Ethical Hacking with Kali Linux – Part 6: Nmap (Network Mapper)

July 1, 2016 | Views: 27228

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Ethical Hacking with Kali Linux – Part 6: Nmap (Network Mapper)

> > ‘Nmap’, basically Network Mapper, is a port scanning utility/tool. It helps determine whether ports are open or closed. It also helps find out the operating system running on the host or target machine (along with services of ports).

> > We can run Nmap Scripts via CLI and also we can use GUI (Zenmap).


Let’s Start…

(assign the IP of target OS, domain or system along with Nmap)

~ nmap 

The above command gives: Port, State and Services and the MAC of particular 1 IP address.

Similarly, for the entire range:

~ nmap – 255

And for the entire subnet:

~ nmap

Now, for only PING scan:

~ nmap -sP 192.168.1.* 

‘*’ indicates entire subnet or range, and gives the result as ‘host is up’ and also their MAC address.

~ nmap -sS -P0 -sV -o

-sS indicates TCP SYN request, -P0 asks for protocols, -sV indicates version of OS if possible, -o refers for OS if available. 0-50 is for range of IP addresses that Nmap tries to get information from.

~ nmap -T5 

-T5 refers to a Timewise scan and makes for a  faster scan.

~ nmap –top-ports 15

Scans for the random top 15 ports, which are likely to be open/up often. (Don’t perform this scan on network that you don’t own.)

~ nmap -sT -p80

-sT represents TCP connect scan type probe. -p80 is for port 80. By this Nmap command, we’re trying to discover the web services along with their port.

~ nmap -v

-v is for depth scan (takes a little more time)

~ nmap 192.168.0.* –exclude

Scans the network, excluding 1 host, i.e.


Let’s see NSE (Nmap Script Engine): Built in scripts of Nmap

~ nmap –script=default 

Uses default group of scripts, and gives an in-depth analysis about Nmap scan report. There are lots of other NSE scripts. Run them at your own risks (first read them well, analyze them and only run on the network/system you own or have permission to test.)

We can see help for script by executing following Nmap command:

~ nmap –script-help discovery


Well, well, well. This is all about Nmap. Remember, Nmap is the King of Scanners. There are lots of commands apart from the ones mentioned here. Do research, search them and practice on your own system or network.

A quick note: This series is only for educational purpose. Practice this series in a lab, in a virtual/separate network and always avoid illegal activities. If you can, then support us in fighting the bad guys.


See the other posts in this series:

Ethical Hacking with Kali Linux – Part 1: Objective
Ethical Hacking with Kali Linux – Part 2: Finding Hidden SSIDS
Ethical Hacking with Kali Linux – Part 3: Bypassing Mac Address Filter
Ethical Hacking with Kali Linux – Part 4: Breaking WPA2 Wireless
Ethical Hacking with Kali Linux – Part 5: Rogue Wireless Access Points

By : Bijay Acharya

Follow me :

Subscribe my Tutorial Channel :

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. thanks alot

  2. Niceee! Thanks!

  3. Thank you,

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?