Welcome back, aspiring cyberwarriors! Nmap has been the gold standard of network scanning for decades, and over this time, it has obtained hundreds of command-line options and NSE scripts. It’s great from one side, you can tailor the command for your needs, but on the other side, it requires expertise. What if you could simply […]
The post Artificial Intelligence in Cybersecurity: Using AI for Port Scanning first appeared on Hackers Arise.
Welcome back, aspiring cyberwarriors!
Nmap has been the gold standard of network scanning for decades, and over this time, it has obtained hundreds of command-line options and NSE scripts. It’s great from one side, you can tailor the command for your needs, but on the other side, it requires expertise. What if you could simply tell an AI in plain English what you want to discover, and have it automatically select the right Nmap commands, parse the results, and identify security issues?
That’s exactly what the LLM-Tools-Nmap utility does. Basically, it bridges the gap between Large Language Models (LLMs) and Nmap.
Let’s explore how to use this tool and which features it has.
Step #1: Let’s Take a Closer Look at What LLM-Tools-Nmap Is
LLM-Tools-Nmap is a plugin for Simon Willison’s llm command-line tool that provides Nmap network scanning capabilities through AI function calling. The llm CLI tool is used for interacting with OpenAI, Gemini, and dozens of other LLMs. LLM-Tools-Nmap enables LLMs to “intelligently” control Nmap, selecting appropriate scan types, options, and NSE scripts based on natural language instructions.
The key innovation here is tool use or function calling – the ability for an LLM to not just generate text, but to execute actual commands and interpret their results. The AI becomes an intelligent wrapper around Nmap, translating your intent into proper scanning commands.
Step #2: Installing LLM-Tools-Nmap
Kali Linux 2025.3 release already has this tool in its repository. But if you’re using an older version, consider installing it manually from GitHub.
kali> git clone https://github.com/peter-hackertarget/llm-tools-nmap.git
kali> llm-tools-nmap
Next, we need to install a core–llm CLI tool. It can be done via pip. I’m going to do so via pipx for an isolated environment.
kali> pipx install llm
Verify the installation:
kali> llm –version
Step #3: Configure an LLM Model
You must configure an LLM model before using the llm-tools-nmap. By default, the LLM tool tries to use OpenAI, which requires an API key. If you don’t want to pay for a paid OpenAI account, you can install local models via Ollama—just keep in mind that this requires appropriate hardware. Alternatively, you can use Google Gemini, which offers a free tier; that’s the option I’ll be using.
To use Gemini in llm-tools-nmap, you need to install the plugin:
kali> llm install llm-gemini
Next, we need to obtain an API key. That can be done on the following page: https://aistudio.google.com/apikey.
Then set it:
kali> llm keys set gemini
Now, we can verify Gemini is available:
kali> llm models
You should see an output similar to the above. From the list, you can choose the model that sets it as the default one.
kali> llm models default gemini-x.x-xxxx
Step #4: Understanding the Function-Calling Architecture
A generalized diagram of how llm-tools-nmap works under the hood is shown below:
The process begins when the user supplies a natural-language instruction. The AI then interprets the intent, deciding which Nmap functions are needed, and the plugin executes the appropriate Nmap commands on the target. Once Nmap finishes, its output is captured and sent back to the LLM, which analyzes the results and translates them into a clear, natural-language summary for the user.
The plugin provides eight core functions:
get_local_network_info(): Discovers network interfaces and suggests scan ranges
nmap_quick_scan(target): Fast scan of common ports
nmap_port_scan(target, ports): Scan specific ports
nmap_service_detection(target, ports): Service version detection
nmap_os_detection(target): Operating system fingerprinting
nmap_ping_scan(target): Host discovery
nmap_script_scan(target, script, ports): Run NSE scripts
nmap_scan(target, options): Generic Nmap with custom options
The AI automatically selects which functions to use based on your query.
Step #5: Getting Started with Llm-tools-nmap
Let’s find live hosts on the network:
kali> llm --functions llm-tools-nmap.py "Scan my local network to find live hosts"
Good. Now, let’s do a rapid recon of a target:
kali> llm --functions llm-tools-nmap.py "Do a quick port scan of
This executes a fast scan (-T4 -F) of common ports.
Next, let’s try to do a multistage recon:
kali> llm --functions llm-tools-nmap.py "What services are running on
The AI will first carry out an initial port scan, then run service detection on any ports that are found open. After that, it executes the relevant NSE scripts and analyzes the resulting data for security implications. Finally, it presents a comprehensive report that highlights any identified vulnerabilities.
Summary
Someone who reads this article might start arguing that AI could replace pentesters. While this tool demonstrates how AI can simplify hacking and reconnaissance—allowing you to type a single English sentence and have Nmap begin scanning—it is far from a substitute for a skilled hacker. An experienced professional understands Nmap’s myriad flags and can think creatively to adapt scans to complex scenarios.
The post Artificial Intelligence in Cybersecurity: Using AI for Port Scanning first appeared on Hackers Arise.
Source: HackersArise
Source Link: https://hackers-arise.com/artificial-intelligence-in-cybersecurity-using-ai-for-port-scanning/