Nmap is een handig programma voor het verkennen en controleren van je netwerk. Het is ontworpen om zonder vertragingen een groot netwerk te scannen, maar het werkt ook zonder problemen op een enkele host. Het programma maakt gebruik van zogenaamde 'raw IP packets' waarmee de actieve hosts en de beschikbare services met allerlei extra informatie worden achterhaald. Voor meer informatie over de mogelijkheden verwijzen we jullie door naar deze pagina. De ontwikkelaar van Insecure.org heeft dan eindelijk Nmap 4.20 de deur uitgedaan na tal van alpha- en bètaversies. De aankondiging ziet er als volgt uit:
Hello everyone, and happy holidays! For Christmas I've built you a new stable (I hope) release of Nmap. Given the substantial number of improvements since 4.11, this release deserves to be called 4.30. But my pot-smoking friend insists on version number 4.20. So read on if you're ready for some packet smoking good times!
We worked for 6 months on this release and had more than a dozen intervening ALPHA releases. For those of you who just want the goods without reading through pages of changes, you can find 4.20 (including the source, Windows binaries, and x86 and x86-64 Linux RPMs) at the Nmap download page.
The most important change in this release is a 2nd generation OS detection system. Nmap has supported OS fingerprinting since 1998, and users have contributed so many fingerprints that Nmap has the most comprehensive database of any tool -- including thousands of fingerprints representing more than 600 system types.
But it is time for something new. Nmap 4.20 includes a second generation system, which utilizes some newer TCP/IP features (such as selective ACK and explicit congestion notification) and benefits from everything we have learned about OS detection in the last 8 years.
We are also starting from scratch with a new fingerprint database. Thanks to many prolific contributors during the ALPHA release cycle, the new database already contains 231 entries. This includes everything from your common Linux and Windows boxes, to more obscure systems such as Minix 3.1.2a and "Ember InSight Adapter for programming EM2XX-family embedded devices". Who doesn't have a few of those laying around?
If you find a system which isn't yet detected, and Nmap considers the fingerprint valid, you will be directed to the new submission page. Please submit these as long as you are certain you know exactly what is running.
Since the new database isn't yet as comprehensive as the old one, the 1st generation system still exists in parallel. Nmap will normally fall back to that if the new system fails to identify a target. You can also specify -O1 to try only the first generations system, or -O2 to disable the fallback mechanism. As before, you can use --osscan-guess for a more aggressive guess (now using better heuristics).
In addition to being more accurate in distinguishing closely related systems, this system is faster because it can handle many targets in parallel.
I would like to particularly thank Zhao Lei, who spent 2 summers helping design and implement this new system. Thanks also go to the Google Summer of Code program which sponsored his work. And of course to everyone who has already submitted fingerprints.
The 2nd generation system is described in great detail here. If you have suggestions for improving the system, please email the nmap-dev list.
If OS detection just isn't your thing, we have many dozens of other improvements which might interest you. The full list is available here , and below are the highlights:
Enjoy the new release, and mail nmap-dev if you find any problems. Also keep those OS detection submissions (if you find an undetected system) and corrections (for wrongly detected systems) coming!
- Nmap now supports IP options with the new --ip-options flag. You can specify any options in hex, or use "R" (record route), "T" (record timestamp), "U") (record route & timestamp), "S [route]" (strict source route), or "L [route]" (loose source route). Specify --packet-trace to display IP options of responses. For further information and examples, see http://insecure.org/nmap/man/ and http://seclists.org/nmap-dev/2006/q3/0052.html . Thanks to Marek Majkowski for writing and sending the patch.
- --packet-trace now reports IP and TCP options, if any. Thanks to Zhao Lei for the patch.
- Added the --open option, which causes Nmap to show only open ports. Ports in the states "open|closed" and "unfiltered" might be open, so those are shown unless the host has an overwhelming number of them.
- Upgraded the included LibPCRE from version 6.4 to 6.7. Thanks to Jochen Voss (voss(a)seehuhn.de) for the suggestion (he found some bugs in 6.4)
- Added --unprivileged option, which is the opposite of --privileged. It tells Nmap to treat the user as lacking network raw socket and sniffing privileges. This is useful for testing, debugging, or when the raw network functionality of your operating system is somehow broken.
- Applied, oh, about 50 small but useful cleanup patches from Kris Katterjohn.
- Fixed a TCP sequence prediction difficulty indicator bug. The index is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD). But some systems generated ISNs so insecurely that Nmap went berserk and reported a negative difficulty index. This generally only affects some printers, crappy cable modems, and Microsoft Windows (old versions). Thanks to Sebastian Garcia for helping me track down the problem.
- Fixed (I hope) the "getinterfaces: intf_loop() failed" error which was seen on Windows Vista. The problem was apparently in intf-win32.c of libdnet (need to define MIB_IF_TYPE_MAX to MAX_IF_TYPE rather than 32). Thanks to Dan Griffin (dan(a)jwsecure.com) for tracking this down! If anyone still has trouble running Nmap on Vista, please let us know.
- NmapFE now uses a spin button for verbosity and debugging options so that you can specify whatever verbosity (-v) or debugging (-d) level you desire. The --randomize-hosts option was also added to NmapFE. Thanks to Kris Katterjohn for the patches.
- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE (http://standards.ieee.org/regauth/oui/oui.txt), and also added various unregistered virtual NIC prefixes used by virtualization systems such as QEMU, Bochs, PearPC, and Cooperative Linux.
- Integrated all 2nd quarter service detection fingerprint submissions. Please keep them coming! We now have 3,671 signatures representing 415 protocols. Thanks to version detection czar Doug Hoyte for doing this.
- Nmap now uses the (relatively) new libpcap pcap_get_selectable_fd API on systems which support it. This means that we no longer need to hack the included Pcap to better support Linux. So Nmap will now link with an existing system libpcap by default on that platform if one is detected. Thanks to Doug Hoyte for the patch.
- Updated the included libpcap from 0.9.3 to 0.9.4. The changes I made are in libpcap/NMAP_MODIFICATIONS . By default, Nmap will now use the included libpcap unless version 0.9.4 or greater is already installed on the system.
- Fixed a bug which would occasionally cause Nmap to crash with the message "log_vwrite: write buffer not large enough".
- Nmap now provides progress statistics in the XML output in verbose mode. Here are some examples of the format (etc is "estimated time until completion) and times are in UNIX time_t (seconds since 1970) format. Angle braces have been replaced by square braces:
[taskbegin task="SYN Stealth Scan" time="1151384685" /]
[taskprogress task="SYN Stealth Scan" time="1151384715" percent="13.85" remaining="187" etc="1151384902" /]
[taskend task="SYN Stealth Scan" time="1151384776" /]
[taskbegin task="Service scan" time="1151384776" /]
[taskend task="Service scan" time="1151384788" /]
Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.
- Updated the Windows installer to give an option checkbox for performing the Nmap performance registry changes. The default is to do so. Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.
- Added --release-memory option, which causes Nmap to release all accessible memory buffers before quitting (rather than let the OS do it). This is only useful for debugging memory leaks.
- Nmap no longer gets random numbers from OpenSSL when it is available because that turned out to be slower than Nmap's other methods (e.g. /dev/urandom on Linux, /dev/arandom on OpenBSD, etc.). Thanks to Marek Majkowski for reporting the problem.
- Dozens of bug fixes and some performance enhancements of various sorts.
- The man page has been updated to reflect all of these changes. See http://insecure.org/nmap/man/
As usual, I can't hog all the credit for this release. Many people contributed in substantial ways. For their contributions since 4.11, I would particularly like to thank Adam Vartanian, Adriano Monteiro, Brandon Enright, Christophe Thil, Cole Nevins, Craig Humphrey, Christophe Thil, Dan Griffin, Diman Todorov, Doug Hoyte, Douglas Calvert, Eddie Bell, Iron Reflex, Jochen Voss, Jon Passki, Julien Delange, Justin Knox, Kurt Grutzmacher, Kris Katterjohn, KX, Marek Majkowski, Michal Luczaj, Mike Crabtree, Robert Millan, Sebastian Garcia, Sina Bahram, Steve Christensen, Thomas Buchana, Tibor Csogor, and Zhao Lei
We're now heading into another development cycle. The next big feature we're looking at is a scripting engine which allows you to execute network and vulnerability discovery scripts in parallel against target systems. You can learn more about the Nmap Scripting Engine at http://insecure.org/nmap/nse/ , or join the development list to actually test it out. We're also looking at potentially replacing NmapFE with the cross-platform UMIT GUI (http://umitproject.blogspot.com/).