Nmap Command Examples For Linux Sys/Network Admins
-
- 84
Nmap is short for Network Mapper. It is an open-source security tool for network exploration, security scanning, and auditing. However, the Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. The purpose of this guide is to introduce a user to the Nmap command line tool to scan a host or network to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes. Let us see some common and practial nmap examples running on Linux or Unix-like systems.
What is Nmap and what is it used for?
nmap in actionFrom the man page:
Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
It was originally written by Gordon Lyon and it can answer the following questions easily:
- Find running computers on the local network
- What IP addresses did you find running on the local network?
- Discover the operating system of your target machine
- Find out what ports are open on the machine that you just scanned?
- See if the system is infected with malware or virus.
- Search for unauthorized servers or network service on your network.
- Locate and remove computers which don’t meet the organization’s minimum level of security.
Nmap Command Examples in Linux and Unix – Sample setup (LAB) for
Port scanning may be illegal in some jurisdictions. So setup a lab as follows to run nmap examples for learning purposes:
+---------+
+---------+ | Network | +--------+
| server1 |-----------+ swtich +---------|server2 |
+---------+ | (sw0) | +--------+
+----+----+
|
|
+---------+----------------+
| wks01 Linux/macOS/Win |
+--------------------------+
Where,
- wks01 is your computer either running Linux/macOS (OS X) or Unix like operating system. It is used for scanning your local network. The nmap command must be installed on this computer and you are going to type all nmap examples metnioned here.
- server1 can be powered by Linux / Unix / MS-Windows operating systems. This is an unpatched server. Feel free to install a few services such as a web-server, FTP or file server and so on.
- server2 can be powered by Linux / Unix / MS-Windows operating systems. This is a fully patched server with firewall. Again, feel free to install few services such as a web-server, file server and so on.
- All three systems are connected via a network switch.
Let us get our hands on dirty with nmap examples. Please note that many examples needs to be run by the root user.
How do I install nmap on Linux?
Please see following tutorial to complete nmap examples mentioned below:
- Debian / Ubuntu Linux: Install nmap Software For Scanning Network
- CentOS / RHEL: Install nmap Network Security Scanner
- OpenBSD: Install nmap Network Security Scanner
1. Scan a single host or an IP address (IPv4) using nmap
The most simplest nmap examples is to scan a single machine. For example:
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1—&client=ca-pub-7825705102693166&output=html&h=280&adk=2966820330&adf=1836365694&pi=t.aa~a.1798617643~i.36~rp.4&w=644&fwrn=4&fwrnh=100&lmt=1672924741&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=9276298954&ad_type=text_image&format=644×280&url=https%3A%2F%2Fwww.cyberciti.biz%2Fnetworking%2Fnmap-command-examples-tutorials%2F&fwr=0&pra=3&rh=161&rw=644&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyJXaW5kb3dzIiwiMTUuMC4wIiwieDg2IiwiIiwiMTA4LjAuNTM1OS4xMjUiLFtdLGZhbHNlLG51bGwsIjY0IixbWyJOb3Q_QV9CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTA4LjAuNTM1OS4xMjUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDguMC41MzU5LjEyNSJdXSxmYWxzZV0.&dt=1672933960390&bpp=2&bdt=5372&idt=2&shv=r20230103&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dac7e0204d7010890-2225af792dd900ed%3AT%3D1672928645%3ART%3D1672928645%3AS%3DALNI_MYGgTI6s5iWC4F7Ry-T8V6lporB9w&gpic=UID%3D00000b9e9e1e75bf%3AT%3D1672928645%3ART%3D1672928645%3AS%3DALNI_MZNogsSPlIbVtbpcFXLVvuv7103KQ&prev_fmts=0x0%2C644x280%2C336x600%2C347x280%2C347x280%2C644x280%2C1519x746%2C641x124&nras=5&correlator=7393331283820&frm=20&pv=1&ga_vid=1912941346.1672928644&ga_sid=1672933959&ga_hid=313070371&ga_fc=1&u_tz=330&u_his=2&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_sd=1.25&dmc=8&adx=240&ady=4289&biw=1519&bih=746&scr_x=0&scr_y=1328&eid=44759875%2C44759926%2C44759842%2C44780792&oid=2&psts=ACgb8tveTlEkDNa1gT_ky4LSaOy1JDsGe-OSFRIZNQv6R1IHblY1JYIkRoUlPSnggJ6HQcsqu_lG6gl5FnP-wvc%2CACgb8tuZuDcuUdFe2eYkJ6idYOaNSZX-DmEWxCXWWyBKflGq0fIjgaQ_OhoJdOICVSWXYvKck-nRpSBX2kFdQ9A%2CACgb8ttigjnqjuvTDQM9qz3U72qbe2S7xMNTUep0PNrZRI7QPIxQ1WHK8qLt3nSoRoLU6qfjltyhWoMRA-PaKa4%2CACgb8tulg9_IGXDIqU1vEMb1-Ov9JK-uQVN6BAgmQjoCbtolySLEchDhou5FBRxlsDIUNcq_XDAM4burYU25amQ%2CACgb8tvjR2vf2u1DlJ_aIjpFe0GYl7yBm1FeVhEpN-Ubixw0Vn5zUyENEIn2AXNPqVR25D34qMYROS290XCmoBhL6eqGK88oAPySkxwaQO_c%2CACgb8tsWcNdVfiDUYy0659TaaaORyxhw7llx4WjpkJdxvK7y6tMn8tfhZSKgkmdqqnTLKvNOdydmfoeuwnV-C98&pvsid=494505304726070&tmod=1729182566&uas=3&nvt=1&ref=https%3A%2F%2Fwww.cyberciti.biz%2F&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1536%2C0%2C1536%2C816%2C1536%2C746&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=UTz6CHTY6G&p=https%3A//www.cyberciti.biz&dtd=48949
### Scan a single ip address ### nmap 192.168.1.1 ## Scan a host name ### nmap server1.cyberciti.biz ## Scan a host name with more info### nmap -v server1.cyberciti.biz
Fig.01: nmap output
2. Scan multiple IP address or subnet (IPv4)
In this nmap example we are going to scan many IP address or CIDR. For instance:
# Nmap scan network example # nmap 192.168.1.1 192.168.1.2 192.168.1.3 ## works with same subnet i.e. 192.168.1.0/24 nmap 192.168.1.1,2,3
You can scan a range of IP address too:
nmap 192.168.1.1-20
You can scan a range of IP address using a wildcard:
nmap 192.168.1.*
Finally, you scan an entire subnet:
nmap 192.168.1.0/24
3. Read list of hosts/networks from a file (IPv4)
The -iL option allows you to read the list of target systems using a text file. This is useful to scan a large number of hosts/networks. For example, create a text file as follows using the cat command:cat > /tmp/test.txt
Append host names, CIDRs or IP address names as follows:
server1.cyberciti.biz 192.168.1.0/24 192.168.1.1/24 10.1.2.3 localhost
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1—&client=ca-pub-7825705102693166&output=html&h=280&adk=2966820330&adf=2965559891&pi=t.aa~a.1798617643~i.64~rp.4&w=644&fwrn=4&fwrnh=100&lmt=1672924741&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=9276298954&ad_type=text_image&format=644×280&url=https%3A%2F%2Fwww.cyberciti.biz%2Fnetworking%2Fnmap-command-examples-tutorials%2F&fwr=0&pra=3&rh=161&rw=644&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyJXaW5kb3dzIiwiMTUuMC4wIiwieDg2IiwiIiwiMTA4LjAuNTM1OS4xMjUiLFtdLGZhbHNlLG51bGwsIjY0IixbWyJOb3Q_QV9CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTA4LjAuNTM1OS4xMjUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDguMC41MzU5LjEyNSJdXSxmYWxzZV0.&dt=1672933960396&bpp=2&bdt=5378&idt=2&shv=r20230103&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dac7e0204d7010890-2225af792dd900ed%3AT%3D1672928645%3ART%3D1672928645%3AS%3DALNI_MYGgTI6s5iWC4F7Ry-T8V6lporB9w&gpic=UID%3D00000b9e9e1e75bf%3AT%3D1672928645%3ART%3D1672928645%3AS%3DALNI_MZNogsSPlIbVtbpcFXLVvuv7103KQ&prev_fmts=0x0%2C644x280%2C336x600%2C347x280%2C347x280%2C644x280%2C1519x746%2C641x124%2C644x280&nras=6&correlator=7393331283820&frm=20&pv=1&ga_vid=1912941346.1672928644&ga_sid=1672933959&ga_hid=313070371&ga_fc=1&u_tz=330&u_his=2&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_sd=1.25&dmc=8&adx=240&ady=6440&biw=1519&bih=746&scr_x=0&scr_y=3458&eid=44759875%2C44759926%2C44759842%2C44780792&oid=2&psts=ACgb8tveTlEkDNa1gT_ky4LSaOy1JDsGe-OSFRIZNQv6R1IHblY1JYIkRoUlPSnggJ6HQcsqu_lG6gl5FnP-wvc%2CACgb8tuZuDcuUdFe2eYkJ6idYOaNSZX-DmEWxCXWWyBKflGq0fIjgaQ_OhoJdOICVSWXYvKck-nRpSBX2kFdQ9A%2CACgb8ttigjnqjuvTDQM9qz3U72qbe2S7xMNTUep0PNrZRI7QPIxQ1WHK8qLt3nSoRoLU6qfjltyhWoMRA-PaKa4%2CACgb8tulg9_IGXDIqU1vEMb1-Ov9JK-uQVN6BAgmQjoCbtolySLEchDhou5FBRxlsDIUNcq_XDAM4burYU25amQ%2CACgb8tvjR2vf2u1DlJ_aIjpFe0GYl7yBm1FeVhEpN-Ubixw0Vn5zUyENEIn2AXNPqVR25D34qMYROS290XCmoBhL6eqGK88oAPySkxwaQO_c%2CACgb8tsWcNdVfiDUYy0659TaaaORyxhw7llx4WjpkJdxvK7y6tMn8tfhZSKgkmdqqnTLKvNOdydmfoeuwnV-C98%2CACgb8ttR_MgjOnUDrCjumrlEz2DDkcRc3kWd9WRsUitMeAzwcO1RCCdK6Ky0gEJSIyHaJHxEQKEtyEGraitHHBQ&pvsid=494505304726070&tmod=1729182566&uas=3&nvt=1&ref=https%3A%2F%2Fwww.cyberciti.biz%2F&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1536%2C0%2C1536%2C816%2C1536%2C746&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=TyzM6bl3Op&p=https%3A//www.cyberciti.biz&dtd=73134Press the CTRL+D to save the file. Now, the syntax is as follows:
nmap -iL /tmp/test.txt
The above nmap example will scan server1.cyberciti.biz, and given CIDRs and the scan might take some time.
4. Excluding hosts/networks (IPv4) from nmap scan examples
When scanning a large number of hosts/networks you can exclude hosts from a scan. For examples:
nmap 192.168.1.0/24 --exclude 192.168.1.5 nmap 192.168.1.0/24 --exclude 192.168.1.5,192.168.1.254
OR exclude list from a file called /tmp/exclude.txt
nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt
5. Turn on OS and version detection scanning script (IPv4) with nmap examples
Run the following command
nmap -A 192.168.1.254 nmap -v -A 192.168.1.1 nmap -A -iL /tmp/scanlist.txt
6. Find out if a host/network is protected by a firewall using namp command
## nmap command examples for your host ## nmap -sA 192.168.1.254 nmap -sA server1.cyberciti.biz
7. Scaning a host when protected by the firewall
In this Nmap command examples we are going to scan a router/wifi device having 192.168.1.1 as IP:
nmap -PN 192.168.1.1 nmap -PN server1.cyberciti.biz
8. Scan an IPv6 host/address examples
The -6 option enable IPv6 scanning with the namp command. The syntax is:
nmap -6 IPv6-Address-Here nmap -6 server1.cyberciti.biz nmap -6 2607:f0d0:1002:51::4 nmap -v A -6 2607:f0d0:1002:51::4
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1—&client=ca-pub-7825705102693166&output=html&h=280&adk=2966820330&adf=1309264666&pi=t.aa~a.1798617643~i.104~rp.4&w=644&fwrn=4&fwrnh=100&lmt=1672924741&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=9276298954&ad_type=text_image&format=644×280&url=https%3A%2F%2Fwww.cyberciti.biz%2Fnetworking%2Fnmap-command-examples-tutorials%2F&fwr=0&pra=3&rh=161&rw=644&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyJXaW5kb3dzIiwiMTUuMC4wIiwieDg2IiwiIiwiMTA4LjAuNTM1OS4xMjUiLFtdLGZhbHNlLG51bGwsIjY0IixbWyJOb3Q_QV9CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTA4LjAuNTM1OS4xMjUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDguMC41MzU5LjEyNSJdXSxmYWxzZV0.&dt=1672933960404&bpp=1&bdt=5386&idt=2&shv=r20230103&mjsv=m202212010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dac7e0204d7010890-2225af792dd900ed%3AT%3D1672928645%3ART%3D1672928645%3AS%3DALNI_MYGgTI6s5iWC4F7Ry-T8V6lporB9w&gpic=UID%3D00000b9e9e1e75bf%3AT%3D1672928645%3ART%3D1672928645%3AS%3DALNI_MZNogsSPlIbVtbpcFXLVvuv7103KQ&prev_fmts=0x0%2C644x280%2C336x600%2C347x280%2C347x280%2C644x280%2C1519x746%2C641x124%2C644x280%2C644x280&nras=7&correlator=7393331283820&frm=20&pv=1&ga_vid=1912941346.1672928644&ga_sid=1672933959&ga_hid=313070371&ga_fc=1&u_tz=330&u_his=2&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_sd=1.25&dmc=8&adx=240&ady=8746&biw=1519&bih=746&scr_x=0&scr_y=5769&eid=44759875%2C44759926%2C44759842%2C44780792&oid=2&psts=ACgb8tveTlEkDNa1gT_ky4LSaOy1JDsGe-OSFRIZNQv6R1IHblY1JYIkRoUlPSnggJ6HQcsqu_lG6gl5FnP-wvc%2CACgb8tuZuDcuUdFe2eYkJ6idYOaNSZX-DmEWxCXWWyBKflGq0fIjgaQ_OhoJdOICVSWXYvKck-nRpSBX2kFdQ9A%2CACgb8ttigjnqjuvTDQM9qz3U72qbe2S7xMNTUep0PNrZRI7QPIxQ1WHK8qLt3nSoRoLU6qfjltyhWoMRA-PaKa4%2CACgb8tulg9_IGXDIqU1vEMb1-Ov9JK-uQVN6BAgmQjoCbtolySLEchDhou5FBRxlsDIUNcq_XDAM4burYU25amQ%2CACgb8tvjR2vf2u1DlJ_aIjpFe0GYl7yBm1FeVhEpN-Ubixw0Vn5zUyENEIn2AXNPqVR25D34qMYROS290XCmoBhL6eqGK88oAPySkxwaQO_c%2CACgb8tsWcNdVfiDUYy0659TaaaORyxhw7llx4WjpkJdxvK7y6tMn8tfhZSKgkmdqqnTLKvNOdydmfoeuwnV-C98%2CACgb8ttR_MgjOnUDrCjumrlEz2DDkcRc3kWd9WRsUitMeAzwcO1RCCdK6Ky0gEJSIyHaJHxEQKEtyEGraitHHBQ%2CACgb8tsB8sMCR57OlTkYDpZtvUaPr9nzuHYld7FkbQ8yfLZSHQBUL1yqqbOgsyuv3uGHn81Iqxfg_Crwo7Qwd0I&pvsid=494505304726070&tmod=1729182566&uas=1&nvt=1&ref=https%3A%2F%2Fwww.cyberciti.biz%2F&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1536%2C0%2C1536%2C816%2C1536%2C746&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=a24vI6NhGu&p=https%3A//www.cyberciti.biz&dtd=79150
9. Scan a network and find out which servers and devices are up and running
This is known as host discovery or ping scan. Try the followin nmap examples:
nmap -sP 192.168.1.0/24
Here is how it looks:
Host 192.168.1.1 is up (0.00035s latency). MAC Address: BC:AE:C5:C3:16:93 (Unknown) Host 192.168.1.2 is up (0.0038s latency). MAC Address: 74:44:01:40:57:FB (Unknown) Host 192.168.1.5 is up. Host nas03 (192.168.1.12) is up (0.0091s latency). MAC Address: 00:11:32:11:15:FC (Synology Incorporated) Nmap done: 256 IP addresses (4 hosts up) scanned in 2.80 second
10. How do I perform a fast scan using the namp?
Open the terminal app and then run the following nmap examples:
nmap -F 192.168.1.1 nmap -6 -F IPv6_Address_Here
11. Display the reason a port is in a particular state
nmap --reason 192.168.1.1 nmap --reason server1.cyberciti.biz
Outputs:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-07 21:16 IST Nmap scan report for router (192.168.2.254) Host is up, received arp-response (0.00026s latency). Not shown: 995 filtered ports Reason: 995 no-responses PORT STATE SERVICE REASON 22/tcp open ssh syn-ack ttl 64 53/tcp open domain syn-ack ttl 64 80/tcp open http syn-ack ttl 64 443/tcp open https syn-ack ttl 64 666/tcp open doom syn-ack ttl 64 MAC Address: 00:08:A2:0D:05:41 (ADI Engineering) Nmap done: 1 IP address (1 host up) scanned in 4.85 seconds
12. Only show open (or possibly open) ports using nmap command in Linux
Run:
nmap --open 192.168.1.1 nmap --open server1.cyberciti.biz nmap --open 192.168.2.18
Scan outputs from my CentOS 7 Linux server:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-07 21:17 IST Nmap scan report for centos7 (192.168.2.18) Host is up (0.00015s latency). Not shown: 998 filtered ports, 1 closed port Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE 22/tcp open ssh MAC Address: 00:01:C0:1B:28:7E (CompuLab) Nmap done: 1 IP address (1 host up) scanned in 5.07 seconds
13. Show all packets sent and received
nmap --packet-trace 192.168.1.1 nmap --packet-trace server1.cyberciti.biz
14. Show host interfaces and routes namp examples
This is useful for debugging (ip command or route command or netstat command like output using the nmap command on Linux)
nmap --iflist
Detailed report created by the Namp command:
Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 02:01 IST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo (lo) 127.0.0.1/8 loopback up eth0 (eth0) 192.168.1.5/24 ethernet up B8:AC:6F:65:31:E5 vmnet1 (vmnet1) 192.168.121.1/24 ethernet up 00:50:56:C0:00:01 vmnet8 (vmnet8) 192.168.179.1/24 ethernet up 00:50:56:C0:00:08 ppp0 (ppp0) 10.1.19.69/32 point2point up **************************ROUTES************************** DST/MASK DEV GATEWAY 10.0.31.178/32 ppp0 209.133.67.35/32 eth0 192.168.1.2 192.168.1.0/0 eth0 192.168.121.0/0 vmnet1 192.168.179.0/0 vmnet8 169.254.0.0/0 eth0 10.0.0.0/0 ppp0 0.0.0.0/0 eth0 192.168.1.2
15. How do I scan specific ports using nmap?
In this example, I am going to use nmap to scan TCP or UDP ports. You can find a list of all services and ports in the /etc/services file. For example:$ more /etc/services
Now try the following nample examples to prob for TCP port 80 and others:
nmap -p [port] hostName ## Scan port 80 nmap -p 80 192.168.1.1 ## Scan TCP port 80 nmap -p T:80 192.168.1.1 ## Scan UDP port 53 nmap -p U:53 192.168.1.1 ## Scan two ports ## nmap -p 80,443 192.168.1.1 ## Scan port ranges ## nmap -p 80-200 192.168.1.1 ## Combine all options ## nmap -p U:53,111,137,T:21-25,80,139,8080 192.168.1.1 nmap -p U:53,111,137,T:21-25,80,139,8080 server1.cyberciti.biz nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.1.254 ## Scan all ports with * wildcard ## nmap -p "*" 192.168.1.1 ## Scan top ports i.e. scan $number most common ports ## nmap --top-ports 5 192.168.1.1 nmap --top-ports 10 192.168.1.1
Sample outputs:
Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 01:23 IST Interesting ports on 192.168.1.1: PORT STATE SERVICE 21/tcp closed ftp 22/tcp open ssh 23/tcp closed telnet 25/tcp closed smtp 80/tcp open http 110/tcp closed pop3 139/tcp closed netbios-ssn 443/tcp closed https 445/tcp closed microsoft-ds 3389/tcp closed ms-term-serv MAC Address: BC:AE:C5:C3:16:93 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
16: The fastest way to scan all your devices/computers for open ports ever
Here is a nmap example that scan all your devices on the network. For example:
nmap -T5 192.168.1.0/24
nmap -T5 {sub/net}
nmap -T5 CIDR
17. How do I detect remote operating system with the help of nmap?
You can identify a remote host apps and OS using the -O option. Try the following namp examples:
Nmap is short for Network Mapper. It is an open-source security tool for network exploration, security scanning, and auditing. However, the Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. The purpose of this guide is to introduce…
Nmap is short for Network Mapper. It is an open-source security tool for network exploration, security scanning, and auditing. However, the Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. The purpose of this guide is to introduce…