nmap-scan-management
nmap Scan Management
How to Call the nmap MCP Tools
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" TOOL_NAME '{"param":"value"}'
When to Use
- Run nmap with flags not covered by the purpose-built tools
- Review past scan results without re-scanning
- Compare before/after scans (pre-change vs post-change)
- Retrieve a specific scan result by ID
Available Tools
| Tool | Purpose |
|---|---|
nmap_custom_scan |
Run nmap with arbitrary flags (scope-enforced + audit-logged) |
nmap_list_scans |
List recent saved scans with IDs, timestamps, targets |
nmap_get_scan |
Retrieve full results of a previous scan by ID |
Custom Scans
For power users who need flags not covered by the dedicated tools:
# Aggressive scan with version detection
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_custom_scan '{"target":"192.168.1.1","flags":"-A -T4"}'
# Scan specific ports with timing template
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_custom_scan '{"target":"10.0.0.0/24","flags":"-sS -p 22,80,443 -T3 --open"}'
# Idle scan using a zombie host
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_custom_scan '{"target":"192.168.1.1","flags":"-sI 192.168.1.254"}'
# IPv6 scan
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_custom_scan '{"target":"fd00:cc:1:2::1","flags":"-6 -sT -p 179,22,80"}'
Safety: The following are blocked in custom scans:
- Shell metacharacters (
;,&,|,`,$, etc.) - Output-writing flags (
-oN,-oX,-oG,-oA) - Path-based flags (
--datadir,--servicedb,--scriptwith path)
Use the dedicated nmap_script_scan or nmap_vuln_scan tools for NSE scripts.
Scan History
List Recent Scans
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_list_scans '{"limit":20}'
Returns newest-first list with scan_id, timestamp, tool used, and target.
Retrieve a Specific Scan
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_get_scan '{"scan_id":"20250307_143022_a1b2c3"}'
Returns the full scan result as originally captured.
Workflow: Before/After Comparison
When validating a change:
- Before change: Run a baseline scan and note the scan_id
- Make the change (firewall rule, service deploy, etc.)
- After change: Run the same scan again
- Compare: Retrieve both scans and diff the open ports / services
# Baseline
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_top_ports '{"target":"192.168.1.1","count":1000}'
# Note: scan_id from output, e.g. "20250307_140000_abc123"
# ... make changes ...
# Post-change
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_top_ports '{"target":"192.168.1.1","count":1000}'
# Retrieve both for comparison
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_get_scan '{"scan_id":"20250307_140000_abc123"}'
python3 $MCP_CALL "python3 -u $NMAP_MCP_SCRIPT" nmap_get_scan '{"scan_id":"20250307_141500_def456"}'
Tool Parameters
nmap_custom_scan
target(required): IP, hostname, or CIDR rangeflags(required): Raw nmap flags (do NOT include the target in flags)
nmap_list_scans
limit(optional): Max number of scans to return (default: 20, newest first)
nmap_get_scan
scan_id(required): The scan_id returned by any scan tool or nmap_list_scans
Important Rules
- Custom scans still enforce the CIDR allowlist — out-of-scope targets are rejected
- Every scan (including custom) is recorded in the audit log
- All scan results are saved to disk and retrievable by scan_id
- Do NOT put the target in the
flagsparameter — it's added automatically - Shell injection is blocked — forbidden characters are rejected
More from automateyournetwork/netclaw
drawio-diagram
Generate draw.io network diagrams — native .drawio files with CLI export (PNG/SVG/PDF), plus browser-based Mermaid/XML/CSV via MCP server. Use when creating network topology diagrams, generating architecture visuals, exporting diagrams to PNG or PDF, or building draw.io files from discovery data.
20pyats-topology
Network topology discovery via CDP/LLDP neighbors, ARP tables, routing peers, and interface mapping to build complete network maps. Use when mapping the network, building a diagram, discovering what is connected to what, or documenting device neighbors and links.
20aws-architecture-diagram
AWS architecture diagrams — generate visual network topology diagrams from live AWS infrastructure. Use when drawing AWS network diagrams, visualizing VPCs, mapping Transit Gateway topology, or generating architecture documentation.
19grafana-observability
Grafana observability platform — dashboards, Prometheus PromQL, Loki LogQL, alerting, incidents, OnCall schedules, annotations, datasource queries, panel rendering (75+ tools). Use when querying Grafana dashboards, running PromQL for interface metrics, searching Loki logs for syslog events, investigating firing alerts, or checking who is on call.
18pyats-health-check
Comprehensive network device health monitoring - CPU, memory, interfaces, hardware, NTP, logging, environment, and uptime analysis. Use when running a device health check, monitoring CPU or memory usage, checking interface errors, or validating NTP sync.
17aws-security-audit
AWS security auditing — IAM users/roles/policies, CloudTrail API events, security posture analysis. Use when auditing IAM permissions, investigating security incidents, checking MFA compliance, or tracing API activity in CloudTrail.
16