Nmap ("Network Mapper") is a reconnaissance utility (or footprinting tool) which you use to discover hosts and services on a computer network by sending packets and analyzing the responses. The general premise is to probe as many listeners as possible, and then keep track of the responses that are useful.
Nmap is available on all popular operating systems (Linux, Windows, and Mac) and comes pre-installed on Kali Linux, BlackArch, and Parrot OS.
Nmap is a very noisy scanner by default. It can be easily detected by firewalls and servers. (Though it can be a loud as you want it to be.) Please be sure that you have written permission to scan your intended targets.
Nmap provides a site which you may use to test your Nmap installation, or port scanners: scanme.nmap.org
nmap --help to see a list of commands and options you can use with nmap.
nmap -v -A scanme.nmpa.org
-v: is for verbose output. It'll tell you everything it's doing.
-A: enables OS detection, script scanning, and traceroute.
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
-sn: Nmap will scan a range of IP addresses.
Note: the example addresses are from the private network space. They're commonly used for local area networks (LANs) in home, office, and enterprise spaces.
Most IP blocks are allocated and assigned for internet providers and hosting companies based upon country. This makes it easy to whitelist and blacklist IP ranges. Look up major IP blocks by country for more information.
On Unix-like operating systems, the
whois command is a client for the WHOIS directory service. Most versions of whois try to guess the right server to ask for the specified object. If nothing is found, whois will connect to
whois.networksolutions.com for NIC handles, or
whois.arin.net for IPv4.
Use whois on the scanme nmap site.
If you do not have
whois on your local machine, searching
whois scanme.nmap.org into your search engine will often get you the results you want (though they can be stale).
Nslookup is a utility to query DNS servers for resource records. To use nslookup, you must have
dnsutils installed. It is often pre-installed on Unix-like and Windows operating systems. Running nslookup will allow you to get the IP address or name of the machine or server.
Look up the scanme nmap site.
nslookup scanme.nmap.org >> nsresults.txt
Save the scan results to a local text file for later parsing.
And that is the tip of the iceberg.