Nmap Commands Tutorial with Examples: Complete Network Scanning Guide

Nmap Commands Tutorial with Examples: Complete Network Scanning Guide

Nmap (Network Mapper) cybersecurity duniya ka sabse fundamental aur widely used tool hai. Yeh Nmap commands tutorial aapko basic scanning se lekar advanced NSE scripting tak sab kuchh practical examples ke saath sikhayega.

Nmap Kya Hai

Nmap Gordon "Fyodor" Lyon dvaara 1997 mein create kiya gaya tha. Aaj yeh network security assessment ka industry standard tool hai jo free aur open-source hai. Nmap ka istemal network administrators, security professionals, penetration testers, aur ethical hackers karte hain.

Nmap ke primary capabilities mein network discovery aur host identification hain. Port scanning aur service version detection bhi kaafi important hai. OS fingerprinting, vulnerability detection using NSE scripts, aur network inventory management bhi iske features hain.

Nmap Installation

Ubuntu/Debian par:

```bash

sudo apt update && sudo apt install nmap -y

```

macOS par:

```bash

brew install nmap

```

Windows par official website se download karein. Kali Linux mein Nmap pahle se installed aata hai.

Nmap Basic Syntax

```bash

nmap [Scan Type(s)] [Options] {target specification}

```

Target specification mein IP address, hostname, ya IP range de sakte hain. "-sS -sV -p- 192.168.1.1" jaisa common command TCP SYN scan, service version detection, aur all ports ko ek saath cover karta hai.

Nmap Target Specification Examples

Single IP scan karne ke liye:

```bash

nmap 192.168.1.1

```

Multiple IPs scan karne ke liye:

```bash

nmap 192.168.1.1 192.168.1.2 192.168.1.3

```

IP range scan karne ke liye CIDR notation use karein:

```bash

nmap 192.168.1.0/24

```

Range specify karne ke liye:

```bash

nmap 192.168.1.1-254

```

Excluding specific IPs from scan:

```bash

nmap 192.168.1.0/24 --exclude 192.168.1.1

```

Nmap Port Specification Commands

Specific ports scan karne ke liye:

```bash

nmap -p 80,443 192.168.1.1

```

All ports (1-65535) ke liye:

```bash

nmap -p- 192.168.1.1

```

Common ports ka fast scan:

```bash

nmap -F 192.168.1.1

```

Top 100 most common ports:

```bash

nmap --top-ports 100 192.168.1.1

```

Nmap Scan Types

TCP SYN Scan (-sS)

```bash

nmap -sS 192.168.1.1

```

Yeh default aur fastest scan type hai. Half-open scan bhi kaha jaata hai kyunki full TCP connection establish nahi hota. Root/admin privileges chahiye hote hain iske liye. Stealthy hai aur detection se bach sakta hai.

TCP Connect Scan (-sT)

```bash

nmap -sT 192.168.1.1

```

Full TCP connection establish karta hai. Root privileges nahi chahiye isme. Less stealthy hai compared to SYN scan.

UDP Scan (-sU)

```bash

nmap -sU 192.168.1.1

```

UDP ports ko scan karta hai jo TCP se zyada time leti hai. DNS (53), DHCP (67,68), aur SNMP (161) jaise services UDP par run karti hain.

Version Detection (-sV)

```bash

nmap -sV 192.168.1.1

```

Open ports par running services ke versions detect karta hai. Yeh bahut important hai vulnerabilities find karne ke liye kyunki old versions ke known vulnerabilities hote hain.

OS Detection (-O)

```bash

nmap -O 192.168.1.1

```

Target machine ka operating system identify karta hai. TCP/IP stack fingerprinting use karta hai.

Aggressive Scan (-A)

```bash

nmap -A 192.168.1.1

```

Version detection, OS detection, script scanning, aur traceroute ko ek saath enable karta hai. Comprehensive output deta hai.

Nmap Timing Templates

Timing templates speed aur stealth ko control karte hain:

| Template | Name | Speed | Use Case |

|----------|-------|-------|----------|

| T0 | Paranoid | Very Slow | IDS evasion |

| T1 | Sneaky | Slow | Stealth scanning |

| T2 | Polite | Moderate | Low bandwidth |

| T3 | Normal | Default | Balanced |

| T4 | Aggressive | Fast | Reliable networks |

| T5 | Insane | Very Fast | High speed, may miss |

```bash

nmap -T4 192.168.1.1

```

Nmap Output Formats

Human-readable format mein save karein:

```bash

nmap -oN scan_results.txt 192.168.1.1

```

XML format mein save karein (automated processing ke liye):

```bash

nmap -oX scan_results.xml 192.168.1.1

```

Grepable format mein save karein:

```bash

nmap -oG scan_results.grep 192.168.1.1

```

Sab formats ek saath save karein:

```bash

nmap -oA scan_results 192.168.1.1

```

Nmap Scripting Engine (NSE)

NSE Lua language mein likha gaya hai aur categories mein divided hai. Vuln category vulnerabilities check karta hai:

```bash

nmap --script vuln 192.168.1.1

```

Auth category authentication issues find karta hai:

```bash

nmap --script auth 192.168.1.1

```

Discovery category network information gather karta hai:

```bash

nmap --script discovery 192.168.1.1

```

Default scripts run karein:

```bash

nmap -sC 192.168.1.1

```

Custom script run karein:

```bash

nmap --script http-enum 192.168.1.1

```

Practical Nmap Commands Examples

Complete Network Assessment

```bash

nmap -sS -sV -sC -p- -T4 -oA complete_scan 192.168.1.0/24

```

Yeh comprehensive scan hai jo TCP SYN scan, version detection, default scripts, all ports, aggressive timing, aur sab formats mein output karega.

Web Server Assessment

```bash

nmap -p 80,443,8080,8443 -sV --script http-enum,http-title,http-headers 192.168.1.1

```

Vulnerability Scanning

```bash

nmap --script smb-vuln-ms17-010.nse -p 445 192.168.1.0/24

```

EternalBlue vulnerability check karta hai SMB servers par.

Firewall Detection

```bash

nmap -sA -p 80,443 192.168.1.1

```

ACK scan firewall presence detect karne ke liye use hota hai.

Nmap Practical Lab Walkthrough

Lab Setup

VirtualBox mein Kali Linux VM aur Metasploitable2 VM dono create karein. Dono ko Internal Network mein connect karein. Metasploitable2 ka IP address note karein (usually 192.168.56.101).

Step 1: Host Discovery

```bash

nmap -sn 192.168.56.0/24

```

Yeh active hosts discover karega. Metasploitable2 ka IP address identify karein.

Step 2: Port Scan

```bash

nmap -sS -p- 192.168.56.101

```

Open ports list karega. Aapko probably yeh ports open dikhne chahiyein: 21 (FTP), 22 (SSH), 23 (Telnet), 25 (SMTP), 80 (HTTP), 139 (SMB), 3306 (MySQL), etc.

Step 3: Service Version Detection

```bash

nmap -sV 192.168.56.101

```

Har port par service ka version batayega. Old versions ko note karein.

Step 4: Vulnerability Check

```bash

nmap --script vuln 192.168.56.101

```

Known vulnerabilities check karein.

Nmap Commands Tutorial Summary

Nmap network scanning ka sabse important tool hai jo har ethical hacker ko aana chahiye. Is tutorial mein cover kiya:

• Nmap installation aur basic syntax
• Port specification aur scan types — TCP SYN, Connect, UDP
• Service version detection aur OS fingerprinting
• Timing templates aur output formats
• NSE scripts for vulnerability scanning
• Complete practical lab walkthrough

Nmap sirf scanning ke liye nahi hai — yeh network understanding bhi deta hai. Regular practice se aap is tool mein mahir ban jaoge. Cyber Defence ka ethical hacking course Nmap aur bhi advanced scanning tools ko deeply cover karta hai hands-on labs ke saath.

Nmap commands tutorial seekhne ke baad aap CTF writeups aur hack the box beginner walkthroughs mein in techniques ka practice kar sakte hain. Practical experience sabse important hai is field mein.