released |publisher=Nmap.org |date=2009-07-16 |access-date=2018-10-29}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|2011|01|28}}Nmap 5.50Included Nping packet generation response analysis and response time measurement, including TCP, UDP and ICMP probe modes.{{Cite web|url=https://github.com/nmap/nmap|title=nmap/nping/docs/nping.1 at master · nmap/nmap|website=GitHub}}{{cite web |url=https://seclists.org/nmap-announce/2011/0 |title=Nmap 5.50: Now with Gopher protocol support! |publisher=Seclists.org |date=2011-01-28 |access-date=2018-10-29}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|2012|05|21}}Nmap 6.00Released with full IPv6 support.{{Citation needed|date=January 2014}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|2015|11|09}}Nmap 7.00 {{cite web |url=https://nmap.org/7/ |title=Nmap 7 Released |publisher=Nmap.org |date=2015-11-19 |access-date=2018-10-29}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|2016|12|20}}Nmap 7.40
style="text-align:right;white-space:nowrap;" | {{Start date and age|2018|03|20}}Nmap 7.70 {{cite web |url=https://nmap.org/changelog.html#7.70 |title=Nmap 7.70 |publisher=Nmap.org |date=2018-03-20 |access-date=2018-10-29}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|2019|08|10}}Nmap 7.80 {{cite web |url=https://nmap.org/changelog.html#7.80 |title=Nmap 7.80 |publisher=Nmap.org |date=2019-08-10 |access-date=2019-08-10}}
style="text-align:right;white-space:nowrap;" | {{Start date and age|2020|10|03}}Nmap 7.90 {{cite web |url=https://nmap.org/changelog.html#7.90 |title=Nmap 7.90 |publisher=Nmap.org |date=2019-10-03 |access-date=2020-10-03}}The new fingerprints allow better operating system and service/version detection. 3 new NSE scripts, new protocol library and payloads for host discovery, port scanning and version detection. Npcap 1.0.0, the first fully stable version of the Windows raw packet capturing/sending driver.

Legal issues

Nmap is a tool that can be used to discover services running on Internet connected systems. Like any tool, it could potentially be used for black hat hacking,{{cite news |url=https://www.securityfocus.com/news/10011 |title=Hacking tool reportedly draws FBI subpoenas |publisher=SecurityFocus.com |date=2004-11-24 |access-date=2018-10-29 |first=Kevin |last=Poulsen}} as a precursor to attempts to gain unauthorized access to computer systems. However, Nmap is also used by security and systems administrators to assess their own networks for vulnerabilities (i.e. white hat hacking).

System administrators can use Nmap to search for unauthorized servers, or for computers that do not conform to security standards.{{cite magazine |url=https://www.techsupportalert.com/pdf/t04123.pdf |title=How To Conduct A Security Audit |magazine=PC Network Advisor |date=July 2000 |issue=120 |access-date=2018-10-29 |archive-date=2021-04-27 |archive-url=https://web.archive.org/web/20210427043529/https://www.techsupportalert.com/pdf/t04123.pdf |url-status=dead }}

In 2003 Supreme Court of Finland has ruled that port scanning has amounted to an attempted computer break in, which was illegal under Finnish Penal code at the time:{{cite web|title=First ruling by the Supreme Court of Finland on attempted break-in |year=2003 |url=http://www.osborneclarke.com/publications/text/ITM0903f.htm |publisher=Osborne Clarke |url-status=dead |archive-url=https://web.archive.org/web/20050505213444/http://www.osborneclarke.com/publications/text/ITM0903f.htm |archive-date=2005-05-05 |access-date=2018-10-29}}

In its ruling the Supreme Court stated that the defendant had systematically carried out port scanning operations to gather information for the purpose of unauthorised break-in to the bank's computer network. This amounted to an attempted computer break in.

License

Nmap was originally distributed under the GNU General Public License (GPL). In later releases, Nmap's authors added clarifications and specific interpretations to the license where they felt the GPL was unclear or lacking.{{cite web |title=Important Nmap License Terms |url=https://svn.nmap.org/nmap/COPYING |publisher=Nmap.org |access-date=2018-10-29 |archive-date=2018-07-20 |archive-url=https://web.archive.org/web/20180720051328/https://svn.nmap.org/nmap/COPYING |url-status=dead }} For instance, Nmap 3.50 specifically revoked the license of SCO Group to distribute Nmap software because of their views on the SCO-Linux controversies.{{cite web |title=Nmap 3.50 Press Release |url=https://insecure.org/stf/Nmap-3.50-Release.html |date=2004-02-20 |access-date=2018-10-29}}

Starting with version 7.90, Nmap transitions to a new custom license NPSL, dual-licensing versions 7.90, 7.91, and 7.92 under both old and new licenses.{{cite web |title=Nmap Public Source License |url=https://nmap.org/npsl/ |publisher=Nmap.org |access-date=2021-12-15}} Several Linux distributions consider the new license non-free.{{cite web |url=https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/thread/GZIDC4DHXZP67LFU7P2OT2AQVDJRHZ2M/ |title=Nmap Public Source License (NPSL) Version 0.92 |publisher=Fedora Mailing-Lists |access-date=2021-12-15}}{{cite web |url=https://bugs.gentoo.org/show_bug.cgi?id=749390 |title=Add NPSL (nmap license) to MISC_FREE |publisher=Gentoo's Bugzilla |access-date=2021-12-15}}

In academia

Nmap is an integral part of academic activities. It has been used for research involving the TCP/IP protocol suite and networking in general.{{cite journal | title=Validation of sensor alert correlators

|date=2003-02-19

|doi=10.1109/MSECP.2003.1176995

|journal=IEEE Security & Privacy

|volume=99 |issue=1| pages=46–56 | last1=Haines | first1=J. | last2=Ryder | first2=D.K. | last3=Tinnel | first3=L. | last4=Taylor | first4=S. }} Besides being a research tool, Nmap has also become a research topic.{{cite book |first1=João Paulo S. |title = Computational Intelligence in Security for Information Systems|volume = 63|pages = 1–8|last1=Medeiros |first2=Agostinho M. |last2=Brito Jr. |first3=Paulo S. Motta |last3=Pires | chapter=A Data Mining Based Analysis of Nmap Operating System Fingerprint Database | doi=10.1007/978-3-642-04091-7_1 |series = Advances in Intelligent and Soft Computing|year = 2009|isbn = 978-3-642-04090-0}}

Examples

$ nmap -f -v -A scanme.nmap.org

Starting Nmap 6.47 ( https://nmap.org ) at 2014-12-29 20:02 CET

Nmap scan report for scanme.nmap.org (74.207.244.221)

Host is up (0.16s latency).

Not shown: 997 filtered ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0)

| ssh-hostkey:

| 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)

|_ 2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)

80/tcp open http Apache httpd 2.2.14 ((Ubuntu))

|_http-title: Go ahead and ScanMe!

9929/tcp open nping-echo Nping echo

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

Device type: general purpose|phone|storage-misc|WAP

Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (94%), Netgear RAIDiator 4.X (86%)

OS CPE: cpe:/o:linux:linux_kernel:2.6.38 cpe:/o:linux:linux_kernel:3 cpe:/o:netgear:raidiator:4 cpe:/o:linux:linux_kernel:2.4

Aggressive OS guesses: Linux 2.6.38 (94%), Linux 3.0 (92%), Linux 2.6.32 - 3.0 (91%), Linux 2.6.18 (91%), Linux 2.6.39 (90%), Linux 2.6.32 - 2.6.39 (90%), Linux 2.6.38 - 3.0 (90%), Linux 2.6.38 - 2.6.39 (89%), Linux 2.6.35 (88%), Linux 2.6.37 (88%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 13 hops

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 14.21 ms 151.217.192.1

2 5.27 ms ae10-0.mx240-iphh.shitty.network (94.45.224.129)

3 13.16 ms hmb-s2-rou-1102.DE.eurorings.net (134.222.120.121)

4 6.83 ms blnb-s1-rou-1041.DE.eurorings.net (134.222.229.78)

5 8.30 ms blnb-s3-rou-1041.DE.eurorings.net (134.222.229.82)

6 9.42 ms as6939.bcix.de (193.178.185.34)

7 24.56 ms 10ge10-6.core1.ams1.he.net (184.105.213.229)

8 30.60 ms 100ge9-1.core1.lon2.he.net (72.52.92.213)

9 93.54 ms 100ge1-1.core1.nyc4.he.net (72.52.92.166)

10 181.14 ms 10ge9-6.core1.sjc2.he.net (184.105.213.173)

11 169.54 ms 10ge3-2.core3.fmt2.he.net (184.105.222.13)

12 164.58 ms router4-fmt.linode.com (64.71.132.138)

13 164.32 ms scanme.nmap.org (74.207.244.221)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 28.98 seconds

See also

Bibliography

{{Refbegin}}

  • {{Cite book

| first1 = Gordon

| last1 = Fyodor Lyon

| date = 1 January 2009

| title = Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

| publisher = Insecure.com LLC

| page = 468

| isbn = 978-0-9799587-1-7

| url = https://nmap.org/book/

}}

{{Refend}}

References

{{Reflist}}