EN
ENNA

Getting Started Guide

How to Install and Use Nmap

This guide covers installing Nmap, running your first scan, understanding output, and using common scan types for network reconnaissance.

Prerequisites

  • -Linux, macOS, or Windows
  • -Root/sudo access for SYN scans
  • -A target you have permission to scan
Official Documentation
1

Install Nmap

Install Nmap using your system's package manager.

Debian/Ubuntu

sudo apt install nmap

macOS

brew install nmap

Verify installation

nmap --version
2

Run Your First Scan

Start with a simple scan against a single target. This performs a SYN scan on the 1000 most common ports.

Basic scan

nmap scanme.nmap.org

Example output

Starting Nmap 7.94 ( https://nmap.org )
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.089s latency).
Not shown: 996 closed tcp ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
9929/tcp  open  nping-echo
31337/tcp open  Elite

Note: scanme.nmap.org is a server provided by the Nmap project specifically for testing. Don't scan targets you don't have permission to test.

3

Service and Version Detection

Use the -sV flag to detect what software and version is running on each open port. This is essential for identifying potentially vulnerable services.

Version detection

nmap -sV scanme.nmap.org

With OS detection

sudo nmap -sV -O scanme.nmap.org

Note: OS detection (-O) requires root/sudo privileges because it uses raw packets.

4

Scan Specific Ports

Target specific ports or port ranges instead of the default top 1000.

Single port

nmap -p 443 scanme.nmap.org

Port range

nmap -p 1-1000 scanme.nmap.org

Common web ports

nmap -p 80,443,8080,8443 scanme.nmap.org

All 65535 ports

nmap -p- scanme.nmap.org

Note: Scanning all 65535 ports (-p-) takes significantly longer but catches services running on non-standard ports.

5

NSE Scripts

Nmap's Scripting Engine (NSE) has hundreds of scripts for vulnerability detection, service enumeration, and more.

Default scripts

nmap -sC scanme.nmap.org

Version + scripts combo

nmap -sC -sV scanme.nmap.org

Specific script

nmap --script http-title scanme.nmap.org

Vulnerability scan

nmap --script vuln scanme.nmap.org

Note: The -sC flag runs default scripts which are safe and informative. The vuln category scripts actively check for vulnerabilities - only use these on targets you're authorized to test.

6

Save Output

Save scan results in different formats for later analysis and reporting.

Normal output

nmap -sV scanme.nmap.org -oN scan-results.txt

XML output (for tools)

nmap -sV scanme.nmap.org -oX scan-results.xml

All formats at once

nmap -sV scanme.nmap.org -oA scan-results

Note: XML output (-oX) can be imported into tools like Metasploit, EyeWitness, and many reporting platforms.

Back to NmapFull Documentation