Now No Need To Remember Nmap Commands While Doing Pentest


While doing Penetration Testing we always have to run the basic Nmap scan to find services running on remote host. Nmap is a small world of tools in itself, there are so many options and modules in Nmap that sometimes it is very difficult to remember all of them. Even the researcher of International Institute of Cyber Security has automated many task required during pentesting phases.

So today we will talk about a tool called Sandmap. It is a network scanning tool, we can scan any network easily using massive Nmap Engine. This application is simple and easy to use, it has 31 modules & 495 scanning profiles. This tool provides user-friendly interface.


  • OS: Kali Linux 2020
  • Kernel version: 5.6.0

Installation Steps

root@kali:/home/iicybersecurity# git clone
Cloning into 'sandmap'...
remote: Enumerating objects: 2697, done.
remote: Total 2697 (delta 0), reused 0 (delta 0), pack-reused 2697
Receiving objects: 100% (2697/2697), 15.96 MiB | 550.00 KiB/s, done.
Resolving deltas: 100% (1842/1842), done.
  • Use cd command to enter into sandmap directory
root@kali:/home/iicybersecurity# cd sandmap/
  • Now, use this command to launch the tool. “Sandbox”
Sandmap - Tool Launch
Sandmap – Tool Launch
  • Type “help” to find the options.
Sandmap - Help
Sandmap – Help
  • Type “list” to view all the modules
Sandmap - List
Sandmap – List
  • Type “use” command to select any particular module. “use <module name>”
  • Port scan: port scan is used to list out all the open ports on a particular IP address
  • Next, set the target IP address which we want to scan, use this command “set dest <IP address>”.
  • Now, use “init” command to perform the scan. “init <ID or Alias>”.
Sandmap - Port Scan
Sandmap – Port Scan
  • Successfully got the open ports

HTTP Services

  • Type “use” command to select any particular module. “use <module name>”
  • After selecting the module, type “show” to view the modules of http-services.
Sandmap - HTTP Services Show
Sandmap – HTTP Services Show

WAF Detection: WAF (web application firewall) detection, it protects the application from the attackers and it also filters, monitors the traffic.

  • To perform this step, we have started the “DVWA”, it a web application testing OS.
  • Use DVWA IP as a target, then start scanning.
Sandmap - HTTP Services Scan
Sandmap – HTTP Services Scan
  • Successfully detected the WAF with open ports.


  • Type “use” command to select any particular module. “use <module name>”
  • After selecting the module, type “show” to view zenmap modules
Sandmap - Zenmap Module
Sandmap – Zenmap Module
  • Set the target IP address by using “set dest <IP address>”
  • Intense Scan: Intense scan is used to find out the OS detection, version detection, script scanning and traceroute. Detection can be done by monitoring the response where we send TCP/UDP packets, this can be done with stack fingerprinting.
  • Next, use “init ID or Alias” to start scanning
Sandmap - Zenmap Scan Fig 1
Sandmap – Zenmap Scan Fig 1
Sandmap - Zenmap Scan Fig 2
Sandmap – Zenmap Scan Fig 2
  • Successfully got the information about the target.


We saw on how we scanned a host by selecting a particular module and we can say that this tool is an advanced Network mapping engine.