100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Nmap

IntermediateTool11K learners

Nmap (Network Mapper) is a free, open-source command-line tool used to discover hosts and services on a network by sending packets and analyzing the responses, making it a foundational tool for network reconnaissance and security auditing.

Definition

Nmap (Network Mapper) is a free, open-source command-line tool used to discover hosts and services on a network by sending packets and analyzing the responses, making it a foundational tool for network reconnaissance and security auditing.

Overview

Nmap works by sending specially crafted packets to target hosts and interpreting the responses to determine which hosts are online, which ports are open, and what services and versions are running on those ports. This information is foundational to both offensive security reconnaissance and defensive network inventory and auditing. Beyond basic port scanning, Nmap supports OS fingerprinting, service version detection, and the Nmap Scripting Engine (NSE), a library of scripts written in Lua that can perform more advanced tasks such as vulnerability detection, brute-force testing, and detailed service enumeration. Different scan types — TCP connect scans, SYN ("stealth") scans, UDP scans, and others — trade off speed, stealth, and accuracy depending on the goal of the scan. As one of the most fundamental tools in a security professional's toolkit, Nmap is typically the first step in a Penetration Testing engagement's reconnaissance phase, used to map the attack surface before deeper analysis with tools like Metasploit or manual testing. It also has a graphical front-end, Zenmap, for users who prefer a visual interface over the command line. It is often mentioned alongside Wireshark in this space.

Key Features

  • Host discovery to identify live systems on a network
  • Port scanning to determine open, closed, and filtered ports
  • Service and version detection for identified open ports
  • Operating system fingerprinting based on network stack behavior
  • Nmap Scripting Engine (NSE) for advanced automated checks
  • Multiple scan techniques balancing speed, stealth, and accuracy
  • Free, open-source, and cross-platform (Windows, macOS, Linux)

Use Cases

Network reconnaissance during the early stages of a penetration test
Building and maintaining an inventory of active hosts and services
Identifying outdated or misconfigured services exposed on a network
Auditing firewall rules by testing which ports are actually reachable
Detecting rogue or unauthorized devices on a network
Supporting incident response by mapping affected network segments

Frequently Asked Questions