Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 2 reacties
Bron: Nmap

Nmap is een programma voor het verkennen en controleren van een netwerk. Het is ontworpen om zonder vertragingen een groot netwerk te scannen en werkt ook zonder problemen op een enkele host. Het programma maakt gebruik van 'raw ip packets' om actieve hosts en informatie over de beschikbare services te achterhalen. Het wordt gebundeld met NSE, waarmee je scripts kunt gebruiken voor het detecteren van beveilingslekken, vergelijkbaar met Nessus of OpenVAS wat idee betreft, met Zenmap, waarmee een visuele topology van de gedetecteerde netwerkomgeving gegenereerd wordt, en met Ncat, waarmee je netwerkverkeer kunt onderscheppen, analyseren, aanpassen, enzovoort. Meer informatie over de mogelijkheden is te vinden op deze pagina. De ontwikkelaars hebben na verschillende bètaversies eindelijk Nmap 7.30 uitgebracht, voorzien van de volgende aankondiging op de mailinglijst:

Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc.

Hi folks! You may have noticed that we've only been releasing Nmap betas for the last 6 months because we've had so much new code and so many features to integrate thanks to hard work from both our regular team and the 5 Google Summer of Code summer interns. But we spent the last month focused on stability and I'm pleased to announce Nmap 7.30--our first stable release since 7.12 back in March.

Even though it's a stable release, we didn't limit ourselves to only including bug fixes since the last beta. We also snuck in some great new features, including 7 more NSE scripts, an improved version of Npcap (our new Windows packet capturing driver/library), new service probes and OS fingerprints, and more listed below.

Nmap 7.30 source code and binary packages for Linux, Windows, and Mac are available for free download from the usual spot.

If you find any bugs in this release, please let us know on the Nmap Dev list or bug tracker.

Here are the changes since Nmap's last beta release (Nmap's 7.25BETA2 birthday release on September 1):
  • Integrated all 12 of your IPv6 OS fingerprint submissions from June to September. No new groups, but several classifications were strengthened, especially Windows localhost and OS X.
  • [NSE] Added 7 NSE scripts, from 3 authors, bringing the total up to 541!
    • - [GH#369] coap-resources grabs the list of available resources from CoAP endpoints.
    • fox-info retrieves detailed version and configuration info from Tridium Niagara Fox services.
    • ipmi-brute performs authentication brute-forcing on IPMI services.
    • ipmi-cipher-zero checks IPMI services for Cipher Zero support, which allows connection without a password.
    • ipmi-version retrieves protocol version and authentication options from ASF-RMCP (IPMI) services.
    • [GH#352] mqtt-subscribe connects to a MQTT broker, subscribes to topics, and lists the messages received.
    • pcworx-info retrieves PLC model, firmware version, and date from Phoenix Contact PLCs.
  • Upgraded Npcap, our new Windows packet capturing driver/library, from version to 0.09 to 0.10r2. This includes many bug fixes, with a particular on emphasis on concurrency issues discovered by running hundreds of Nmap instances at a time.
  • New service probes and match lines for DTLS, IPMI-RMCP, MQTT, PCWorx, ProConOS, and Tridium Fox
  • Improved some output filtering to remove or escape carriage returns ('\r') that could allow output spoofing by overwriting portions of the screen. Issue reported by Adam Rutherford.
  • [NSE] Fixed a few bad Lua patterns that could result in denial of service due to excessive backtracking.
  • Fixed a discrepancy between the number of targets selected with -iR and the number of hosts scanned, resulting in output like "Nmap done: 1033 IP addresses" when the user specified -iR 1000.
  • Fixed a bug in port specification parsing that could cause extraneous 'T', 'U', 'S', and 'P' characters to be ignored when they should have caused an error.
  • [GH#543] Restored compatibility with LibreSSL, which was lost in adding library version checks for OpenSSL 1.1.
  • [Zenmap] Fixed a bug in the Compare Scans window of Zenmap on OS X resulting in this message instead of Ndiff output: ImportError:dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so,2): no suitable image found. Did find:/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so:mach-o, but wrong architecture Reported by Kyle Gustafson.
  • [NSE] Fixed a bug in ssl-enum-ciphers and ssl-dh-params which caused them to not output TLSv1.2 info with DHE ciphersuites or others involving ServerKeyExchange messages.
  • [NSE] Added X509v3 extension parsing to NSE's sslcert code. ssl-cert now shows the Subject Alternative Name extension; all extensions are shown in the XML output.
In addition to the changes above which haven't been in any Nmap release yet, Nmap 7.30 contains all the improvements from the 7.25BETA2 and 7.25BETA1 releases.

Enjoy this new stable release and please do let us know if you find any problems!

Cheers,
Fyodor
Versienummer:7.30
Releasestatus:Final
Besturingssystemen:Windows 7, Linux, BSD, macOS, Solaris, UNIX, Windows Server 2008, Windows Server 2012, Windows 8, Windows 10
Website:Nmap
Download:https://nmap.org/download.html
Licentietype:GPL
Moderatie-faq Wijzig weergave

Reacties (2)

Prachtig programma, volgens mij zijn er weinig scanners die zo'n uitgebreid scala aan scantechnieken en OS-detectie hebben. Wat mij betreft helemaal onsterfelijk sinds:
https://highon.coffee/img/nmap-trinity.png
8-)
Lol alleen het voorbeeld geeft nu niet echt de sterkte aan.. check of SSH open staat login SSH als root en type password in had ook prima zonder nmap gekund.
Juist wel dus ... ik miste de exploit injectie ;-)

[Reactie gewijzigd door toet-toet op 3 oktober 2016 13:48]

Op dit item kan niet meer gereageerd worden.



Nintendo Switch Google Pixel Sony PlayStation VR Samsung Galaxy S8 Apple iPhone 7 Dishonored 2 Google Android 7.x Watch_Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True