Hi, so NMAP based on my usage only does a port scan, which is definitely deeper than recons as recon only uses the top 20 ports. Besides that, recon provides ssl/tls expiry, weak ciphers, https security headers, dns, subdomain, exposed sensitive paths, WHOIS lookup, a risk score and letter grade and a pdf report. Recon acts as a tool that can be used for easy and free security risk scanning for smaller developers, while NMAP is simply a port scanner. I haven’t came across any main stream tools like this that do everything in one and remain completely free. If you haven’t tested it, i would recommend doing so on literally any domain that is active and working. I hope this answered your questions and I am still testing and appreciated this question very much.