Forgot your password?
typodupeerror
Security Networking IT

Nmap 5.00 Released, With Many Improvements 73

Posted by timothy
from the ok-now-release-another-nsfw-introduction dept.
iago-vL writes "The long-awaited Nmap Security Scanner version 5.00 was just released (download)! This marks the most important release since 1997, and is a huge step in Nmap's evolution from a simple port scanner to an all-around security and networking tool suite. Significant performance improvements were made, and dozens of scripts were added. For example, Nmap can now log into Windows and perform local checks (PDF), including Conficker detection. New tools included in 5.00 are Ncat, a modern reimplementation of Netcat (with IPv6, SSL, NAT traversal, port redirection, and more!), and Ndiff, for quickly comparing scan results. Other tools are in the works for future releases, but we're still waiting for them to add email and ftp clients so we can finally get off Emacs!"
This discussion has been archived. No new comments can be posted.

Nmap 5.00 Released, With Many Improvements

Comments Filter:
  • Bloat. (Score:2, Insightful)

    So nmap went from a special purpose-built tool to a suite. Frack. Anyone here taking commissions on erecting a grave marker? UNIX is nice because it creates many little purpose-built utilities that can be strung together to perform complex tasks. This style of thinking seems to be going away in favor of integrated solutions that rather than doing one thing well do an umbrella of things passably okay. At least they haven't gone the approach yet of stuffing everything into a service that has to run all the ti

    • Re:Bloat. (Score:4, Interesting)

      by arabagast (462679) on Thursday July 16, 2009 @02:58PM (#28721761) Homepage

      I think that this is exactly what they are doing, only that all the small tools are bundled in the same tarball.

      • Re:Bloat. (Score:5, Informative)

        by iago-vL (760581) on Thursday July 16, 2009 @05:06PM (#28723523)

        As the original poster, and the author of a dozen or more Nmap scripts, I agree 100%. If you look at the tool itself, you'll see that everything is fairly separate and independent, even if they share a common codebase -- between the scripting and the "bonus" tools, the core is still fairly tight.

        My comment at the end about the bloat + Emacs was intended 100% as humour, not actual commentary. I'm hoping nobody took it as a legitimate stab at Nmap, because it wasn't.

        • Re: (Score:1, Funny)

          by Anonymous Coward

          It was, however, a legitimate stab at Emacs. This is not only acceptable but wholeheartedly encouraged.

    • Re: (Score:3, Informative)

      by Xiph (723935)

      When i read the summary, that's what i thought.

      And to some extent, i think you might still be right.
      What they've done isn't to build in Conficker detection and the like, but to enable scripting so you can extent nmap.
      being able to write nmap scripts is nice, on the other hand, on the other hand, several other tools allow for scripting nmap, so i don't see the point in going the other way around it.

    • Re:Bloat. (Score:5, Informative)

      by thefear (1011449) on Thursday July 16, 2009 @03:33PM (#28722281) Homepage

      So nmap went from a special purpose-built tool to a suite. Frack.

      Step 1) Download the tarball
      Step 2) Compile with '--without-ndiff --without-zenmap --without-liblua --without-ncat --without-openssl' for a classic Nmap experience
      Step 3) Profit

      • by Artifakt (700173)

        Or, leave Zenmap in and see if there's really that much bloat, instability or loss of speed to have a good GUI front end for NMap. It's a pretty tight GUI - sure it adds some to load times, but unless you're just determined to prove you go back to the original unix command line days, you are halfway likely to decide you like having a GUI that is well designed for its purpose. The natural terminal display for nmap has the usual problem of terminals, that is doing multiple operations tends to push all the dat

    • by TypoNAM (695420)

      Did you get all upset and angry too when you found out that g++ comes with gcc?

    • by Rycross (836649)

      Its nice to have small, simple utilities that you can chain together. But at certain times its nice to have a larger tool that ties them all together for certain tasks. Ideally, you'd have a choice between both where appropriate (and in most cases, this isn't that difficult to accomplish). NMap strikes me as the kind of tool that can benefit from this sort of thing.

      • by smash (1351)
        Can someone please also explain this to the creators of NSLOOKUP and DIG. Why the FUCK can I not pipe a list of hostnames or IPs into either tool is beyond me. I got the results i needed by hacking away with awk and grep and a shell loop but seriously... there needs to be a tool to just go "cat foo.iplist > nslookup-equivalent".
        • by smash (1351)
          Of course, i mean "cat foo.iplist | nslookup-equivalent". *sigh*
          • by Anonymous Coward

            for i in `cat foo.iplist`; do nslookup $i; done

          • by Ecuador (740021)

            Wow, and you have a 4 digit id...
            While on both my SuSE box and the Mac, piping to nslookup works, if it doesn't work for you and things like "for loops" are too complicated (!?), there alternatives like good ol' xargs.

            cat foo.iplist |xargs -i nslookup {}

        • by Rysc (136391) *

          You could do it like that:

          while read host ; do dig $host ; done foo.iplist

          But the output is ugly as sin.

  • ncat (Score:4, Interesting)

    by arabagast (462679) on Thursday July 16, 2009 @02:57PM (#28721733) Homepage

    i was just about to check out ncat. Seems interesting. The only downside is that is can never reach the same critical mass as the vanilla nc, and hence you cannot rely on the more advanced functions on an unknown computer. would be cool though, SSL could be handy in some situations.

    • Yeah, even GNU NetCat isn't really a standard replacement. Ncat isn't likely to become one either. It's another tool, it has great features, if it's useful for you use it. I'd say Ncat's primary competitor is probably socat or cryptcat rather than vanilla nc.

  • by 222 (551054) <stormseeker.gmail@com> on Thursday July 16, 2009 @03:03PM (#28721839) Homepage
    Some of the best things in life are free :- )
  • ncat is still fairly limited.

    socat (the 2.0 beta versions) is the best app to use for that stuff. It can use arbitrary chains of protocols, which is very useful when dealing with exotic and crazy situations like trying to tunnel stuff through multiple proxies.

    http://www.dest-unreach.org/socat/socat-version2.html [dest-unreach.org]

    • socat is crazy. It supports SSL/TLS and chaining of protocols (e.g. for tunnelling) and you can use this addressing scheme as a library for your projects.

      checkout the Manpage [dest-unreach.org] and the examples [dest-unreach.org]

      Definitely powerful, but I found it a little picky on command-line parameters -- if you just want to do simple stuff it is not that easy to get into it.

  • I have just added the latest version to HackerTarget.com [hackertarget.com].

    Across the board I am seeing significant speed improvements over 4.85.

    Congratulations to the developers this looks like another quality release. I am looking forward to testing some of the new features to determine what additional capabilities can be added to our online scanning.

    * Full disclosure - I run HackerTarget.com *
  • by dbIII (701233) on Thursday July 16, 2009 @07:07PM (#28724771)
    ... and are forever silenced. Nmap is great but there are incredibly crappy devices out there that can be killed with a simple port scan. It's a good idea to make sure no such critters are on the subnet you scan when you start playing with nmap. Some non-HP older printers also need a full reset after they have been scanned. Hopefully newer devices are not designed so badly that they expect to be configured by just throwing a few bytes at a port with no attempts to find out if you should be allowed to do it.
    Nmap and similar tools will show you that what in the past was called "enterprise" was simply becuase the vendors assumed you had a lot of expendable guys in red to throw at any problem. It can show you where there is none of the security the sales guy said was there.
    • Heh. back in 2002 I killed a production SCO OpenServer box (running out company ERP package) with a portscan. Yes, I laughed :D Be careful - though if you can kill a box with NMAP, it probably needs patching or a firmware update.

      Or, alternatively, putting in the bin...

    • What do you mean by "killed"? The machine stops working forever?

      Now this isn't the same scenario, but i have a Westell DSL modem + router combo that gets disconnected from the network and resets itself when i do a portscan of my ISP's network. I RTFM'd and tried the --scan-delay option, which fixed the disconnection and reset issue i was having. My theory is that the next hop had a threshold-based security feature, or the ISP had flaky hardware that couldn't handle the storm of packets.

      • by dbIII (701233)

        What do you mean by "killed"? The machine stops working forever?

        Sadly yes, everything apart from the power light, it appears the firmware was flashed and filled with rubbish. HP Directjet EX Plus printserver - expensive piece of utter garbage that can really be replaced with other stuff but there are still a few around. Some HP printers and an Oce plotter required a reset to factory settings after a port scan but ran again after that. Quite an embarrassing first week at a new site but it turned up a root

  • netcat /email (Score:1, Informative)

    by Anonymous Coward

    we're still waiting for them to add email and ftp clients

    Fyodor added ncat, which means you've *already* got ftp and email support. Now I bet you're gonna complain that ftp & email are hard or something, when you have to hand type the bytes...

  • by jra (5600)

    I'm sure movie producers everywhere [nmap.org] are pleased to hear this.

    "Damnit, Eddie, that version of nmap is out of date!"

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Working...