Nmap 6/7 Released

отредактировано августа 2017 Раздел: Новости и объявления

Nmap 6 Released

May 21, 2012—The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade.
Тэги темы:


  • отредактировано августа 2017 PM
    поиск с помощью nmap активности Conficker-а
    2. Сканирование компьютеров с использованием готовой маски из комплекта последней версии nmap:
    nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1
  • отредактировано августа 2017 PM
    поиск уязвимости CVE-2017-0143 (ETERNALBLUE) в системе. (nmap v7.50)
    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
    nmap -p445 --script smb-vuln-ms17-010 <target>
  • отредактировано августа 2017 PM
    Вышел Nmap 7.60! Поддержка SSH, усовершенствования SMB2 / SMB3, еще 14 скриптов, новый Npcap, работа GSoC и многое другое

    From: Fyodor <fyodor () nmap org>
    Date: Tue, 1 Aug 2017 15:26:58 -0700
    Hello everyone. I'm back from Defcon and excited to announce the new Nmap
    7.60 release! It has only been a month and a half since 7.50, but we still
    packed a lot into this one. Mostly because we have such an awesome GSoC
    team of 8 students and mentors working on so many cool projects. The
    program hasn't even ended yet, but much of their work has already been
    integrated into this release.

    One of the things I'm most excited about is ssh support. Nmap scripts can
    now perform brute force SSH password cracking, query servers about what
    auth methods and public keys they accept, and even log in using known or
    discovered credentials to execute arbitrary commands. We're including four
    scripts to start out with, and it opens the door to many more future
    capabilities! This was the product of three summers of GSoC students
    building on each other's work until we finally have something portable
    (works on Linux, Windows, Mac, etc.) and reliable enough to include. Mad
    props to the students Devin Bjelland (2014), Sergey Khegay (2016), and
    Evangelos Deirmentzoglou (2017) as well as their mentors Patrick Donnelly
    and Fotis "Ithilgore" Hantzis!

    Oh, we also have 14 (!) new NSE scripts, and a bunch of great SMB2/SMB3
    improvements by Paulino Calderon. This release also includes our new Npcap
    0.93 which resolves an issue where the Microsoft Windows 10 Creators Update
    was breaking Npcap and impairing Nmap functionality. There's a lot more,
    so I'll end this email with the full list.

    Вот полный список существенных изменений с момента появления Nmap 7.50:
    • [Windows] Updated the bundled Npcap from 0.91 to 0.93, fixing several
    issues with installation and compatibility with the Windows 10 Creators

    • [NSE][GH#910] NSE scripts now have complete SSH support via libssh2,
    including password brute-forcing and running remote commands, thanks to the
    combined efforts of three Summer of Code students: [Devin Bjelland, Sergey
    Khegay, Evangelos Deirmentzoglou]

    • [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 579!
    They are all listed at https://nmap.org/nsedoc/, and the summaries are

    - ftp-syst sends SYST and STAT commands to FTP servers to get system
    version and connection information. [Daniel Miller]
    - [GH#916] http-vuln-cve2017-8917 checks for an SQL injection
    vulnerability affecting Joomla! 3.7.x before 3.7.1. [Wong Wai Tuck]
    - iec-identify probes for the IEC 60870-5-104 SCADA protocol. [Aleksandr
    Timorin, Daniel Miller]
    - [GH#915] openwebnet-discovery retrieves device identifying information
    and number of connected devices running on openwebnet protocol. [Rewanth
    - puppet-naivesigning checks for a misconfiguration in the Puppet CA
    where naive signing is enabled, allowing for any CSR to be automatically
    signed. [Wong Wai Tuck]
    - [GH#943] smb-protocols discovers if a server supports dialects NT LM
    0.12 (SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11. This replaces the old
    smbv2-enabled script. [Paulino Calderon]
    - [GH#943] smb2-capabilities lists the supported capabilities of
    SMB2/SMB3 servers. [Paulino Calderon]
    - [GH#943] smb2-time determines the current date and boot date of SMB2
    servers. [Paulino Calderon]
    - [GH#943] smb2-security-mode determines the message signing
    configuration of SMB2/SMB3 servers. [Paulino Calderon]
    - [GH#943] smb2-vuln-uptime attempts to discover missing critical
    patches in Microsoft Windows systems based on the SMB2 server uptime.
    [Paulino Calderon]
    - ssh-auth-methods lists the authentication methods offered by an SSH
    server. [Devin Bjelland]
    - ssh-brute performs brute-forcing of SSH password credentials. [Devin
    - ssh-publickey-acceptance checks public or private keys to see if they
    could be used to log in to a target. A list of known-compromised key pairs
    is included and checked by default. [Devin Bjelland]
    - ssh-run uses user-provided credentials to run commands on targets via
    SSH. [Devin Bjelland]

    • [NSE] Removed smbv2-enabled, which was incompatible with the new SMBv2/3
    improvements. It was fully replaced by the smb-protocols script.

    • [Ncat][GH#446] Added Datagram TLS (DTLS) support to Ncat in connect
    (client) mode with --udp --ssl. Also added Application Layer Protocol
    Negotiation (ALPN) support with the --ssl-alpn option. [Denis Andzakovic,
    Daniel Miller]

    • Updated the default ciphers list for Ncat and the secure ciphers list for
    Nsock to use "!aNULL:!eNULL" instead of "!ADH". With the addition of ECDH
    ciphersuites, anonymous ECDH suites were being allowed. [Daniel Miller]

    • [NSE][GH#930] Fix ndmp-version and ndmp-fs-info when scanning Veritas
    Backup Exec Agent 15 or 16. [Andrew Orr]

    • [NSE][GH#943] Added new SMB2/3 library and related scripts. [Paulino

    • [NSE][GH#950] Added wildcard detection to dns-brute. Only hostnames that
    resolve to unique addresses will be listed. [Aaron Heesakkers]

    • [NSE] FTP scripts like ftp-anon and ftp-brute now correctly handle
    TLS-protected FTP services and use STARTTLS when necessary. [Daniel Miller]

    • [NSE][GH#936] Function url.escape no longer encodes so-called
    "unreserved" characters, including hyphen, period, underscore, and tilde,
    as per RFC 3986. [nnposter]

    • [NSE][GH#935] Function http.pipeline_go no longer assumes that persistent
    connections are supported on HTTP 1.0 target (unless the target explicitly
    declares otherwise), as per RFC 7230. [nnposter]

    • [NSE][GH#934] The HTTP response object has a new member, version, which
    contains the HTTP protocol version string returned by the server, e.g.
    "1.0". [nnposter]

    • [NSE][GH#938] Fix handling of the objectSID Active Directory attribute by
    ldap.lua. [Tom Sellers]

    • [NSE] Fix line endings in the list of Oracle SIDs used by
    oracle-sid-brute. Carriage Return characters were being sent in the
    connection packets, likely resulting in failure of the script. [Anant

    • [NSE][GH#141] http-useragent-checker now checks for changes in HTTP
    status (usually 403 Forbidden) in addition to redirects to indicate
    forbidden User Agents. [Gyanendra Mishra]

    Enjoy this new release and please do let us know if you find any problems!
    Download link: https://nmap.org/download.html


  • отредактировано марта 2018 PM
    Nmap 7.70 [2018-03-20]
    [Windows] Updated the bundled Npcap from 0.93 to 0.99-r2, with many stability fixes and installation improvements, as well as fixes to raw 802.11 frame capture. See https://nmap.org/npcap/changelog
    Integrated all of your service/version detection fingerprints submitted from March 2017 to August 2017 (728 of them). The signature count went up 1.02% to 11,672, including 26 new softmatches. We now detect 1224 protocols from filenet-pch, lscp, and netassistant to sharp-remote, urbackup, and watchguard. We will try to integrate the remaining submissions in the next release.

    Integrated all of your IPv4 OS fingerprint submissions from September 2016 to August 2017 (667 of them). Added 298 fingerprints, bringing the new total to 5,652. Additions include iOS 11, macOS Sierra, Linux 4.14, Android 7, and more.
    Integrated all 33 of your IPv6 OS fingerprint submissions from September 2016 to August 2017. New groups for OpenBSD 6.0 and FreeBSD 11.0 were added, as well as strengthened groups for Linux and OS X.

    Added the --resolve-all option to resolve and scan all IP addresses of a host. This essentially replaces the resolveall NSE script. [Daniel Miller]

    [NSE][SECURITY] Nmap developer nnposter found a security flaw (directory traversal vulnerability) in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script with against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. Existing files couldn't be overwritten. We fixed http-fetch, audited our other scripts to ensure they didn't make this mistake, and we updated the httpspider library API to protect against this by default. [nnposter, Daniel Miller]

    [NSE] Added 9 NSE scripts, from 8 authors, bringing the total up to 588! They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

    deluge-rpc-brute performs brute-force credential testing against Deluge BitTorrent RPC services, using the new zlib library. [Claudiu Perta]
    hostmap-crtsh lists subdomains by querying Google's Certificate Transparency logs. [Paulino Calderon]
    [GH#892] http-bigip-cookie decodes unencrypted F5 BIG-IP cookies and reports back the IP address and port of the actual server behind the load-balancer. [Seth Jackson]
    http-jsonp-detection Attempts to discover JSONP endpoints in web servers. JSONP endpoints can be used to bypass Same-origin Policy restrictions in web browsers. [Vinamra Bhatia]
    http-trane-info obtains information from Trane Tracer SC controllers and connected HVAC devices. [Pedro Joaquin]
    [GH#609] nbd-info uses the new nbd.lua library to query Network Block Devices for protocol and file export information. [Mak Kolybabi]
    rsa-vuln-roca checks for RSA keys generated by Infineon TPMs vulnerable to Return Of Coppersmith Attack (ROCA) (CVE-2017-15361). Checks SSH and TLS services. [Daniel Miller]
    [GH#987] smb-enum-services retrieves the list of services running on a remote Windows machine. Modern Windows systems requires a privileged domain account in order to list the services. [Rewanth Cool]
    tls-alpn checks TLS servers for Application Layer Protocol Negotiation (ALPN) support and reports supported protocols. ALPN largely replaces NPN, which tls-nextprotoneg was written for. [Daniel Miller]

  • Nmap 7.80 [2019-08-10]
    [Windows] The Npcap Windows packet capturing library (https://npcap.org/) is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all of these changes from the last 15 Npcap releases: https://nmap.org/npcap/changelog

    [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598! They are all listed at https://nmap.org/nsedoc/,


  • отредактировано ноября 2020 PM
    Nmap 7.90 Released! First release since August 2019. From: Gordon Fyodor Lyon <fyodor () nmap org>
    Date: Sat, 3 Oct 2020 13:48:42 -0700
    [Windows] Upgraded Npcap, our Windows packet capturing (and sending) library to the milestone 1.00 release! It's the culmination of 7 years of development with 170 public pre-releases. This includes dozens of performance improvements, bug fixes, and feature enhancements described at https://npcap.org/changelog.
    [Windows] Обновленный Npcap, наша библиотека для захвата (и отправки) пакетов Windows, до версии 1.00! Это кульминация 7-летней разработки со 170 общедоступными предварительными релизами. Сюда входят десятки улучшений производительности, исправлений ошибок и улучшений функций, описанных на https://npcap.org/changelog.
    • Released Npcap OEM Edition. For more than 20 years, the Nmap Project has been funded by selling licenses for companies to distribute Nmap with their products, along with commercial support. Hundreds of commercial products now use Nmap for network discovery tasks like port scanning, host discovery, OS detection, service/version detection, and of course the Nmap Scripting Engine (NSE). Until now they have just used standard Nmap, but this new OEM Edition is customized for use within other Windows software. Nmap OEM contains the OEM version of our Npcap driver, which allows for silent installation. It also removes the Zenmap GUI, which cuts the installer size by more than half. And it reports itself as Nmap OEM so customers know it's a properly licensed Nmap. See https://nmap.org/oem formore details.

    • Выпущен Npcap OEM Edition. За более чем 20 лет проект Nmap финансировались за счет продажи лицензий компаниям на распространение Nmap со своими продуктов вместе с коммерческой поддержкой. Сотни коммерческих продуктов теперь используйте Nmap для задач обнаружения сети, таких как сканирование портов, хост обнаружение, обнаружение ОС, обнаружение службы / версии и, конечно же, Nmap Scripting Engine (NSE). До сих пор они использовали только стандартный Nmap, но эта новая OEM-версия адаптирована для использования с другим программным обеспечением Windows.
    Nmap OEM содержит OEM-версию нашего драйвера Npcap, которая позволяет тихая установка. Он также удаляет графический интерфейс Zenmap, что сокращает размер установщика более чем наполовину. И он сообщает о себе как Nmap OEM, поэтому клиенты знают, что это правильно лицензированный Nmap. См. Https://nmap.org/oem для подробнее.
    Removed nmap-update. This program was intended to provide a way to update
    data files and NSE scripts, but the infrastructure was never fielded. It depended on Subversion version control and would have required maintaining separate versions of NSE scripts for compatibility.

    Удалено nmap-update. Эта программа была предназначена для обновления файлы данных и сценарии NSE, но инфраструктура так и не была развернута. Это зависело от управления версиями Subversion и требовал поддержки отдельные версии скриптов NSE для совместимости.

    полное описание изменений:
Войдите или Зарегистрируйтесь чтобы комментировать.