Documentation
The Nmap project tries to defy the stereotype of some open sourcesoftware being poorly documented by providing acomprehensive set of documentation for installing and using Nmap.This page links to official Insecure.Org documentation, and generouscontributions from other parties.
Nmap Reference Guide
The primary documentation for using Nmap is theNmapReference Guide. This is also the basis for the Nmap man page(nroff version of nmap.1). It is regularlyupdated for each release and is meant to serve as a quick-referenceto virtually all Nmap command-line arguments, but you can learn evenmore about Nmap by reading it straight through. The 18 sectionsincludeBriefOptions Summary,Firewall/IDSEvasion and Spoofing,Timingand Performance,PortScanning Techniques,Usage Examples, and much more.
The original Nmap manpage has been translated into 15 languages. That is fantastic, as it makes Nmap more accessible around the world. The following languages are now available:
Chinese
Croatian
English (Original)
French
German
Hungarian
Indonesian
Italian
Japanese
Polish
Portuguese (Brazil)
Portuguese (Portugal)
Romanian
Russian
Slovak
SpanishThe links above go to the HTML guide. Nroff (man page format) and DocBookXML (source) versions of each man page translation can be foundhere. If you would like to update one of ourexisting translations or translate to a languagenot mentioned above,pleaseread the instructions and FAQ and thenmail our developers oropen a pull request on Github. It is alot of work, but the reward is that thousands ofpeople may benefit from your translation every month.
Nmap Book
Nmap Network Scanning is the official guide toNmap. From explaining port scanning basics for novices to detailinglow-level packet crafting methods used by advanced hackers, this bookby Nmap's original author suits all levels of security and networkingprofessionals. Thereference guidedocuments every Nmap feature and option, while the remainderdemonstrates how to apply them to quickly solve real-worldtasks. Examples and diagrams show actual communication on thewire. Topics include subverting firewalls and intrusion detectionsystems, optimizing Nmap performance, and automating common networkingtasks with the Nmap Scripting Engine. More than half of the book isavailable freeonline. It was written in English buthas already been translated to other languages.
Other Insecure.Org Documentation
Installation is made easy by the detailedNmap Installation Guide. This covers topics such asUNIX compilation and configure directives and Installing Nmap onLinux,Windows,Mac OS X,Free/Open/NetBSD,Solaris,Amiga, and HP-UX. It also coversNmap removal in case you change your mind.
One of Nmap's most exciting new features is theNmap ScriptingEngine, which extends Nmap's functionality using the simple andefficientLua programming language.Nmap includes about 50valuable scripts for network discovery and vulnerability detection,and you can also write your own. We describe the system in depth(from simple usage instructions to writing your own scripts) in ourNSE guide. We also have anNSE Documentation Portal which includes detailed documentation for every NSE script and library.
Fyodor regularly gives conference presentations covering advanced Nmap usage and new features. Audio, video, and/or slides for many of these are available onhis presentations page.
Interested in how nmap uses TCP/IP fingerprinting forremote OSdetection? We have written a detailed article on the2nd Generation Nmap OS Detection System. We also have anold article about the 1st generation system, which people have generously translated intoFrench,Portuguese,Italian,Russian,Spanish,German,Japanese,Chinese,Traditional Chinese (Big5),Turkish,Hebrew,Indonesian,Dutch.Polish, andSwedish.
Nmap Version Detection: Instead of using a simplenmap-services table lookup to determine a port's likely purpose, Nmapwill (if asked) interrogate that TCP or UDP port to determine whatservice is really listening. In many cases it can determine theapplication name and version number as well. Obstacles like SSLencryption and Sun RPC are no threat, as Nmap can connect usingOpenSSL (if available) as well as utilizing Nmap's RPCbruteforcer. IPv6 is also supported. Learn all about this greatfeature in ourVersion Detection Paper
Nmap now has an official cross-platform GUI namedZenmap. It is included in most of the packages onthe Nmap download page. It is documented in theZenmap User's Guide. More information isavailable from theZenmap site andZenmap man page.
One of the coolest, yet still relatively obscure features of Nmapis the IPID Idle scan (-sI). Not only does this allow for acompletely blind portscan (no packets sent to the target from yourreal IP), but it can even allow you to bypass packet filters incertain circumstances. We wrote a Idlescanning paper describing this technique as well as several otherexploits based on predictable IPID sequence numbers. It includesreal-life examples as well as a section on defending yourself fromthese techniques.
The most important changes (features,bugfixes, etc) in each Nmap version are described in itsChangeLog.
While it is now only of historical interest, Nmap was first released in a September 1, 1997 Phrack 51 Article titledThe Art of Port Scanning
More Books
This section covers books written/co-authored by Nmap author Fyodor or that cover Nmap extensively.
- Nmap Network Scanning is the official guide toNmap. From explaining port scanning basics for novices to detailinglow-level packet crafting methods used by advanced hackers, this bookby Nmap's original author suits all levels of security and networkingprofessionals. Thereference guidedocuments every Nmap feature and option, while the remainderdemonstrates how to apply them to quickly solve real-worldtasks. Examples and diagrams show actual communication on thewire. Topics include subverting firewalls and intrusion detectionsystems, optimizing Nmap performance, and automating common networkingtasks with the Nmap Scripting Engine. More than half of the book isavailable freeonline. It was written in English buthas already been translated to other languages.
Fyodor has co-authoredStealing the Network: How to Own a Continent, a novel on hacking, along with FX, Joe Grand,Kevin Mitnick, Ryan Russell, Jay Beale, and several others.Their individual stories combine to describe a massive electronicfinancial heist. While the work is fiction, hacks are described indepth using real technology such as Nmap, Hping2, OpenSSL, etc. Stealing the Network: How to Own a Continent can bepurchasedat Amazon (save $17), and your canreadFyodor's chapter online for free. STC was a best-seller, ranking for a while as the second-highest sellingcomputer book on Amazon.
Syngress has released a sequel:Stealing the Network: How to Own an Identity. They have generously allowed Fyodor to post his favorite chapter for free. So enjoyBl@ckTo\/\/3r, by Nmap contributor Brian Hatch. It is full of wry humor and creative security conundrums to keep the experts entertained, while it also offers security lessons on the finer points of SSH, SSL, and X Windows authentication and encryption.
Paulino Calderón Pale has writtenNmap 6: Network Exploration and Security Auditing Cookbook (also availabledirectly through Packt Publishing).
Paulino has also writtenMastering the Nmap Scripting Engine (also availabledirectly through Packt Publishing).
James Messer has writtenSecrets of Network Cartography, a 230-page eBook on Nmap. PDFs can bepurchased, or you canview the ad-supported HTML version for free.
Syngress has releasedNmap in the Enterprise: Your Guide to Network Scanning by Angela Orebaugh and Becky Pinkard.
3rd Party Docs
Some of the best (and certainly most creative!) documentation has been contributed by Nmap users themselves. If you write an interesting or useful document about Nmap, please send the announcement tonmap-dev or directly to Fyodor.
James “Professor” Messer's "Nmap Secrets" training course is no longer available, but he still haslots of Nmap-related content atProfessorMesser.Com.
A detailedNmap Tutorial was maintained between 2003 and 2006 by Andrew Bennieston (Stormhawk).
Mohamed Aly has created this single-page (PDF)Nmap Mindmap as a convenient reference to all of the major Nmap options. [2006]
Mark Wolfgang has written an excellent paper on advanced hostdiscovery using Nmap. Here is thePDF paper [local copy] andassociated sourcecode. [2002]
Adrian Crenshaw has made a couple excellentvideo tutorialsin Flash. Check outVolume 1: BasicNmap Usage andVolume 2: PortScan Boogaloo. [2005]
Long-time Nmap contributor Lamont Granquist wrote a clear and useful (if dated)guide to getting startedwith nmap. [1999]
Raven Alder has written a short guide namedNmap -- looking from the outside in forLinuxChix. [2002]
Uh-oh! Security expert andCounter Hack author Ed Skoudishas discovered oursecretpartnership with Microsoft!