In [1]:
pip install python-nmap


Note: you may need to restart the kernel to use updated packages.


## 1. Write the Python NMAP script to scan a target.

In [2]:
import nmap

def basic_nmap_scan(target):
    nm = nmap.PortScanner()
    nm.scan(hosts=target)  

    for host in nm.all_hosts():
        print('----------------------------------------------------')
        print(f'Host : {host} ({nm[host].hostname()})')
        print('State : %s' % nm[host].state())

        for proto in nm[host].all_protocols():
            print('----------')
            print(f'Protocol : {proto}')

            lport = nm[host][proto].keys()
            sorted_ports = sorted(lport)
            for port in sorted_ports:
                print(f'port : {port}\tstate : {nm[host][proto][port]["state"]}\tservice : {nm[host][proto][port]["name"]}')

if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    basic_nmap_scan(target)


Enter target IP address or hostname:  scanme.nmap.org


----------------------------------------------------
Host : 45.33.32.156 (scanme.nmap.org)
State : up
----------
Protocol : tcp
port : 22	state : open	service : ssh
port : 80	state : open	service : http
port : 139	state : filtered	service : netbios-ssn
port : 445	state : filtered	service : microsoft-ds
port : 9929	state : open	service : nping-echo
port : 31337	state : open	service : tcpwrapped


## 2. Write the Python NMAP script to perform ping scan on a target.

In [1]:
import nmap

def ping_scan(target):
    nm = nmap.PortScanner()
    nm.scan(hosts=target, arguments='-sP')  # -sP for ping scan

    hosts_list = [(x, nm[x]['status']['state']) for x in nm.all_hosts()]

    print("Hosts found:")
    for host, status in hosts_list:
        print(f"Host: {host}\tStatus: {status}")

if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    ping_scan(target)


Enter target IP address or hostname:  scanme.nmap.org


Hosts found:
Host: 45.33.32.156	Status: up


## 3. Write the Python NMAP script to perform no ping scan on a target.

In [1]:
import nmap

def ping_scan(target):
    nm = nmap.PortScanner()
    nm.scan(hosts=target, arguments='-sn')  # -sn for ping scan only

    for host in nm.all_hosts():
        print('----------------------------------------------------')
        print(f'Host : {host} ({nm[host].hostname()})')
        print('State : %s' % nm[host].state())

if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    ping_scan(target)


Enter target IP address or hostname:  scanme.nmap.org


----------------------------------------------------
Host : 45.33.32.156 (scanme.nmap.org)
State : up


## 4. Write the Python NMAP script to perform scan on specific ports a target.

In [2]:
import nmap

def nmap_port_scan(target, port_numbers):
    nm = nmap.PortScanner()
    port_range = ','.join(str(port) for port in port_numbers)
    nm.scan(hosts=target, arguments=f'-p {port_range}')

    for host in nm.all_hosts():
        print('----------------------------------------------------')
        print(f'Host : {host} ({nm[host].hostname()})')
        print('State : %s' % nm[host].state())

        for proto in nm[host].all_protocols():
            print('----------')
            print(f'Protocol : {proto}')

            lport = nm[host][proto].keys()
            sorted_ports = sorted(lport)
            for port in sorted_ports:
                print(f'port : {port}\tstate : {nm[host][proto][port]["state"]}\tservice : {nm[host][proto][port]["name"]}')

if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    ports = input("Enter port numbers (separated by commas): ").split(',')
    port_numbers = [int(port.strip()) for port in ports]
    nmap_port_scan(target, port_numbers)


Enter target IP address or hostname:  scanme.nmap.org
Enter port numbers (separated by commas):  80,443


----------------------------------------------------
Host : 45.33.32.156 (scanme.nmap.org)
State : up
----------
Protocol : tcp
port : 80	state : open	service : http
port : 443	state : closed	service : https


## 6. Write the Python NMAP script to perform scan the most common 100 ports.

In [3]:
import nmap
def fast_nmap_scan(target):
    nm = nmap.PortScanner()
    nm.scan(hosts=target, arguments='-F') # -F for fast scan
    for host in nm.all_hosts():
        print('----------------------------------------------------')
        print(f'Host : {host} ({nm[host].hostname()})')
        print('State : %s' % nm[host].state())
        for proto in nm[host].all_protocols():
            print('----------')
            print(f'Protocol : {proto}')
            lport = nm[host][proto].keys()
            sorted_ports = sorted(lport)
            for port in sorted_ports:
                print(f'port : {port}\tstate :{nm[host][proto][port]["state"]}\tservice : {nm[host][proto][port]["name"]}')
if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    fast_nmap_scan(target)

Enter target IP address or hostname:  scanme.nmap.org


----------------------------------------------------
Host : 45.33.32.156 (scanme.nmap.org)
State : up
----------
Protocol : tcp
port : 22	state :open	service : ssh
port : 80	state :open	service : http
port : 139	state :filtered	service : netbios-ssn
port : 445	state :filtered	service : microsoft-ds


## Python code used to scan all 65,535 ports on the target host.

In [1]:
import nmap
def full_port_scan(target):
    nm = nmap.PortScanner()
    nm.scan(hosts=target, arguments='-p-') # -p- to scan all 65535 ports
    for host in nm.all_hosts():
        print('----------------------------------------------------')
        print(f'Host : {host} ({nm[host].hostname()})')
        print('State : %s' % nm[host].state())
        for proto in nm[host].all_protocols():
            print('----------')
            print(f'Protocol : {proto}')
            lport = nm[host][proto].keys()
            sorted_ports = sorted(lport)
            for port in sorted_ports:
                print(f'port : {port}\tstate :{nm[host][proto][port]["state"]}\tservice : {nm[host][proto][port]["name"]}')
if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    full_port_scan(target)

Enter target IP address or hostname:  google.com


----------------------------------------------------
Host : 172.217.166.46 (google.com)
State : up
----------
Protocol : tcp
port : 80	state :open	service : http
port : 443	state :open	service : https


## 7. Write the Python NMAP script to perform scan to identify the services running and
their versions.

In [3]:
import nmap

def nmap_version_scan(target):
    nm = nmap.PortScanner()
    nm.scan(hosts=target, arguments='-sV') # -sV for version detection
    for host in nm.all_hosts():
        print('----------------------------------------------------')
        print(f'Host : {host} ({nm[host].hostname()})')
        print('State : %s' % nm[host].state())
        for proto in nm[host].all_protocols():
            print('----------')
            print(f'Protocol : {proto}')
            lport = nm[host][proto].keys()
            sorted_ports = sorted(lport)
            for port in sorted_ports:
                print(f'port : {port}\tstate :{nm[host][proto][port]["state"]}\tservice :{nm[host][proto][port]["name"]}\tversion :{nm[host][proto][port]["product"]} {nm[host][proto][port]["version"]}')
if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    nmap_version_scan(target)

Enter target IP address or hostname:  scanme.nmap.org


----------------------------------------------------
Host : 45.33.32.156 (scanme.nmap.org)
State : up
----------
Protocol : tcp
port : 22	state :open	service :ssh	version :OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13
port : 80	state :open	service :http	version : 
port : 139	state :filtered	service :netbios-ssn	version : 
port : 445	state :filtered	service :microsoft-ds	version : 
port : 9929	state :open	service :nping-echo	version :Nping echo 
port : 31337	state :open	service :tcpwrapped	version : 


## 8. Write the Python NMAP script to perform aggressive scanning.

In [4]:
import nmap

def comprehensive_nmap_scan(target):
    nm = nmap.PortScanner()
    nm.scan(hosts=target, arguments='-A') # -A for aggressive scan
    for host in nm.all_hosts():
        print('----------------------------------------------------')
        print(f'Host : {host} ({nm[host].hostname()})')
        print('State : %s' % nm[host].state())
        for proto in nm[host].all_protocols():
            print('----------')
            print(f'Protocol : {proto}')
            lport = nm[host][proto].keys()
            sorted_ports = sorted(lport)
            for port in sorted_ports:
                print(f'port : {port}\tstate :{nm[host][proto][port]["state"]}\tservice : {nm[host][proto][port]["name"]}')
        if 'osmatch' in nm[host]:
            print('\nOS details:')
            for osclass in nm[host]['osmatch']:
                print(f"{'Name:':<10} {osclass['name']}")
                print(f"{'Accuracy:':<10} {osclass['accuracy']}")
                print(f"{'OS gen:':<10} {osclass.get('osgen', 'N/A')}")
                print(f"{'Vendor:':<10} {osclass.get('vendor', 'N/A')}")
                print()
if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    comprehensive_nmap_scan(target)

Enter target IP address or hostname:  scanme.nmap.org


----------------------------------------------------
Host : 45.33.32.156 (scanme.nmap.org)
State : up
----------
Protocol : tcp
port : 22	state :open	service : ssh
port : 80	state :open	service : http
port : 139	state :filtered	service : netbios-ssn
port : 445	state :filtered	service : microsoft-ds
port : 9929	state :open	service : nping-echo
port : 31337	state :open	service : tcpwrapped

OS details:
Name:      Linux 4.19 - 5.15
Accuracy:  98
OS gen:    N/A
Vendor:    N/A

Name:      Linux 2.6.32
Accuracy:  94
OS gen:    N/A
Vendor:    N/A

Name:      Linux 2.6.32 or 3.10
Accuracy:  94
OS gen:    N/A
Vendor:    N/A

Name:      Linux 4.0 - 4.4
Accuracy:  94
OS gen:    N/A
Vendor:    N/A

Name:      Linux 4.15
Accuracy:  94
OS gen:    N/A
Vendor:    N/A

Name:      Linux 5.4
Accuracy:  94
OS gen:    N/A
Vendor:    N/A

Name:      IPFire 2.27 (Linux 5.15 - 6.1)
Accuracy:  94
OS gen:    N/A
Vendor:    N/A

Name:      Linux 2.6.32 - 2.6.35
Accuracy:  92
OS gen:    N/A
Vendor:    N/A

Name: 

## 9. Write the Python NMAP script to determine the operating system of the target host.


In [5]:
import nmap
def os_detection_scan(target):
    nm = nmap.PortScanner()
    nm.scan(hosts=target, arguments='-O') # -O for OS detection
    for host in nm.all_hosts():
        print('----------------------------------------------------')
        print(f'Host : {host} ({nm[host].hostname()})')
        print('State : %s' % nm[host].state())
        if 'osclass' in nm[host]:
            print('Operating System Guesses:')
            for osclass in nm[host]['osclass']:
                print(f' {osclass["osfamily"]} - {osclass["osgen"]}')
        else:
            print('No OS detection results available for this host.')
if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    os_detection_scan(target)

Enter target IP address or hostname:  scanme.nmap.org


----------------------------------------------------
Host : 45.33.32.156 (scanme.nmap.org)
State : up
No OS detection results available for this host.


## 10.Write the Python NMAP script to save the results of the nmap scan report in normal format to a text file.


In [9]:
import nmap
def nmap_scan_output_to_file(target, output_file):
    nm = nmap.PortScanner()
    nm.scan(hosts=target, arguments='-oN {}'.format(output_file))
if __name__ == "__main__":
    target = input("Enter target IP address or hostname: ")
    output_file = input("Enter output file name (e.g., output.txt): ")
    nmap_scan_output_to_file(target, output_file)

Enter target IP address or hostname:  scanme.nmap.org
Enter output file name (e.g., output.txt):  report.txt


## 11.Write the Python NMAP script to save the results in all formats.

In [13]:
import subprocess

def save_nmap_all_formats(target, filename):
 
  normal_file = f"{filename}.nmap"
  xml_file = f"{filename}.xml"
  grepable_file = f"{filename}.gnmap"

  normal_scan = f"nmap -oN {normal_file} {target}"
  xml_scan = f"nmap -oX {xml_file} {target}"
  grepable_scan = f"nmap -oG {grepable_file} {target}"

  subprocess.run(normal_scan.split(), check=True)
  subprocess.run(xml_scan.split(), check=True)
  subprocess.run(grepable_scan.split(), check=True)

  print(f"Nmap scan results saved to: \n  - Normal: {normal_file} \n  - XML: {xml_file} \n  - Grepable: {grepable_file}")

# Example usage
target = input("Enter target IP address or hostname: ")
output_filename = "scan_results"

save_nmap_all_formats(target, output_filename)


Enter target IP address or hostname:  scanme.nmap.org


Nmap scan results saved to: 
  - Normal: scan_results.nmap 
  - XML: scan_results.xml 
  - Grepable: scan_results.gnmap
