How To: Do an Idle Scan with Nmap

Do an Idle Scan with Nmap

Welcome back my fellow hackers. Today I'm going to teach you how to preform an Idle Scan. You may be asking what is an Idle Scan. Its a very stealthy scan because you don't use your own ip you use a zombie (in computer terms).

Heads up. If you are root you don't need the sudo

Step 1: Finding a Vulnerable Computer

First we have to find a good zombie who has close connection with you. So you should do a port scan and an operating system detection in nmap so nmap can find the IP ID. You would do it Like this sudo nmap -sA -O -v (website or IP) without the parenthesis.

Example: sudo nmap -sA -O -v
It should look similar to the image below

Then you find a line that says IP ID Sequence Generation. If it says Incremental or Broken little-endian incremental. You hit the jackpot and you have a zombie you can use. If it says anything else you should try looking for another IP or Website.

Step 2: How to Perform the Idle Scan

After you finish the first step all you need to do is nmap (command) -sI (zombie host) (website).

Ex: nmap -Pn -p- -v -sI

Then it should display the info and that's how you do it

Image via

Now That You Know

You should go find some vulnerable victims to hack. And go get hacking.
Please post in the comments what I should do a how to on next and if I have any errors. Thank you.

Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.

Buy Now (90% off) >

Other worthwhile deals to check out:

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

1 Comment

Show us how to find a zombie system that won't get us into trouble. Also, would it be possible to use our smartphone as a zombie and have our laptop connected to a different network?

Share Your Thoughts

  • Hot
  • Latest