Ethical Hacking with Kali Linux – Nmap (Network Mapper)

‘Nmap’, basically Network Mapper, is a port scanning utility/tool. It helps determine whether ports are open or closed. It also helps find out the operating system running on the host or target machine (along with services of ports).

Let’s Start…

(assign the IP of target OS, domain or system along with Nmap)


The above command gives: Port, State and Services and the MAC of particular 1 IP address.

Similarly, for the entire range:

nmap – 255

And for the entire subnet:


Now, for only PING scan:

nmap -sP 192.168.1.*

‘*’ indicates entire subnet or range, and gives the result as ‘host is up’ and also their MAC address.

nmap -sS -P0 -sV -o

-sS indicates TCP SYN request, -P0 asks for protocols, -sV indicates version of OS if possible, -o refers for OS if available. 0-50 is for range of IP addresses that Nmap tries to get information from.

nmap -T5

-T5 refers to a Timewise scan and makes for a faster scan.

nmap –top-ports 15

Scans for the random top 15 ports, which are likely to be open/up often. (Don’t perform this scan on network that you don’t own.)

nmap -sT -p80

-sT represents TCP connect scan type probe. -p80 is for port 80. By this Nmap command, we’re trying to discover the web services along with their port.

nmap -v

-v is for depth scan (takes a little more time)

nmap 192.168.0.* –exclude

Scans the network, excluding 1 host, i.e.

Let’s see NSE (Nmap Script Engine): Built in scripts of Nmap

nmap –script=default

Uses default group of scripts, and gives an in-depth analysis about Nmap scan report. There are lots of other NSE scripts. Run them at your own risks (first read them well, analyze them and only run on the network/system you own or have permission to test.)

We can see help for script by executing following Nmap command:

nmap –script-help discovery

This is all about Nmap. Remember, Nmap is the King of Scanners. There are lots of commands apart from the ones mentioned here