Featured News

Nmap 7.00 Released

The Nmap Project is pleased to announce theimmediate, free availability of the Nmap Security Scanner version 7.00 fromhttps://nmap.org/. It is the product of threeand a half years of work, nearly 3200 code commits, and more than a dozen pointreleases since the bigNmap 6 release in May2012. Nmap turned 18 years old in September this year and celebrates itsbirthday with 167 new NSE scripts, expanded IPv6 support, world-class SSL/TLSanalysis, and more user-requested features than ever.We recommend that all current usersupgrade. The top 6 improvements in Nmap 6 are:

• Major Nmap Scripting Engine expansion, including 167 new NSE scripts
• Mature IPv6 support
• Infrastructure upgrades, including a bug tracker
• Faster scans
• Enhancements to SSL/TLS scanning
• Extreme portability

For full details, see therelease notes or skip straight to thedownload page.

Rebooting the Full Disclosure Mailing List

Much of the security community has missed the Full Disclosure Mailing List since itabruptly shut down on March 19, so we've decided toreboot it for a fresh start! You cansubscribe to the new list here.

Icons of the Web

TheNmap Project is pleased to release our new and improvedIcons of the Web project! We scanned the Internet's top million web sites and created an interactive 5-gigapixel collage of the results. You can explore it with ouronline viewer including pan/zoom and search capabilities to find your favorite sites.

Nmap 6.40 Released

You canread the full details ordownload it free here.

Nmap 6.25 Released

You canread the full details ordownload it free here.

Nmap 6.00 Released

The Nmap Project is pleased to announcethe immediate, free availability of the Nmap Security Scanner version6.00 fromhttps://nmap.org/. It is theproduct of almost three years of work, 3,924 code commits, and morethan a dozen point releases since thebigNmap 5 release in July 2009. Werecommend that all current usersupgrade. The top 6 improvements in Nmap 6 are:

• Major Nmap Scripting Engine enhancements, including 289 new NSE scripts
• New web scanning capabilities
• Full IPv6 support,
• A new tool named Nping for packet generation and response analysis
• More capable Zenmap GUI and results viewer
• Faster scans

For full details, see therelease notes or skip straight to thedownload page.

SecTools.Org Relaunched

3,000 people participated in the latest top security tools survey and we have relaunchedSecTools.Org with the new data! We have also dramatically improved the site—it now allows user ratings and reviews, tracks release dates, offers searching and sorting, and allows you tosuggest your own favorite tools. Are you familiar with all of the49 new tools in this edition?

Nmap 5.30BETA1 Released With 37 New Scripts, Nping, and New Apple Vulnerability

We're proud torelease Nmap 5.30BETA1 with about 100 significant improvements, including:

• 37 newNSE Scripts, covering SNMP, SSL, Postgress, MySQL, HTTP, LDAP, NFS, DB2, AFS, and much more.
• Nmap developer Patrik Karlsson found amajor remote vulnerability in Mac OS X, which allows access to files in the parent directory of an AFS share. He wrote adetection/exploitation NSE script, which you'll find in this release.
• An alpha test version of ourNping packet generation utility.

News reports:ITWire,SANS Diary (brief),PenTestIT (brief)

Nmap 5.20 Released

We're happy torelease Nmap 5.20, offering 150+ significant improvements over 5.00, including:

• 31 newNSE Scripts
• enhanced performance and reduced memory consumption
• protocol-specificpayloads for more effective UDP scanning
• a completely rewritten traceroute engine
• massiveOS andversion detection DB updates (10,000+ signatures)
• Zenmaphost filter mode shows just the hosts you're interested in.

For a more detailed list of changes, see therelease notes. Source packages as well as binary installers for Linux, Windows, and Mac OS X are all available from theNmap download page.

Nmap 5.00 Released!

After more than 18 months of work since the4.50 release, Insecure.Org ispleased to announce the immediate, freeavailability of the Nmap Security Scanner version 5.00 fromhttps://nmap.org. With nearly 600 significant changes, we consider this the most important Nmap release since 1997 and we recommend that all current users upgrade!

Therelease notes providethetop 5 improvements in Nmap5 as well asexample runsand screen shots. Thechangedetails section includes improvements totheNmap ScriptingEngine,Zenmap GUI andResults Viewer, thenewNcat tool, thenewNdiff scan comparisontool,performanceimprovements, thenewNmap book, and much more!

Source packages as well as binary installers for Linux, Windows, and Mac OS X are all available from theNmap download page.

Update: We've gotten some great press fromITWire,Slashdot,SecurityFocus,LoveMyTool,Reddit,Linux Weekly News,InternetNews.Com,Twitter, anddozens more.

Nmap Network Scanning

After years of effort, we are delighted toreleaseNmap Network Scanning: TheOfficial Nmap Project Guide to Network Discovery and SecurityScanning!

From explaining port scanning basics for novices todetailing low-level packet crafting methods used by advanced hackers,this book by Nmap's original author suits all levels of security andnetworking professionals. The reference guide documents every Nmapfeature and option, while the remainder demonstrates how to apply themto quickly solve real-world tasks. Examples and diagrams show actualcommunication on the wire. Topics include subverting firewalls andintrusion detection systems, optimizing Nmap performance, andautomating common networking tasks with the Nmap Scripting Engine.

Visitthe NNS web site for adetailed summary,reviews, andsample chapters, orbuy it now from Amazon.

Nmap 4.85BETA7 Released to Scan for Conficker Worm

The Conficker worm is receiving a lot of attention because of itsvast scale (millions of machines infected) and advanced updatemechanisms. Conficker isn't the end of the Internet (despite some ofthat hype), but itis a huge nuisance we can all help to cleanup.

Thanks to excellentresearch by Tillmann Werner and Felix LederofThe Honeynet Project andimplementation work by Ron Bowes, David Fifield, Brandon Enright, andFyodor, we've rolled out a new Nmap release which can remotely scanfor and detect infected machines. Nmap 4.85BETA7 is now availablefrom thedownload page,including official binaries for Windows and Mac OS X. To scan forConficker, use a command such as:
nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns,smb-os-discovery --script-args safe=1 [targetnetworks]

You will only see Conficker-related output if either port 139 or 445 are open on a host. A clean machine reports at the bottom: “Conficker: Likely CLEAN”, while likely infected machines say: “Conficker: Likely INFECTED”. For more advice, seethis nmap-dev post by Brandon Enright.

While Conficker gets all the attention, 4.85BETA7 also hasmany other great improvements.

Update: Changed version from 4.85BETA5 (first to detect Conficker) to 4.85BETA7, which includesfurther Conficker detection improvements, among other changes.

More information is available from:The Register,Slashdot,Washington Post,SecurityFocus,CNet,SC Magazine,ComputerWorld,SkullSecurity (Ron Bowes),Beta News,PC World,eWeek,CRN.com,TechNewsWorld,DarkReading,ComputerWeekly,PC Magazine,Threat Post,ZDNet.

Nmap 4.75 Released

We are pleased torelease Nmap 4.75, withalmost 100 significant improvements since version 4.68. Key Nmap 4.75 changes include:

• Fyodor spent much of this summer scanning tens of millions of IPs on the Internet (plus collecting data contributed by some enterprises) to determine the most commonly open ports. Nmap now uses that empirical data to scan more effectively.
• Zenmap Topology and Aggregation features were added, as discussed in the next news item.
• Hundreds of OS detection signatures were added, bringing the total to 1,503.
• Seven new Nmap Scripting Engine (NSE) scripts were added. Theseautomate routing AS number lookups, “Kaminsky” DNS bugvulnerability checking, brute force POP3 authentication cracking, SNMPquerying and brute forcing, and whois lookups against target IP space.Many valuable libraries were added as well.
• Many performance improvements and bug fixes were implemented. Inparticular, Nmap now works again on Windows 2000.

Many of these changes were discussed in Fyodor's Black Hat and Defcon presentations. The audio and video has now beenposted on the presentations page.

Download the source tarball or binaries for Linux, Windows, or Mac OS X from theNmap download page. If you find any bugs, pleasereport them.

Zenmap Gains Topology Maps and Aggregation Features

While Nmap stands for “Network Mapper”, it hasn't beenable to actually draw you a map of the network—until now! ThenewZenmap NetworkTopology feature provides an interactive, animated visualizationof the hosts on a network and connections between them. The scansource is (initially) in the center, with other hosts on a series ofconcentric circles which represent the number of hops away they arefrom the souce. Nodes are connected by lines representing discovered paths between them. Read the full details (and oogle the pretty pictures)in our articleonSurfing theNetwork Topology. Special thanks go to João Medeiros,David Fifield, and Vladimir Mitrovic for their tireless work indeveloping and integrating this new feature.

Another exciting new Zenmap featureisscanaggregation, which allows you to combine the results of many Nmapscans into one view. When one scan is finished, you may start anotherin the same window. Results of the new scan are seamlessly mergedinto one view.

You can try these and many other great features with the latest version ofZenmap, available from theNmap download page.

Nmap Summer News Roundup

• Fyodor spoke in Las Vegas at the Black Hat Briefings and Defcon to discuss the results of large-scale Internetscans he has been conducting, and demonstrate how you can use theempirical data to make your scans (over the Internet or even internal)more efficient. He also showed off some newNmap features which can help you bypass firewall restrictions, reducescan times, and gather more information about remote hosts. The presentation video is nowavailable on the presentations page.
• RSS feeds for mailing lists archived bySecLists.Org now sport message excerpts to make it easier to identify interesting messages.
• We now have a working search engine which covers all of our sites(Insecure.Org,Nmap.Org,SecLists.Org,andSecTools.Org. You can find thesearch bar on the left sidebar or bottom of our normal pages,orvisit our search pagedirectly.
• And for a bit of fun news, Nmap's movie stardom has grown with an appearance in itsseventh movie!

Nmap Celebrates 10th Anniversary With Major Version 4.50 Release

After nearly two years of work since the4.00 release, Insecure.Org is pleased toannounce the immediate, freeavailability of the Nmap Security Scanner version 4.50 fromhttps://nmap.org . Nmap was first released in 1997, so this release celebrates our 10th anniversary!

Major new features since 4.00 includetheZenmap cross-platformGUI,2nd GenerationOS Detection, theNmap Scripting Engine, a rewritten host discovery system, performanceoptimization, advanced traceroute functionality, TCP and IP options support, and nearly 1,500 newversion detection signatures. Dozens ofother important changes—and future plans for Nmap—are listed in therelease announcement. We recommend that all current Nmap usersupgrade.

Update: Joe Barr at Linux.Com has written agreat review of Nmap 4.50. In addition to testing the new features, he offers substantial background information on port scanning.

Nmap Featured in The Bourne Ultimatum

InThe Bourne Ultimatum (IMDB), the CIA needs to hack the mail server of a newspaper (The Guardian UK) to read the email of a reporter they assassinated. So they turn toNmap and its new official GUIZenmap to hack the mail server! Nmap reports that the mail server is running SSH 3.9p1, Posfix smtpd, and a name server (presumably bind). They also make substantial use ofBash, the Bourne-again shell. Congratulations to Roger Chui for being the first to spot this. He also sent ascene transcript and the following HD screen shots (click for full resolution):

Other movies which have used Nmap include:Matrix Reloaded,Bourne Ultimatum,13: Game of Death,Battle Royale,The Listening, and, uhh,HaXXXor: No Longer Floppy. Screens shots of Nmap in all of these movies are available onour new Nmap movies page. Nmap has become quite the movie star!

Introducing Zenmap, the Official Nmap GUI

After more than two years of development (starting with a 2005 Google Summer of Code project), we have replaced the venerable but dated NmapFE with a new cross-platform GUI namedZenmap. It is cross platform (tested on Linux, Windows, Mac OS X) and supports all Nmap options. Its results viewer allows easier browsing, searching, sorting, and saving of Nmap results.

Zenmap will appear in the upcoming 4.50 release and is already available in the release candidate packages on theNmap download page. Zenmap screenshots and documentation are available athttps://nmap.org/zenmap.

Zenmap is still under active development, but was integrated early because it is already much more powerful than NmapFE. Development is coordinated on thenmap-dev mailing list.

Nmap Featured in Die Hard 4

Yippee Ki-Yay!In Die Hard 4: Live Free or Die Hard(Wikipedia,IMDB), Detective John McClane (Bruce Willis) is dispatched to retrieve hacker Matthew Farrell (Justin Long) because the FBI suspects him of breaching their computer systems. Later, Justin is enlisted to help thwart terrorist mastermind Thomas Gabrial's attempts at total World destruction. In this Scene, Farrell demonstrates his Nmap skills:

Thanks to Andrew Hake for catching the cameo and sendingthese HD screen shots.

See ourNmap movies page for many more movies featuring Nmap.

Top 100 Security Tools List Released

After the tremendously successful2000 and2003 top security toolssurveys, we are pleased to release our 2006 results at a brand newsite:SecTools.Org. A record 3,243Nmap users responded this year. Notable trends since 2003 include therise in exploitation frameworks such asMetasploit,Impact, andCanvas; theincreased popularity of wireless tools such asKismet andAircrack. 44 toolsare new to the list. Security practitioners are encouraged to readthe list and investigate tools theyaren't familiar with. You may find the little gem that you never knewyou needed.

English Sectools Coverage:Digg,Slashdot,About.Com,LinuxSecurity.Com,SANS ISC,TAOSecurity,del.icio.us,SecuriTeam,gHacks,iHacked

International:Menéame (Spanish),Kriptopolis (Spanish),ITPro Security (Japanese),Security.NL (Dutch),Todo-Linux (Spanish),CriticalSecurity (Lithuanian),Xakep (Russian)

SecLists.Org Back Up and Running

Our popularSecLists.Org publicmailing list archive is back up and running after it wasinexcusablyshut down with no notice by our soon-to-be-former domain registrarGoDaddy at the behest of MySpace.Com. We believe web site content is the responsibility of the site owner (registrant) and (if that fails) hosting or bandwidth provider. If the whois contact data is valid, registrars shouldn't be involved without a court order.

News reports and discussion of the shutdown:
CNET News.Com |Wired |Wired #2 |Slashdot |Digg |Politech |Web Host Industry Reviews |SecurityFocus |Info World |Domain Name Wire |P2PNet |SecurityPro News |Digital MediaWire |SecuriTeam |Tech Dirt |Mashable

Update: We have launchedNoDaddy.Com to document GoDaddy's abuses of their registrar status.

Nmap 4.00 Released

After two years of work since the3.50 release, Insecure.Org is pleased toannounce the immediate, freeavailability of the Nmap Security Scanner version 4.00 fromhttps://nmap.org .

Changes since version 3.50 include a rewritten (for speed and memory efficiency) port scanning engine, ARP scanning, a brand newman page andinstall guide,'l33t ASCII art,runtimeinteraction, massiveversion detectionimprovements, MAC address spoofing, increased Windows performance, 500 new OSdetection fingerprints, and completion time estimates. Dozens ofother important changes -- and future plans for Nmap -- are listed in therelease announcement.

Updates:
Fyodor has given aSecurityFocus interview on 4.00
More English coverage/reviews:Information Security Magazine,Slashdot,Linux Weekly News (LWN),Digg,SANS ISC,OSNews,AllYourTech.Com,LinuxSecurity.Com
International coverage:Heise (German),LinuxFR (French),OpenNET (Russian),derStandard (Austrian),Golem.de (German),Hacking.PL (Polish),WinFuture (German),Kriptopolis (Spanish),Security.NL (Dutch),Tweakers.Net (Dutch),Xakep (Russian)

Security List Archive Updated

RSS feeds have been added to all security mailing lists archived atSecLists.Org, making it eveneasier to keep up with the latest news fromNmap-Hackers,Nmap-Dev,Bugtraq, and all of the others. We have also addedDailydave, ahighly technical discussion list covers vulnerability research,exploit development, and security events/gossip (with many smartpeople participating).

NSA Loads Nmap Release Status for President Bush Visit

Loading an external web site on their giant screen was risky. Imagine ifthis happened (thanksphp0t)!
Meanwhile, Nmap makes an appearance at Walmart with theNmap hacking chair

New Nmap Man Page

We are proud toannouncethat the Nmap man page has been completely rewritten. It is morecomprehensive (double the length) and much better organized than theprevious one. It is meant to serve as a quick-reference to virtuallyall Nmap command-line arguments, but you can learn even more aboutNmap by reading it straight through. The 18 sections includeBriefOptions Summary,Firewall/IDSEvasion and Spoofing,Timingand Performance,PortScanning Techniques,UsageExamples, and much more. It even documents some cool featuresthat are slated for release in the next Nmap version (runtimeinteraction and parallel DNS resolution).

The new man page is best read inHTML format, though youcan alternatively download theNroff nmap.1 toinstall on your system.

We have issued a call for translations of the reference guide, and 29 languages are in progress. See thenew documentation page to volunteer or read a translation.

Hacker Fiction Books Published

Fyodor has co-authored a novel on hacking, along with FX, Joe Grand,Kevin Mitnick, Ryan Russell, Jay Beale, and several others.Their individual stories combine to describe a massive electronicfinancial heist. While the work is fiction, hacks are described indepth using real technology such as Nmap, Hping2, OpenSSL, etc. Stealing the Network: How to Own a Continent can bepurchasedat Amazon (save $17), and your canreadFyodor's chapter online for free. STC was a best-seller, ranking for a while as the second-highest sellingcomputer book on Amazon.

Update: Syngress has released a sequel:Stealing the Network: How to Own an Identity. They have generously allowed Fyodor to post his favorite chapter for free. So enjoyBl@ckTo\/\/3r, by Nmap contributor Brian Hatch. It is full of wry humor and creative security conundrums to keep the experts entertained, while it also offers security lessons on the finer points of SSH, SSL, and X Windows authentication and encryption.

Nmap Gains Advanced Version Detection

After several months of intense private development, we are pleased torelease Nmap 3.45, including an advancedversion detection system. Now insteadof using a simple nmap-services table lookup to determine a port'slikely purpose, Nmap will (if asked) interrogate that TCP or UDPport to determine what service is really listening. In many cases itcan determine the application name and version number as well.Obstacles like SSL encryption and Sun RPC are no threat, as Nmap canconnect using OpenSSL (if available) as well as utilizing Nmap's RPCbruteforcer. IPv6 is also supported. You can read our newversion detection paper for thedetails and examples, or just download the latest version and try itouthere. Simply add "-sV" to your normal scancommand-line options.

News articles covering Nmap version detection:Slashdot,Hacking Linux Exposed,Security Wire Digest.

Nmap Featured in The Matrix Reloaded

We have all seen many movies likeHackers which pass offridiculous 3D animated eye-candy scenes as hacking. So Iwasshocked to find that Trinity does it properly inThe Matrix Reloaded [Under $6 at Amazon].She whips outNmap version2.54BETA25, usesit to find a vulnerable SSH server, and then proceeds to exploit itusing theSSH1CRC32 exploit from 2001.Shame on them for being vulnerable (timing notes). Congratulations toeveryone who has helpedmake Nmap successful! Click on these thumbnails for higher resolution or viewmore pictureshere.

Updates:

• News articles about the Nmap cameo:BBC,Slashdot,SecurityFocus,Silicon.Com,CNET
• JWZ has added this cracking scene as anXScreenSaver 4.10 Easter Egg - run 'xmatrix -small -crack'.
• Dave from Lab6notifies me that Nmap source code is displayed inBattle Royale:[Screen1][Screen2] [Trivia]
• Several people have submitted matrix-themed banners to thepropaganda gallery. Feel free to use any of these to link to Insecure.org - we appreciate it!
• The UK's Scotland Yard Computer Crime Unit and the British Computer Society have put out ajoint warning that "Viewers of the new box office blockbuster 'Matrix Reloaded' should not be tempted to emulate the realistic depiction of computer hacking." Kids - don't try this at home!