How to Install Nmap on Ubuntu

Last updated on December 27, 2025 7:16 pm by Joshua James
Estimated reading time: 10 minutes
Nmap logo with globe graphic alongside Ubuntu logo on gradient background with network icons

Nmap (Network Mapper) helps you discover devices on your network, identify open ports, detect running services, and audit security configurations. As a result, network administrators use it to inventory hosts and troubleshoot connectivity, while security professionals rely on it for vulnerability assessments and penetration testing. By the end of this guide, you will have Nmap installed and verified on Ubuntu, along with practical examples to start scanning immediately.

Contents hide
1 Choose Your Nmap Installation Method
2 Update Ubuntu Before Installing Nmap
3 Method 1: Install Nmap via APT
4 Method 2: Install Nmap via Source Compilation
5 Basic Nmap Usage Examples
6 Update Source-Compiled Nmap
7 Remove Nmap from Ubuntu
8 Conclusion

Choose Your Nmap Installation Method

Ubuntu provides Nmap through its default repositories, which is the simplest approach for most users. Alternatively, compiling from source gives you the absolute latest version with all features enabled. The following table summarizes both options:

MethodChannelVersionUpdatesBest For
APT Package ManagerUbuntu ReposDistribution defaultAutomatic via apt upgradeMost users who want stability and simplicity
Source CompilationNmap.orgLatest stableManual recompilationUsers needing the newest features or custom builds

For most users, the APT method is recommended because it integrates with Ubuntu’s package management system, receives security updates automatically, and requires no additional maintenance. Only compile from source if you specifically need features unavailable in the repository version.

Update Ubuntu Before Installing Nmap

Before installing any software, refresh your package index to ensure you receive the latest available versions and security patches:

sudo apt update && sudo apt upgrade

This command updates the package lists and then upgrades all installed packages to their newest versions. Once complete, proceed with your chosen installation method.

Method 1: Install Nmap via APT

The APT method installs Nmap directly from Ubuntu’s official repositories. As a result, this approach requires no additional configuration and provides a version that has already undergone distribution-level testing.

To begin, install Nmap with the following command:

sudo apt install nmap

APT resolves all dependencies automatically and installs the nmap binary along with supporting files. Once installation completes, verify that Nmap is accessible:

nmap --version

This version output confirms a successful installation. However, the exact version varies by Ubuntu release:

Version Output on 22.04 LTS

Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.6 openssl-3.0.2 nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

Expected Output on 24.04 LTS

Nmap version 7.94SVN ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.4.6 openssl-3.0.13 libssh2-1.11.0 libz-1.3 libpcre2-10.42 libpcap-1.10.4 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

Resulting Output on 26.04 LTS

Nmap version 7.98 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.4.8 openssl-3.5.3 libssh2-1.11.1 libz-1.3.1 libpcre2-10.46 libpcap-1.10.5 nmap-libdnet-1.18.0 ipv6
Compiled without:
Available nsock engines: epoll poll select

Ubuntu 22.04 ships Nmap 7.80, Ubuntu 24.04 includes 7.94, and Ubuntu 26.04 provides 7.98. If you need the absolute latest version with all features, consider compiling from source as shown in Method 2.

Method 2: Install Nmap via Source Compilation

Compiling from source ensures you have the latest Nmap release with all optional features enabled. Although this method requires additional effort and manual updates, it provides access to the newest scanning capabilities and bug fixes before they reach distribution repositories.

Install Build Dependencies

First, install the development tools and libraries that Nmap requires. The build-essential package provides the GCC compiler and make utility, curl and ca-certificates enable the automatic version detection, and the additional libraries enable SSH protocol support and SSL/TLS functionality:

sudo apt install build-essential curl ca-certificates libssh2-1-dev libssl-dev

This command works across all supported Ubuntu LTS releases (22.04, 24.04, and 26.04).

Download the Nmap Source Code

Next, download the latest stable release. Instead of hardcoding a version number, the following command automatically detects and downloads the current stable release from the official Nmap download page:

cd ~
NMAP_VERSION=$(curl -sL "https://nmap.org/dist/" | grep -oP 'nmap-\d+\.\d+\.tar\.bz2' | sort -V | tail -1 | sed 's/nmap-//' | sed 's/.tar.bz2//')
echo "Downloading Nmap version: $NMAP_VERSION"
wget https://nmap.org/dist/nmap-${NMAP_VERSION}.tar.bz2

This command works by:

  • curl -sL — Silently fetches the Nmap distribution directory listing (see our curl command guide for more options)
  • grep -oP — Extracts tarball filenames matching the pattern nmap-X.XX.tar.bz2 (learn more in our grep command guide)
  • sort -V | tail -1 — Sorts versions numerically and selects the highest
  • sed — Strips the filename down to just the version number

If you prefer to download manually, visit the Nmap download page and use wget to download the tarball directly. Replace ${NMAP_VERSION} with the actual version number in the commands that follow.

Extract and Navigate to the Source Directory

After downloading, extract the compressed archive and change into the resulting directory:

tar -xjf nmap-*.tar.bz2
cd nmap-*/

In these commands, the -x flag extracts files, -j handles bzip2 compression, and the wildcard * matches whatever version you downloaded.

Configure, Compile, and Install

Now run the configure script to detect your system’s capabilities and generate the appropriate Makefile. Then compile and install:

./configure
make
sudo make install

The configure script analyzes your system and enables features based on available libraries. The make command compiles the source code, and sudo make install copies the binaries to /usr/local/bin/ where they become available system-wide.

Compilation typically takes 2-5 minutes depending on your system’s CPU. You can speed up the process on multi-core systems by running make -j$(nproc) instead of plain make.

Verify the Source-Compiled Installation

Finally, confirm the installation succeeded by checking the version of the newly compiled binary:

/usr/local/bin/nmap --version

You should see output similar to this:

Nmap version 7.98 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.4.8 openssl-3.5.3 libssh2-1.11.1 libz-1.3.1 nmap-libpcre2-10.45 nmap-libpcap-(with nmap-libdnet-1.18.0 ipv6
Compiled without:
Available nsock engines: epoll poll select

Because the source-compiled version installs to /usr/local/bin/, it typically takes precedence over /usr/bin/ in your PATH. Therefore, running nmap --version without the full path should also show the source-compiled version.

Basic Nmap Usage Examples

With Nmap installed, you can immediately start scanning. The following examples demonstrate common use cases. For comprehensive coverage of Nmap’s capabilities, see our Nmap commands for beginners guide.

Scan a Single Host

To begin, check which ports are open on a specific IP address or hostname:

nmap 192.168.1.1

This command performs a default scan that probes the 1,000 most common TCP ports and reports their status (open, closed, or filtered).

Scan Your Local Network

To find all active hosts on your subnet, use the ping scan option:

nmap -sn 192.168.1.0/24

Here, the -sn flag performs a ping scan without port scanning, making it faster for host discovery. Replace 192.168.1.0/24 with your network’s address range.

Detect Service Versions

To identify what software and versions are running on open ports, add the version detection flag:

sudo nmap -sV 192.168.1.1

With this flag, the -sV option probes open ports to determine service and version information. Because this requires root privileges for certain detection techniques, the command includes sudo.

Operating System Detection

Similarly, you can attempt to identify the target’s operating system:

sudo nmap -O 192.168.1.1

This OS detection uses TCP/IP stack fingerprinting and also requires root privileges. Keep in mind that results are probabilistic rather than definitive.

Update Source-Compiled Nmap

If you installed Nmap from source, you must manually update it when new versions are released. The following script automates version detection, compares against your installed version, and only proceeds if an update is available.

Create the Update Script

First, create an update script that handles the entire upgrade process:

cat << 'EOF' | sudo tee /usr/local/bin/update-nmap.sh
#!/bin/bash
set -e

# Check for required build tools
for cmd in gcc make curl wget; do
    if ! command -v $cmd &> /dev/null; then
        echo "Error: $cmd is required but not installed."
        echo "Run: sudo apt install build-essential wget curl ca-certificates"
        exit 1
    fi
done

# Get current installed version
CURRENT_VERSION=$(/usr/local/bin/nmap --version 2>/dev/null | grep -oP 'Nmap version \K[0-9]+\.[0-9]+' || echo "none")

# Fetch latest version from Nmap distribution page
LATEST_VERSION=$(curl -sL "https://nmap.org/dist/" | grep -oP 'nmap-\d+\.\d+\.tar\.bz2' | sort -V | tail -1 | sed 's/nmap-//' | sed 's/.tar.bz2//')

if [ -z "$LATEST_VERSION" ]; then
    echo "Error: Could not fetch latest version from nmap.org"
    echo "Check your internet connection or try again later."
    exit 1
fi

echo "Current version: $CURRENT_VERSION"
echo "Latest version:  $LATEST_VERSION"

if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then
    echo "Nmap is already up to date."
    exit 0
fi

echo "Updating Nmap from $CURRENT_VERSION to $LATEST_VERSION..."

cd /tmp
rm -rf nmap-*/

# Download and extract
wget -q "https://nmap.org/dist/nmap-${LATEST_VERSION}.tar.bz2"
tar -xjf "nmap-${LATEST_VERSION}.tar.bz2"
rm "nmap-${LATEST_VERSION}.tar.bz2"

cd nmap-*/
./configure
make -j$(nproc)
sudo make install

# Verify installation
NEW_VERSION=$(/usr/local/bin/nmap --version | grep -oP 'Nmap version \K[0-9]+\.[0-9]+')
echo "Successfully updated Nmap to version $NEW_VERSION"

# Cleanup
cd /tmp
rm -rf nmap-*/
EOF
sudo chmod +x /usr/local/bin/update-nmap.sh

This script includes several safeguards:

  • Prerequisite checks — Verifies that required build tools are installed before proceeding
  • Version comparison — Compares the installed version against the latest available version and exits early if already current
  • Error handling — Uses set -e to stop on any error and validates the API response before proceeding
  • Automatic cleanup — Removes downloaded files after successful installation

Run the Update Script

To check for updates and install them if available, run:

sudo /usr/local/bin/update-nmap.sh

If no update is available, you will see output similar to:

Current version: 7.98
Latest version:  7.98
Nmap is already up to date.

When an update is available, the script downloads, compiles, and installs the new version automatically:

Current version: 7.95
Latest version:  7.98
Updating Nmap from 7.95 to 7.98...
[compilation output]
Successfully updated Nmap to version 7.98

Avoid automating this with cron. Compilation can fail due to missing dependencies, failed tests, or network issues. Always run the script manually so you can monitor the output and address problems before they affect your system.

Remove Nmap from Ubuntu

When you no longer need Nmap, remove it using the appropriate method based on how you installed it.

Remove APT-Installed Nmap

To uninstall the package and clean up orphaned dependencies, run:

sudo apt remove nmap
sudo apt autoremove

Here, the autoremove command removes packages that were installed as dependencies but are no longer needed.

Remove Source-Compiled Nmap

In contrast, source-compiled installations require manual removal. Delete the installed binaries and supporting files with these commands:

sudo rm -f /usr/local/bin/nmap /usr/local/bin/ncat /usr/local/bin/nping
sudo rm -rf /usr/local/share/nmap
sudo rm -f /usr/local/share/man/man1/nmap.1 /usr/local/share/man/man1/ncat.1 /usr/local/share/man/man1/nping.1

Additionally, you can remove the source directory if you no longer need it:

rm -rf ~/nmap-*/ ~/nmap-*.tar.bz2

Finally, to confirm removal, verify that the nmap command is no longer available:

which nmap

If this command returns no output, Nmap has been successfully removed.

Conclusion

You now have Nmap installed on Ubuntu with the knowledge to scan hosts, discover services, and identify potential security issues on your network. The APT installation provides automatic updates and stability, while source compilation gives you access to the latest features. Use Nmap responsibly and only scan networks you own or have explicit permission to test. For more advanced scanning techniques, explore our Nmap commands guide which covers additional options for vulnerability detection, script scanning, and output formatting.

How to Install Okular on Ubuntu Linux

How to Install OpenJDK 8 on Ubuntu

Leave a Comment


If you have any legitimate inquiries, such as article suggestions, don't hesitate to contact LinuxCapable. Please ensure that your message is written in English.

Contact Us
About Us Disclaimer Privacy Policy Terms and Conditions