For reasons similar to masscan, it is worth investigating if Nmap is discovered on an unexpected host. rule nmap { meta: description = "Nmap network scanner" reference = "https://nmap.org" strings: $ = "Usage: nmap [Scan Type(s)] [Options] {target specification}" condition: all of them } YARA Rules Index
Tag: nmap
Nmap + HASSH = <3
Fun project I did a while back to improve 0x4D31's hassh-utils NSE script.
Keeping Nmap Scan History
Logging nmap scans using bash/zsh functions.