Nmap Reviews

One major use case is port scanning for open reduction. We examine the default open ports in an organization to assess exposure. 

Additionally, we use it to validate specific applications externally and assess the penetrability of a given environment. Various scripts and combinations help us understand configuration, uncover unrealistic ports, and determine appropriate actions.

We assess the potential for lateral movement and evaluate the extent of penetration from an attack surface perspective. Nmap is crucial for reconnaissance, helping us identify and act on vulnerabilities.

The solution is part of our cybersecurity arsenal. When it comes to financial security, these tools are fundamental to running the show.

My preference for Nmap is not solely based on the tool itself. t boils down to two main aspects. 

First, considering the expected outcomes, if the tool can deliver what we're seeking, it adds a layer of ease. 

Secondly, from an overall Nmap perspective, I find it advantageous as it can be seamlessly combined with other tools or scripts. This flexibility allows us to make informed decisions regarding cyber constraints and even facilitates lateral movement. 

Moreover, automation becomes feasible in certain scenarios. For instance, Nmap integrates components of vulnerability scanning tools like Nessus, OpenRAS, or AppID. This integration ensures a clear understanding of the details and required outcomes, making it an effective tool for reconnaissance.

Nmap major operates through the CLI; there's no GUI component, and that's where the challenge is. However, there's a gradual evolution in this aspect. 

I haven't observed the introduction of a graphical layer from a UI perspective, but if it does happen, it could handle tasks similar to Wireshark. But Nmap wouldn't replace Wireshark, as they serve distinct roles. 

The integration of these components becomes feasible, allowing for effective collaboration. Presently, Nmap lacks the capability for packet capturing or reading, but in real-time scenarios, combining it with other tools can yield efficient results. 

To enhance its capabilities, focusing on APIs would be a logical starting point, although the current options are somewhat limited. The digital space is evolving rapidly, so there's ample room for improvement.  

We have been working with this solution for more than 12 years now.

I would rate the stability a nine out of ten. Patches will always be there, but everything produces results, and it's targeted. 

We don't face challenges in terms of revalidation, making it quite stable.

I would rate the scalability an eight out of ten. 

Cloud features are absent, which is a significant drawback. However, the tool is highly effective and robust in mature aspects.

Size doesn't matter. Scanning and operation time may vary based on size, but Nmap can be adopted anywhere. It's not restricted by company size.

It's an open-source product, and I haven't seen any premiums. Options are available for those who purchase, but for my use case, everything I need is available in the community and forums. 

In enterprise-level scenarios, if issues arise with embedding components or technical partnerships with vendors, support is available. 

However, common users and evangelists typically rely on the community for assistance.

Nmap cannot be compared with any enterprise-level variants. However, SolarWinds is a candidate as they operate in the NMS space. 

Nagios is another tool, an open-source, one providing visualization. The basic data collection is from Nmap, and they have the Nmap library in their Nagios part. It's not directly comparable because they've taken some features or the library and developed a different tool on top of it. That's what I've observed in the market.

From a usability perspective, the tool is a bit complex, but from a functionality standpoint, it's robust and straightforward to comprehend. 

Initial setup might pose a challenge for newcomers, but over time, it becomes more manageable.

It can be deployed as a hybrid model, provided the cloud used has backend connectivity to physical data centers. However, it's not SaaS-friendly like tools such as SolarWinds, as Nmap was developed in a time when cloud dominance and virtualization were not prevalent. Adaptability is somewhat limited, and that's what got missed.

As a consultant, I aim for a vendor-neutral approach. Whenever there's a need or requirement, we adapt accordingly. Our major focus is on understanding the customer's exact needs, especially when commercial convergence is involved. Based on that, we position ourselves.

Overall, I would rate the solution a seven out of ten. The reason is that cloud and GUI scenarios are not well addressed, but it's a reliable component for various purposes.

It's a dependable and reliable tool for any reconnaissance activity. It's a good choice for basic tech service management recon.

We use Nmap for network monitoring and checking. It helps us establish network communication to get a clear text. If there is any network device on our premises, we can catch it for monitoring.

The solution's most valuable and evident feature is identifying the status of any specific network. That means finding out the configuration of the network or IP whether it is active or non-active, if the network modes are open or closed, etc.

The solution has been static concerning its functionality for the last ten years. It only gives out specific information about IPs, such as network, DNS address, and a class of IPs. They do not provide any additional features apart from these. They should give more efficient information, such as the activity status of the NET file. Unfortunately, I cannot find any update there.

They should deliver Playtech's username and password, similar to Wireshark. It's been user-friendly for a basic level of network expertise. In comparison, Wireshark offers expertise on a higher level. The solution should deliver advanced features for getting communication with clear text in terms of passwords and usernames.

I have been using Nmap for the last ten years.

Around 50+ users in our company, including the cyber-security and network team, use the solution.

We used Wireshark as well. It provided advanced information, but the procedure and technique differed significantly from Nmap. Whereas Nmap is a legacy product. We get personalized information from the network with its help. We can quickly identify the information we require with some basic knowledge.

The initial setup had moderate complexity. We have to scan a new system, download and install it in the workstation for the basic connectivity status of IPs and TCP hosts. It takes a maximum of 10-15 minutes for the process.

The solution is free of cost, but there are specific services that we have to buy. We have purchased a license for a professional version. It's open source at some level, but not for all features.

I advise others to decide for what purpose they want to use the solution. If they want to test the availability of the network code or the basic information about the network and domain, then I recommend the solution. But if they are looking for expert-level monitoring, they should ideally go for Parrot OS or Linux OS, or the Wireshark tool. As far as UI and stability, Nmap is a good application. Otherwise, it has a limited amount of expertise.

I rate the solution as a seven.

We use the solution to add up the router on a network.

Nmap can display all the services that are exposed within a permission system. It offers an option to optimize the scanning process, ensuring that our scans remain undetected by other security tools integrated into the automation system. Additionally, Nmap provides features to adjust the nature of the scan, allowing it to bypass security tools such as EDP and base. Furthermore, it includes options to optimize scan response time and duration.

Sometimes, the solution doesn't provide the names of services. We find a solution, but we do not entirely know about it. It utilizes a database of services. When the solution scans, it matches the data obtained from the scan with the entries in the database to display the names of services at the target site. For example, we might have an exposed port but remain uncertain about the associated service. Nmap can identify what services are running and their associated products. It doesn't allow exploiting vulnerabilities automatically. However, having such capabilities could greatly enhance security, particularly for servers exposed to the internet. 

I have been using Nmap for one and a half years.

The product is stable.

The initial setup is simple.

Overall, I rate the solution an eight out of ten.

We use the solution to scan and monitor ports. We can get insights into operating systems, status, protocols, and services.

The solution's most valuable feature is scanning.

The solution's initial setup could be better. Also, they should provide more insights into the network infrastructure.

I have been using the solution for two years.

The solution's initial setup process is complicated. It requires specific skills to execute the implementation.

It is a free source application.

It is a beneficial tool for scanning. I rate it as an eight.

The price is high and could be cheaper. The third-party library vulnerability assessment could be included in the next release.

We have been using the solution for seven months.

The solution is stable. I rate the stability an eight out of ten.

The solution is scalable. Approximately 100 people in our organization utilize it.

We have not had experience with customer service and support.

The initial setup was simple and took us approximately five days.

We chose this solution because it supports several frameworks, including coding frameworks.

I rate the solution a nine out of ten.

Three technicians in our company use the solution extensively to scan our environment and find security holes. 

The solution is powerful for troubleshooting and finding security holes in services. 

The scanning procedure includes UDP ports which sets it apart from competitors. 

It takes a bit of time to get familiar with the solution and its options.

A scan to determine whether a service or application is lost would be a useful addition. For example, a scan that checks whether a service in layer seven is blocked by a server or host. 

A graphic interface for Windows would be helpful. 

I have been using the solution for one year. 

The solution is really stable. 

The solution is scalable. 

I have not needed technical support. 

The setup is quite simple. 

The solution is open source so it is free. 

The solution really is not comparable to other products because of its many features. We looked at Wireshark but there's really no comparison. 

I rate the solution a nine out of ten. 

Nmap is a tool for analyzing perimeter security and application output.

Nmap is easy to use. It's a command-line interface, and the output is quite good. 

Were a mid-sized company with about 50-plus employees, and we've been using Nmap for more than five years

Nmap is stable. 

Nmap is easy to scale anytime.

We've never had to contact support. The community on the forums answers our questions. 

Setting up Nmap is effortless. 

Nmap is an open-source solution.

I rate Nmap nine out of 10. 

Nmap works as a basic diagnostic and security tool. It helps us discover open ports and check connectivity.

Nmap has a powerful command line tool and a set of diagnostic features. It enables us to check connectivity and discover open ports.

There could be a specific option to check non-pingable endpoints for the product.

We never encountered any system downtime.

We have five Nmap users in our organization. We can scan large networks and control speed as well. Thus, it has good features for scalability.

I referred to support documentation and forums to resolve the technical issues.

It is a command line tool. Thus, we have to install and run it.

I am exploring a lot of products. However, I am still looking for an alternative for this particular tool.

It is a great and simple tool. I rate it a nine out of ten.