Nmap 7.30: New NSE scripts, Npcap, fingerprints

Nmap 7.30 is the first stable release since 7.12 back in March. Apart from bug fixes, it comes with new features, including more NSE scripts, an improved version of Npcap (Windows packet capturing driver/library), new service probes and OS fingerprints, and more.

Changes since Nmap 7.25BETA2 on September 1

• Integrated all 12 of your IPv6 OS fingerprint submissions from June to September. No new groups, but several classifications were strengthened, especially Windows localhost and OS X.
• Added 7 NSE scripts, from 3 authors, bringing the total up to 541.
• Upgraded Npcap from 0.09 to 0.10r2. This includes many bug fixes, with a particular on emphasis on concurrency issues discovered by running hundreds of Nmap instances at a time.
• New service probes and match lines for DTLS, IPMI-RMCP, MQTT, PCWorx, ProConOS, and Tridium Fox.
• Improved some output filtering to remove or escape carriage returns (‘\r’) that could allow output spoofing by overwriting portions of the screen.
• Fixed a few bad Lua patterns that could result in denial of service due to excessive backtracking.
• Fixed a discrepancy between the number of targets selected with -iR and the number of hosts scanned, resulting in output like “Nmap done: 1033 IP addresses” when the user specified -iR 1000.
• Fixed a bug in port specification parsing that could cause extraneous ‘T’, ‘U’, ‘S’, and ‘P’ characters to be ignored when they should have caused an error.
• Restored compatibility with LibreSSL, which was lost in adding library version checks for OpenSSL 1.1.
• Fixed a bug in the Compare Scans window of Zenmap on OS X.
• Fixed a bug in ssl-enum-ciphers and ssl-dh-params which caused them to not output TLSv1.2 info with DHE ciphersuites or others involving ServerKeyExchange messages.
• Added X509v3 extension parsing to NSE’s sslcert code. ssl-cert now shows the Subject Alternative Name extension; all extensions are shown in the XML output.