Nmap 7 Released!

nmap.org logo
ascii art cow
ascii art cow

November 19, 2015—The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 7.00 from https://nmap.org/. It is the product of three and a half years of work, nearly 3200 code commits, and more than a dozen point releases since the big Nmap 6 release in May 2012. Nmap turned 18 years old in September this year and celebrates its birthday with 171 new NSE scripts, expanded IPv6 support, world-class SSL/TLS analysis, and more user-requested features than ever. We recommend that all current users upgrade.

If you are a long-term Nmap user, and use nmap only for network scanning, you will be happy to know that there are several new features:  [This is a slightly edited version of their press release at https://nmap.org/7/ ]

The Nmap Hackers produce

  • Nmap – the command line network mapping tool.
  • ZenMap – The GUI version (front-end) for Nmap, which provides a comfort level to people who are not used to operating from the command line, and also shows the command-line directives that the ZenMap GUI is actually producing.  This has proven helpful to people entering the marvelous world of CLI.
  • Ncat – updated and smooth communications tool.  Ncat reads and writes data across networks from the command line. Ncat uses both TCP and UDP for communication and is designed to be a reliable back-end tool to provide network connectivity to other applications and users across IPv4 and IPv6 networks.
  • Nping – similar to the venerable Ping application, Nping produces network packets for connectivity testing and other troubleshooting.
    Nping grants network administrators full control over generated packets. Nping’s features include:

    • Custom TCP, UDP, ICMP and ARP packet generation.
    • Support for multiple target host specification.
    • Support for multiple target port specification.
    • Unprivileged modes for non-root users.
    • Echo mode for advanced troubleshooting and discovery.
    • Support for Ethernet frame generation.
    • Support for IPv6 (currently experimental).
    • Runs on Linux, Mac OS and MS Windows.
    • Route tracing capabilities.
    • Highly customizable.
    • Free and open-source.

1. Major Nmap Scripting Engine (NSE) Expansion

They have added 171 new scripts and 20 libraries. Examples include firewall-bypass, supermicro-ipmi-conf, oracle-brute-stealth, and ssl-heartbleed. And NSE is now powerful enough that scripts can take on core functions such as IPv6 host discovery (dns-ip6-arpa-scan), version scanning (ike-version, snmp-info, etc.), and RPC grinding (rpc-grind).

2. Mature IPv6 support

Nmap 7 has full IPv6 support for CIDR-style address ranges, Idle Scan, parallel reverse-DNS, and more!

3. Infrastructure Upgrades

The Nmap Project has converted all of Nmap.Org to SSL [hopefully, they mean TLS 1.2] to reduce the risk of trojan binaries and reduce snooping in general. They are using the Git version control system and have an official Github mirror of the Nmap Subversion source repository and encourage code submissions to be made as Github pull requests. They have also got an official bug tracker hosted on Github.

4. Faster Scans

Nmap has continually pushed the speed boundaries of synchronous network scanning for 18 years, and this release is no exception. New Nsock engines give a performance boost to Windows and BSD systems, target reordering prevents a nasty edge case on multihomed systems, and NSE tweaks lead to much faster -sV scans.

5. SSL/TLS scanning solution of choice

Transport Layer Security (TLS) and its predecessor, SSL, are the security underpinning of the web, so when big vulnerabilities like Heartbleed, POODLE, and FREAK come calling, Nmap answers with vulnerability detection NSE scripts. The ssl-enum-ciphers script has been entirely revamped to perform fast analysis of TLS deployment problems, and version scanning probes have been tweaked to quickly detect the newest TLS handshake versions.

6. Ncat Enhanced

Ncat has been adopted by the Red Hat/Fedora family of distributions as the default package to provide the “netcat” and “nc” commands! This cooperation has resulted in a lot of squashed bugs and enhanced compatibility with Netcat’s options. Also very exciting is the addition of an embedded Lua interpreter for creating simple, cross-platform daemons and traffic filters.

7. Extreme Portability

Nmap still runs on all sorts of esoteric and archaic systems, and also runs on the latest operating systems.

  • Nmap 7 runs cleanly on Windows from Windows Vista to Windows 10.
  • They have even kept up their Windows XP binary, but why are you still running Windows XP??
  • Mac OS X is supported from 10.8 Mountain Lion through 10.11 El Capitan.
  • There is updated support for Solaris and AIX.
  • Of course, there is still support for you Linux users!