How to Install Nmap on Fedora 44

Finding which hosts are alive, which ports are open, and which services answer on a network is much faster once Nmap is in your toolkit. To install Nmap on Fedora, use the packaged nmap build for normal systems, or compile the current upstream release only when you need newer scan data, custom build options, or a lab environment that intentionally tracks upstream.

Fedora 44 and Fedora 43 currently ship Nmap 7.92 through the standard repositories, while upstream Nmap publishes 7.99 from nmap.org. DNF is still the best default because it receives Fedora-maintained updates with the rest of the system; the source path is an advanced manual build with GPG verification and separate cleanup.

Install Nmap on Fedora

Use the DNF method unless you have a specific reason to compile upstream Nmap yourself. The Fedora package installs the nmap scanner and nping. Ncat is split into Fedora’s separate nmap-ncat package, so do not expect ncat to appear from sudo dnf install nmap alone.

Choose the Nmap Installation Method on Fedora

Method	Source	What It Installs	Updates	Best Fit
DNF package	Fedora repositories	Fedora’s 7.92 nmap package with nmap and nping	Handled by dnf upgrade	Most users, servers, and repeatable admin setups
Source build	nmap.org	Upstream 7.99 source build with nmap, ncat, and nping	update-nmap-source	Advanced users who need the newest upstream release or custom build flags

Zenmap is not packaged with Fedora’s standard nmap RPM. Upstream currently publishes Zenmap as a separate Python wheel from the Nmap download page, but this Fedora workflow focuses on the command-line scanner because Fedora packages that CLI toolset directly.

The upstream download page also lists standalone RPM files. They are local package downloads, not a Fedora repository, so DNF remains the managed package path; use the source-prefix workflow only when you deliberately want an isolated upstream build.

Update Fedora Before Installing Nmap

Refresh repository metadata and apply pending updates before installing a network scanner. This keeps the package transaction aligned with your current Fedora release.

sudo dnf upgrade --refresh

If your account cannot run sudo, set that up before installing system packages. The Fedora sudoers walkthrough explains how to add a user to sudoers on Fedora.

Install Nmap with DNF

Install Nmap on Fedora with DNF by running the packaged scanner command:

sudo dnf install nmap

Ncat uses the separate nmap-ncat package. Keep that companion package outside this install unless your task specifically needs Ncat’s connection and relay features; the scanner examples here use nmap only.

Verify Nmap on Fedora

Check the installed version and platform string:

nmap --version | sed -n '1,2p'

Expected output from Fedora 44 currently looks like this:

Nmap version 7.92 ( https://nmap.org )
Platform: x86_64-redhat-linux-gnu

The redhat-linux-gnu platform string confirms that the command comes from Fedora’s RPM build.

Build Latest Nmap from Source on Fedora

The source method is useful when you specifically need the latest upstream stable release before Fedora rebases its package. It also gives you a clean way to test upstream Nmap in a lab without changing Fedora’s package database, as long as you keep the source-built prefix separate from the DNF package.

Use either the DNF package or the source build as your normal nmap command. Installing both can make your shell run the source-built command from /usr/local/bin while DNF still owns /usr/bin/nmap.

Install Nmap Source Build Dependencies

Install the compiler, build tools, download tools, GPG verifier, and development libraries used by the upstream build. This source workflow intentionally builds the command-line scanner tools that build cleanly on Fedora: nmap, ncat, and nping.

sudo dnf install gcc gcc-c++ make automake openssl-devel libssh2-devel curl bzip2 gnupg2 tar

Download and Verify the Nmap Source Archive

Create a build directory and download the Nmap 7.99 source archive, its detached signature, and the official Nmap signing keys:

mkdir -p "$HOME/nmap-build"
cd "$HOME/nmap-build"
NMAP_VERSION=7.99
curl -fLO --progress-bar "https://nmap.org/dist/nmap-${NMAP_VERSION}.tar.bz2"
curl -fLO --progress-bar "https://nmap.org/dist/sigs/nmap-${NMAP_VERSION}.tar.bz2.asc"
curl -fLO --progress-bar https://svn.nmap.org/nmap/docs/nmap_gpgkeys.txt

Import the signing keys and verify the detached signature:

gpg --import nmap_gpgkeys.txt
gpg --verify "nmap-${NMAP_VERSION}.tar.bz2.asc" "nmap-${NMAP_VERSION}.tar.bz2"

Relevant verification lines include:

gpg: Good signature from "Nmap Project Signing Key (http://www.insecure.org/)" [unknown]
Primary key fingerprint: 436D 66AB 9A79 8425 FDA0  E3F8 01AF 9F03 6B93 55D0

The [unknown] trust label is normal for a freshly imported key. The important check is that the fingerprint matches the Nmap Project Signing Key fingerprint published in the official Nmap install documentation.

Configure Nmap Source for a Managed Prefix

Extract the source archive and configure it under a versioned prefix in /opt. The --without-zenmap and --without-ndiff options keep this build focused on the scanner, Ncat, and Nping command-line tools. Nmap 7.99’s Ndiff build currently fails against Fedora 44’s Python 3.14 build tooling, so disabling it keeps the source workflow reproducible without affecting the scanner.

tar -xjf "nmap-${NMAP_VERSION}.tar.bz2"
cd "nmap-${NMAP_VERSION}"
./configure --prefix="/opt/nmap-${NMAP_VERSION}" --without-zenmap --without-ndiff

Relevant configuration lines include:

Configured with: nping openssl zlib libssh2 lua ncat
Configured without: localdirs ndiff zenmap
Configuration complete.  Type make (or gmake on some *BSD machines) to compile.

Compile and Install Nmap from Source

Compile the source tree and install it into the managed prefix:

make -j"$(nproc)"
sudo make install

Create command links in /usr/local/bin for the tools that were built. The loop refuses to overwrite an unrelated file or symlink:

for cmd in nmap ncat nping; do
  source_cmd="/opt/nmap-${NMAP_VERSION}/bin/$cmd"
  link="/usr/local/bin/$cmd"
  if [ ! -x "$source_cmd" ]; then
    continue
  fi
  if [ -e "$link" ] && [ ! -L "$link" ]; then
    echo "$link exists and is not a symlink; move it before linking $cmd."
    exit 1
  fi
  if [ -L "$link" ]; then
    current_target="$(readlink -f "$link" 2>/dev/null || true)"
    if [ -n "$current_target" ] && [[ "$current_target" != /opt/nmap-*/bin/$cmd ]]; then
      echo "$link points to $current_target; move it before linking $cmd."
      exit 1
    fi
  fi
  sudo ln -sfn "$source_cmd" "$link"
done
hash -r

Verify the Source-Built Nmap Command

Confirm that your shell finds the source-built commands and that the scanner version matches the source archive:

command -v nmap
command -v ncat
command -v nping
nmap --version | sed -n '1,2p'

Expected output for the 7.99 source build:

/usr/local/bin/nmap
/usr/local/bin/ncat
/usr/local/bin/nping
Nmap version 7.99 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu

The unknown-linux-gnu platform string is normal for the upstream source build and differs from Fedora’s RPM build string.

Update Source-Built Nmap on Fedora

Source builds do not update through DNF. This helper script repeats the same upstream lookup, GPG verification, build, install, and symlink refresh in one controlled command.

sudo tee /usr/local/bin/update-nmap-source > /dev/null <<'SCRIPT_EOF'
#!/usr/bin/env bash
set -euo pipefail

BUILD_DIR="${HOME}/nmap-build"
DOWNLOAD_PAGE="https://nmap.org/download.html"
DIST_URL="https://nmap.org/dist"
SIG_URL="https://nmap.org/dist/sigs"
KEY_URL="https://svn.nmap.org/nmap/docs/nmap_gpgkeys.txt"

if [ "$(id -u)" -eq 0 ]; then
  echo "Run this helper as your regular user, not with sudo."
  exit 1
fi

for cmd in curl tar gpg make gcc g++ sudo nproc readlink; do
  if ! command -v "$cmd" >/dev/null 2>&1; then
    echo "Missing required command: $cmd"
    echo "Install the source build dependencies first."
    exit 1
  fi
done

DOWNLOAD_HTML="$(curl -fsSL "$DOWNLOAD_PAGE")"
if [[ "$DOWNLOAD_HTML" =~ nmap-([0-9]+\.[0-9]+)\.tar\.bz2 ]]; then
  LATEST_VERSION="${BASH_REMATCH[1]}"
else
  echo "Could not determine the latest Nmap version."
  exit 1
fi

CURRENT_OUTPUT="$(/usr/local/bin/nmap --version 2>/dev/null || true)"
if [[ "$CURRENT_OUTPUT" =~ ([0-9]+\.[0-9]+) ]]; then
  CURRENT_VERSION="${BASH_REMATCH[1]}"
else
  CURRENT_VERSION=""
fi

PREFIX="/opt/nmap-${LATEST_VERSION}"

echo "Current version: ${CURRENT_VERSION:-not installed}"
echo "Latest version:  ${LATEST_VERSION}"

if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ] && [ -x "$PREFIX/bin/nmap" ]; then
  echo "Already up to date."
  exit 0
fi

mkdir -p "$BUILD_DIR"
cd "$BUILD_DIR"
rm -rf "nmap-${LATEST_VERSION}" "nmap-${LATEST_VERSION}.tar.bz2" "nmap-${LATEST_VERSION}.tar.bz2.asc"

curl -fLO --progress-bar "${DIST_URL}/nmap-${LATEST_VERSION}.tar.bz2"
curl -fLO --progress-bar "${SIG_URL}/nmap-${LATEST_VERSION}.tar.bz2.asc"
curl -fLO --progress-bar "$KEY_URL"
gpg --import nmap_gpgkeys.txt
gpg --verify "nmap-${LATEST_VERSION}.tar.bz2.asc" "nmap-${LATEST_VERSION}.tar.bz2"

tar -xjf "nmap-${LATEST_VERSION}.tar.bz2"
cd "nmap-${LATEST_VERSION}"
./configure --prefix="$PREFIX" --without-zenmap --without-ndiff
make -j"$(nproc)"
sudo make install

for cmd in nmap ncat nping; do
  source_cmd="$PREFIX/bin/$cmd"
  link="/usr/local/bin/$cmd"
  if [ ! -x "$source_cmd" ]; then
    continue
  fi
  if [ -e "$link" ] && [ ! -L "$link" ]; then
    echo "$link exists and is not a symlink; move it before linking $cmd."
    exit 1
  fi
  if [ -L "$link" ]; then
    current_target="$(readlink -f "$link" 2>/dev/null || true)"
    if [ -n "$current_target" ] && [[ "$current_target" != /opt/nmap-*/bin/$cmd ]]; then
      echo "$link points to $current_target; move it before linking $cmd."
      exit 1
    fi
  fi
  sudo ln -sfn "$source_cmd" "$link"
done

hash -r
NEW_OUTPUT="$(/usr/local/bin/nmap --version)"
if [[ "$NEW_OUTPUT" =~ ([0-9]+\.[0-9]+) ]]; then
  NEW_VERSION="${BASH_REMATCH[1]}"
else
  NEW_VERSION="unknown"
fi
echo "Nmap source build is now ${NEW_VERSION}."
echo "Old prefixes under /opt are left in place for rollback; remove them after you confirm the new build works."
SCRIPT_EOF
sudo chmod +x /usr/local/bin/update-nmap-source

Run the helper as your normal user:

update-nmap-source

When the installed source build already matches upstream, the helper returns:

Current version: 7.99
Latest version:  7.99
Already up to date.

Run the source update helper manually instead of scheduling it with cron. A failed compile should be visible so you can keep the previous working prefix until the new build succeeds.

Use Nmap Safely on Fedora

Scan only systems and networks you own or have permission to assess. Nmap is a legitimate administration tool, but unsanctioned scans can violate policy or law.

For a safe local check, scan the loopback address:

nmap 127.0.0.1

Discover hosts on a network you administer with a ping scan:

nmap -sn 192.168.1.0/24

Check service versions on an authorized target:

nmap -sV 192.168.1.1

OS detection and SYN scans need raw socket access, so run those scans with sudo:

sudo nmap -O 192.168.1.1
sudo nmap -sS 192.168.1.1

The -sV flag probes service versions, -O attempts OS detection, and -sS requests a SYN scan. For deeper examples after installation, use the Nmap commands for beginners guide.

Pair Nmap checks with firewalld on Fedora when you want to confirm that local firewall rules match the exposure you expect.

Troubleshoot Nmap on Fedora

Nmap Command Is Missing

If the shell cannot find nmap, check the package state first:

rpm -q nmap >/dev/null && echo "nmap package is installed" || echo "nmap package is not installed"

A missing package returns:

nmap package is not installed

Install the Fedora package again when that check confirms it is absent:

sudo dnf install nmap

Scan Type Requires Root Privileges

OS detection without elevated privileges returns this message:

TCP/IP fingerprinting (for OS scan) requires root privileges.
QUITTING!

A SYN scan without elevated privileges returns a similar error:

You requested a scan type which requires root privileges.
QUITTING!

Rerun only the scan types that need raw socket access with sudo:

sudo nmap -O 192.168.1.1
sudo nmap -sS 192.168.1.1

Source Build Shadows the DNF Package

If both methods were installed at different times, list every matching command path:

type -a nmap

Example output with both paths present:

nmap is /usr/local/bin/nmap
nmap is /usr/bin/nmap

Remove the source build if you want Fedora’s package to be the default, or remove the DNF package if you want the source build to own the command.

Scans Show Every Port as Filtered

Filtered results usually mean a firewall dropped the probe rather than replying with a closed-port response. Confirm basic reachability first:

ping -c 3 192.168.1.1

If ping works but Nmap still reports filtered ports, check the target firewall and your local Fedora firewall policy. When host discovery itself is blocked but you are allowed to test the target, retry with -Pn so Nmap skips the initial ping check:

nmap -Pn 192.168.1.1

Remove Nmap from Fedora

The cleanup path depends on whether DNF or the source build installed the command you use.

Remove DNF-Installed Nmap

Remove the Fedora package first:

sudo dnf remove nmap

Verify the package is gone:

rpm -q nmap >/dev/null && echo "nmap package is installed" || echo "nmap package is not installed"

A removed package returns:

nmap package is not installed

Run DNF’s orphan cleanup separately only after reviewing the packages it wants to remove:

sudo dnf autoremove

Remove Source-Built Nmap

Set the source-built version you installed, then remove only symlinks that point into that prefix:

If you used the update helper more than once, list the rollback prefixes first and choose the version you want to remove:

ls -d /opt/nmap-* 2>/dev/null || echo "No source-built Nmap prefixes found"

The next commands permanently delete the source-built Nmap prefix, its command links, the update helper, and the local build directory. They do not remove Fedora’s DNF package.

NMAP_VERSION=7.99
NMAP_PREFIX="/opt/nmap-${NMAP_VERSION}"
for cmd in nmap ncat nping; do
  link="/usr/local/bin/$cmd"
  target="$NMAP_PREFIX/bin/$cmd"
  if [ "$(readlink -f "$link" 2>/dev/null || true)" = "$target" ]; then
    sudo rm -f "$link"
  fi
done
sudo rm -rf "$NMAP_PREFIX"
sudo rm -f /usr/local/bin/update-nmap-source
rm -rf "$HOME/nmap-build"
hash -r

Confirm that the source-built link no longer points at that prefix:

NMAP_VERSION=7.99
NMAP_PREFIX="/opt/nmap-${NMAP_VERSION}"
if [ "$(readlink -f /usr/local/bin/nmap 2>/dev/null || true)" = "$NMAP_PREFIX/bin/nmap" ]; then
  echo "source-built nmap link still exists"
else
  echo "source-built nmap link is removed"
fi

A removed source build returns:

source-built nmap link is removed

Conclusion

Nmap is ready on Fedora through either the maintained DNF package or a verified source build for upstream tracking. Keep scans limited to authorized systems, then review SSH on Fedora or Fail2Ban with firewalld on Fedora when the next step is securing exposed services.