HOW TO USE ZENMAP IN KALI LINUX

By Leonard Cucos •  Updated: 05/12/21 •  9 min read

In this tutorial, we will have a closer look at how to use ZENMAP in Kali Linux, from getting familiar with the interface to understanding its role in the information gathering process in ethical hacking.

Furthermore, you will learn how to use the ZENMAP to scan a network, configure scanning profiles, use the advanced topology option, read and compare scanning results, and how to save ZENMAP scan profiles for future use. 

We will be using ZENMAP with Kali Linux

Without further ado, let’s get started. 

What Is NMAP ZENMAP GUI?

ZENMAP is a free and open-source graphical front-end for NMAP. ZENMAP usually comes pre-packaged with NMAP but can also be downloaded separately from the official NMAP website

By all means, ZENMAP is not intended to replace NMAP but rather to complement an already powerful utility with additional features such as:

It is important to remember not to use ZENMAP to pick random targets to scan on the Internet without permission. You can get in serious trouble for doing so.

Instead, consider setting up your own Virtual Hacking Lab first, and you can practice ZENMAP without the worry of getting in any trouble.

Where is ZENMAP in Kali Linux?

ZENMAP used to be installed by default in Kali under the Information Gathering category but disappeared starting with version 2020. So, where is ZENMAP in Kali now?

The answer is nowhere. Since ZENMAP was built using the now deprecated Python 2 libraries, it stopped being supported upstream once Python 2 reached the end of life in January 2020.

So can we get ZENMAP NMAP GUI back in Kali Linux 2023 and above?

The answer is Yes! In fact, I have two easy methods to install ZENMAP in Kali Linux here. Once you got ZENMAP up and running, proceed to the next section.

Getting Started With ZENMAP in Kali Linux

It’s fair to say that using ZENMAP is as easy as 1,2,3… In fact, the interface is so intuitive that you can find your way around in seconds, even if you see ZENMAP for the very first time right now. 

Once installed, you will find ZENMAP in the Kali Linux menu or simply by running the sudo zenmap command in the terminal.

NOTE: You should run ZENMAP as root to avoid possible restrictions (some important flags can only be run as root). Additional features such as ARP for MAC address resolution are only available when ZENMAP is run as root as well.

How to use ZENMAP - Interface. Source: nudesystems.com

To run your first scan with ZENMAP and visualize the scan output follow these steps in order:

  1. Target: here is where you put your target IP or IP range, e.g., 192.168.130.129 as a single target or 192.168.130.120-140 as a multi-target.
How to use ZENMAP - example of the multi-target scan. Source: nudesystems.com
  1. Profile: this field presents us with a drop-down menu where we can select pre-customized NMAP commands for various scans such as Quick scan, Regular scan, Intense scan, etc. 
ZENMAP tutorial - example of the multi-target scan - Intense scan. Source: nudesystems.com
  1. Scan: triggers the scanning process for the target IP(s). Depending on the type of scan you use or how many targets, the scanning process might take a while though it is usually fast.
  1. Command: This field is showing you the NMAP command for the scan you performed above. You can further add NMAP command flags/options in this field to find additional details on a target machine- if needed. The below capture shows the NMAP command and flags used for the Intense scan.
How to use ZENMAP - command, and flags for Intense scan. Source: nudesystems.com

As mentioned before, you can add/remove NMAP parameters/flags and create your own ZENMAP scanning profiles. Here are more useful guides to help you get started with NMAP and ZENMAP.

  1. Host/Services: This section will list the hosts and services discovered during a ZENMAP scanning session. 
ZENMAP tutorial - list of alive discovered hosts in a network. Source: nudesystems.com
How to use ZENMAP - list of services discovered on the up [alive] hosts. Source: nudesystems.com
  1. The Output Area: the output section consists of five tabs: Nmap Output, Ports / Hosts, Topology, Hosts Details, Scans. Once the scan is completed, navigate through the output tabs to find the scan results as follows:
The ZENMAP tutorial - Nmap Output tab. Source: nudesystems.com
How to use ZENMAP - The Ports / Hosts tab in ZENMAP. Source: nudesystems.com

You can zoom in and out [mouse wheel], rearrange the nodes [click a node], get target details [right-click a node], choose layouts, save the graphic on your local machine – to say the least.  

How to use ZENMAP - The Topology tab in ZENMAP. Source: nudesystems.com
How to use ZENMAP - The Hosts Details tab in ZENMAP. Source: nudesystems.com

To save your Topology as an image on your disk, simply click on the Save Graphics button, give it a name, choose a location and click Save.

How to use ZENMAP - Save a ZENMAP Topology. Source: nudesystems.com
How to use ZENMAP - The Scans tab in ZENMAP. Source: nudesystems.com

How To Use ZENMAP Profile Editor

As mentioned before, ZENMAP allows us to create our own scans if the built-in scan profiles don’t match our exact needs. To access ZENMAP’s Profile Editor, press the CTRL+P key combination on your keyboard or navigate to Profile > New Profile in the ZENMAP menu. 

The capture below shows an example of creating a custom scan profile. You can give a name to your profile, and it will be available next time you open ZENMAP in your Profile drop-down menu. 

Also, you can choose which target(s) to scan, which targets to exclude, which protocols to use, choose from a vast built-in list of scripts to include, and much more. Here lies the true power of ZENMAP [NMAP]. 

At first glance, the Profile Editor, with its huge list of features, can be overwhelming. But don’t worry, take some time to play around with it, and you will master ZENMAP in no time. 

How to use ZENMAP - The Profile Editor in ZENMAP. Source: nudesystems.com

Once you finish customizing your next super-scan, don’t forget to click the Save Changes button.

Compare Scan Results In ZENMAP

This ZENMAP feature is extremely handy in many situations, two common scenarios being listed below:

To access ZENMAP’s Compare Results feature, press the CTRL+D key combination on your keyboard or navigate to Tools > Compare Results in the ZENMAP menu.

To demo the Compare Results feature, I performed two Quick scans on a Windows 10 target machine with and without Windows firewall enabled. You can see the results between A scan [firewall on – red] and B scan [firewall off – green].

ZENMAP tutorial - Compare Scan results example. Source: nudesystems.com

You can compare various scan results performed in a current ZENMAP session, or you can import saved .xml scans from previous sessions by clicking the Open button and select the .xml file saved on your local disk. Check the next section to find out how to save your current ZENMAP scan results. 

Save ZENMAP Scans

If you performed various scans with ZENMAP and would like to have them available, e.g., scan result comparison in the future, you can press CTRL+S key combination on your keyboard or navigate to Scan > Save Scan in the ZENMAP menu.

How to use ZENMAP - Save Scan in ZENMAP. Source: nudesystems.com

If you performed multiple ZENMAP scans, and would like to save them all in one go, press CTRL+ALT+S key combination on your keyboard or navigate to Scan > Save All Scans to Directory in the ZENMAP menu. 

How to use ZENMAP - Save All Scans to Directory in ZENMAP. Source: nudesystems.com

Wrapping Up

In this ZENMAP tutorial, we just scratched the tip of the iceberg on how to use ZENMAP, but enough to give you a taste for further exploration. 

If you’re looking for different commands to use in ZENMAP, go check the Information Gathering section of the website. There’s a lot of cool stuff waiting for you there.

If you found this ZENMAP tutorial useful, please help me share it with your friends and colleagues – it really makes a difference. 

Stay safe!

Leonard Cucos

Leonard Cucos is an engineer with over 20 years of IT/Telco experience managing large UNIX/Linux-based server infrastructures, IP and Optics core networks, Information Security [red/blue], Data Science, and FinTech.