How to Install Nmap on Fedora Linux

Nmap (Network Mapper) is an open-source tool for network discovery and security auditing. Network administrators and security professionals use it to map out networks, identify active devices, detect open ports, and discover services running on those devices. Nmap also supports OS detection, version detection, and scriptable interaction through its NSE (Nmap Scripting Engine), making it a core utility for vulnerability assessments and penetration testing on Fedora systems.

Fedora’s official repositories include Nmap 7.92, which receives security patches through standard system updates. For users who need the latest upstream release (currently 7.98), source compilation provides immediate access to newer features such as improved service detection signatures and updated NSE scripts. Both methods are covered below, starting with a comparison table to help you choose the right approach.

Choose Your Nmap Installation Method for Fedora

Fedora provides Nmap through its official repositories, and you can also compile the latest version from source. The table below summarizes the key differences.

Method	Channel	Version	Updates	Best For
DNF Package Manager	Fedora Repos	7.92.x (stable)	Automatic via dnf upgrade	Most users who want simple maintenance
Source Compilation	nmap.org	7.98 (latest stable)	Manual recompilation	Users needing newest features or custom builds

For most users, the DNF method is recommended because it provides automatic security updates and integrates with Fedora’s package management system. Compile from source only if you specifically need features unavailable in the repository version or require custom compilation flags.

Install Nmap on Fedora via DNF

The DNF method installs Nmap directly from Fedora’s official repositories. Since Fedora focuses on upstream releases with a six-month release cycle, the repository version is recent and well-tested.

Update Fedora Before Nmap Installation

Update your system to ensure all existing packages are current. This prevents dependency conflicts during installation.

sudo dnf upgrade --refresh

If you are new to using the sudo command, review our guide on adding a user to sudoers on Fedora.

Install Nmap via DNF Command

Install Nmap using the dnf install command. DNF automatically resolves and pulls in required dependencies such as libpcap for packet capture.

sudo dnf install nmap

Verify the Nmap Installation on Fedora

Once installation completes, confirm that Nmap is accessible and displays its build information.

nmap --version

Expected output:

Nmap version 7.92 ( https://nmap.org )
Platform: x86_64-redhat-linux-gnu
Compiled with: nmap-liblua-5.3.5 openssl-3.5.4 libssh2-1.11.1 libz-1.3.1.zlib-ng libpcre2-10.47 libpcap-1.10.6 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

The x86_64-redhat-linux-gnu platform confirms the package was installed through Fedora’s repositories. You can now use Nmap for network scanning tasks.

Install Nmap on Fedora from Source

Compiling Nmap from source provides access to the latest stable release and allows custom build options. This method requires more steps and manual updates, but it gives you the newest features and security fixes as soon as they are released.

Install Build Dependencies for Nmap

Install the required build tools and development libraries. These packages provide the GCC compiler, make utility, SSL/TLS support, SSH library integration, and Python scripting capabilities for Nmap’s NSE scripts.

sudo dnf install gcc gcc-c++ make automake libssh2-devel openssl-devel python3-devel

Download the Nmap Source Archive

Create a dedicated build directory and download the latest stable source tarball from nmap.org. The current stable release is 7.98.

mkdir -p "$HOME/nmap-build" && cd "$HOME/nmap-build"
curl -fLO --progress-bar https://nmap.org/dist/nmap-7.98.tar.bz2

Check the official Nmap download page for the current version. Replace 7.98 in the commands below if a newer version is available.

Extract and Configure the Nmap Source

Extract the source archive and run the configure script to prepare the build environment. The configure script checks for required libraries and creates the Makefile tailored to your system.

tar -xjf nmap-7.98.tar.bz2
cd nmap-7.98
./configure

Review the summary at the end of the configure output to confirm detection of SSL, SSH, and other features. A successful run produces output similar to:

Configuration complete.

   NMAP
   ----
   nmap:             YES
   ncat:             YES
   nping:            YES
   ndiff:            YES (requires python)

Compile and Install Nmap from Source

Run make with the -j$(nproc) flag to use all available CPU cores, which speeds up compilation on multi-core systems. After compilation finishes, install the binaries system-wide.

make -j$(nproc)
sudo make install

This copies the compiled binaries to /usr/local/bin/ and data files to /usr/local/share/nmap/.

Verify the Source-Compiled Nmap Installation

Confirm that the source-compiled version installed correctly. The output should reflect the version you downloaded.

nmap --version

Expected output for version 7.98:

Nmap version 7.98 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.4.7 openssl-3.5.4 nmap-libssh2-1.11.1 libz-1.3.1.zlib-ng libpcre2-10.47 libpcap-1.10.6 nmap-libdnet-1.14 ipv6
Compiled without:
Available nsock engines: epoll poll select

The x86_64-unknown-linux-gnu platform indicates a local build rather than a Fedora repository package.

Create an Nmap Update Script for Source Builds on Fedora

Source-compiled installations require manual upgrades when new versions are released. The following script automates version checking, downloading, and recompilation. It compares your installed version against the latest release on nmap.org and only rebuilds when an update is available.

Create the script file:

sudo tee /usr/local/bin/update-nmap.sh > /dev/null << 'SCRIPT_EOF'
#!/bin/bash
set -e

BUILD_DIR="$HOME/nmap-build"
INSTALL_PREFIX="/usr/local"
LOG_FILE="$BUILD_DIR/update.log"

# Safety checks
if [ "$(id -u)" -eq 0 ]; then
  echo "Run this script as a regular user, not as root."
  exit 1
fi

for cmd in curl tar make gcc; do
  if ! command -v "$cmd" >/dev/null 2>&1; then
    echo "Error: $cmd is required but not installed."
    echo "Run: sudo dnf install gcc gcc-c++ make curl"
    exit 1
  fi
done

mkdir -p "$BUILD_DIR"

# Get current installed version
CURRENT_VERSION=$("$INSTALL_PREFIX/bin/nmap" --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+' | head -n 1 || echo "none")

# Fetch latest version from nmap.org
LATEST_VERSION=$(curl -fsSL https://nmap.org/download.html | grep -oE 'nmap-[0-9]+\.[0-9]+\.tar\.bz2' | head -n 1 | grep -oE '[0-9]+\.[0-9]+')

if [ -z "$LATEST_VERSION" ]; then
  echo "Error: Could not fetch the latest version from nmap.org."
  exit 1
fi

echo "Current version: $CURRENT_VERSION"
echo "Latest version:  $LATEST_VERSION"

if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then
  echo "Already up to date."
  exit 0
fi

echo "Updating from $CURRENT_VERSION to $LATEST_VERSION..."
echo "$(date): Starting update to $LATEST_VERSION" >> "$LOG_FILE"

cd "$BUILD_DIR"

# Clean previous builds
rm -rf nmap-*/

# Download and extract
echo "Downloading nmap-$LATEST_VERSION.tar.bz2..."
curl -fLO --progress-bar "https://nmap.org/dist/nmap-$LATEST_VERSION.tar.bz2"
tar -xjf "nmap-$LATEST_VERSION.tar.bz2"
rm "nmap-$LATEST_VERSION.tar.bz2"

cd "nmap-$LATEST_VERSION"

# Build and install
echo "Configuring build..."
./configure --prefix="$INSTALL_PREFIX"
echo "Compiling (this may take a few minutes)..."
make -j"$(nproc)"
sudo make install

# Verify
NEW_VERSION=$("$INSTALL_PREFIX/bin/nmap" --version | grep -oE '[0-9]+\.[0-9]+' | head -n 1)
echo "$(date): Updated to $NEW_VERSION" >> "$LOG_FILE"
echo "Successfully updated Nmap to $NEW_VERSION."
SCRIPT_EOF
sudo chmod +x /usr/local/bin/update-nmap.sh

Since the script is installed to /usr/local/bin, you can run it from any directory in your terminal:

update-nmap.sh

Example output when already up to date:

Current version: 7.98
Latest version:  7.98
Already up to date.

When an update is available, the script automatically downloads the new source, recompiles, and installs it.

Avoid automating this script with cron. Compilation can fail due to missing dependencies or network issues. Run the script manually so you can monitor the output and address problems before they affect your system.

Basic Nmap Usage on Fedora

With Nmap installed, here are essential commands to get started. For comprehensive scanning techniques, see our Nmap commands for beginners guide.

Scan a single host for open ports:

nmap 192.168.1.1

Scan an entire subnet to discover active devices:

nmap 192.168.1.0/24

Detect service versions running on open ports (requires sudo for raw socket access):

sudo nmap -sV 192.168.1.1

Run OS detection alongside service enumeration for a more complete picture of network hosts:

sudo nmap -sV -O 192.168.1.1

The -sV flag identifies specific services and their versions on discovered ports, while -O attempts to fingerprint the remote operating system. Pair Nmap scans with firewalld on Fedora to verify that your firewall rules match your expectations.

Troubleshoot Nmap on Fedora

Permission Denied on Scans

Several scan types (SYN scans, OS detection, version probing) require raw socket access. If Nmap returns a “permission denied” or “requires root privileges” error, prefix the command with sudo:

sudo nmap -sS 192.168.1.1

Source Build Conflicts with DNF Package

If both the DNF package and a source build are installed, the shell uses whichever binary appears first in PATH. Check which binary is active:

which nmap
nmap --version

Source builds install to /usr/local/bin/nmap, while DNF installs to /usr/bin/nmap. To use one exclusively, remove the other using the removal instructions below.

Firewall Blocking Nmap Results

If scans return all ports as “filtered,” your local firewalld rules or the target’s firewall may be blocking probes. Test connectivity with a basic ping first:

ping -c 3 192.168.1.1

If the host responds to ping but Nmap shows all ports as filtered, the target is likely blocking port scans. Consider using the -Pn flag to skip host discovery and scan ports directly.

Remove Nmap from Fedora

If you need to uninstall Nmap, the process depends on how you installed it.

Remove DNF-Installed Nmap

For the package manager installation, use dnf remove to uninstall Nmap, then clean up orphaned dependencies.

sudo dnf remove nmap
sudo dnf autoremove

The autoremove command removes packages that DNF installed as dependencies but are no longer required by any installed package.

Remove Source-Compiled Nmap

For the source-compiled version, remove the installed binaries and data files from /usr/local/.

The following commands permanently delete the source-compiled Nmap installation, its data files, and the update script. This does not affect any DNF-installed version.

sudo rm -f /usr/local/bin/nmap /usr/local/bin/ncat /usr/local/bin/nping /usr/local/bin/ndiff
sudo rm -rf /usr/local/share/nmap
sudo rm -f /usr/local/share/man/man1/nmap.1 /usr/local/share/man/man1/ncat.1 /usr/local/share/man/man1/nping.1 /usr/local/share/man/man1/ndiff.1
sudo rm -f /usr/local/bin/update-nmap.sh

Remove the source build directory:

rm -rf "$HOME/nmap-build"

Verify removal by confirming the nmap command is no longer found:

which nmap

If removal was successful, this command returns no output or an error indicating the command was not found.

Conclusion

Nmap is now installed on your Fedora system, whether through the DNF package for automatic maintenance or compiled from source for the latest features. The DNF method provides security updates with standard system upgrades, while source compilation with the included update script gives you control over when to pull new releases from upstream. For network security tasks, Nmap’s port scanning, service detection, and NSE scripting capabilities allow you to discover running services and identify potential vulnerabilities across your network.

To build on your Nmap setup, explore related Fedora security guides: secure remote access with SSH on Fedora, protect against brute-force attacks with Fail2Ban and firewalld on Fedora, and manage your firewall rules with firewalld on Fedora.