how to use nmap in kali linux

How to Use NMAP in Kali Linux

Network Mapper (also known as NMAP) is an important and popular network scanning tool. It is used to detect live systems on your network and also find out security loopholes in them. It is available for all operating systems and also comes with a GUI. In this article, we will learn how to use NMAP in different ways, in Kali Linux. You can use the same commands on other Linux systems too.

How to Use NMAP in Kali Linux

You can easily start NMAP directly from terminal using the following command. You may be prompted for your password or root password to proceed.

$ startx

If you are using Desktop, then you can start NMAP by going to Applications->System->Root Terminal and then running the above command.

Find Live Hosts on Your Network

Let us say you want to find live host on machine with IP then you can do so with the following command.

$ nmap -sL

The above command will tell NMAP to do a quick scan. If the above command doesn’t return any result, you can use the following command. It tells NMAP to scan each IP address in the CIDR.

$ nmap -sn

Find Open Ports via NMAP

You can also scan a range of ports using NMAP on a host. Here is the command to scan ports 80-100 on IP address

$ nmap,80-100

Find Services Listening on Port

If you want to list all services listening on various ports of a host, run the following command. Here is an example to list all services that are listening to one of the posts on

$ nmap -sV

It will only list services that listening to a port. It will not list processes that are running internally.

Check if Anonymous FTP Logins are allowed

Here is the command to check if anonymous FTP logins are allowed or not, on a given host IP.

$ nmap -sC -p 21

Check Host Vulnerabilities

NMAP also provides commands to automatically check vsftpd for vulnerabilities. NMAP comes with numerous scripts for testing purposes. We will find the location of script to run a backdoor vulnerability check of vsftpd.

$ locate .nse | grep ftp

Once we have the location of our script, we will run it with the following command.

$ nmap --script-help=ftp-vsftd-backdoor.nse

If you don’t add any IP address after the above command, NMAP will check your own machine for vulnerability. If you want to check another IP address (e.g. for vulnerability, run the following command.

$ nmap --script=ftp-vsftpd-backdoor.nse -p 21

Please note, you can add your own scripts to perform automated tests. You need to save your script with a .nse extension and place it in the same location as other scripts, mostly at /usr/share/nmap/scripts.

In this article, we have learnt how to work with NMAP command in various ways.

Also read:

How to Install VirtualBox in Ubuntu
How to Pass Parameter in MySQL Query
How to Combine Querysets in Django
How to Get Field Value in Django Queryset
How to Convert Markdown to HTML in Python

Leave a Reply

Your email address will not be published. Required fields are marked *