Nmap is usually used through a command-line interface. To verify if Nmap is already installed in Linux, run the
nmap --version command:
root@kali:~# nmap --version Nmap version 7.01 ( https://nmap.org ) Platform: x86_64-pc-linux-gnu Compiled with: liblua-5.2.4 openssl-1.0.2e libpcre-8.38 libpcap-1.7.4 nmap-libdn et-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select
If you don’t have Nmap installed, install it using the sudo apt-get install nmap command.
The official website, nmap.org, offers a machine that can be scanned to help people learn about Nmap. It is available at scanme.nmap.org. To scan this machine with default settings, simply run nmap scanme.nmap.org:
root@kali:~# nmap scanme.nmap.org Starting Nmap 7.01 ( https://nmap.org ) at 2016-03-03 19:41 CET Nmap scan report for scanme.nmap.org (22.214.171.124) Host is up (1.5s latency). Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f Not shown: 994 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp filtered smtp 80/tcp open http 514/tcp filtered shell 9929/tcp open nping-echo 31337/tcp open Elite Nmap done: 1 IP address (1 host up) scanned in 45.55 seconds
As you can see from the output above, Nmap provided a report indicating which ports are open on scanme.nmap.org. For example, the line 22/tcp open ssh indicates that the TCP port 22 is open, and that the ssh service is probably running on that port.
We can also scan a computer inside our LAN:
root@kali:~# nmap 192.168.5.102 Starting Nmap 7.01 ( https://nmap.org ) at 2016-03-03 19:46 CET Nmap scan report for 192.168.5.102 Host is up (1.0s latency). Not shown: 977 closed ports PORT STATE SERVICE 21/tcp open ftp 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 111/tcp open rpcbind 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 514/tcp filtered shell 593/tcp open http-rpc-epmap 636/tcp open ldapssl 2049/tcp open nfs 3260/tcp open iscsi 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49157/tcp open unknown 49158/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 100.94 seconds
As you can see from the output above, the local machine 192.168.5.102 (it is a Windows Server 2012 instance) has been scanned.