🛠️ 5 Essential Nmap Commands Every Beginner Bug Bounty Hunter Must Know
A complete beginner’s guide to using Nmap for ethical hacking and recon
🚀 Introduction
If you’re starting out in cybersecurity — especially in bug bounty hunting or penetration testing — Nmap is one of the first tools you should master. Whether you’re scanning for open ports, fingerprinting operating systems, or discovering hidden services, Nmap helps you get the recon right.
This guide is designed for complete beginners. No previous Nmap experience required!
🧠What you’ll learn: How to install Nmap, run your first scans, avoid common mistakes, and understand what the results mean — all with practical examples.
🔍 What is Nmap?
Nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. It’s a standard utility for ethical hackers, sysadmins, and bug bounty hunters. With Nmap, you can:
- Discover hosts on a network
- Identify open ports and running services
- Detect OS versions and software details
- Run custom security scripts
Nmap is powerful — but learning the basics is easy.
đź’» Installing Nmap (Linux, Windows, Mac)
- Linux:
sudo apt install nmap - macOS:
brew install nmap - Windows: Use the installer provided on the official site.
5 Nmap Commands Every Beginner Should Know
These commands form the core toolkit for any recon operation.
1. Scan a Single Target :
nmap 10.129.244.137What it does: Performs a basic ping and port scan on the target IP.
Use it when: You want to quickly check if a machine is up and what ports are open.
2. Scan a Range of IPs :
nmap 10.129.244.137-140 What it does: Scans from 10.129.244.137 through 10.129.244.140.
Use it when: You’re on a local network and want to identify active hosts.
3. Service and Version Detection :
nmap -sV -Pn 10.10.151.163What it does: Attempts to determine the software and version of services running on each open port.
Use it when: You need more detail on what’s behind an open port — like whether port 80 is Apache, Nginx, or something custom.
4. Detect the Operating System :
sudo nmap -O 10.129.244.137What it does: Tries to identify the OS using TCP/IP fingerprinting.
Note: OS detection often requires root/admin access.
5. Run an Aggressive Scan :
sudo nmap -A 10.129.244.137What it does: Combines service detection (-sV), OS detection (-O), traceroute, and NSE scripts.
Use it when: You want a full scan with maximum detail. Ideal for bug bounty recon — but use with caution to avoid detection.
🧠Pro Tips for Smarter Scans
Speed up scans with -T4 (timing option):
nmap -T4 -A 192.168.1.1Scan hosts even if they block ping:
nmap -Pn 192.168.1.1️ Use NSE scripts for automation:
nmap --script vuln 192.168.1.1đź“š Want to Go Further?
Here are some solid resources to deepen your Nmap skills:
Nmap official documentation: https://nmap.org/book/man.html
Cheat Sheet: https://www.stationx.net/nmap-cheat-sheet/
Practice labs:
In a Nutshell mastering Nmap isn’t just about memorizing commands or copying scan syntax. It’s about developing an understanding of the networks you’re probing, the tools you’re using, and the responsibility you carry as a cybersecurity professional.
As you grow, you’ll learn that Nmap works best when used alongside other tools like Wireshark, Metasploit, or Burp Suite, forming a full recon and exploitation workflow.
🧠Stay curious. Stay ethical. Keep learning.
These three principles will not only help you use Nmap more effectively, but also shape your journey from beginner to pro-level operator.
Whether you’re chasing flags, reporting bugs, or hardening systems — let Nmap be your compass.
