NMAP

Definition

NMAP (Network Mapper) is an open-source tool used for network discovery and security auditing. It is widely used to identify hosts and services on a computer network, thus creating a “map” of the network. NMAP can be used for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Secure Settings Example

nmap -sS -p 1-1024 --reason --open --min-rate 1000 --max-retries 2 --max-scan-delay 20ms 192.168.1.0/24

This command performs a TCP SYN scan on ports 1-1024, showing only open ports, with a minimum packet rate of 1000 packets per second, limiting retries to 2, and a maximum scan delay of 20ms. It includes the --reason flag to provide reasons for each port state.

Insecure Settings Example

nmap -A -p- 192.168.1.0/24

This command uses the -A flag, which enables OS detection, version detection, script scanning, and traceroute, potentially overwhelming the network with unnecessary traffic. Scanning all 65535 ports (-p-) without rate limiting can also lead to network disruption or detection by intrusion detection systems.