Launch offeryour first badge for €5 with code
Plume
← All skills
Nmap
Cybersecurity & GDPR

Nmap

TCP/UDP scan, OS/service fingerprinting, NSE scripts, timing, firewall evasion.

15 minutes€19.99

Before starting, we run a 1-minute tech check β€” microphone, ambient noise, connection. If your setup isn't good enough, the test is fully refunded.

How does it work? β†’

About the Nmap badge

Prove in 15 minutes that you actually know Nmap: stealth scans, NSE scripting, firewall evasion, and large-scale network strategies.

The Plume Nmap badge is a 15-minute AI-driven oral exam that tests whether you can truly use Nmap in professional audit and penetration testing contexts. The examiner covers advanced fundamentals: the differences between -sS, -sT, -sU and -sA, building a structured scan strategy across a /16 in production, using the NSE engine (http-enum, vuln, smb-os-discovery, ssl-heartbleed...), timing templates from T0 to T5, and firewall/IDS evasion via packet fragmentation, decoys, or source-port manipulation. The AI doesn't ask you to recite a man page. It pushes you to reason, justify your choices, and articulate the limits of your approaches under real-world constraints.

Unlike a paper certification or a self-declared LinkedIn skill, the Plume badge is built on a recorded oral evaluated by Claude Opus, which reads the full transcript and produces a 0-100 score, a proficiency level (Novice, Proficient, Advanced, Expert) and a detailed feedback report. Any recruiter or client who receives your badge can listen to the audio, check the score, and read the breakdown. It's verifiable evidence, not a self-assessment.

This badge is for pentesters, network auditors, security engineers, and cybersecurity students who want to give their Nmap skills an objective, shareable credential β€” on a resume, a LinkedIn profile, or a client proposal. Whether you're preparing for a Red Team engagement, a compliance audit, or your first offensive security role, the Nmap badge turns your expertise into something concrete and measurable.

What this badge evaluates

Here are the concrete dimensions the AI examines during the 15-minute oral.

How this badge is scored

Final scoring is performed by Claude (Anthropic), which reads back the full transcript and applies this weighted criteria grid.

How the oral exam unfolds

A Plume session takes about 20 minutes, from tech check to badge delivery.

  1. Step 1

    Tech check (1 min)

    The AI checks your mic quality and ambient noise level. There's no screen sharing and no code to type: the Nmap oral is entirely conversational. You confirm you're ready, and the clock starts.

  2. Step 2

    Warm-up and context setting (2 min)

    The AI asks you to introduce yourself briefly and describe your most recent or most significant Nmap use: an internal audit, a Red Team engagement, a CTF, or a dedicated lab. This calibrates the depth of the questions that follow.

  3. Step 3

    In-depth technical exploration (10 min)

    The core of the exam. The AI works through scan types (SYN vs UDP vs ACK), the NSE engine, large-network scanning strategies, evasion techniques (fragmentation, decoys, source-port), toolchain integration, and alternatives to Nmap. It follows up on your answers to probe for gaps or dig deeper into what you know.

  4. Step 4

    Practical scenario and trade-offs (2 min)

    The AI presents a concrete scenario: for example, mapping a /16 in production without triggering SOC alerts, or deciding between Nmap and masscan for an internet-scale engagement. You argue your approach in real time, including trade-offs and risks.

  5. Step 5

    Badge delivery (within a few hours)

    The session ends automatically. Claude Opus reads the full transcript and generates your score (0-100), your Nmap proficiency level, and a personalized feedback report. Your badge with its shareable URL is delivered as soon as the analysis is complete.

The 4 proficiency levels

Your score out of 100 translates into a level a recruiter can grasp at a glance.

Novice

Score 0-39

You know the basic Nmap commands (nmap -sV, nmap -A) and can run a simple scan against a single target. You struggle to explain the difference between a SYN scan and a connect scan, and NSE is largely unexplored territory. You use Nmap as a black box without really understanding what's happening at the network layer.

Proficient

Score 40-59

You have a solid grip on the main TCP scan types and use common options (-p, -T4, -O, -sV, --script). You've run scripts from the default or safe NSE categories and know how to export to XML. You can scan a reasonably sized network but still lack a systematic strategy for large perimeters or heavily filtered environments.

Advanced

Score 60-79

You build scan strategies tailored to the context: timing, phased discovery, UDP port scanning, basic evasion (fragmentation, T1). You use NSE deliberately with vuln, auth, or discovery scripts, and you integrate Nmap into workflows alongside tools like Metasploit or Nessus. You interpret ambiguous results and know when to reach for alternatives like masscan or Rustscan.

Expert

Score 80-100

You run optimized scanning campaigns across /8 ranges or internet-facing scopes, write or adapt NSE scripts in Lua, and master advanced evasion techniques (decoys, TTL manipulation, source-port) while understanding exactly where they fail against modern behavioral IDS. You plug Nmap into CI/CD pipelines for continuous scanning and can train others or write detailed audit procedures.

Who this badge is for

No degree or years of experience required to take the badge. Here are the profiles it makes the most sense for.

Concrete use cases

Where and how your Nmap badge will help you day to day.

Prerequisites

A few minutes to check you have everything you need.

What you take away

At the end of your session you don't just get a score β€” here's everything that awaits you.

Frequently asked questions about the Nmap badge

You should have used Nmap regularly in a real audit or a serious lab environment like HackTheBox or TryHackMe. If you can only run 'nmap -A' without understanding what it does, the oral will be tough. But if you're comfortable with different scan types, the NSE engine, and timing options, you're ready to aim for Proficient or Advanced. The AI calibrates its questions based on the experience level you describe in your intro.

Other Cybersecurity & GDPR badges

Discover related skills you can validate with Plume.

Ready to take the Nmap badge?

A 15-min oral exam with an AI, a shareable badge for your recruiters.

Choose this badge Β· €19.99