Nmap is een programma voor het verkennen en controleren van een netwerk. Het is ontworpen om zonder vertragingen een groot netwerk te scannen, en werkt ook zonder problemen op een enkele host. Het programma maakt gebruik van zogeheten 'raw ip packets' om actieve hosts en informatie over de beschikbare services te achterhalen. Meer informatie over de mogelijkheden is te vinden op deze pagina. De ontwikkelaars hebben weer een nieuwe bètaversie uitgebracht waarmee onder andere de OS-detectiedatabase van een grote update is voorzien. Het versienummer is vastgezet op 4.85 bèta 9 en kent de volgende lijst met veranderingen:
- Integrated all of your 1,156 of your OS detection submissions and your 50 corrections since January 8. Please keep them coming! The second generation OS detection DB has grown 14% to more than 2,000 fingerprints! That is more than we ever had with the first system. The 243 new fingerprints include Microsoft Windows 7 beta, Linux 2.6.28, and much more. See http://seclists.org/nmap-dev/2009/q2/0335.html. [David]
- [Ncat] A whole lot of work was done by David to improve SSL security and functionality:
- Ncat now does certificate domain and trust validation against trusted certificate lists if you specify --ssl-verify.
- [Ncat] To enable SSL certificate verification on systems whose default trusted certificate stores aren't easily usable by OpenSSL, we install a set of certificates extracted from Windows in the file ca-bundle.crt. The trusted contents of this file are added to whatever default trusted certificates the operating system may provide. [David]
- Ncat now automatically generates a temporary keypair and certificate in memory when you request it to act as an SSL server but you don't specify your own key using --ssl-key and --ssl-cert options. [David]
- [Ncat] In SSL mode, Ncat now always uses secure connections, meaning that it uses only good ciphers and doesn't use SSLv2. Certificates can optionally be verified with the --ssl-verify and --ssl-trustfile options. Nsock provides the option of making SSL connections that prioritize either speed or security; Ncat uses security while version detection and NSE continue to use speed. [David]
- [NSE] Added Boolean Operators for --script. You may now use ("and", "or", or "not") combined with categories, filenames, and wildcarded filenames to match a set files. Parenthetical subexpressions are allowed for precedence too. For example, you can now run:
nmap --script "(default or safe or intrusive) and not http-*" scanme.nmap.org
For more details, see http://nmap.org/book/nse-usage.html#nse-args. [Patrick]
- [Ncat] The HTTP proxy server now works on Windows too. [David]
- [Zenmap] The command wizard has been removed. The profile editor has the same capabilities with a better interface that doesn't require clicking through many screens. The profile editor now has its own "Scan" button that lets you run an edited command line immediately without saving a new profile. The profile editor now comes up showing the current command rather than being blank. [David]
- [Zenmap] Added an small animated throbber which indicates that a scan is still running (similar in concept to the one on the upper-right Firefox corner which animates while a page is loading). [David]
- Regenerate script.db to remove references to non-existent smb-check-vulns-2.nse. This caused the following error messages when people used the --script=all option: "nse_main.lua:319: smb-check-vulns-2.nse is not a file!" The script.db entries are now sorted again to make diffs easier to read. [David,Patrick]
- Fixed --script-updatedb on Windows--it was adding bogus backslashes preceding file names in the generated script.db. Reported by Michael Patrick at http://seclists.org/nmap-dev/2009/q2/0192.html, and fixed by Jah. The error message was also improved.
- The official Windows binaries are now compiled with MS Visual C++ 2008 Express Edition SP1 rather than the RTM version. We also now distribute the matching SP1 version of the MS runtime components (vcredist_x86.exe). A number of compiler warnings were fixed too. [Fyodor,David]
- Fixed a bug in the new NSE Lua core which caused it to round fractional runlevel values to the next integer. This could cause dependency problems for the smb-* scripts and others which rely on floating point runlevel values (e.g. that smb-brute at runlevel 0.5 will run before smb-system-info at the default runlevel of 1).
- The SEQ.CI OS detection test introduced in 4.85BETA4 now has some examples in nmap-os-db and has been assigned a MatchPoints value of 50. [David]
- [Ncat] When using --send-only, Ncat will now close the network connection and terminate after receiving EOF on standard input. This is useful for, say, piping a file to a remote ncat where you don't care to wait for any response. [Daniel Roethlisberger]
- [Ncat] Fix hostname resolution on BSD systems where a recently fixed libc bug caused getaddrinfo(3) to fail unless a socket type hint is provided. Patch originally provided by Hajimu Umemoto of FreeBSD. [Daniel Roethlisberger]
- [NSE] Fixed bug in the DNS library which caused the error message "nselib/dns.lua:54: 'for' limit must be a number". [Jah]
- Fixed Solaris 10 compilation by renaming a yield structure which conflicted with a yield function declared in unistd.h on that platform. [Pieter Bowman, Patrick]
- [Ncat] Minor code cleanup of Ncat memory allocation and string duplication calls. [Ithilgore]
- Fixed a bug which could cause -iR to only scan the first host group and then terminate prematurely. The problem related to the way hosts are counted by o.numhosts_scanned. [David]
- Fixed a bug in the su-to-zenmap.sh script so that, in the cases where it calls su, it uses the proper -c option rather than -C. [Michal Januszewski, Henry Gebhardt]
- Overhaul the NSE documentation "Usage and Examples" section and add many more examples: http://nmap.org/book/nse-usage.html [David]
- [NSE] Made hexify in nse_nsock.cc take an unsigned char * to work around an assertion in Visual C++ in Debug mode. The isprint, isalpha, etc. functions from ctype.h have an assertion that the value of the character passed in is <= 255. If you pass a character whose value is >= 128, it is cast to an unsigned int, making it a large positive number and failing the assertion. This is the same thing that was reported in http://seclists.org/nmap-dev/2007/q2/0257.html, in regard to non-ASCII characters in nmap-mac-prefixes. [David]
- [NSE] Fixed a segmentation fault which could occur in scripts which use the NSE pcap library. The problem was reported by Lionel Cons and fixed by Patrick.
- [NSE] Port script start/finish debug messages now show the target port number as well as the host/IP. [Jah]
- Updated IANA assignment IP list for random IP (-iR) generation. [Kris]
- [NSE] Fixed http.table_argument so that user-supplied HTTP headers are now properly sent in HTTP requests. [Jah]