PC Cybertek » nmap

Nmap 5.21 Released and Video Tutorial

chris — Thu, 28 Jan 2010 04:30:09 +0000

If you follow this blog, you know that I did an article on the first stable release of Namp http://www.pccybertek.com/2010/01/nmap-5-20-released yesterday. Now that it has been out for a week, Fydor has already released another update, Namp 5.21 which is also a stable
release and not a beta. It’s mainly just a bug fix release. So I have updated the download section here with a link to the 5.21 release, which is on the right column about 3/4 of the way down the page. My download link is directly to the file on the insecure.org website or you can go to the Nmap download page yourself.

But I don’t want to just tell you about the update, I’d like to offer you some more since you took the time to stop by here. So here is a link to Iron Geek’s Baisc Nmap Tutorial video. And if already know the basics and would like to move on to some more advanced lesson, here is Iron Geek’s Nmap Video Tutorial 2: Port Scan Boogaloo Happy port knocking.

Nmap 5.20 Released

chris — Tue, 26 Jan 2010 21:07:54 +0000

Fydor has released Nmap 5.20. This is the first stable release, or non beta release, of Nmap since July 2009. And like usual, it has a lot of nice improvements and upgrades. If I could only have one security tool, Nmap would be it. It’s the first, and sometimes the only, program I run when I want to do any kind of security audit or if I want an inventory of the LAN and which services are running .

Many of the improvements are under the hood like a completely rewritten traceroute engine. This new version sent out 50% less packets and reduced the amount of time it took to complete by 96% when compared to the previous version. Traceroute will also send out an ICMP echo request probe if no working probes against the target were found during scanning. Memory consumption has also been reduced. One example of this is the size of the internal nmap OS DB, which has been reduced by more than 90% and the OS detection scan, has had the peak memory consumption reduced from 67MB to 3MB. These are just a few of the under the hood improvements.

So much for the internal workings, now lets move on to some of the cool upgrades. There are 31 new Nmap Scripting Engine (NSE) scripts which brings the total up to 80. These NSE scripts are one of my favorite features of Nmap. These scripts allow me to run Nmap in ways I never even thought about. I’m one of those people who learns better by example so the included scripts helps me to have a better understanding of how to write my own NSE scripts. Check out the complete list of NSE scripts.

There has also been an increase in the OS fingerprints, thanks to user submitted fingerprints and many corrections. Some of the more interesting new fingerprints include Google’s Android Linux (for smart phones), Mac OS X 10.6 (Snow Leopard), The Chumby (an internet radio player), a bunch of printers and routers for a total of 1349 fingerprints. This is including the 40 new vendors, 342 new fingerprints and 81 corrections.

Speaking of databases, the OS detection has seen some real growth. Thanks to user submissions, 2,576 of them since Feb. 2009, more than a thousand signatures have been added. That many users submissions shows the kind of community support Nmap has earned.

Nmap started out as a command line tool. But don’t let that scare you away from trying it out if you never have before. There is also a GUI (graphical user interface) called Zenmap that comes packaged with it. Zenmap has also seen improvements. You can now filter the results in Zenmap. So say you have performed a scan and have a lot of results but you just need to see the computers running Linux or a particular service like IIS. You can now apply a filter to your scan results and just have a list of those machines which are running it.

These are just a few of the improvements made to Nmap since version 5.00 and you can get a complete list of the changes since 5.00 from the release notes. Or just download it and give it a try. There is a release for just about any OS you have. If you work with networks at all, you owe it to yourself to give Nmap a try.

Namp 5.0 Released!

chris — Thu, 16 Jul 2009 20:03:09 +0000

Yes, that’s right. The essential network scanner, nmap, has made it to version 5. If you are unfamiliar with nmap, it’s a must have tool for anyone who does anything with networks. It’s the greatest port scanner around. And you can get it for just about any OS. But nmap is much more than just a port scanner. It can be used for more than just seeing what ports are open. You can also use it for its OS detection, among other things, and you can even use it to find the conficker virus on remote computers. It’s available as a command line tool and for those who prefer a gui, it also comes with zenmap which is a graphical front end for it.

My thanks to Fydor and the nmap development team for constantly updating this awesome tool and never being satisfied with the status quo. Now let me quote insecure.org

July 16, 2009 — Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this.

Considering all the changes, we consider this the most important Nmap release since 1997, and we recommend that all current users upgrade.

You can find a list of the changes here and be sure to download it.