www.it-ebooks.info
Nmap 6: Network
Exploration and
Security Auditing
Cookbook
A complete guide to mastering Nmap 6 and its scripting
engine, covering practical tasks for penetration testers
and system administrators
Paulino Calderón Pale
BIRMINGHAM - MUMBAI
www.it-ebooks.info
Nmap 6: Network Exploration and Security
Auditing Cookbook
Copyright © 2012 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system,
or transmitted in any form or by any means, without the prior written permission of the
publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the
information presented. However, the information contained in this book is sold without
warranty, either express or implied. Neither the author, nor Packt Publishing and its dealers
and distributors will be held liable for any damages caused or alleged to be caused directly
or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies
and products mentioned in this book by the appropriate use of capitals. However, Packt
Publishing cannot guarantee the accuracy of this information.
First published: November 2012
Production Reference: 2201112
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK

ISBN 978-1-84951-748-5
www.packtpub.com
Cover Image by Renata Gómez Cárdenas ()
www.it-ebooks.info
Credits
Author
Paulino Calderón Pale
Reviewers
Carlos A. Ayala Rocha
David Shaw
Acquisition Editor
Robin de Jongh
Lead Technical Editor
Dayan Hyames
Technical Editors
Veronica Fernandes
Nitee Shetty
Copy Editor
Insiya Morbiwala
Project Coordinator
Sai Gamare
Proofreader
Dirk Manuel
Indexer
Rekha Nair
Graphics
Valentina D'Silva
Production Coordinator
Nitesh Thakur
Cover Work

Nitesh Thakur
www.it-ebooks.info
About the Author
Paulino Calderón Pale (@calderpwn) is a very passionate software developer and
penetration tester from a Caribbean island in México called Cozumel. He learned to write code
and administer IT infrastructures early in his life—skills that came handy when he joined the
information security industry. Today, he loves learning new technologies, penetration testing,
conducting data-gathering experiments, developing software, and contributing to the open
source community. He maintains a blog of his public work at .
In the summer of 2011, he joined Google’s Summer of Code program to work on the Nmap
project as an NSE (Nmap Scripting Engine) developer. He focused on improving the web
scanning capabilities of Nmap and has produced over 20 scripts for gathering information,
and detecting and exploiting security vulnerabilities since then.
He is the cofounder of Websec, an information security company focused on web security
operation in México () and Canada (), where they
help companies in different industries secure their IT infrastructures.
www.it-ebooks.info
Acknowledgement
I would like to dedicate this book to a lot of people. Firstly, I would like to especially thank
Fyodor for giving me the opportunity of joining the Nmap project during the Google Summer
of Code. This book wouldn’t have existed if you had not taken a chance with me that summer.
My parents Edith and Paulino who have been incredibly supportive my whole life, my brothers
Omar and Yael who have made this a real fun ride, and my girlfriend Martha Moguel and
her family, who were really supportive and understanding with the lack of dates and Sunday
meals while I worked on this book.
I would like to thank the Nmap team and contributors, especially to all the people who
I’ve learned some much from—Patrik Karlsson, David Field, Ron Bowes, Daniel Miller,
Henri Doreau, Patrick Donelly, Brendan Coles, Luis Martin, Toni Ruotto, Tom Sellers and
Djalal Harouni.
I would also like to thanks all my good friends and business partners, Roberto Salgado and

Pedro Joaquín for all the extra work they had to do to cover for me, and my friends in
info-sec—Carlos Ayala, Alejandro Hernández, Luis Guillermo Castañeda, Edgar Pimienta,
Giovanni Cruz, Diego Bauche, Christian Navarrete, Eduardo Vela, Lenin Alevsk, Christian
Yerena, Humberto Ochoa, Marcos Schejtman, Angel Morelos, Eduardo Ruiz, Ruben Ventura,
Alejandro Hernández Flores (alt3kx), Luis Alberto Cortes, Oscar Lopez, Víctor Hugo Ramos
Alvarez , Antonio Toriz, Francisco León, Armin García, Roberto Martinez, Hecky, Victor Gomez,
Luis Solis, Hector Lopez, Matias Katz, Jaime Restrepo, Carlos Lozano, David Murillo, Uriel
Márquez, Marc Ruef, David Moreno, Leonardo Pigñer, Alvaro Andrade, Alfonso Deluque, and
Lorenzo Martínez. I thank all my friends in Cozumel and Victoria who I may not have seen as
much as I would have liked, lately, but who are always in my heart.
And nally, I would like to thank Packt Publishing and their staff for all the support and help
provided when publishing this book.
www.it-ebooks.info
About the Reviewers
Carlos A. Ayala Rocha is an Information Security Consultant with more than 10 years
of experience in Network Security, Intrusion Detection/Prevention, Forensic Analysis, and
Incident Response. He has analyzed, designed, and implemented solutions, procedures, and
mechanisms focused on risk mitigation for large companies, governments, internet service
providers, and homeland security agencies in Mexico and several Latin American countries.
He is an Advisory Board Member, Proctor, and Mentor for the SANS Institute, and a founding
member of the Mexican Information Security Association (ASIMX). He holds many security
industry certications, such as CISSP, GCIH, GCFA, and GPEN, among others. He currently
works as a Consulting Engineer at Arbor Networks for Latin America.
David Shaw has extensive experience in many aspects of information security. Beginning
his career as a Network Security Analyst, he monitored perimeter rewalls and intrusion
detection systems in order to identify and neutralize threats in real time. After working in
the trenches of perimeter analysis, he joined an External Threat Assessment Team as a
Security Researcher, working closely with large nancial institutions to mitigate external
risk and combat phishing attacks. He has particular interests in exploit development and
unconventional attack vectors, and was a speaker at ToorCon 12 in San Diego, CA. He is

currently the Director of Penetration Testing Technology at Redspin, specializing in external
and application security assessments, and managing a team of highly-skilled engineers.
I would like to thank my wonderful team at Redspin for allowing me the
opportunity to conduct research and hone my skills, and without whom I
would never be where I am today.
www.it-ebooks.info
www.PacktPub.com
Support les, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support les and downloads related to
your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub
les available? You can upgrade to the eBook version at www.PacktPub.com and as a print
book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign
up for a range of free newsletters and receive exclusive discounts and offers on Packt
books and eBooks.

Do you need instant solutions to your IT questions? PacktLib is Packt’s online digital book
library. Here, you can access, read and search across Packt’s entire library of books.
Why Subscribe?
f Fully searchable across every book published by Packt
f Copy and paste, print and bookmark content
f On demand and accessible via web browser
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access
PacktLib today and view nine entirely free books. Simply use your login credentials for
immediate access.
www.it-ebooks.info
www.it-ebooks.info

Table of Contents
Preface 5
Chapter 1: Nmap Fundamentals 9
Introduction 10
Downloading Nmap from the ofcial source code repository 11
Compiling Nmap from source code 13
Listing open ports on a remote host 16
Fingerprinting services of a remote host 19
Finding live hosts in your network 22
Scanning using specic port ranges 25
Running NSE scripts 27
Scanning using a specied network interface 31
Comparing scan results with Ndiff 33
Managing multiple scanning proles with Zenmap 36
Detecting NAT with Nping 39
Monitoring servers remotely with Nmap and Ndiff 41
Chapter 2: Network Exploration 45
Introduction 45
Discovering hosts with TCP SYN ping scans 46
Discovering hosts with TCP ACK ping scans 48
Discovering hosts with UDP ping scans 50
Discovering hosts with ICMP ping scans 51
Discovering hosts with IP protocol ping scans 53
Discovering hosts with ARP ping scans 56
Discovering hosts using broadcast pings 60
Hiding our trafc with additional random data 63
Forcing DNS resolution 65
Excluding hosts from your scans 67
Scanning IPv6 addresses 69
Gathering network information with broadcast scripts 71

www.it-ebooks.info
ii
Table of Contents
Chapter 3: Gathering Additional Host Information 77
Introduction 77
Geolocating an IP address 78
Getting information from WHOIS records 80
Checking if a host is known for malicious activities 83
Collecting valid e-mail accounts 86
Discovering hostnames pointing to the same IP address 88
Brute forcing DNS records 91
Fingerprinting the operating system of a host 94
Discovering UDP services 96
Listing protocols supported by a remote host 98
Discovering stateful rewalls by using a TCP ACK scan 100
Matching services with known security vulnerabilities 102
Spoong the origin IP of a port scan 104
Chapter 4: Auditing Web Servers 109
Introduction 110
Listing supported HTTP methods 110
Checking if an HTTP proxy is open 113
Discovering interesting les and directories in various web servers 114
Brute forcing HTTP authentication 117
Abusing mod_userdir to enumerate user accounts 120
Testing default credentials in web applications 121
Brute-force password auditing WordPress installations 124
Brute-force password auditing Joomla! installations 126
Detecting web application rewalls 129
Detecting possible XST vulnerabilities 131
Detecting Cross Site Scripting vulnerabilities in web applications 134

Finding SQL injection vulnerabilities in web applications 138
Detecting web servers vulnerable to slowloris denial of service attacks 140
Chapter 5: Auditing Databases 143
Introduction 144
Listing MySQL databases 144
Listing MySQL users 145
Listing MySQL variables 147
Finding root accounts with empty passwords in MySQL servers 148
Brute forcing MySQL passwords 150
Detecting insecure congurations in MySQL servers 151
Brute forcing Oracle passwords 154
Brute forcing Oracle SID names 156
Retrieving MS SQL server information 157
www.it-ebooks.info
iii
Table of Contents
Brute forcing MS SQL passwords 159
Dumping the password hashes of an MS SQL server 162
Running commands through the command shell on MS SQL servers 164
Finding sysadmin accounts with empty passwords on MS SQL servers 166
Listing MongoDB databases 168
Retrieving MongoDB server information 169
Listing CouchDB databases 170
Retrieving CouchDB database statistics 171
Chapter 6: Auditing Mail Servers 175
Introduction 175
Discovering valid e-mail accounts using Google Search 176
Detecting open relays 178
Brute forcing SMTP passwords 180
Enumerating users in an SMTP server 182

Detecting backdoor SMTP servers 184
Brute forcing IMAP passwords 186
Retrieving the capabilities of an IMAP mail server 189
Brute forcing POP3 passwords 190
Retrieving the capabilities of a POP3 mail server 192
Detecting vulnerable Exim SMTP servers version 4.70 through 4.75 193
Chapter 7: Scanning Large Networks 197
Introduction 197
Scanning an IP address range 198
Reading targets from a text le 201
Scanning random targets 203
Skipping tests to speed up long scans 206
Selecting the correct timing template 213
Adjusting timing parameters 216
Adjusting performance parameters 219
Collecting signatures of web servers 222
Distributing a scan among several clients using Dnmap 224
Chapter 8: Generating Scan Reports 229
Introduction 229
Saving scan results in normal format 230
Saving scan results in an XML format 233
Saving scan results to a SQLite database 236
Saving scan results in a grepable format 239
Generating a network topology graph with Zenmap 242
Generating an HTML scan report 244
Reporting vulnerability checks performed during a scan 246
www.it-ebooks.info
iv
Table of Contents
Chapter 9: Writing Your Own NSE Scripts 249

Introduction 249
Making HTTP requests to identify vulnerable Trendnet webcams 251
Sending UDP payloads by using NSE sockets 256
Exploiting a path traversal vulnerability with NSE 262
Writing a brute force script 268
Working with the web crawling library 274
Reporting vulnerabilities correctly in NSE scripts 283
Writing your own NSE library 287
Working with NSE threads, condition variables, and mutexes in NSE 290
References 295
Index 299
www.it-ebooks.info
Preface
Nmap 6: Network Exploration and Security Auditing Cookbook is a 100 percent practical
book that follows a cookbook's style. Each recipe focuses on a single task and contains
command line examples, sample output, a detailed explanation, and additional tips that
could come in handy.
Nmap's vast functionality is explored through nine chapters covering 100 different tasks for
penetration testers and system administrators. Unlike Nmap's ofcial book, this cookbook
focuses on tasks that you can do with the Nmap Scripting Engine, without forgetting to
cover the core functionality of Nmap.
There were many great NSE scripts I wish I had more space to include in this book and
many more that will be created after its publication. Luis Martin Garcia recently posted an
interesting video that shows how much Nmap has grown over the years at http://www.
youtube.com/watch?v=7rlF1MSAbXk
. I invite you to register for the development
mailing list and stay up-to-date with Nmap's latest features and NSE scripts.
I hope that you not only enjoy reading this cookbook, but also that, as you master the Nmap
Scripting Engine, you come up with new ideas to create and contribute to this amazing project.
Finally, don't forget that you can send me your questions and I'll do my best to help you out.

What this book covers
Chapter 1, Nmap Fundamentals, covers the most common tasks performed with Nmap.
Additionally, it briey introduces Ndiff, Nping, and Zenmap.
Chapter 2, Network Exploration, covers host discovery techniques supported by Nmap,
and other useful tricks with the Nmap Scripting Engine.
Chapter 3, Gathering Additional Host Information, covers interesting information gathering
tasks with Nmap and its scripting engine.
Chapter 4, Auditing Web Servers, covers tasks related to web security auditing.
www.it-ebooks.info
Preface
6
Chapter 5, Auditing Databases, covers security auditing tasks for MongoDB, MySQL, MS SQL,
and CouchDB databases.
Chapter 6, Auditing Mail Servers, covers tasks for IMAP, POP3, and SMTP servers.
Chapter 7, Scanning Large Networks, covers tasks that are useful when scanning large
networks ranging from scan optimization to distributing scans among several clients.
Chapter 8, Generating Scan Reports, covers the output options supported by Nmap.
Chapter 9, Writing Your Own NSE Scripts, covers the fundamentals of NSE development.
It includes specic examples for handling sockets, output, libraries, and parallelism.
Appendix, References, covers references and ofcial documentation used throughout
this book.
What you need for this book
You will need the latest version of Nmap (available from ) to follow the
recipes in this book.
Who this book is for
This book is for any security consultant, administrator, or enthusiast looking to learn
how to use and master Nmap and the Nmap Scripting Engine.
This book contains instructions on how to carry out various penetration
tests such as brute force password audits on remote networks and
devices. These tasks are likely to be illegal in your jurisdiction in many

circumstances, or at least count as a terms of service violation or
professional misconduct. The instructions are provided so that you can test
your system against threats, understand the nature of those threats, and
protect your own systems from similar attacks. Before following them make
sure you are on the correct side of the legal and ethical line use your
powers for good!
Conventions
In this book, you will nd a number of styles of text that distinguish between different kinds
of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "The ag -PS forces a TCP SYN ping scan."
www.it-ebooks.info
Preface
7
A block of code is set as follows:
table.insert(fingerprints, {
category='cms',
probes={
{path='/changelog.txt'},
{path='/tinymce/changelog.txt'},
},
matches={
{match='Version ( ) ', output='Version \\1'},
{output='Interesting, a changelog.'}
}
})
Any command-line input or output is written as follows:
$ nmap -sP -PS80,21,53 <target>
$ nmap -sP -PS1-1000 <target>
$ nmap -sP -PS80,100-1000 <target>
New terms and important words are shown in bold. Words that you see on the screen,

in menus or dialog boxes for example, appear in the text like this: "Click on OK to start
downloading your new working copy."
Warnings or important notes appear in a box like this.
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this
book—what you liked or may have disliked. Reader feedback is important for us to develop
titles that you really get the most out of.
To send us general feedback, simply send an e-mail to , and
mention the book title through the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or
contributing to a book, see our author guide on www.packtpub.com/authors.
www.it-ebooks.info
Preface
8
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help
you to get the most from your purchase.
Downloading the example code
You can download the example code les for all Packt books you have purchased from
your account at . If you purchased this book elsewhere,
you can visit and register to have the les
e-mailed directly to you.
Visit this book's website () for additional content and updates
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do
happen. If you nd a mistake in one of our books—maybe a mistake in the text or the code—
we would be grateful if you would report this to us. By doing so, you can save other readers
from frustration and help us improve subsequent versions of this book. If you nd any errata,
please report them by visiting selecting your book,

clicking on the errata submission form link, and entering the details of your errata. Once your
errata are veried, your submission will be accepted and the errata will be uploaded to our
website, or added to any list of existing errata, under the Errata section of that title.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At
Packt, we take the protection of our copyright and licenses very seriously. If you come
across any illegal copies of our works, in any form, on the Internet, please provide us
with the location address or website name immediately so that we can pursue a remedy.
Please contact us at with a link to the suspected
pirated material.
We appreciate your help in protecting our authors, and our ability to bring you
valuable content.
Questions
You can contact us at if you are having a problem with
any aspect of the book, and we will do our best to address it.
www.it-ebooks.info
1
Nmap Fundamentals
This chapter shows you how to do some things that in many situations might
be illegal, unethical, a violation of the terms of service, or just not a good
idea. It is provided here to give you information that may be of use to protect
yourself against threats and make your own system more secure. Before
following these instructions, be sure you are on the right side of the legal
and ethical line use your powers for good!
In this chapter we will cover:
f Downloading Nmap from the ofcial source code repository
f Compiling Nmap from source code
f Listing open ports on a remote host
f Fingerprinting services of a remote host
f Finding live hosts in your network

f Scanning using specic port ranges
f Running NSE scripts
f Scanning using a specied network interface
f Comparing scan results with Ndiff
f Managing multiple scanning proles with Zenmap
f Detecting NAT with Nping
f Monitoring servers remotely with Nmap and Ndiff
www.it-ebooks.info
Nmap Fundamentals
10
Introduction
Nmap (Network Mapper) is an open-source tool specialized in network exploration and
security auditing, originally published by Gordon "Fyodor" Lyon. The ofcial website
() describes it as follows:
Nmap (Network Mapper) is a free and open source (license) utility for network
discovery and security auditing. Many systems and network administrators also nd
it useful for tasks such as network inventory, managing service upgrade schedules,
and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to
determine what hosts are available on the network, what services (application name
and version) those hosts are offering, what operating systems (and OS versions)
they are running, what type of packet lters/rewalls are in use, and dozens of other
characteristics. It was designed to rapidly scan large networks, but works ne against
single hosts. Nmap runs on all major computer operating systems, and ofcial binary
packages are available for Linux, Windows, and Mac OS X.
There are many other port scanners out there, but none of them even comes close to
offering the exibility and advanced options of Nmap.
The Nmap Scripting Engine (NSE) has revolutionized the possibilities of a port scanner
by allowing users to write scripts that perform custom tasks using the host information
collected by Nmap.
Additionally, the Nmap Project includes other great tools:

f Zenmap: A graphical interface for Nmap
f Ndiff: A tool for scan result comparison
f Nping: An excellent tool for packet generation and trafc analysis
f Ncrack: An Nmap-compatible tool for brute forcing network logins
f Ncat: A debugging utility to read and write data across networks
Needless to say, it is essential that every security professional and network administrator
master this tool to conduct security assessments, monitor, and administer networks efciently.
This book contains instructions on how to carry out various penetration tests
such as brute force password audits on remote networks and devices. These
tasks are likely to be illegal in your jurisdiction in many circumstances, or at
least count as a terms of service violation or professional misconduct. The
instructions are provided so that you can test your system against threats,
understand the nature of those threats, and protect your own systems from
similar attacks. Before following them make sure you are on the correct side
of the legal and ethical line use your powers for good!
www.it-ebooks.info
Chapter 1
11
Nmap's community is very active, and new features are added every week. I encourage you to
always keep an updated copy in your arsenal, if you haven't done this already; and even better,
to subscribe to the development mailing list at />listinfo/nmap-dev
.
This chapter describes how to do some of the most common tasks with Nmap, including port
scanning and target enumeration. It also includes recipes that illustrate how handy Zenmap's
proles are, how to use Nping for NAT detection, and different applications of Ndiff, including
how to set up a remote monitoring system with some help of bash scripting and cron. I've added
as many reference links with additional material as possible; I recommend you visit them to
learn more about the inner workings of the advanced scanning techniques performed by Nmap.
I've also created the website
to post new, related material

and additional recipes, so make sure you stop by from time to time.
Downloading Nmap from the ofcial source
code repository
This section describes how to download Nmap's source code from the ofcial subversion
repository. By doing so, users can compile the latest version of Nmap and keep up with the
daily updates that are committed to the subversion repository.
Getting ready
Before continuing, you need to have a working Internet connection and access to a subversion
client. Unix-based platforms come with a command-line client called subversion (svn). To
check if its already installed in your system, just open a terminal and type:
$ svn
If it tells you that the command was not found, install svn using your favorite package
manager or build it from source code. The instructions for building svn from source code
are out of the scope of this book, but they are widely documented online. Use your favorite
search engine to nd specic instructions for your system.
If you would rather work with a graphical user interface, RapidSVN is a very popular,
cross-platform alternative. You can download and install RapidSVN from
/>How to do it
Open your terminal and enter the following command:
$ svn co username guest />www.it-ebooks.info
Nmap Fundamentals
12
Downloading the example code
You can download the example code les for all Packt books you have
purchased from your account at . If you
purchased this book elsewhere, you can visit ktpub.
com/support and register to have the les e-mailed directly to you.
Wait until svn downloads all the les stored in the repository. You should see the list of the
added les as it nishes, as shown in the following screenshot:
When the program returns/exits, you will have Nmap's source code in your current directory.

How it works
$ svn checkout
This command downloads a copy of the remote repository located at p.
org/nmap/
. This repository has world read access to the latest stable build, allowing svn
to download your local working copy.
There's more
If you are using RapidSVN then follow these steps:
1. Right-click on Bookmarks.
2. Click on Checkout New Working Copy.
3. Type in the URL eld.
4. Select your local working directory.
5. Click on OK to start downloading your new working copy.
www.it-ebooks.info
Chapter 1
13
Experimenting with development branches
If you want to try the latest creations of the development team, there is a folder named nmap-
exp
that contains different experimental branches of the project. Code stored there is not
guaranteed to work all the time, as the developers use it as a sandbox until it is ready to be
merged into the stable branch. The full subversion URL of this folder is p.
org/nmap-exp/
.
Keeping your source code up-to-date
To update a previously-downloaded copy of Nmap, use the following command inside your
working directory:
$ svn update
You should see the list of les that have been updated, as well as some revision information.
See also

f The Compiling Nmap from source code recipe
f The Listing open ports on a remote host recipe
f The Fingerprinting services of a remote host recipe
f The Running NSE scripts recipe
f The Comparing scan results with Ndiff recipe
f The Managing multiple scanning proles with Zenmap recipe
f The Generating a network topology graph with Zenmap recipe in Chapter 8,
Generating Scan Reports
f The Saving scan results in normal format recipe in Chapter 8, Generating Scan Reports
www.it-ebooks.info
Nmap Fundamentals
14
Compiling Nmap from source code
Precompiled packages always take time to prepare and test, causing delays between
releases. If you want to stay up-to-date with the latest additions, compiling Nmap's source
code is highly recommended.
This recipe describes how to compile Nmap's source code in the Unix environment.
Getting ready
Make sure the following packages are installed in your system:
f gcc
f openssl
f make
Install the missing software using your favorite package manager or build it from source code.
Instructions to build these packages from source code are out of the scope of this book but
are available online.
How to do it
1. Open your terminal and go into the directory where Nmap's source code is stored.
2. Congure it according to your system:
$ ./configure
An ASCII dragon warning you about the power of Nmap will be displayed

(as shown in the following screenshot) if successful, otherwise lines specifying
an error will be displayed.
www.it-ebooks.info
Chapter 1
15
3. Build Nmap using the following command:
$ make
If you don't see any errors, you have built the latest version of Nmap successfully.
You can check this by looking for the compiled binary Nmap in your current directory.
If you want to make Nmap available for all the users in the system, enter the
following command:
# make install
How it works
We used the script configure to set up the different parameters and environmental
variables affecting your system and desired conguration. Afterwards, GNUs make
generated the binary les by compiling the source code.
www.it-ebooks.info
Nmap Fundamentals
16
There's more
If you only need the Nmap binary, you can use the following congure directives to avoid
installing Ndiff, Nping, and Zenmap:
f Skip the installation of Ndiff by using without-ndiff
f Skip the installation of Zenmap by using without-zenmap
f Skip the installation of Nping by using without-nping
OpenSSL development libraries
OpenSSL is optional when building Nmap. Enabling it allows Nmap to access the functions
of this library related to multiprecision integers, hashing, and encoding/decoding for service
detection and Nmap NSE scripts.
The name of the OpenSSL development package in Debian systems is libssl-dev.

Congure directives
There are several congure directives that can be used when building Nmap. For a complete
list of directives, use the following command:
$ ./configure help
Precompiled packages
There are several precompiled packages available online ( />html
) for those who don't have access to a compiler, but unfortunately, it's very likely you
will be missing features unless its a very recent build. Nmap is continuously evolving. If you
are serious about harnessing the power of Nmap, keep your local copy up-to-date with the
ofcial repository.
See also
f The Downloading Nmap from the ofcial source code repository recipe
f The Listing open ports on a remote host recipe
f The Fingerprinting services of a remote host recipe
f The Comparing scan results with Ndiff recipe
f The Managing multiple scanning proles with Zenmap recipe
f The Running NSE scripts recipe
f The Scanning using a specied network interface recipe
f The Saving scan results in normal format recipe in Chapter 8, Generating
Scan Reports
f The Generating a network topology graph with Zenmap recipe in Chapter 8,
Generating Scan Reports
www.it-ebooks.info