Hacker News new | past | comments | ask | show | jobs | submit login
Nmap 6 released after three years of work (nmap.org)
213 points by jimmyjim on May 21, 2012 | hide | past | web | favorite | 31 comments

I used nmap a lot during the 2.5 days (c. 2001), and was even a (very occasional) contributor as they were porting to Windows. I can safely say I have 0 idea how 90% of its functionality works anymore - and I think that's a testament to how far the project has come.

It was best of breed then, and is up there with the most successful open source projects - certainly in the security space, but maybe even anywhere.

Hats off to Fyodor and the rest of the team. This looks like really excellent work.

Whenever you buy a new network connected gizmo please scan it with nmap and please submit the OS/Service fingerprints if nmap does not know about the device. NMAP makes it super easy to contribute the the fingerprints db.

Care to elaborate? A 5 min investigation on nmap.org didn't reveal how to contribute.

One of the ways nmap makes this super easy is that it prints out the submission page and asks you to submit the fingerprints if it does not know about the device:)

If you get a new device run a full scan against the device; all ports, OS detection and full service version scan.

Here is the page if you are curious:


I assume you're talking about a scan using "-O"? For example "nmap -O".

  # nmap -v -v -Pn -O -sV --version-all -p 1-65535 -oA output
The above would be great. All 65535 ports is probably overkill. But if its your device and you have the time why not? Rinse and repeat with UDP if you are feeling especially charitable.

would they be interested in smart phones on a wireless network?

In my experience, NMap hasn't been the best at identifying smartphones and other mobile devices. So from my point of view, yes, this would help. I don't know NMap's goals on that, though.

Everyone has seen Nmap used and might not even know it. It was famously used by Trinity in The Matrix, and has popped up in Die Hard, Bourne Ultimatum, The Girl with the Dragon Tattoo and more. http://nmap.org/movies.html

I wonder if Hollywood will upgrade.

Trinity was using nmap 2.54, how lame.

Interestingly, this T-Mobile prepaid sim I'm on blocks me from nmap.org

I can't believe it's been 3 years since they released v5. Truly one of the better open source security scanners out there. Thanks for sharing.

#nmap -sP might be the most commonly used line of nmap. But it works best on V5.0 and not V5.x+

What's the problem?

Have you reported it on the nmap-dev mailing list with packet dumps?

As per the documentation http://nmap.org/6/ :

We also felt that the old -sP ("ping scan") option was a bit misleading because current versions of Nmap can go much further (including -sC and --traceroute) even with port scans disabled. We will retain support for the previous option names for the foreseeable future.

That command works great for me using nmap 6. It finds all hosts on my network. And now with v6, I can do something similar to find IPv6 addresses on my network, with this command: sudo nmap -6 -sL --script targets-ipv6-\* --script-args=newtargets

Maybe I don't use Nmap enough, but I find the Nmap switches very difficult to remember. It usually takes a few minutes in the man pages, then a few more minutes in Google before I finally figure out how to do what I want. Perhaps this goes away with experience?

"Zenmap"[1] to the rescue. :)

[1] http://nmap.org/book/zenmap-profile-editor.html

It definitely goes away with experience. When you use nmap regularly you only use 10% of the switches most of the time and typing them after nmap becomes muscle memory.

Great to see the large list of new features and improvements.

Get a copy and start scanning, don't just scan your web servers and Internet gateway. Have a crack at your Internet connected TV, WII and any other device that has an IP Address. If nothing else its fun. :)

>Have a crack at your Internet connected TV, WII and any other device that has an IP Address

Definitely do this. I can especially recommend it if you're a bored teenager. I learned a lot back in the day from abusing cheap gear like printers, routers and stuff.

From the release notes: "Gopher over IPv6!"

I'm really tempted to set up a gopher server on an IPv6-only host, just to try this out. While perhaps pointless, it's a testament to open source that NMAP includes this.

Well I have one :-) I still have to put some content on it though...

It's been many years since I forgot how to access a gopher server.

This Firefox extension makes it easy.


The link in the main document to the performance page: http://nmap.org/6/changes-performance leads to a 404 :(

Besides Nmap's innate usefulness, it is part of the backbone of many other tools. How long before BackTrack upgrades? Tools like Metasploit, do they include their own Nmap (which would need to be upgraded), or relay on your having it?

Can I use nmap to detect who is talking to who on a network & over what ports? I dont want to install agent script on each node, but would install nmap on one of the nodes in the network.

NMap can tell you what ports are being used by a device. tcpdump would be able to show the conversations.

Look forward to upgrading my 5.21. Congrats on a new major release.

Agreed! There are a few tools in the world that I love unreservedly, and nmap is one of them. (A couple of other networking ones are tcpdump, wireshark, and mtr.) It's one of those things where every key aspect has been thought through and polished so thoroughly that I want to send somebody a bouquet.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact