Nmap 7.93 released: open-source tool for network exploration and security auditing
nmap (“Network Mapper“) is an open-source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine to scan single hosts. nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
The output from nmap is a list of scanned targets, with supplemental information on each depending on the options used. Key among that information is the “interesting ports table”. That table lists the port number and protocol, service name, and state. The state is either open, filtered, closed, or unfiltered.
- Open means that an application on the target machine is listening for connections/packets on that port.
- Filtered means that a firewall, filter, or other network obstacle is blocking the port so that nmap cannot tell whether it is open or closed.
- Closed ports have no application listening on them, though they could open up at any time. Ports are classified as unfiltered. when they are responsive to nmap’s probes, but nmap cannot determine whether they are open or closed. nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two states describe a port. The port table may also include software version details when version detection has been requested. When an IP protocol scan is requested (-sO), nmap provides information on supported IP protocols rather than listening ports.
In addition to the interesting ports table, nmap can provide further information on targets, including reverse DNS names, operating system guesses, device types, and MAC addresses.
Changelog Nmap 7.93:
- This release commemorates Nmap’s 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
- [Windows]Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.50 to the latest version 1.71. It includes dozens of performance improvements, bug fixes and feature enhancements described at https://npcap.com/changelog.
- Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
- Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
- [GH#2416]Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured. [Daniel Miller, nnposter]
- [NSE][GH#2463]NSE “exception handling” with nmap.new_try() will no longer result in a stack traceback in debug output nor a “ERROR: script execution failed” message in script output, since the intended behavior has always been to end the script immediately without output. [Daniel Miller]
- [GH#2494]Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
- [NSE][GH#2496]Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase. [Daniel Miller]
- [GH#2468]Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier. [nnposter]
- [GH#2331][GH#2471]Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer [linholmes]
- [GH#2296][GH#2342]Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes. [nnposter]
- [GH#2379]Nmap and Nping were unable to obtain system routes on FreeBSD [benpratt, nnposter]
- [GH#2464]Script ipidseq was broken due to calling an unreachable library function. [nnposter]
- [GH#2420][GH#2436]Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location. [nnposter]
- [NSE]Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes. [Daniel Miller]
- We ceased creating the Nmap win32 binary zipfile. It was useful back when you could just unzip it and run Nmap from there, but that hasn’t worked well for many years. The win32 self-installer handles Npcap installation and many other dependencies and complexities. Anyone who needs the binaries for some reason can still install Nmap on any system and retrieve them from there. For now we’re keeping the Win32 zipfile in the Nmap OEM Edition (https://nmap.org/oem) for companies building Nmap into their own products. But even in that case we believe that running the Nmap OEM self-installer in silent mode is a better approach.
- [GH#2388]Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
- [GH#2402]Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services [Esa Jokinen]
- [NSE][GH#2393]Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types. [Daniel Miller]
- [Ncat]Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL’s CVE-2021-3712.
- [Ncat][GH#2365]Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses. [pomu0325]
