Nmap has always been the king of scanners for a Security professional. After 18 years from it’s first release, the 7th version has been released. This is the current major & stable release containing about 330 significant improvements. Over all this period, the developers have managed to improve the speed of scans, add more functionalities, include more scripts and so on. This time there are some major developments as well. According to the official documentation, there are major improvements in 7 areas. Nmap v7 with 7 major improvements – What a coincidence !
Lets get to see them briefly.
Nmap Scripting engine allows users to write custom scripts in lua scripting language. It gives the user the power & flexibility to automate & enumerate various tasks & targets in an advanced environment. For those who are not aware, there were about 340 pre-written scripts packed by default with NMAP 6.xx series. However, in this major release, the number has jumped to 515. In this 171 are additions & 4 deletions and 35 of this is exclusively for version detection(-sV) scans.
Refer here for detailed Description
Since 2002 Nmap project has been supporting ipv6. Now as ARIN has ran out of IPv4 addresses, they have moved to IPv6. Slowly the global-trend is changing to IPv6 and so has nmap. In this release, some major changes have been brought in IPv6 modules. Here is a brief description of them:
Idle scan was not yet implemented in IPv6 networks because of the packet structure & characteristics of IPv6 packet. But now new techniques have been developed and it has also been implemented in Nmap 7.0.
Now using Nmap, we can scan for ranges like in old IPv4 scanning. For eg: google.co.in/120.
Many of the existing scripts have now IPv6 support. Also 4 exclusive IPv6 scripts have been introduced for host-discovery, DOS, traceroute etc.
Now the Reverse DNS Resolver supports IPv6 and faster scans using “-6” options because of core level changes in code.
Using new techniques the OS detection in IPv6 has improved in this version.
Now traceroute is available for IPV6 scans also. It’s even capable of using UDP, SCTP etc just like IPv4 scanning.
Now Nmap has the feature to scan for different security vulnerabilities which affected in SSL/TLS like Heartbleed, Poodle, LOGJAM, FREAK etc. New scripts are also there to perform these. Also various other services running through TLS like LDAP, POP3, IMAP etc are supported.
Nmap officially announces some major upgrades in their development & maintaince. Officially nmap.org is now TLS enabled an version control has been made through GIT etc.
New NSOC engines give faster yet accurate scan results to the new version. There are quite a lot of improvements in the way which nmap scans. The developers have taken good care to improve both accuracy & speed.
The developers claim better support & solutions for bugs in the nc & netcat commands with the new ncat package. They claim this as official support for Ncat package has been anounced from the RedHat/Fedora team which allows better understanding of such systems and eventually solutions for many bugs.
Alhough the tool works on a varid no of platforms, the portability has been increased. now nmap works on Windows 10, MAC OS-X 10.11 El Capitan, Solaris & AIX.
In addition to the changes listed above there are more changes in this version which improves the functionality & efficiency of this tool. Many functional changes also have been introduced in this version like IPv6 idle scanning and newer scanning techniques. Putting it alltogether, about 2 years of development of the tool from version 6 to 7 has well paid off. My opinion is, nmap has evolved from a simple recon tool to a dedicated vulnerability scanner. Also the functionalities of nmap is ever-growing and with the release of this version, many user-end features like IPv6 scanning & better NSE scripts have been implemented. So to wrap this up, we can conclude the no of blades and their sharpness in the Swiss-Army Knife of the Pentester has increased.
Do share this Article & Post your opinions as comments.
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…