Nmap Command Builder

A desktop cybersecurity tool for building, executing, and analysing Nmap scans through a graphical interface — no command-line experience required.

Built with Electron + React and designed for system administrators, cybersecurity students, and network engineers.

---

Table of Contents

• Screenshot
• Quick Start
• Features
• Why This Project Exists
• Requirements
• Installation
• Usage
• Root Privileges
• Production Build
• Security Model
• Dependency Security Notes
• Responsible Use
• Roadmap
• Author
• License

---

Screenshot

---

Quick Start

Clone the repository and run the development version.

git clone https://github.com/peterfromslovakia/nmap-command-builder.git
cd nmap-command-builder
npm install
npm run dev

The application will start as an Electron desktop app with the Nmap command builder interface.

---

Features

Command Builder

• Visual flag selector organised into collapsible categories
• Live command preview
• Safe / Advanced mode toggle
• Built-in scan presets
• Searchable Nmap cheatsheet

Scan Execution

• Runs Nmap via child_process.spawn
• Live streaming terminal output
• Kill button for long scans
• Export results as .txt, .json, .csv
• Scan history with quick reload

Post-Scan Intelligence

• Open Ports Panel with risk classification
• Host Info Panel (IP, hostname, MAC, vendor)
• Host Discovery Panel
• Network Map visualisation
• Security Intel Panel
• Follow-up scan suggestions

Safety & Awareness

• ROOT badge for privileged scans
• IDS/IPS warning for stealth techniques
• Built-in ethics and legal notice panel

---

Why This Project Exists

Many powerful cybersecurity tools require deep command-line knowledge.

This project aims to make Nmap accessible through a graphical interface while still exposing the real commands being executed.

It helps:

• system administrators
• cybersecurity students
• penetration testers
• network engineers

learn and use Nmap effectively without memorising hundreds of flags.

---

Requirements

Requirement	Version
Node.js	18+
Nmap	7.x or newer
OS	macOS · Linux
Runtime	Electron

---

Installation

Option 1 — Download prebuilt release (recommended)

Download the latest release from:

https://github.com/peterfromslovakia/nmap-command-builder/releases

Available builds:

• macOS → .dmg
• Windows → .exe
• Linux → .AppImage

No Node.js installation required.

---

Option 2 — Run from source

Clone the repository:

git clone https://github.com/peterfromslovakia/nmap-command-builder.git
cd nmap-command-builder

Install dependencies:

npm install

Install Nmap if needed.

macOS (Homebrew)

brew install nmap

Debian / Ubuntu

sudo apt install nmap

---

Usage

Run development mode:

npm run dev

This launches:

• React frontend
• Electron desktop window
• Nmap command builder interface

You can visually build commands and execute scans directly from the application.

---

Root Privileges

Some Nmap scan techniques require root privileges (administrator rights).

Examples include:

• SYN scan (-sS)
• OS detection (-O)
• UDP scan (-sU)
• advanced stealth techniques

When the application is launched normally (for example from Finder, Launchpad, or a desktop icon), it runs with standard user permissions.

This means some advanced scan techniques may not work correctly.

To enable full functionality, launch the application from Terminal using:

sudo "/Applications/Nmap Command Builder.app/Contents/MacOS/Nmap Command Builder"

This allows Nmap to perform raw packet operations required for advanced scan techniques.

Basic scans such as -sT (TCP Connect Scan) work without root privileges.

---

Production Build

Create optimized build:

npm run build

Create distributable application:

npm run dist

This generates installers such as:

• macOS → .dmg
• Windows → .exe
• Linux → .AppImage

inside the dist directory.

---

Security Model

Security design decisions used in the application:

• contextIsolation enabled
• nodeIntegration disabled
• Nmap execution only from Electron main process
• user input validated before execution
• spawn used instead of exec
• no shell interpolation allowed

These measures help prevent command injection and improve runtime security.

---

Dependency Security Notes

Running npm audit may report vulnerabilities in development dependencies such as:

• react-scripts
• webpack-dev-server
• Electron build tooling
• packaging libraries

These warnings primarily affect the development and build toolchain, not the runtime behaviour of the packaged Electron application.

To maintain build stability, dependencies are updated cautiously rather than automatically applying breaking changes with:

npm audit fix --force

---

Responsible Use

Only scan networks and systems you own or have explicit authorisation to test.

Unauthorised port scanning may be illegal in many jurisdictions.

Slovakia

Skenovanie sietí bez povolenia je v Slovenskej republike trestným činom podľa § 247 Trestného zákona.

Always follow responsible disclosure and legal guidelines when performing security testing.

---

Roadmap

Future improvements planned:

• improved scan presets
• integrated Nmap script library
• vulnerability hints based on detected services
• export reports to Markdown / PDF
• improved network topology visualisation
• automated GitHub release builds
• optional root privilege helper for advanced scans

---

Author

Peter Obala

Cybersecurity enthusiast · Network administrator

GitHub
https://github.com/peterfromslovakia

---

License

MIT License