Master Nmap: Concepts, Commands, and Python Automation Guide

Nmap Concepts

Nmap (Network Mapper) is a Linux-based network scanning and sniffing toolkit used to discover open ports, identify running services, and infer operating systems, making it essential for administrators and security assessments.

Both administrators and attackers use Nmap: admins to detect unauthorized servers, attackers to gather target network information for planning exploits.

Nmap is often confused with vulnerability scanners like Nessus, but it operates stealthily to avoid detection and minimize impact on target systems.

Nmap Functions

Key capabilities include host discovery, port scanning, service detection, and OS fingerprinting, supporting networks from a few hosts to hundreds.

Common commands: nmap -sP 192.168.1.0/24 List hosts without probing: nmap -sL 192.168.1.0/24 Scan specific ports (e.g., 22,23,25,80): nmap -PS 192.168.1.234 UDP ping scan: nmap -PU 192.168.1.0/24 SYN (half‑open) scan, the most common fast option:

nmap -sS 192.168.1.0/24

Nmap Installation

Example on Ubuntu 16.04: sudo apt-get install nmap Install the Python wrapper: sudo pip install python-nmap Verify installation in Python:

# python
import nmap

Python Controlling Nmap

Simple example scanning ports 20‑443 on 114.114.114.114:

import nmap
nm = nmap.PortScanner()
ret = nm.scan('114.114.114.114','20')
print(ret)

The returned dictionary contains scan statistics, host information, and port details.

Additional built‑in methods:

import nmap
nm = nmap.PortScanner()
print(nm.scaninfo())   # {'tcp': {'services': '20-443', 'method': 'syn'}}
print(nm.command_line())
print(nm.all_hosts())   # list of discovered hosts
print(nm['114.114.114.114'])
print(nm['114.114.114.114'].all_protocols())
print(nm['114.114.114.114']['tcp'].keys())
print(nm['114.114.114.114'].has_tcp(21))
nm.scan(hosts='192.168.1.0/24', arguments='-n -sP -PE -PA21,23,80,3389')