Nmap is most used as a portscanner. If you want to know if your firewall correctly setup, Nmap is THE tool to use. Unfortunately, Nmap is also used by hackers and script kiddies. I think, most of the time, it are the script kiddies who use it to do some harm. IDS’s and firewalls are getting better at detecting portscans with for example Nmap. Hackers want to stay more under the radar to avoid detection.
There are plenty of tools available that you can use to find vulnerability flaws on a website. One tool I use is CMSmap (https://github.com/Dionach/CMSmap) that is written in Python.
When using the internet, we all use DNS records to resolve the name of websites so our computer and/or browser knows that when we go to https://binaryfigments.com the browser has to go to the webserver with the IP address 220.127.116.11 of the IPv6 address 2a01:448:1003::130. The other way around There is also a way to get a name behind an IP address. This is also a DNS record named a PTR record.