Back to Learn

Install NMAP on Ubuntu | NOC.org

What Is NMAP?

NMAP (Network Mapper) is the most widely used open-source network scanning and security auditing tool. It is used by system administrators, penetration testers, and security professionals to discover hosts and services on a network, identify open ports, detect running services and their versions, and find potential security vulnerabilities. Originally released in 1997, NMAP has become an essential tool in every security professional's toolkit.

NMAP matters for security because you cannot protect what you do not know about. Regular network scanning reveals open ports you did not expect, services running that should be disabled, and configurations that expose your infrastructure to attack. It is a fundamental part of any Linux security audit.

Installing NMAP on Ubuntu / Debian

NMAP is available in the default Ubuntu and Debian repositories:

# Update package index
sudo apt update

# Install NMAP
sudo apt install nmap -y

# Verify installation
nmap --version

Expected output:

Nmap version 7.94 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: nmap-liblua-5.4.4 openssl-3.0.8 libssh2-1.10.0 ...

The version available in Ubuntu repositories may be slightly behind the latest release. For the most current version, you can compile from source (covered below).

Installing NMAP on CentOS / RHEL

# CentOS 7
sudo yum install nmap -y

# CentOS 8+ / RHEL 8+ / Rocky / AlmaLinux
sudo dnf install nmap -y

# Verify
nmap --version

On CentOS/RHEL, the EPEL repository may provide a newer version than the base repository:

# Enable EPEL (if not already)
sudo yum install epel-release -y

# Install NMAP from EPEL
sudo yum install nmap -y

Installing from Source (Latest Version)

For the absolute latest version with all features:

# Install build dependencies (Ubuntu/Debian)
sudo apt install build-essential libssl-dev -y

# Download the latest source
wget https://nmap.org/dist/nmap-7.94.tar.bz2
tar xjf nmap-7.94.tar.bz2
cd nmap-7.94

# Compile and install
./configure
make
sudo make install

# Verify
nmap --version

Replace the version number with the current release from nmap.org.

Basic Scan Examples

After installation, here are the most commonly used scan types to get started. For a comprehensive guide to all scan types and options, see the NMAP guide.

Scan a Single Host

# Scan the most common 1000 ports on a host
nmap 192.168.1.1

# Scan a hostname
nmap example.com

Default output shows open ports, service names, and state (open, closed, filtered):

PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql

Scan Specific Ports

# Scan specific ports
nmap -p 22,80,443 192.168.1.1

# Scan a range of ports
nmap -p 1-1024 192.168.1.1

# Scan all 65535 ports
nmap -p- 192.168.1.1

Scan a Subnet

# Scan an entire /24 subnet
nmap 192.168.1.0/24

# Scan a range of IPs
nmap 192.168.1.1-50

Ping Scan (Host Discovery)

# Discover which hosts are up (no port scan)
nmap -sn 192.168.1.0/24

Version Detection

NMAP can probe open ports to determine what service and version is running — critical for identifying outdated software with known vulnerabilities:

# Enable service/version detection
nmap -sV 192.168.1.1

Example output:

PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.6
80/tcp   open  http    nginx 1.24.0
443/tcp  open  ssl/http nginx 1.24.0
3306/tcp open  mysql   MySQL 8.0.36

With version information, you can check whether any running software has known vulnerabilities that need patching.

Aggressive Detection

# Enable OS detection, version detection, script scanning, and traceroute
nmap -A 192.168.1.1

The -A flag is a shortcut that enables OS detection (-O), version detection (-sV), script scanning (-sC), and traceroute (--traceroute). This provides the most comprehensive information but takes longer and generates more network traffic.

Updating NMAP Scripts (NSE)

NMAP includes the Nmap Scripting Engine (NSE) with hundreds of scripts for vulnerability detection, service enumeration, and brute force testing. Keep scripts updated to detect the latest vulnerabilities:

# Update the script database
sudo nmap --script-updatedb

# List available scripts
ls /usr/share/nmap/scripts/ | head -20

# Search for scripts by category
nmap --script-help "vuln"

# Run a specific vulnerability detection script
nmap --script vuln 192.168.1.1

# Run all safe scripts (won't crash services)
nmap --script safe 192.168.1.1

NSE scripts are organized into categories: auth, broadcast, brute, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, and vuln. Use the safe category on production systems to avoid any risk of service disruption.

Saving Scan Results

# Save in normal format
nmap -oN scan_results.txt 192.168.1.1

# Save in XML format (for parsing by other tools)
nmap -oX scan_results.xml 192.168.1.1

# Save in grepable format
nmap -oG scan_results.gnmap 192.168.1.1

# Save in all formats simultaneously
nmap -oA scan_results 192.168.1.1

XML output is particularly useful for integrating NMAP results into vulnerability management tools, dashboards, and automated security pipelines.

Security and Legal Considerations

NMAP is a powerful tool that should be used responsibly:

  • Only scan networks you own or have explicit authorization to test. Unauthorized port scanning may violate computer fraud laws in many jurisdictions.
  • Document your authorization. Before scanning, obtain written permission from the network owner, specifying the scope and timing of the scan.
  • Be careful with aggressive scans. Scans with OS detection (-O) or certain NSE scripts can cause instability in some network devices or legacy systems.
  • Consider timing. Use slower timing templates (-T2 or -T3) on production networks to avoid overwhelming network devices or triggering IDS alerts.

Quick Reference: Common NMAP Commands

Command Purpose
nmap target Scan top 1000 ports
nmap -p- target Scan all 65535 ports
nmap -sV target Version detection
nmap -O target OS detection
nmap -A target Aggressive scan (OS + version + scripts)
nmap -sn target/24 Host discovery (ping scan)
nmap --script vuln target Vulnerability scan
nmap -oA results target Save results in all formats

Next Steps

Once NMAP is installed, explore the full range of scanning capabilities in the NMAP (Network Mapper) guide, which covers advanced scan types, NSE scripting, and integration into your security workflow. Understanding your network's attack surface is the first step toward defending it — combine network scanning with SSH hardening, firewall configuration, and application-layer protection from a web application firewall for comprehensive security. See NOC.org's pricing plans.

Improve Your Websites Speed and Security

14 days free trial. No credit card required.

Get Started