Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nmap 5.00 Released, With Many Improvements

Posted by timothy on from the ok-now-release-another-nsfw-introduction dept.

iago-vL writes "The long-awaited Nmap Security Scanner version 5.00 was just released (download)! This marks the most important release since 1997, and is a huge step in Nmap's evolution from a simple port scanner to an all-around security and networking tool suite. Significant performance improvements were made, and dozens of scripts were added. For example, Nmap can now log into Windows and perform local checks (PDF), including Conficker detection. New tools included in 5.00 are Ncat, a modern reimplementation of Netcat (with IPv6, SSL, NAT traversal, port redirection, and more!), and Ndiff, for quickly comparing scan results. Other tools are in the works for future releases, but we're still waiting for them to add email and ftp clients so we can finally get off Emacs!"

3 of 73 comments (clear)

  1. Re:Bloat. by thefear · · Score: 5, Informative

    So nmap went from a special purpose-built tool to a suite. Frack.

    Step 1) Download the tarball
    Step 2) Compile with '--without-ndiff --without-zenmap --without-liblua --without-ncat --without-openssl' for a classic Nmap experience
    Step 3) Profit

    --
    :(
  2. Re:Keep beating that horse by insecuritiez · · Score: 5, Informative

    Full Disclosure: I am a Nmap developer.

    Despite your trollish tone, you're right that there isn't a ton of innovation coming out in just TCP port scanning. The 5.00 release has several scanning performance improvements but port scanning is still port scanning.

    But as for innovation/enterprise features:

    * OS Fingerprinting (second generation engine)
    * Graphing (via the Zenmap front-end) of the network topology
    * Service fingerprinting
    * Script engine including
        * Windows SMB/CIFS/RPC scripts
        * Windows vulnerability detection scripts
        * SQL Injection scanning script
        * Telnet/HTTP/FTP/SMB brute force scripts
        * Conficker detection script
        * A lot more
    * XML output for report generation and nice XLST file for conversion to HTML

    If you want to see AI behind OS fingerprinting, then submit a patch. I'd recommend starting with a Support Vector Machine as that has shown the most promise in developer testing.

    If you want to see a webapp front-end for scheduling of scans and report generation then start a project.

    Nmap is an open source project and despite the release wording, does not believe in bloat. Nmap isn't Nessus and never will be. If you want a client/server architecture or webapp they will be separate tools.

    I use Nmap in an enterprise environment to scan 3 /16 networks (all ports). Do you?

  3. Re:Bloat. by iago-vL · · Score: 5, Informative

    As the original poster, and the author of a dozen or more Nmap scripts, I agree 100%. If you look at the tool itself, you'll see that everything is fairly separate and independent, even if they share a common codebase -- between the scripting and the "bonus" tools, the core is still fairly tight.

    My comment at the end about the bloat + Emacs was intended 100% as humour, not actual commentary. I'm hoping nobody took it as a legitimate stab at Nmap, because it wasn't.

    --
    http://www.skullsecurity.org/blog/