Nmap (Network Mapper) is a powerful Information Gathering tool used to scan target IPs. It provides critical data such as Port Specification, Services, Operating System Detection, and Scripting Engine (NSE) results. Identifying these vulnerabilities is the first step in the technical phase of a security audit.
To scan a specific IP address, use the following command:
nmap 192.168.1.1Example of the scan output:
Starting Nmap 7.91 ( https://nmap.org ) at 2026-03-28 15:00 IST
Nmap scan report for 192.168.1.1
Host is up (0.0030s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 2.01 secondsScanning Techniques:
-sP : Perform a ping scan to discover live hosts.-sT : TCP Connect Scan (completes the 3-way handshake).-sS : SYN Scan (Stealth scan, half-open).-sU : UDP Scan.Detection & Aggression:
-sV : Probe open ports to determine service/version info.-O : Enable Operating System detection.-A : Aggressive scan (Includes OS detection, versioning, and default scripts).-T<0-5> : Set timing (0 for paranoid/slow, 5 for insane/fast).Firewall Evasion:
--fragment : Fragment packets to evade simple firewalls.--data-length <size> : Append random data to packets.Output Options:
-oN <file> : Save results in Normal format.-oX <file> : Save results in XML format.-oG <file> : Save results in Grepable format.Pro-Tip: Always perform passive reconnaissance (collecting public domain names and employee details) before running active scans to remain undetected for as long as possible.