Nmap v5.20 released
Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source (license).
Nmap 5.20
- Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
More than a thousand signatures were added, bringing the total to
8,501. Many existing signatures were improved as well. Please keep
those submissions and corrections coming! Nmap prints a submission
URL and fingerprint when it receives responses it can’t yet
interpret.
- [NSE] Added a new script, oracle-sid-brute, which queries the Oracle
TNS-listener for default instance/sid names. The SID enumeration
list was prepared by Red Database security. See
http://nmap.org/nsedoc/scripts/oracle-sid-brute.html. [Patrik
Karlsson]
- [Ncat] The —ssl, —output, and —hex-dump options now work with
—exec and —sh-exec. Among other things, this allows you to make a
program’s I/O available over the network wrapped in SSL encryption
for security. It is implemented by forking a separate process to
handle network communications and relay the data to the
sub-process. [Venkat, David]
- Nmap now tries start the WinPcap NPF service on Windows if it is not
already running. This is rare, since our WinPcap installer starts
NPF running at system boot time by default. Because starting NPF
requires administrator privileges, a UAC dialog for net.exe may
appear on Windows Vista and Windows 7 before NPF is loaded. Once
NPF is loaded, it generally stays loaded until you reboot or run
"net stop npf". [David, Michael Pattrick]
- The Nmap Windows installer and our WinPcap installer now have an
option /NPFSTARTUP=NO, which inhibits the installer from setting the
WinPcap NPF service to start at system startup and at install-time.
This option only affects silent mode (/S) because existing GUI
checkboxes allow you to configure this behavior during interactive
installation. [David]
- [NSE] Replaced our runlevel system for managing the order of script
execution with a much more powerful dependency system. This allows
scripts to specify which other scripts they depend on (e.g. a brute
force authentication script might depend on username enumeration
scripts) and NSE manages the order. Dependencies only enforce
ordering, they cannot pull in scripts which the user didn’t
specify. See
http://nmap.org/book/nse-script-format.html#nse-format-dependencies
[Patrick]
- [Ncat] For compatibility with Hobbit’s original Netcat, The -p
option now works to set the listening port number in listen mode.
So "ncat -l 123" can now be expressed as "ncat -l -p 123"
too. [David]
- A new script argument, http.useragent, lets you modify
the User-Agent header sent by NSE from its default of "Mozilla/5.0
(compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)".
Set it to the empty string to disable the User-Agent
entirely. [David, Tom Sellers, Jah]
- [Zenmap] The locale setting had been taken from the Windows locale,
which inadvertently made setting the locale with the LANG
environment variable stop working. Now the LANG variable is examined
first, and if that is not present, the system-wide setting is
used. This change allows users to keep Zenmap in its original
English (or any of Zenmap’s other languages) even if their system is
set to use a different locale. [David]
- [NSE] The http-favicon script is now better at finding "link
rel=icon" tags in pages, and uses that icon in preference to
/favicon.ico if found. If the favicon.uri script arg is given, only
that is tried. Meanwhile, a giant (10 million web servers) favicon
scan by Brandon allowed us to add about 40 more of the most popular
icons to the DB. [David, Brandon]
- [NSE] smb-psexec now works against Windows XP (as well as
already-supported Win2K and Windows 2003). The solution involved
changing the seemingly irrelevant PID field in the SMB packet. See
http://seclists.org/nmap-dev/2010/q1/13. [Ron]
- [NSE] Fixed a bug which kept the nselib/data/psexec subdirectory out
of the Windows packages. We needed to add the /s and /e options to
xcopy in our Visual C++ project file. [David]
- [NSE] Overhauled our http library to centralize HTTP parsing and
make it more robust. The biggest user-visible change is that
http.request goes back to returning a parsed result table rather than raw
HTTP data. Also the http.pipeline function no longer accepts the
no-longer-used "raw" option. [David]
- Fixed a bug in traceroute that could lead to a crash:
terminate called after throwing an instance of ’std::out_of_range’
what(): bitset::test
It happened when the preliminary distance guess for a target was
greater than 30, the size of an internal data structure. David and
Brandon tracked down the problem.
- Fixed compilation of libdnet-stripped on platforms that don’t have
socklen_t. [Michael Pattrick]
- Added a service probe and match lines for the Logitech/SlimDevices
SqueezeCenter music server. [Patrik Karlsson]
- Fixed the RTSPRequest version probe, which was accidentally modified
to say "RTSP/2.0" rather than "RTSP/1.0" in 5.10BETA2. [Matt Selsky]
- [NSE] Our http library no longer allows cached responses from a GET
request to be returned for a HEAD request. This could cause problems
with at least the http-enum script. [David]
- Fixed a bug in the WinPcap installer: If the "Start the WinPcap
service ’NPF’ at startup" box was unchecked and the "Start the
WinPcap service ’NPF’ now" box was checked, the second checkbox
would be ignored (the service would not be started now). [Rob
Nicholls]
More changes
Post scriptum
Compliance Mandates
|