Journalists/Authors: please tell me before you publish articles about Nmap.
I would be happy to review them and point out any updated
information/inaccuracies or provide pointers to other resources that
might help. Even if you don't write me first, you can send me the URL
(if any) when it is published and I will add a link here. I have also
provided technical reviews of many books that relate to Nmap and security.
You know your program has caught on when people start to use its name
as a verb. Running Nmap every time you set up a new Linux server, and
periodically to see if anything has changed on your network, has
become a standard security practice. It's no coincidence that the
spread of Nmap has coincided with Linux distributions finally paring
down the menu of potentially exploitable services offered by
default. For providing an easy-to-use "security idiot light" to Linux
system administrators and distributions everywhere, Nmap, we salute
US President George W. Bush visited the NSA headquarters at Fort
Meade in January 2006. A wall-sized status screen in the background
displays the latest versions of Nmap and some of our other favorite open source tools. Pictures were printed in the
February 6, 2006 edition of Newsweek (article) and the Jan 27 Washington Post (article). The page on the screen is the Talisker Radar. We don't like the NSA tracking our phone calls and email, but they may track Nmap releases all they want.
Loading an external web site on their giant screen was risky. Imagine if this happened (thanks php0t)!
"Hack in Progress" -- Information Week, September 8 2003 -- describes how an "ethical hacker" breaks into a client's corporate network:
As Breed clicks away on his notebook, he lets an occasional grin surface, lifts his eyebrows, and crinkles his forehead. After jotting down the domain addresses, he takes an educated guess at what may be the block of network addresses on the company's system. He launches Nmap, or Network Mapper, and begins sweeping to see what his guess may turn over. Nmap uses IP packets to see what operating systems the network is running, what servers are connected to it, what services and ports are available, even whether packet filters and firewalls are in place.
wins Info World's 1998 Best Information Security Product award
(along with IETF's IPSEC implementation and L0phtcrack).[local copy]
The intelligence that can be garnered by using nmap is
extensive. It provides all the information that is needed for a
well-informed, full-fledged, precisely targeted assault on a
network. Such an attack would have a high probability of success, and
would likely go unnoticed by organizations that lack intrusion
Windows-based scanners are plentiful, but only Asmodeus shows promise" -- Info World July 6, 1998. This InfoWorld security
column examines Windows scanners and concludes that users should give
up on the Windows scanners and "take
the time to install a Linux box and use nmap." [local copy]
Perhaps the most versatile and widely-used tool for penetration
testing today. Offering a wide range of port-scanning techniques, this
utility will report which ports are open, who owns each process, which
service is typically assigned to the port, the probability of a TCP
sequence prediction attack, and more. Another useful feature of nmap
is its ability to remotely "fingerprint" a machine's operating
system. This utility has become the penetration tester's Swiss Army
Nmap impressed me. It's simple, it's powerful, and it does exactly
what it says it does: It maps your network.... It's much faster [
than ISS], and it's designed to be run in "stealth mode" so as to
avoid detection by intrusion detection software. It certainly snuck in
beneath the radar of our intrusion detection software, RealSecure from
ISS. That's something we'll have to sort out.
Network Intrusion Detection, an Analyst's Handbook by
Stephen Northcutt includes a 9-page section on Nmap. The first
edition describes Nmap as follows (pp. 186):
So what is nmap? It is one of the most powerful information-gathering
tools available at any price to both the attacker and defender. There
are a variety of scanning modes available, as well as TCP
fingerprinting and an assessment of TCP sequence number prediction
The June 2001 issue of Information Security Magazine ran an
article on portscanning entitled Plugging Leaky Holes [local copy]. The article gives an overview of scanning and paints a flattering picture of Nmap:
Probably the best-known port scanner is nmap, which finds all open
ports and detects the OS on hosts within an IP address range ... nmap
is useful in uncovering critical information that an attacker may use,
such as the likelihood of successfully guessing the TCP initial
sequence number (a common attack mechanism) and the host's OS
(essential when searching for vulnerabilities). For those who perfer
a GUI-based application, there's a graphical front end available for
"New Generation of Scanning Tools Mask Source of Attack" -- Computer World March 15, 1999. [local copy]
Good Scanners Go Bad" -- Computer World March 22, 1999. [local copy]
"The Art and Detection of Port Scanning" is an
introductory article which focuses on Nmap and appeard in Sys
Admin Magazine in November 1998. I haven't found a online link to
it. My prior Phrack 51 article entitled "The Art of Port Scanning" gives a more
technical overview anyway.
a hack attack" -- Network World, January 10, 2000. Discusses the activities of a professional security auditor. "Hacker Bob prefers network mapping (nmap) ... it's a port scanner on steroids." [ local copy]
The Spring 1999 issue of 2600 has an article called
"Network Scanning with Nmap". Someone OCR'd it and sent me a copy.
Here is the unformatted text.
Note that the options and flags he mentions are for a very old
version of nmap and aren't very relevant to nmap 2.X.