Hacker News new | comments | show | ask | jobs | submit login
Nmap 7 Release Notes (nmap.org)
117 points by jaimehrubiks on Nov 20, 2015 | hide | past | web | favorite | 18 comments



My favourite of his (Fyodor's, guy behind nmap) conference appearances https://www.youtube.com/watch?v=ZMG0e7byPvo Scanning the Internet apparently can raise some eyebrows ;)

Should be general knowledge, but for all who don't know: http://www.sectools.org and http://seclists.org/ are valuable resources!

Funny Side Note: nmap is one of the most widely used "real hacker tools" in movies https://nmap.org/movies/


Never seen that - thanks. Fyodor is a pretty funny guy as well as knowing his shit!


It's good to see how a project as mature as Nmap keeps development on. Someone must be doing a really good job leading the project. I wish it was like that for so many other classical CLI tools.


which other classical CLI tools are not well-maintained ?


If any of you want to try 7.0 in a container grab the Dockerfile here: https://raw.githubusercontent.com/cdrage/dockerfiles/master/...

Then run dat shit:

docker run --rm -it --net=host --cap-add=NET_ADMIN nmap -v scanme.nmap.org


Still doesn't compile with default LUA due to broken Headers within the include path. They probably just forgot it again, but it's still bad practice and low standard for a very common tool like nmap.


Not aware of this issue. Please file a bug report at http://issues.nmap.org/new or dev@nmap.org, thanks!


I'd like some day to get into nmap's source code so as to learn more about networking and programming, but I haven't started since it is quite extensive. Any ideas to begin?


You'll learn more about networking from using Nmap than from looking at the source. Always use -v and maybe even -d, then investigate what the output is telling you. And read the book: https://nmap.org/book/


Its heaps faster! Thank you Fyodor!!


Wonder if there are any plans to make it asynchronous?


I'm an extremely occasional nmap user, what benefits would being async provide?


You don't have to wait for requests to complete, so slow or broken connections don't cause hangs. IIRC, zmap[1] takes this approach. This allows the "probe" stage to be executed essentially as quickly as you can send packets, while you lazy load the results

[1] https://zmap.io/


nmap dev here.

Nmap is already asynchronous, as you described multiple requests are multiplexed (cf select(2), epoll(7), kqueue/kevent depending on your platform...)

The core difference between nmap and zmap is that the latter is stateless. Which allows a much higher throughput, but also prevents from applying some smart detection mechanisms. Thus, both tools are complementary, and no, there is no work being done to make nmap stateless.


Thank you very much!


Interestingly I find nmap 7 almost twice as slow 6 when performing the example scan from the documentation.

  # time nmap -v scanme.nmap.org # 6.40

  Starting Nmap 6.40 ( http://nmap.org ) at 2015-11-21 00:01 AEDT
  Initiating Ping Scan at 00:01
  Scanning scanme.nmap.org (45.33.32.156) [4 ports]
  Completed Ping Scan at 00:01, 0.23s elapsed (1 total hosts)
  Initiating Parallel DNS resolution of 1 host. at 00:01
  Completed Parallel DNS resolution of 1 host. at 00:01, 0.00s elapsed
  Initiating SYN Stealth Scan at 00:01
  Scanning scanme.nmap.org (45.33.32.156) [1000 ports]
  Discovered open port 80/tcp on 45.33.32.156
  Discovered open port 22/tcp on 45.33.32.156
  Discovered open port 31337/tcp on 45.33.32.156
  Discovered open port 9929/tcp on 45.33.32.156
  Completed SYN Stealth Scan at 00:01, 26.27s elapsed (1000 total ports)
  Nmap scan report for scanme.nmap.org (45.33.32.156)
  Host is up (0.20s latency).
  Not shown: 993 closed ports
  PORT      STATE    SERVICE
  22/tcp    open     ssh
  80/tcp    open     http
  135/tcp   filtered msrpc
  139/tcp   filtered netbios-ssn
  445/tcp   filtered microsoft-ds
  9929/tcp  open     nping-echo
  31337/tcp open     Elite

  Read data files from: /usr/bin/../share/nmap
  Nmap done: 1 IP address (1 host up) scanned in 26.54 seconds
             Raw packets sent: 1067 (46.924KB) | Rcvd: 1054 (42.164KB)

  real  0m26.546s
  user  0m0.061s
  sys 0m0.046s

# time nmap -v scanme.nmap.org # 7.00

  Starting Nmap 7.00 ( https://nmap.org ) at 2015-11-21 00:02 AEDT
  Initiating Ping Scan at 00:02
  Scanning scanme.nmap.org (45.33.32.156) [2 ports]
  Completed Ping Scan at 00:02, 0.19s elapsed (1 total hosts)
  Initiating Parallel DNS resolution of 1 host. at 00:02
  Completed Parallel DNS resolution of 1 host. at 00:02, 0.00s elapsed
  Initiating Connect Scan at 00:02
  Scanning scanme.nmap.org (45.33.32.156) [1000 ports]
  Discovered open port 22/tcp on 45.33.32.156
  Discovered open port 80/tcp on 45.33.32.156
  Discovered open port 9929/tcp on 45.33.32.156
  Discovered open port 31337/tcp on 45.33.32.156
  Completed Connect Scan at 00:03, 46.61s elapsed (1000 total ports)
  Nmap scan report for scanme.nmap.org (45.33.32.156)
  Host is up (0.19s latency).
  Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
  Not shown: 992 closed ports
  PORT      STATE    SERVICE
  22/tcp    open     ssh
  80/tcp    open     http
  135/tcp   filtered msrpc
  139/tcp   filtered netbios-ssn
  445/tcp   filtered microsoft-ds
  5815/tcp  filtered unknown
  9929/tcp  open     nping-echo
  31337/tcp open     Elite

  Read data files from: /usr/local/bin/../share/nmap
  Nmap done: 1 IP address (1 host up) scanned in 46.85 seconds

  real  0m46.858s
  user  0m0.801s
  sys 0m0.233s


Your second command is using TCP Connect scan (-sT) instead of SYN scan (-sS). Not sure why it would be doing this, but add -sS and see if speed difference is better.


Did you test more times to rule out throttling at the server end? Or does v7 have a longer default delay between probes?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: