CINXE.COM

Nmap Documentation - Free Security Scanner For Network Exploration & Security Audits

<!DOCTYPE html> <html lang="en"> <head> <TITLE>Nmap Documentation - Free Security Scanner For Network Exploration &amp; Security Audits</TITLE> <META name="description" content="Documentation for Nmap Free Security Scanner, Port Scanner, &amp; Network Exploration Tool. Books, tutorials, and manuals in 15 languages"> <style> img.flag{vertical-align:middle;margin-right:0.5em;} .pagemap ul.lang li {justify-content: left; text-align: left;} </style> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="theme-color" content="#2A0D45"> <link rel="preload" as="image" href="/images/sitelogo.png" imagesizes="168px" imagesrcset="/images/sitelogo.png, /images/sitelogo-2x.png 2x"> <link rel="preload" as="image" href="/shared/images/nst-icons.svg"> <link rel="stylesheet" href="/shared/css/nst.css?v=2"> <script async src="/shared/js/nst.js?v=2"></script> <link rel="stylesheet" href="/shared/css/nst-foot.css?v=2" media="print" onload="this.media='all'"> <link rel="stylesheet" href="/site.css"> <!--Google Analytics Code--> <link rel="preload" href="https://www.google-analytics.com/analytics.js" as="script"> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-11009417-1', 'auto'); ga('send', 'pageview'); </script> <!--END Google Analytics Code--> <META NAME="ROBOTS" CONTENT="NOARCHIVE"> <link rel="shortcut icon" href="/shared/images/tiny-eyeicon.png" type="image/png"> </head> <body><div id="nst-wrapper"> <div id="menu"> <div class="blur"> <header id="nst-head"> <a id="menu-open" href="#menu" aria-label="Open menu"> <img width="44" height="44" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#menu"> </a> <a id="menu-close" href="#" aria-label="Close menu"> <img width="44" height="44" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#close"> </a> <a id="nst-logo" href="/" aria-label="Home page"> <img alt="Home page logo" srcset="/images/sitelogo.png, /images/sitelogo-2x.png 2x" src="/images/sitelogo.png" onerror="this.onerror=null;this.srcset=this.src" height=90 width=168></a> <nav id="nst-gnav"> <a class="nlink" href="https://nmap.org/">Nmap.org</a> <a class="nlink" href="https://npcap.com/">Npcap.com</a> <a class="nlink" href="https://seclists.org/">Seclists.org</a> <a class="nlink" href="https://sectools.org">Sectools.org</a> <a class="nlink" href="https://insecure.org/">Insecure.org</a> </nav> <form class="nst-search" id="nst-head-search" action="/search/"> <input class="nst-search-q" name="q" type="search" placeholder="Site Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> </header> </div> </div> <main id="nst-content"> <nav id="nst-sitenav"> <a class="nlink" href="/download.html">Download</a> <a class="nlink" href="/book/man.html">Reference Guide</a> <a class="nlink" href="/book/">Book</a> <a class="nlink" href="/docs.html">Docs</a> <a class="nlink" href="/zenmap/">Zenmap GUI</a> <a class="nlink" href="/movies/">In the Movies</a> </nav> <h1 id="intro" class="purpleheader">Documentation</h1> <P>The Nmap project tries to defy the stereotype of some open source software being poorly documented by providing a comprehensive set of documentation for installing and using Nmap. This page links to official Insecure.Org documentation, and generous contributions from other parties. <h2 id="refguide" class="purpleheader">Nmap Reference Guide</h2> <P>The primary documentation for using Nmap is the <a href="/book/man.html">Nmap Reference Guide</a>. This is also the basis for the Nmap man page (<a href="/data/nmap.1">nroff version of nmap.1</a>). It is regularly updated for each release and is meant to serve as a quick-reference to virtually all Nmap command-line arguments, but you can learn even more about Nmap by reading it straight through. The 18 sections include <a href="/book/man-briefoptions.html">Brief Options Summary</a>, <a href="/book/man-bypass-firewalls-ids.html">Firewall/IDS Evasion and Spoofing</a>, <a href="/book/man-performance.html">Timing and Performance</a>, <a href="/book/man-port-scanning-techniques.html">Port Scanning Techniques</a>, <a href="/book/man-examples.html">Usage Examples</a>, and much more. <P>The original Nmap manpage has been translated into 15 languages. That is fantastic, as it makes Nmap more accessible around the world. The following languages are now available: <div class="pagemap"> <ul class="lang"> <li><a href="/man/zh/"><img class="flag" src="/images/flags/32/cn.png" alt="cn" width=32 height=32>Chinese</a> <li><a href="/man/hr/"><img class="flag" src="/images/flags/32/hr.png" alt="hr" width=32 height=32>Croatian</a> <li><a href="/book/man.html"><img class="flag" src="/images/flags/32/us.png" alt="us" width=32 height=32>English (Original)</a> <li><a href="/man/fr/"><img class="flag" src="/images/flags/32/fr.png" alt="fr" width=32 height=32>French</a> <li><a href="/man/de/"><img class="flag" src="/images/flags/32/de.png" alt="de" width=32 height=32>German</a> <li><a href="/man/hu/"><img class="flag" src="/images/flags/32/hu.png" alt="hu" width=32 height=32>Hungarian</a> <li><a href="/man/id/"><img class="flag" src="/images/flags/32/id.png" alt="id" width=32 height=32>Indonesian</a> <li><a href="/man/it/"><img class="flag" src="/images/flags/32/it.png" alt="it" width=32 height=32>Italian</a> <li><a href="/man/jp/"><img class="flag" src="/images/flags/32/jp.png" alt="jp" width=32 height=32>Japanese</a> <li><a href="/man/pl/"><img class="flag" src="/images/flags/32/pl.png" alt="pl" width=32 height=32>Polish</a> <li><a href="/man/pt-br/"><img class="flag" src="/images/flags/32/br.png" alt="br" width=32 height=32>Portuguese (Brazil)</a> <li><a href="/man/pt-pt/"><img class="flag" src="/images/flags/32/pt.png" alt="pt" width=32 height=32>Portuguese (Portugal)</a> <li><a href="/man/ro/"><img class="flag" src="/images/flags/32/ro.png" alt="ro" width=32 height=32>Romanian</a> <li><a href="/man/ru/"><img class="flag" src="/images/flags/32/ru.png" alt="ru" width=32 height=32>Russian</a> <li><a href="/man/sk/"><img class="flag" src="/images/flags/32/sk.png" alt="sk" width=32 height=32>Slovak</a> <li><a href="/man/es/"><img class="flag" src="/images/flags/32/es.png" alt="es" width=32 height=32>Spanish</a> </ul> </div> <p>The links above go to the HTML guide. Nroff (man page format) and DocBook XML (source) versions of each man page translation can be found <a href="/data/man-xlate/">here</a>. If you would like to update one of our existing translations or translate to a language <b>not</b> mentioned above, please <a href="xlate-faq.html">read the instructions and FAQ</a> and then <a href="mailto:dev@nmap.org">mail our developers</a> or <a href="https://github.com/nmap/nmap">open a pull request on Github</a>. It is a lot of work, but the reward is that thousands of people may benefit from your translation every month. <h2 id="book" class="purpleheader">Nmap Book</h2> <p> <a href="/book/"><img width=104 height=125 class="left" alt="Nmap Network Scanning front cover" src="/book/cover/nns-front-cover-104x125.jpg"></a> <a href="/book/">Nmap Network Scanning</a> is the official guide to Nmap. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book by Nmap's original author suits all levels of security and networking professionals. The <a href="/book/man.html">reference guide</a> documents every Nmap feature and option, while the remainder demonstrates how to apply them to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. More than half of the book is <a href="/book/toc.html">available free online</a>. It was written in English but <a href="/book/#translations">has already been translated to other languages</a>. <h2 class="purpleheader">Other Insecure.Org Documentation</h2> <P>Installation is made easy by the detailed <a href="/book/install.html">Nmap Installation Guide</a>. This covers topics such as <a href="/book/inst-source.html">UNIX compilation and configure directives</A> and Installing Nmap on <a href="/book/inst-linux.html">Linux</a>, <a href="/book/inst-windows.html">Windows</a>, <a href="/book/inst-macosx.html">Mac OS X</a>, <a href="/book/inst-bsd.html">Free/Open/NetBSD</a>, <a href="/book/inst-solaris.html">Solaris</a>, <a href="/book/inst-other-platforms.html">Amiga, and HP-UX</a>. It also covers <a href="/book/inst-removing-nmap.html">Nmap removal</a> in case you change your mind. <P>One of Nmap's most exciting new features is the <a href="/book/nse.html">Nmap Scripting Engine</a>, which extends Nmap's functionality using the simple and efficient <a href="https://lua.org">Lua</a> programming language. Nmap includes about 50 valuable scripts for network discovery and vulnerability detection, and you can also write your own. We describe the system in depth (from simple usage instructions to writing your own scripts) in our <a href="/book/nse.html">NSE guide</a>. We also have an <a href="/nsedoc/">NSE Documentation Portal</a> which includes detailed documentation for every NSE script and library. <P>Fyodor regularly gives conference presentations covering advanced Nmap usage and new features. Audio, video, and/or slides for many of these are available on <a href="/presentations/">his presentations page</a>. <P>Interested in how nmap uses TCP/IP fingerprinting for <a href="/book/osdetect.html">remote OS detection</a>? We have written a detailed article on the <a href="/book/osdetect.html">2nd Generation Nmap OS Detection System</a>. We also have an <A HREF="nmap-fingerprinting-old.html">old article about the 1st generation system</a>, which people have generously translated into <A HREF="nmap-fingerprinting-article-fr.html">French</A>, <A HREF="http://www.absoluta.org/absoluta/seguranca/seg_detect_os.html">Portuguese</A>, <A HREF="nmap-fingerprinting-article-it/stackf.html">Italian</A>, <A HREF="nmap-fingerprinting-article-ru.html">Russian</A>, <A HREF="nmap-fingerprinting-article-mx.html">Spanish</A>, <A HREF="nmap-fingerprinting-article-de.html">German</A>, <A HREF="nmap-fingerprinting-article-jp.html">Japanese</A>, <A HREF="nmap-fingerprinting-article-cn.html">Chinese</A>, <A HREF="nmap-fingerprinting-article-tw.html">Traditional Chinese (Big5)</A>, <A HREF="nmap-fingerprinting-article-tr.html">Turkish</A>, <A HREF="nmap-fingerprinting-article-il.html">Hebrew</A>, <A HREF="nmap-fingerprinting-article-id.html">Indonesian</A>, <A HREF="nmap-fingerprinting-article-nl.html">Dutch</A>. <A HREF="nmap-fingerprinting-article-pl.html">Polish</A>, and <A HREF="nmap-fingerprinting-article-se.html">Swedish</A>. <P><a href="/book/vscan.html">Nmap Version Detection</a>: Instead of using a simple nmap-services table lookup to determine a port's likely purpose, Nmap will (if asked) interrogate that TCP or UDP port to determine what service is really listening. In many cases it can determine the application name and version number as well. Obstacles like SSL encryption and Sun RPC are no threat, as Nmap can connect using OpenSSL (if available) as well as utilizing Nmap's RPC bruteforcer. IPv6 is also supported. Learn all about this great feature in our <a href="/book/vscan.html">Version Detection Paper</a><BR> <P>Nmap now has an official cross-platform GUI named <a href="/zenmap/">Zenmap</a>. It is included in most of the packages on the Nmap download page. It is documented in the <a href="/book/zenmap.html">Zenmap User's Guide</a>. More information is available from the <a href="/zenmap/">Zenmap site</a> and <a href="/zenmap/man.html">Zenmap man page</a>. <P>One of the coolest, yet still relatively obscure features of Nmap is the IPID Idle scan (-sI). Not only does this allow for a completely blind portscan (no packets sent to the target from your real IP), but it can even allow you to bypass packet filters in certain circumstances. We wrote a <A HREF="book/idlescan.html"> Idle scanning paper</A> describing this technique as well as several other exploits based on predictable IPID sequence numbers. It includes real-life examples as well as a section on defending yourself from these techniques. <P>The most important changes (features, bugfixes, etc) in each Nmap version are described in its <A HREF="changelog.html">ChangeLog</A>. <P>While it is now only of historical interest, Nmap was first released in a September 1, 1997 Phrack 51 Article titled <a href="p51-11.html">The Art of Port Scanning</a> <h2 id="books" class="purpleheader">More Books</h2> <P>This section covers books written/co-authored by Nmap author Fyodor or that cover Nmap extensively. <ul class="images"> <li> <a href="/book/"><img width=104 height=125 class="left" alt="'Nmap Network Scanning' cover" src="/book/cover/nns-front-cover-104x125.jpg"></a> <em><a href="/book/">Nmap Network Scanning</a></em> is the official guide to Nmap. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book by Nmap's original author suits all levels of security and networking professionals. The <a href="/book/man.html">reference guide</a> documents every Nmap feature and option, while the remainder demonstrates how to apply them to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. More than half of the book is <a href="/book/toc.html">available free online</a>. It was written in English but <a href="/book/#translations">has already been translated to other languages</a>. <li> <a href="https://insecure.org/stc/"><img width=95 height=125 class="left" alt="'Stealing the Network: How to Own a Continent' cover" src="/images/stc/cover_95_125.gif"></a> Fyodor has co-authored <em><a href="//insecure.org/stc/">Stealing the Network: How to Own a Continent</a></em>, a novel on hacking, along with FX, Joe Grand, Kevin Mitnick, Ryan Russell, Jay Beale, and several others. Their individual stories combine to describe a massive electronic financial heist. While the work is fiction, hacks are described in depth using real technology such as Nmap, Hping2, OpenSSL, etc. Stealing the Network: How to Own a Continent can be <a href="https://www.amazon.com/dp/1931836051?tag=secbks-20">purchased at Amazon (save $17)</a>, and your can <a href="https://insecure.org/stc/">read Fyodor's chapter online for free</a>. STC was a best-seller, ranking for a while as the second-highest selling computer book on Amazon. <li> <a href="https://insecure.org/stc/sti.html"><img width=95 height=125 class="left" alt="'Stealing the Network: How to Own an Identity' cover" src="/images/stc/sti_cover_95x125.gif"></a> Syngress has released a sequel: <em><a href="https://www.amazon.com/dp/1597490067?tag=secbks-20">Stealing the Network: How to Own an Identity</a></em>. They have generously allowed Fyodor to post his favorite chapter for free. So enjoy <a href="https://insecure.org/stc/sti.html">Bl@ckTo\/\/3r</a>, by Nmap contributor Brian Hatch. It is full of wry humor and creative security conundrums to keep the experts entertained, while it also offers security lessons on the finer points of SSH, SSL, and X Windows authentication and encryption. <li> <a href="https://www.amazon.com/exec/obidos/ASIN1849517487/secbks-20"><img width=95 height=125 class="left" alt="'Nmap 6: Network Exploration and Security Auditing Cookbook' cover" src="images/covers/Nmap6-Cookbook-Cover-95x125.gif"></a> Paulino Calder贸n Pale has written <em><a href="https://www.amazon.com/exec/obidos/ASIN/1849517487/secbks-20">Nmap 6: Network Exploration and Security Auditing Cookbook</a></em> (also available <a href="http://www.packtpub.com/network-mapper-6-exploration-and-security-auditing-cookbook/book">directly through Packt Publishing</a>). <li> <a href="https://www.amazon.com/dp/1782168311?tag=secbks-20"><img width=95 height=125 class="left" alt="'Mastering the Nmap Scripting Engine' cover" src="images/covers/Mastering-the-Nmap-Scripting-Engine-Cover-95x125.jpg"></a> Paulino has also written <em><a href="https://www.amazon.com/dp/1782168311?tag=secbks-20">Mastering the Nmap Scripting Engine</a></em> (also available <a href="https://www.packtpub.com/networking-and-servers/mastering-nmap-scripting-engine">directly through Packt Publishing</a>). <li> <a href="http://www.networkuptime.com/nmap/index.shtml"><img width=95 height=127 class="left" alt="'Secrets of Network Cartography' cover" src="images/covers/snc_cover_95x127.gif"></a> James Messer has written <em><a href="https://www.professormesser.com/nmap-book/">Secrets of Network Cartography</a></em>, a 230-page eBook on Nmap. PDFs can be <a href="https://www.professormesser.com/nmap-book/">purchased</a>, or you can <a href="http://www.networkuptime.com/nmap/index.shtml">view the ad-supported HTML version for free</a>. <li> <a href="https://www.amazon.com/exec/obidos/ASIN/1597492418/secbks-20"><img width=95 height=125 class="left" alt="'Nmap in the Enterprise' cover" src="images/covers/nmap-enterprise-cover-95x125.png"></a> Syngress has released <em><a href="https://www.amazon.com/exec/obidos/ASIN/1597492418/secbks-20">Nmap in the Enterprise: Your Guide to Network Scanning</a></em> by Angela Orebaugh and Becky Pinkard. </ul> <h2 class="purpleheader">3rd Party Docs</h2> <P>Some of the best (and certainly most creative!) documentation has been contributed by Nmap users themselves. If you write an interesting or useful document about Nmap, please send the announcement to <a href="https://nmap.org/mailman/listinfo/dev">nmap-dev</a> or directly to Fyodor. <P> James &ldquo;Professor&rdquo; Messer's "Nmap Secrets" training course is no longer available, but he still has <a href="https://www.professormesser.com/category/nmap/">lots of Nmap-related content</a> at <a href="https://www.professormesser.com/">ProfessorMesser.Com</a>. <P>A detailed <a href="/bennieston-tutorial/">Nmap Tutorial</a> was maintained between 2003 and 2006 by Andrew Bennieston (Stormhawk). <P>Mohamed Aly has created this single-page (PDF) <a href="/docs/nmap-mindmap.pdf">Nmap Mindmap</a> as a convenient reference to all of the major Nmap options. [2006] <P>Mark Wolfgang has written an excellent paper on advanced host discovery using Nmap. Here is the <A HREF="http://moonpie.org/writings/discovery.pdf">PDF paper</A> [<A HREF="docs/discovery.pdf">local copy</A>] and <A HREF="http://moonpie.org/tools/discover.tgz">associated source code</A>. [2002] <P>Adrian Crenshaw has made a couple excellent <i>video tutorials</i> in Flash. Check out <a href="http://www.irongeek.com/i.php?page=videos/nmap1">Volume 1: Basic Nmap Usage</a> and <a href="http://www.irongeek.com/i.php?page=videos/nmap2">Volume 2: Port Scan Boogaloo</a>. [2005] <P>Long-time Nmap contributor Lamont Granquist wrote a clear and useful (if dated) <A HREF="https://seclists.org/nmap-announce/1999/303">guide to getting started with nmap</A>. [1999] <P>Raven Alder has written a short guide named <a href="http://www.linuxchix.org/content/courses/security/nmap">Nmap -- looking from the outside in</a> for <a href="http://www.linuxchix.org">LinuxChix</a>. [2002] <P>Uh-oh! Security expert and <a href="https://www.amazon.com/exec/obidos/ASIN/0130332739/secbks-20">Counter Hack</a> author Ed Skoudis has discovered our <A HREF="http://www.counterhack.net/base_clippy_image.html">secret partnership with Microsoft</A>! </main><!-- content --> <footer id="nst-foot"> <form class="nst-search" id="nst-foot-search" action="/search/"> <input class="nst-search-q" name="q" type="search" placeholder="Site Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> <div class="flexlists"> <div class="fl-unit"> <h2><a class="nlink" href="https://nmap.org/">Nmap Security Scanner</a></h2> <ul> <li><a class="nlink" href="https://nmap.org/book/man.html">Ref Guide</a> <li><a class="nlink" href="https://nmap.org/book/install.html">Install Guide</a> <li><a class="nlink" href="https://nmap.org/docs.html">Docs</a> <li><a class="nlink" href="https://nmap.org/download.html">Download</a> <li><a class="nlink" href="https://nmap.org/oem/">Nmap OEM</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://npcap.com/">Npcap packet capture</a></h2> <ul> <li><a class="nlink" href="https://npcap.com/guide/">User's Guide</a> <li><a class="nlink" href="https://npcap.com/guide/npcap-devguide.html#npcap-api">API docs</a> <li><a class="nlink" href="https://npcap.com/#download">Download</a> <li><a class="nlink" href="https://npcap.com/oem/">Npcap OEM</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://seclists.org/">Security Lists</a></h2> <ul> <li><a class="nlink" href="https://seclists.org/nmap-announce/">Nmap Announce</a> <li><a class="nlink" href="https://seclists.org/nmap-dev/">Nmap Dev</a> <li><a class="nlink" href="https://seclists.org/fulldisclosure/">Full Disclosure</a> <li><a class="nlink" href="https://seclists.org/oss-sec/">Open Source Security</a> <li><a class="nlink" href="https://seclists.org/dataloss/">BreachExchange</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://sectools.org">Security Tools</a></h2> <ul> <li><a class="nlink" href="https://sectools.org/tag/vuln-scanners/">Vuln scanners</a> <li><a class="nlink" href="https://sectools.org/tag/pass-audit/">Password audit</a> <li><a class="nlink" href="https://sectools.org/tag/web-scanners/">Web scanners</a> <li><a class="nlink" href="https://sectools.org/tag/wireless/">Wireless</a> <li><a class="nlink" href="https://sectools.org/tag/sploits/">Exploitation</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://insecure.org/">About</a></h2> <ul> <li><a class="nlink" href="https://insecure.org/fyodor/">About/Contact</a> <li><a class="nlink" href="https://insecure.org/privacy.html">Privacy</a> <li><a class="nlink" href="https://insecure.org/advertising.html">Advertising</a> <li><a class="nlink" href="https://nmap.org/npsl/">Nmap Public Source License</a> </ul> </div> <div class="fl-unit social-links"> <a class="nlink" href="https://twitter.com/nmap" title="Visit us on Twitter"> <img width="32" height="32" src="/shared/images/nst-icons.svg#twitter" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://facebook.com/nmap" title="Visit us on Facebook"> <img width="32" height="32" src="/shared/images/nst-icons.svg#facebook" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://github.com/nmap/" title="Visit us on Github"> <img width="32" height="32" src="/shared/images/nst-icons.svg#github" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://reddit.com/r/nmap/" title="Discuss Nmap on Reddit"> <img width="32" height="32" src="/shared/images/nst-icons.svg#reddit" alt="" aria-hidden="true"> </a> </div> </div> </footer> </div><!-- wrapper --> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10