How can I practice using nmap without scanning some real site or performing computer trespass?
There is a specific URL for that : scanme.nmap.org
Hello, and welcome to Scanme.Nmap.Org, a service provided by the Nmap Security Scanner Project and Insecure.Org.
We set up this machine to help folks learn about Nmap and also to test and make sure that their Nmap installation (or Internet connection) is working properly. You are authorized to scan this machine with Nmap or other port scanners. Try not to hammer on the server too hard. A few scans in a day is fine, but dont scan 100 times a day or use this site to test your ssh brute-force password cracking tool.
Thanks -Fyodor
If you are looking for vulnerable webapp here are some good lists :
- Hacking Vulnerable Web Applications Without Going To Jail
- Deliberately Insecure Web Applications For Learning Web App Security
nmap won't disclose security holes, nmap will only disclose what services are running.
I'd highly recommend downloading virtualbox then getting an vunerable webserver like metasploitable to run on it. That way you can scan until your hearts content and also futher research what exploits etc are possible.