Slashdot Mirror
Nmap 5.20 Released
ruphus13 writes "Nmap has a new release out, and it's a major one. It includes a GUI front-end called Zenmap, and, according to the post, 'Network admins will no doubt be excited to learn that Nmap is now ready to identify Snow Leopard systems, Android Linux smartphones, and Chumbies, among other OSes that Nmap can now identify. This release also brings an additional 31 Nmap Scripting Engine scripts, bringing the total collection up to 80 pre-written scripts for Nmap. The scripts include X11 access checks to see if X.org on a system allows remote access, a script to retrieve and print an SSL certificate, and a script designed to see whether a host is serving malware. Nmap also comes with netcat and Ndiff. Source code and binaries are available from the Nmap site, including RPMs for x86 and x86_64 systems, and binaries for Windows and Mac OS X. '"
If I remember correctly, Zenmap was already the default GUI for Nmap from the 4.x series.
But happy with a new version nonetheless :)
I wonder if they'll feather -this- in movies...
A few years ago, while browsing around the library downtown, I
had to take a piss. As I entered the john a big beautiful all-American
football hero type, about twenty-five, came out of one of the booths.
I stood at the urinal looking at him out of the corner of my eye as he
washed his hands. He didn't once look at me. He was "straight" and
married - and in any case I was sure I wouldn't have a chance with
him.
As soon as he left I darted into the booth he'd vacated,
hoping there might be a lingering smell of shit and even a seat still
warm from his sturdy young ass. I found not only the smell but the
shit itself. He'd forgotten to flush. And what a treasure he had left
behind. Three or four beautiful specimens floated in the bowl. It
apparently had been a fairly dry, constipated shit, for all were fat,
stiff, and ruggedly textured. The real prize was a great feast of turd
- a nine inch gastrointestinal triumph as thick as a man's wrist.
I knelt before the bowl, inhaling the rich brown fragrance and
wondered if I should obey the impulse building up inside me. I'd
always been a heavy rimmer and had lapped up more than one little
clump of shit, but that had been just an inevitable part of eating ass
and not an end in itself. Of course I'd had jerk-off fantasies of
devouring great loads of it (what rimmer hasn't), but I had never done
it. Now, here I was, confronted with the most beautiful five-pound
turd I'd ever feasted my eyes on, a sausage fit to star in any fantasy
and one I knew to have been hatched from the asshole of the world's
handsomest young stud.
Why not? I plucked it from the bowl, holding it with both
hands to keep it from breaking. I lifted it to my nose. It smelled
like rich, ripe limburger (horrid, but thrilling), yet had the
consistency of cheddar. What is cheese anyway but milk turning to shit
without the benefit of a digestive tract?
I gave it a lick and found that it tasted better then it
smelled. I've found since then that shit nearly almost does.
I hesitated no longer. I shoved the fucking thing as far into
my mouth as I could get it and sucked on it like a big brown cock,
beating my meat like a madman. I wanted to completely engulf it and
bit off a large chunk, flooding my mouth with the intense, bittersweet
flavor. To my delight I found that while the water in the bowl had
chilled the outside of the turd, it was still warm inside. As I chewed
I discovered that it was filled with hard little bits of something I
soon identified as peanuts. He hadn't chewed them carefully and they'd
passed through his body virtually unchanged. I ate it greedily,
sending lump after peanutty lump sliding scratchily down my throat. My
only regret was the donor of this feast wasn't there to wash it down
with his piss.
I soon reached a terrific climax. I caught my cum in the
cupped palm of my hand and drank it down. Believe me, there is no more
delightful combination of flavors than the hot sweetness of cum with
the rich bitterness of shit.
Afterwards I was sorry that I hadn't made it last longer. But
then I realized that I still had a lot of fun in store for me. There
was still a clutch of virile turds left in the bowl. I tenderly fished
them out, rolled them into my handkerchief, and stashed them in my
briefcase. In the week to come I found all kinds of ways to eat the
shit without bolting it right down. Once eaten it's gone forever
unless you want to filch it third hand out of your own asshole. Not an
unreasonable recourse in moments of desperation or simple boredom.
I stored the turds in the refrigerator when I was not using
them but within a week they were all gone. The last one I held in my
mouth without chewing, letting it slowly dissolve. I had liquid shit
trickling down my throat for nearly four hours. I must have had six
orgasms in the process.
I often think of that lovely young guy dropping solid gold out
of his sweet, pink asshole every day, never knowing what joy it could,
and at least once did, bring to a grateful shiteater.
In honor of this release, I think I will make a donation to the OpenBSD project.
...because he HAX.
5.20 was released 4 days ago. Of note, Nmap 5.21 is already going to be released within 7 days due to some bugs. That's news! Also Zenmap has been stable since September 2008 and its first inception was released in a dev build in July 2007. Not news!
what would be the purpose of printing an sl cert? it has been a long time since i'e used nmap an now i'm cuirious to see the gui. thanks for the post.
Namaste
Great to hear of this new update. And about the new GUI, is it going to include some cheesy, bizarre movie effects like annoying sounds and red "Hack this website" buttons?
Does somebody want to say what it is?
Theres a nice little intro to nmap over at 360, where they award it #1 on their list of top security tools. Its a good starting point for those who wonder what the fuss is about. AG
The dirty secret that people won't admit to about nmap, here it is:
Nmap, which is supposedly used by network admins to check their defenses, is used far more widely by hackers and scriptkiddies to attack and compromise systems.
The first steps in any hack attempt is to determine the following;
a) what OS, device, browser, software, or services you are using
b) what ports you have open, which can also indicate what services can be exploited
c) what exploits work for your platform, 0-day are almost always guaranteed to work, older hacks are hit and miss, but a majority of people don't really care about patching or security so most of them work, even older patched ones
d) preparing and delivering a payload of arbitrary code to commit some nefarious succession of tasks on your machine
Nmap fulfills the needs for the first two steps and helps make the third and fourth possible. How it does this is it fingerprints your system by looking for messages programmers leave in headers or responses from software, or for a common reaction to a certain request that is formed in a certain way uniquely on different platforms and software.
For example, Apache and ISS web servers both report their brand, version, build number, and sometimes even their plugins when asked. If you know that version XX.XX of a service or software that is running on a remote machine is susceptible to exploit by viruses or exploit code ironically provided by "security researchers" and "security experts" who's goals are to protect people and businesses, they you can most likely break in and deliver your payload fairly easily. It doesn't help that hosting services like GoDaddy are both overwhelmed and incompetent and do not keep their software up to date, but reporting back your version is in my opinion the largest flaw of them all. But, even if they didn't report back a version, if you configured them not to which is possible to do, it might still be possible to identify quirks in the way they form responses. Maybe Apache throws an extra return carriage at the end of a certain header or response that other webservers don't, and that can be used to identify it for example. Or, a new version of IIS X.XX happens to respond on a certain port that it didn't in previous versions, or hosts a new plugin only available on that newer or an older version which is no longer available in the new version, and when it so kindly tells you which plugins its running remotely you can determine which brand and version they have.
Likewise, this goes beyond just hacking web servers, web browsers report a vast array of details about your OS, browser, platform, etc in its header response every single time you load a resource or webpage on a web site. For that nmap isn't required, javascript can needle its way in unless you use noscript and do not trust any websites. Where nmap gets scary for the average consumer, besides allowing hackers to turn their machines into zombies or stealing your credit card and password information by slipping keyloggers and worms into your machine, is when they start identifying your cell phone as the latest version of nmap now allows. When they can pick out your android smartphone and slip an exploit in to listen to phone calls, voicemails, steal your phone book, and other nefarious procedures it gets plain creepy.
Anyways, nmap is a useful tool both for and against hacking, but it is used more fruitfully by the hackers than the security experts. And, in most cases, the security experts are actually guiding and providing the exploits necessary for the hackers to do what they do. That is the dirty secret.
Hope that helps.
Haven't tried this version yet, but recent builds have some nice traceroute functionality-- very fast, and more informative when hosts along the route don't answer ICMP:
nmap -T4 -p80 -PN --traceroute $DEST_HOST
(This needs to be run with root privileges).
Nmap rules.
Maybe they were thinking of this from fyodor's announcment: [Zenmap] After performing or loading a scan, you can now filter results to just the hosts you are interested in by pressing Ctrl+L (or the "Filter Hosts" button) to open the host filtering interface.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun