It is an open-source tool, and its scripts are updated by the community. While it might seem that the tool is old, it remains relevant because users can develop and contribute new scripts. The Nmap community may not always appear highly active, but contributions from dedicated users continue to keep it valuable. It is is not actively developed in terms of its GUI. As a result, it looks very outdated and hasn't seen much improvement. Additionally, the built-in scripts provided by the tool are also quite old and are not updated frequently.
Cyber Security Consultant - APAC at Logon Software
Real User
Top 5
2024-04-17T10:23:06Z
Apr 17, 2024
The tool's license limits the number of scans it can perform. Improving the license model could benefit customers by allowing more scans for compliance and other purposes.
CEO at a tech services company with 11-50 employees
Real User
Top 10
2024-02-09T04:33:26Z
Feb 9, 2024
Port scanning can be effectively done with alternative tools. While Nmap is an open-source program, SolarWinds and other commercial products invest in their development. If Nmap could receive similar investments, it could perform better. Their program development relies heavily on the contributions of the open-source community, like myself. Many contributors contribute to Nmap by creating Object Identifiers (OIDs) and other elements. So, while Nmap relies on the community, there is definitely potential for commercially viable features that could be added to the public version, differentiating it from the open-source product.
Sometimes, the solution doesn't provide the names of services. We find a solution, but we do not entirely know about it. It utilizes a database of services. When the solution scans, it matches the data obtained from the scan with the entries in the database to display the names of services at the target site. For example, we might have an exposed port but remain uncertain about the associated service. Nmap can identify what services are running and their associated products. It doesn't allow exploiting vulnerabilities automatically. However, having such capabilities could greatly enhance security, particularly for servers exposed to the internet.
Network Administrator at a financial services firm with 1,001-5,000 employees
Real User
Top 5
2023-11-06T17:32:21Z
Nov 6, 2023
There is room for improvement in the design, the GUI. It looks a bit odd. Maybe Nmap should improve it or add more widgets to make it more attractive, but the basic functionality is good and provides what we need. Nmap had an OpenRx assessment module. So far, I can discover devices and gather information, but still, I may need other tools for vulnerability assessment. If they can add it to the stack, maybe it can be helpful.
Information Security Professional at a tech services company with 1,001-5,000 employees
MSP
Top 20
2023-10-23T16:04:19Z
Oct 23, 2023
The challenge often lies in finding suitable courses and professional resources. While a wealth of training materials and documentation is available online, it can be difficult to locate professional training that imparts real-world usage insights for a product.
The solution has been static concerning its functionality for the last ten years. It only gives out specific information about IPs, such as network, DNS address, and a class of IPs. They do not provide any additional features apart from these. They should give more efficient information, such as the activity status of the NET file. Unfortunately, I cannot find any update there. They should deliver Playtech's username and password, similar to Wireshark. It's been user-friendly for a basic level of network expertise. In comparison, Wireshark offers expertise on a higher level. The solution should deliver advanced features for getting communication with clear text in terms of passwords and usernames.
One of the drawbacks of the standard Nmap utility is that it does not come with a graphical user interface, unlike a number of other open-source alternatives such as Zenmap. A second drawback is that the network scanning process can be very slow. I believe that the developers should improve the scanning speed, or perhaps offer an extra option for quicker scanning. Lastly, even though I can scan the network, the utility doesn't provide any way to fix the network issues that may be discovered. That said, I understand that the tool is not intended for fixing anything, but rather for monitoring and discovery only.
System Network Administrator at Mungi Engineers Pvt. Ltd.
Real User
Top 10
2022-11-04T15:22:25Z
Nov 4, 2022
Since I started using Nmap, it has been completely based on the command prompt and I think it would help other users if they implemented a decent GUI as well. In any company you might have multiple experts and a few new people; for the new people the command prompt is usually difficult to grasp at first, but with a GUI they could very easily get started with troubleshooting and playing with different options.
Network Security Specialist at Pars Khodro Company
Real User
2022-10-11T11:37:28Z
Oct 11, 2022
It takes a bit of time to get familiar with the solution and its options. A scan to determine whether a service or application is lost would be a useful addition. For example, a scan that checks whether a service in layer seven is blocked by a server or host. A graphic interface for Windows would be helpful.
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they...
It is an open-source tool, and its scripts are updated by the community. While it might seem that the tool is old, it remains relevant because users can develop and contribute new scripts. The Nmap community may not always appear highly active, but contributions from dedicated users continue to keep it valuable. It is is not actively developed in terms of its GUI. As a result, it looks very outdated and hasn't seen much improvement. Additionally, the built-in scripts provided by the tool are also quite old and are not updated frequently.
The solution is not that easy for a beginner to learn.
The tool's license limits the number of scans it can perform. Improving the license model could benefit customers by allowing more scans for compliance and other purposes.
Port scanning can be effectively done with alternative tools. While Nmap is an open-source program, SolarWinds and other commercial products invest in their development. If Nmap could receive similar investments, it could perform better. Their program development relies heavily on the contributions of the open-source community, like myself. Many contributors contribute to Nmap by creating Object Identifiers (OIDs) and other elements. So, while Nmap relies on the community, there is definitely potential for commercially viable features that could be added to the public version, differentiating it from the open-source product.
There could be a specific option to check non-pingable endpoints for the product.
Sometimes, the solution doesn't provide the names of services. We find a solution, but we do not entirely know about it. It utilizes a database of services. When the solution scans, it matches the data obtained from the scan with the entries in the database to display the names of services at the target site. For example, we might have an exposed port but remain uncertain about the associated service. Nmap can identify what services are running and their associated products. It doesn't allow exploiting vulnerabilities automatically. However, having such capabilities could greatly enhance security, particularly for servers exposed to the internet.
The solution should increase the number of features under a free license.
There is room for improvement in the design, the GUI. It looks a bit odd. Maybe Nmap should improve it or add more widgets to make it more attractive, but the basic functionality is good and provides what we need. Nmap had an OpenRx assessment module. So far, I can discover devices and gather information, but still, I may need other tools for vulnerability assessment. If they can add it to the stack, maybe it can be helpful.
The challenge often lies in finding suitable courses and professional resources. While a wealth of training materials and documentation is available online, it can be difficult to locate professional training that imparts real-world usage insights for a product.
The solution's initial setup could be better. Also, they should provide more insights into the network infrastructure.
The solution has been static concerning its functionality for the last ten years. It only gives out specific information about IPs, such as network, DNS address, and a class of IPs. They do not provide any additional features apart from these. They should give more efficient information, such as the activity status of the NET file. Unfortunately, I cannot find any update there. They should deliver Playtech's username and password, similar to Wireshark. It's been user-friendly for a basic level of network expertise. In comparison, Wireshark offers expertise on a higher level. The solution should deliver advanced features for getting communication with clear text in terms of passwords and usernames.
One of the drawbacks of the standard Nmap utility is that it does not come with a graphical user interface, unlike a number of other open-source alternatives such as Zenmap. A second drawback is that the network scanning process can be very slow. I believe that the developers should improve the scanning speed, or perhaps offer an extra option for quicker scanning. Lastly, even though I can scan the network, the utility doesn't provide any way to fix the network issues that may be discovered. That said, I understand that the tool is not intended for fixing anything, but rather for monitoring and discovery only.
Since I started using Nmap, it has been completely based on the command prompt and I think it would help other users if they implemented a decent GUI as well. In any company you might have multiple experts and a few new people; for the new people the command prompt is usually difficult to grasp at first, but with a GUI they could very easily get started with troubleshooting and playing with different options.
It takes a bit of time to get familiar with the solution and its options. A scan to determine whether a service or application is lost would be a useful addition. For example, a scan that checks whether a service in layer seven is blocked by a server or host. A graphic interface for Windows would be helpful.