Common Scanning Tools: Nessus, OpenVAS, Nmap
Get hands-on familiarity with industry-standard tools for host discovery, port scanning, and vulnerability identification.
The Scanning Tool Ecosystem
Security professionals use a variety of scanning tools for different purposes: host discovery, port scanning, service enumeration, operating system detection, vulnerability identification, and web application testing. Security+ expects familiarity with the most widely used tools in each category. Understanding what each tool does — and what it cannot do — helps you select the right tool for a given task and interpret results correctly. Results from multiple complementary tools provide more complete coverage than any single tool alone.
Nmap: The Network Mapper
Nmap (Network Mapper) is the most widely used open-source tool for network discovery and security auditing. It can discover live hosts, enumerate open ports, detect running services and their versions, and identify the operating system. Nmap uses various scan techniques including SYN scan (the default, fast and relatively stealthy), TCP Connect (full handshake, noisier but doesn't need root), UDP scan, and version scan. It ships with the Nmap Scripting Engine (NSE) which provides hundreds of scripts for vulnerability detection, brute-forcing, and exploitation.
# Common Nmap scan types:
nmap -sS 192.168.1.0/24 # SYN scan (fast, stealthy)
nmap -sT 192.168.1.10 # TCP connect scan
nmap -sU -p 53,67,161 target # UDP scan specific ports
nmap -sV 192.168.1.10 # version detection
nmap -O 192.168.1.10 # OS detection
nmap -A 192.168.1.10 # aggressive: -sV -O -sC --traceroute
nmap -p- 192.168.1.10 # scan all 65535 ports
nmap --script vuln 192.168.1.10 # run vulnerability scriptsAll lessons in this course
- Vulnerability Scanning vs Penetration Testing
- Common Scanning Tools: Nessus, OpenVAS, Nmap
- Penetration Testing Phases: Recon to Reporting
- CVSS Scoring and Vulnerability Prioritization