Nmap v5.20 released

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source (license).

Nmap 5.20

  • Dramatically improved the version detection database, integrating
    2,596 submissions that users contributed since February 3, 2009!
    More than a thousand signatures were added, bringing the total to
    8,501. Many existing signatures were improved as well. Please keep
    those submissions and corrections coming! Nmap prints a submission
    URL and fingerprint when it receives responses it can’t yet
    interpret.
  • [NSE] Added a new script, oracle-sid-brute, which queries the Oracle
    TNS-listener for default instance/sid names. The SID enumeration
    list was prepared by Red Database security. See
    http://nmap.org/nsedoc/scripts/oracle-sid-brute.html. [Patrik
    Karlsson]
  • [Ncat] The —ssl, —output, and —hex-dump options now work with
    —exec and —sh-exec. Among other things, this allows you to make a
    program’s I/O available over the network wrapped in SSL encryption
    for security. It is implemented by forking a separate process to
    handle network communications and relay the data to the
    sub-process. [Venkat, David]
  • Nmap now tries start the WinPcap NPF service on Windows if it is not
    already running. This is rare, since our WinPcap installer starts
    NPF running at system boot time by default. Because starting NPF
    requires administrator privileges, a UAC dialog for net.exe may
    appear on Windows Vista and Windows 7 before NPF is loaded. Once
    NPF is loaded, it generally stays loaded until you reboot or run
    "net stop npf". [David, Michael Pattrick]
  • The Nmap Windows installer and our WinPcap installer now have an
    option /NPFSTARTUP=NO, which inhibits the installer from setting the
    WinPcap NPF service to start at system startup and at install-time.
    This option only affects silent mode (/S) because existing GUI
    checkboxes allow you to configure this behavior during interactive
    installation. [David]
  • [NSE] Replaced our runlevel system for managing the order of script
    execution with a much more powerful dependency system. This allows
    scripts to specify which other scripts they depend on (e.g. a brute
    force authentication script might depend on username enumeration
    scripts) and NSE manages the order. Dependencies only enforce
    ordering, they cannot pull in scripts which the user didn’t
    specify. See
    http://nmap.org/book/nse-script-format.html#nse-format-dependencies
    [Patrick]
  • [Ncat] For compatibility with Hobbit’s original Netcat, The -p
    option now works to set the listening port number in listen mode.
    So "ncat -l 123" can now be expressed as "ncat -l -p 123"
    too. [David]
  • A new script argument, http.useragent, lets you modify
    the User-Agent header sent by NSE from its default of "Mozilla/5.0
    (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)".
    Set it to the empty string to disable the User-Agent
    entirely. [David, Tom Sellers, Jah]
  • [Zenmap] The locale setting had been taken from the Windows locale,
    which inadvertently made setting the locale with the LANG
    environment variable stop working. Now the LANG variable is examined
    first, and if that is not present, the system-wide setting is
    used. This change allows users to keep Zenmap in its original
    English (or any of Zenmap’s other languages) even if their system is
    set to use a different locale. [David]
  • [NSE] The http-favicon script is now better at finding "link
    rel=icon" tags in pages, and uses that icon in preference to
    /favicon.ico if found. If the favicon.uri script arg is given, only
    that is tried. Meanwhile, a giant (10 million web servers) favicon
    scan by Brandon allowed us to add about 40 more of the most popular
    icons to the DB. [David, Brandon]
  • [NSE] smb-psexec now works against Windows XP (as well as
    already-supported Win2K and Windows 2003). The solution involved
    changing the seemingly irrelevant PID field in the SMB packet. See
    http://seclists.org/nmap-dev/2010/q1/13. [Ron]
  • [NSE] Fixed a bug which kept the nselib/data/psexec subdirectory out
    of the Windows packages. We needed to add the /s and /e options to
    xcopy in our Visual C++ project file. [David]
  • [NSE] Overhauled our http library to centralize HTTP parsing and
    make it more robust. The biggest user-visible change is that
    http.request goes back to returning a parsed result table rather than raw
    HTTP data. Also the http.pipeline function no longer accepts the
    no-longer-used "raw" option. [David]
  • Fixed a bug in traceroute that could lead to a crash:
    terminate called after throwing an instance of ’std::out_of_range’
    what(): bitset::test
    It happened when the preliminary distance guess for a target was
    greater than 30, the size of an internal data structure. David and
    Brandon tracked down the problem.
  • Fixed compilation of libdnet-stripped on platforms that don’t have
    socklen_t. [Michael Pattrick]
  • Added a service probe and match lines for the Logitech/SlimDevices
    SqueezeCenter music server. [Patrik Karlsson]
  • Fixed the RTSPRequest version probe, which was accidentally modified
    to say "RTSP/2.0" rather than "RTSP/1.0" in 5.10BETA2. [Matt Selsky]
  • [NSE] Our http library no longer allows cached responses from a GET
    request to be returned for a HEAD request. This could cause problems
    with at least the http-enum script. [David]
  • Fixed a bug in the WinPcap installer: If the "Start the WinPcap
    service ’NPF’ at startup" box was unchecked and the "Start the
    WinPcap service ’NPF’ now" box was checked, the second checkbox
    would be ignored (the service would not be started now). [Rob
    Nicholls]

More changes

JPEG - 49.5 kb

Post scriptum

Compliance Mandates


Comments

Related Articles

Footprinting
Network Discovery
Nmap
Penetration testing & Ethical Hacking