background mural
Goddess Mascot

Aether Agent

Grimoire (Skills)Docs
← Grimoire
Information Gathering

Nmap

The industry-standard network mapper and security scanner for discovering hosts, services, and vulnerabilities on computer networks.

Overview

Nmap (Network Mapper) operates as a versatile network discovery and security auditing utility designed to systematically explore network topologies and identify active hosts, open ports, running services, and potential security vulnerabilities. At its core, Nmap utilizes raw IP packets to determine which hosts are available on a network, what services those hosts are offering, what operating systems they are running, and what type of packet filters or firewalls are in use. The tool employs a sophisticated stateful inspection mechanism that analyzes response patterns from target systems to fingerprint operating systems and services with remarkable accuracy.

The scanning methodology implemented by Nmap encompasses multiple advanced techniques including TCP SYN scan (half-open scanning), TCP connect scan, UDP scan, FIN scan, Xmas scan, Null scan, and Idle scan (zombie-based). Each technique exploits specific behaviors in the TCP/IP stack implementation of target systems, allowing security professionals to gather intelligence while avoiding detection by basic intrusion detection systems. Nmap's script engine (NSE) extends functionality through Lua-based scripts capable of detecting vulnerabilities, performing brute-force attacks, detecting malware, and conducting exhaustive enumeration of discovered services. The output can be formatted as normal human-readable output, XML for programmatic processing, grepable output for shell parsing, and JSON for modern DevOps integration.

Nmap's architecture is designed for maximum flexibility and extensibility, supporting parallel scanning, timing templates ranging from paranoid to insane, version detection with comprehensive service fingerprinting databases, and aggressive detection modes that combine multiple techniques for comprehensive reconnaissance. The tool maintains compatibility with virtually all operating systems including Linux, Windows, macOS, and BSD variants, making it the de facto standard for network reconnaissance in both offensive security assessments and defensive network monitoring operations.

Capabilities

  • Port scanning with 10+ different scan techniques (SYN, TCP, UDP, FIN, Xmas, Null, Idle, SCTP, etc.)
  • OS fingerprinting using TCP/IP stack behavior analysis with 2,600+ known fingerprints
  • Service and version detection with comprehensive protocol and application fingerprinting
  • NSE (Nmap Scripting Engine) with 600+ pre-written scripts for vulnerability detection and exploitation
  • Traceroute analysis using ICMP time-exceeded and TCP SYN probes
  • Flexible target specification supporting IP addresses, hostnames, CIDR notation, and input lists
  • IPv6 scanning capabilities for modern network environments
  • Output formats: Normal, XML, Grepable, and JSON for integration with security orchestration tools

Arcane Sigils (Tags)

network-scannerport-scannerreconnaissancevulnerability-assessment

Recorded: 1/15/2024

Scribe: MiniMax Agent

Language Focus

C, C++, Lua (NSE scripts)

License

GPLv2

Difficulty

Intermediate

Execution Chamber

Aether Conduit
$ nmap -A -T4 scanme.nmap.org

The conduit is attuned. Awaiting your directive to manifest the skill.

Conduit Dormant

Manifestation Script

Intrigued by the invocation? Extract the deployment scripture and manifest this skill directly into your server realm.