How to Install Nmap on Debian

Nmap (Network Mapper) scans networks to discover hosts, open ports, running services, and operating system details. Whether you need to audit your home network for security vulnerabilities, verify firewall rules are working correctly, or inventory devices on a corporate network, Nmap provides the scanning capabilities to accomplish these tasks. By the end of this guide, you will have Nmap installed on your Debian system, ready to perform network discovery and security assessments from the command line.

Choose Your Nmap Installation Method

Debian offers Nmap through its default repositories, providing a stable and tested version that receives security updates automatically. Alternatively, you can compile Nmap from source to access the latest features and NSE (Nmap Scripting Engine) scripts. The table below compares both approaches:

Method	Channel	Version	Updates	Best For
APT Package Manager	Debian Repos	Stable	Automatic via apt upgrade	Most users who want easy installation and maintenance
Source Compilation	Nmap.org	Latest	Manual recompilation	Users needing latest NSE scripts or bleeding-edge features

We recommend the APT method for most users because it integrates with Debian’s package management, receives security updates automatically, and requires no compilation. Only compile from source if you specifically need features unavailable in the repository version.

Method 1: Install Nmap via Debian’s Default Repository

Update System Packages

First, refresh your package index and upgrade existing packages to ensure you install the latest available version and avoid dependency conflicts:

sudo apt update && sudo apt upgrade

Running apt update refreshes your local package database, while apt upgrade applies any pending security patches and updates.

Install Nmap via APT Command

Next, install Nmap from Debian’s default repository with a single command:

sudo apt install nmap

APT automatically downloads and installs Nmap along with its dependencies, including the NSE script library and supporting tools like Ncat and Nping.

Verify Nmap Installation

After installation completes, verify that Nmap is working correctly by checking the installed version:

nmap --version

For example, on Debian 13 (Trixie) you should see output similar to this:

Nmap version 7.95 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.4.7 openssl-3.5.4 libssh2-1.11.1 libz-1.3.1 libpcre2-10.46 libpcap-1.10.5 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

Nmap versions vary by Debian release: Debian 11 (Bullseye) includes version 7.80, Debian 12 (Bookworm) includes 7.93, and Debian 13 (Trixie) includes 7.95. Your output will reflect whichever version your repository provides.

Method 2: Install Nmap via Source Compilation

Compiling Nmap from source provides access to the latest features, bug fixes, and NSE scripts before they reach distribution repositories. This method requires additional steps and manual updates, but it ensures you always have the most current scanning capabilities available.

Install Build Dependencies

First, install the tools and libraries required to compile Nmap from source:

sudo apt update
sudo apt install build-essential libssh2-1-dev libssl-dev libpcre2-dev wget ca-certificates curl -y

Each of these packages provides a specific capability:

• build-essential, which includes the GCC compiler, make utility, and core development tools
• libssh2-1-dev, providing SSH2 protocol support for Nmap’s SSH scanning features
• libssl-dev, providing OpenSSL cryptographic libraries for SSL/TLS scanning
• libpcre2-dev, providing the Perl Compatible Regular Expressions library for pattern matching
• wget and curl, used for downloading the source archive and detecting the latest version
• ca-certificates, enabling SSL certificate validation for HTTPS downloads

Download the Latest Nmap Source

Instead of hardcoding a version number that becomes outdated, you can use this command to automatically detect and download the latest stable release from the official Nmap download page:

NMAP_VER=$(curl -s https://nmap.org/download.html | grep -oP 'nmap-\d+\.\d+\.tar\.bz2' | head -1 | grep -oP '\d+\.\d+')
echo "Downloading Nmap version: $NMAP_VER"
wget "https://nmap.org/dist/nmap-${NMAP_VER}.tar.bz2"

This command uses curl to scrape the download page, extracts the current stable version number, and uses wget to download the corresponding source archive. Expected output:

Downloading Nmap version: 7.98
--2024-12-29 09:30:00--  https://nmap.org/dist/nmap-7.98.tar.bz2
Resolving nmap.org... 45.33.49.119
Connecting to nmap.org|45.33.49.119|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12273108 (12M) [application/octet-stream]
Saving to: 'nmap-7.98.tar.bz2'

nmap-7.98.tar.bz2   100%[==================>]  11.70M  5.50MB/s    in 2.1s

2024-12-29 09:30:03 (5.50 MB/s) - 'nmap-7.98.tar.bz2' saved [12273108/12273108]

If automatic detection fails due to page changes, visit the Nmap download page to check the current version and download manually.

Extract and Navigate to Source Directory

Next, extract the downloaded archive and change to the source directory. Using wildcards ensures the command works regardless of which version you downloaded:

tar -xjf nmap-*.tar.bz2
cd nmap-*/

Here, the -x flag extracts files, -j handles bzip2 compression, and -f specifies the filename. Meanwhile, the wildcard pattern (nmap-*/) matches any extracted Nmap directory.

Configure Build Options

Now, run the configure script to detect your system’s configuration and prepare the build. The --with-localdirs flag tells Nmap to search for libraries in /usr/local directories:

./configure --with-localdirs

Once configuration completes, you should see output confirming successful detection of all dependencies:

checking for OpenSSL... yes
checking for libpcre... yes
checking for libz... yes
checking for libssh2... yes
checking for libpcap... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h

Configuration complete. Type make (or gmake on some *BSD machines) to compile.

If any dependency shows “no” instead of “yes,” install the corresponding -dev package and run ./configure again.

Compile Nmap Source

Now that configuration is complete, compile the source code using make. Adding the -j$(nproc) flag utilizes all available CPU cores to speed up compilation:

make -j$(nproc)

Compilation typically takes 2-5 minutes depending on your hardware. Once complete, you should see output indicating successful builds of Nmap’s components:

Compiling liblua
Compiling liblinear
Compiling libnetutil
Compiling libnsock
Compiling nbase
Compiling nmap
Compiling ncat
Compiling nping
make[1]: Leaving directory '/home/user/nmap-7.98/nping'
Compilation complete. Nmap compiled successfully!

Install Compiled Binaries

After successful compilation, install the binaries to your system. This step requires root privileges because it copies files to system directories:

sudo make install

Specifically, this command installs the Nmap binary to /usr/local/bin, NSE scripts to /usr/local/share/nmap, and man pages to the appropriate documentation directories.

Verify Source Installation

Finally, confirm that the source-compiled version is installed and accessible:

nmap --version

Expected output showing the source-compiled version:

Nmap version 7.98 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.4.7 openssl-3.x.x libssh2-1.11.x libz-1.3.x libpcre2-10.x libpcap-1.10.x nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

The source-compiled version (7.98 at the time of writing) will be newer than the repository version. Your library versions will vary based on your Debian release.

Additionally, you can confirm the binary location to verify it installed to /usr/local/bin:

which nmap

/usr/local/bin/nmap

Create an Update Script for Source Installations

Unlike APT packages, source-compiled software requires manual updates. However, the following script automates the process of checking for new versions, downloading, compiling, and installing updates:

cat <<'EOF' | sudo tee /usr/local/bin/update-nmap
#!/bin/bash
# Nmap Update Script - Automatically updates source-compiled Nmap

set -e

# Check for required tools
for cmd in curl wget tar make; do
    if ! command -v $cmd &>/dev/null; then
        echo "Error: $cmd is required but not installed."
        exit 1
    fi
done

# Get current installed version
CURRENT_VER=$(nmap --version 2>/dev/null | grep -oP 'Nmap version \K[\d.]+' || echo "0")

# Get latest available version
LATEST_VER=$(curl -s https://nmap.org/download.html | grep -oP 'nmap-\d+\.\d+\.tar\.bz2' | head -1 | grep -oP '\d+\.\d+')

if [ -z "$LATEST_VER" ]; then
    echo "Error: Could not determine latest Nmap version."
    exit 1
fi

echo "Current version: $CURRENT_VER"
echo "Latest version:  $LATEST_VER"

if [ "$CURRENT_VER" = "$LATEST_VER" ]; then
    echo "Nmap is already up to date."
    exit 0
fi

echo "Updating Nmap from $CURRENT_VER to $LATEST_VER..."

# Create temporary build directory
BUILD_DIR=$(mktemp -d)
cd "$BUILD_DIR"

# Download and extract
wget -q "https://nmap.org/dist/nmap-${LATEST_VER}.tar.bz2"
tar -xjf nmap-*.tar.bz2
cd nmap-*/

# Configure and compile
./configure --with-localdirs >/dev/null
make -j$(nproc) >/dev/null

# Install
sudo make install >/dev/null

# Verify
NEW_VER=$(nmap --version | grep -oP 'Nmap version \K[\d.]+')
echo "Successfully updated to Nmap $NEW_VER"

# Cleanup
rm -rf "$BUILD_DIR"
EOF

sudo chmod +x /usr/local/bin/update-nmap

Specifically, this script performs several safety checks before proceeding:

• Verifies required tools are installed
• Compares current and latest versions to avoid unnecessary recompilation
• Uses a temporary directory for the build process
• Cleans up after installation

Once the script is installed, you can update Nmap at any time by running:

sudo update-nmap

Basics of Nmap Command Examples

Understanding Nmap’s core commands helps you leverage its full scanning capabilities. For a comprehensive guide covering more scan types, timing templates, and NSE scripts, see our Nmap Commands for Beginners guide.

Nmap Port State Definitions

When scanning for open ports, Nmap reports the state of each port it probes. Understanding these states helps you interpret scan results accurately:

Port State	Description
Open	An application is actively accepting TCP connections, UDP datagrams, or SCTP associations on this port.
Closed	The port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it.
Filtered	Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. Firewalls or router rules may be blocking the probes.
Unfiltered	The port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan reports ports in this state.
Open|Filtered	Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response.
Closed|Filtered	This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.

Basic Scanning Commands

The following fundamental commands cover the most common scanning scenarios:

Scan a Single Host

To scan a host by IP address or domain name:

nmap 192.168.1.1
nmap example.com

Alternatively, for a quick scan of the most common 100 ports, use the -F (fast) flag:

nmap -F 192.168.1.1

Similarly, to scan your local machine:

nmap localhost

Operating System Detection

The -O flag enables OS detection, while --osscan-guess provides more aggressive guessing when exact matches aren’t found:

sudo nmap -O --osscan-guess 192.168.1.1

OS detection requires root privileges because it uses raw socket access. Without sudo, this scan will fail.

Scan Specific Ports

Use the -p flag to scan specific ports or port ranges:

nmap -p 80,443,8080,9090 192.168.1.1
nmap -p 1-1000 192.168.1.1
nmap -p- 192.168.1.1

Note that the -p- option scans all 65,535 ports, which takes significantly longer but provides complete coverage.

Service Version Detection

The -sV flag probes open ports to determine service and version information:

nmap -sV 192.168.1.1

TCP SYN Scan

The SYN scan (-sS) is the default and most popular scan type. It’s fast and relatively stealthy because it never completes TCP connections:

sudo nmap -sS 192.168.1.1

View All Nmap Options

Nmap includes extensive built-in documentation. To see all available options and flags:

nmap --help

For detailed documentation on specific topics, consult the man page:

man nmap

Troubleshooting Common Issues

Command Not Found After Source Installation

If you see “nmap: command not found” after compiling from source, /usr/local/bin may not be in your PATH. Verify with:

echo $PATH | grep -q '/usr/local/bin' && echo "Path OK" || echo "Missing /usr/local/bin"

If missing, add it to your shell configuration:

echo 'export PATH="/usr/local/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc

Configure Fails with Missing Dependencies

If ./configure reports missing libraries, install the corresponding development packages:

# Missing OpenSSL
sudo apt install libssl-dev

# Missing libpcap (packet capture)
sudo apt install libpcap-dev

# Missing libssh2
sudo apt install libssh2-1-dev

After installing missing packages, run ./configure again.

Permission Denied During Scanning

Certain scan types (SYN scan, OS detection, UDP scans) require raw socket access and must run with root privileges:

# This fails without root:
nmap -sS 192.168.1.1
# TCP SYN Stealth Scan requires root privileges.

# Run with sudo:
sudo nmap -sS 192.168.1.1

As an alternative, connect scans (-sT) work without root but are slower and more detectable.

Remove Nmap from Debian

Remove the APT-Installed Version

If you installed Nmap using APT, remove it with:

sudo apt remove nmap

Then, remove any orphaned dependencies that were installed with Nmap but are no longer needed:

sudo apt autoremove

Finally, to verify successful removal, confirm the binary is no longer available:

which nmap

If Nmap was removed successfully, this command returns no output.

Remove the Source-Compiled Version

Fortunately, Nmap’s source distribution includes an uninstall target. Navigate to your source directory and run:

cd ~/nmap-*/
sudo make uninstall

You should see output similar to this:

running uninstall
Removing '/usr/local/bin/nmap'.
Removing '/usr/local/share/man/man1/nmap.1'.
Removing '/usr/local/share/nmap' directory.
make[1]: Entering directory '/home/user/nmap-7.98/nping'
rm -f /usr/local/bin/nping
rm -f /usr/local/share/man/man1/nping.1
make[1]: Leaving directory '/home/user/nmap-7.98/nping'
NMAP SUCCESSFULLY UNINSTALLED

Afterwards, if you no longer need the source files and update script, clean them up:

rm -rf ~/nmap-*/
rm -f ~/nmap-*.tar.bz2
sudo rm -f /usr/local/bin/update-nmap

Conclusion

You have successfully installed Nmap on your Debian system using either APT or source compilation. From here, you can begin exploring your network by running basic scans against localhost or your local network. Start with version detection (nmap -sV) to identify running services, then progress to OS fingerprinting (sudo nmap -O) for deeper reconnaissance.

For more advanced security work, consider pairing Nmap with complementary tools. Wireshark enables packet-level analysis of the traffic Nmap generates, while Chkrootkit can help verify the integrity of systems you’ve scanned. To manage remote access during security audits, see our guide on enabling SSH on Debian.