The top 7 improvements in Nmap 7

Nmap 7 is the product of three and a half years of work, nearly 3200 code commits, and more than a dozen point releases since the big Nmap 6 release in May 2012.

The top 7 improvements in Nmap 7:

1. Major Nmap Scripting Engine (NSE) expansion

As the Nmap core has matured, more and more new functionality is developed as part of the NSE subsystem instead. In fact, 171 new scripts and 20 libraries have been added since Nmap 6. Examples include firewall-bypass, supermicro-ipmi-conf, oracle-brute-stealth, and ssl-heartbleed. And NSE is now powerful enough that scripts can take on core functions such as host discovery (dns-ip6-arpa-scan), version scanning (ike-version, snmp-info, etc.), and RPC grinding (rpc-grind). There’s even a proposal to implement port scanning in NSE.

2. Mature IPv6 support

IPv6 scanning improvements were a big item in the Nmap 6 release, but Nmap 7 outdoes them all with full IPv6 support for CIDR-style address ranges, Idle Scan, parallel reverse-DNS, and more NSE script coverage.

3. Infrastructure upgrades

The Nmap Project continues to adopt the latest technologies to enhance the development process and serve a growing user base. For example, the developers converted all of Nmap.Org to SSL to reduce the risk of trojan binaries and reduce snooping in general. They’ve also been using the Git version control system as a larger part of their workflow and have an official Github mirror of the Nmap Subversion source repository. They also created an official bug tracker which is also hosted on Github.

4. Faster scans

Nmap has continually pushed the speed boundaries of synchronous network scanning for 18 years, and this release is no exception. New Nsock engines give a performance boost to Windows and BSD systems, target reordering prevents a nasty edge case on multihomed systems, and NSE tweaks lead to much faster -sV scans.

5. SSL/TLS scanning solution of choice

Transport Layer Security (TLS) and its predecessor, SSL, are the security underpinning of the web, so when big vulnerabilities like Heartbleed, POODLE, and FREAK come calling, Nmap answers with vulnerability detection NSE scripts. The ssl-enum-ciphers script has been entirely revamped to perform fast analysis of TLS deployment problems, and version scanning probes have been tweaked to quickly detect the newest TLS handshake versions.

6. Ncat enhanced

Ncat has been adopted by the Red Hat/Fedora family of distributions as the default package to provide the “netcat” and “nc” commands. This cooperation has resulted in a lot of squashed bugs and enhanced compatibility with Netcat’s options. Also very exciting is the addition of an embedded Lua interpreter for creating simple, cross-platform daemons and traffic filters.

7. Extreme portability

Nmap is proudly cross-platform and runs on all sorts of esoteric and archaic systems. But our binary distributions have to be kept up-to-date with the latest popular operating systems. Nmap 7 runs cleanly on Windows 10 all the way back to Windows Vista. By popular request, the developers even built it to run on Windows XP, though they suggest those users upgrade their systems. OS X is supported from 10.8 Mountain Lion through 10.11 El Capitan. Plus, support for Solaris and AIX was updated.