Fyodor has announced the release of Nmap v5. This is the first major release since 1997. There are over 600 changes in the new version.
According to Wikipedia:
Nmap is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich). Nmap is a “Network Mapper”, used to discover computers and services on a computer network, thus creating a “map” of the network. Just like many simple port scanners, Nmap is capable of discovering passive services on a network despite the fact that such services aren’t advertising themselves with a service discovery protocol. In addition Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card.
If you have not used Nmap before, you should become add it to your toolbox and become familiar with this extremely useful network administration and testing tool. Some of the additions in v5 include:
1. Ncat included with Nmap. If you are familiar with netcat, then enough said. If not, ncat is a “reinvention” of the infamous netcat tool. Ncat is defined as the ‘swiss army knife’ for security testing and admin functions and can be considered a ‘piece of clay’ as you’ll find it’s range of uses is only limited by the user’s imagination and technical skills.
2. Ndiff scan comparison tool can be used to compare two Nmap XML files – in essence, you can scan a host today and scan it tomorrow and use Ndiff to compare the two to see differences in the results.
3. Performance enhancements have been made possible by the numerous scans Fyodor made of the internet last summer and finding the most commonly-open ports and reduce the number of ports scanned by default. In addition, you can define your own scan rate and bypass Nmaps congestion control algorithms.
4. The Nmap Scripting Engine (NSE) scripts have been improved and 32 new scripts added including scripts for MSRPC/NetBIOS atacks, queries and vulnerability probes, brute force attack scripts against SNMP and POP3 and more. NSE scripts/modules are defined at http://nmap.org/nsedoc/
5. The Nmap Book – this is a MUST HAVE for anyone involved in network troubleshooting or security! This is the best technical book that has come out in many years!
Get this right now at http://nmap.org/book/
I have a copy of the Nmap book that I ordered from Amazon. It is a great reference addition to your technical library and will be of great use. Nmap is a very technical tool but there are graphical interfaces for its use.
Let other ITKE members know how you use Nmap. Leave some tips/tricks here for our readers.
Thanks for reading and let’s continue to be good network citizens.