Begin Zenmap by typing zenmap in a terminal or by
clicking the Zenmap icon in the desktop environment. The main window,
as shown in Figure 12.2, is displayed.
Figure 12.2. Zenmap's main window
One of Zenmap's goals is to make security scanning easy for
beginners and for experts. Running a scan is as simple as typing the
target in the “Target” field, selecting the
“Intense scan” profile, and clicking the
“Scan” button. This is shown in Figure 12.3.
Figure 12.3. Target and profile selection
While a scan is running (and after it completes), the output of the
Nmap command is shown on the screen.
Any number of targets, separated by spaces, may be entered in the
target field. All the target specifications supported by Nmap are also
supported by Zenmap, so targets such as
10.0.0-5.* work. Zenmap remembers the targets scanned most
recently. To re-scan a host, select the host from the
combo box attached to the “Target” text field.
The “Intense scan” is just one of several scan profiles
that come with Zenmap. Choose a profile by selecting it from the
“Profile” combo box. Profiles exist for several
common scans. After selecting a profile the Nmap command line
associated with it is displayed on the screen. Of course, it is
possible to edit these profiles or create new ones. This is covered
in the section called “The Profile Editor”.
It is also possible to type in an Nmap command and have it executed
without using a profile. Just type in the command and press return or
click “Scan”. When you do this the
becomes blank to indicate that the scan is not using any
profile—it comes directly from the command field.
Zenmap has the ability to combine the results of many Nmap scans
into one view, a feature known as scan
aggregation. When one scan is finished, you may start
another in the same window. When the second scan is finished, its
results are merged with those from the first. The collection of
scans that make up an aggregated view is called a
An example of aggregation will make the concept clearer. Let's run a
quick scan against scanme.nmap.org.
Now do the same against localhost:
Now results for both scanme and localhost are shown. This is
something you could have done with one Nmap scan, giving both
targets, although it's convenient not to have to think of all the
targets in advance. Now suppose we want some more information about
scanme, so we launch an intense scan on it.
Now scanme has a little penguin icon showing that its operating
system has been detected as Linux. Additionally one of its services
has been identified. Now we're doing something you can't do with a
single Nmap scan, because you can't single out a host for more
intense scanning like we did. The results for localhost are still
present, though we won't know more about it than we did before
unless we decide to do a more in-depth scan.
It is not necessary to wait for one scan to finish before starting
another. Several scans may run concurrently. As each one finishes
its results are added to the inventory. Any number of scans may make
up an inventory; the collection of scans is managed in the
“Scans” scan results tab, as fully described in
the section called “The “Scans” tab”.
It is possible to have more than one inventory open at the same
time. Zenmap uses the convention that one window represents one
network inventory. To start a new inventory, select
“New Window” from the “Scan”
menu or use the
keyboard shortcut. Starting a scan with the
“Scan” button will append the scan to the
inventory in the current window. To put it in a different inventory
open up a separate window and run the scan from there. Loading scan
results from a file or directory will start a new inventory, unless
you use the “Open Scan in This Window” menu
item. For more on saving and loading network inventories and
individual scans see the section called “Saving and Loading Scan Results”.
To close a window choose “Close Window” from
the “Scan” menu or press
all open windows are closed the application will terminate. To close
all open windows select “Quit” or press