Simple Vulnerability Scanning with Nmap for Beginners
First off, what is Nmap? In simple terms, Nmap is a port-scanner and light-weight vulnerability scanner used for OSINT/Information Gathering by hackers, ethical hackers, and bug bounty hunters. You can use it to identify open ports, services that are running on those ports, operating system detection, and much much more.
Click here to learn more about Nmap
In the above video clip, I demonstrated how a basic Nmap scan is performed. All you have to do on Debian based distributions like Kali Linux, Debian, and Parrot Security OS is open your command line and type the simple command I typed above:
nmap (website/IP address)
This will scan whatever website, or IP address you want to scan and display the open ports on it.
Nmap scans can be as simple or as complex as you want to make them but some of my favorite commands and most useful commands that I use every day are:
-sV scans for the services running on the target website/IP
-O scans for the Operating System running on the target
--script=vulners for vulnerability scanning with NSE
-oA Outputs scans in 3 different forms
--top-ports scans the top (n) ports you specify after command
If you want to find a list of all the commands you can use with Nmap just type "nmap" in the command prompt. It will list everything that you can use in your scan.
For more information on using Nmap as a vulnerability scanner, check out this link on using the Nmap Scripting Engine (NSE)