Nmap Reviews

One major use case is port scanning for open reduction. We examine the default open ports in an organization to assess exposure. 

Additionally, we use it to validate specific applications externally and assess the penetrability of a given environment. Various scripts and combinations help us understand configuration, uncover unrealistic ports, and determine appropriate actions.

We assess the potential for lateral movement and evaluate the extent of penetration from an attack surface perspective. Nmap is crucial for reconnaissance, helping us identify and act on vulnerabilities.

The solution is part of our cybersecurity arsenal. When it comes to financial security, these tools are fundamental to running the show.

My preference for Nmap is not solely based on the tool itself. t boils down to two main aspects. 

First, considering the expected outcomes, if the tool can deliver what we're seeking, it adds a layer of ease. 

Secondly, from an overall Nmap perspective, I find it advantageous as it can be seamlessly combined with other tools or scripts. This flexibility allows us to make informed decisions regarding cyber constraints and even facilitates lateral movement. 

Moreover, automation becomes feasible in certain scenarios. For instance, Nmap integrates components of vulnerability scanning tools like Nessus, OpenRAS, or AppID. This integration ensures a clear understanding of the details and required outcomes, making it an effective tool for reconnaissance.

Nmap major operates through the CLI; there's no GUI component, and that's where the challenge is. However, there's a gradual evolution in this aspect. 

I haven't observed the introduction of a graphical layer from a UI perspective, but if it does happen, it could handle tasks similar to Wireshark. But Nmap wouldn't replace Wireshark, as they serve distinct roles. 

The integration of these components becomes feasible, allowing for effective collaboration. Presently, Nmap lacks the capability for packet capturing or reading, but in real-time scenarios, combining it with other tools can yield efficient results. 

To enhance its capabilities, focusing on APIs would be a logical starting point, although the current options are somewhat limited. The digital space is evolving rapidly, so there's ample room for improvement.  

We have been working with this solution for more than 12 years now.

I would rate the stability a nine out of ten. Patches will always be there, but everything produces results, and it's targeted. 

We don't face challenges in terms of revalidation, making it quite stable.

I would rate the scalability an eight out of ten. 

Cloud features are absent, which is a significant drawback. However, the tool is highly effective and robust in mature aspects.

Size doesn't matter. Scanning and operation time may vary based on size, but Nmap can be adopted anywhere. It's not restricted by company size.

It's an open-source product, and I haven't seen any premiums. Options are available for those who purchase, but for my use case, everything I need is available in the community and forums. 

In enterprise-level scenarios, if issues arise with embedding components or technical partnerships with vendors, support is available. 

However, common users and evangelists typically rely on the community for assistance.

Nmap cannot be compared with any enterprise-level variants. However, SolarWinds is a candidate as they operate in the NMS space. 

Nagios is another tool, an open-source, one providing visualization. The basic data collection is from Nmap, and they have the Nmap library in their Nagios part. It's not directly comparable because they've taken some features or the library and developed a different tool on top of it. That's what I've observed in the market.

From a usability perspective, the tool is a bit complex, but from a functionality standpoint, it's robust and straightforward to comprehend. 

Initial setup might pose a challenge for newcomers, but over time, it becomes more manageable.

It can be deployed as a hybrid model, provided the cloud used has backend connectivity to physical data centers. However, it's not SaaS-friendly like tools such as SolarWinds, as Nmap was developed in a time when cloud dominance and virtualization were not prevalent. Adaptability is somewhat limited, and that's what got missed.

As a consultant, I aim for a vendor-neutral approach. Whenever there's a need or requirement, we adapt accordingly. Our major focus is on understanding the customer's exact needs, especially when commercial convergence is involved. Based on that, we position ourselves.

Overall, I would rate the solution a seven out of ten. The reason is that cloud and GUI scenarios are not well addressed, but it's a reliable component for various purposes.

It's a dependable and reliable tool for any reconnaissance activity. It's a good choice for basic tech service management recon.

The tool helps with tasks such as network integration and mapping. Nmap comes equipped with numerous scripts that aid in identifying the operating system and  available ports. 

My web team uses the product during routine penetration testing. 

The tool's most valuable feature is its scripts. These scripts prove beneficial when security features may obscure or block connections. Nmap helps identify vulnerabilities across different systems, including web servers and various server types.

Nmap needs to improve its scanning speed. 

The solution's stability is pretty good. 

The tool is not deployed on a shared environment. It is deployed as an individual setup. 

Since it's an open-source tool, I haven't specifically sought support assistance. However, the community is very active. There are active forums where people communicate, and it's an open environment where anyone can ask questions. 

Nmap's deployment is straightforward. 

Nmap is a free tool, so it helps save a lot of time when identifying vulnerabilities on the network.

Nmap is an open-source and free product. 

You can install the product on any endpoint. Analysts should have it, especially those in red teams or penetration testing. Anyone interested in cybersecurity or any related field should know how to use Nmap. I rate it a ten out of ten. 

We use the solution to add up the router on a network.

Nmap can display all the services that are exposed within a permission system. It offers an option to optimize the scanning process, ensuring that our scans remain undetected by other security tools integrated into the automation system. Additionally, Nmap provides features to adjust the nature of the scan, allowing it to bypass security tools such as EDP and base. Furthermore, it includes options to optimize scan response time and duration.

Sometimes, the solution doesn't provide the names of services. We find a solution, but we do not entirely know about it. It utilizes a database of services. When the solution scans, it matches the data obtained from the scan with the entries in the database to display the names of services at the target site. For example, we might have an exposed port but remain uncertain about the associated service. Nmap can identify what services are running and their associated products. It doesn't allow exploiting vulnerabilities automatically. However, having such capabilities could greatly enhance security, particularly for servers exposed to the internet. 

I have been using Nmap for one and a half years.

The product is stable.

The initial setup is simple.

Overall, I rate the solution an eight out of ten.

We use the solution to scan and monitor ports. We can get insights into operating systems, status, protocols, and services.

The solution's most valuable feature is scanning.

The solution's initial setup could be better. Also, they should provide more insights into the network infrastructure.

I have been using the solution for two years.

The solution's initial setup process is complicated. It requires specific skills to execute the implementation.

It is a free source application.

It is a beneficial tool for scanning. I rate it as an eight.

The price is high and could be cheaper. The third-party library vulnerability assessment could be included in the next release.

We have been using the solution for seven months.

The solution is stable. I rate the stability an eight out of ten.

The solution is scalable. Approximately 100 people in our organization utilize it.

We have not had experience with customer service and support.

The initial setup was simple and took us approximately five days.

We chose this solution because it supports several frameworks, including coding frameworks.

I rate the solution a nine out of ten.

Three technicians in our company use the solution extensively to scan our environment and find security holes. 

The solution is powerful for troubleshooting and finding security holes in services. 

The scanning procedure includes UDP ports which sets it apart from competitors. 

It takes a bit of time to get familiar with the solution and its options.

A scan to determine whether a service or application is lost would be a useful addition. For example, a scan that checks whether a service in layer seven is blocked by a server or host. 

A graphic interface for Windows would be helpful. 

I have been using the solution for one year. 

The solution is really stable. 

The solution is scalable. 

I have not needed technical support. 

The setup is quite simple. 

The solution is open source so it is free. 

The solution really is not comparable to other products because of its many features. We looked at Wireshark but there's really no comparison. 

I rate the solution a nine out of ten. 

Nmap is a tool for analyzing perimeter security and application output.

Nmap is easy to use. It's a command-line interface, and the output is quite good. 

Were a mid-sized company with about 50-plus employees, and we've been using Nmap for more than five years

Nmap is stable. 

Nmap is easy to scale anytime.

We've never had to contact support. The community on the forums answers our questions. 

Setting up Nmap is effortless. 

Nmap is an open-source solution.

I rate Nmap nine out of 10. 

Nmap works as a basic diagnostic and security tool. It helps us discover open ports and check connectivity.

Nmap has a powerful command line tool and a set of diagnostic features. It enables us to check connectivity and discover open ports.

There could be a specific option to check non-pingable endpoints for the product.

We never encountered any system downtime.

We have five Nmap users in our organization. We can scan large networks and control speed as well. Thus, it has good features for scalability.

I referred to support documentation and forums to resolve the technical issues.

It is a command line tool. Thus, we have to install and run it.

I am exploring a lot of products. However, I am still looking for an alternative for this particular tool.

It is a great and simple tool. I rate it a nine out of ten.