
Nmap 7 Release Notes - jaimehrubiks
https://nmap.org/7/
======
myztic
My favourite of his (Fyodor's, guy behind nmap) conference appearances
[https://www.youtube.com/watch?v=ZMG0e7byPvo](https://www.youtube.com/watch?v=ZMG0e7byPvo)
Scanning the Internet apparently can raise some eyebrows ;)

 _Should be general knowledge, but for all who don 't know:
[http://www.sectools.org](http://www.sectools.org) and
[http://seclists.org/](http://seclists.org/) are valuable resources!

Funny Side Note: nmap is one of the most widely used "real hacker tools" in
movies [https://nmap.org/movies/](https://nmap.org/movies/) _

~~~
sofaofthedamned
Never seen that - thanks. Fyodor is a pretty funny guy as well as knowing his
shit!

------
yoavm
It's good to see how a project as mature as Nmap keeps development on. Someone
must be doing a really good job leading the project. I wish it was like that
for so many other classical CLI tools.

~~~
lugus35
which other classical CLI tools are not well-maintained ?

------
twelvenmonkeys
If any of you want to try 7.0 in a container grab the Dockerfile here:
[https://raw.githubusercontent.com/cdrage/dockerfiles/master/...](https://raw.githubusercontent.com/cdrage/dockerfiles/master/nmap/Dockerfile)

Then run dat shit:

docker run --rm -it --net=host --cap-add=NET_ADMIN nmap -v scanme.nmap.org

------
evook
Still doesn't compile with default LUA due to broken Headers within the
include path. They probably just forgot it again, but it's still bad practice
and low standard for a very common tool like nmap.

~~~
bonsaiviking
Not aware of this issue. Please file a bug report at
[http://issues.nmap.org/new](http://issues.nmap.org/new) or dev@nmap.org,
thanks!

------
jaimehrubiks
I'd like some day to get into nmap's source code so as to learn more about
networking and programming, but I haven't started since it is quite extensive.
Any ideas to begin?

~~~
bonsaiviking
You'll learn more about networking from _using_ Nmap than from looking at the
source. Always use -v and maybe even -d, then investigate what the output is
telling you. And read the book:
[https://nmap.org/book/](https://nmap.org/book/)

------
23i45jjldgdlkf
Its heaps faster! Thank you Fyodor!!

------
xvilka
Wonder if there are any plans to make it asynchronous?

~~~
Jgrubb
I'm an extremely occasional nmap user, what benefits would being async
provide?

~~~
aroch
You don't have to wait for requests to complete, so slow or broken connections
don't cause hangs. IIRC, zmap[1] takes this approach. This allows the "probe"
stage to be executed essentially as quickly as you can send packets, while you
lazy load the results

[1] [https://zmap.io/](https://zmap.io/)

~~~
unix-junkie
nmap dev here.

Nmap is already asynchronous, as you described multiple requests are
multiplexed (cf select(2), epoll(7), kqueue/kevent depending on your
platform...)

The core difference between nmap and zmap is that the latter is stateless.
Which allows a much higher throughput, but also prevents from applying some
smart detection mechanisms. Thus, both tools are complementary, and no, there
is no work being done to make nmap stateless.

~~~
Jgrubb
Thank you very much!

------
mrmondo
Interestingly I find nmap 7 almost twice as slow 6 when performing the example
scan from the documentation.

    
    
      # time nmap -v scanme.nmap.org # 6.40
    
      Starting Nmap 6.40 ( http://nmap.org ) at 2015-11-21 00:01 AEDT
      Initiating Ping Scan at 00:01
      Scanning scanme.nmap.org (45.33.32.156) [4 ports]
      Completed Ping Scan at 00:01, 0.23s elapsed (1 total hosts)
      Initiating Parallel DNS resolution of 1 host. at 00:01
      Completed Parallel DNS resolution of 1 host. at 00:01, 0.00s elapsed
      Initiating SYN Stealth Scan at 00:01
      Scanning scanme.nmap.org (45.33.32.156) [1000 ports]
      Discovered open port 80/tcp on 45.33.32.156
      Discovered open port 22/tcp on 45.33.32.156
      Discovered open port 31337/tcp on 45.33.32.156
      Discovered open port 9929/tcp on 45.33.32.156
      Completed SYN Stealth Scan at 00:01, 26.27s elapsed (1000 total ports)
      Nmap scan report for scanme.nmap.org (45.33.32.156)
      Host is up (0.20s latency).
      Not shown: 993 closed ports
      PORT      STATE    SERVICE
      22/tcp    open     ssh
      80/tcp    open     http
      135/tcp   filtered msrpc
      139/tcp   filtered netbios-ssn
      445/tcp   filtered microsoft-ds
      9929/tcp  open     nping-echo
      31337/tcp open     Elite
    
      Read data files from: /usr/bin/../share/nmap
      Nmap done: 1 IP address (1 host up) scanned in 26.54 seconds
                 Raw packets sent: 1067 (46.924KB) | Rcvd: 1054 (42.164KB)
    
      real  0m26.546s
      user  0m0.061s
      sys 0m0.046s
    
    

# time nmap -v scanme.nmap.org # 7.00

    
    
      Starting Nmap 7.00 ( https://nmap.org ) at 2015-11-21 00:02 AEDT
      Initiating Ping Scan at 00:02
      Scanning scanme.nmap.org (45.33.32.156) [2 ports]
      Completed Ping Scan at 00:02, 0.19s elapsed (1 total hosts)
      Initiating Parallel DNS resolution of 1 host. at 00:02
      Completed Parallel DNS resolution of 1 host. at 00:02, 0.00s elapsed
      Initiating Connect Scan at 00:02
      Scanning scanme.nmap.org (45.33.32.156) [1000 ports]
      Discovered open port 22/tcp on 45.33.32.156
      Discovered open port 80/tcp on 45.33.32.156
      Discovered open port 9929/tcp on 45.33.32.156
      Discovered open port 31337/tcp on 45.33.32.156
      Completed Connect Scan at 00:03, 46.61s elapsed (1000 total ports)
      Nmap scan report for scanme.nmap.org (45.33.32.156)
      Host is up (0.19s latency).
      Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
      Not shown: 992 closed ports
      PORT      STATE    SERVICE
      22/tcp    open     ssh
      80/tcp    open     http
      135/tcp   filtered msrpc
      139/tcp   filtered netbios-ssn
      445/tcp   filtered microsoft-ds
      5815/tcp  filtered unknown
      9929/tcp  open     nping-echo
      31337/tcp open     Elite
    
      Read data files from: /usr/local/bin/../share/nmap
      Nmap done: 1 IP address (1 host up) scanned in 46.85 seconds
    
      real  0m46.858s
      user  0m0.801s
      sys 0m0.233s

~~~
bonsaiviking
Your second command is using TCP Connect scan (-sT) instead of SYN scan (-sS).
Not sure why it would be doing this, but add -sS and see if speed difference
is better.

