This content originally appeared on DEV Community and was authored by Sriram Bharath
If you want to step into the world of Ethical Hacking & Cybersecurity, one tool you’ll hear about everywhere is Nmap.
Think of Nmap as your flashlight in the dark internet city 🏙️ — it shows you which doors (ports) are open, which services are running, and where attackers might sneak in.
In this blog, we’ll break it down in a super simple way so even beginners can follow. 🚀
🌐 What is Nmap?
-
Nmap (Network Mapper) is a free, open-source tool for:
- Discovering hosts on a network
- Finding open ports
- Identifying services & versions
- Guessing operating systems
- Used by both defenders (blue team) and attackers (red team).
👉 In short: It tells you what’s alive, what’s open, and what’s running.
🔥 Common Nmap Scans
Here’s a quick list of Nmap scans you must know:
SYN Scan (Stealthy)
nmap -sS <target_ip>
Sends a SYN packet to test if a port is open without completing the handshake.
✅ Fast, sneaky, and widely used.TCP Connect Scan
nmap -sT <target_ip>
Completes the full handshake.
❌ Easier to detect in logs.UDP Scan
nmap -sU <target_ip>
Useful for finding services like DNS, SNMP, DHCP.
❗ Slower, since UDP doesn’t do handshakes.Version Detection
nmap -sV <target_ip>
Reveals software version → critical for vuln checks.Aggressive Scan (All-in-One)
nmap -A <target_ip>
Does OS detection, version detection, scripts, and traceroute.
⚠️ Noisy, don’t use in stealth ops.OS Detection
nmap -O <target_ip>
Tries to guess the operating system.Full Port Scan
nmap -p- <target_ip>
Scans all 65535 ports. Takes time but finds everything.Host Discovery
nmap -sn <target_range>
Pings a whole range to find which machines are alive.
🧠 Why Nmap Alone Isn’t Enough
Okay, so you found some open ports — but what next?
This is where Vulnerability Analysis comes in.
Think of it like this:
- Nmap tells you which doors are open 🚪
- Vulnerability Analysis tells you if those doors have weak locks 🔑
🛠️ Nmap Scripting Engine (NSE)
Nmap has a built-in scripting engine to go beyond simple scans.
These scripts check for vulnerabilities, misconfigurations, and weak services.
Examples:
Auth Scripts (check for weak logins)
nmap --script auth <target_ip> -sSMalware Scripts (look for backdoors/trojans)
nmap --script malware <target_ip> -sSBanner Grabbing (collects service info)
nmap --script banner <target_ip> -sS
👉 These scripts give more context about what’s running and whether it’s dangerous.
🔍 Vulnerability Analysis Basics
After finding open ports, we ask:
- Is the software outdated?
- Are there known exploits for it?
- Are there misconfigurations (like anonymous FTP login)?
Some key tools alongside Nmap:
- Nikto → Web vulnerability scanner
- OpenVAS → Full vulnerability scanning
- Burp Suite → Web app testing
🧩 Final Thoughts
Nmap is just the starting point of any pentest or vulnerability assessment.
- It maps out the terrain 🌍
- Vulnerability Analysis tells you where the cracks are ⚡
Mastering both is essential if you want to become a Cybersecurity Expert or Ethical Hacker.
✍️ Note from me:
I learned these fundamentals of Nmap & Vulnerability Analysis through the
👉 Complete Ethical Hacker Bootcamp by Zero To Mastery (ZTM).
It’s been super fun turning what I studied into this beginner-friendly guide. 🚀
Stay curious, keep scanning, and remember — with great power comes great responsibility. 🕷️ - GhostSh3ll
This content originally appeared on DEV Community and was authored by Sriram Bharath
Sriram Bharath | Sciencx (2025-08-20T12:56:32+00:00) 🕵️♂️ Nmap & Vulnerability Analysis – A Beginner’s Guide by Gh0stSh3ll 👻. Retrieved from https://www.scien.cx/2025/08/20/%f0%9f%95%b5%ef%b8%8f%e2%99%82%ef%b8%8f-nmap-vulnerability-analysis-a-beginners-guide-by-gh0stsh3ll-%f0%9f%91%bb/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.