How to Install Nmap on Ubuntu 26.04, 24.04 and 22.04

Finding which hosts are alive, which ports are open, and which services are exposed is much faster once Nmap is in your toolkit. To install Nmap on Ubuntu, you can use the Ubuntu package from Universe or build the current upstream release from the official Nmap download page.

For most users, the Ubuntu package is the easier place to start. It gives you Nmap 7.98 on Ubuntu 26.04 LTS, 7.94SVN on Ubuntu 24.04 LTS, and 7.80 on Ubuntu 22.04 LTS, and it updates with the rest of your normal APT packages. If you want the newer 7.99 release instead, the source build puts a separate copy in /usr/local/bin, so Ubuntu’s packaged version is not overwritten.

Install Nmap on Ubuntu

Two installation paths make sense on Ubuntu. APT gives you the distro-maintained package with normal system updates, while the source build tracks the latest upstream release from nmap.org.

Method	Channel	Version	Updates	Best for
APT package	Ubuntu Universe	Distribution default	Automatic through apt upgrade	Most users who want the easiest maintenance path
Source build	Nmap.org official download page	Latest stable	Manual through update-nmap	Readers who need the newest upstream release right away

APT is the simpler default for most Ubuntu systems because it stays tied to Ubuntu’s package manager and security updates. Compile from source only when you want the current upstream release instead of the version Ubuntu ships for your LTS release.

Pick one active Nmap binary unless you deliberately want both. Ubuntu’s package installs nmap in /usr/bin, while the source build installs it in /usr/local/bin. On a normal Ubuntu shell, /usr/local/bin appears earlier in PATH, so the source-built copy becomes the command you run by default.

Prepare Ubuntu for Nmap installation

Refresh the package index and install any pending updates before you add new packages.

sudo apt update && sudo apt upgrade

These commands use sudo for tasks that need root privileges. If your account does not have sudo access yet, follow the guide on how to add a new user to sudoers on Ubuntu first.

Nmap is available in Ubuntu’s Universe repository on 26.04, 24.04, and 22.04. Standard desktop installs usually have Universe enabled already, but minimal or customized systems may need you to enable Universe on Ubuntu before apt can find the package.

Install Nmap from Ubuntu’s repositories

Install the Ubuntu package when you want the distro-maintained build and standard APT updates.

sudo apt install nmap

This installs the main nmap scanner and the nping utility. ncat and ndiff stay separate packages on all supported Ubuntu releases, and zenmap is a separate package on Ubuntu 24.04 and 26.04 only.

Verify the installed version before you start scanning.

nmap --version

On Ubuntu 26.04, the command returns:

Nmap version 7.98 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.4.8 openssl-3.5.5 libssh2-1.11.1 libz-1.3.1 libpcre2-10.46 libpcap-1.10.6 nmap-libdnet-1.18.0 ipv6
Compiled without:
Available nsock engines: epoll poll select

Repository version details vary by Ubuntu release:

Ubuntu release	APT package version	nmap --version
Ubuntu 26.04 LTS (Resolute)	7.98+dfsg-1	7.98
Ubuntu 24.04 LTS (Noble)	7.94+git20230807.3be01efb1+dfsg-3build2	7.94SVN
Ubuntu 22.04 LTS (Jammy)	7.91+dfsg1+really7.80+dfsg1-2ubuntu0.1	7.80

Ubuntu 22.04 is the odd one out. apt-cache policy reports the patched package revision 7.91+dfsg1+really7.80+dfsg1-2ubuntu0.1, but the installed binary still prints Nmap version 7.80, which is the expected CLI version string on Jammy.

Build the latest Nmap release from source on Ubuntu

Use the source build when you want the current upstream 7.99 release instead of Ubuntu’s packaged version.

sudo apt install build-essential curl ca-certificates libssh2-1-dev libssl-dev

build-essential provides the compiler and standard build tools. The libssl-dev and libssh2-1-dev packages add the development headers Nmap uses for TLS and SSH-related features during compilation.

mkdir -p "$HOME/nmap-build"
cd "$HOME/nmap-build"

This working directory keeps the downloaded tarball and extracted source tree under your home folder. The final binaries still install into /usr/local, but the build files stay easier to inspect or remove later.

The next block asks the Nmap release directory for the newest tarball name. $TARBALL stores the archive filename, and $SOURCE_DIR stores the extracted directory name you will use later. Run the next steps in the same terminal session so those variables remain available.

TARBALL=$(curl -fsSL https://nmap.org/dist/ | grep -oE 'nmap-[0-9]+\.[0-9]+(\.[0-9]+)?\.tar\.bz2' | sort -V | tail -n 1)
SOURCE_DIR="${TARBALL%.tar.bz2}"
printf 'Latest tarball: %s\nSource directory: %s\n' "$TARBALL" "$SOURCE_DIR"

Relevant output includes:

Latest tarball: nmap-7.99.tar.bz2
Source directory: nmap-7.99

Download the tarball next. The -f flag stops on HTTP errors, -L follows redirects, and -O saves the file under the original upstream filename.

curl -fLO --progress-bar "https://nmap.org/dist/$TARBALL"

Confirm that the archive was saved before you extract it.

stat -c '%n %s bytes' "$TARBALL"

Relevant output includes:

nmap-7.99.tar.bz2 13036588 bytes

Extract the archive and move into the new source directory.

tar -xjf "$TARBALL"
cd "$SOURCE_DIR"

Now run the configure step. This checks your build environment and creates the Makefiles Nmap needs before anything is compiled.

./configure

Relevant output includes:

Configuration complete.  Type make (or gmake on some *BSD machines) to compile.

Compile the source tree next. The $(nproc) part asks Ubuntu how many CPU threads are available, so make can build in parallel instead of using only one core.

make -j"$(nproc)"

When the compile step finishes without errors, install the binaries under /usr/local.

sudo make install

Relevant output includes:

NPING SUCCESSFULLY INSTALLED
NMAP SUCCESSFULLY INSTALLED

Confirm that the source build now wins on your shell path. On a standard Ubuntu install, /usr/local/bin comes before /usr/bin, so this check tells you whether the freshly compiled copy is the one your shell will use.

command -v nmap
nmap --version

On Ubuntu 26.04, the source build reports:

/usr/local/bin/nmap
Nmap version 7.99 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.4.8 openssl-3.5.5 libssh2-1.11.1 libz-1.3.1 nmap-libpcre2-10.47 nmap-libpcap-1.10.6 nmap-libdnet-1.18.0 ipv6
Compiled without:
Available nsock engines: epoll poll select

The important change is the 7.99 upstream version and the /usr/local/bin/nmap path. Library versions vary by Ubuntu release. This source build also provides ncat under /usr/local/bin/ncat, while Ubuntu’s packaged copy of Nmap remains under /usr/bin until you remove it.

Use Nmap on Ubuntu

Once Nmap is installed, start with a few safe discovery commands before moving on to heavier scans. For more scan types, NSE scripts, and output formats, see our Nmap commands for beginners guide.

Scan one host with Nmap on Ubuntu

Use a basic scan when you want to see the most common open TCP ports on one target.

nmap 192.168.1.10

This checks the target against Nmap’s default top 1,000 TCP ports and reports whether each port is open, closed, or filtered.

Discover live systems on your subnet with Nmap on Ubuntu

Use a ping scan when you only need to know which hosts are up on the local network.

nmap -sn 192.168.1.0/24

The -sn flag skips the port scan and focuses on host discovery, which makes this a fast way to inventory active devices.

Detect service versions with Nmap on Ubuntu

Add version detection when you want to see which services are listening behind the open ports Nmap finds.

nmap -sV 192.168.1.10

The -sV flag asks Nmap to probe detected services and identify the software and version behind each open port.

Detect the operating system with Nmap on Ubuntu

Operating system fingerprinting uses raw packets, so it needs root privileges.

sudo nmap -O 192.168.1.10

The -O flag compares the target’s network responses against Nmap’s OS fingerprint database and tries to identify the remote platform.

Update or Remove Nmap on Ubuntu

Update the Ubuntu package for Nmap

When you installed Nmap through Ubuntu’s repositories, use APT to pull newer package revisions.

sudo apt install --only-upgrade nmap

Relevant output includes:

nmap is already the newest version (7.94+git20230807.3be01efb1+dfsg-3build2).

Update the source-built Nmap release on Ubuntu

If you compiled Nmap into /usr/local, install a small helper script so you can update it later without rebuilding the whole workflow from memory.

Before it downloads anything, the script checks that you are running it as a normal user, confirms that the build tools still exist, reads the version from /usr/local/bin/nmap, and looks up the newest tarball on nmap.org. If the installed version is already current, it stops after the version check instead of compiling the same release again.

The script stores its temporary build files under ${XDG_CACHE_HOME:-$HOME/.cache}/nmap-build, which keeps large source downloads out of /tmp. The command uses sudo tee because /usr/local/bin/update-nmap is a root-owned path, and a plain > redirection would still run with your normal shell permissions.

cat <<'EOF' | sudo tee /usr/local/bin/update-nmap > /dev/null
#!/usr/bin/env bash
set -euo pipefail

BUILD_CACHE="${XDG_CACHE_HOME:-$HOME/.cache}/nmap-build"
CURRENT_BIN="/usr/local/bin/nmap"

if [ "$(id -u)" -eq 0 ]; then
  echo "Run update-nmap as your regular user."
  echo "The script uses sudo only for the final install step."
  exit 1
fi

for cmd in curl grep sort tar make gcc; do
  if ! command -v "$cmd" >/dev/null; then
    echo "Error: $cmd is required but not installed."
    echo "Install the source-build dependencies first, then try again."
    exit 1
  fi
done

if [ ! -x "$CURRENT_BIN" ]; then
  echo "Error: $CURRENT_BIN was not found."
  echo "Install the source-built copy of Nmap before using update-nmap."
  exit 1
fi

mkdir -p "$BUILD_CACHE"
cd "$BUILD_CACHE"

echo "Checking the latest Nmap release..."
TARBALL=$(curl -fsSL https://nmap.org/dist/ | grep -oE 'nmap-[0-9]+\.[0-9]+(\.[0-9]+)?\.tar\.bz2' | sort -V | tail -n 1 || true)

if [ -z "$TARBALL" ]; then
  echo "Error: Could not determine the latest Nmap tarball."
  exit 1
fi

SOURCE_DIR="${TARBALL%.tar.bz2}"
LATEST_VERSION="${TARBALL#nmap-}"
LATEST_VERSION="${LATEST_VERSION%.tar.bz2}"
CURRENT_VERSION=$("$CURRENT_BIN" --version 2>/dev/null | grep -oE '[0-9]+(\.[0-9]+)+' | head -n 1 || true)
CURRENT_VERSION="${CURRENT_VERSION:-missing}"

echo "Current version: $CURRENT_VERSION"
echo "Latest version:  $LATEST_VERSION"

if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then
  echo "Nmap is already up to date."
  exit 0
fi

echo "Cleaning the previous build cache..."
rm -rf "$BUILD_CACHE"/nmap-*/
rm -f "$BUILD_CACHE"/nmap-*.tar.bz2

echo "Downloading $TARBALL..."
curl -fLO --progress-bar "https://nmap.org/dist/$TARBALL"

echo "Extracting $TARBALL..."
tar -xjf "$TARBALL"

if [ ! -d "$SOURCE_DIR" ]; then
  echo "Error: Expected source directory $SOURCE_DIR was not created."
  exit 1
fi

cd "$SOURCE_DIR"

echo "Configuring the build..."
./configure

echo "Compiling Nmap..."
make -j"$(nproc)"

echo "Installing the new release..."
sudo make install

NEW_VERSION=$("$CURRENT_BIN" --version 2>/dev/null | grep -oE '[0-9]+(\.[0-9]+)+' | head -n 1 || true)
NEW_VERSION="${NEW_VERSION:-unknown}"

cd "$BUILD_CACHE"
rm -rf "$SOURCE_DIR" "$TARBALL"
echo "Updated Nmap to $NEW_VERSION."
EOF

Make the helper executable next.

sudo chmod +x /usr/local/bin/update-nmap

Confirm that the updater is on your shell path. Once this check prints /usr/local/bin/update-nmap, you can run it from any terminal directory.

command -v update-nmap

Relevant output includes:

/usr/local/bin/update-nmap

Run the updater from your normal user account. It only uses sudo for the final make install step.

update-nmap

When a newer upstream release is available, the first lines look like this while the script downloads, configures, compiles, and installs the update:

Checking the latest Nmap release...
Current version: 7.98
Latest version:  7.99
Cleaning the previous build cache...
Downloading nmap-7.99.tar.bz2...
Configuring the build...
Compiling Nmap...
Installing the new release...
Updated Nmap to 7.99.

When the source build is already current, the output stays short:

Current version: 7.99
Latest version:  7.99
Nmap is already up to date.

Avoid automating this with cron. Compilation can fail due to missing dependencies, failed builds, or network issues. Run update-nmap manually so you can watch the output and fix problems before they affect your next scan.

Remove the Ubuntu Nmap package

Use APT when you want to remove the Ubuntu-managed package and its orphaned dependencies.

sudo apt remove --autoremove nmap

On Ubuntu 26.04, APT 3 summarizes the removal like this:

REMOVING:
  libblas3  liblinear4  nmap  nmap-common

Summary:
  Upgrading: 0, Installing: 0, Removing: 4, Not Upgrading: 15
  Freed space: 28.4 MB

Ubuntu 24.04 and 22.04 still use the older APT 2 wording with The following packages will be REMOVED:, but the result is the same. Verify package removal with:

dpkg -l nmap | grep '^ii'

No output means the Ubuntu package is gone.

Remove the source-built Nmap files on Ubuntu

If you compiled Nmap into /usr/local, remove those files separately. This does not touch an Ubuntu-packaged copy in /usr/bin.

The next commands permanently delete the source-built binaries, man pages, updater script, and build directories. If you want to keep your local source tree for future rebuilds, skip the final cleanup block.

Start by removing the source-built executables and the update-nmap helper from /usr/local/bin.

sudo rm -f /usr/local/bin/nmap /usr/local/bin/ncat /usr/local/bin/nping /usr/local/bin/update-nmap

Remove the matching man pages and the shared Nmap data directory next. The rm -rf command recursively deletes /usr/local/share/nmap, so double-check the path first if you changed the install prefix during your source build.

sudo rm -f /usr/local/share/man/man1/nmap.1 /usr/local/share/man/man1/ncat.1 /usr/local/share/man/man1/nping.1
sudo rm -rf /usr/local/share/nmap

If you no longer need the original build tree or the updater cache, remove those from your home directory too.

rm -rf "$HOME/nmap-build"
rm -rf "${XDG_CACHE_HOME:-$HOME/.cache}/nmap-build"

If the Ubuntu package is still installed, the command path falls back to the distro copy:

command -v nmap
command -v ncat
command -v nping

Relevant output includes:

/usr/bin/nmap
/usr/bin/nping

That means the source-built copy is gone and Ubuntu’s packaged binaries are active again. If you already removed the Ubuntu package too, the commands return no output.

Troubleshoot Nmap on Ubuntu

Fix the “requires root privileges” error in Nmap on Ubuntu

OS fingerprinting and some raw-packet scan types fail when you run them without root privileges.

TCP/IP fingerprinting (for OS scan) requires root privileges.
QUITTING!

That happens because options such as -O need raw socket access. Re-run the scan with sudo:

sudo nmap -O 127.0.0.1

On a local Ubuntu host, a successful run begins like this:

Starting Nmap 7.99 ( https://nmap.org ) at 2026-04-10 15:14 +0800
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00025s latency).
Not shown: 998 closed tcp ports (reset)
PORT    STATE SERVICE
22/tcp  open  ssh
631/tcp open  ipp

Nmap on Ubuntu FAQ

Conclusion

Nmap is installed on Ubuntu and ready for host discovery, service enumeration, and deeper audit work from the terminal. For packet-level follow-up, install Wireshark on Ubuntu, and if you are checking your own exposed services, configure UFW on Ubuntu so your firewall rules and scan results stay in sync.