Nmap

Last updated
Nmap Security Scanner
Original author(s) Gordon Lyon (Fyodor)
Initial releaseSeptember 1997;26 years ago (1997-09)
Stable release
7.95 [1] [2]   OOjs UI icon edit-ltr-progressive.svg / 23 April 2024;13 days ago (23 April 2024)
Repository
Written in C, C++, Python, Lua
Operating system Cross-platform
Available in English
Type Network security
License NPSL [3] or modified GPLv2 [4] or proprietary
Website nmap.org

Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich). [5] Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. [6]

Contents

Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, [7] vulnerability detection, [7] and other features. Nmap can adapt to network conditions including latency and congestion during a scan.

Nmap started as a Linux utility [8] and was ported to other systems including Windows, macOS, and BSD. [9] It is most popular on Linux, followed by Windows. [10]

Features

Nmap features include:

Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses. [13]

Typical uses of Nmap:

User interfaces

NmapFE, originally written by Kanchan, was Nmap's official GUI for Nmap versions 2.2 to 4.22. [19] For Nmap 4.50 (originally in the 4.22SOC development series) NmapFE was replaced with Zenmap, a new official graphical user interface based on UMIT, developed by Adriano Monteiro Marques.

Web-based interfaces exist that allow either controlling Nmap or analysing Nmap results from a web browser, such as IVRE. [20]

Output

Four different output formats are offered by Nmap. Everything is saved to a file except the interactive output. Text processing software can be used to modify Nmap output, allowing the user to customize reports. [21]

Interactive
presented and updated real time when a user runs Nmap from the command line. Various options can be entered during the scan to facilitate monitoring.
XML
a format that can be further processed by XML tools. It can be converted into a HTML report using XSLT.
Grepable
output that is tailored to line-oriented processing tools such as grep, sed, or awk.
Normal
the output as seen while running Nmap from the command line, but saved to a file.
Script kiddie
meant to be an amusing way to format the interactive output replacing letters with their visually alike number representations. For example, Interesting ports becomes Int3rest1ng p0rtz. This is known as Leet.

History

Nmap was first published in September 1997, as an article in Phrack Magazine with source-code included. [22] With help and contributions of the computer security community, development continued. Enhancements included operating system fingerprinting, service fingerprinting, [11] code rewrites (C to C++), additional scan types, protocol support (e.g. IPv6, SCTP [23] ) and new programs that complement Nmap's core features.

Major releases include: [19]

DateVersionSignificance
December 12, 1998;25 years agoNmap 2.00Nmap 2.00 is released, including Operating System fingerprinting [24]
April 11, 1999;25 years agoNmapFEA GTK+ front end, is bundled with Nmap [24]
December 7, 2000;23 years agoWindows port [19]
August 28, 2002;21 years agoRewrite from C to C++ [19]
September 16, 2003;20 years agoThe first public release to include service version detection [19]
August 31, 2004;19 years agoNmap 3.70Core scan engine rewritten for version 3.70. New engine is called ultra_scan [25]
Summer 2005Nmap selected for participation in Google Summer of Code. [26] Added features included Zenmap, Nmap Scripting Engine (NSE), Ncat, and 2nd-generation OS detection.
December 13, 2007;16 years agoNmap 4.50Nmap 4.50, the 10th Anniversary Edition, was released. Included Zenmap, 2nd-generation OS detection, and the Nmap Scripting Engine [27]
March 30, 2009;15 years agoNmap 4.85BETA5Emergency release of Nmap 4.85BETA5, leveraging NSE to detect Conficker infections [28]
July 16, 2009;14 years agoNmap 5.00Included netcat-replacement Ncat and Ndiff scan comparison tool [29]
January 28, 2011;13 years agoNmap 5.50Included Nping packet generation response analysis and response time measurement, including TCP, UDP and ICMP probe modes. [30] [31]
May 21, 2012;11 years agoNmap 6.00Released with full IPv6 support.[ citation needed ]
November 9, 2015;8 years agoNmap 7.00 [32]
December 20, 2016;7 years agoNmap 7.40
March 20, 2018;6 years agoNmap 7.70 [33]
August 10, 2019;4 years agoNmap 7.80 [34]
October 3, 2020;3 years agoNmap 7.90 [35] The new fingerprints allow better operating system and service/version detection. 3 new NSE scripts, new protocol library and payloads for host discovery, port scanning and version detection. Npcap 1.0.0, the first fully stable version of the Windows raw packet capturing/sending driver.

Nmap is a tool that can be used to discover services running on Internet connected systems. Like any tool, it could potentially be used for black hat hacking, [36] as a precursor to attempts to gain unauthorized access to computer systems. However, Nmap is also used by security and systems administrators to assess their own networks for vulnerabilities (i.e. white hat hacking).

System administrators can use Nmap to search for unauthorized servers, or for computers that do not conform to security standards. [37]

In 2003 Supreme Court of Finland has ruled that port scanning has amounted to an attempted computer break in, which was illegal under Finnish Penal code at the time: [38]

In its ruling the Supreme Court stated that the defendant had systematically carried out port scanning operations to gather information for the purpose of unauthorised break-in to the bank's computer network. This amounted to an attempted computer break in. [38]

License

Nmap was originally distributed under the GNU General Public License (GPL). [22] In later releases, Nmap's authors added clarifications and specific interpretations to the license where they felt the GPL was unclear or lacking. [39] For instance, Nmap 3.50 specifically revoked the license of SCO Group to distribute Nmap software because of their views on the SCO-Linux controversies. [40]

Starting with version 7.90, Nmap transitions to a new custom license NPSL, dual-licensing versions 7.90, 7.91, and 7.92 under both old and new licenses. [41] Several Linux distributions consider the new license non-free. [42] [43]

In The Matrix Reloaded , Trinity is seen using Nmap to access a power plant's computer system, [44] allowing Neo to "physically" break into a building. The appearance of Nmap in the film was widely discussed on Internet forums and hailed as an unusually realistic example of hacking. [45]

Nmap and NmapFE were used in The Listening , a 2006 movie about a former NSA officer who defects and mounts a clandestine counter-listening station high in the Italian alps.

Nmap source code can be seen in the movie Battle Royale , as well as brief views of the command line version of Nmap executing in Live Free or Die Hard and Bourne Ultimatum . [44] In 2013, Nmap continued to make appearances in movies including popular sci-fi movie Elysium .

The film Dredd , a film adaptation of the famous Judge Dredd comics, was released in 2012 and also contains multiple Nmap scenes. [44] Nmap is used for network reconnaissance and exploitation of the slum tower network. It is even seen briefly in the movie's trailer.

The command Nmap is widely used in the video game Hacknet , allowing to probe the network ports of a target system to hack it.

In Snowden , Nmap is used in the aptitude test scene about 14 minutes into the movie.

In academia

Nmap is an integral part of academic activities. It has been used for research involving the TCP/IP protocol suite and networking in general. [46] Besides being a research tool, Nmap has also become a research topic. [47]

Examples

$ nmap-Ascanme.nmap.org Starting Nmap 6.47 ( https://nmap.org ) at 2014-12-29 20:02 CETNmap scan report for scanme.nmap.org (74.207.244.221)Host is up (0.16s latency).Not shown: 997 filtered portsPORT     STATE SERVICE    VERSION22/tcp   open  ssh        OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0)| ssh-hostkey:|   1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)|_  2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)80/tcp   open  http       Apache httpd 2.2.14 ((Ubuntu))|_http-title: Go ahead and ScanMe!9929/tcp open  nping-echo Nping echoWarning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed portDevice type: general purpose|phone|storage-misc|WAPRunning (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (94%), Netgear RAIDiator 4.X (86%)OS CPE: cpe:/o:linux:linux_kernel:2.6.38 cpe:/o:linux:linux_kernel:3 cpe:/o:netgear:raidiator:4 cpe:/o:linux:linux_kernel:2.4Aggressive OS guesses: Linux 2.6.38 (94%), Linux 3.0 (92%), Linux 2.6.32 - 3.0 (91%), Linux 2.6.18 (91%), Linux 2.6.39 (90%), Linux 2.6.32 - 2.6.39 (90%), Linux 2.6.38 - 3.0 (90%), Linux 2.6.38 - 2.6.39 (89%), Linux 2.6.35 (88%), Linux 2.6.37 (88%)No exact OS matches for host (test conditions non-ideal).Network Distance: 13 hopsService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernelTRACEROUTE (using port 80/tcp)HOP RTT       ADDRESS1   14.21 ms  151.217.192.12   5.27 ms   ae10-0.mx240-iphh.shitty.network (94.45.224.129)3   13.16 ms  hmb-s2-rou-1102.DE.eurorings.net (134.222.120.121)4   6.83 ms   blnb-s1-rou-1041.DE.eurorings.net (134.222.229.78)5   8.30 ms   blnb-s3-rou-1041.DE.eurorings.net (134.222.229.82)6   9.42 ms   as6939.bcix.de (193.178.185.34)7   24.56 ms  10ge10-6.core1.ams1.he.net (184.105.213.229)8   30.60 ms  100ge9-1.core1.lon2.he.net (72.52.92.213)9   93.54 ms  100ge1-1.core1.nyc4.he.net (72.52.92.166)10  181.14 ms 10ge9-6.core1.sjc2.he.net (184.105.213.173)11  169.54 ms 10ge3-2.core3.fmt2.he.net (184.105.222.13)12  164.58 ms router4-fmt.linode.com (64.71.132.138)13  164.32 ms scanme.nmap.org (74.207.244.221)OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 28.98 seconds

See also

Bibliography

Related Research Articles

In computing, traceroute and tracert are computer network diagnostic commands for displaying possible routes (paths) and measuring transit delays of packets across an Internet Protocol (IP) network. The history of the route is recorded as the round-trip times of the packets received from each successive host in the route (path); the sum of the mean times in each hop is a measure of the total time spent to establish the connection. Traceroute proceeds unless all sent packets are lost more than twice; then the connection is lost and the route cannot be evaluated. Ping, on the other hand, only computes the final round-trip times from the destination point.

A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

In information technology, a Christmas tree packet is a packet with every single option set for whatever protocol is in use.

netcat Computer networking utility

netcat is a computer networking utility for reading from and writing to network connections using TCP or UDP. The command is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

iStumbler Macintosh network tool

iStumbler is a utility for finding wireless networks and devices with AirPort or Bluetooth-enabled Macintosh computers.

A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

<span class="mw-page-title-main">Kismet (software)</span> Network detector, packet sniffer, and intrusion detection system

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and macOS. The client can also run on Microsoft Windows, although, aside from external drones, there's only one supported wireless hardware available as packet source.

<span class="mw-page-title-main">TCP/IP stack fingerprinting</span> Remote detection of the characteristics of a TCP/IP stack

TCP/IP stack fingerprinting is the remote detection of the characteristics of a TCP/IP stack implementation. The combination of parameters may then be used to infer the remote machine's operating system, or incorporated into a device fingerprint.

<span class="mw-page-title-main">Ettercap (software)</span> Network traffic analysis and interception software

Ettercap is a free and open source network security tool for man-in-the-middle attacks on a LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Its original developers later founded Hacking Team.

In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of packet capture, that is not the API's proper name. Unix-like systems implement pcap in the libpcap library; for Windows, there is a port of libpcap named WinPcap that is no longer supported or developed, and a port named Npcap for Windows 7 and later that is still supported.

OpenVAS is the scanner component of Greenbone Vulnerability Management (GVM), a software framework of several services and tools offering vulnerability scanning and vulnerability management.

<span class="mw-page-title-main">Metasploit</span> Computer security testing tool

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

<span class="mw-page-title-main">Idle scan</span>

An idle scan is a TCP port scan method for determining what services are open on a target computer without leaving traces pointing back at oneself. This is accomplished by using packet spoofing to impersonate another computer so that the target believes it's being accessed by the zombie. The target will respond in different ways depending on whether the port is open, which can in turn be detected by querying the zombie.

In computing, a ping sweep is a method that can establish a range of IP addresses which map to live hosts.

Network enumeration is a computing activity in which usernames and info on groups, shares, and services of networked computers are retrieved. It should not be confused with network mapping, which only retrieves information about which servers are connected to a specific network and what operating system runs on them. Network enumeration is the discovery of hosts or devices on a network. Network enumeration tends to use overt discovery protocols such as ICMP and SNMP to gather information. It may also scan various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host. The next stage of enumeration is to fingerprint the operating system of the remote host.

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

Paping is a computer network administration utility used to test the reachability of a host on an Internet Protocol (TCP/IP) network and to measure the time it takes to connect to a specified port. The name is a play on the word ping, another computer network administration utility.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

<span class="mw-page-title-main">Kali Linux</span> Debian-based Linux distribution for penetration testing

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories.

References

  1. "Nmap Change Log". 23 April 2024. Retrieved 26 April 2024.
  2. Gordon Lyon (5 May 2024). "Nmap 7.95 released: OS and service detection signatures galore!" . Retrieved 5 May 2024.
  3. "Nmap Public Source License" . Retrieved 2021-12-15.
  4. "Nmap license". Archived from the original on 2018-07-20. Retrieved 2019-01-21.
  5. "Matrix mixes life and hacking". BBC News . 2003-05-19. Retrieved 2018-10-28.
  6. Joshi, Sagar (2021-02-25). "What is Nmap And Why You Should Use It?". The Hack Report. Retrieved 2021-03-01.
  7. 1 2 "Nmap Scripting Engine: Introduction". Nmap.org. Retrieved 2018-10-28.
  8. "The History and Future of Nmap". Nmap.org. Retrieved 2018-10-28.
  9. "Other Platforms". Nmap.org. Retrieved 2018-10-28.
  10. "Nmap Installation for Windows". Nmap.org. Retrieved 2018-10-28.
  11. 1 2 "Service and Application Version Detection". Nmap.org. Retrieved 2018-10-28.
  12. "Nmap Scripting Engine". Nmap.org. Retrieved 2018-10-28.
  13. "Nmap Reference Guide". Nmap.org. Retrieved 2018-10-28.
  14. Nmap Overview and Demonstration.
  15. When Good Scanners Go Bad, From Archived 2000-06-14 at the Wayback Machine , Computerworld 22 March 1999
  16. "nmap-audit – Network auditing with Nmap". heavyk.org. Archived from the original on 2009-04-01. Retrieved 2018-10-28.
  17. "Nping - Network packet generation tool / ping utility". Nmap.org. Retrieved 2018-10-28.
  18. Leyden, John (2014-08-15). "Revealed ... GCHQ's incredible hacking tool to sweep net for vulnerabilities: Nmap". TheRegister.co.uk. Retrieved 2018-10-28.
  19. 1 2 3 4 5 "Nmap Changelog". Nmap.org. Retrieved 2018-10-29.
  20. "IVRE homepage" . Retrieved 2018-10-28.
  21. "Nmap Reference Guide: Output". Nmap.org. Retrieved 2018-10-29.
  22. 1 2 "The Art of Port Scanning". Phrack Magazine . Vol. 7, no. 51. 1997-09-01. Retrieved 2018-10-29.
  23. "SCTP Support for Nmap". Roe.ch. 2011-05-10. Retrieved 2018-10-29.
  24. 1 2 "The History and Future of Nmap". Nmap.org. Retrieved 2018-10-29.
  25. "Nmap 3.70 Released—Core Scan Engine Rewrite!". Seclists.org. 2004-08-31. Retrieved 2018-10-29.
  26. "Google sponsors Nmap summer student developers". Seclists.org. 2005-06-02. Retrieved 2018-10-29.
  27. "Nmap 4.50 Press Release". Insecure.org. 2007-12-13. Retrieved 2018-10-29.
  28. "Nmap 4.85BETA5: Now with Conficker detection!". Seclists.org. 2009-03-30. Retrieved 2018-10-29.
  29. "Nmap 5.00 Released". Nmap.org. 2009-07-16. Retrieved 2018-10-29.
  30. "nmap/nping/docs/nping.1 at master · nmap/nmap". GitHub.
  31. "Nmap 5.50: Now with Gopher protocol support!". Seclists.org. 2011-01-28. Retrieved 2018-10-29.
  32. "Nmap 7 Released". Nmap.org. 2015-11-19. Retrieved 2018-10-29.
  33. "Nmap 7.70". Nmap.org. 2018-03-20. Retrieved 2018-10-29.
  34. "Nmap 7.80". Nmap.org. 2019-08-10. Retrieved 2019-08-10.
  35. "Nmap 7.90". Nmap.org. 2019-10-03. Retrieved 2020-10-03.
  36. Poulsen, Kevin (2004-11-24). "Hacking tool reportedly draws FBI subpoenas". SecurityFocus.com. Retrieved 2018-10-29.
  37. "How To Conduct A Security Audit" (PDF). PC Network Advisor. No. 120. July 2000. Archived from the original (PDF) on 2021-04-27. Retrieved 2018-10-29.
  38. 1 2 "First ruling by the Supreme Court of Finland on attempted break-in". Osborne Clarke. 2003. Archived from the original on 2005-05-05. Retrieved 2018-10-29.
  39. "Important Nmap License Terms". Nmap.org. Archived from the original on 2018-07-20. Retrieved 2018-10-29.
  40. "Nmap 3.50 Press Release". 2004-02-20. Retrieved 2018-10-29.
  41. "Nmap Public Source License". Nmap.org. Retrieved 2021-12-15.
  42. "Nmap Public Source License (NPSL) Version 0.92". Fedora Mailing-Lists. Retrieved 2021-12-15.
  43. "Add NPSL (nmap license) to MISC_FREE". Gentoo's Bugzilla. Retrieved 2021-12-15.
  44. 1 2 3 "Nmap In The Movies" . Retrieved 2018-10-29.
  45. Poulsen, Kevin (2003-05-16). "Matrix Sequel Has Hacker Cred". The Register . Retrieved 2018-10-29.
  46. Haines, J.; Ryder, D.K.; Tinnel, L.; Taylor, S. (2003-02-19). "Validation of sensor alert correlators". IEEE Security & Privacy . 99 (1): 46–56. doi:10.1109/MSECP.2003.1176995.
  47. Medeiros, João Paulo S.; Brito Jr., Agostinho M.; Pires, Paulo S. Motta (2009). "A Data Mining Based Analysis of Nmap Operating System Fingerprint Database". Computational Intelligence in Security for Information Systems. Advances in Intelligent and Soft Computing. Vol. 63. pp. 1–8. doi:10.1007/978-3-642-04091-7_1. ISBN   978-3-642-04090-0.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.