# Fireup Nmap

If you did not install Nmap yet, you can install it by entering the following command in your terminal session.

```
sudo apt-get install nmap
```

If you want to install the Python library for Nmap, then use the following
```
pip install python-nmap
```

In [10]:
import nmap
import os

# What is Nmap?
Nmap is a tool that you can use to scan a network or a device. You can scan your entire home network to see if your silly neighbor is using your network. :) You can also scan servers, routers or actual devices. You can scan a server to see what services are running such as FTP,MySQL or HTTP etc. and what ports are open, filtered or closed. 

## Let's get started with some hands on practices

In [16]:
# Equivelant terminal command would be
# nmap google.com
# Here is the python code
nmapScanner = nmap.PortScanner()
host = "nmap.org"
nmapScanner.scan(hosts=host)
hostsList = [(x, nmapScanner[x]['status']['state']) for x in nmapScanner.all_hosts()]

for host, status in hostsList:
    print('{0}:{1}'.format(host, status))
for protocol in nmapScanner[host].all_protocols():
    print('----------')
    print('Protocol : %s' % protocol)
 
    lport = nmapScanner[host][protocol].keys()
    lport.sort()
    for port in lport:
        print ('port : %s\tstate : %s' % (port, nmapScanner[host][protocol][port]['state']))

45.33.49.119:up
----------
Protocol : tcp
port : 22	state : open
port : 25	state : open
port : 70	state : closed
port : 80	state : open
port : 113	state : closed
port : 443	state : open
port : 31337	state : closed


In the example above, Nmap did hit up to the dns server and translated it into an ip address for us
We could also scan with the IP address as follows
~~~
nmap 45.33.49.119
~~~
## Terms
- Open: Means that the port is active and open to connections
- Closed: Means that most likely there are no services running
- Filtered: Means that the service is protected by a firewall

# Scanning Multiple Targets

In [20]:
# You can scan multiple targets at once as well. 
# Below the ip addresses are the devices that are in my network
# nmap 10.100.6.10 10.100.6.19 10.100.6.25
# Python equivelant code is
host = "10.100.6.47 10.100.6.52 10.100.6.53"
nmapScanner.scan(hosts=host)
hostsList = [(x, nmapScanner[x]['status']['state']) for x in nmapScanner.all_hosts()]

for host, status in hostsList:
    print('{0}:{1}'.format(host, status))
for protocol in nmapScanner[host].all_protocols():
    print('----------')
    print('Protocol : %s' % protocol)
 
    lport = nmapScanner[host][protocol].keys()
    lport.sort()
    for port in lport:
        print ('port : %s\tstate : %s' % (port, nmapScanner[host][protocol][port]['state']))

10.100.6.47:up
10.100.6.52:up
10.100.6.53:up
----------
Protocol : tcp
port : 62078	state : open


**You'll actually have more detailed output when you use the nmap from commandline. You can also run terminal commands in python via os library.**
~~~
os.system("nmap 10.100.6.47 10.100.6.52 10.100.6.53")
~~~

**You can also specify an ip range**
~~~
os.system("nmap 10.100.6.1-30")
~~~
**In order to scan the entire subnet you can use the following**
~~~
os.system("nmap 10.100.6.*")
~~~
or
~~~
os.system("nmap 10.100.6.0/24")
~~~

**If you have a file consists of ip addresses, you can use it to scan a target as well.
Let's say you have a file called targets.txt. You can launch a scan with the following command**
~~~
nmap -iL targets.txt 
~~~
**-iL stands for input List**