Home › Forums › Has anyone seen any cases of Nmap being used to hack a network they didn’t have permission to hack? › Reply To: Has anyone seen any cases of Nmap being used to hack a network they didn’t have permission to hack?
NMAP is primarily a port scanning tool, and while it can do some extra stuff using its script engine, usually it’s used to detect open ports, identify running services on those ports and extract version information.
NMAP alone is not enough to hack something, however almost all hacks start with information gathering and NMAP is most likely part of that process.
Detecting NMAP scans is certainly possible using IDS and other systems, but very often it’s not really relevant to do so because networks and even the entire internet is scanned on the daily. It may be relevant to use logged information after a hack has taken place to try and identify IP addresses, but they’re probably proxied or VPN’d anyways.
Some companies may try to identify NMAP packets and drop them all together.
So to answer your question, the chance that it has been used as part of a process of a big hack is very likely, but it’s not very important.
tl;dr NMAP is an information gathering tool which is very commonly and frequently used, but usually not very important as to how a hack took place.