Nmap Reviews

My main use case for Nmap is reconnaissance, so identifying open ports or running services and ultimately finding the security risks or vulnerabilities in a system. OS detection is the most important step in penetration testing and VAPT, so for reconnaissance, Nmap is my tool of choice.

I have a great example regarding my main use case. I worked on a project in 2023, which was my first project, where I conducted ethical reconnaissance on the Metasploitable 2 framework using Nmap. I found a lot of open ports through Nmap. By using Nmap, we can discover many open ports, determine what type of OS is running, and identify what type of service is present. For example, port 21 is open for FTP, port 80 is open for HTTP, or port 443 is open for HTTPS. By using Nmap, we can find out what type of ports are open. If SSH port is open, then we can do remote access to it. If FTP is open, then unauthorized file transfers become possible. If HTTP is open, then there is no encryption done, so MITM attacks might be possible to obtain credentials. Although some of these sound unethical, these are the main usages of Nmap, and everything was done within my control and my permission because both the OS on my Kali Linux, which was running Nmap, and my target, which was Metasploitable 2, were owned by me only. This was my first project, and Nmap was the best tool that I have used to date, and I recommend it to everyone.

Port scanning, service version detection, and OS detection are the best features of Nmap because those help me with manual bug bounty a lot, and for all the other projects, these features are the essentials of Nmap. Without them, no project or VAPT is possible.

Nmap has worked positively in all my projects. I do not work for an organization right now as I am still finding a job. All the projects benefited from Nmap. I did try out other substitutes such as Zenmap, but I feel Nmap is more flexible and comfortable for me. It is much safer, much easier, and much faster for me. Nmap will be a little difficult for beginners because of the learning curve and the CLI-based system, but once you get the hang of it, it becomes very powerful.

Nmap could potentially become a GUI and provide automatic reports with one-click downloads. For example, the report could show all the open ports for an IP address with a professionally formatted report. This is a far-fetched suggestion and not really required, but it could make the work a little better.

On a scale of one to ten, I give Nmap a solid nine. I mean, how can you fix something that is not broken? Nmap is already the best, and I do not think there are any other features that can be added. Its job is reconnaissance, so I do not think there is more to add to it. However, if I get any ideas, I will let them know about this.

I have been using Nmap for two years.

Nmap has never crashed on me. This is the only application that has never crashed on me. Even Burp Suite Professional crashed on me once, and that was a terrible day for me. However, Nmap has never crashed, and it is an amazingly optimized tool.

Nmap's scalability is of a gold standard. I have seen big companies working with Nmap. I am doing local projects with my home lab, but I know people, particularly my friends who are working in companies, and they say that even their companies use Nmap with a lot of tools and scans. There is no doubt in the scalability of Nmap.

I have never reached out to customer support because Nmap never gave me any troubles. I did look at the documentation, but it was too long, so I gave up midway. However, they provided a good manual with instructions on how to use Nmap. That department is covered, but I never reached out to customer support because Nmap was never broken.

Nmap was my first reconnaissance tool, and it is possibly my last. This is gold standard, so why change?

I use the textbook way of scanning in my workflow, nothing advanced. I am still a student, so I use the textbook version, such as Nmap -p- and then your IP address, just the basic commands, nothing advanced.

I did get $200 from the bug bounty that I mentioned earlier. Being a free tool, I would say I got $200 of profit, which is my return on investment.

Before I chose Nmap, I looked at Zenmap because I heard that Nmap was CLI-based. Many people in cybersecurity advised me not to go for Zenmap because it is not that good. I did experiment with Zenmap for about two days, but then I got bored and decided to try Nmap because we have to use it in the real world and the real environment. Nmap is not as flexible as Nmap.

I think I should be learning more about the commands and how Nmap works so that it will be better for my career. I will do that. There is nothing else to add to it, except a huge thank you to the people who made Nmap possible. Without Nmap, VAPT or OpSec security would never exist.

Nmap is a gold standard, and you cannot fix something that is never broken. I feel Nmap will still be used by the industry for the next fifty years.

I would say to start with maybe the basic commands and watch YouTube about how Nmap works. Do not copy-paste the commands; understand how they are used. For example, if I am doing nmap -p-, you have to understand what -p- is. We are not blindly copy-pasting. Always understand what is happening and what type of command you are going to paste in the terminal before you do it. Do not be a script kiddie.

I used Nmap to identify and track specific communication protocols on a restricted government network to verify claims of illegal activity and ultimately prove that the network was not being used for that purpose.

The area we operate in is very restricted. It's a hilly area for telecommunications, and it's a restricted area.

So, as we operate there for one of the government projects, we implemented the setup for communication purposes. However, the authority received a claim from a third party that someone was using VIP on this network, and being a purely government entity, does not have any intention of that. The spectrum authority claimed that this was the situation, and they initiated a letter and established a team to verify this. At that time, they weren't aware of any software that could track the communication protocols they were using.

So, I used the Nmap solution there. We found every single port, and all the communications, and we proved that there was no VIP-related activity because security-wise, it's illegal.

Nmap is used for inventory purposes. It is primarily employed for in-depth network monitoring. 

Unlike SolarWinds, which doesn't detail each port, Nmap can provide comprehensive insights into traffic, including VPNs, by leveraging SNMP protocols.

Nmap significantly improves network monitoring by providing detailed insights into network activities.

It helped to improve scanning procedures. It can be very helpful for forensic tasks and penetration testing. It's a great tool for those purposes.

Nmap functions help to detect network vulnerabilities. Nmap can identify the source and destination of network traffic, along with the protocol (like TCP or UDP) and port numbers used.

The real-time reporting feature of Nmap is particularly valuable. It generates detailed reports on the source and destination IP addresses, the protocols used, and the types of traffic. 

This feature is crucial for law enforcement agencies to monitor and analyze network connectivity effectively.

It also has traffic analysis. For example, assessing bandwidth usage and configuring the tool to track specific types of traffic is crucial. Unlike SolarWinds, which requires configuration for this, Nmap has built-in functionality that allows it to check all 4,000 computer ports. It identifies the type of traffic each port is using and can easily generate reports on network communications between computers, whether there are 100 or 1000 in the network.

Port scanning can be effectively done with alternative tools. While Nmap is an open-source program, SolarWinds and other commercial products invest in their development. If Nmap could receive similar investments, it could perform better.

Their program development relies heavily on the contributions of the open-source community, like myself.

Many contributors contribute to Nmap by creating Object Identifiers (OIDs) and other elements. So, while Nmap relies on the community, there is definitely potential for commercially viable features that could be added to the public version, differentiating it from the open-source product.

The stability of this product is very good, but comparing it directly to something else isn't fair. Nmap has unique features and works differently than other tools.  

It runs reliably on Linux platforms. However, on Windows platforms, you might encounter issues like freezing after an hour or three of continuous use.

This product has built-in features. So, the scalability depends on the sizing of the servers. 

The logging features, for example, depend on how much storage you have to keep the logs. That, in turn, depends on your application and server size requirements.

Moreover, Nmap is supposedly moving from a free license to a commercial platform.

It is suitable for very small companies. It is a good tool for forensic test purposes. 

For commercial projects, we can't use Nmap due to potential liabilities. Nmap is typically utilized in scenarios where the client lacks the budget.

It's an open-source tool used for monitoring systems, not just for tracking bandwidth but also for detailing the negotiation levels between client and server protocols.

The initial setup is straightforward. 

On Linux, installation is just one command. You type it in, and it's installed and ready to use.

But the user had to know how it operate it. If somebody doesn't have an idea about how to operate, then it will be complex for him. 

Nmap is very good. It's an open-source solution. Commerically, only the support service is available. 

Overall, I would rate the solution an eight out of ten. Customization is not very user-friendly in Nmap. That's the main reason I wouldn't give it a perfect score.

It is not like SolarWinds. It's not for full network, like, it only does traffic, only monitors types of traffic.

Nmap is used for network scanning to map the network, identify devices, and assess their status. It helps determine open ports and services running on a particular endpoint or server within an enterprise environment.

Nmap is a very useful tool for network discovery and security auditing. To fully utilize its capabilities, you should use features based on your specific requirements. Since it's primarily a scanner, its main function is to perform various types of network scans. The comprehensive scanning capabilities are the core feature of this tool, making it indispensable for network administrators and security professionals.

The scanning process discovers all those assets, identifies their IPs, detects the hosts, and determines the services running on those hosts. This makes Nmap very helpful at an enterprise level.

It is an open-source tool, and its scripts are updated by the community. While it might seem that the tool is old, it remains relevant because users can develop and contribute new scripts. The Nmap community may not always appear highly active, but contributions from dedicated users continue to keep it valuable. It is is not actively developed in terms of its GUI. As a result, it looks very outdated and hasn't seen much improvement. Additionally, the built-in scripts provided by the tool are also quite old and are not updated frequently.

I have been using Nmap for ten years. 

I rate the solution’s stability an eight out of ten.

There is no such automation to do the scalability. 20 users are using this solution.

There is no support. It is only used from by open-source. If somebody else you from the community, then you get the support. Apart from that, there is no sort of active support.

I use a lot of scanners, but it's costly, like Qualys and Nutanix. As an independent consultant, I don't have the budget for enterprise-level scanners or procuring licenses. So, I use Nmap, which saves me a lot of money.

One advantage of Nmap is that it's free. Additionally, it can be deployed anywhere since it is available on the cloud. You can download it from GitHub or the Nmap website. Nmap includes various scripts and scan types, and it has extensive support for multiple operating systems, servers, and devices. Its effectiveness largely depends on the user's expertise. A knowledgeable user can leverage its full potential. Nmap can perform well compared to some enterprise tools, though enterprise solutions often offer more sophisticated, interactive reports. Nmap’s reports are typically text-based and may seem outdated

It just takes less than a minute to set up. You can do it on prem, the server, whereever instance you want. It is having both capability.

It saves you a lot of money from procuring some sort of enterprise scanners, but, enterprise scanners have their own deduction capabilities. Nmap is always a good start to do the seven figure business months without spending any money.

It is a powerful security detection tool when used effectively. However, its effectiveness can be limited if the target organization has strong security mechanisms and good scanner fingerprinting techniques. In environments with robust security and zero-trust policies, Nmap scanning becomes challenging.

Nmap can be automated using scripts with Ansible, Bash, or PowerShell. It's available on Windows and can be used with PowerShell. While automation with AI is possible, it might be challenging due to the complexity and specifics of Nmap's operations.

it is free to use. You can install and explore the tools. Nothing is gonna harm you. You can just explore it. If it fits your requirement, you can obviously go ahead with it.

Overall, I rate the solution a seven out of ten.

I use the tool as a vulnerability scanner to scan the network and identify vulnerabilities on each machine. It's especially useful for addressing vulnerabilities and identifying devices missing updates or out of warranty. This tool helps detect and discover assets before they become vulnerable, allowing me to address issues.

Nmap is mostly helpful during compliance checks. We run the scanner to see how many devices are on our network and find vulnerabilities in those that aren't compliant. We also use it monthly to scan our network and identify devices that aren't connected properly. This helps us detect any issues related to the operating systems of these devices. 

The tool's most valuable feature is its vulnerability scanning. It allows us to scan a specific range of IP addresses and discover devices within that range. This makes it easy to identify devices and view their details. 

Port scanning is crucial for network management tasks. It helps us identify vulnerabilities by finding open ports that may be unused or misconfigured. This tool makes it easy to detect such issues. 

The OS detection feature is great. Unlike other tools, Nmap provides accurate information about asset vulnerabilities, helping us easily detect and address them.

Using Nmap provides value to the company, especially during compliance audits. It helps generate reports on assets, updates on workstations, and insights into network activities and potential attacks. Additionally, Nmap detects vulnerabilities and provides port details, allowing us to close unused ports on the client machines.

The tool's license limits the number of scans it can perform. Improving the license model could benefit customers by allowing more scans for compliance and other purposes.

I have been using the product for the past two years. 

I rate Nmap's stability a nine out of ten. 

I rate the product's scalability a nine out of ten. My company has 12 authorized licenses. We conduct the scan as per the requirement, which is conducted monthly. 

Support is mainly email-based for initial inquiries. If a problem can't be resolved via email, the support team arranges a call.

The setup process is straightforward. It usually takes no more than five minutes to install. Additionally, the tool is already included if you're using Kali Linux.
For deployment, first download Nmap from their official website. If you have a license, apply the license key during installation. Before installing, set the ports and provide administrative privileges. Then, follow the installation steps, which typically take no more than five minutes.  

The product's pricing is fine. The licensing options for Nmap include perpetual licenses and volume-based licenses. For perpetual licenses, once you purchase it, there's no need to invest in renewals. And for volume-based licenses, enterprise companies can use it multiple times based on the number of users or devices they need to scan. It's a pay-as-you-go model, similar to how you pay for what you use.

The perpetual license model doesn't support video call troubleshooting which is available with volume-based licensing. 

My advice for those using Nmap is to download it from the official website and follow the installation steps provided there. Some websites may contain viruses, so using Nmap's authorized and original source for safe installation is important. I rate the overall product a nine out of ten. 

The product is used for network inventory management in my company to scan ports and IP addresses. The product can be described as a network exploration tool. It gives you a breakdown of the vulnerabilities in particular ports and shows if there are any open ports that are vulnerable. There are scripts that you can integrate into Nmap, and they can help you with port scans.

The most valuable feature of the solution for security audits stems from the fact that it serves as a powerful tool with the ability to scan a large number of ports.

There are concerns with the stability of the product, making it an area where improvements are required.

I don't need to see any additional features in the product since the tool gets updated frequently.

I have experience with Nmap.

Stability-wise, I rate the solution a nine out of ten.

I am the only user of the solution in my company who looks after penetration testing.

The product's initial setup phase was very easy.

The product can be deployed with a simple command, or you can download it online. It has two interfaces that are already there, Linux and you can now move on to Windows if you want.

Considering the product is an open-source tool, I don't know if an ROI can be calculated.

Nmap is an open-source product. You don't need a license to install it.

The product's port scan capabilities have positively impacted my company's network management tasks.

The OS detection feature has benefited our company's network analysis since it shows me the open ports that are vulnerable. The product helps me get details about the vulnerability in open ports.

I have not integrated the product with other tools except for the fact that I have used Nmap in Metasploit.

I recommend the product to those who plan to use it for network security and management. The tool provides full scanning of ports. Though there are other products in the market, many of the solutions are not as good as Nmap, which offers a lot of features that are easy to use.

I rate the solution a nine out of ten.

I have a network consisting of about 800 machines running either Windows, Linux, or macOS, with a security firewall provided by Check Point (1800 model). Within this network environment, I use a non-customized version of Nmap on my Linux PC as a network scanner, or "network mapper".

As a network mapper, Nmap enables me to scan the network and uncover information relating to each device on the network in order to identify vulnerabilities, which is one of the main responsibilities of my job.

My main use case is figuring out which kinds of devices are connected on the same network (e.g. servers, browser clients, switches), but on a lower level I also it use to check which ports are open or closed or not on any given machine. Additionally, I occasionally use it to identify which operating systems are running on specific machines.

The best feature of Nmap is that it lets me see useful information about each endpoint in my entire network environment. For example, I can see every single connection of the network as well as each and every port. It's a widely-used utility for this exact purpose.

One of the drawbacks of the standard Nmap utility is that it does not come with a graphical user interface, unlike a number of other open-source alternatives such as Zenmap.

A second drawback is that the network scanning process can be very slow. I believe that the developers should improve the scanning speed, or perhaps offer an extra option for quicker scanning.

Lastly, even though I can scan the network, the utility doesn't provide any way to fix the network issues that may be discovered. That said, I understand that the tool is not intended for fixing anything, but rather for monitoring and discovery only.

I have been using Nmap for about two years. 

In terms of stability, I would give it a rating of eight out of ten.

In my network, we are able to scan all 800 machines with Nmap, although the speed isn't that great. We are soon establishing another organization with a software development unit, and that unit will be adding an extra 100 machines which will be scanned with Nmap.

The setup for Nmap is not complicated. In fact, it's very easy.

In my IT team, there are about 8 technical team members who implement Nmap to scan our network of 800 machines.

I am using the standard free version of Nmap.

I could compare Nmap with Wireshark, but at the same time it's not exactly the same kind of solution. Wireshark is, indeed, something else completely, but many of the features are the same when it comes to basic network scanning.

Metasploit is another tool that could be compared with Nmap, as Metasploit can also be used as a scanner. Beyond these other other tools, I can't point to any other similar competitors of Nmap currently.

I can definitely recommend Nmap for any kind of IT manager or network administrator as it gives you the ability to see into your network for various purposes such as testing and vulnerability scanning. Nmap's features help me map out the security of my whole network and it's a wonderfully useful tool.

I would rate Nmap a seven out of ten.

One major use case is port scanning for open reduction. We examine the default open ports in an organization to assess exposure. 

Additionally, we use it to validate specific applications externally and assess the penetrability of a given environment. Various scripts and combinations help us understand configuration, uncover unrealistic ports, and determine appropriate actions.

We assess the potential for lateral movement and evaluate the extent of penetration from an attack surface perspective. Nmap is crucial for reconnaissance, helping us identify and act on vulnerabilities.

The solution is part of our cybersecurity arsenal. When it comes to financial security, these tools are fundamental to running the show.

My preference for Nmap is not solely based on the tool itself. t boils down to two main aspects. 

First, considering the expected outcomes, if the tool can deliver what we're seeking, it adds a layer of ease. 

Secondly, from an overall Nmap perspective, I find it advantageous as it can be seamlessly combined with other tools or scripts. This flexibility allows us to make informed decisions regarding cyber constraints and even facilitates lateral movement. 

Moreover, automation becomes feasible in certain scenarios. For instance, Nmap integrates components of vulnerability scanning tools like Nessus, OpenRAS, or AppID. This integration ensures a clear understanding of the details and required outcomes, making it an effective tool for reconnaissance.

Nmap major operates through the CLI; there's no GUI component, and that's where the challenge is. However, there's a gradual evolution in this aspect. 

I haven't observed the introduction of a graphical layer from a UI perspective, but if it does happen, it could handle tasks similar to Wireshark. But Nmap wouldn't replace Wireshark, as they serve distinct roles. 

The integration of these components becomes feasible, allowing for effective collaboration. Presently, Nmap lacks the capability for packet capturing or reading, but in real-time scenarios, combining it with other tools can yield efficient results. 

To enhance its capabilities, focusing on APIs would be a logical starting point, although the current options are somewhat limited. The digital space is evolving rapidly, so there's ample room for improvement.  

We have been working with this solution for more than 12 years now.

I would rate the stability a nine out of ten. Patches will always be there, but everything produces results, and it's targeted. 

We don't face challenges in terms of revalidation, making it quite stable.

I would rate the scalability an eight out of ten. 

Cloud features are absent, which is a significant drawback. However, the tool is highly effective and robust in mature aspects.

Size doesn't matter. Scanning and operation time may vary based on size, but Nmap can be adopted anywhere. It's not restricted by company size.

It's an open-source product, and I haven't seen any premiums. Options are available for those who purchase, but for my use case, everything I need is available in the community and forums. 

In enterprise-level scenarios, if issues arise with embedding components or technical partnerships with vendors, support is available. 

However, common users and evangelists typically rely on the community for assistance.

Positive

Nmap cannot be compared with any enterprise-level variants. However, SolarWinds is a candidate as they operate in the NMS space. 

Nagios is another tool, an open-source, one providing visualization. The basic data collection is from Nmap, and they have the Nmap library in their Nagios part. It's not directly comparable because they've taken some features or the library and developed a different tool on top of it. That's what I've observed in the market.

From a usability perspective, the tool is a bit complex, but from a functionality standpoint, it's robust and straightforward to comprehend. 

Initial setup might pose a challenge for newcomers, but over time, it becomes more manageable.

It can be deployed as a hybrid model, provided the cloud used has backend connectivity to physical data centers. However, it's not SaaS-friendly like tools such as SolarWinds, as Nmap was developed in a time when cloud dominance and virtualization were not prevalent. Adaptability is somewhat limited, and that's what got missed.

As a consultant, I aim for a vendor-neutral approach. Whenever there's a need or requirement, we adapt accordingly. Our major focus is on understanding the customer's exact needs, especially when commercial convergence is involved. Based on that, we position ourselves.

Overall, I would rate the solution a seven out of ten. The reason is that cloud and GUI scenarios are not well addressed, but it's a reliable component for various purposes.

It's a dependable and reliable tool for any reconnaissance activity. It's a good choice for basic tech service management recon.

Nmap is a vulnerability assessment tool. It scans the target system and finds the vulnerabilities within the systems. We have network devices, servers, endpoints, mobile devices. It connects with the device for any vulnerability that can be used before the exchange rate case. It lists in a nice report with some recommendations.

Nmap is very stable. There are two types of licenses. One is a premium license, which is a paid license, and the other is a free license, which has very limited features.

The solution should increase the number of features under a free license.

I have been using Nmap for 12 years.

The product is stable, but the free license has limited features. You'll need to do the updates manually. Updates are to be done manually.

I rate the solution's stability an eight out of ten.

The solution's scalability is good. We didn't find any limitations. Four people use this solution.

I rate the solution's scalability a ten out of ten.

The initial setup is very straightforward. They have proper documentation on their website. It took one or two hours to deploy. To deploy, we have to identify the configuration parameters. You need to specify the subnets to be scanned.

It was an open-source project. The free license gives some people better visibility of the systems and the environment.

Deployment was done in-house.

Two persons, including an infrastructure engineer and a cybersecurity engineer, are maintaining this solution.

Overall, I rate the solution a nine out of ten.

I use Nmap just for vulnerability assessment, especially for network discovery. I can scan a network and get total information about the device, the operating system, IP, and all of the services running. So, Nmap is one of the good tools.

The most important function, according to me, is the capability to use some arguments in the scanning. The solution's capability to go figure and do a deep dive, discovering information on specific aspects.

There is room for improvement in the design, the GUI. It looks a bit odd. Maybe Nmap should improve it or add more widgets to make it more attractive, but the basic functionality is good and provides what we need.

Nmap had an OpenRx assessment module. So far, I can discover devices and gather information, but still, I may need other tools for vulnerability assessment. If they can add it to the stack, maybe it can be helpful.

I have been working with this solution since the beginning of my career because right now more than 18 years. I have known this product for a long time.

I would rate the stability an eight out of ten.

I would rate the scalability a nine out of ten. It is pretty scalable, with no issues at all. 

Our IT network team has around five end users using this solution. 

The initial setup is simple. Once we set it, we can start immediately to scan the network; just specify the target IP or the target IP range.

It's just a free tool. You download it from the web and use it. I don't think it's licensed for direct support.

I evaluated with IPScanner. But Nmap is a more accurate and efficient tool than IPScanner.

I would rate the product a nine out of ten. 

We use Nmap for network monitoring and checking. It helps us establish network communication to get a clear text. If there is any network device on our premises, we can catch it for monitoring.

The solution's most valuable and evident feature is identifying the status of any specific network. That means finding out the configuration of the network or IP whether it is active or non-active, if the network modes are open or closed, etc.

The solution has been static concerning its functionality for the last ten years. It only gives out specific information about IPs, such as network, DNS address, and a class of IPs. They do not provide any additional features apart from these. They should give more efficient information, such as the activity status of the NET file. Unfortunately, I cannot find any update there.

They should deliver Playtech's username and password, similar to Wireshark. It's been user-friendly for a basic level of network expertise. In comparison, Wireshark offers expertise on a higher level. The solution should deliver advanced features for getting communication with clear text in terms of passwords and usernames.

I have been using Nmap for the last ten years.

Around 50+ users in our company, including the cyber-security and network team, use the solution.

We used Wireshark as well. It provided advanced information, but the procedure and technique differed significantly from Nmap. Whereas Nmap is a legacy product. We get personalized information from the network with its help. We can quickly identify the information we require with some basic knowledge.

The initial setup had moderate complexity. We have to scan a new system, download and install it in the workstation for the basic connectivity status of IPs and TCP hosts. It takes a maximum of 10-15 minutes for the process.

The solution is free of cost, but there are specific services that we have to buy. We have purchased a license for a professional version. It's open source at some level, but not for all features.

I advise others to decide for what purpose they want to use the solution. If they want to test the availability of the network code or the basic information about the network and domain, then I recommend the solution. But if they are looking for expert-level monitoring, they should ideally go for Parrot OS or Linux OS, or the Wireshark tool. As far as UI and stability, Nmap is a good application. Otherwise, it has a limited amount of expertise.

I rate the solution as a seven.