Nmap
Network mapper for service discovery, port scanning, and security auditing of hosts and networks.
Pricing
Free / Open source
Type
Automation
// VERDICT
Reach for Nmap when, with authorization, you need to discover hosts, ports and services on a network as part of security assessment. Skip it when you need app-layer scanning (ZAP/Burp), code/dependency analysis, or lack permission to scan.
Best for
Network discovery and port scanning - mapping hosts, open ports and services on networks you're authorized to assess, as a reconnaissance step in security testing.
Avoid when
You want application-layer vulnerability scanning, code/dependency analysis, or you lack authorization to scan the network.
CI/CD fit
Specialist network tool - typically manual, authorized assessment
Team fit
Penetration testers · Network/security engineers · Infrastructure security
Setup
Maintenance
Learning
Licence
// BEST FOR
- Discovering live hosts and open ports on an authorized network
- Identifying running services and versions for assessment
- Reconnaissance/inventory as an early security-testing step
- Detecting unexpected exposed services or misconfigurations
- Scriptable scans via the Nmap Scripting Engine (NSE)
- Verifying that firewall/exposure rules behave as intended
// AVOID WHEN
- You want application-layer vulnerability scanning (ZAP/Burp)
- You need code (SAST) or dependency (SCA) analysis
- You don't have authorization to scan the target network
- You want an app-focused tool rather than a network one
- Routine per-build CI scanning is the goal
- You need exploitation, not discovery (it maps; it doesn't exploit)
// QUICK START
# scanme.nmap.org is a host Nmap provides for legal test scanning.
# Only scan systems you own or are authorized to assess.
nmap -sV scanme.nmap.org// ALTERNATIVES TO CONSIDER
| Tool | Choose it when |
|---|---|
| OWASP ZAP | You want application-layer DAST, not network discovery. |
| Burp Suite | You want web-app pentest tooling. |
| SQLMap | You specifically need SQL-injection testing. |
// FEATURES
- Host and port scanning across TCP, UDP, and IP
- Service and version detection (-sV)
- OS fingerprinting heuristics
- Nmap Scripting Engine (NSE) for vulnerability checks
- Output formats: text, XML, grepable, JSON
// PROS
- Industry standard for network reconnaissance for 20+ years
- Active maintenance and a vast NSE script library
- Lightweight CLI — fits any pipeline or CI step
- Cross-platform: Windows, macOS, Linux, BSD
// CONS
- Aggressive scans can trigger IDS alerts — use with permission
- Steep learning curve for advanced scan tuning
- Reading raw output requires familiarity with networking
// EXAMPLE QA WORKFLOW
Confirm authorization and scope for the target network
Install Nmap and choose the scan type for your goal
Discover live hosts and open ports
Identify services and versions (-sV)
Use NSE scripts for deeper checks where appropriate
Report exposed/unexpected services for remediation
// RELATED QA.CODES RESOURCES
Cheat sheets
Practice
Interview
// RELATED TOOLS
Similar tools in Security
- SecurityOWASP ZAP
Open-source web application security scanner — DAST scanning, intercepting proxy…
- SecurityBurp Suite
Industry-standard web application security testing toolkit from PortSwigger.
- SecuritySnyk
Developer-first security platform — scans dependencies, code, containers, and Ia…
- SecuritySonarQube
Code quality and security platform with static analysis (SAST) for 30+ languages…