Nmap 5.20 Released

ruphus13 writes "Nmap has a new release out, and it's a major one. It includes a GUI front-end called Zenmap, and, according to the post, 'Network admins will no doubt be excited to learn that Nmap is now ready to identify Snow Leopard systems, Android Linux smartphones, and Chumbies, among other OSes that Nmap can now identify. This release also brings an additional 31 Nmap Scripting Engine scripts, bringing the total collection up to 80 pre-written scripts for Nmap. The scripts include X11 access checks to see if X.org on a system allows remote access, a script to retrieve and print an SSL certificate, and a script designed to see whether a host is serving malware. Nmap also comes with netcat and Ndiff. Source code and binaries are available from the Nmap site, including RPMs for x86 and x86_64 systems, and binaries for Windows and Mac OS X. '"

Zenmap

[Jesus_Corpse]

If I remember correctly, Zenmap was already the default GUI for Nmap from the 4.x series.

But happy with a new version nonetheless :)

This is the real story!

[adese]

5.20 was released 4 days ago. Of note, Nmap 5.21 is already going to be released within 7 days due to some bugs. That's news! Also Zenmap has been stable since September 2008 and its first inception was released in a dev build in July 2007. Not news!

Re:This is the real story!

[adese]

Another note : the current SVN build of nmap fixes all the known bugs being addressed in 5.21. So if you like dev builds... there you go.

Re:ssl

[linopop]

checking the valdiationperiode of the SSL-cert on the fly. e.g. 30 ssl servers on the subnet. scan -> ah, 1 expires next week (that one I forgot about, I have to renew), 10 other show the wrong FQDN in their CN (that changed last month) etc.

Re:Nmap?

[D Ninja]

Now, normally, I don't like to be a jerk. But, I'm sick. So I feel justified. Is it really so hard [lmgtfy.com] to look this up [wikipedia.org] when you have an entire internet to help you search plus an article linked above?!

Seriously.
(I'm being an anonymous jerk.)

Re:Great News!

[slimjim8094]

You should check the nmap website. It's been used in countless movies, from Matrix Reloaded to Die Hard 4. In general, they even use it correctly!

I'll tell you what no one else will admit.

[Anonymous Coward]

The dirty secret that people won't admit to about nmap, here it is:

Nmap, which is supposedly used by network admins to check their defenses, is used far more widely by hackers and scriptkiddies to attack and compromise systems.

The first steps in any hack attempt is to determine the following;

a) what OS, device, browser, software, or services you are using
b) what ports you have open, which can also indicate what services can be exploited
c) what exploits work for your platform, 0-day are almost always guaranteed to work, older hacks are hit and miss, but a majority of people don't really care about patching or security so most of them work, even older patched ones
d) preparing and delivering a payload of arbitrary code to commit some nefarious succession of tasks on your machine

Nmap fulfills the needs for the first two steps and helps make the third and fourth possible. How it does this is it fingerprints your system by looking for messages programmers leave in headers or responses from software, or for a common reaction to a certain request that is formed in a certain way uniquely on different platforms and software.

For example, Apache and ISS web servers both report their brand, version, build number, and sometimes even their plugins when asked. If you know that version XX.XX of a service or software that is running on a remote machine is susceptible to exploit by viruses or exploit code ironically provided by "security researchers" and "security experts" who's goals are to protect people and businesses, they you can most likely break in and deliver your payload fairly easily. It doesn't help that hosting services like GoDaddy are both overwhelmed and incompetent and do not keep their software up to date, but reporting back your version is in my opinion the largest flaw of them all. But, even if they didn't report back a version, if you configured them not to which is possible to do, it might still be possible to identify quirks in the way they form responses. Maybe Apache throws an extra return carriage at the end of a certain header or response that other webservers don't, and that can be used to identify it for example. Or, a new version of IIS X.XX happens to respond on a certain port that it didn't in previous versions, or hosts a new plugin only available on that newer or an older version which is no longer available in the new version, and when it so kindly tells you which plugins its running remotely you can determine which brand and version they have.

Likewise, this goes beyond just hacking web servers, web browsers report a vast array of details about your OS, browser, platform, etc in its header response every single time you load a resource or webpage on a web site. For that nmap isn't required, javascript can needle its way in unless you use noscript and do not trust any websites. Where nmap gets scary for the average consumer, besides allowing hackers to turn their machines into zombies or stealing your credit card and password information by slipping keyloggers and worms into your machine, is when they start identifying your cell phone as the latest version of nmap now allows. When they can pick out your android smartphone and slip an exploit in to listen to phone calls, voicemails, steal your phone book, and other nefarious procedures it gets plain creepy.

Anyways, nmap is a useful tool both for and against hacking, but it is used more fruitfully by the hackers than the security experts. And, in most cases, the security experts are actually guiding and providing the exploits necessary for the hackers to do what they do. That is the dirty secret.

Hope that helps.