Cybersecurity
The release of Kali Linux 2025.3 includes a notable update featuring the introduction of the llm-tools-nmap plugin. This tool integrates artificial intelligence with cybersecurity, enhancing network scanning capabilities.
Technical Specifications
The llm-tools-nmap plugin is an experimental addition that combines Simon Willison’s command-line Large Language Model (LLM) tool with the Nmap security scanner. This integration allows LLMs to conduct network discovery and security auditing tasks through function calling.
The plugin enables users to issue natural language commands to the LLM, which are then converted into specific Nmap scanning actions. It acts as a bridge between the LLM and the Nmap tool, facilitating a range of network scanning tasks essential for security professionals and system administrators.
Capabilities
The plugin supports various network scanning functionalities, including:
- Network discovery to identify local network information and suggest scan ranges.
- Quick scans of common ports, targeted scans of specific port ranges, and ping scans to discover live hosts on a network.
- Service detection to identify software and versions on open ports, operating system detection, and execution of Nmap Scripting Engine (NSE) scripts for advanced vulnerability detection.
Installation and Usage
To utilize the plugin, certain prerequisites must be met, including a functioning installation of Python 3.7 or higher, Simon Willison’s LLM tool, and Nmap. Nmap can be installed on most operating systems, such as via sudo apt-get install nmap on Debian/Ubuntu or brew install nmap on macOS.
The tool functions are experimental and can be triggered using the --functions flag in the command line. Key functions include:
nmap_scan(target, options=""): Generic Nmap scan with custom optionsnmap_quick_scan(target): Fast scan of common ports (-T4 -F)nmap_port_scan(target, ports): Scan specific portsnmap_service_detection(target, ports=""): Service version detection (-sV)nmap_os_detection(target): Operating system detection (-O)nmap_ping_scan(target): Ping scan to discover live hosts (-sn)nmap_script_scan(target, script, ports=""): Run NSE scripts
Example command: llm --functions llm-tools-nmap.py "scan my network for open databases".
Security Considerations
Developers advise caution, highlighting that providing an LLM with access to security tools is experimental and may lead to unintended consequences. Certain Nmap features, such as OS detection, require root or administrator privileges. Users must have explicit permission to scan target networks and adhere to organizational security policies regarding network scanning activities.
