Nmap Scripting Engine

scanner Nmap Scripting Engine

Nmap NSE web crawler for security scanning

About this crawler

Nmap Scripting Engine is a web crawler identified by the regular-expression pattern Nmap Scripting Engine in the User-Agent request header. It is categorised as scanner. Use the regex above to detect, log, allow, or block Nmap Scripting Engine traffic in your web server, CDN edge rules, or robots.txt.

Block-rate · top 25k sites

0.065%
latest snapshot
2026-06-04
matched key: Nmap Scripting Engine
2026-05-012026-06-040.11%

Technical details

Name
Nmap Scripting Engine
Pattern
Nmap Scripting Engine
Tags
scanner
Reference
https://nmap.org/book/nse.html
Added
2019/02/04
rDNS suffixes
.nmap.org
Instances
1 known sample(s)

rDNS verification (FCrDNS)

Verify a request is genuinely Nmap Scripting Engine with forward-confirmed reverse DNS: the client IP's PTR record must end in one of the suffixes below and a forward A/AAAA lookup of that hostname must return the same IP. UA strings alone are spoofable; FCrDNS is not.

Sample User-Agent strings

Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)

Block this crawler

robots.txt — disallow Nmap Scripting Engine:

User-agent: Nmap Scripting Engine Disallow: /

Apache .htaccess — return 403:

RewriteEngine On RewriteCond %{HTTP_USER_AGENT} Nmap Scripting Engine [NC] RewriteRule .* - [F,L]

Nginx — return 403 inside a server block:

if ($http_user_agent ~* "Nmap Scripting Engine") { return 403; }
← back to all crawlers