Network Mapper (also known as NMAP) is an important and popular network scanning tool. It is used to detect live systems on your network and also find out security loopholes in them. It is available for all operating systems and also comes with a GUI. In this article, we will learn how to use NMAP in different ways, in Kali Linux. You can use the same commands on other Linux systems too.
How to Use NMAP in Kali Linux
You can easily start NMAP directly from terminal using the following command. You may be prompted for your password or root password to proceed.
$ startx
If you are using Desktop, then you can start NMAP by going to Applications->System->Root Terminal and then running the above command.
Find Live Hosts on Your Network
Let us say you want to find live host on machine with IP 192.168.56.10 then you can do so with the following command.
$ nmap -sL 192.168.56.0/24
The above command will tell NMAP to do a quick scan. If the above command doesn’t return any result, you can use the following command. It tells NMAP to scan each IP address in the CIDR.
$ nmap -sn 192.168.56.0/24
Find Open Ports via NMAP
You can also scan a range of ports using NMAP on a host. Here is the command to scan ports 80-100 on IP address 192.168.56.1
$ nmap 192.168.56.1,80-100
Find Services Listening on Port
If you want to list all services listening on various ports of a host, run the following command. Here is an example to list all services that are listening to one of the posts on 192.168.56.10.
$ nmap -sV 192.168.56.10
It will only list services that listening to a port. It will not list processes that are running internally.
Check if Anonymous FTP Logins are allowed
Here is the command to check if anonymous FTP logins are allowed or not, on a given host IP.
$ nmap -sC 192.168.56.10 -p 21
Check Host Vulnerabilities
NMAP also provides commands to automatically check vsftpd for vulnerabilities. NMAP comes with numerous scripts for testing purposes. We will find the location of script to run a backdoor vulnerability check of vsftpd.
$ locate .nse | grep ftp
Once we have the location of our script, we will run it with the following command.
$ nmap --script-help=ftp-vsftd-backdoor.nse
If you don’t add any IP address after the above command, NMAP will check your own machine for vulnerability. If you want to check another IP address (e.g. 192.168.56.10) for vulnerability, run the following command.
$ nmap --script=ftp-vsftpd-backdoor.nse 192.168.56.10 -p 21
Please note, you can add your own scripts to perform automated tests. You need to save your script with a .nse extension and place it in the same location as other scripts, mostly at /usr/share/nmap/scripts.
In this article, we have learnt how to work with NMAP command in various ways.
Also read:
How to Install VirtualBox in Ubuntu
How to Pass Parameter in MySQL Query
How to Combine Querysets in Django
How to Get Field Value in Django Queryset
How to Convert Markdown to HTML in Python
Sreeram has more than 10 years of experience in web development, Python, Linux, SQL and database programming.