diff --git a/docs/nmap-install.xml b/docs/nmap-install.xml index c982a6958..d3a1bdcfd 100644 --- a/docs/nmap-install.xml +++ b/docs/nmap-install.xml @@ -1,5 +1,7 @@ +installation + Introduction Nmap can often be installed or upgraded with a single command, @@ -13,14 +15,18 @@ Nmap removal instructions are also provided in case you change your mind. Testing Whether Nmap is Already Installed +Nmapchecking if installed The first step toward obtaining Nmap is to check whether you already have it. Many free operating system distributions (including most Linux and BSD systems) come with Nmap, although it may not be installed by default. On Unix systems, open a terminal window and try executing the command -nmap . If -Nmap exists and is in your $PATH, +nmap . +If Nmap exists and is in your $PATH, +PATH environment variable you should see output similar to . +version number of Nmap + Checking for Nmap and determining its version number @@ -41,10 +47,12 @@ version number (here 4.65). Even if your system already has a copy of Nmap, you should consider upgrading to the latest version available from . +downloading Newer versions often run faster, fix important bugs, and feature updated operating system and service version detection databases. A list of changes since the version already on your system can be found at . +changelog Nmap output examples in this book may not match the output produced by older versions. @@ -66,7 +74,8 @@ intimidating for new and infrequent users. Nmap offers more than a hundred command-line options, although many are obscure features or debugging controls that most users can ignore. Many graphical frontends have been -created for those users who prefer a GUI interface. Nmap has traditionally included a simple GUI for Unix named NmapFENmapFE, but that was replaced in 2007 by Zenmap, which we had been developing since 2005. Zenmap is far more powerful and effective than NmapFE, particularly in results viewing. Zenmap's tab-based interface lets you search and sort +created for those users who prefer a GUI interface. Nmap has traditionally included a simple GUI for Unix named NmapFENmapFE, but that was replaced in 2007 by Zenmap, +Zenmapadvantages ofwhich we had been developing since 2005. Zenmap is far more powerful and effective than NmapFE, particularly in results viewing. Zenmap's tab-based interface lets you search and sort results, and also browse them in several ways (host details, raw Nmap output, and ports/hosts). It works on Microsoft Windows, Linux, Mac OS X, and other platforms. Zenmap is covered in depth in . The rest of this book focuses on command-line invocations of Nmap. @@ -80,6 +89,7 @@ command-line. Downloading Nmap +downloading Insecure.Org is the official source for downloading Nmap source code and binaries for Nmap and Zenmap. Source code is distributed in bzip2 and gzip compressed tar files, and binaries are available for @@ -90,6 +100,7 @@ url="http://nmap.org/download.html" />. Verifying the Integrity of Nmap Downloads +verifying the integrity of downloads It often pays to be paranoid about the integrity of files downloaded from the Internet. Popular packages such as @@ -122,8 +133,11 @@ forge and properly sign a trojan release. While numerous applications are able to verify PGP signatures, I recommend the GNU Privacy Guard (GPG). -Nmap releases are signed with a special Nmap Project Signing -Key, which can be obtained from they major keyservers or +keys, cryptographic +Nmap releases are signed with a special Nmap Project Signing Key, +Nmap Project Signing Key +which can be obtained from they major keyservers or . My key is included in that file too. The keys can be imported with the command gpg --import nmap_gpgkeys.txt. You only need to do @@ -182,7 +196,10 @@ gpg: BAD signature from While PGP signatures are the recommended validation technique, -SHA1 and MD5 (among other) hashes are made available for more casual +SHA1 and MD5 (among other) hashes +hashes, cryptographic +digests, cryptographic +are made available for more casual validation. An attacker who can manipulate your Internet traffic in real time (and is extremely skilled) or who compromises Insecure.Org and replaces both the distribution file and digest file, could defeat @@ -235,6 +252,8 @@ downloads. Obtaining Nmap from the Subversion (SVN) Repository +Subversion +SVNSubversion In addition to regular stable and development releases, the latest Nmap source code is always available using the -SVN write access is strictly limited to a few top Nmap + +Subversionchecking out from +SVN write access is strictly limited to a few top Nmap developers, but everyone has read access to the repository. Check out the latest code using the command svn co --username guest --password "" svn://svn.insecure.org/nmap/. Then you can later @@ -265,8 +286,14 @@ url="http://cgi.insecure.org/mailman/listinfo/nmap-svn"/>. Unix Compilation and Installation from Source Code +Unixcompilation and installation +installationfrom source +source code +compilation -While binary packagesinstallationfrom source + +source codeadvantages of +While binary packages discussed in later sections are available for most platforms, compilation and installation from source code is the traditional and most powerful way to install Nmap. This ensures that the @@ -322,6 +349,8 @@ install. However, there are a number of options available to Configure Directives +configure directives + Most of the Unix build options are controlled by the configure script, as used in step number four above. There are dozens of command-line parameters and environmental variables which affect the way Nmap is built. Run ./configure --help for a huge list with brief descriptions. Here are the ones that are specific to Nmap or particularly important: @@ -346,10 +375,10 @@ Nmap in my account as an unprivileged user. I would run ./configure --prefix=/home/fyodor. Nmap creates subdirs like /home/fyodor/man/man1 in the install stage if they do not already exist. -This option prevents the Zenmap graphical frontend from being installed. Normally the build system checks your system for requirements such as the Python scripting language and then installs Zenmap if they are all available. +ZenmapdisablingThis option prevents the Zenmap graphical frontend from being installed. Normally the build system checks your system for requirements such as the Python scripting language and then installs Zenmap if they are all available. directoryname -The version detection subsystem of Nmap is able to probe SSL-encrypted services using the free OpenSSL libraries. Normally the Nmap build system looks for these libraries on your system and include this capability if they are found. If they are in a location your compiler does not search for by default, but you still want them to be used, specify . Nmap then looks in directoryname/libs for the OpenSSL libraries themselves and directoryname/include for the necessary header files. Specify to disable SSL entirely. +OpenSSLdisablingThe version detection subsystem of Nmap is able to probe SSL-encrypted services using the free OpenSSL libraries. Normally the Nmap build system looks for these libraries on your system and include this capability if they are found. If they are in a location your compiler does not search for by default, but you still want them to be used, specify . Nmap then looks in directoryname/libs for the OpenSSL libraries themselves and directoryname/include for the necessary header files. Specify to disable SSL entirely. directoryname Nmap uses the Libpcap library for capturing raw IP packets. Nmap normally looks for an existing copy of Libpcap on your system and uses that if the version number and platform is appropriate. Otherwise Nmap includes its own recent copy of Libpcap, which has been modified for improved Linux functionality. The specific changes are described in libpcap/NMAP_MODIFICATIONS in the Nmap source directory. Because of these Linux-related changes, Nmap always uses its own Libpcap by default on that platform. If you wish to force Nmap to link with your own Libpcap, pass the option to configure. Nmap then expects the Libpcap library to be in directoryname/lib/libpcap.a and the include files to be in directoryname/include. Nmap will always use the version of Libpcap included in its tarball if you specify . @@ -368,6 +397,7 @@ I would run ./configure --prefix=/home/fyodor If You Encounter Compilation Problems +compilationproblems with In an ideal world, software would always compile perfectly (and quickly) on every system you maintain. Unfortunately, society has not yet reached that state of nirvana. Despite all the efforts to make Nmap portable, compilation issues occasionally arise. Here are some suggestions in case the source distribution compilation fails. @@ -400,7 +430,9 @@ running on, and any relevant output snippets showing the error. Consider binary packages -Binary packages of Nmap are available on most + +binary packagesadvantages of +Binary packages of Nmap are available on most platforms and are usually easy to install. The downsides are that they may not be as up-to-date and you lose some of the flexibility of self-compilation. Previous sections of this chapter describe how to @@ -413,8 +445,11 @@ packages. Linux Distributions +Linux -Linux is far and away the most popular platform for running + +Linuxpopularity as Nmap platform +Linux is far and away the most popular platform for running Nmap. In one user survey, 86% said that Linux was at least one of the platforms on which they run Nmap. @@ -435,10 +470,14 @@ linkend="inst-source" />. Here are simple package instructions for the most common distributions. RPM-based Distributions (Red Hat, Mandrake, Suse, Fedora) +RPM +Red Hat (Linux distribtion)RPM +Mandrake (Linux distribution)RPM +Suse (Linux distribution)RPM +Fedora (Linux distribution)RPM -I build RPM packages for every release of Nmap and post them toinstallationfrom RPMs -the Nmap download page at . +I build RPM packages for every release of Nmap and post them to +the Nmap download page at . I build two packages: The nmap package contains just the command-line executable and data files, while the zenmap package contains the optional Zenmap @@ -449,7 +488,9 @@ that the nmap package be installed first. One down side to installing the RPMs rather than compiling from source is that the RPMs don't support OpenSSL for version detection of SSL services. -Installing via RPM is quite easy—it + +RPMinstalling from +Installing via RPM is quite easy—it even downloads the package for you when given the proper URLs. The following example downloads and installs Nmap 4.62, including the frontend. Of course you should use the latest version at the download site above instead. Any existing RPM-installed versions are upgraded. demonstrates this installation process. @@ -466,7 +507,7 @@ Preparing... ########################################### [100%] -As the filenames above imply, these binary RPMs were created for normal PCs (x86 architecture). I also distribute x86_64 binaries of some releases for users with 64-bit Linux running on an AMD Opteron or Athlon64 processor. These binaries won't work for the relatively few Linux users on other platforms such as SPARC, Alpha, or PowerPC. They also may refuse to install if your library versions are sufficiently different from what the RPMs were initially built on. One option in these cases would be to find binary RPMs prepared by your Linux vendor for your specific distribution. The original install CDs or DVD are a good place to start. Unfortunately, those may not be current or available. Another option is to install Nmap from source code as described previously, though you lose the binary package maintenance consistency benefits. A third option is to build and install your own binary RPMs from the source RPMs distributed from the download page above. demonstrates this technique with Nmap 4.62. +As the filenames above imply, these binary RPMs were created for normal PCs (x86 architecture).x86 architecture I also distribute x86_64x86_64 architecture binaries of some releases for users with 64-bit Linux running on an AMD Opteron or Athlon64 processor. These binaries won't work for the relatively few Linux users on other platforms such as SPARC, Alpha, or PowerPC. They also may refuse to install if your library versions are sufficiently different from what the RPMs were initially built on. One option in these cases would be to find binary RPMs prepared by your Linux vendor for your specific distribution. The original install CDs or DVD are a good place to start. Unfortunately, those may not be current or available. Another option is to install Nmap from source code as described previously, though you lose the binary package maintenance consistency benefits. A third option is to build and install your own binary RPMs from the source RPMs distributed from the download page above. demonstrates this technique with Nmap 4.62. Building and installing Nmap from source RPMs @@ -491,8 +532,13 @@ reason there are no Zenmap source RPMs. Updating Red Hat, Fedora, Mandrake, and Yellow Dog Linux with Yum +Yum +Red Hat (Linux distribtion)Yum +Mandrake (Linux distribution)Yum +Yellow Dog (Linux distribution)Yum +Fedora (Linux distribution)Yum -The Red Hat, Fedora, Mandrake, and Yellow Dog Linuxinstallationfrom Yum +The Red Hat, Fedora, Mandrake, and Yellow Dog Linux distributions have an application named Yum which manages software installation and updates from central RPM repositories. This makes software installation and updates trivial. @@ -560,9 +606,14 @@ Complete! Debian Linux and Derivatives such as Ubuntu -LaMont Jones does a fabulous job maintaining the Nmap .debinstallationfrom deb packages +Debianinstalling on +UbuntuDebian +LaMont Jones +Jones, LaMont +does a fabulous job maintaining the Nmap .debinstallationfrom deb packages packages, including keeping them reasonably up-to-date. The proper upgrade/install command is apt-get install nmap. +apt-get This works for Debian derivatives such as Ubuntu too. Information on the latest Debian stable Nmap package is available at and the @@ -581,10 +632,14 @@ described in . Windows +Windows +Microsoft WindowsWindows While Nmap was once a Unix-only tool, a Windows version was released in 2000 and has since become the second most popular Nmap -platform (behind Linux). Because of this popularity and the fact that +platform (behind Linux). +Windowspopularity as Nmap platform +Because of this popularity and the fact that many Windows users do not have a compiler, binary executables are distributed for each major Nmap release. While it has improved dramatically, the Windows port is not quite as efficient or stable as @@ -592,11 +647,13 @@ on Unix. Here are some known limitations:Windows< +Windowslimitations of -You cannot generally scan your own machine from itself (using a loopback IP such as 127.0.0.1 or any of its registered IP addresses). This is a Windows limitation that we haven't yet worked around. If you really want to do this, use a TCP connect scan without pinging () as that uses the high level socket API rather than sending raw packets. +You cannot generally scan your own machine from itself (using a loopbackloopback interface IP such as 127.0.0.1 or any of its registered IP addresses). This is a Windows limitation that we haven't yet worked around. If you really want to do this, use a TCP connect scan without pinging () as that uses the high level socket API rather than sending raw packets. Nmap only supports ethernet interfaces (including many 802.11 wireless cards) unless you use the options. RAS connections (such as PPP dialups) are not supported. This support was dropped when Microsoft removed raw TCP/IP socket support in Windows XP SP2. Now Nmap must send lower-level ethernet frames instead. +Windowsperformance of Scans speeds on Windows are generally comparable to those on Unix, though the latter often has a slight performance edge. One exception to this is connect scan (), which is @@ -628,11 +685,13 @@ the CurrentControlSet\Services\Tcpip\Parameters entry under < Set to 1 so TcpTimedWaitDelay is checked. -I would like to thank Ryan Permeh of eEye, Andy Lutomirski, and - Jens Vogt for their hard work on the Nmap Windows port. For many +I would like to thank Ryan PermehPermeh, Ryan of eEye, Andy LutomirskiLutomirski, Andy, and + Jens VogtVogt, Jens for their hard work on the Nmap Windows port. For many years, Nmap was a Unix-only tool, and it would likely still be that way if not for their efforts. +Windowsinstallation on + Windows users have three choices for installing Nmap, all of which are available from the download page at .installationWindows Self-installer +Windowsself-installer Every major “stable” Nmap release comes with Windows self-installer named @@ -658,6 +718,7 @@ command-line. Command-line Zip Binaries +Windowszip binaries Most users prefer installing Nmap with the self-installer discussed previously. @@ -703,8 +764,8 @@ WinPcap requirement. -Compile from Source Code<indexterm><primary>installation</primary><secondary>from source on Windows</secondary></indexterm> - +Compile from Source Code +Windowscompilation on Most Windows users prefer to use the Nmap binary self-installer, @@ -718,7 +779,7 @@ url="http://www.microsoft.com/express/vc/">Visual C++ 2008 Express which Download the latest Nmap source distribution from . It has the name nmap-version.tar.bz2 or nmap-version.tgz. Those are the same tar file compressed using gzip or bzip2, respectively. The bzip2-compressed version is smaller. -Uncompress the source code file you just downloaded. Recent releases of the free Cygwin distribution can handle both the .tar.bz2 and .tgz. Use the command tar xvjf nmap-version.tar.bz2 or tar xvzf nmap-version.tgz, respectively. Alternatively, the common Winzip application can decompress the .tgz version. +Uncompress the source code file you just downloaded. Recent releases of the free Cygwin distributionCygwin can handle both the .tar.bz2 and .tgz. Use the command tar xvjf nmap-version.tar.bz2 or tar xvzf nmap-version.tgz, respectively. Alternatively, the common Winzip application can decompress the .tgz version. Open Visual Studio and the Nmap solution file ( nmap-version/mswin32/nmap.sln). Choose Build Solution from the Build Menu. Nmap should begin compiling, and end with the line -- Done -- saying that all projects built successfully and there were 0 failures. @@ -726,7 +787,7 @@ url="http://www.microsoft.com/express/vc/">Visual C++ 2008 Express which Instructions for executing your compiled Nmap are given in . Take special note of the -WinPcap requirement. +WinPcapWinPcap requirement. @@ -750,7 +811,9 @@ detailed instructions for users who are unfamiliar with command-line interfaces: -Make sure the user you are logged in as has administrative privileges on the computer (user should be a member of the administrators group). +Make sure the user you are logged in as has administrative privileges +administrator (root) privileges +on the computer (user should be a member of the administrators group). Open a command/DOS Window. Though it can be found in the program menu tree, the simplest approach is to choose Start -> Run and type cmd<enter>. Opening a Cygwin window (if you installed it) by clicking on the Cygwin icon on the desktop works too, although the necessary commands differ slightly from those shown here. @@ -792,7 +855,9 @@ Computer and then click properties.< Click the Environment Variables button. -Choose Path from the + +PATH environment variablePath on Windows +Choose Path from the System variables section, then hit edit. @@ -807,11 +872,16 @@ command such as nmap scanme.nmap.org from any directory. Sun Solaris +Solaris +Sun SolarisSolaris -installationon SolarisSolaris has long been well-supported by Nmap. Sun even donated a complete SPARCstation to the project, which is still being used to test new Nmap builds. For this reason, many Solaris users compile and install from source code as described in . +Solarisinstallation from source on +Solaris has long been well-supported by Nmap. Sun even donated a complete SPARCstation to the project, which is still being used to test new Nmap builds. For this reason, many Solaris users compile and install from source code as described in . Users who prefer native Solaris packages will be pleased to -learn that Steven Christensen does an excellent job of maintaining +learn that Steven Christensen +Christensen, Steven +does an excellent job of maintaining Nmap packages over at . Instructions are on his site, and are generally very simple: download the appropriate Nmap package for your version @@ -825,9 +895,8 @@ you have more flexibility in the build process. Apple Mac OS X -Apple Mac OS Xinstallation -Mac OS Xinstallation -installationon Mac OS X +Mac OS X +Apple Mac OS XMac OS X Thanks to several people graciously donating shell accounts on their Mac OS X boxes, Nmap usually compiles on that platform without @@ -838,6 +907,7 @@ Unix software for Mac OS X. Executable Installer +Mac OS Xexecutable installer The easiest way to install Nmap and Zenmap on Mac OS X is to use the installer. In the @@ -845,7 +915,10 @@ the installer. In the the Nmap download page there is a file called nmap-version.dmg, where version is the version number of the most -recent release. The .dmg file is known as a +recent release. The .dmg +.dmg (Mac OS X disk image) +disk image (Mac OS X) +file is known as a disk image. This is the process for installing from the disk image. @@ -875,7 +948,7 @@ have to compile from source or use a third-party package. -installationfrom source on Mac OS X +Mac OS Xcompilation on Compile from Source Code Compiling Nmap from source on Mac OS X is no more difficult than @@ -886,6 +959,7 @@ on other platforms once a proper build environment is in place. Compiling Nmap on Mac OS X requires Xcode, +Xcode Apple's developer tools that include GCC and the rest of the usual build system. Xcode is not installed by default but it is available as an optional install on the Mac OS X installation discs. If you do not have @@ -894,7 +968,9 @@ Xcode free of charge by following these steps. Apple restricts downloads of Xcode to members of the -Apple Developer Connection. Browse to +Apple Developer Connection. +Apple Developer Connection +Browse to and fill out some forms to create an account. Skip to the next step if you already have an account. @@ -915,6 +991,7 @@ approach will continue to work. Compile Zenmap from source code +Zenmapdependencies of Zenmap depends on some external libraries that do not come with Mac OS X, such as GTK+ and PyGTK. These libraries have many dependencies of their own. A convenient way to install all of them is to use a @@ -934,11 +1011,13 @@ that packages Unix software for Mac OS X. The two discussed here are MacPorts. See the respective projects' web sites for installation instructions. +Fink To install using Fink, use the command fink install nmap. Nmap will be installed as /sw/bin/nmap. To uninstall use the command fink remove nmap. +MacPorts To install using MacPorts, use the command sudo port install nmap. Nmap will be installed as /opt/local/bin/nmap. To uninstall use the command @@ -955,7 +1034,9 @@ terminal window. This is where you will type your commands. rootwith sudo By default the root user is disabled on Mac OS X. To run a scan with -root privileges prefix the command name with sudo, as +root privileges prefix the command name with sudo, +sudo +as in sudo nmap -sS target. You will be asked for a password, which is just your normal login password. Only users with administrator privileges can do this. @@ -965,7 +1046,9 @@ be installed. If it was not installed by default it may be available as an optional install on the Mac OS X installation discs. When Zenmap is started, a dialog is displayed requesting that you -type your password. Users with administrator privileges may enter their +type your password. Users with administrator privileges +adminsitrator (root) privileges +may enter their password to allow Zenmap to run as the root user and run more advanced scans. To run Zenmap in unprivileged mode, just select the Cancel button on this dialog. @@ -974,7 +1057,7 @@ scans. To run Zenmap in unprivileged mode, just select the FreeBSD / OpenBSD / NetBSD - +BSDs installationon BSDThe BSD flavors are well supported by Nmap, so you can simply @@ -987,6 +1070,7 @@ popular applications. Instructions for installing Nmap on the most popular *BSD variants follow. OpenBSD Binary Packages and Source Ports Instructions +OpenBSDinstallation on According to the OpenBSD FAQ, users @@ -1012,6 +1096,7 @@ Or obtain it from the OpenBSD distribution CD-ROM. FreeBSD Binary Package and Source Ports Instructions +FreeBSD The FreeBSD project has a whole chapter @@ -1045,18 +1130,23 @@ chapter referenced above. NetBSD Binary Package Instructions +NetBSD NetBSD has packaged Nmap for an enormous number of platforms, from the normal i386 to Playstation 2, PowerPC, VAX, SPARC, MIPS, Amiga, ARM, and several platforms that I have never even heard of! Unfortunately they are not very up-to-date. A list of NetBSD Nmap packages is available from and a description of using their package system to install applications is available at . -Amiga, HP-UX, IRIX, and Other Platforms<indexterm><primary>installation</primary><secondary>on other platforms</secondary></indexterm> +Amiga, HP-UX, IRIX, and Other Platforms +AmigaOS +HP-UX +IRIX One of the wonders of Open Source development is that resources are often biased towards what people find exciting rather than having an exclusive focus on profits as most corporations do. It is along -those lines that the Amiga port came about. Diego Casorran performed +those lines that the Amiga port came about. Diego Casorran +Casorran, Diegaperformed most of the work and sent in a clean patch which was integrated into the main Nmap distribution. In general, AmigaOS users should be able to simply follow the source compilation instructions in nmap-dev mailin improves support on your platform, please email it to nmap-dev or to me at fyodor@insecure.org. -Removing Nmap<indexterm><primary>uninstallation</primary></indexterm> +Removing Nmap +uninstallation +removal If your purpose for removing Nmap is simply to upgrade to the latest version, you can usually use the @@ -1086,7 +1178,9 @@ megabytes of disk space it consumes. How to remove Nmap depends on how you installed it initially (see previous sections). Ease of removal (and other maintenance) is a major advantage of most binary packages. For example, when Nmap is installed using -the RPM system common on Linux distributions, it can be removed by +the RPM +RPM +system common on Linux distributions, it can be removed by running the command rpm -e nmap zenmap as root. Analogous options are offered by most other package managers—consult their documentation for further