Nmap has maintained its primacy thanks to the large community of developers and programmers who maintain and update it. The Nmap community reports that the tool, which anyone can use for free, is downloaded thousands of times each week.
The last major update was Nmap 7.90 in October 2020, which included 70+ bug fixes and improvements, as well as various build system upgrades and code quality improvements.
What is Zenmap?
Originally, to use Nmap, users had to have advanced programming skills or at least be familiar with console commands or non-graphical user interfaces. That all changed recently with the introduction of the Zenmap tool for Nmap, which adds a graphical interface that makes launching the program and analyzing the returned data it produces much more accessible.
Here are some of the features that Zenmap offers:
Frequently used scans can be saved as profiles so they can be easily run repeatedly. A command builder allows Nmap command lines to be created interactively. Scan results can be saved and viewed later. Saved scan results can be compared to see how they differ. And the results of recent scans can be stored in a searchable database.
This is how Nmap became a star
The tool was originally developed by Gordon Lyon in the C++ computer language. He published the tool through Phrack Magazine under the pseudonym Fyodor Vaskovitch, which he acquired after reading Fyodor Dostoyevsky's Notes from the Cellar Hole. Although everyone now knows who Lyon is, he still uses the name Fyodor to identify his work in the to mark the Nmap community.
Nmap has been featured in thrillers set in modern times such as Ocean's 8, Die Hard 4, and Infatuation. Although the tool is 25 years old, according to Hollywood, it will be used long into the future, even in a dystopian future. Because Nmap can also be seen in Matrix Reloaded, Dredd, Fantastic Four and Elysium.
The developer community that maintains Nmap, and Lyon itself, have issued an open invitation to directors and writers to offer technical advice to help make Nmap-featured films a little more realistic. They also maintain an active and ever-growing filmography about the tool.
One of the reasons Nmap features in so many movies is its ability to uncover unknown information about computer networks, which means it's a great tool for hackers. Ironically, it was designed to help administrators map, protect, and defend their networks, but it's powerful enough that it can also be used by the bad guys for reconnaissance, to gather information about the networks they use for monitor their activities.
How does Nmap work?
The core of Nmap is port scanning. It works by having users provide a list of targets on a network about which they want information. Users don't need to identify specific targets, which is good because most administrators don't have a complete view of everything using the potentially thousands of ports on their network. Instead, they assemble a set of ports to be scanned.
It is also possible to scan all network ports, but this would take a lot of time and use a lot of available bandwidth. Also, depending on the type of passive protections deployed on the network, such an extensive port scan would likely trigger security alerts. As such, most people use Nmap in more limited deployments or split different sections of their network to scan them one at a time.
Not only can users specify a range of targets to scan, but they can also control the depth of each scan. For example, a simple or limited scan could provide information about which ports are open and which have been closed by firewall settings. More detailed scans could also gather information about what kind of devices are using those ports, what operating systems they are running, and even what services are running on them. Nmap can also determine deeper information such as the version of the discovered services. This makes it a perfect tool for finding vulnerabilities or supporting patch management measures.
Until now, controlling the scans required console commands, which of course required a certain amount of training. But with the new Zenmap graphical interface, anyone can tell Nmap what to discover, with or without training. In the meantime, pros can still use the console commands they've always used, making it a useful tool for experts and beginners alike.
Is Nmap a security risk?
While one could argue that Nmap is a perfect hacking tool, many of the deeper scanning activities require root access and privileges. Someone on the outside can't just point Nmap at a target network they don't have access to and have it magically uncover vulnerabilities that they can then exploit. Not only that, the attempt would likely trigger a critical security alert from any defense or network monitoring tools.
That's not to say that Nmap couldn't be dangerous in the wrong hands, especially when deployed by someone using stolen credentials.
What does Nmap do?
When used properly, Nmap can be invaluable for optimizing and protecting networks and information. All data sent back from the ports scanned with Nmap is collected and compiled by the program. Based on this information, there are several key activities that most users use the tool for. This includes:
Network Mapping: This is the main reason why Nmap was developed and remains one of the most important applications. With so-called host detection, Nmap identifies the device types that are actively using the scanned ports. This includes servers, routers, switches and other devices. Users can also see how these devices are connected and how they form a network.
Port rule detection: Nmap can easily determine if a port is open or closed through something like a firewall, even with a low-level scan. Many IT professionals use Nmap to verify their own firewall programming work. They can see if their policies are having the desired effect and if their firewalls are working properly.
Chasing shadow IT: Because Nmap determines the type and location of devices on a network, it can be used to identify things that shouldn't be there. These devices are referred to as shadow IT because their presence on a network is not officially approved, or sometimes even hidden on purpose. Shadow IT can be dangerous because such devices are not part of a security audit or program. For example, if someone secretly places an Xbox game server on a corporate network, it can not only tax bandwidth, but also serve as a springboard for an attack, especially if it's not maintained with the latest security patches.
Operating system detection: Nmap can identify the types of operating systems running on discovered devices in a process called OS fingerprinting. This generally provides information about the device manufacturer's name (Dell, HP, etc.) and the operating system. With a deeper Nmap scan, you can even find out things like the operating system patch level and the estimated uptime of the device.
Service Discovery: The ability to discover services takes Nmap beyond the level of an ordinary mapping tool. Rather than simply determining that a device exists, users can trigger a more in-depth scan to find out what capabilities discovered devices perform. This includes determining whether they act as a mail server, web server, database repository, storage device, or almost anything else. Depending on the scan, Nmap can also report which specific applications are running and what version of those applications are being used.
What is the future of Nmap?
Although the Nmap tool is 25 years old, it is constantly evolving. Like other seemingly age-old technologies like Ethernet or Spanning Tree, it is maintained by an active community of experts who keep it relevant and up to date. And in the case of Nmap, that community includes its very active creator, who still goes by the name Fyodor online.
Other advancements like the new Zenmap tool make it even more useful, especially for those who don't like working with consoles or command lines. Zenmap's graphical interface allows users to set up desired targets and configure scans with just a few clicks. This will help Nmap find an even larger user base.
Finally, while there are many other tools available today that offer similar functionality, none of them have the proven track record of Nmap. Also, Nmap has always been completely free. Based on all of these factors, it's almost a certainty that Nmap will be just as useful and relevant over the next 25 years as it has been over the past quarter century.