Nmap (Network Mapper)/ZenMap

NMAP/ZenMap

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

nmap

How it works

You can install zenmap using the following apt-get command:

$ sudo apt-get install zenmap

It sends commands to the platform-specific nmap executable and pipes the output back. Zenmap makes it easy to build out command line options like this.

nmap command

It ships with some handy pre-set profiles, such as Intense scan, which scans hosts with “all advanced/aggressive options,” Quick scan, which scans hosts without those advanced options, and Slow comprehensive scan, which is exactly as it sounds.

Type the following command to start zenmap:

$ sudo zenmap 
nmap description

Defining a target :-

  • Every scan must be associated to a specific target, which can be a single host, an interval range of hosts, or a full subnet. You can do a network ip range scan like, by specifying target as :
  • https://www.linkedin.com/redir/invalid-link-page?url=192%2e168%2e233%2e0%2F24
  • Reporting window :-
  • Zenmap provides different tabs for reporting on scan results.
  • Profile :-
  • Frequently used scans can be saved as profiles to make them easy to run repeatedly.
  • Scan :-
  • To initiate scan based on current configuration as displayed on GUI window.
  • Command :-
  • Not a fan of command line tools? Command creator allows interactive creation of Nmap command lines.

Useful tools

The Compare Results tool provides an interface for differentiating between two scans, which can be used to monitor daily changes in network topology or available hosts.

  • Saving scans

This comes in handy when you perform a large scan and do not want to repeat the scan again later while reviewing results.

nmap tree view

A sample XML report generated by Zenmap

Custom profiles

The Profile Editor window contains the following tabs:

  • Profile: The name and description of your profile
  • Scan: The most important tab, where you can specify targets, scan type (TCP, UDP, IP), timing template, and much more
  • Ping: Specifies ping behaviour. You can suppress pings or build a specific ICMP packet
  • Scripting: Include nmap scripts in your scan. Zenmap comes with many useful scripts
  • Target: Allows for greater target specification flexibility, including excluded hosts, target list files, and fast scan support
  • Source: Specify how you would like the scanner to behave with respect to scanning identity, IP address, port, and interface
  • Other: Includes options for verbosity level, TTL, and other scanner behaviours
  • Timing: Defines timing profile with respect to maximum scan time, scan delay, and timeouts, among other things

Using saved profiles also ensures that when comparing two scan results you are working from the same scan options. One of my favorite option in Source tab is to use decoys to hide identity. Decoys lessens the chances of being caught and does it even better when used in conjunction with IP spoofing (also available in source tab).

nmap custom profile

Use the Profile Editor to develop custom profiles that meet your enterprise needs

Wrapping Up

Achieving security is a moving target, and Zenmap makes it easier to reach your goal.