Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Software-update: Nmap 6.40

Nmap is een programma voor het verkennen en controleren van een netwerk. Het is ontworpen om zonder vertragingen een groot netwerk te scannen en werkt ook zonder problemen op een enkele host. Het programma maakt gebruik van 'raw ip packets' om actieve hosts en informatie over de beschikbare services te achterhalen. Meer informatie over de mogelijkheden is te vinden op deze pagina. De ontwikkelaars hebben versie 6.40 uitgebracht, voorzien van de volgende aankondiging op de mailinglijst:

Nmap 6.40 Released! New scripts, new signatures​, better performanc​e!

Hi Folks.

It has been a while since the last stable Nmap release, but I'm pleased to release Nmap 6.40 and I think you'll consider it worth the wait! It includes 14 new NSE scripts, hundreds of new OS and service detection signatures, a new --lua-exec feature for scripting Ncat, initial support for NSE and version scanning through a chain of proxies, improved target specification, many performance enhancements and bug fixes, and much more! So many improvements, in fact, that our source code repository recently reached revision number 31337! In addition to our normal developers, this release showcases the efforts of our 3 Google Summer of Code students who have all been doing great work since June. Congratulations George, Jacek, and Yang!

Nmap 6.40 source code and binary packages for Linux, Windows, and Mac are available for free download from:

If you find any bugs, please let us know on the Nmap dev list as described at Here are the most important changes since 6.25:
  • [Ncat] Added --lua-exec. This feature is basically the equivalent of 'ncat --sh-exec "lua "' and allows you to run Lua scripts with Ncat, redirecting all stdin and stdout operations to the socket connection. See
  • Integrated all of your IPv4 OS fingerprint submissions since January (1,300 of them). Added 91 fingerprints, bringing the new total to 4,118. Additions include Linux 3.7, iOS 6.1, OpenBSD 5.3, AIX 7.1, and more. Many existing fingerprints were improved. Highlights:
  • Integrated all of your service/version detection fingerprints submitted since January (737 of them)! Our signature count jumped by 273 to 8,979. We still detect 897 protocols, from extremely popular ones like http, ssh, smtp and imap to the more obscure airdroid, gopher-proxy, and enemyterritory. Highlights:
  • Integrated your latest IPv6 OS submissions and corrections. We're still low on IPv6 fingerprints, so please scan any IPv6 systems you own or administer and submit them to Both new fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap guesses wrong) are useful.
  • [Nsock] Added initial proxy support to Nsock. Nmap version detection and NSE can now establish TCP connections through chains of one or more CONNECT or SOCKS4 proxies. Use the Nmap --proxies option with a chain of one or more proxies as the argument (example: http://localhost:8080,socks4:// Note that only version detection and NSE are supported so far (no port scanning or host discovery), and there are other limitations described in the man page.
  • [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 446. They are all listed at, and the summaries are below (authors are listed in brackets):
    • hostmap-ip2hosts finds hostnames that resolve to the target's IP address by querying the online database at (uses Bing search results)
    • http-adobe-coldfusion-apsa1301 attempts to exploit an authentication bypass vulnerability in Adobe Coldfusion servers (APSA13-01: to retrieve a valid administrator's session cookie.
    • http-coldfusion-subzero attempts to retrieve version, absolute path of administration panel and the file '' from vulnerable installations of ColdFusion 9 and 10.
    • http-comments-displayer extracts and outputs HTML and JavaScript comments from HTTP responses.
    • http-fileupload-exploiter exploits insecure file upload forms in web applications using various techniques like changing the Content-type header or creating valid image files containing the payload in the comment.
    • http-phpmyadmin-dir-traversal exploits a directory traversal vulnerability in phpMyAdmin 2.6.4-pl1 (and possibly other versions) to retrieve remote files on the web server.
    • http-stored-xss posts specially crafted strings to every form it encounters and then searches through the website for those strings to determine whether the payloads were successful.
    • http-vuln-cve2013-0156 detects Ruby on Rails servers vulnerable to object injection, remote command executions and denial of service attacks. (CVE-2013-0156)
    • ike-version obtains information (such as vendor and device type where available) from an IKE service by sending four packets to the host. This scripts tests with both Main and Aggressive Mode and sends multiple transforms per request.
    • murmur-version detects the Murmur service (server for the Mumble voice communication client) versions 1.2.X.
    • mysql-enum performs valid-user enumeration against MySQL server using a bug discovered and published by Kingcope (
    • teamspeak2-version detects the TeamSpeak 2 voice communication server and attempts to determine version and configuration information.
    • ventrilo-info detects the Ventrilo voice communication server service versions 2.1.2 and above and tries to determine version and configuration information.
  • Updated the Nmap license agreement to close some loopholes and stop some abusers. It's particularly targeted at companies which distribute malware-laden Nmap installers as we caught doing last year-- The updated license is in the all the normal places, including
  • [NSE] Oops, there was a vulnerability in one of our 437 NSE scripts. If you ran the (fortunately non-default) http-domino-enum-passwords script with the (fortunately also non-default) domino-enum-passwords.idpath parameter against a malicious server, it could cause an arbitrarily named file to to be written to the client system. Thanks to Trustwave researcher Piotr Duszynski for discovering and reporting the problem. We've fixed that script, and also updated several other scripts to use a new stdnse.filename_escape function for extra safety. This breaks our record of never having a vulnerability in the 16 years that Nmap has existed, but that's still a fairly good run!
  • Unicast CIDR-style IPv6 range scanning is now supported, so you can specify targets such as Obviously it will take ages if you specify a huge space. For example, a /64 contains 18,446,744,073,709,551,616 addresses.
  • It's now possible to mix IPv4 range notation with CIDR netmasks in target specifications. For example, 192.168-170.4-100,200.5/16 is effectively the same as 192.168.168-170.0-255.0-255.
  • Timeout script-args are now standardized to use the timespec that Nmap's command-line arguments take (5s, 5000ms, 1h, etc.). Some scripts that previously took an integer number of milliseconds will now treat that as a number of seconds if not explicitly denoted as ms.
  • Nmap may now partially rearrange its target list for more efficient host groups. Previously, a single target with a different interface, or with an IP address the same as a that of a target already in the group, would cause the group to be broken off at whatever size it was. Now, we buffer a small number of such targets, and keep looking through the input for more targets to fill out the current group.
  • [Ncat] The -i option (idle timeout) now works in listen mode as well as connect mode.
  • [Ncat] Ncat now support chained certificates with the --ssl-cert option.
  • [Nping] Nping now checks for a matching ICMP ID on echo replies, to avoid receiving crosstalk from other ping programs running at the same time.
  • [NSE] The ipOps.isPrivate library now considers the deprecated site-local prefix fec0::/10 to be private.
  • Nmap's routing table is now sorted first by netmask, then by metric. Previously it was the other way around, which could cause a very general route with a low metric to be preferred over a specific route with a higher metric.
  • Routes are now sorted to prefer those with a lower metric. Retrieval of metrics is supported only on Linux and Windows.
  • Fixed a byte-ordering problem on little-endian architectures when doing idle scan with a zombie that uses broken ID increments.
  • Stop parsing TCP options after reaching EOL in libnetutil. Bug reported by Gustavo Moreira.
  • [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for a network mask. Based on a patch by Indula Nayanamith.
  • [Ncat] Reduced the default --max-conns limit from 100 to 60 on Windows, to stay within platform limitations. Suggested by Andrey Olkhin.
  • Fixed IPv6 routing table alignment on NetBSD.
  • Fixed our NSEDoc system so the author field uses UTF-8 and we can spell people's name properly, even if they use crazy non-ASCII characters like Marin Maržić.
  • UDP protocol payloads were added for detecting the Murmer service (a server for the Mumble voice communication client) and TeamSpeak 2 VoIP software.
  • [NSE] Added http-phpmyadmin-dir-traversal by Alexey Meshcheryakov.
  • Updated libdnet to not SIOCIFNETMASK before SIOCIFADDR on OpenBSD. This was reported to break on -current as of May 2013.
  • Fixed address matching for SCTP (-PY) ping.
  • Removed some non-ANSI-C strftime format strings ("%F") and locale-dependent formats ("%c") from NSE scripts and libraries. C99-specified %F was noticed by Alex Weber.
  • [Zenmap] Improved internationalization support:
    • Added Polish translation by Jacek Wielemborek.
    • Updated the Italian translation.
  • [Zenmap] Fixed internationalization files. Running in a language other than the default English would result in the error "ValueError: too many values to unpack".
  • [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
  • [Nsock] Added a minimal regression test suite for Nsock.
  • [NSE] Updated the redis-brute and redis-info scripts to work against the latest versions of redis server.
  • [Ncat] Fixed errors in connecting to IPv6 proxies.
  • [NSE] Updated hostmap-bfk to work with the latest version of their website (
  • [NSE] Added XML structured output support to:
    • xmpp-info, irc-info, sslv2, address-info
    • hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
    • http-git.nse.
  • Added new service probes for:
    • Erlang distribution nodes
    • Minecraft servers.
    • Hazelcast data grid.
  • [NSE] Rewrote telnet-brute for better compatibility with a variety of telnet servers.
  • Fixed a regression that changed the number of delimiters in machine output.
  • Fixed a regression in broadcast-dropbox-listener which prevented it from producing output.
  • Handle ICMP type 11 (Time Exceeded) responses to port scan probes. Ports will be reported as "filtered", to be consistent with existing Connect scan results, and will have a reason of time-exceeded. DiabloHorn reported this issue via IRC.
  • Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and changed output of some of the decoders slightly.
  • The list of name servers on Windows now ignores those from inactive interfaces.
  • Namespace the pipes used to communicate with subprocesses by PID, to avoid multiple instances of Ncat from interfering with each other.
  • [NSE] Changed ip-geolocation-geoplugin to use the web service's new output format. Reported by Robin Wood.
  • Limited the number of open sockets in ultra_scan to FD_SETSIZE. Very fast connect scans could write past the end of an fd_set and cause a variety of crashes:
    nmap: bool ConnectScanInfo::clearSD(int): Assertion `numSDs > 0' failed.
    select failed in do_one_select_round(): Bad file descriptor (9)
  • Fixed a bug that prevented Nmap from finding any interfaces when one of them had the type ARP_HDR_APPLETALK; this was the case for AppleTalk interfaces. However, This support is not complete since AppleTalk interfaces use different size hardware addresses than Ethernet. Nmap IP level scans should work without any problem, please refer to the '--send-ip' switch and to the following thread: This bug was reported by Steven Gregory Johnson.
  • [Nping] Nping on Windows now skips localhost targets for privileged pings on (with an error message) because those generally don't work.
  • [Ncat] Ncat now keeps running in connect mode after receiving EOF from the remote socket, unless --recv-only is in effect.
  • Packet trace of ICMP packets now include the ICMP ID and sequence number by default.
  • [NSE] Fixed various NSEDoc bugs found by David Matousek.
  • [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED environment variables.
  • Added an ncat_assert macro. This is similar to assert(), but remains even if NDEBUG is defined. Replaced all Ncat asserts with this. We also moved operation with side effects outside of asserts as yet another layer of bug-prevention
  • Added nmap-fo.xsl, contributed by Tilik Ammon. This converts Nmap XML into XSL-FO, which can be converted into PDF using tools suck as Apache FOP.
  • Increased the number of slack file descriptors not used during connect scan. Previously, the calculation did not consider the descriptors used by various open log files. Connect scans using a lot of sockets could fail with the message "Socket creation in sendConnectScanProbe: Too many open files".
  • Changed the --webxml XSL stylesheet to point to the new location of nmap.xsl in the new repository ( It still may not work in web browsers due to same origin policy (see
  • [NSE] The vulnerability library can now preserve vulnerability information across multiple ports of the same host. The bug was reported by iphelix.
  • Removed the undocumented -q option, which renamed the nmap process to something like "pine".
  • Moved the Japanese man page from man1/jp to man1/ja. JP is a country code while JA is a language code. Reported by Christian Neukirchen.
  • [Nsock] Reworked the logging infrastructure to make it more flexible and consistent. Updated Nmap, Nping and Ncat accordingly. Nsock log level can now be adjusted at runtime by pressing d/D in nmap.
  • [NSE] Fixed scripts using unconnected UDP sockets. The bug was reported by Dhiru Kholia at
  • Made some changes to Ndiff to reduce parsing time when dealing with large Nmap XML output files.
  • Clean up the source code a bit to resolve some false positive issues identified by the Parfait static code analysis program. Oracle apparently runs this on programs (including Nmap) that they ship with Solaris. See
  • [Zenmap] Fixed a crash that could be caused by opening the About dialog, using the window manager to close it, and opening it again. This was reported by Yashartha Chaturvedi and Jordan Schroeder.
  • [Ncat] Made exit with nonzero status if any tests fail. This in turn causes "make check" to fail if any tests fail.
  • Fixed compilation with --without-liblua. The bug was reported by Rick Farina, Nikos Chantziaras, and Alex Turbov.
  • Fixed CRC32c calculation (as used in SCTP scans) on 64-bit platforms.
  • [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
  • [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3, SquirrelMail, RoundCube.
Enjoy the new release!

Versienummer 6.40
Releasestatus Final
Besturingssystemen Windows 7, Linux, BSD, Windows XP, macOS, Solaris, UNIX, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2012, Windows 8
Website Nmap
Licentietype GPL

Door Japke Rosink


27-08-2013 • 08:45

1 Linkedin Google+

Bron: Nmap


Meer historie

Reacties (1)

Wijzig sortering
super applicatie! Gebruikte het 'vroeger' altijd in linux, nu ook al zeer lange tijd onder windows.

Is het nu nog steeds zo dat dit soort applicaties 'illegaal' zijn in Duitsland?

Op dit item kan niet meer gereageerd worden.

Apple iPhone 11 Nintendo Switch Lite LG OLED C9 Google Pixel 4 FIFA 20 Samsung Galaxy S10 Sony PlayStation 5 Elektrische auto

'14 '15 '16 '17 2018

Tweakers vormt samen met Hardware Info, AutoTrack,, Nationale Vacaturebank, Intermediair en Independer DPG Online Services B.V.
Alle rechten voorbehouden © 1998 - 2019 Hosting door True