Key Takeaways<\/title>\n <link href=\"https:\/\/fonts.googleapis.com\/css2?family=Montserrat:wght@400;700&display=swap\" rel=\"stylesheet\">\n<\/head>\n<body style=\"font-family: 'Montserrat', sans-serif; letter-spacing: 0.5px;\">\n <div style=\"background-color: #fff; border: 2px solid #d9d9d9; border-radius: 10px; padding: 20px; max-width: 800px; margin: 20px auto; box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);\">\n <h3 style=\"font-size: 18px; color: #2b2bb7; margin-bottom: 15px;\">Key Takeaways<\/h3>\n <ul style=\"list-style-type: none; padding: 0; margin: 0 0 20px 0;\">\n <li style=\"font-size: 16px; color: #555; margin-bottom: 10px; padding-left: 20px; position: relative; letter-spacing: 0.5px;\">\n <span style=\"color: #555; font-size: 20px; position: absolute; left: 0; top: -2px;\">\u2022<\/span>\n Nmap can perform various scans, such as port scanning, host discovery, and vulnerability detection. It’s useful for identifying potential security issues across a network, making it a powerful tool for both security professionals and malicious hackers.\n <a href=\"#getting-started\" style=\"font-style: italic; margin-left: 5px; color: #bb65ff;\">(Jump to Section)<\/a>\n <\/li>\n <li style=\"font-size: 16px; color: #555; margin-bottom: 10px; padding-left: 20px; position: relative; letter-spacing: 0.5px;\">\n <span style=\"color: #555; font-size: 20px; position: absolute; left: 0; top: -2px;\">\u2022<\/span>\n Nmap includes a rich library of scripts for detecting specific vulnerabilities. Users can also create custom scripts to enhance its functionality, allowing tailored scans for unique environments.\n <a href=\"#how-to-use\" style=\"font-style: italic; margin-left: 5px; color: #bb65ff;\">(Jump to Section)<\/a>\n <\/li>\n <li style=\"font-size: 16px; color: #555; margin-bottom: 10px; padding-left: 20px; position: relative; letter-spacing: 0.5px;\">\n <span style=\"color: #555; font-size: 20px; position: absolute; left: 0; top: -2px;\">\u2022<\/span>\n Nmap provides detailed reports on the vulnerabilities detected, which can be exported in multiple formats. This feature helps organizations document findings and take appropriate actions to mitigate risks.\n <a href=\"#reports\" style=\"font-style: italic; margin-left: 5px; color: #bb65ff;\">(Jump to Section)<\/a>\n <\/li>\n <\/ul>\n <\/div>\n<\/body>\n<\/html>\n\n\n\n<p>The powerful open-source tool Nmap scans the ports of network devices and probes website domains for known vulnerabilities. Since both internal security teams and malicious hackers can use Nmap, internal security teams should make sure to perform the scan first!<\/p>\n\n\n\n<p>To become familiar with Nmap as a basic tool to detect basic vulnerabilities this article will cover:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#getting-started\">Getting Started with Nmap<\/a><\/li>\n\n\n\n<li><a href=\"#vulnerability-scanning\">Nmap Vulnerability Scanning<\/a><\/li>\n\n\n\n<li><a href=\"#vuln-vs-vulners-vs-vulscan\">Vuln vs Vulners vs Vulscan<\/a><\/li>\n\n\n\n<li><a href=\"#utilization\">How Do Attackers Use Nmap?<\/a><\/li>\n\n\n\n<li><a href=\"#pros-and-cons\">Pros and Cons of Using Nmap<\/a><\/li>\n\n\n\n<li><a href=\"#alternatives\">Nmap Vulnerability Scanner Alternatives<\/a><\/li>\n\n\n\n<li><a href=\"#bottom-line\">Bottom Line: Use Nmap for Inexpensive, Effective Vulnerability Scanning<\/a><\/li>\n<\/ul>\n\n\n\n<p>If you’re looking for an easy-to-use vulnerability scanner with good technical support, Intruder \u2014 this article’s sponsor \u2014 is one such tool, with enterprise-grade protection covering more than 10,000 security checks, from internal scans out to the perimeter, web applications and the cloud.<\/p>\n\n\n\n<p>Try Intruder free for 14 days!<\/p>\n\n\n\n<div class=\"wp-block-kadence-advancedbtn kb-buttons-wrap kb-btns20825_ed6c45-75\"><a class=\"kb-button kt-button button kb-btn20825_bb032e-ed kt-btn-size-standard kt-btn-width-type-auto kb-btn-global-fill kt-btn-has-text-true kt-btn-has-svg-false wp-block-kadence-singlebtn\" href=\"https:\/\/www.intruder.io\/?utm_source=referral&utm_campaign=technologyadvice-vulnerability-scanning-what-it-is-and-how-to-do-it-right\" target=\"_blank\" rel=\"noreferrer noopener nofollow sponsored\"><span class=\"kt-btn-inner-text\">Visit Intruder<\/span><\/a><\/div>\n\n\n\n<p><\/p>\n\n\n<div class=\"icp-list icp-list-main icp-list-body-top3 row\">\n \n \n <\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\" id=\"getting-started\">Getting Started with Nmap<\/h2>\n\n\n\n<p>Nmap, or network map, provides open-source and free capabilities for auditing IT infrastructure, such as port scanning, host discovery, or device identification across a network. Both pen testers and threat actors use Nmap to collect information about their target, and Nmap has been <a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/free-cybersecurity-services-and-tools\" target=\"_blank\" rel=\"noreferrer noopener\">recognized by CISA<\/a> as an important free tool for <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security\/\">network security<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Installing Nmap<\/h3>\n\n\n\n<p>Nmap began as a Linux utility, but it\u2019s now available for all major operating systems, including Windows and macOS. Nmap comes pre-installed on several versions of Linux including <a href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/\">Kali Linux<\/a>. Other Linux systems users can use the command \u201capt-get install Nmap\u201d to install it.<\/p>\n\n\n\n<p>Users of all operating systems can <a href=\"https:\/\/nmap.org\/download.html\" target=\"_blank\" rel=\"noreferrer noopener\">download<\/a> Nmap as well as the <a href=\"https:\/\/nmap.org\/zenmap\/\" target=\"_blank\" rel=\"noreferrer noopener\">ZeNmap<\/a> graphical user interface (GUI) front-end for Nmap. Those that prefer to use github can clone the official git repository using this command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone <a href=\"https:\/\/github.com\/nmap\/nmap.git\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/github.com\/Nmap\/Nmap.git<\/a> <\/code><\/pre>\n\n\n\n<p>After installing Nmap, users can use the command line or ZeNmap to <a href=\"https:\/\/www.esecurityplanet.com\/products\/nmap\/\">execute simple commands<\/a> to map the local domain, scan ports on a host, and detect operating system versions running on hosts.<\/p>\n\n\n\n<p>Many open source software packages have been infected with malware. To verify that the specific download of Nmap matches the intended contents, an organization can compare the download against the <a href=\"https:\/\/nmap.org\/dist\/sigs\/?C=M&O=D\" target=\"_blank\" rel=\"noreferrer noopener\">signature records<\/a> maintained by Nmap.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Built-in Nmap Scripts<\/h3>\n\n\n\n<p>Running basic functions can be tedious. Users increase the capabilities of Nmap by running built-in Nmap scripts. These scripts should be periodically updated by running this command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo Nmap --script-updatedb<\/code><\/pre>\n\n\n\n<p>An overview of basic commands and example scripts can be found in <a href=\"https:\/\/www.esecurityplanet.com\/products\/nmap\/\">Nmap: Pen Testing Product Overview and Analysis<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Using Custom Nmap Scripts<\/h3>\n\n\n\n<p>Advanced users may prefer to combine multiple lines of instructions or more complex commands using the Python language and the <a href=\"https:\/\/pypi.org\/project\/python-nmap\/\" target=\"_blank\" rel=\"noreferrer noopener\">Python-Nmap package<\/a>. Advanced users can also use the <a href=\"https:\/\/nmap.org\/book\/nse.html\" target=\"_blank\" rel=\"noreferrer noopener\">Nmap Scripting Engine (NSE)<\/a> to enable network discovery, vulnerability detection (e.g., backdoor), and even specific exploits using the <a href=\"https:\/\/www.lua.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Lua programming language<\/a>. These scripts are .nse files and will typically contain comments for end users and code instructions for the machines.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"vulnerability-scanning\">Nmap Vulnerability Scanning<\/h2>\n\n\n\n<p>Nmap\u2019s <a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-scanning-tools\/\">vulnerability scanning<\/a> capabilities rely upon the vulnerability-detecting scripts categorized under \u201cvuln\u201d for vulnerability or custom scripts. Users can run built-in scripts individually or collectively using the \u201cvuln\u201d command. In addition, users can also download custom scripts such as Vulscan or Vulners.<\/p>\n\n\n\n<p>As with any penetration testing or vulnerability scan, users must keep in mind that these invasive scans should only be performed with permission. Even scanning a system without permission could lead to attempts to impose fines or jail time depending upon the jurisdiction. For more information, a user can investigate regulations such as those found in the US (The Computer Fraud and Abuse Act), England (Computer Misuse Act 1990), India (Information Technology Act Sec. 43 and 66), Japan (The Act on the Prohibition of Unauthorised Computer Access), and many other countries.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Specific Nmap Vulnerability Scans<\/h3>\n\n\n\n<p>Nmap scripts contain well over 100 specific scans for vulnerabilities that can be run against domains or against specific host IP addresses. A <a href=\"https:\/\/nmap.org\/nsedoc\/categories\/vuln.html\" target=\"_blank\" rel=\"noreferrer noopener\">comprehensive list<\/a> of scanned vulnerabilities can be found on the Nmap website.<\/p>\n\n\n\n<p><strong>Application Scans:<\/strong> Run Nmap against a target domain (ex: esecurityplanet.com) to check websites for vulnerabilities such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>http-csrf:<\/strong> Detect Cross-Site Request Forgery (CSRF) vulnerabilities by entering the command: Nmap -sV –script http-csrf <target domain><\/li>\n\n\n\n<li><strong>http-sherlock:<\/strong> Check if the \u201cshellshock\u201d vulnerability can be exploited in web applications by entering the command: Nmap -sV –script http-sherlock <target domain><\/li>\n<\/ul>\n\n\n\n<p><strong>IT Host Scans:<\/strong> Run Nmap against a target IP address (ex: 166.96.06.4) to check for host vulnerabilities such as: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>dns-update:<\/strong> Attempt to perform a dynamic domain name service (DNS) update without authentication by entering the command: Nmap -sU -p 53 –script=dns-update –script-args=dns-update.hostname=foo.example.com,dns-update.ip=192.0.2.1 <target IP address><\/li>\n\n\n\n<li><strong>smb-vuln-cve-2017-7494:<\/strong> Check if target IP address are vulnerable to the arbitrary shared library load vulnerability by using a script such as: Nmap –script smb-vuln-cve-2017-7494 -p 445 <target IP address><\/li>\n<\/ul>\n\n\n\n<p><strong>Government advocated Nmap scripts<\/strong> will sometimes be released or promoted on official websites to help organizations address specific vulnerabilities. For example, the UK government maintains an <a href=\"https:\/\/github.com\/ukncsc\/SME\/\" target=\"_blank\" rel=\"noreferrer noopener\">open-source GitHub repository<\/a> to help organizations scan networks for the Exim MTA vulnerability as part of the <a href=\"https:\/\/www.ncsc.gov.uk\/blog-post\/introducing-scanning-made-easy\" target=\"_blank\" rel=\"noreferrer noopener\">Scanning Made Easy<\/a> project from the National Cyber Security Centre (NCSC) and its i100 industry partnership.<\/p>\n\n\n\n<p>The repository provides a collection of officially promoted Nmap scripts to users, such as sysadmins, for detecting system vulnerabilities. The initial UK script focuses on the Exim message transfer agent (MTA) remote code execution vulnerabilities <a href=\"https:\/\/www.exim.org\/static\/doc\/security\/CVE-2020-qualys\/21nails.txt\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2020-28017 through CVE-2020-28026<\/a>, also known as 21Nails.<\/p>\n\n\n\n<p>The script contains information on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How it checks for the presence of the vulnerability<\/li>\n\n\n\n<li>Why the check is not intrusive<\/li>\n\n\n\n<li>Why there may be false positives and false negatives<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"how-to-use\">How to Use Vuln<\/h3>\n\n\n\n<p>Nmap can scan a target domain or IP address for all vulnerabilities in the default script library for the \u201cvuln\u201d category with the appropriately named Vuln command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo Nmap --script vuln <target domain or IP Address> -v<\/code><\/pre>\n\n\n\n<p>Note that the command may require \u201csudo\u201d in Linux to run the command as a super user or as the Linux equivalent of an administrator. In most cases, elevated privileges will be required to run the more invasive and probing commands for Nmap. The -v, or verbosity, flag will provide extensive information about the tests run and their results.<\/p>\n\n\n\n<p>Running these commands can be dangerous because of invasive and disruptive aspects of specific vulnerability scans. Instead of simply obtaining information, certain scans attempt to verify a vulnerability by attempting to exploit the vulnerability. In some cases, a successful exploitation will result in changes to the service or even crashing the service, website, or operating system.<\/p>\n\n\n\n<p>A subset of the vulnerability scans can be performed using wildcards or asterisks (*) to run multiple scripts with similar names simultaneously. For example, adding the wildcard after the http command (http*) will run all vulnerability scans that start with \u201chttp\u201d against a targeted domain.<\/p>\n\n\n\n<p>When using any of the bulk scans, the results can become overwhelming and some users will want to exclude low CVSS score vulnerabilities. To only show vulnerabilities within a certain range, add the following flag to the command where \u201cx.x\u201d is the CVSS score (ex: 6.5).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>--script-args=mincvss=x.x<\/code><\/pre>\n\n\n\n<p>The complete command to exclude vulnerabilities below 6.5 would be:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Nmap --script vuln --script-args mincvss=6.5 <target><\/code><\/pre>\n\n\n\n<p id=\"reports\">Results of the scan can be exported in various file formats by adding flags followed by the file name in the command. This export will make it easier to share information or make the vulnerabilities available for other software.<\/p>\n\n\n\n<p>Two common examples of the complete command are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>XML File:<\/strong> Nmap –script vuln -oX file.xml <target><\/li>\n\n\n\n<li><strong>Browser Friendly XML File:<\/strong> Nmap –script vuln \u2013webxml -oX file.xml <target><\/li>\n<\/ul>\n\n\n\n<p>Of course, the basic set of vulnerability scans may not be sufficient for some users because it only examines a limited, although important, set of vulnerabilities. Advanced users may download custom scripts such as Vulscan or Vulners to access a larger database of vulnerabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How to Use Vulscan<\/h3>\n\n\n\n<p>To use the NSE script Vulscan, a user must first clone the software from the github repository using the git command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo git clone https:\/\/github.com\/scipag\/vulscan<\/code><\/pre>\n\n\n\n<p>The user may need to make a soft link to the NSE scripts directory by executing the following command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ln -s pwd \/scipag_vulscan \/usr\/share\/Nmap\/scripts\/vulscan<\/code><\/pre>\n\n\n\n<p>In this case, \/usr\/share\/Nmap\/scripts\/vulscan is the presumed directory for Nmap scripts on the user\u2019s machine, but this directory may be adjusted as necessary. Once the directory is known to Nmap, Vulscan is available to be called by the \u2013script flag to run additional vulnerability checks using the following syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo Nmap -sV --script=vulscan\/vulscan.nse <target IP address or host name><\/code><\/pre>\n\n\n\n<p>Vulscan can be run to detect IT vulnerabilities against an IP address in the network or software vulnerabilities against a host name (ex: esecurityplanet.com). Vulscan will run non-invasive tests for all applicable vulnerabilities against the target. The results will display the port followed by limited information on the specific CVEs discovered.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How to Use Vulners<\/h3>\n\n\n\n<p>Vulners will typically be included in the standard Nmap NSE scripts, but a user can also clone the NSE script for Vulners from its github repository using the git command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo git clone https:\/\/github.com\/vulnersCom\/Nmap-vulners.git \/usr\/share\/Nmap\/scripts\/vulners<\/code><\/pre>\n\n\n\n<p>The file directory \/usr\/share\/Nmap\/scripts\/vulscan is the presumed directory for Nmap scripts on the user\u2019s machine, but this directory may be adjusted as necessary. Once cloned, Vulners is available to be called by the \u2013script flag using the following syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo Nmap -sV --script Nmap-vulners\/vulners.nse <target host or IP address><\/code><\/pre>\n\n\n\n<p>Users can target specific ports on an IP address by adding -p<#> (ex: -p80 to target port 80) at the end of the command line. The results will display the discovered CVEs and will link to the Vulners website for more information.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"vuln-vs-vulners-vs-vulscan\">Vuln vs Vulners vs Vulscan<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><\/th><th>Vuln<\/th><th>Vulners<\/th><th>Vulscan<\/th><\/tr><\/thead><tbody><tr><td><strong>Included Nmap scripts<\/strong><\/td><td>Yes<\/td><td>Yes<\/td><td>No<\/td><\/tr><tr><td><strong>Sends CPE data outside of the organization<\/strong><\/td><td>No<\/td><td>Yes*<\/td><td>No<\/td><\/tr><tr><td><strong>Requires download of vulnerability database<\/strong><\/td><td>No, but limited CVEs<\/td><td>No*<\/td><td>Yes<\/td><\/tr><tr><td><strong>Confidence<\/strong><\/td><td>High<\/td><td>Depends<\/td><td>Depends<\/td><\/tr><tr><td><strong>Potentially Disruptive<\/strong><\/td><td>Yes<\/td><td>No<\/td><td>No<\/td><\/tr><tr><td><strong>When to Use<\/strong><\/td><td>Thorough accurate scan of key vulnerabilities<\/td><td>In depth scan, no concern for sending out CPE Data<\/td><td>More in-depth scan and a desire not to release CPE data<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\">*Vulners has the option to download and use a local database.<\/figcaption><\/figure>\n\n\n\n<p><strong>Vuln and Vulners are included<\/strong> in the basic NSE script database and will be updated when updating all scripts for Nmap. <strong>Vulscan is not included<\/strong> in the basic script set and must be downloaded and updated separately. <\/p>\n\n\n\n<p><strong>Vulners sends common platform enumeration (CPE) information<\/strong> received from port scans to vulners.com using the site\u2019s API to actively download the latest common vulnerabilities and exposures (CVE) information from the site\u2019s database. Vulners also requires internet access to reach the external databases of vulnerabilities. <\/p>\n\n\n\n<p>This information sharing of vulnerabilities may not be appropriate for organizations deeply concerned about the secrecy of their environment. There is an option with Vulscan to use a local database, but this generally removes the advantage of using Vulscan\u2019s fully updated database. <\/p>\n\n\n\n<p><strong>Vuln and Vulscan do not send CPE information<\/strong> outside of the scanned organization and use locally stored vulnerability databases.<\/p>\n\n\n\n<p>The advantage of sending the CPE information is that<strong> Vulners hosts a fully updated set of CVEs<\/strong>. <strong>Vuln only detects 150 top vulnerabilities<\/strong> for systems and <strong>Vulscan uses an offline copy<\/strong> of vulnerability databases.<\/p>\n\n\n\n<p><strong>Vuln can risk disruption<\/strong> because Vuln tests for the presence of some vulnerabilities by attempting to verify exploitation and disruption or corruption of that service. However, the active probing will increase confidence and reduce the chance of a false positive. <\/p>\n\n\n\n<p><strong>Vulners and Vulscan avoid the risk of disruption<\/strong> because they do not attempt to verify or exploit vulnerabilities. The confidence in both of these tools depends upon the accuracy and precision of the detection capabilities of the specific version of Nmap. Both of these tools may also be confused by non-standard, custom, or patched builds of specific services, which may lead to more false positives.<\/p>\n\n\n\n<p>Of the three tools, the <strong>Vuln category of scripts can immediately produce highly accurate scans<\/strong> for a limited set of important vulnerabilities. However, while the number of vulnerabilities is small, the in-depth probing of the vulnerability <strong>can take 3-4 times longer than Vulners or Vulscan<\/strong>.<\/p>\n\n\n\n<p>While both of the manually downloaded vulnerability scanners will enjoy a much more extensive and robust selection of CVEs to detect, <strong>Vulners will typically be the most updated scan<\/strong> since IT teams may forget to manually update Vulscan databases. But for more secretive organizations that need to avoid releasing CPE information, <strong>Vulscan\u2019s use of a local database<\/strong> may be the best choice among the Nmap options.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"utilization\">How Do Attackers Use Nmap?<\/h2>\n\n\n\n<p>Attackers use Nmap to scan large networks quickly by using raw IP packets to identify available hosts and services on the network and determine their vulnerabilities. Hackers and pen testers typically add specific options to cover their tracks.<\/p>\n\n\n\n<p>Decoy scans add the -D option flag (Nmap -p 123 -D decoyIP targetIP), to hide the attacking IP address and send source-spoofed packets to the target in addition to the scanning machine packets. The additional packets make port scan detection harder for defenders.<\/p>\n\n\n\n<p>Attackers can also run zombie scans, also known as idle scans. This side-channel attack attempts to send forged SYN packets to the target using the IP address of the \u201czombie\u201d endpoint on the network. This method attempts to fool the <a href=\"https:\/\/www.esecurityplanet.com\/products\/intrusion-detection-and-prevention-systems\/\">intrusion detection system (IDS)<\/a> into mistaking the innocent zombie computer for the attacker. A more thorough review of Nmap attacks can be found in the <a href=\"https:\/\/www.esecurityplanet.com\/products\/nmap\/\">Nmap Ultimate Guide: Pentest Product Review and Analysis<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Do Host Systems Detect Nmap Scans?<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/siem-tools\/\">SIEM tools<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/products\/top-ngfw\/\">firewalls<\/a>, and other defensive tools, can receive alerts from systems and the scanned system will log the successful TCP requests from the many Nmap port scans. More sophisticated IDS\/IDP tools might also detect malformed TCP requests, such as the Nmap stealthy requests that do not complete a TCP connection. Disruptive scans that cause system or service failure will definitely be detected by systems as well as by affected users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"pros-and-cons\">Pros and Cons of Using Nmap<\/h2>\n\n\n\n<p>Nmap provides powerful vulnerability capabilities and should be under consideration for use within most organizations. However, there are many reasons why Nmap is not used universally.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pros: Reasons to Use Nmap<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Open source and free<\/strong> so great for hackers, students, and all organizations<\/li>\n\n\n\n<li><strong>Quick scans<\/strong> provide a fast look at potential vulnerabilities<\/li>\n\n\n\n<li><strong>Lightweight TCP scans<\/strong> do not consume enormous network bandwidth and can escape some network security tools<\/li>\n\n\n\n<li><strong>A hacker preview<\/strong> for organizations checking their internal systems<\/li>\n\n\n\n<li><strong>Scriptable scans<\/strong> enable an organization to create repeatable vulnerability scans usable by non-technical users and for hackers to embed Nmap commands and scans into malware<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cons: Reasons Not to Use Nmap<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Less user friendly<\/strong> than commercial tools with more advanced GUIs<\/li>\n\n\n\n<li><strong>Easy to make mistakes<\/strong> with command line entries<\/li>\n\n\n\n<li><strong>Lack of programmers<\/strong> in an organization\u2019s IT staff to create custom scripts or understand Nmap scripts<\/li>\n\n\n\n<li><strong>Less formal support<\/strong> than commercial tools<\/li>\n\n\n\n<li><strong>Limited vulnerability scans<\/strong> through the basic vuln command<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"alternatives\">Nmap Vulnerability Scanner Alternatives<\/h2>\n\n\n\n<p>Nmap remains a popular tool among many, but it certainly is not the only vulnerability scanner available. <a href=\"https:\/\/www.esecurityplanet.com\/applications\/open-source-vulnerability-scanners\/\">Open-source vulnerability scanner<\/a> options for applications include OSV-Scanner or OWASP Zed Attack Proxy (ZAP) and for infrastructure include CloudSploit or OpenVAS.<\/p>\n\n\n\n<p>There are many commercially available vulnerability scanners as well. The <a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-scanning-tools\/\">best vulnerability scanners<\/a> for applications or infrastructure include Invicti, Tenable.io, ManageEngine\u2019s Vulnerability Manager Plus, as well as others listed below:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"bottom-line\">Bottom Line: Use Nmap for Inexpensive, Effective Vulnerability Scanning<\/h2>\n\n\n\n<p>Nmap provides a no-cost option to detect vulnerabilities, double-check the results of commercial vulnerability scanners, or provide an effective sneak peek at the way a hacker might view opportunities in the organization\u2019s infrastructure. Everyone, even an organization selecting to use a commercial vulnerability scanner, should consider using Nmap as a vulnerability scanning tool in their arsenal.<\/p>\n\n\n\n<p>Read next: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/vulnerability-management-software\/\">Top Vulnerability Management Tools<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-scanning-tools\/\">The 8 Best Vulnerability Scanner Tools for 2023<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/applications\/open-source-vulnerability-scanners\/\">10 Best Open-Source Vulnerability Assessment Tools for 2023<\/a><\/li>\n<\/ul>\n\n\n\n<p><em>This article was originally written by <a href=\"https:\/\/www.esecurityplanet.com\/author\/jmaury\/\">Julien Maury<\/a> on February 8, 2022 and revised by <a href=\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\">Chad Kime<\/a> on July 14, 2023.<\/em><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6fcc650835-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n \n<div\n style=\"\n --ta-campaign-plugin-primary: #3545ed;\n --ta-campaign-plugin-button-text: #fff;\n --ta-campaign-plugin-button-hover-background: #3231b4;\n --ta-campaign-plugin-button-hover-text: #fff;\n --ta-campaign-plugin-button-toggle-background: #3231b4;\n --ta-campaign-plugin-button-toggle-text: #3231B4;\n \"\n data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n <div\n id=\"ta-campaign-widget-66d6fcc650835\"\n class=\"ta-campaign-widget ta-campaign-widget--popup\"\n data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6fcc650835\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n <div class=\"ta-campaign-widget__exit\">\n <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n <\/svg>\n <\/div>\n \n <div class=\"ta-campaign-widget__wrapper\">\n <div class=\"ta-campaign-widget__header mb-6\">\n <h3 class=\"ta-campaign-widget__tagline\">\n Get the Free Cybersecurity Newsletter <\/h3>\n \n \n <p class=\"ta-campaign-widget__content mt-6\">\n Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday <\/p>\n <\/div>\n\n <form class=\"ta-campaign-widget__form\">\n <div class=\"ta-campaign-widget__input mb-4\" data-field=\"email\">\n <label\n class=\"sr-only\"\n for=\"email-66d6fcc650835\">\n Email Address\n <\/label>\n <input\n class=\"ta-campaign-widget__input__text\"\n placeholder=\"Work Email Address\"\n id=\"email-66d6fcc650835\"\n name=\"email\"\n type=\"email\">\n <\/div>\n\n <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n <div class=\"flex items-start\">\n <input\n id=\"opt-in-66d6fcc650835\"\n class=\"ta-campaign-widget__checkbox__input mr-2\"\n name=\"opt-in\"\n type=\"checkbox\"\/>\n <label\n class=\"ta-campaign-widget__checkbox__label\"\n for=\"opt-in-66d6fcc650835\">\n By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time. <\/label>\n <\/div>\n <\/div>\n \n <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n Subscribe <\/button>\n <\/form>\n <\/div>\n <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.<\/p>\n","protected":false},"author":271,"featured_media":20828,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14,17],"tags":[9651,10917],"b2b_audience":[33],"b2b_industry":[],"b2b_product":[377],"class_list":["post-20825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","category-products","tag-faq","tag-vulnerability-scanning","b2b_audience-awareness-and-consideration","b2b_product-gateway-and-network-security"],"acf":[],"yoast_head":"\n<title>How To Use Nmap for Vulnerability Scanning: Complete Tutorial<\/title>\n<meta name=\"description\" content=\"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How To Use Nmap for Vulnerability Scanning: Complete Tutorial\" \/>\n<meta property=\"og:description\" content=\"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-14T09:20:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-31T13:16:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"420\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chad Kime\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chad Kime\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\"},\"author\":{\"name\":\"Chad Kime\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\"},\"headline\":\"How To Use Nmap for Vulnerability Scanning: Complete Tutorial\",\"datePublished\":\"2023-07-14T09:20:00+00:00\",\"dateModified\":\"2024-05-31T13:16:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\"},\"wordCount\":2743,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\",\"keywords\":[\"FAQ\",\"vulnerability scanning\"],\"articleSection\":[\"Networks\",\"Products\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\",\"name\":\"How To Use Nmap for Vulnerability Scanning: Complete Tutorial\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\",\"datePublished\":\"2023-07-14T09:20:00+00:00\",\"dateModified\":\"2024-05-31T13:16:04+00:00\",\"description\":\"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\",\"width\":900,\"height\":420},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Use Nmap for Vulnerability Scanning: Complete Tutorial\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\",\"name\":\"Chad Kime\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"caption\":\"Chad Kime\"},\"description\":\"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\"}]}<\/script>\n","yoast_head_json":{"title":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial","description":"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/","og_locale":"en_US","og_type":"article","og_title":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial","og_description":"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/","og_site_name":"eSecurity Planet","article_published_time":"2023-07-14T09:20:00+00:00","article_modified_time":"2024-05-31T13:16:04+00:00","og_image":[{"width":900,"height":420,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","type":"image\/png"}],"author":"Chad Kime","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Chad Kime","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/"},"author":{"name":"Chad Kime","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9"},"headline":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial","datePublished":"2023-07-14T09:20:00+00:00","dateModified":"2024-05-31T13:16:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/"},"wordCount":2743,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","keywords":["FAQ","vulnerability scanning"],"articleSection":["Networks","Products"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/","url":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/","name":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","datePublished":"2023-07-14T09:20:00+00:00","dateModified":"2024-05-31T13:16:04+00:00","description":"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","width":900,"height":420},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9","name":"Chad Kime","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","caption":"Chad Kime"},"description":"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.","url":"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20825"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/271"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=20825"}],"version-history":[{"count":7,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20825\/revisions"}],"predecessor-version":[{"id":35660,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20825\/revisions\/35660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/20828"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=20825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=20825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=20825"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=20825"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=20825"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=20825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":20825,"date":"2023-07-14T09:20:00","date_gmt":"2023-07-14T09:20:00","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=20825"},"modified":"2024-05-31T13:16:04","modified_gmt":"2024-05-31T13:16:04","slug":"nmap-vulnerability-scanning-made-easy","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/","title":{"rendered":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial"},"content":{"rendered":"\n\n\n\n \n \n Key Takeaways<\/title>\n <link href=\"https:\/\/fonts.googleapis.com\/css2?family=Montserrat:wght@400;700&display=swap\" rel=\"stylesheet\">\n<\/head>\n<body style=\"font-family: 'Montserrat', sans-serif; letter-spacing: 0.5px;\">\n <div style=\"background-color: #fff; border: 2px solid #d9d9d9; border-radius: 10px; padding: 20px; max-width: 800px; margin: 20px auto; box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);\">\n <h3 style=\"font-size: 18px; color: #2b2bb7; margin-bottom: 15px;\">Key Takeaways<\/h3>\n <ul style=\"list-style-type: none; padding: 0; margin: 0 0 20px 0;\">\n <li style=\"font-size: 16px; color: #555; margin-bottom: 10px; padding-left: 20px; position: relative; letter-spacing: 0.5px;\">\n <span style=\"color: #555; font-size: 20px; position: absolute; left: 0; top: -2px;\">\u2022<\/span>\n Nmap can perform various scans, such as port scanning, host discovery, and vulnerability detection. It’s useful for identifying potential security issues across a network, making it a powerful tool for both security professionals and malicious hackers.\n <a href=\"#getting-started\" style=\"font-style: italic; margin-left: 5px; color: #bb65ff;\">(Jump to Section)<\/a>\n <\/li>\n <li style=\"font-size: 16px; color: #555; margin-bottom: 10px; padding-left: 20px; position: relative; letter-spacing: 0.5px;\">\n <span style=\"color: #555; font-size: 20px; position: absolute; left: 0; top: -2px;\">\u2022<\/span>\n Nmap includes a rich library of scripts for detecting specific vulnerabilities. Users can also create custom scripts to enhance its functionality, allowing tailored scans for unique environments.\n <a href=\"#how-to-use\" style=\"font-style: italic; margin-left: 5px; color: #bb65ff;\">(Jump to Section)<\/a>\n <\/li>\n <li style=\"font-size: 16px; color: #555; margin-bottom: 10px; padding-left: 20px; position: relative; letter-spacing: 0.5px;\">\n <span style=\"color: #555; font-size: 20px; position: absolute; left: 0; top: -2px;\">\u2022<\/span>\n Nmap provides detailed reports on the vulnerabilities detected, which can be exported in multiple formats. This feature helps organizations document findings and take appropriate actions to mitigate risks.\n <a href=\"#reports\" style=\"font-style: italic; margin-left: 5px; color: #bb65ff;\">(Jump to Section)<\/a>\n <\/li>\n <\/ul>\n <\/div>\n<\/body>\n<\/html>\n\n\n\n<p>The powerful open-source tool Nmap scans the ports of network devices and probes website domains for known vulnerabilities. Since both internal security teams and malicious hackers can use Nmap, internal security teams should make sure to perform the scan first!<\/p>\n\n\n\n<p>To become familiar with Nmap as a basic tool to detect basic vulnerabilities this article will cover:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#getting-started\">Getting Started with Nmap<\/a><\/li>\n\n\n\n<li><a href=\"#vulnerability-scanning\">Nmap Vulnerability Scanning<\/a><\/li>\n\n\n\n<li><a href=\"#vuln-vs-vulners-vs-vulscan\">Vuln vs Vulners vs Vulscan<\/a><\/li>\n\n\n\n<li><a href=\"#utilization\">How Do Attackers Use Nmap?<\/a><\/li>\n\n\n\n<li><a href=\"#pros-and-cons\">Pros and Cons of Using Nmap<\/a><\/li>\n\n\n\n<li><a href=\"#alternatives\">Nmap Vulnerability Scanner Alternatives<\/a><\/li>\n\n\n\n<li><a href=\"#bottom-line\">Bottom Line: Use Nmap for Inexpensive, Effective Vulnerability Scanning<\/a><\/li>\n<\/ul>\n\n\n\n<p>If you’re looking for an easy-to-use vulnerability scanner with good technical support, Intruder \u2014 this article’s sponsor \u2014 is one such tool, with enterprise-grade protection covering more than 10,000 security checks, from internal scans out to the perimeter, web applications and the cloud.<\/p>\n\n\n\n<p>Try Intruder free for 14 days!<\/p>\n\n\n\n<div class=\"wp-block-kadence-advancedbtn kb-buttons-wrap kb-btns20825_ed6c45-75\"><a class=\"kb-button kt-button button kb-btn20825_bb032e-ed kt-btn-size-standard kt-btn-width-type-auto kb-btn-global-fill kt-btn-has-text-true kt-btn-has-svg-false wp-block-kadence-singlebtn\" href=\"https:\/\/www.intruder.io\/?utm_source=referral&utm_campaign=technologyadvice-vulnerability-scanning-what-it-is-and-how-to-do-it-right\" target=\"_blank\" rel=\"noreferrer noopener nofollow sponsored\"><span class=\"kt-btn-inner-text\">Visit Intruder<\/span><\/a><\/div>\n\n\n\n<p><\/p>\n\n\n<div class=\"icp-list icp-list-main icp-list-body-top3 row\">\n \n \n <\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\" id=\"getting-started\">Getting Started with Nmap<\/h2>\n\n\n\n<p>Nmap, or network map, provides open-source and free capabilities for auditing IT infrastructure, such as port scanning, host discovery, or device identification across a network. Both pen testers and threat actors use Nmap to collect information about their target, and Nmap has been <a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/free-cybersecurity-services-and-tools\" target=\"_blank\" rel=\"noreferrer noopener\">recognized by CISA<\/a> as an important free tool for <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security\/\">network security<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Installing Nmap<\/h3>\n\n\n\n<p>Nmap began as a Linux utility, but it\u2019s now available for all major operating systems, including Windows and macOS. Nmap comes pre-installed on several versions of Linux including <a href=\"https:\/\/www.esecurityplanet.com\/networks\/kali-linux-tutorial\/\">Kali Linux<\/a>. Other Linux systems users can use the command \u201capt-get install Nmap\u201d to install it.<\/p>\n\n\n\n<p>Users of all operating systems can <a href=\"https:\/\/nmap.org\/download.html\" target=\"_blank\" rel=\"noreferrer noopener\">download<\/a> Nmap as well as the <a href=\"https:\/\/nmap.org\/zenmap\/\" target=\"_blank\" rel=\"noreferrer noopener\">ZeNmap<\/a> graphical user interface (GUI) front-end for Nmap. Those that prefer to use github can clone the official git repository using this command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone <a href=\"https:\/\/github.com\/nmap\/nmap.git\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/github.com\/Nmap\/Nmap.git<\/a> <\/code><\/pre>\n\n\n\n<p>After installing Nmap, users can use the command line or ZeNmap to <a href=\"https:\/\/www.esecurityplanet.com\/products\/nmap\/\">execute simple commands<\/a> to map the local domain, scan ports on a host, and detect operating system versions running on hosts.<\/p>\n\n\n\n<p>Many open source software packages have been infected with malware. To verify that the specific download of Nmap matches the intended contents, an organization can compare the download against the <a href=\"https:\/\/nmap.org\/dist\/sigs\/?C=M&O=D\" target=\"_blank\" rel=\"noreferrer noopener\">signature records<\/a> maintained by Nmap.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Built-in Nmap Scripts<\/h3>\n\n\n\n<p>Running basic functions can be tedious. Users increase the capabilities of Nmap by running built-in Nmap scripts. These scripts should be periodically updated by running this command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo Nmap --script-updatedb<\/code><\/pre>\n\n\n\n<p>An overview of basic commands and example scripts can be found in <a href=\"https:\/\/www.esecurityplanet.com\/products\/nmap\/\">Nmap: Pen Testing Product Overview and Analysis<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Using Custom Nmap Scripts<\/h3>\n\n\n\n<p>Advanced users may prefer to combine multiple lines of instructions or more complex commands using the Python language and the <a href=\"https:\/\/pypi.org\/project\/python-nmap\/\" target=\"_blank\" rel=\"noreferrer noopener\">Python-Nmap package<\/a>. Advanced users can also use the <a href=\"https:\/\/nmap.org\/book\/nse.html\" target=\"_blank\" rel=\"noreferrer noopener\">Nmap Scripting Engine (NSE)<\/a> to enable network discovery, vulnerability detection (e.g., backdoor), and even specific exploits using the <a href=\"https:\/\/www.lua.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Lua programming language<\/a>. These scripts are .nse files and will typically contain comments for end users and code instructions for the machines.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"vulnerability-scanning\">Nmap Vulnerability Scanning<\/h2>\n\n\n\n<p>Nmap\u2019s <a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-scanning-tools\/\">vulnerability scanning<\/a> capabilities rely upon the vulnerability-detecting scripts categorized under \u201cvuln\u201d for vulnerability or custom scripts. Users can run built-in scripts individually or collectively using the \u201cvuln\u201d command. In addition, users can also download custom scripts such as Vulscan or Vulners.<\/p>\n\n\n\n<p>As with any penetration testing or vulnerability scan, users must keep in mind that these invasive scans should only be performed with permission. Even scanning a system without permission could lead to attempts to impose fines or jail time depending upon the jurisdiction. For more information, a user can investigate regulations such as those found in the US (The Computer Fraud and Abuse Act), England (Computer Misuse Act 1990), India (Information Technology Act Sec. 43 and 66), Japan (The Act on the Prohibition of Unauthorised Computer Access), and many other countries.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Specific Nmap Vulnerability Scans<\/h3>\n\n\n\n<p>Nmap scripts contain well over 100 specific scans for vulnerabilities that can be run against domains or against specific host IP addresses. A <a href=\"https:\/\/nmap.org\/nsedoc\/categories\/vuln.html\" target=\"_blank\" rel=\"noreferrer noopener\">comprehensive list<\/a> of scanned vulnerabilities can be found on the Nmap website.<\/p>\n\n\n\n<p><strong>Application Scans:<\/strong> Run Nmap against a target domain (ex: esecurityplanet.com) to check websites for vulnerabilities such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>http-csrf:<\/strong> Detect Cross-Site Request Forgery (CSRF) vulnerabilities by entering the command: Nmap -sV –script http-csrf <target domain><\/li>\n\n\n\n<li><strong>http-sherlock:<\/strong> Check if the \u201cshellshock\u201d vulnerability can be exploited in web applications by entering the command: Nmap -sV –script http-sherlock <target domain><\/li>\n<\/ul>\n\n\n\n<p><strong>IT Host Scans:<\/strong> Run Nmap against a target IP address (ex: 166.96.06.4) to check for host vulnerabilities such as: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>dns-update:<\/strong> Attempt to perform a dynamic domain name service (DNS) update without authentication by entering the command: Nmap -sU -p 53 –script=dns-update –script-args=dns-update.hostname=foo.example.com,dns-update.ip=192.0.2.1 <target IP address><\/li>\n\n\n\n<li><strong>smb-vuln-cve-2017-7494:<\/strong> Check if target IP address are vulnerable to the arbitrary shared library load vulnerability by using a script such as: Nmap –script smb-vuln-cve-2017-7494 -p 445 <target IP address><\/li>\n<\/ul>\n\n\n\n<p><strong>Government advocated Nmap scripts<\/strong> will sometimes be released or promoted on official websites to help organizations address specific vulnerabilities. For example, the UK government maintains an <a href=\"https:\/\/github.com\/ukncsc\/SME\/\" target=\"_blank\" rel=\"noreferrer noopener\">open-source GitHub repository<\/a> to help organizations scan networks for the Exim MTA vulnerability as part of the <a href=\"https:\/\/www.ncsc.gov.uk\/blog-post\/introducing-scanning-made-easy\" target=\"_blank\" rel=\"noreferrer noopener\">Scanning Made Easy<\/a> project from the National Cyber Security Centre (NCSC) and its i100 industry partnership.<\/p>\n\n\n\n<p>The repository provides a collection of officially promoted Nmap scripts to users, such as sysadmins, for detecting system vulnerabilities. The initial UK script focuses on the Exim message transfer agent (MTA) remote code execution vulnerabilities <a href=\"https:\/\/www.exim.org\/static\/doc\/security\/CVE-2020-qualys\/21nails.txt\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2020-28017 through CVE-2020-28026<\/a>, also known as 21Nails.<\/p>\n\n\n\n<p>The script contains information on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How it checks for the presence of the vulnerability<\/li>\n\n\n\n<li>Why the check is not intrusive<\/li>\n\n\n\n<li>Why there may be false positives and false negatives<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"how-to-use\">How to Use Vuln<\/h3>\n\n\n\n<p>Nmap can scan a target domain or IP address for all vulnerabilities in the default script library for the \u201cvuln\u201d category with the appropriately named Vuln command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo Nmap --script vuln <target domain or IP Address> -v<\/code><\/pre>\n\n\n\n<p>Note that the command may require \u201csudo\u201d in Linux to run the command as a super user or as the Linux equivalent of an administrator. In most cases, elevated privileges will be required to run the more invasive and probing commands for Nmap. The -v, or verbosity, flag will provide extensive information about the tests run and their results.<\/p>\n\n\n\n<p>Running these commands can be dangerous because of invasive and disruptive aspects of specific vulnerability scans. Instead of simply obtaining information, certain scans attempt to verify a vulnerability by attempting to exploit the vulnerability. In some cases, a successful exploitation will result in changes to the service or even crashing the service, website, or operating system.<\/p>\n\n\n\n<p>A subset of the vulnerability scans can be performed using wildcards or asterisks (*) to run multiple scripts with similar names simultaneously. For example, adding the wildcard after the http command (http*) will run all vulnerability scans that start with \u201chttp\u201d against a targeted domain.<\/p>\n\n\n\n<p>When using any of the bulk scans, the results can become overwhelming and some users will want to exclude low CVSS score vulnerabilities. To only show vulnerabilities within a certain range, add the following flag to the command where \u201cx.x\u201d is the CVSS score (ex: 6.5).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>--script-args=mincvss=x.x<\/code><\/pre>\n\n\n\n<p>The complete command to exclude vulnerabilities below 6.5 would be:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Nmap --script vuln --script-args mincvss=6.5 <target><\/code><\/pre>\n\n\n\n<p id=\"reports\">Results of the scan can be exported in various file formats by adding flags followed by the file name in the command. This export will make it easier to share information or make the vulnerabilities available for other software.<\/p>\n\n\n\n<p>Two common examples of the complete command are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>XML File:<\/strong> Nmap –script vuln -oX file.xml <target><\/li>\n\n\n\n<li><strong>Browser Friendly XML File:<\/strong> Nmap –script vuln \u2013webxml -oX file.xml <target><\/li>\n<\/ul>\n\n\n\n<p>Of course, the basic set of vulnerability scans may not be sufficient for some users because it only examines a limited, although important, set of vulnerabilities. Advanced users may download custom scripts such as Vulscan or Vulners to access a larger database of vulnerabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How to Use Vulscan<\/h3>\n\n\n\n<p>To use the NSE script Vulscan, a user must first clone the software from the github repository using the git command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo git clone https:\/\/github.com\/scipag\/vulscan<\/code><\/pre>\n\n\n\n<p>The user may need to make a soft link to the NSE scripts directory by executing the following command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ln -s pwd \/scipag_vulscan \/usr\/share\/Nmap\/scripts\/vulscan<\/code><\/pre>\n\n\n\n<p>In this case, \/usr\/share\/Nmap\/scripts\/vulscan is the presumed directory for Nmap scripts on the user\u2019s machine, but this directory may be adjusted as necessary. Once the directory is known to Nmap, Vulscan is available to be called by the \u2013script flag to run additional vulnerability checks using the following syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo Nmap -sV --script=vulscan\/vulscan.nse <target IP address or host name><\/code><\/pre>\n\n\n\n<p>Vulscan can be run to detect IT vulnerabilities against an IP address in the network or software vulnerabilities against a host name (ex: esecurityplanet.com). Vulscan will run non-invasive tests for all applicable vulnerabilities against the target. The results will display the port followed by limited information on the specific CVEs discovered.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How to Use Vulners<\/h3>\n\n\n\n<p>Vulners will typically be included in the standard Nmap NSE scripts, but a user can also clone the NSE script for Vulners from its github repository using the git command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo git clone https:\/\/github.com\/vulnersCom\/Nmap-vulners.git \/usr\/share\/Nmap\/scripts\/vulners<\/code><\/pre>\n\n\n\n<p>The file directory \/usr\/share\/Nmap\/scripts\/vulscan is the presumed directory for Nmap scripts on the user\u2019s machine, but this directory may be adjusted as necessary. Once cloned, Vulners is available to be called by the \u2013script flag using the following syntax:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo Nmap -sV --script Nmap-vulners\/vulners.nse <target host or IP address><\/code><\/pre>\n\n\n\n<p>Users can target specific ports on an IP address by adding -p<#> (ex: -p80 to target port 80) at the end of the command line. The results will display the discovered CVEs and will link to the Vulners website for more information.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"vuln-vs-vulners-vs-vulscan\">Vuln vs Vulners vs Vulscan<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><\/th><th>Vuln<\/th><th>Vulners<\/th><th>Vulscan<\/th><\/tr><\/thead><tbody><tr><td><strong>Included Nmap scripts<\/strong><\/td><td>Yes<\/td><td>Yes<\/td><td>No<\/td><\/tr><tr><td><strong>Sends CPE data outside of the organization<\/strong><\/td><td>No<\/td><td>Yes*<\/td><td>No<\/td><\/tr><tr><td><strong>Requires download of vulnerability database<\/strong><\/td><td>No, but limited CVEs<\/td><td>No*<\/td><td>Yes<\/td><\/tr><tr><td><strong>Confidence<\/strong><\/td><td>High<\/td><td>Depends<\/td><td>Depends<\/td><\/tr><tr><td><strong>Potentially Disruptive<\/strong><\/td><td>Yes<\/td><td>No<\/td><td>No<\/td><\/tr><tr><td><strong>When to Use<\/strong><\/td><td>Thorough accurate scan of key vulnerabilities<\/td><td>In depth scan, no concern for sending out CPE Data<\/td><td>More in-depth scan and a desire not to release CPE data<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\">*Vulners has the option to download and use a local database.<\/figcaption><\/figure>\n\n\n\n<p><strong>Vuln and Vulners are included<\/strong> in the basic NSE script database and will be updated when updating all scripts for Nmap. <strong>Vulscan is not included<\/strong> in the basic script set and must be downloaded and updated separately. <\/p>\n\n\n\n<p><strong>Vulners sends common platform enumeration (CPE) information<\/strong> received from port scans to vulners.com using the site\u2019s API to actively download the latest common vulnerabilities and exposures (CVE) information from the site\u2019s database. Vulners also requires internet access to reach the external databases of vulnerabilities. <\/p>\n\n\n\n<p>This information sharing of vulnerabilities may not be appropriate for organizations deeply concerned about the secrecy of their environment. There is an option with Vulscan to use a local database, but this generally removes the advantage of using Vulscan\u2019s fully updated database. <\/p>\n\n\n\n<p><strong>Vuln and Vulscan do not send CPE information<\/strong> outside of the scanned organization and use locally stored vulnerability databases.<\/p>\n\n\n\n<p>The advantage of sending the CPE information is that<strong> Vulners hosts a fully updated set of CVEs<\/strong>. <strong>Vuln only detects 150 top vulnerabilities<\/strong> for systems and <strong>Vulscan uses an offline copy<\/strong> of vulnerability databases.<\/p>\n\n\n\n<p><strong>Vuln can risk disruption<\/strong> because Vuln tests for the presence of some vulnerabilities by attempting to verify exploitation and disruption or corruption of that service. However, the active probing will increase confidence and reduce the chance of a false positive. <\/p>\n\n\n\n<p><strong>Vulners and Vulscan avoid the risk of disruption<\/strong> because they do not attempt to verify or exploit vulnerabilities. The confidence in both of these tools depends upon the accuracy and precision of the detection capabilities of the specific version of Nmap. Both of these tools may also be confused by non-standard, custom, or patched builds of specific services, which may lead to more false positives.<\/p>\n\n\n\n<p>Of the three tools, the <strong>Vuln category of scripts can immediately produce highly accurate scans<\/strong> for a limited set of important vulnerabilities. However, while the number of vulnerabilities is small, the in-depth probing of the vulnerability <strong>can take 3-4 times longer than Vulners or Vulscan<\/strong>.<\/p>\n\n\n\n<p>While both of the manually downloaded vulnerability scanners will enjoy a much more extensive and robust selection of CVEs to detect, <strong>Vulners will typically be the most updated scan<\/strong> since IT teams may forget to manually update Vulscan databases. But for more secretive organizations that need to avoid releasing CPE information, <strong>Vulscan\u2019s use of a local database<\/strong> may be the best choice among the Nmap options.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"utilization\">How Do Attackers Use Nmap?<\/h2>\n\n\n\n<p>Attackers use Nmap to scan large networks quickly by using raw IP packets to identify available hosts and services on the network and determine their vulnerabilities. Hackers and pen testers typically add specific options to cover their tracks.<\/p>\n\n\n\n<p>Decoy scans add the -D option flag (Nmap -p 123 -D decoyIP targetIP), to hide the attacking IP address and send source-spoofed packets to the target in addition to the scanning machine packets. The additional packets make port scan detection harder for defenders.<\/p>\n\n\n\n<p>Attackers can also run zombie scans, also known as idle scans. This side-channel attack attempts to send forged SYN packets to the target using the IP address of the \u201czombie\u201d endpoint on the network. This method attempts to fool the <a href=\"https:\/\/www.esecurityplanet.com\/products\/intrusion-detection-and-prevention-systems\/\">intrusion detection system (IDS)<\/a> into mistaking the innocent zombie computer for the attacker. A more thorough review of Nmap attacks can be found in the <a href=\"https:\/\/www.esecurityplanet.com\/products\/nmap\/\">Nmap Ultimate Guide: Pentest Product Review and Analysis<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Do Host Systems Detect Nmap Scans?<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/siem-tools\/\">SIEM tools<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/products\/top-ngfw\/\">firewalls<\/a>, and other defensive tools, can receive alerts from systems and the scanned system will log the successful TCP requests from the many Nmap port scans. More sophisticated IDS\/IDP tools might also detect malformed TCP requests, such as the Nmap stealthy requests that do not complete a TCP connection. Disruptive scans that cause system or service failure will definitely be detected by systems as well as by affected users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"pros-and-cons\">Pros and Cons of Using Nmap<\/h2>\n\n\n\n<p>Nmap provides powerful vulnerability capabilities and should be under consideration for use within most organizations. However, there are many reasons why Nmap is not used universally.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pros: Reasons to Use Nmap<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Open source and free<\/strong> so great for hackers, students, and all organizations<\/li>\n\n\n\n<li><strong>Quick scans<\/strong> provide a fast look at potential vulnerabilities<\/li>\n\n\n\n<li><strong>Lightweight TCP scans<\/strong> do not consume enormous network bandwidth and can escape some network security tools<\/li>\n\n\n\n<li><strong>A hacker preview<\/strong> for organizations checking their internal systems<\/li>\n\n\n\n<li><strong>Scriptable scans<\/strong> enable an organization to create repeatable vulnerability scans usable by non-technical users and for hackers to embed Nmap commands and scans into malware<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cons: Reasons Not to Use Nmap<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Less user friendly<\/strong> than commercial tools with more advanced GUIs<\/li>\n\n\n\n<li><strong>Easy to make mistakes<\/strong> with command line entries<\/li>\n\n\n\n<li><strong>Lack of programmers<\/strong> in an organization\u2019s IT staff to create custom scripts or understand Nmap scripts<\/li>\n\n\n\n<li><strong>Less formal support<\/strong> than commercial tools<\/li>\n\n\n\n<li><strong>Limited vulnerability scans<\/strong> through the basic vuln command<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"alternatives\">Nmap Vulnerability Scanner Alternatives<\/h2>\n\n\n\n<p>Nmap remains a popular tool among many, but it certainly is not the only vulnerability scanner available. <a href=\"https:\/\/www.esecurityplanet.com\/applications\/open-source-vulnerability-scanners\/\">Open-source vulnerability scanner<\/a> options for applications include OSV-Scanner or OWASP Zed Attack Proxy (ZAP) and for infrastructure include CloudSploit or OpenVAS.<\/p>\n\n\n\n<p>There are many commercially available vulnerability scanners as well. The <a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-scanning-tools\/\">best vulnerability scanners<\/a> for applications or infrastructure include Invicti, Tenable.io, ManageEngine\u2019s Vulnerability Manager Plus, as well as others listed below:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"bottom-line\">Bottom Line: Use Nmap for Inexpensive, Effective Vulnerability Scanning<\/h2>\n\n\n\n<p>Nmap provides a no-cost option to detect vulnerabilities, double-check the results of commercial vulnerability scanners, or provide an effective sneak peek at the way a hacker might view opportunities in the organization\u2019s infrastructure. Everyone, even an organization selecting to use a commercial vulnerability scanner, should consider using Nmap as a vulnerability scanning tool in their arsenal.<\/p>\n\n\n\n<p>Read next: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/vulnerability-management-software\/\">Top Vulnerability Management Tools<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-scanning-tools\/\">The 8 Best Vulnerability Scanner Tools for 2023<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/applications\/open-source-vulnerability-scanners\/\">10 Best Open-Source Vulnerability Assessment Tools for 2023<\/a><\/li>\n<\/ul>\n\n\n\n<p><em>This article was originally written by <a href=\"https:\/\/www.esecurityplanet.com\/author\/jmaury\/\">Julien Maury<\/a> on February 8, 2022 and revised by <a href=\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\">Chad Kime<\/a> on July 14, 2023.<\/em><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6fcc650835-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n \n<div\n style=\"\n --ta-campaign-plugin-primary: #3545ed;\n --ta-campaign-plugin-button-text: #fff;\n --ta-campaign-plugin-button-hover-background: #3231b4;\n --ta-campaign-plugin-button-hover-text: #fff;\n --ta-campaign-plugin-button-toggle-background: #3231b4;\n --ta-campaign-plugin-button-toggle-text: #3231B4;\n \"\n data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n <div\n id=\"ta-campaign-widget-66d6fcc650835\"\n class=\"ta-campaign-widget ta-campaign-widget--popup\"\n data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6fcc650835\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n <div class=\"ta-campaign-widget__exit\">\n <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n <\/svg>\n <\/div>\n \n <div class=\"ta-campaign-widget__wrapper\">\n <div class=\"ta-campaign-widget__header mb-6\">\n <h3 class=\"ta-campaign-widget__tagline\">\n Get the Free Cybersecurity Newsletter <\/h3>\n \n \n <p class=\"ta-campaign-widget__content mt-6\">\n Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday <\/p>\n <\/div>\n\n <form class=\"ta-campaign-widget__form\">\n <div class=\"ta-campaign-widget__input mb-4\" data-field=\"email\">\n <label\n class=\"sr-only\"\n for=\"email-66d6fcc650835\">\n Email Address\n <\/label>\n <input\n class=\"ta-campaign-widget__input__text\"\n placeholder=\"Work Email Address\"\n id=\"email-66d6fcc650835\"\n name=\"email\"\n type=\"email\">\n <\/div>\n\n <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n <div class=\"flex items-start\">\n <input\n id=\"opt-in-66d6fcc650835\"\n class=\"ta-campaign-widget__checkbox__input mr-2\"\n name=\"opt-in\"\n type=\"checkbox\"\/>\n <label\n class=\"ta-campaign-widget__checkbox__label\"\n for=\"opt-in-66d6fcc650835\">\n By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time. <\/label>\n <\/div>\n <\/div>\n \n <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n Subscribe <\/button>\n <\/form>\n <\/div>\n <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.<\/p>\n","protected":false},"author":271,"featured_media":20828,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14,17],"tags":[9651,10917],"b2b_audience":[33],"b2b_industry":[],"b2b_product":[377],"class_list":["post-20825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","category-products","tag-faq","tag-vulnerability-scanning","b2b_audience-awareness-and-consideration","b2b_product-gateway-and-network-security"],"acf":[],"yoast_head":"\n<title>How To Use Nmap for Vulnerability Scanning: Complete Tutorial<\/title>\n<meta name=\"description\" content=\"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How To Use Nmap for Vulnerability Scanning: Complete Tutorial\" \/>\n<meta property=\"og:description\" content=\"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-14T09:20:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-31T13:16:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"420\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chad Kime\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chad Kime\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\"},\"author\":{\"name\":\"Chad Kime\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\"},\"headline\":\"How To Use Nmap for Vulnerability Scanning: Complete Tutorial\",\"datePublished\":\"2023-07-14T09:20:00+00:00\",\"dateModified\":\"2024-05-31T13:16:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\"},\"wordCount\":2743,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\",\"keywords\":[\"FAQ\",\"vulnerability scanning\"],\"articleSection\":[\"Networks\",\"Products\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\",\"name\":\"How To Use Nmap for Vulnerability Scanning: Complete Tutorial\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\",\"datePublished\":\"2023-07-14T09:20:00+00:00\",\"dateModified\":\"2024-05-31T13:16:04+00:00\",\"description\":\"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png\",\"width\":900,\"height\":420},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Use Nmap for Vulnerability Scanning: Complete Tutorial\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\",\"name\":\"Chad Kime\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"caption\":\"Chad Kime\"},\"description\":\"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\"}]}<\/script>\n","yoast_head_json":{"title":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial","description":"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/","og_locale":"en_US","og_type":"article","og_title":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial","og_description":"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/","og_site_name":"eSecurity Planet","article_published_time":"2023-07-14T09:20:00+00:00","article_modified_time":"2024-05-31T13:16:04+00:00","og_image":[{"width":900,"height":420,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","type":"image\/png"}],"author":"Chad Kime","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Chad Kime","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/"},"author":{"name":"Chad Kime","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9"},"headline":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial","datePublished":"2023-07-14T09:20:00+00:00","dateModified":"2024-05-31T13:16:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/"},"wordCount":2743,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","keywords":["FAQ","vulnerability scanning"],"articleSection":["Networks","Products"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/","url":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/","name":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","datePublished":"2023-07-14T09:20:00+00:00","dateModified":"2024-05-31T13:16:04+00:00","description":"Nmap is a powerful tool for vulnerability scanning. Learn how to use Nmap to discover and assess network vulnerabilities.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/Nmap-scanner-e1644280357180.png","width":900,"height":420},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/nmap-vulnerability-scanning-made-easy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"How To Use Nmap for Vulnerability Scanning: Complete Tutorial"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9","name":"Chad Kime","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","caption":"Chad Kime"},"description":"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.","url":"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20825"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/271"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=20825"}],"version-history":[{"count":7,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20825\/revisions"}],"predecessor-version":[{"id":35660,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20825\/revisions\/35660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/20828"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=20825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=20825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=20825"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=20825"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=20825"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=20825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}