High-risk tools in Nmap
5 of the 5 tools in Nmap are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
all_ports_scan_networkExecuteScan a network/IP range for all open ports. If mulitple targets are provided and they are not in CIDR format, they should be space-separated.
-
all_scan_networkExecuteScan a network/IP range with -A flag to run all basic scripts. This is the most comprehensive scan. If mulitple targets are provided and they are not in CIDR format, they should...
-
ping_hostExecutePing a host and return the raw output.
-
scan_networkExecuteScan a network/IP range for open ports (top 100 ports). If mulitple targets are provided and they are not in CIDR format, they should be space-separated.
-
smb_share_enum_scanExecuteScan a network/IP range and enumerate smb shares. If mulitple targets are provided and they are not in CIDR format, they should be space-separated.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.