Nmap Scan icon

Nmap Scan

Scan with nmap command

Actions4

Overview

This node performs network scanning using the nmap command-line tool. It supports multiple scan operations, including a full port scan of a target host or network range. The "All Ports Scan" operation specifically scans all ports (-p-) on the specified target(s), which is useful for comprehensive security audits, vulnerability assessments, or network inventory tasks.

Typical use cases include:

  • Security professionals auditing open ports on hosts.
  • Network administrators discovering services running on devices.
  • IT teams verifying firewall rules and network exposure.

For example, scanning a subnet like 192.168.0.0/24 to identify all open ports on each device can help detect unauthorized services or misconfigurations.

Properties

Name Meaning
Target Network Range / Host / IP (network_range) The IP address, host, or CIDR range to scan (e.g., 192.168.0.0/24).
Options:
- Aggressive Mode (aggressive_mode) Numeric value controlling scan speed; higher values (like 5) make the scan faster (-T5).
- Check Top Ports (top_ports) Number of top ports to check in some scan types (e.g., 1000).
- Host Discovery (host_discovery) Boolean to enable host discovery; if disabled, skips pinging hosts for faster scans (-Pn).
- Put Result in Field (ports_field) Name of the output JSON field where port scan results will be stored (default: ports).

Output

The node outputs an array of items with JSON data containing the scan results. For the "All Ports Scan" operation:

  • The scan results are parsed and placed into a JSON field named as per the ports_field property (default "ports").
  • This field contains detailed information about the scanned ports on the target(s), such as port numbers, states (open/closed), and possibly service info.
  • No binary data output is produced by this node.

Example output snippet (simplified):

{
  "ports": [
    {
      "port": 22,
      "state": "open",
      "service": "ssh"
    },
    {
      "port": 80,
      "state": "open",
      "service": "http"
    }
  ]
}

Dependencies

  • Requires the nmap command-line tool installed and accessible in the environment where n8n runs.
  • Optionally uses sudo privileges if a local sudo password credential is provided, allowing execution of privileged commands.
  • No external API keys or online services are required.
  • Uses internal utility classes for shell command execution and parsing nmap output.

Troubleshooting

  • Common issues:

    • nmap not installed or not in PATH: The node will fail to execute the scan command.
    • Insufficient permissions: Some scans require elevated privileges; providing a sudo password may be necessary.
    • Invalid target input: Malformed IP addresses or ranges will cause errors.
    • Long scan times: Scanning all ports on large networks can be time-consuming; consider adjusting aggressive mode or limiting targets.

  • Error messages:

    • Errors from the underlying shell command execution are wrapped and thrown as node operation errors.
    • If sudo password is incorrect or missing when required, the scan will fail.

  • Resolutions:

    • Ensure nmap is installed and accessible.
    • Provide correct sudo credentials if needed.
    • Validate target inputs before running scans.
    • Adjust options like aggressive mode or host discovery to optimize performance.

Links and References

Discussion