β–ˆβ–ˆFRβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ β–ˆINTELLβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ•΅οΈβ€β™‚οΈ Nmap & Vulnerability Analysis – A Beginner’s Guide by Gh0stSh3ll πŸ‘»


This content originally appeared on DEV Community and was authored by Sriram Bharath

If you want to step into the world of Ethical Hacking & Cybersecurity, one tool you’ll hear about everywhere is Nmap.

Think of Nmap as your flashlight in the dark internet city 🏙 β€” it shows you which doors (ports) are open, which services are running, and where attackers might sneak in.

In this blog, we’ll break it down in a super simple way so even beginners can follow. 🚀

🌐 What is Nmap?

  • Nmap (Network Mapper) is a free, open-source tool for:
    • Discovering hosts on a network
    • Finding open ports
    • Identifying services & versions
    • Guessing operating systems
  • Used by both defenders (blue team) and attackers (red team).

👉 In short: It tells you what’s alive, what’s open, and what’s running.

🔥 Common Nmap Scans

Here’s a quick list of Nmap scans you must know:

  • SYN Scan (Stealthy)

    nmap -sS <target_ip>

    Sends a SYN packet to test if a port is open without completing the handshake.

    ✅ Fast, sneaky, and widely used.

  • TCP Connect Scan

    nmap -sT <target_ip>

    Completes the full handshake.

    ❌ Easier to detect in logs.

  • UDP Scan

    nmap -sU <target_ip>

    Useful for finding services like DNS, SNMP, DHCP.

    ❗ Slower, since UDP doesn’t do handshakes.

  • Version Detection

    nmap -sV <target_ip>

    Reveals software version β†’ critical for vuln checks.

  • Aggressive Scan (All-in-One)

    nmap -A <target_ip>

    Does OS detection, version detection, scripts, and traceroute.

    ⚠ Noisy, don’t use in stealth ops.

  • OS Detection

    nmap -O <target_ip>

    Tries to guess the operating system.

  • Full Port Scan

    nmap -p- <target_ip>

    Scans all 65535 ports. Takes time but finds everything.

  • Host Discovery

    nmap -sn <target_range>

    Pings a whole range to find which machines are alive.

🧠 Why Nmap Alone Isn’t Enough

Okay, so you found some open ports β€” but what next?

This is where Vulnerability Analysis comes in.

Think of it like this:

  • Nmap tells you which doors are open 🚪
  • Vulnerability Analysis tells you if those doors have weak locks 🔑

🛠 Nmap Scripting Engine (NSE)

Nmap has a built-in scripting engine to go beyond simple scans.

These scripts check for vulnerabilities, misconfigurations, and weak services.

Examples:

  • Auth Scripts (check for weak logins)

    nmap --script auth <target_ip> -sS

  • Malware Scripts (look for backdoors/trojans)

    nmap --script malware <target_ip> -sS

  • Banner Grabbing (collects service info)

    nmap --script banner <target_ip> -sS

👉 These scripts give more context about what’s running and whether it’s dangerous.

🔍 Vulnerability Analysis Basics

After finding open ports, we ask:

  • Is the software outdated?
  • Are there known exploits for it?
  • Are there misconfigurations (like anonymous FTP login)?

Some key tools alongside Nmap:

  • Nikto β†’ Web vulnerability scanner
  • OpenVAS β†’ Full vulnerability scanning
  • Burp Suite β†’ Web app testing

🧩 Final Thoughts

Nmap is just the starting point of any pentest or vulnerability assessment.

  • It maps out the terrain 🌍
  • Vulnerability Analysis tells you where the cracks are ⚡

Mastering both is essential if you want to become a Cybersecurity Expert or Ethical Hacker.

✍ Note from me:

I learned these fundamentals of Nmap & Vulnerability Analysis through the

👉 Complete Ethical Hacker Bootcamp by Zero To Mastery (ZTM).

It’s been super fun turning what I studied into this beginner-friendly guide. 🚀

Stay curious, keep scanning, and remember β€” with great power comes great responsibility. 🕷 – GhostSh3ll


This content originally appeared on DEV Community and was authored by Sriram Bharath