Nmap Reviews

Nmap is used for network scanning to map the network, identify devices, and assess their status. It helps determine open ports and services running on a particular endpoint or server within an enterprise environment.

Nmap is a very useful tool for network discovery and security auditing. To fully utilize its capabilities, you should use features based on your specific requirements. Since it's primarily a scanner, its main function is to perform various types of network scans. The comprehensive scanning capabilities are the core feature of this tool, making it indispensable for network administrators and security professionals.

The scanning process discovers all those assets, identifies their IPs, detects the hosts, and determines the services running on those hosts. This makes Nmap very helpful at an enterprise level.

It is an open-source tool, and its scripts are updated by the community. While it might seem that the tool is old, it remains relevant because users can develop and contribute new scripts. The Nmap community may not always appear highly active, but contributions from dedicated users continue to keep it valuable. It is is not actively developed in terms of its GUI. As a result, it looks very outdated and hasn't seen much improvement. Additionally, the built-in scripts provided by the tool are also quite old and are not updated frequently.

I have been using Nmap for ten years. 

I rate the solution’s stability an eight out of ten.

There is no such automation to do the scalability. 20 users are using this solution.

There is no support. It is only used from by open-source. If somebody else you from the community, then you get the support. Apart from that, there is no sort of active support.

I use a lot of scanners, but it's costly, like Qualys and Nutanix. As an independent consultant, I don't have the budget for enterprise-level scanners or procuring licenses. So, I use Nmap, which saves me a lot of money.

One advantage of Nmap is that it's free. Additionally, it can be deployed anywhere since it is available on the cloud. You can download it from GitHub or the Nmap website. Nmap includes various scripts and scan types, and it has extensive support for multiple operating systems, servers, and devices. Its effectiveness largely depends on the user's expertise. A knowledgeable user can leverage its full potential. Nmap can perform well compared to some enterprise tools, though enterprise solutions often offer more sophisticated, interactive reports. Nmap’s reports are typically text-based and may seem outdated

It just takes less than a minute to set up. You can do it on prem, the server, whereever instance you want. It is having both capability.

It saves you a lot of money from procuring some sort of enterprise scanners, but, enterprise scanners have their own deduction capabilities. Nmap is always a good start to do the seven figure business months without spending any money.

It is a powerful security detection tool when used effectively. However, its effectiveness can be limited if the target organization has strong security mechanisms and good scanner fingerprinting techniques. In environments with robust security and zero-trust policies, Nmap scanning becomes challenging.

Nmap can be automated using scripts with Ansible, Bash, or PowerShell. It's available on Windows and can be used with PowerShell. While automation with AI is possible, it might be challenging due to the complexity and specifics of Nmap's operations.

it is free to use. You can install and explore the tools. Nothing is gonna harm you. You can just explore it. If it fits your requirement, you can obviously go ahead with it.

Overall, I rate the solution a seven out of ten.

Nmap is a vulnerability assessment tool. It scans the target system and finds the vulnerabilities within the systems. We have network devices, servers, endpoints, mobile devices. It connects with the device for any vulnerability that can be used before the exchange rate case. It lists in a nice report with some recommendations.

Nmap is very stable. There are two types of licenses. One is a premium license, which is a paid license, and the other is a free license, which has very limited features.

The solution should increase the number of features under a free license.

I have been using Nmap for 12 years.

The product is stable, but the free license has limited features. You'll need to do the updates manually. Updates are to be done manually.

I rate the solution's stability an eight out of ten.

The solution's scalability is good. We didn't find any limitations. Four people use this solution.

I rate the solution's scalability a ten out of ten.

The initial setup is very straightforward. They have proper documentation on their website. It took one or two hours to deploy. To deploy, we have to identify the configuration parameters. You need to specify the subnets to be scanned.

It was an open-source project. The free license gives some people better visibility of the systems and the environment.

Deployment was done in-house.

Two persons, including an infrastructure engineer and a cybersecurity engineer, are maintaining this solution.

Overall, I rate the solution a nine out of ten.

The tool helps with tasks such as network integration and mapping. Nmap comes equipped with numerous scripts that aid in identifying the operating system and  available ports. 

My web team uses the product during routine penetration testing. 

The tool's most valuable feature is its scripts. These scripts prove beneficial when security features may obscure or block connections. Nmap helps identify vulnerabilities across different systems, including web servers and various server types.

Nmap needs to improve its scanning speed. 

The solution's stability is pretty good. 

The tool is not deployed on a shared environment. It is deployed as an individual setup. 

Since it's an open-source tool, I haven't specifically sought support assistance. However, the community is very active. There are active forums where people communicate, and it's an open environment where anyone can ask questions. 

Nmap's deployment is straightforward. 

Nmap is a free tool, so it helps save a lot of time when identifying vulnerabilities on the network.

Nmap is an open-source and free product. 

You can install the product on any endpoint. Analysts should have it, especially those in red teams or penetration testing. Anyone interested in cybersecurity or any related field should know how to use Nmap. I rate it a ten out of ten. 

We use the solution to add up the router on a network.

Nmap can display all the services that are exposed within a permission system. It offers an option to optimize the scanning process, ensuring that our scans remain undetected by other security tools integrated into the automation system. Additionally, Nmap provides features to adjust the nature of the scan, allowing it to bypass security tools such as EDP and base. Furthermore, it includes options to optimize scan response time and duration.

Sometimes, the solution doesn't provide the names of services. We find a solution, but we do not entirely know about it. It utilizes a database of services. When the solution scans, it matches the data obtained from the scan with the entries in the database to display the names of services at the target site. For example, we might have an exposed port but remain uncertain about the associated service. Nmap can identify what services are running and their associated products. It doesn't allow exploiting vulnerabilities automatically. However, having such capabilities could greatly enhance security, particularly for servers exposed to the internet. 

I have been using Nmap for one and a half years.

The product is stable.

The initial setup is simple.

Overall, I rate the solution an eight out of ten.

One major use case is port scanning for open reduction. We examine the default open ports in an organization to assess exposure. 

Additionally, we use it to validate specific applications externally and assess the penetrability of a given environment. Various scripts and combinations help us understand configuration, uncover unrealistic ports, and determine appropriate actions.

We assess the potential for lateral movement and evaluate the extent of penetration from an attack surface perspective. Nmap is crucial for reconnaissance, helping us identify and act on vulnerabilities.

The solution is part of our cybersecurity arsenal. When it comes to financial security, these tools are fundamental to running the show.

My preference for Nmap is not solely based on the tool itself. t boils down to two main aspects. 

First, considering the expected outcomes, if the tool can deliver what we're seeking, it adds a layer of ease. 

Secondly, from an overall Nmap perspective, I find it advantageous as it can be seamlessly combined with other tools or scripts. This flexibility allows us to make informed decisions regarding cyber constraints and even facilitates lateral movement. 

Moreover, automation becomes feasible in certain scenarios. For instance, Nmap integrates components of vulnerability scanning tools like Nessus, OpenRAS, or AppID. This integration ensures a clear understanding of the details and required outcomes, making it an effective tool for reconnaissance.

Nmap major operates through the CLI; there's no GUI component, and that's where the challenge is. However, there's a gradual evolution in this aspect. 

I haven't observed the introduction of a graphical layer from a UI perspective, but if it does happen, it could handle tasks similar to Wireshark. But Nmap wouldn't replace Wireshark, as they serve distinct roles. 

The integration of these components becomes feasible, allowing for effective collaboration. Presently, Nmap lacks the capability for packet capturing or reading, but in real-time scenarios, combining it with other tools can yield efficient results. 

To enhance its capabilities, focusing on APIs would be a logical starting point, although the current options are somewhat limited. The digital space is evolving rapidly, so there's ample room for improvement.  

We have been working with this solution for more than 12 years now.

I would rate the stability a nine out of ten. Patches will always be there, but everything produces results, and it's targeted. 

We don't face challenges in terms of revalidation, making it quite stable.

I would rate the scalability an eight out of ten. 

Cloud features are absent, which is a significant drawback. However, the tool is highly effective and robust in mature aspects.

Size doesn't matter. Scanning and operation time may vary based on size, but Nmap can be adopted anywhere. It's not restricted by company size.

It's an open-source product, and I haven't seen any premiums. Options are available for those who purchase, but for my use case, everything I need is available in the community and forums. 

In enterprise-level scenarios, if issues arise with embedding components or technical partnerships with vendors, support is available. 

However, common users and evangelists typically rely on the community for assistance.

Nmap cannot be compared with any enterprise-level variants. However, SolarWinds is a candidate as they operate in the NMS space. 

Nagios is another tool, an open-source, one providing visualization. The basic data collection is from Nmap, and they have the Nmap library in their Nagios part. It's not directly comparable because they've taken some features or the library and developed a different tool on top of it. That's what I've observed in the market.

From a usability perspective, the tool is a bit complex, but from a functionality standpoint, it's robust and straightforward to comprehend. 

Initial setup might pose a challenge for newcomers, but over time, it becomes more manageable.

It can be deployed as a hybrid model, provided the cloud used has backend connectivity to physical data centers. However, it's not SaaS-friendly like tools such as SolarWinds, as Nmap was developed in a time when cloud dominance and virtualization were not prevalent. Adaptability is somewhat limited, and that's what got missed.

As a consultant, I aim for a vendor-neutral approach. Whenever there's a need or requirement, we adapt accordingly. Our major focus is on understanding the customer's exact needs, especially when commercial convergence is involved. Based on that, we position ourselves.

Overall, I would rate the solution a seven out of ten. The reason is that cloud and GUI scenarios are not well addressed, but it's a reliable component for various purposes.

It's a dependable and reliable tool for any reconnaissance activity. It's a good choice for basic tech service management recon.

We use the solution to scan and monitor ports. We can get insights into operating systems, status, protocols, and services.

The solution's most valuable feature is scanning.

The solution's initial setup could be better. Also, they should provide more insights into the network infrastructure.

I have been using the solution for two years.

The solution's initial setup process is complicated. It requires specific skills to execute the implementation.

It is a free source application.

It is a beneficial tool for scanning. I rate it as an eight.

Three technicians in our company use the solution extensively to scan our environment and find security holes. 

The solution is powerful for troubleshooting and finding security holes in services. 

The scanning procedure includes UDP ports which sets it apart from competitors. 

It takes a bit of time to get familiar with the solution and its options.

A scan to determine whether a service or application is lost would be a useful addition. For example, a scan that checks whether a service in layer seven is blocked by a server or host. 

A graphic interface for Windows would be helpful. 

I have been using the solution for one year. 

The solution is really stable. 

The solution is scalable. 

I have not needed technical support. 

The setup is quite simple. 

The solution is open source so it is free. 

The solution really is not comparable to other products because of its many features. We looked at Wireshark but there's really no comparison. 

I rate the solution a nine out of ten. 

The price is high and could be cheaper. The third-party library vulnerability assessment could be included in the next release.

We have been using the solution for seven months.

The solution is stable. I rate the stability an eight out of ten.

The solution is scalable. Approximately 100 people in our organization utilize it.

We have not had experience with customer service and support.

The initial setup was simple and took us approximately five days.

We chose this solution because it supports several frameworks, including coding frameworks.

I rate the solution a nine out of ten.