Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database. Here, we will take a brief look at some of the functionalities of the Zenmap interface.
Begin Zenmap by typing zenmap in a terminal or by clicking the Zenmap icon in the desktop environment. The main window is shown below:
One of Zenmap’s goals is to make security scanning easy for beginners and for experts. Running a scan is as simple as typing the target in the “Target” field, selecting the “Intense scan” profile, and clicking the “Scan” button. This is shown below:
While a scan is running (and after it completes), the output of the Nmap command is shown on the screen.
Any number of targets, separated by spaces, may be entered in the target field. All the target specifications supported by Nmap are also supported by Zenmap, so targets such as 192.168.0.0/24 and 10.0.0-5.* work. Zenmap remembers the targets scanned most recently. To re-scan a host, select the host from the combo box attached to the “Target” text field.
The “Intense scan” is just one of several scan profiles that come with Zenmap. Choose a profile by selecting it from the “Profile” combo box. Profiles exist for several common scans. After selecting a profile the Nmap command line associated with it is displayed on the screen. Of course, it is possible to edit these profiles or create new ones. This is covered in the section called “The Profile Editor”.
It is also possible to type in an Nmap command and have it executed without using a profile. Just type in the command and press return or click “Scan”. When you do this the “Profile” entry becomes blank to indicate that the scan is not using any profile—it comes directly from the command field.
Zenmap has the ability to combine the results of many Nmap scans into one view, a feature known as scan aggregation. When one scan is finished, you may start another in the same window. When the second scan is finished, its results are merged with those from the first. The collection of scans that make up an aggregated view is called a network inventory.
An example of aggregation will make the concept clearer. Let’s run a quick scan against scanme.nmap.org.
Now do the same against localhost:
Now results for both scanme and localhost are shown. This is something you could have done with one Nmap scan, giving both targets, although it’s convenient not to have to think of all the targets in advance. Now suppose we want some more information about scanme, so we launch an intense scan on it.
Now scanme has a little penguin icon showing that its operating system has been detected as Linux. Additionally one of its services has been identified. Now we’re doing something you can’t do with a single Nmap scan, because you can’t single out a host for more intense scanning like we did. The results for localhost are still present, though we won’t know more about it than we did before unless we decide to do a more in-depth scan.
It is not necessary to wait for one scan to finish before starting another. Several scans may run concurrently. As each one finishes its results are added to the inventory. Any number of scans may make up an inventory; the collection of scans is managed in the “Scans” scan results tab, as fully described in the section called “The “Scans” tab”.
It is possible to have more than one inventory open at the same time. Zenmap uses the convention that one window represents one network inventory. To start a new inventory, select “New Window” from the “Scan” menu or use the ctrl+N keyboard shortcut. Starting a scan with the “Scan” button will append the scan to the inventory in the current window. To put it in a different inventory open up a separate window and run the scan from there. Loading scan results from a file or directory will start a new inventory, unless you use the “Open Scan in This Window” menu item. For more on saving and loading network inventories and individual scans see the section called “Saving and Loading Scan Results”.
To close a window choose “Close Window” from the “Scan” menu or press ctrl+W. When all open windows are closed the application will terminate. To close all open windows select “Quit” or press ctrl+Q.