Getting Started with Nmap for Penetration Testing

1 min read networking
#nmap #reconnaissance #networking #penetration-testing

Introduction

Nmap (Network Mapper) is the industry-standard tool for network discovery and security auditing. Every penetration tester needs solid Nmap skills.

Basic Scanning

# Quick scan of top 1000 ports
nmap -sC -sV 10.10.10.1

# Full port scan
nmap -p- --min-rate 1000 10.10.10.1

# UDP scan (top 100 ports)
nmap -sU --top-ports 100 10.10.10.1

Service Enumeration

The -sC flag runs default NSE scripts, while -sV performs service version detection. Combining both gives you the most useful output for penetration testing.

Pro Tip

Always save your scan output with -oA filename to generate all three formats (normal, XML, grepable).

Useful NSE Scripts

# SMB enumeration
nmap --script smb-enum-shares,smb-enum-users -p 445 10.10.10.1

# HTTP enumeration
nmap --script http-enum -p 80,443 10.10.10.1

# Vulnerability scanning
nmap --script vuln 10.10.10.1

Conclusion

Mastering Nmap is foundational for any penetration tester. Practice these techniques on Hack The Box and TryHackMe machines to build muscle memory.

zer0arc4

zer0arc4

Cybersecurity Student | Penetration Tester | Aspiring Red Teamer

Documenting my journey through cybersecurity, penetration testing, CTFs, research, and tool development.

GitHub LinkedIn

Comments