Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Open Source Security Software

Nmap 6 Released Featuring Improved Scripting, Full IPv6 Support 45

First time accepted submitter Chankey Pathak writes "The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more!"
This discussion has been archived. No new comments can be posted.

Nmap 6 Released Featuring Improved Scripting, Full IPv6 Support

Comments Filter:
  • by Anonymous Coward on Tuesday May 22, 2012 @11:29AM (#40076915)

    It's great to see the use of machine learning for the OS clasification / fingerprinting with IPv6. If this works out well I'd love to see a 3rd-generation IPv4 OS detection added using similar techniques. See http://nmap.org/book/osdetect-guess.html#osdetect-guess-ipv6 [nmap.org]

  • Better Details (Score:5, Informative)

    by Anonymous Coward on Tuesday May 22, 2012 @11:45AM (#40077091)

    Here's a better detail of what's up, even more following the link.

    1. NSE Enhanced
      The script count has grown from 59 in Nmap 5 to 348 in Nmap 6, and all of them are documented and categorized in our NSE Documentation Portal. The underlying NSE infrastructure has improved dramatically as well.

    3. Full IPv6 Support
    Basic support isn't enough, so we spent many months ensuring that Nmap version 6 contains full support for IP version 6. And we released it just in time for the World IPv6 Launch.

            We've created a new IPv6 OS detection system, advanced host discovery, raw-packet IPv6 port scanning, and many NSE scripts for IPv6-related protocols. It's easy to use too—just specify the -6 argument along with IPv6 target IP addresses or DNS records. In addition, all of our web sites are now accessible via IPv6. For example, Nmap.org can be found at 2600:3c01::f03c:91ff:fe96:967c.

    4. New Nping Tool

            The newest member of the Nmap suite of networking and security tools is Nping, an open source tool for network packet generation, response analysis and response time measurement. Nping can generate network packets for a wide range of protocols, allowing full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator for network stack stress testing, ARP poisoning, Denial of Service attacks, route tracing, etc. Nping's novel echo mode lets users see how packets change in transit between the source and destination hosts. That's a great way to understand firewall rules, detect packet corruption, and more.

    5. Better Zenmap GUI & results viewer

            While Nmap started out as a command-line tool and many (possibly most) users still use it that way, we've also developed an enhanced GUI and results viewer named Zenmap. One addition since Nmap 5 is a “filter hosts” feature which allows you to see only the hosts which match your criteria (e.g. Linux boxes, hosts running Apache, etc.) We've also localized the GUI to support five languages besides English. A new script selection interface helps you find and execute Nmap NSE scripts. It even tells you what arguments each script supports.

    6. Faster scans

    Since Nmap 5 we've rewritten the traceroute system for higher performance and increased the allowed parallelism of the Nmap Scripting Engine and version detection subsystems. We also performed an intense memory audit which reduced peak consumption during our benchmark scan by 90%. We made many improvements to Zenmap data structures and algorithms as well so that it can now handle large enterprise scans with ease.

  • by phillips321 ( 955784 ) on Tuesday May 22, 2012 @11:53AM (#40077181)
    Shameful plug here guys.
    I've compiled the sources earlier this morning into deb packages for those that want to play with it without building from source (building from source will confuse the system and you might not get updates). Both i386 and amd64 versions working on BT5 r2 here. http://www.phillips321.co.uk/2012/05/22/creating-a-debian-package-from-source-checkinstall/ [phillips321.co.uk]
  • by Skapare ( 16644 ) on Tuesday May 22, 2012 @12:04PM (#40077309) Homepage

    ... the question of whether or not Nmap could be used to sniff a network before it is configured with an IP address (DHCP can, so mechanisms to do so must exist, like maybe raw interface access), to do things like silently watch what other traffic is taking place to make smart guess as to which LAN a given interface is physically connected to. This information could then be used to select the IP address it is statically configured to use for a given subnet (but without specific interface information since that can change for many reasons).

    • by walshy007 ( 906710 ) on Tuesday May 22, 2012 @12:16PM (#40077447)

      Wireshark can do this.

    • It's not exactly sniffing but take a look at all of the host detection scripts for IPv6: targets-ipv6-multicast-echo, targets-ipv6-multicast-invalid-dst, targets-ipv6-multicast-mld, targets-ipv6-multicast-slaac.

      These scripts are using this feature "The new pre-scan occurs before Nmap starts scanning. Some of the initial pre-scan scripts use techniques like broadcast DNS service discovery or DNS zone transfers to enumerate hosts which can optionally be treated as targets.". So if you want to sniff an IPv4 n

    • What are you trying to do, nmap devices on a subnet without a DHCP server? Passive OS fingerprinting? Passive service discovery? Are you willing to do a little bit of switch ARP poisoning? All of the above to gather as much intel as possible without tripping too many IDS logs?

    • by Anonymous Coward

      Completely passive: Use tcpdump to gather packets from a promiscuous interface. There are usually lots of broadcasts including ARP queries, domain announcements, UPnP announcements, DHCP requests, etc. Wireshark will interpret all of this in easily digested form.

      Active: Nmap can do ARP scans which broadcast queries and collect responses. You need to have some idea of what IP ranges are present (see above) to get meaningful results in reasonable time. No IP address is necessary to do this.

    • You'd either need to do some arp spoofing (Ettercap can do this) or be on a managed switch with port mirroring turned on, otherwise if you're on a regular switch port, you'll only see traffic that's actually destined for your MAC address, and regular broadcast traffic which tends to be less interesting (most of the time) than unicast traffic.

      If you're playing with the arp tables, you can confuse switches to broadcast more traffic than they normally would, or if you've got a hub, you'll see what's going on i

      • by Skapare ( 16644 )

        I think the broadcast traffic will be sufficient. This could be augmented with some DHCP proding (try to get an address, but don't actually accept it ... just use it to get more information about what subnets other hosts think is here). The purpose is to detect which subnets are being used on this physical LAN ... for each interface ... before configuring them. A configuration table for this will exist, listing IP addresses and network prefixes. The idea is to figure out which interface to put them on w

  • Don't forget Gopher! (Score:5, Interesting)

    by ckthorp ( 1255134 ) on Tuesday May 22, 2012 @12:07PM (#40077341)
    From the release notes: "Nmap now supports the old-school Gopher protocol thanks to our handy gopher-ls NSE script. We even support Gopher over IPv6!"
    • YES! I thought the best new feature this year was Emacs getting COBOL scripting support, but then this comes along!
  • Great work to Fyodor and the dev team. Another quality release. The new NSE scripts are great, as is the speed improvements.

    For those who have not used ncat - I urge you to check it out [nmap.org]. With the portable windows version, you can drop this on a box and build encrypted tunnels. You can bring up a HTTP proxy in the time it takes you to type "ncat --proxy-type http -l 9090" It is a very handy little tool. When it comes to features ncat blows nc away.

    Now to plug my service.

    Online port scann [hackertarget.com]

"Let every man teach his son, teach his daughter, that labor is honorable." -- Robert G. Ingersoll