New Kali Tool llm-tools-nmap Uses Nmap For Network Scanning Capabilities

Along with the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the llm-tools-nmap.

A new experimental plugin, llm-tools-nmap, has been released, providing Simon Willison’s command-line Large Language Model (LLM) tool with network scanning capabilities.

This package integrates the powerful and widely used Nmap security scanner, enabling LLMs to perform network discovery and security auditing tasks through function calling.

The recent release of Kali Linux 2025.3 introduces a new tool, including gemini-cli, among others.

The plugin allows users to issue natural language commands to the LLM, which are then translated into specific Nmap scanning actions.

The primary function of llm-tools-nmap is to act as a bridge between the LLM and the Nmap tool. Its features cover a wide range of network scanning tasks essential for security professionals and system administrators.

The plugin can perform network discovery to identify local network information and suggest appropriate scan ranges.

It supports various scanning types, including quick scans of common ports, targeted scans of specific port ranges, and ping scans to discover live hosts on a network.

More advanced capabilities include service detection to identify the software and versions running on open ports, operating system detection to profile target systems, and the ability to run Nmap Scripting Engine (NSE) scripts for customized and advanced vulnerability detection.

Installation and Usage

To use the plugin, several prerequisites must be met. Users need a working installation of Python 3.7 or higher, Simon Willison’s LLM tool, and, critically, a functional Nmap installation.

Nmap can be easily installed on most operating systems, such as via sudo apt-get install nmap on Debian/Ubuntu systems or brew install nmap on macOS.

The tool functions are currently experimental and can be invoked using the --functions flag in the command line.

• nmap_scan(target, options=""): Generic Nmap scan with custom options
• nmap_quick_scan(target): Fast scan of common ports (-T4 -F)
• nmap_port_scan(target, ports): Scan specific ports
• nmap_service_detection(target, ports=""): Service version detection (-sV)
• nmap_os_detection(target): Operating system detection (-O)
• nmap_ping_scan(target): Ping scan to discover live hosts (-sn)
• nmap_script_scan(target, script, ports=""): Run NSE scripts

For example, a user could initiate a scan by running a command like llm --functions llm-tools-nmap.py "scan my network for open databases".

Other examples include discovering local network information or performing detailed service detection on specific IP addresses and ports.

The package provides a suite of specific functions, including get_local_network_info(), nmap_quick_scan(target), nmap_os_detection(target), and nmap_script_scan(target, script).

While these functions offer powerful automation, the developers have issued strong security warnings. Users are reminded that giving an LLM access to security tools is experimental and could lead to unintended consequences.

Certain Nmap features, such as OS detection, require root or administrator privileges to function correctly. Furthermore, users must always have explicit permission to scan the target networks and remain compliant with their organization’s security policies regarding network scanning activities.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.