// Comparison

Black Hat Go vs Nmap Network Scanning: Which Should You Read?

Two cybersecurity books on Tooling, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

4/52020

Go Programming For Hackers and Pentesters

Tom Steele, Chris Patten, Dan Kottmann

Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.

Beginner

4/52009

Nmap Network Scanning

The Official Nmap Project Guide to Network Discovery and Security Scanning

Gordon Fyodor Lyon

Written by Nmap's own author, this is both a gentle introduction to port scanning and the definitive reference for every flag, timing knob, and NSE script the tool ships with.

Read this if

Offensive practitioners who already know Python (or Bash) and want a compiled-language alternative for tools that need to run as a single binary on locked-down endpoints. Go's cross-compilation and tiny runtime make it the right choice for many implant-style tools.

Anyone who runs Nmap regularly and wants to actually understand its output, and pentesters or admins who need the authoritative explanation of scan types and timing.

Skip this if

Beginners with no programming background. The book assumes Go familiarity at the syntax level; for the language itself, read The Go Programming Language (Donovan/Kernighan) first.

Readers wanting a modern, broad recon toolkit. Skip this if you want coverage of cloud-era discovery; it is deep on one tool, not a survey.

Key takeaways

Go binaries cross-compile to Windows, Linux, macOS, and ARM with no toolchain pain; for offensive tools that need to land on a target, Go saves hours.
Concurrency in Go is simple enough that scanners, brute forcers, and watchdog tools become trivial to write; the book's networking chapters lean on this.
Modern offensive tooling (Cobalt Strike alternatives, Mythic agents, Sliver) is increasingly Go-native; reading this book is reading the language those projects share.

The difference between scan types (SYN, connect, ACK, idle) is about what the network tells you, not just speed.
Timing and performance tuning is where real-world scanning succeeds or gets you blocked, and the book treats it as a first-class topic.
The Nmap Scripting Engine turns the scanner into a lightweight vulnerability and discovery framework, and the reference chapters are the best documentation that exists for it.

How they compare

Black Hat Go and Nmap Network Scanning are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Black Hat Go is pitched at intermediate level. Nmap Network Scanning is pitched at beginner level. Read the easier one first if you're not yet comfortable with the topic.

Black Hat Go and Nmap Network Scanning both cover Tooling, Networking, so reading them in sequence reinforces the same material from different angles.

Keep reading

Black Hat Go

→ Alternatives to Black Hat Go → What to read after Black Hat Go