As an ex network admin, not having port scanners and vulnerability testing tools would make me feel blind. Those tools have very legitimate uses. Port scanners don't even have to be used for security purposes, sometimes you can't access a machine and want to see what services are active and open to the world etc.
There will probably be a vague exception for legitimate professional use, the way there is for burglary tools. Varies based on the jurisdiction, but whether carrying a lockpick set is illegal depends a lot on factors like whether you're a locksmith, the circumstances in which you were carrying it, etc. The crime essentially boils down to something like: carrying a lockpick set while seeming suspicious and not having a good excuse.
Indeed. I often find myself using nmap on my own network to find out which IP address was assigned to a system when .local/mDNS name resolution is down and the DHCP server doesn't provide enough info to identify a specific computer.
