Nmap 7.25 Beta2 Network Mapper released

Nmap 7.25 Beta2 Network Mapper recently released, is a free and open source utility for network discovery and security auditing. Its useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.


Nmap 7.25 beta2 changelog

  • [NSE] Upgraded NSE to Lua 5.3, adding bitwise operators, integer data type, a utf8 library, and native binary packing and unpacking functions. Removed bit library, added bits.lua, replaced base32, base64, and bin libraries.
  • Integrated all of your service/version detection fingerprints submitted from January to April (578 of them). The signature count went up 2.2% to 10760. We now detect 1122 protocols, from elasticsearch, fhem, and goldengate to ptcp, resin-watchdog, and siemens-logo.
  • Upgraded Npcap, our new Windows packet capturing driver/library, from version 0.07-r17 to 0.09.
  • [Nsock] Added the new IOCP Nsock engine which uses the Windows Overlapped I/O API to improve performance of version scan and NSE against many targets on Windows.
  • Windows binaries are now code-signed with our “Insecure.Com LLC” SHA256 certificate. This should give our users extra peace-of-mind and avoid triggering Microsoft’s ever-increasing security warnings.
  • Various performance improvements for large-scale high-rate scanning, including increased ping host groups, faster probe matching, and ensuring data types can handle an Internet’s-worth of targets.
  • [NSE] Added the oracle-tns-version NSE script which decodes the version number from Oracle Database Server’s TNS listener.
  • [NSE] Added the clock-skew NSE script which analyzes and reports clock skew between Nmap and services that report timestamps, grouping hosts with similar skews.
  • [Zenmap] Long-overdue Spanish language translation has been added! Muybien!
  • [Zenmap] Fix a crash when closing Zenmap due to a read-only zenmap.conf. User will be warned that config cannot be saved and that they should fix the file permissions.
  • [NSE] Fix a crash when parsing TLS certificates that OpenSSL doesn’t support, like DH certificates or corrupted certs. When this happens, ssl-enum-ciphers will label the ciphersuite strength as “unknown.” Reported by Bertrand Bonnefoy-Claudet.
  • [NSE] Fix two issues in sslcert.lua that prevented correct operations against LDAP services when version detection or STARTTLS were used.
  • Remove a workaround for lack of selectable pcap file descriptors on Windows, which required including pcap-int.h and locking us to a single version of libpcap. The new method, using WaitForSingleObject should work with all versions of both WinPcap and Npcap.
  • [NSE] Added a –script-timeout option for limiting run time for every individual NSE script.
  • [Ncat] Added a -z option to Ncat. Just like the -z option in traditional netcat, it can be used to quicky check the status of a port. Port ranges are not supported since we recommend a certain other tool for port scanning.
  • Fix checking of Npcap/WinPcap presence on Windows so that “nmap -A” and “nmap” with no options result in the same behaviors as on Linux (and no crashes)
  • [NSE] ssl-enum-ciphers will now warn about 64-bit block ciphers in CBC mode, which are vulnerable to the SWEET32 attack.
  • [NSE] tftp-enum now only brute-forces IP-address-based Cisco filenames when the wordlist contains “{cisco}”. Previously, custom wordlists would still end up sending these extra 256 requests.
  • Avoid an unnecessary assert failure in timing.cc when printing estimated completion time. Instead, we’ll output a diagnostic error message: Timing error: localtime(n) is NULL where “n” is some number that is causing problems.
  • [NSE] Removed the obsolete script ip-geolocation-geobytes.
  • [NSE] Completed a refresh and validation of almost all fingerprints for script http-default-accounts. Also improved the script speed.
  • Added support for decoys in IPv6. Earlier we supported decoys only in IPv4.
  • Allow Nmap to compile on some older Red Hat distros that disable EC crypto support in OpenSSL.
  • Nmap now supports OpenSSL 1.1.0-pre5 and previous versions.
  • [Ncat] Fix a crash (“add_fdinfo() failed.”) when –exec was used with –ssl and –max-conns, due to improper accounting of file descriptors.
  • FTP Bounce scan: improved some edge cases like anonymous login without password, 500 errors used to indicate port closed, and timeouts for LIST command. Also fixed a 1-byte array overrun (read) when checking for privileged ports.
  • Allow target DNS names up to 254 bytes. We previously imposed an incorrect limit of 64 bytes in several parts of Nmap.
  • [NSE] The hard limit on number of concurrently running scripts can now increase above 1000 to match a high user-set –min-parallelism value.
  • [NSE] Solved a memory corruption issue that would happen if a socket connect operation produced an error immediately, such as Network Unreachable. The event handler was throwing a Lua error, preventing Nsock from cleaning up properly, leaking events.
  • [NSE] Added the datetime library for performing date and time calculations, and as a helper to the clock-skew script.
  • Made Nmap’s parallel reverse DNS resolver more robust, fully handling truncated replies. If a response is too long, we now fall back to using the system resolver to answer it.
  • [Zenmap] Added a legend for the Topography window.

How to Install Nmap 7.25 beta2 on Ubuntu 16.04

wget https://nmap.org/dist/nmap-7.25BETA2.tar.bz2

bzip2 -cd nmap-7.25BETA2.tar.bz2 | tar xvf -

cd nmap-7.25BETA2



sudo make install
comments powered by Disqus