Nmap 7.80 released: A mature Npcap Windows packet capturing driver, 11 new NSE scripts

Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Nmap 7.80

Nmap 7.80, released at DEF CON, is the first formal Nmap release since March 2018.

It includes a mature Npcap raw packet capturing/sending driver, 11 new NSE scripts, a bunch of new libraries, bug fixes and performance improvements.

Significant changes since Nmap 7.70

Nmap team has created the Npcap raw packet capturing/sending driver because the previously used Winpcap hasn’t been updated since 2013, doesn’t always work on Windows 10, and depends on long-deprecated Windows APIs.

Npcap uses modern APIs, is more performant, secure and featureful. Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all changes from the last 15 Npcap releases.

Other significant changes:

  • 11 new NSE scripts added, bringing the total up to 598. These include scripts for discovering HID devices and Jenkins servers on a LAN, a script that checks whether the WebExService is installed and allows code execution, etc.
  • New libraries for string processing, random string generation, error reporting, manipulating and searching tables, etc. Certain libraries have also been deprecated and modified (e.g., HTTP library is now enforcing a size limit on the received response body).
  • AF_VSOCK (Linux VM sockets) functionality has been added to Nsock and Ncat.
  • TLS support to rdp-enum-encryption has been added.
  • Libpcap updated to 1.9.0.
  • New ncat option provides control over whether proxy destinations are resolved by the remote proxy server or locally by Ncat itself.
  • Temporary RSA keys are now 2048-bit to resolve a compatibility issue with OpenSSL library configured with security level 2.
  • Script http-default-accounts can now select more than one fingerprint category. It now also possible to select fingerprints by name to support very specific scanning.
  • Parser for HTTP Set-Cookie header is now more compliant with RFC 6265.
  • New service probe and match lines for adb, the Android Debug Bridge, which allows remote code execution and is left enabled by default on many devices.