PC CyberTek » tools http://www.pccybertek.com The cyberspace visitor's information center Wed, 12 May 2010 21:57:13 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Nmap 5.20 Released http://www.pccybertek.com/2010/01/nmap-5-20-released http://www.pccybertek.com/2010/01/nmap-5-20-released#comments Tue, 26 Jan 2010 21:07:54 +0000 chris http://www.pccybertek.com/?p=351 Fydor has released Nmap 5.20. This is the first stable release, or non beta release, of Nmap since July 2009. And like usual, it has a lot of nice improvements and upgrades. If I could only have one security tool, Nmap would be it. It’s the first, and sometimes the only, program I run when I want to do any kind of security audit or if I want an inventory of  the LAN and which services are running .

Many of the improvements are under the hood like a completely rewritten traceroute engine. This new version  sent out 50% less packets and reduced the amount of time it took to complete by 96% when compared to the previous version. Traceroute will also send out an ICMP echo request probe if no working probes against the target were found during scanning. Memory consumption has also been reduced. One example of this is the size of the internal nmap OS DB, which has been reduced by more than 90% and the OS detection scan, has had the peak memory consumption  reduced from 67MB to 3MB. These are just a few of the under the hood improvements.

So much for the internal workings, now lets move on to some of the cool upgrades.  There are 31 new Nmap Scripting Engine (NSE) scripts which brings the total up to 80. These NSE scripts are one of my favorite features of Nmap. These scripts allow me to run Nmap in ways I never even thought about. I’m one of those people who learns better by example so the included scripts helps me to have a better understanding of how to write my own NSE scripts. Check out the complete list of NSE scripts.

There has also been an increase in the OS fingerprints, thanks to user submitted fingerprints and many corrections. Some of the more interesting new fingerprints include Google’s Android Linux (for smart phones), Mac OS X 10.6 (Snow Leopard), The Chumby (an internet radio player), a bunch of printers and routers for a total of 1349 fingerprints. This is including the 40 new vendors, 342 new fingerprints and 81 corrections.

Speaking of databases, the OS detection has seen some real growth. Thanks to user submissions, 2,576 of them since Feb. 2009, more than a thousand signatures have been added. That many users submissions shows the kind of community support Nmap has earned.

Nmap started out as a command line tool. But don’t let that scare you away from trying it out if you never have before. There is also a GUI (graphical user interface) called Zenmap that comes packaged with it. Zenmap has also seen improvements. You can now filter the results in Zenmap. So say you have performed a scan and have a lot of results but you just need to see the computers running Linux or a particular service like IIS. You can now apply a filter to your scan results and just have a list of  those machines which are running it.

These are just a few of the improvements made to Nmap since version 5.00 and you can get a complete list of the changes since 5.00 from the release notes. Or just download it and give it a try. There is a release for just about any OS you have. If you work with networks at all, you owe it to yourself to give Nmap a try.

]]> http://www.pccybertek.com/2010/01/nmap-5-20-released/feed 1