Nmap
Community project
The standard command-line network scanner for discovering live hosts, open ports, and running services, used by defenders for asset inventory and by attackers for reconnaissance alike. Distributed under the Nmap Public Source License, which restricts commercial redistribution and is not an OSI-approved open-source license, so it is free to use but source-available rather than open source.
Verified Source: 1
- Product type
- Community project
- Deployment
- CLI
- Organization size
- IndividualSMBMid-marketEnterprise
- Pricing tier
- Free
Capability checklist
IDS/NDRHow Nmap measures up against the full Intrusion Detection & Network Detection and Response taxonomy.
- Signature-based detection — not supported
- Matches traffic against known attack and exploit signatures.
- Behavioral anomaly detection — not supported
- Baselines normal traffic patterns to flag deviations without a known signature.
- East-west traffic visibility — supported
- Sees lateral movement between internal hosts, not just traffic crossing the perimeter.
- Packet capture & forensics — not supported
- Stores full or metadata-level packet history for post-incident investigation.
- Threat intelligence integration — not supported
- Enriches detections with known-bad IPs, domains, and indicators from feeds.
- Inline blocking (IPS mode) — not supported
- Can actively drop malicious traffic in real time rather than only alert on it.
- Encrypted traffic analysis — not supported
- Flags malicious patterns in encrypted flows without decrypting them.
Alternatives
Other Intrusion Detection & Network Detection and Response tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include Nmap.