Nmap facts for kids

Kids Encyclopedia Facts

Quick facts for kids
Nmap Security Scanner
Nmap scan results
Original author(s)	Gordon Lyon (Fyodor)
Initial release	September 1997; 27 years ago (1997-09)

Stable release	7.95 / Error: first parameter is missing. ()

Written in	C, C++, Python, Lua
Operating system	Cross-platform
Available in	English
Type	Network security
License	NPSL or modified GPLv2 or proprietary

Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap can adapt to network conditions including latency and congestion during a scan.

Nmap started as a Linux utility and was ported to other systems including Windows, macOS, and BSD. It is most popular on Linux, followed by Windows.

Features
User interfaces
Output
History
License
In academia
Examples
See also

Features

Nmap features include:

Fast scan (nmap -F [target]) – Performing a basic port scan for fast result.
Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
Port scanning – Enumerating the open ports on target hosts.
Version detection – Interrogating network services on remote devices to determine application name and version number.
Ping Scan – Check host by sending ping requests.
TCP/IP stack fingerprinting – Determining the operating system and hardware characteristics of network devices based on observations of network activity of said devices.
Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.

Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.

Typical uses of Nmap:

Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.
Identifying open ports on a target host in preparation for auditing.
Network inventory, network mapping, maintenance and asset management.
Auditing the security of a network by identifying new servers.
Generating traffic to hosts on a network, response analysis and response time measurement.
Finding and exploiting vulnerabilities in a network.
DNS queries and subdomain search

User interfaces

NmapFE, originally written by Kanchan, was Nmap's official GUI for Nmap versions 2.2 to 4.22. For Nmap 4.50 (originally in the 4.22SOC development series) NmapFE was replaced with Zenmap, a new official graphical user interface based on UMIT, developed by Adriano Monteiro Marques.

Web-based interfaces exist that allow either controlling Nmap or analysing Nmap results from a web browser, such as IVRE.

Zenmap, showing results for a port scan against Wikipedia
NmapFE, showing results for a port scan against Wikipedia
XNmap, a Mac OS X GUI

Output

Four different output formats are offered by Nmap. Everything is saved to a file except the interactive output. Text processing software can be used to modify Nmap output, allowing the user to customize reports.

Interactive: presented and updated real time when a user runs Nmap from the command line. Various options can be entered during the scan to facilitate monitoring.
XML: a format that can be further processed by XML tools. It can be converted into a HTML report using XSLT.
Grepable: output that is tailored to line-oriented processing tools such as grep, sed, or awk.
Normal: the output as seen while running Nmap from the command line, but saved to a file.
Script kiddie: meant to be an amusing way to format the interactive output replacing letters with their visually alike number representations. For example, Interesting ports becomes Int3rest1ng p0rtz. This is known as Leet.

History

Nmap was first published in September 1997, as an article in Phrack Magazine with source-code included. With help and contributions of the computer security community, development continued. Enhancements included operating system fingerprinting, service fingerprinting, code rewrites (C to C++), additional scan types, protocol support (e.g. IPv6, SCTP) and new programs that complement Nmap's core features.

Major releases include:

Date	Version	Significance
December 12, 1998; 26 years ago (1998-12-12)	Nmap 2.00	Nmap 2.00 is released, including Operating System fingerprinting
April 11, 1999; 26 years ago (1999-04-11)	NmapFE	A GTK+ front end, is bundled with Nmap
December 7, 2000; 24 years ago (2000-12-07)		Windows port
August 28, 2002; 22 years ago (2002-08-28)		Rewrite from C to C++
September 16, 2003; 21 years ago (2003-09-16)		The first public release to include service version detection
August 31, 2004; 20 years ago (2004-08-31)	Nmap 3.70	Core scan engine rewritten for version 3.70. New engine is called ultra_scan
Summer 2005		Nmap selected for participation in Google Summer of Code. Added features included Zenmap, Nmap Scripting Engine (NSE), Ncat, and 2nd-generation OS detection.
December 13, 2007; 17 years ago (2007-12-13)	Nmap 4.50	Nmap 4.50, the 10th Anniversary Edition, was released. Included Zenmap, 2nd-generation OS detection, and the Nmap Scripting Engine
March 30, 2009; 16 years ago (2009-03-30)	Nmap 4.85BETA5	Emergency release of Nmap 4.85BETA5, leveraging NSE to detect Conficker infections
July 16, 2009; 15 years ago (2009-07-16)	Nmap 5.00	Included netcat-replacement Ncat and Ndiff scan comparison tool
January 28, 2011; 14 years ago (2011-01-28)	Nmap 5.50	Included Nping packet generation response analysis and response time measurement, including TCP, UDP and ICMP probe modes.
May 21, 2012; 13 years ago (2012-05-21)	Nmap 6.00	Released with full IPv6 support.
November 9, 2015; 9 years ago (2015-11-09)	Nmap 7.00
December 20, 2016; 8 years ago (2016-12-20)	Nmap 7.40
March 20, 2018; 7 years ago (2018-03-20)	Nmap 7.70
August 10, 2019; 5 years ago (2019-08-10)	Nmap 7.80
October 3, 2020; 4 years ago (2020-10-03)	Nmap 7.90	The new fingerprints allow better operating system and service/version detection. 3 new NSE scripts, new protocol library and payloads for host discovery, port scanning and version detection. Npcap 1.0.0, the first fully stable version of the Windows raw packet capturing/sending driver.

License

Nmap was originally distributed under the GNU General Public License (GPL). In later releases, Nmap's authors added clarifications and specific interpretations to the license where they felt the GPL was unclear or lacking. For instance, Nmap 3.50 specifically revoked the license of SCO Group to distribute Nmap software because of their views on the SCO-Linux controversies.

Starting with version 7.90, Nmap transitions to a new custom license NPSL, dual-licensing versions 7.90, 7.91, and 7.92 under both old and new licenses. Several Linux distributions consider the new license non-free.

In academia

Nmap is an integral part of academic activities. It has been used for research involving the TCP/IP protocol suite and networking in general. Besides being a research tool, Nmap has also become a research topic.

Examples

$ nmap -A scanme.nmap.org
Starting Nmap 6.47 ( https://nmap.org ) at 2014-12-29 20:02 CET
Nmap scan report for scanme.nmap.org (74.207.244.221)
Host is up (0.16s latency).
Not shown: 997 filtered ports
PORT     STATE SERVICE    VERSION
22/tcp   open  ssh        OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)
|_  2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)
80/tcp   open  http       Apache httpd 2.2.14 ((Ubuntu))
|_http-title: Go ahead and ScanMe!
9929/tcp open  nping-echo Nping echo
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|phone|storage-misc|WAP
Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (94%), Netgear RAIDiator 4.X (86%)
OS CPE: cpe:/o:linux:linux_kernel:2.6.38 cpe:/o:linux:linux_kernel:3 cpe:/o:netgear:raidiator:4 cpe:/o:linux:linux_kernel:2.4
Aggressive OS guesses: Linux 2.6.38 (94%), Linux 3.0 (92%), Linux 2.6.32 - 3.0 (91%), Linux 2.6.18 (91%), Linux 2.6.39 (90%), Linux 2.6.32 - 2.6.39 (90%), Linux 2.6.38 - 3.0 (90%), Linux 2.6.38 - 2.6.39 (89%), Linux 2.6.35 (88%), Linux 2.6.37 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 13 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   14.21 ms  151.217.192.1
2   5.27 ms   ae10-0.mx240-iphh.shitty.network (94.45.224.129)
3   13.16 ms  hmb-s2-rou-1102.DE.eurorings.net (134.222.120.121)
4   6.83 ms   blnb-s1-rou-1041.DE.eurorings.net (134.222.229.78)
5   8.30 ms   blnb-s3-rou-1041.DE.eurorings.net (134.222.229.82)
6   9.42 ms   as6939.bcix.de (193.178.185.34)
7   24.56 ms  10ge10-6.core1.ams1.he.net (184.105.213.229)
8   30.60 ms  100ge9-1.core1.lon2.he.net (72.52.92.213)
9   93.54 ms  100ge1-1.core1.nyc4.he.net (72.52.92.166)
10  181.14 ms 10ge9-6.core1.sjc2.he.net (184.105.213.173)
11  169.54 ms 10ge3-2.core3.fmt2.he.net (184.105.222.13)
12  164.58 ms router4-fmt.linode.com (64.71.132.138)
13  164.32 ms scanme.nmap.org (74.207.244.221)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 28.98 seconds