Alternatives to Nmap: from simple to advanced network scanning

Nmap has established itself as a premier, free, open-source network mapping tool. There are alternatives that are also free, though they vary in their sophistication and ease of use.

Howard Wen Sep 18th 2018
network-scanning.jpg

This month marks the 20th anniversary of Nmap, the open-source network mapping tool that became the standard used by many IT professionals, but that can be a bit much if you only need to do general network maintenance and are intimidated by its command-line interface.

There are alternatives – not many – that range in technical sophistication from tools with GUIs that can ease you into performing the essentials of network maintenance to more advanced software that is similar to Nmap itself.

Like Nmap, all these network tools are free.

Maybe once you’ve mastered one or more of these alternatives, you’ll develop the confidence to graduate to Nmap.

Advanced IP Scanner and Advanced Port Scanner for Windows

These tools are made by the same developer, Famatech, and share similar GUIs. You can consider them together as part of the same toolkit.

You don't need to install either one on a computer. Each is an executable that you can launch right away, running from a USB flash drive, for example.

Advanced IP Scanner is designed to scan LANs. Through its GUI, it shows you all the computers and other devices connected to your LAN. Scan results can be exported to a CSV file. You can also access shared folders on a computer or device, control them remotely (using RDP and Radmin), or shut down a computer or device.

Advanced Port Scanner scans for open ports on network computers and other devices, and it shows any version information it finds for programs running on detected ports. Commands can be executed on remote computers or devices, and resources can be accessed from them via FTP, HTTP, HTTPS or shared folders. As with Advanced IP Scanner, you can remote-control a computer or device on the network using RDP and Radmin, or you can shut it down.

Angry IP Scanner

For Linux, macOS or Windows, this open-source scanner can be run from a USB flash drive. It has a basic, efficient looking GUI but also includes a command-line interface if you don’t mind typing and can do without mousing and clicking menus.

Angry IP Scanner scans IP addresses and ports and is designed to do this quickly by creating a scanning thread for each scanned address. Scan results can be exported to CSV, TXT, XML or IP-Port list files.

This tool can provide favorite IP address ranges, NetBIOS information and web server detection. More features can be added by installing Java plugins.

The developer dissuades people from thinking of the tool as something that could be used/abused by hackers, so Angry IP Scanner lacks so-called stealth-scanning features that two other tools in this list provide.

Dipiscan

The native language of this scanner is French, but if that’s not a language you use, its UI can be set to English. Dipiscan supports Windows and can be run from a USB flash drive. It comes in GUI and command-line versions as two separate executables.

The GUI version uses a tab interface design. It scans for computers and other devices on your network, listing typical information such as DNS name, domain and user names, MAC address, NetBIOS name, network adapter manufacturer and OS of the computer or device. Right-click on the name of a device to open a menu of commands you can send t it, such as restart or sleep, or Wake-on-LAN. You can also control it through remote desktop.

Dipiscan includes two other tools: traceroute and search by DNS name or IP. Notable features include configuring the way you receive information through it, customizing the fields used in reports and even adding your own commands to its UI (its right-click menu).

Masscan

As its name suggests, Masscan is designed to mass-scan IP addresses and ports and do so quickly. This command-line tool can purportedly scan the entire Internet in 6 minutes thankse to its asynchronous design: its transmit and receive functions operate independently.

By default, Masscan’s scan rate is 100,000 packets-per-second. The macOS or Windows version of this tool can be set to 300,000 packets-per-second. On Linux, Masscan can do 1.6 million packets-per-second. But it can scan up to 100 million packets-per-second on a computer rigged with eight 10-Gbps network cards installed in it and running the PF_RING driver.

To mitigate overwhelming networks with its massive scanning, Masscan is set to scan IP addresses in randomized order. Additionally, an exclusion list of ranges of ports not to scan can be implemented, since some sites may track scans and then ban your IP.

Because Masscan uses a custom TCP/IP stack, its large-scale scanning can conflict with the local TCP/IP. Its developer advises firewalling the ports that Masscan uses or configuring it to use a separate IP address.

NetCrunch Tools

This toolset for Windows is recommended if you have beginning or intermediate knowledge of network maintenance and are more comfortable using simple GUIs and Windows. The website for NetCrunch Tools groups the 12 tools within it under three headings: Basic IP Tools, Subnet Tools and Scanners.

In fact, the website itself can be used as a primer to teach someone what these common networking tools do. For example, it describes the Ping tool in NetCrunch Tools as “Test the reach ability of a host on an IP network and measure the round-trip time for messages sent to a destination computer.”

NetCrunch has four scanning tools: Network Service Scanner scans for 70 known services (such as TCP, TLS andUDP) running on computers and other devices on a network. Open Port Scanner scans for open ports, based on a list of known ports or within a range you set. Ping Scanner can scan a range of IP addresses and perform DNS lookups. SNMP Scanner extracts basic information about computers and other devices on a network under SNMP.

ZMap Project

This is a large collection of open-source, command-line tools for Linux that scan and perform other networking tasks across the Internet.

The headliner is the single-packet scanner ZMap. ZGrab is an application-state scanner that works alongside ZMap. ZTag annotates data outputted by ZMap with metadata, such as device information and any vulnerabilities found. ZBlacklist helps you quickly filter out IP addresses by organizations that have requested not to be scanned. ZAnnotate adds metadata to IPs such as location and routing data. ZCertificate parses certificates and generates descriptions for them in JSON format. In all, there are 14 tools in the ZMap Project.

As for the namesake tool, ZMap can scan the entire Internet in under 5 minutes on a 10 Gigabit Ethernet connection using the PF_RING driver. Otherwise, this takes about 45 minutes to do from a computer with a gigabit Ethernet connection. Zmap can also perform BACnet, ICMP, TCP SYN and UPnP scans. And it can do DNS queries and send UDP probes.