Nmap
What is Nmap?
NmapAn open-source network scanner used to map hosts, enumerate open ports and services, and fingerprint operating systems on IP networks.
Nmap (Network Mapper) is a free, open-source utility created by Gordon Lyon (Fyodor) in 1997 for network discovery and security auditing. It sends crafted IP, TCP, UDP, and ICMP probes to identify live hosts, open ports, running services, software versions, and operating systems, and supports scripted detection through the Nmap Scripting Engine (NSE). Penetration testers, network admins, blue teams, and attackers all rely on Nmap, so its fingerprintable scans are also a useful detection signal. Scanning systems without authorization can be illegal and is routinely flagged by IDS/IPS sensors and CSPM tools, so engagement scoping is critical.
● Examples
- 01
Running nmap -sV -p- against a scoped pentest range to enumerate service versions.
- 02
Detecting an Nmap SYN scan via Snort signatures on a perimeter sensor.
● Frequently asked questions
What is Nmap?
An open-source network scanner used to map hosts, enumerate open ports and services, and fingerprint operating systems on IP networks. It belongs to the Defense & Operations category of cybersecurity.
What does Nmap mean?
An open-source network scanner used to map hosts, enumerate open ports and services, and fingerprint operating systems on IP networks.
How does Nmap work?
Nmap (Network Mapper) is a free, open-source utility created by Gordon Lyon (Fyodor) in 1997 for network discovery and security auditing. It sends crafted IP, TCP, UDP, and ICMP probes to identify live hosts, open ports, running services, software versions, and operating systems, and supports scripted detection through the Nmap Scripting Engine (NSE). Penetration testers, network admins, blue teams, and attackers all rely on Nmap, so its fingerprintable scans are also a useful detection signal. Scanning systems without authorization can be illegal and is routinely flagged by IDS/IPS sensors and CSPM tools, so engagement scoping is critical.
How do you defend against Nmap?
Defences for Nmap typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Nmap?
Common alternative names include: Network Mapper.
● Related terms
- defense-ops№ 1218
Vulnerability Scanning
Automated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses.
- defense-ops№ 905
Reconnaissance
The first phase of an attack, in which adversaries gather information about a target's people, technology, and exposure before launching intrusion attempts.
- defense-ops№ 813
Penetration Testing
An authorized, simulated cyberattack against systems, applications, or people to identify exploitable weaknesses before real adversaries do.
- network-security№ 547
Intrusion Detection System (IDS)
A passive security control that monitors network or host activity for malicious behaviour and raises alerts without blocking traffic.
- defense-ops№ 072
Attack Surface Management (ASM)
Continuous discovery, inventory, classification, and monitoring of all assets that expose an organization to potential cyberattack.
- defense-ops№ 718
Nessus
A commercial vulnerability scanner from Tenable that identifies missing patches, misconfigurations, and exposed services across networks, endpoints, and cloud workloads.
● See also
- № 577Kali Linux
- № 1035Shodan