How to use NMAP in Kali Linux 2.0 Step by Step Tutorial
How to use NMAP in Kali Linux, Step by Step tutorial to gather information around your network. NMAP is a network information gathering tool which was use by most of the IT administrators around the world. NMAP uses are more wide and we can easily gather the devices and the Network peripherals around you.
Kali Linux is the most widely used penetration testing tool around the world. In Kali Linux we have the NMAP tool pre-installed, its because even though there are more network information gathering tool available around the internet, NMAP is very simple to use ant its very effective.
Here we can see some of the simple NMAP commands to use in the Kali Linux to gather some information about your network.
How to see the NMAP version:
To see which NMAP version you are using, you need to use the following command in the Kali Linux terminal. It is very important because, whenever a new NMAP version was released, you will get some new feature which comes with your NMAP Package. So next time while you are starting to use the NMAP app in Kali Linux, check whether you are using the latest version of NMAP.
#nmap --version or #nmap -v
If you want to update your NMAP package in your Kali Kali Linux then you need to use the below command.
#apt-get update nmap
Note : Make sure you have added the required Kali Linux repositories in /etc/apt/sources.list file. If the repositories were not added, then try to add the following repositories in the sources.list files.
# Regular repositories
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free
# Source repositories
deb-src http://http.kali.org/kali sana main non-free contrib
deb-src http://security.kali.org/kali-security sana/updates main contrib non-free
After adding the repositories, you need to do “apt-get clean” an also you need to do “apt-get update” before updating any package in your Kali Linux.
Host Discovery using NMAP in Kali Linux:
To discover the host using the NMAP, you need to run the following command. This command uses the TCP sync scan option and OS fingerprint to check what type of Operating System was used in your network devices. This command checks the live status and OS fingerprint of the your network peripherals.
nmap –sS –O 172.26.1.0/29
You can us ethe folowing command to simply ping and check the network device. This command will not results any other extra options.
nmap –sS –O 172.26.1.0/29
How to get logs of NMAP:
It is always better to use the “tcpdump” to check for the logs which gives you full line by line log which carries over your network path. If you are usign the Kali Linux then you must enable the tcpdump to store the logs in your machine.
A good network administrator always does this because, Its always easy to troubleshoot with logs rather than checking your setting in your applications.
You can also use the nmap default logging option like -oN, -oX or -oG options.
How to search for open Ports using NMAP:
The following command is used to search for the open ports with advance options. This command will bring results like the Operating system which the target systems use, The mac address of the target system and the Open Port int he target system.
nmap –sS -A –O 172.26.1.10
nmap -sS -P0 -A -v 172.26.1.10
The above command scans the target system in a stealth mode and event gives you the kernel version of the operating system which the target system uses.
These both commands are more widely used in the Kali Linux to find the details about the Target system.
How to resume a cancelled scan in NMAP:
Cancelled scan using the Ctrl+C can be easily resumed by using the option –resume in the NMAP command, it should be attached with the log file name.
How to scan entire network or subnet in NMAP:
To scan the entire subnet, you need to add the CIDR value with the IP like the following commands.
If you want to add options you can add with the command.
How to scan a network with specific IP range using NMAP:
The following commands can be used to scan different IP and specific IP range. This command is helful for you when you are using devices with different IP. You can easily specify the particular IP and then star the scan using NMAP.
Using the following command you can scan different IP segments. But make sure those IP’s are reachable from your network, otherwise NMAP will not output the results.
nmap 192.168.3.1 192.168.3.10 172.16.1.10
How to read list of Host from a text file in NMAP:
The following command is used to read the list of host from the text file “test.txt”. Here make sure you have some IP address in the text file and use the following command to read the IP address.
nmap -iL /ip/test.txt
How to exclude the IP Address from scanning list in NMAP:
Using the following command you can exclude the specific IP address from the scanning list. If you are planning to do a bulk scan at that time use this option.
nmap 192.168.1.0/24 --exclude 192.168.1.10
If you have multiple exclusion list then you better save you time by saving the IP in a text file and exclude it using the following command.
nmap 192.168.1.0/24 --excludefile /ip/exclude.txt
How to scan a IPv6 address in NMAP:
In order to scan a IPv6 address the use the following command.
nmap -6 2507:f0e0:1302:21::1
How to scan specific ports using NMAP:
If you are planning to scan for a specific port to analyse the status of the port then you need to use the following command for that purpose.
nmap -p 80 192.168.1.10
To can multiple ports then,
nmap -p 80,443 192.168.1.10
How to scan a UDP service in NMAP:
To scan a UDP service make sure you have used the -sU option
nmap -sU 192.168.1.1
So till now what we are seeing is the command line tool for the NMAP in Kali Linux. NMAP also offering GUI tool to use the NMAP called as the Zenmap. This GUI utility was available in the Kali Linux and you can use this utility to do your scanning in GUI mode. But you can only get the output of the nmap utility in the text format as the default.