Nmap is a network scanning utility created by Gordon “Fyodor” Lyon that can be used to discover, audit, and troubleshoot networked systems. It is free software released under the GNU General Public License (see gnu.org/copyleft/gpl.html). Nmap is is actively developed by a community of volunteers and is an evaluable tool for network administrators and security auditors.


Nmap’s award-winning suite of network scanning utilities have been in constant development since 1997 and continually improve with each new release. Version 6 of Nmap (released in May of 2012) adds many new features and enhancements. Some of the best new features added to Nmap 6 are listed below:

  • Improved service and operating system version detection
  • Better support for Windows and Mac OS X
  • Addition of Nping utility
  • Continued enhancement of NSE (Nmap Scripting Engine)
  • Full support for IPv6
  • Better overall performance

Nmap allows a system administrator or network security professional (read: penetration tester) to map out all devices on their network which reside within a compatible subnet for Nmap operation.

Its effective configuration and implementation may allow an operator to aggressively map a network (which may trip certain intrusion detection softwares) or passively in a manner which will take considerably longer, yet reduce the probability of detection.

If you wished to scan for hosts which are online and then feed those IP addresses into a text file you would use the following command:

nmap -sP -n -oX out.xml | grep "Nmap" | cut -d " " -f 5 > live_hosts.txt

Nmap may also be used to scan for specific open ports, and may also be used to perform some limited vulnerabiltiy discovery sweeps. For example if you are sweeping a network for open SSH ports, the following command would be used:

nmap -p 22 > ssh_scan.txt

By using some clever commands such as grep and sed, an administrator can parse the output into other formats for introducing into other processes. This may be particularly useful where nmap may be used to complement other processes such as Nessus or OpenVAS vulnerability scanners.