Nmap v5.20 released
Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source (license).
- Dramatically improved the version detection database, integrating 2,596 submissions that users contributed since February 3, 2009! More than a thousand signatures were added, bringing the total to 8,501. Many existing signatures were improved as well. Please keep those submissions and corrections coming! Nmap prints a submission URL and fingerprint when it receives responses it can’t yet interpret.
- [NSE] Added a new script, oracle-sid-brute, which queries the Oracle TNS-listener for default instance/sid names. The SID enumeration list was prepared by Red Database security. See http://nmap.org/nsedoc/scripts/oracle-sid-brute.html. [Patrik Karlsson]
- [Ncat] The —ssl, —output, and —hex-dump options now work with —exec and —sh-exec. Among other things, this allows you to make a program’s I/O available over the network wrapped in SSL encryption for security. It is implemented by forking a separate process to handle network communications and relay the data to the sub-process. [Venkat, David]
- Nmap now tries start the WinPcap NPF service on Windows if it is not already running. This is rare, since our WinPcap installer starts NPF running at system boot time by default. Because starting NPF requires administrator privileges, a UAC dialog for net.exe may appear on Windows Vista and Windows 7 before NPF is loaded. Once NPF is loaded, it generally stays loaded until you reboot or run "net stop npf". [David, Michael Pattrick]
- The Nmap Windows installer and our WinPcap installer now have an option /NPFSTARTUP=NO, which inhibits the installer from setting the WinPcap NPF service to start at system startup and at install-time. This option only affects silent mode (/S) because existing GUI checkboxes allow you to configure this behavior during interactive installation. [David]
- [NSE] Replaced our runlevel system for managing the order of script execution with a much more powerful dependency system. This allows scripts to specify which other scripts they depend on (e.g. a brute force authentication script might depend on username enumeration scripts) and NSE manages the order. Dependencies only enforce ordering, they cannot pull in scripts which the user didn’t specify. See http://nmap.org/book/nse-script-format.html#nse-format-dependencies [Patrick]
- [Ncat] For compatibility with Hobbit’s original Netcat, The -p option now works to set the listening port number in listen mode. So "ncat -l 123" can now be expressed as "ncat -l -p 123" too. [David]
- A new script argument, http.useragent, lets you modify the User-Agent header sent by NSE from its default of "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)". Set it to the empty string to disable the User-Agent entirely. [David, Tom Sellers, Jah]
- [Zenmap] The locale setting had been taken from the Windows locale, which inadvertently made setting the locale with the LANG environment variable stop working. Now the LANG variable is examined first, and if that is not present, the system-wide setting is used. This change allows users to keep Zenmap in its original English (or any of Zenmap’s other languages) even if their system is set to use a different locale. [David]
- [NSE] The http-favicon script is now better at finding "link rel=icon" tags in pages, and uses that icon in preference to /favicon.ico if found. If the favicon.uri script arg is given, only that is tried. Meanwhile, a giant (10 million web servers) favicon scan by Brandon allowed us to add about 40 more of the most popular icons to the DB. [David, Brandon]
- [NSE] smb-psexec now works against Windows XP (as well as already-supported Win2K and Windows 2003). The solution involved changing the seemingly irrelevant PID field in the SMB packet. See http://seclists.org/nmap-dev/2010/q1/13. [Ron]
- [NSE] Fixed a bug which kept the nselib/data/psexec subdirectory out of the Windows packages. We needed to add the /s and /e options to xcopy in our Visual C++ project file. [David]
- [NSE] Overhauled our http library to centralize HTTP parsing and make it more robust. The biggest user-visible change is that http.request goes back to returning a parsed result table rather than raw HTTP data. Also the http.pipeline function no longer accepts the no-longer-used "raw" option. [David]
- Fixed a bug in traceroute that could lead to a crash: terminate called after throwing an instance of ’std::out_of_range’ what(): bitset::test It happened when the preliminary distance guess for a target was greater than 30, the size of an internal data structure. David and Brandon tracked down the problem.
- Fixed compilation of libdnet-stripped on platforms that don’t have socklen_t. [Michael Pattrick]
- Added a service probe and match lines for the Logitech/SlimDevices SqueezeCenter music server. [Patrik Karlsson]
- Fixed the RTSPRequest version probe, which was accidentally modified to say "RTSP/2.0" rather than "RTSP/1.0" in 5.10BETA2. [Matt Selsky]
- [NSE] Our http library no longer allows cached responses from a GET request to be returned for a HEAD request. This could cause problems with at least the http-enum script. [David]
- Fixed a bug in the WinPcap installer: If the "Start the WinPcap service ’NPF’ at startup" box was unchecked and the "Start the WinPcap service ’NPF’ now" box was checked, the second checkbox would be ignored (the service would not be started now). [Rob Nicholls]