Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts.
* Integrated all 12 of your IPv6 OS fingerprint submissions from June to September. No new groups, but several classifications were strengthened, especially Windows localhost and OS X.
* [NSE] Added 7 NSE scripts, from 3 authors, bringing the total up to 541!
- coap-resources grabs the list of available resources from CoAP endpoints.
- fox-info retrieves detailed version and configuration info from Tridium Niagara Fox services.
- ipmi-brute performs authentication brute-forcing on IPMI services.
- ipmi-cipher-zero checks IPMI services for Cipher Zero support, which allows connection without a password.
- ipmi-version retrieves protocol version and authentication options from ASF-RMCP (IPMI) services.
- mqtt-subscribe connects to a MQTT broker, subscribes to topics, and lists the messages received.
- pcworx-info retrieves PLC model, firmware version, and date from Phoenix Contact PLCs.
* Upgraded Npcap, our new Windows packet capturing driver/library, from version to 0.09 to 0.10r2. This includes many bug fixes, with a particular on emphasis on concurrency issues discovered by running hundreds of Nmap instances at a time.
* New service probes and match lines for DTLS, IPMI-RMCP, MQTT, PCWorx, ProConOS, and Tridium Fox,
* Improved some output filtering to remove or escape carriage returns ('\r') that could allow output spoofing by overwriting portions of the screen. Issue reported by Adam Rutherford.
* [NSE] Fixed a few bad Lua patterns that could result in denial of service due to excessive backtracking.
* Fixed a discrepancy between the number of targets selected with -iR and the number of hosts scanned, resulting in output like "Nmap done: 1033 IP addresses" when the user specified -iR 1000.
* Fixed a bug in port specification parsing that could cause extraneous 'T', 'U', 'S', and 'P' characters to be ignored when they should have caused an error.
* Restored compatibility with LibreSSL, which was lost in adding library version checks for OpenSSL 1.1. [Wonko7]
* Fixed a bug in the Compare Scans window of Zenmap on OS X resulting in this message instead of Ndiff output: ImportError: dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so, 2): no suitable image found. Did find: /Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so: mach-o, but wrong architecture
* Reported by Kyle Gustafson.
* [NSE] Fixed a bug in ssl-enum-ciphers and ssl-dh-params which caused them to not output TLSv1.2 info with DHE ciphersuites or others involving ServerKeyExchange messages.
* [NSE] Added X509v3 extension parsing to NSE's sslcert code. ssl-cert now shows the Subject Alternative Name extension; all extensions are shown in the XML output.