None

๐ŸŸข 1. What is Nmap?

Nmap (Network Mapper) is a security scanner used to:

  • Discover hosts
  • Scan ports
  • Identify services & versions
  • Detect operating systems
  • Run security scripts (NSE)
  • Perform firewall/IDS testing

๐ŸŸฉ 2. Installation

Kali Linux

Already installed.

Ubuntu/Debian

sudo apt install nmap

Windows

Download from the official Nmap site.

๐ŸŸข 3. Beginner Level โ€” Core Fundamentals

โœ”๏ธ 3.1 Scan if a host is alive (Ping Scan)

nmap -sn 192.168.1.0/24

โœ”๏ธ 3.2 Basic Port Scan

nmap 192.168.1.10

Scans top 1000 ports.

โœ”๏ธ 3.3 Scan Specific Ports

nmap -p 80,443 192.168.1.10

โœ”๏ธ 3.4 Scan All Ports (1โ€“65535)

nmap -p- 192.168.1.10

๐ŸŸฆ 4. Intermediate โ€” Port Scan Types

โœ”๏ธ 4.1 SYN Scan (Stealthy & Fast)

Most used scan in pentesting.

nmap -sS 192.168.1.10

โœ”๏ธ 4.2 TCP Connect Scan

nmap -sT 192.168.1.10

โœ”๏ธ 4.3 UDP Scanning

nmap -sU 192.168.1.10

โœ”๏ธ 4.4 Combine TCP & UDP

nmap -sSU 192.168.1.10

๐ŸŸฆ 5. Intermediate โ€” Service & OS Detection

โœ”๏ธ Version Detection (service versions)

nmap -sV 192.168.1.10

โœ”๏ธ OS Detection

nmap -O 192.168.1.10

โœ”๏ธ Aggressive Scan (services + OS + scripts + traceroute)

nmap -A 192.168.1.10

๐ŸŸช 6. Advanced โ€” Nmap Scripting Engine (NSE)

NSE lets you automate:

  • Vulnerability scans
  • Web scanning
  • Brute forcing (in authorized tests)
  • Malware detection

โœ”๏ธ Default scripts

nmap -sC 192.168.1.10

โœ”๏ธ Vulnerability scripts

nmap --script vuln 192.168.1.10

โœ”๏ธ HTTP enumeration scripts

nmap --script http-headers,http-title,http-methods 192.168.1.10

โœ”๏ธ SMB vulnerability checks

nmap --script smb-vuln* 192.168.1.10

๐Ÿ”ฅ 7. Advanced โ€” Firewall & IDS Evasion Techniques

Used only to test your own network's defenses.

โœ”๏ธ 7.1 Packet Fragmentation

nmap -f 192.168.1.10

โœ”๏ธ 7.2 Custom MTU

nmap --mtu 32 192.168.1.10

โœ”๏ธ 7.3 Decoy Scans

Makes your scan harder to pinpoint.

nmap -D RND:10 192.168.1.10

โœ”๏ธ 7.4 MAC Address Spoofing

nmap --spoof-mac 0 192.168.1.10

โœ”๏ธ 7.5 Source Port Trick

Useful when firewalls trust certain ports (e.g., DNS).

nmap --source-port 53 192.168.1.10

โœ”๏ธ 7.6 Bypass IDS by Slowing Scan

nmap -T1 192.168.1.10

๐Ÿ”ฅ 8. Advanced โ€” Full-Scan Example

This combines multiple techniques for a professional pentest:

nmap -sS -p- -sV -O -A \
--script vuln \
--spoof-mac 0 \
-D RND:5 \
-f \
--source-port 53 \
-T2 \
192.168.1.10

๐ŸŸฃ 9. OSINT Integration

Nmap helps to:

  • Identify exposed services
  • Determine technologies used
  • Map attack surfaces
  • Feed data into tools like Shodan, Maltego, Spiderfoot

Examples:

โœ”๏ธ HTTP tech fingerprinting

nmap --script http-server-header 192.168.1.10

โœ”๏ธ DNS OSINT

nmap --script dns-brute example.com

๐ŸŸก 10. Continuous Practice Labs

I can guide you through hands-on labs using:

  • Kali Linux
  • Metasploitable 2 & 3
  • DVWA
  • VulnHub machines
  • TryHackMe scanning rooms
  • HackTheBox Nmap-focused tasks

โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€” โ€”

If you want more Content about Cybersecurity and Penetration Testing Then don't Forgot To Follow Us

SHARE & SUPPORT โšก๏ธโœ… โค๏ธ