Nmap 4.00 Released

NoExec writes "Hot off the nmap-hackers list comes news that the Nmap Security Scanner version 4.00 has been released. Dozens of major changes since 3.50 (2 years ago) are listed in the announcement. These include a rewritten (for speed and memory efficiency) port scanning engine, ARP scanning, a brand new man page and install guide, 'l33t ASCII art, runtime interaction, massive version detection improvements, MAC address spoofing, increased Windows performance, 500 new OS detection fingerprints, completion time estimates, and much more."

Sweet!

[daeley]

I wonder if Trinity has had a chance to try it out. ;)

Re:Sweet!

[hobbit]

Trinity is dead, you insensitve clod!

SecurityFocus Interview

[yesnoyes]

SecurityFocus just posted an excellent interview with Fyodor about the 4.00 release. Topics include speed benchmarks, version detection improvement details, the upcoming new OS detection system, and reactions to Nessus going proprietary.

Comparison to Nessus

[yesnoyes]

My favorite part of the release announcement actually relates to Nessus:

A popular open source security scanner recently went proprietary, complaining that their community never contributes much. We are sorry to hear that, but happy to report that the Nmap community is as vibrant and productive as ever! We would like to acknowledge and thank the many people who contributed ideas and/or code to this release (since 3.50). Special thanks go out to Adam Kerrison, Adam Morgan, Adriano Monteiro Marques, Alan Bishoff [ huge list goes on and on ... ]

So if Nessus can't get enough help, maybe that says more about how they run the project than their suggestion of an open source community of leeches who don't contribute back.

Re:No signed source code?

Would be nice if he signed the tarball with a pgp key.

He did. See Verifying the integrity of Nmap downloads.