Movatterモバイル変換

[0]ホーム
URL:

Home page logo

Nmap 5.00 Released

July 16, 2009 -- Insecure.Org is pleased to announce the immediate,free availability of the Nmap Security Scanner version 5.00fromhttps://nmap.org/. This is thefirst stable release since 4.76 (last September), and the first majorrelease since the 4.50 release in 2007. Dozens of developmentreleases led up to this.

Considering all thechanges, we considerthis the most important Nmap release since 1997, and we recommend thatall current users upgrade.

About Nmap

Nmap ("Network Mapper") is a free and open source(license) utility fornetwork exploration or security auditing. Many systems and networkadministrators also find it useful for tasks such as networkinventory, managing service upgrade schedules, and monitoring host orservice uptime. Nmap uses raw IP packets in novel ways to determinewhat hosts are available on the network, what services (applicationname and version) those hosts are offering, what operating systems(and OS versions) they are running, what type of packetfilters/firewalls are in use, and dozens of other characteristics. Itwas designed to rapidly scan large networks, but works fine againstsingle hosts. Nmap runs on all major computer operating systems, andofficial binary packages are available for Linux, Windows, and Mac OSX. In addition to the classic command-line Nmap executable, the Nmapsuite includes an advanced GUI and results viewer(Zenmap), a flexible datatransfer, redirection, and debugging tool(Ncat), and a utility forcomparing scan results (Ndiff).

Nmap was named “Security Product of the Year” by LinuxJournal, Info World, LinuxQuestions.Org, and Codetalker Digest. Itwas even featured ineightmovies, includingThe Matrix Reloaded,Die Hard 4, andThe Bourne Ultimatum.

As free software, we don't have any sort of advertising budget. So please spread the word that Nmap 5.00 is now available!

Top 5 Improvements in Nmap 5

Before we go into thedetailed changes, hereare the top 5 improvements in Nmap 5:

  1. The newNcat tool aims to beyourSwissArmy Knife for data transfer, redirection, and debugging. Wereleased awholeusers' guidedetailing security testing and network administration tasks made easy with Ncat.

  2. The addition of theNdiff scancomparison tool completes Nmap's growth into a whole suite ofapplications which work together to serve network administrators andsecurity practitioners. Ndiff makes it easy to automatically scanyour network daily and report on any changes (systems coming up orgoing down or changes to the software services they are running). Theother two tools now packaged with Nmap itself are Ncat andthemuch improved Zenmap GUI and resultsviewer.

  3. Nmap performance hasimproveddramatically. We spent last summer scanning much of the Internetand merging that data with internal enterprise scan logs to determinethe most commonly open ports. This allows Nmap to scan fewer ports bydefault while finding more open ports. We also added a fixed-ratescan engine so you can bypass Nmap's congestion control algorithms andscan at exactly the rate (packets per second) you specify.

  4. We releasedNmap NetworkScanning, the official Nmap guide to network discovery and securityscanning. From explaining port scanning basics for novices todetailing low-level packet crafting methods used by advanced hackers,this book suits all levels of security and networking professionals. A42-page reference guide documents every Nmap feature and option, whilethe rest of the book demonstrates how to apply those features toquickly solve real-world tasks. More than half the bookisavailable in the freeonline edition.

  5. TheNmap ScriptingEngine (NSE) is one of Nmap's most powerful and flexiblefeatures. It allows users to write (and share) simple scripts toautomate a wide variety of networking tasks. Those scripts are thenexecuted in parallel with the speed and efficiency you expect fromNmap. All existing scripts have been improved, and 32 new ones added.New scripts include a whole bunch of MSRPC/NetBIOS attacks, queries,and vulnerability probes; open proxy detection; whois and AS numberlookup queries; brute force attack scripts against the SNMP and POP3protocols; andmany more. All NSE scriptsand modules are described in thenewNSE documentation portal.

News articles and reviews

Pleasemail Fyodor if you see (or write) reviews/articles on the Nmap 5.00 release. Here are the ones seen so far:Reasonably detailed (or with many comments) English articles:

Brief mentions:Wireshark.Org,Securiteam,Dark Reading,Linux Today,CGISecurity.Com,Security4All,Help Net Security,Red Gecko,Peter Van Eeckhoutte,Security Database,Owl Linux,Priveon Labs

Non-English articles:
Arabic:Linux AC,iSecur1ty.org
Czech:ABC Linuxu,Root.cz
Chinese:Solidot,Netsecurity.51cto.com
Dutch:Tweakers.net,Security.nl
French:Silicon.fr,LinuxFR.org
German:Golem.de,Heise online,Pro-Linux.de,PC Welt,Menzer.net,Secorvo Security News (PDF)
Russian:OpenNet.ru,Xakep.ru,Linux.org.ru
Spanish:Viva Linux,Barrapunto,menéame,Linux Maya,Iniqua,A por Linux,Portal Chileno de Seguridad Informatica
Others:Version 2 (Danish),hup.hu (Hungarian),BR-Linux.Org (Portuguese),IDG.se (Swedish)

Journalists (anyone writing about the Nmap release) are welcome touse any of the text or screen shots on this page.

Example run and screen shots

Nmap 5.00 provides a wealth of information about remote systems, as shown in this sample scan:

# nmap -A -T4 scanme.nmap.org 207.68.200.30Starting Nmap 5.00 ( https://nmap.org ) at 2009-07-13 16:22 PDTInteresting ports on scanme.nmap.org (64.13.134.52):Not shown: 994 filtered portsPORT      STATE  SERVICE VERSION22/tcp    open   ssh     OpenSSH 4.3 (protocol 2.0)|  ssh-hostkey: 1024 03:5f:d3:9d:95:74:8a:d0:8d:70:17:9a:bf:93:84:13 (DSA)|_ 2048 fa:af:76:4c:b0:f4:4b:83:a4:6e:70:9f:a1:ec:51:0c (RSA)53/tcp    open   domain  ISC BIND 9.3.470/tcp    closed gopher80/tcp    open   http    Apache httpd 2.2.2 ((Fedora))|_ html-title: Go ahead and ScanMe!113/tcp   closed auth31337/tcp closed EliteDevice type: general purposeRunning: Linux 2.6.XOS details: Linux 2.6.20-1 (Fedora Core 5)Interesting ports on 207.68.200.30:Not shown: 991 filtered portsPORT      STATE SERVICE      VERSION53/tcp    open  domain       Microsoft DNS 6.0.600188/tcp    open  kerberos-sec Microsoft Windows kerberos-sec135/tcp   open  msrpc        Microsoft Windows RPC139/tcp   open  netbios-ssn389/tcp   open  ldap445/tcp   open  microsoft-ds Microsoft Windows 2003 microsoft-ds464/tcp   open  kpasswd5?49158/tcp open  ncacn_http   Microsoft Windows RPC over HTTP 1.049175/tcp open  msrpc        Microsoft Windows RPCRunning: Microsoft Windows 2008|VistaHost script results:|  smb-os-discovery: Windows Server (R) 2008 Enterprise 6001 Service Pack 1|  LAN Manager: Windows Server (R) 2008 Enterprise 6.0|  Name: MSAPPLELAB\APPLELAB2K8|_ System time: 2009-07-13 16:17:07 UTC-7|  nbstat: NetBIOS name: APPLELAB2K8, NetBIOS user:, NetBIOS MAC: 00:1a:a0:9a:a3:96|  Name: APPLELAB2K8<00>      Flags:|_ Name: MSAPPLELAB<00>       Flags:TRACEROUTE (using port 135/tcp)HOP RTT    ADDRESS[Cut first 8 lines for brevity]9   36.88  ge-10-0.hsa1.Seattle1.Level3.net (4.68.105.6)10  36.61  unknown.Level3.net (209.245.176.2)11  41.21  207.68.200.30Nmap done: 2 IP addresses (2 hosts up) scanned in 120.26 seconds# (Note: some output was modified to fit results on screen)

Here are some Nmap and Zenmap 5.00 screen shots (click thumbnails for full resolution):


Classic command-line Nmap
Zenmap's new network topology graphing mode

Zenmap showing all discovered HTTP services
Zenmap displaying Nmap output


Change details

TheNmap Changelogdescribes nearly 600 significant improvements since our last majorrelease(4.50).Here are the highlights:

TheNmap ScriptingEngine (NSE) is one of Nmap's most powerful and flexiblefeatures. It allows users to write (and share) simple scripts toautomate a wide variety of networking tasks. Those scripts are thenexecuted in parallel with the speed and efficiency you expect fromNmap. It existed in Nmap 4.50, but has been dramatically improved:

Zenmap is across-platform (Linux, Windows, Mac OS X, etc.) Nmap GUI and resultsviewer which supports all Nmap options. It aims to make Nmap easy forbeginners to use while providing advanced features for experiencedNmap users. Frequently used scans can be saved as profiles to makethem easy to run repeatedly. A command creator allows interactivecreation of Nmap command lines. Scan results can be saved and viewedlater. Saved scan results can be compared with one another to see howthey differ. The results of recent scans are stored in a searchabledatabase. While Zenmap already existed in Nmap 4.50, it has improved dramatically since then:

  .       .         \`-"'"-'/          } 6 6 {          ==. Y ,==           /^^^\  .         /     \  )       (  )-(  )/     _  -""---""---   /  /   Ncat    \_/  (     ____         \_.=|____E

Nmap 5 introducesNcat, ageneral-purpose command-line tool for reading, writing, redirecting,and encrypting data across a network. It aims to be yournetworkSwissArmy knife, handling a wide variety of security testing andadministration tasks. Ncat is suitable for interactive use or as anetwork-connected back end for other tools. Ncat can:

These capabilities become even more powerful and versatile when combined.

Ncat is our modern reinvention of the venerable Netcat (nc) toolreleased by Hobbit in 1996. While Ncat is similar to Netcat in spirit,they don't share any source code. Instead, Ncat makes use of Nmap'swell optimized and tested networking libraries. Compatibility with theoriginal Netcat and some well known variants is maintained where itdoesn't conflict with Ncat's enhancements or cause usabilityproblems. Ncat adds many capabilities not found in Hobbit's originalnc, including SSL support, proxy connections, IPv6, and connectionbrokering. The original nc contained a simple port scanner, but weomitted that from Ncat because we have a preferred tool for thatfunction.

Ncat is extensively documented initsUsers'Guide,man page,andhome page.

Nmap has been doing host discovery and port scanning since its release in '97, but we continue to improve this core functionality. We've added many new features and dramatically improved performance! Here are the biggest enhancements since 4.50:

Fyodor releasedNmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. It was briefly the #1 selling computer book on Amazon. More than half of the book is alreadyfree online.

A German translationis available from Open Source Press; Korean and Brazilian Portuguese translations areforthcoming.

Thanks to fingerprint submissions from thousands of Nmap usersaround the world, the2ndgeneration OS detection database has nearly doubled in size since4.50 to 2,003 entries. These include the latest versions of Windows,Linux, and Mac OS X as well as more specialized entries such asoscilloscopes, ATM machines, employee timeclocks, DVRs, game consoles,and much more. Keep those submissions coming!

In addition to doubling the database size, we enhanced the OSdetection engine and its tests to improve accuracy. For example, weadded a new SEQ.CI test (IP ID sequence generation from closed TCPport) and removed the U1.RUL, U1.TOS, IE.DLI, IE.SI, and IE.TOSItests.

Nmap'sversion detectionsystem interrogates open ports to determine what service(e.g. http, smtp) is running and often the exact application name andversion number. The version detection database grew by nearly athousand signatures. It grew from 4,558 signatures representing 449protocols in Nmap 4.50 to 5,512 signatures for 511 protocols in5.00. You can read about Doug's signature creationadventureshere,here,andhere. The serviceprotocols with the most signatures are http (1,868), telnet (584), ftp(506), smtp (363), pop3 (209), http-proxy (136), ssh (123), imap(122), and irc (48). Among the protocols with just one signaturearenetrek,gopher-proxy,ncat-chat,andmetasploit.

The new Ndiff utility compares the results of two Nmap scans and describes the new/removed hosts, newly open/closed ports, changed operating systems, or application versions, etc. This makes it trivial to scan your networks on a regular basis and create a report (XML or text format) on all the changes. See the Ndiffman page andhome page for more information. Ndiff is included in our binary packages and built by default, though you can prevent it from being built by specifying the --without-ndiff configure flag.

Here are excerpts from an Ndiff comparison between two scans for theFacebook network:

> ndiff -v facebook-vscan-1237136401.xml facebook-vscan-1237395601.xml-Nmap 4.85BETA3 at 2009-03-15 10:00+Nmap 4.85BETA4 at 2009-03-18 10:00+arborvip.tfbnw.net (69.63.179.23):+Host is up.+Not shown: 100 filtered ports www2.02.07.facebook.com (69.63.180.12): Host is up. Not shown: 98 filtered ports PORT    STATE SERVICE  VERSION-80/tcp  open  http     Apache httpd 1.3.41.fb2+80/tcp  open  http     Apache httpd 1.3.41.fb1 443/tcp open  ssl/http Apache httpd 1.3.41.fb2

And here is a trivialcron script demonstrating how easy it is to scan a network daily and mail yourself the changes (and full results in this case):

#!/bin/shdate=`date "+%s"`cd /hack/facebook/scripts/nmap -T4 -F -sV -O --osscan-limit --osscanguess -oA facebook-${date} [netblocks] > /dev/nullndiff facebook-old.xml facebook-${date}.xml > facebook-diff-${date}cp facebook-${date}.xml facebook-old.xmlecho "\n********** NDIFF RESULTS **********\n"cat facebook-vscan-diff-${date}echo "\n********** SCAN RESULTS **********\n"cat facebook-vscan-${date}.nmap

You could do a similar thing using Windows'scheduled tasks.

IronGeek has created anNdiff 5 introductory video demonstrating command-line Ndiff plus its use withinZenmap.

WhileNmap Network Scanning maybe the most exciting documentation news for this release, we did makemany other important web site and documentation changes:

Nmap's dramatic improvements are of little value if it doesn't runon your system. Fortunately, portability has always been a highpriority. Nmap 5.00 runs on all major operating systems, plus theAmiga. Portability improvements in this release include:

These are just highlights from the full list of changes you canfind inour CHANGELOG.

Moving Forward

With this stable version out of the way, we are diving headfirstinto the next development cycle. Many exciting features are in thequeue, including:

You can read more of our short-term and longer-term plans fromourpublic TODO list.

For the latest Insecure.Org and Nmap announcements, join the68,000-member Nmap-hackers announcement list. Traffic rarelyexceeds one message per month.subscribe hereorread the archives at SecLists.Org. To participate in Nmapdevelopment, join the (high traffic)nmap-dev list. You can alsofollow us on Twitter.

Acknowledgments

A free open source scanner as powerful as Nmap is only possiblethanks to the help of hundreds of developers and other contributors.We would like to acknowledge and thank the many people who contributedideas and/or code since Nmap 4.50. Special thanks go out to:

4N9e Gutek,Aaron Leininger,Adriano Monteiro Marques,Allison Randal,Andrew J. Bennieston,Andy Lutomirski,Angico,Arturo Buanzo,Arturo Buanzo Busleiman,Benson Kalahar,Bill Pollock,Brandon Enright,Brian Hatch,Busleiman,Chad Loder,Chris Clements,Chris Gibson,Chris Leick,,Daniel Roethlisberger,David Fifield,David Moore,Diman Todorov,Diman Todorov,,Dinu Gherman,Doug Hoyte,Dragos Ruiu,Dudi Itzhakov,Eddie Bell,Emma Jane Hogbin,Fabio Pedretti,Felix Leder,Gisle Vanem,Gisle Vanem,,Guilherme Polo,Guz Alexander,HD Moore,Henri Doreau,Henri Doreau,,Henry Gebhardt,Ithilgore,Jabra,Jah,James Messer,Jason DePriest,Jeff Nathan,Jesse Burns,Joao Correa,Joao Medeiros,Josh Marlow,Jurand Nogiec,Kris Katterjohn,Lamont Jones,Lance Spitzner,Leslie Hawthorn,Lionel Cons,Marius Sturm,Martin Macok,Matt Selsky,Max Schubert,Michael Pattrick,Michal Januszewski,Mike Frysinger,Mixter,Nathan Bills,Patrick Donnelly,Philip Pickering,Pieter Bowman,Rainer Müller,Raven Alder,Robert Mead,Rob Nicholls,Ron Bowes,Sebastián García,Simple Nomad,Solar Designer,Stephan Fijneman,Steve Christensen,Sven Klemm,Tedi Heriyanto,Thomas Buchanan,Thorsten Holz,Tillmann Werner,Tim Adam,Tom Duffy,Tom Sellers,Trevor Bain,Tyler Reguly,Valerie Aurora,van Hauser,Venkat Sanaka,Vlad Alexa,Vladimir Mitrovic,Vlatko Kosturjak,Will Cladek,William McVey,Zhao Lei

We would also like to thank the thousands of people whohave submitted OS and service/version fingerprints, as well aseveryone who has found and reported bugs or suggested features.

Download and Updates

Nmap is available for download fromhttps://nmap.org/download.htmlin source and binary form. Nmap is free, open source software (license).

To learn about Nmap announcements as they happen, subscribe to nmap-hackers!It is a very low volume (7 messages in 2008),moderated list for announcements about Nmap, Insecure.org, and relatedprojects. You can join the 65,000 current subscribers by submittingyour e-mail address here:


(or subscribe with custom options from theNmap-hackers list info page.

Nmap-hackers is archived atSeclists.org and has anRSS feed. You can also follow theNmap Twitter feed.

Brandon Enright andUCSD havegenerously mirrored the Nmap binaries to handle the deluge of trafficexpected as users download this release.

Direct questions or comments to Fyodor(fyodor@nmap.org) .Report any bugsasdescribed here.

[8]ページ先頭
©2009-2025 Movatter.jp