How to Install and Use Nmap in Termux on Android

If you want to learn network scanning on Android, Nmap is one of the best tools to start with. In this guide, I’ll show you how to install and use Nmap in Termux.

Nmap helps you discover devices, open ports, and running services on a network. Using Termux, you can practice real Nmap commands directly from your phone without needing a computer.

This tutorial is beginner-friendly and uses safe examples you are allowed to scan. By the end, you’ll understand how Nmap works and how to use it responsibly for learning and security testing.

What is Nmap

Nmap is a free network scanning tool used to discover devices and services on a network. It helps you see which ports are open, what services are running, and sometimes even what operating system a device is using.

Nmap works by sending network packets to a target and analyzing the responses. From those responses, it can identify active devices, open ports, and service information. This makes it useful for learning how networks work and for checking basic security settings.

If you are interested in network security or ethical hacking, Nmap is one of the first tools you should learn. It is widely used by security professionals and works well on Termux for practice and testing.

How to Install Nmap in Termux

Installing Nmap in Termux is easy and straightforward. Follow the steps below to install it successfully.

Step 1: Update and Upgrade Termux

Before installing Nmap, it is important to update Termux so that all packages and dependencies are up to date. This helps prevent common installation issues.

apt update && apt upgrade -y

If the update process pauses and asks something like ... (Y/I/N/O/D/Z) [default=N] ?, just press Enter to keep the default option. This may happen multiple times. Keep pressing Enter until you see the $ prompt again.

Step 2: Install Nmap in Termux

After updating Termux, you can now install Nmap. The package is lightweight, so it will not take long to download.

pkg install nmap -y

This command will download and install Nmap. Once the process finishes, Nmap will be ready to use.

Step 3: Check the Installation

To make sure Nmap is installed correctly, check its version.

nmap --version

If the version number appears, Nmap is installed and ready.

Step 4: Start Using Nmap

Now that Nmap is installed, you can start using it. For example, you can scan your own device by running:

nmap 127.0.0.1

This will scan your system and show information about open ports and running services on your device.

Troubleshooting

If you encounter any issues during installation:

• Make sure you are using the correct version of Termux from F-Droid or GitHub, not the Play Store.
• Re-run the update command before trying the installation again.
• If the issue persists, leave a message in the comment section below.

By following these steps, you have successfully set up Nmap in Termux. You can now start using it to scan networks and learn more about network security.

---

Using Nmap in Termux

In this section, we will look at useful Nmap commands that you can run in Termux. The examples here will start from simple to more advanced scans, helping you understand how Nmap works in real situations.

Important: Only scan devices or networks that you own or have clear permission to test. Scanning systems without authorization can be illegal and may cause serious trouble. Always use Nmap responsibly.

1. Scan a Website

Scanning a website with Nmap helps you collect basic network information such as open ports and running services. To scan a website, you need its domain name or IP address.

Use the following command:

nmap scanme.nmap.org

Nmap will display the website’s IP address, response time, and a list of open ports. For example, you may see ports like 22/tcp and 80/tcp, along with the services running on them like ssh and http.

Info! For these examples, we use the test website scanme.nmap.org. This website is provided by the creators of Nmap for testing purposes. You can replace it with any website or IP address you want to scan.

2. Scan Your Local Network

If you want to see what devices are connected to your local network, Nmap makes this easy. A local network scan helps you discover active devices and the open ports on each one.

Run the following command to scan your network:

nmap 192.168.1.1/24

This command scans all devices in the selected network range and shows their IP addresses with any open ports. You may see your router, phones, or computers, along with ports like 80 (HTTP) or 443 (HTTPS).

Replace 192.168.1.1/24 with your own network’s gateway IP and subnet range. You can find this information in Termux using ip route or ifconfig.

3. Do an Aggressive Scan

An aggressive scan allows Nmap to collect a lot of information about a target. This includes the operating system, service versions, and network path.

Use this command:

nmap -A scanme.nmap.org

This scan produces a detailed report showing detected operating systems, running services, and their versions. For example, it may identify an operating system like Linux and list open services such as ssh, PORT 22/tcp, VERSION OpenSSH 6.6.1p1 Ubuntu.

Aggressive scans take longer than basic scans and generate more network traffic, especially when used on larger networks.

4. Find Out the Operating System of a Device

Nmap can attempt to identify the operating system of a device by analyzing how it responds to network requests. This is useful for understanding what types of systems are present on a network.

Important limitation: OS detection in Nmap requires root privileges. On a standard Termux setup (without root access), this scan will not work and will return an error. This is a normal limitation, not a problem with your setup.

To try OS detection, use this command:

nmap -O scanme.nmap.org

If root access is available, Nmap will attempt to guess the target’s operating system based on network behavior. For example, it may identify a system as Linux or Ubuntu. The results are estimates and may not always be 100% accurate, but they still provide useful insight.

On most non-rooted Android devices, you will see an error like this:

TCP/IP fingerprinting (for OS scan) requires root privileges. QUITTING!

This happens because Nmap needs low-level access to the network stack, which Termux does not have without root permissions.

Using proot-distro as an Alternative

While proot-distro or termux-chroot can create a more Linux-like environment inside Termux, they do not fully replace real root access. Some advanced scans may partially work, but OS fingerprinting is still limited and may fail or return inaccurate results.

If your device is rooted, you can run Termux with root access to unlock these scans. If it is not rooted, focus on scans that work without root, such as port scanning and service detection.

Warning! Rooting your phone just to use this scan is not recommended. It can weaken security or permanently damage your phone if done incorrectly.

5. Check One Port

Sometimes you only need to test a specific port instead of scanning all ports. This is faster and useful when troubleshooting or checking for a particular service.

To check port 80 (HTTP), run:

nmap -p 80 scanme.nmap.org

Nmap will report whether the port is open or closed on the target. If the port is open, it may also show the service running on it, such as HTTP.

You can replace 80 with other ports, for example 443 for HTTPS, 22 for SSH, or 21 for FTP.

6. Scan Multiple Ports

In some cases, you may want to check more than one port at the same time. This is useful when a service might run on different ports, such as a website using both HTTP and HTTPS.

To scan ports 80 and 443, use this command:

nmap -p 80,443 scanme.nmap.org

Nmap will check only the specified ports on the target and report whether each one is open or closed. For example, it may show the status of 80 (HTTP) and 443 (HTTPS).

You can scan any ports you want by replacing 80,443 with other port numbers or ranges, separated by commas.

7. Ping a Host

Sometimes you just want to check whether a host is online. Nmap can do this by sending a simple probe to see if the target responds, without scanning any ports.

To perform a ping scan, use:

nmap -sn 192.168.1.202

Or scan a website:

nmap -sn www.google.com

Nmap will report whether the host is up and reachable. This is a quick way to confirm that a device or website is online before running deeper scans.

Note: Older Nmap versions used -sP for ping scans. In newer versions, -sn is the correct and recommended option.

8. Do a Quick Scan

When you need fast results and only basic information, a quick scan is a good option. The -F flag tells Nmap to scan a small set of the most common ports instead of scanning everything.

Run a quick scan using:

nmap -F scanme.nmap.org

The output will show which common ports are open on the target. It skips deeper checks like operating system detection or detailed service analysis, which makes the scan much faster.

Use this option when you want a quick overview of a device or network without waiting for a full scan.

9. Run a Vulnerability Scan

Nmap includes built-in scripts to help identify potential security issues on a system. Using the --script vuln option, you can check for known vulnerabilities, outdated services, open ports that shouldn’t be accessible, and misconfigurations.

To run a vulnerability scan, use:

nmap --script vuln 192.168.1.1

This command will generate a report highlighting potential weaknesses, helping you understand potential security risks and how to address them.

Keep in mind that Results are not always complete or 100% accurate. They are meant for learning and security assessment only. Make sure you have permission before doing this type of scan.

10. Save Scan Results

Nmap allows you to save scan results so you can review them later or share them with others. This is useful for documentation, troubleshooting, or comparing scans over time.

To save the scan results as a normal text file, run:

nmap -oN results.txt scanme.nmap.org

To save the results in XML format, use:

nmap -oX results.xml scanme.nmap.org

You can change results.txt or results.xml to any file name you prefer.

How to Access Saved Scan Results

Saved scan files are stored in your current Termux directory. To view a text result file, use:

cat results.txt

For easier reading, you can open the file in a text editor:

nano results.txt

XML files are mainly used with other tools or scripts, but you can still view them as plain text using cat or nano if needed.

Wrapping Up

These examples show practical ways to use Nmap in Termux to explore networks, discover devices, and learn how services are exposed.

By practicing these commands, you will build a stronger understanding of how networks work and how to secure them using proper techniques.

If you have questions, run into issues, or want to share your experience, feel free to leave a comment below.