Nmap Announce mailing list archives
New Nmap OS Detection System - 4.20ALPHA9 Release
From: Fyodor <fyodor () insecure org>
Date: Mon, 16 Oct 2006 15:22:29 -0700
Hello everyone, Some people have emailed me noting that the last stable Nmap (4.11) was released back in June, and asking if a new release is imminent. I'm afraid the answer is no. We're having way too much fun on the development list, where there have been 9 recent ALPHA releases, to slow down for a "stable" release. So instead, I'm inviting all of you to join the ALPHA party! Since most of you aren't on the nmap-dev list (where ALPHAs are normally posted), I have added 4.20ALPHA9 to the main Nmap download page at: http://insecure.org/nmap/download.html Please give it a try and let me know (or, even better, mail nmap-dev) if you encounter any problems. There are dozens of changes, but one of the coolest is a 2nd generation OS detection system that Zhao Lei and I wrote. It is described in depth at http://insecure.org/nmap/osdetect/ . While the system seems to work quite well, it is limited by the small database size (71 signatures vs. 1684 in the gen1 system). So if a machine you scan with ALPHA9 isn't detected and Nmap prints a fingerprint and asks you to submit it at a given URL, please do so (if you know what is running). My home testing lab is quite respectable by geek standards, but pales in comparison to the variety of systems you all have access to! So please submit those signatures and I'm standing by to integrate them into the next version. Note that you can still access the old OS fingerprint system and DB by using -O1. We are also very happy to accept 2nd gen OS detection corrections when Nmap guesses wrong -- even if it seems trivial (like guessing Linux kernel 2.6.17 when you are running 2.6.18). I've written instructions for submitting corrections at http://insecure.org/nmap/submit/ . Other cool changes since 4.11 include: o Integrated all 2nd quarter service detection fingerprint submissions. We now have 3,671 signatures representing 415 protocols. o Nmap now supports IP options with the new --ip-options flag. You can specify any options in hex, or use "R" (record route), "T" (record timestamp), "U") (record route & timestamp), "S [route]" (strict source route), or "L [route]" (loose source route). Specify --packet-trace to display IP options of responses. o An --open option, which causes Nmap to show only open ports (or likely open) ports o Nmap now provides progress statistics in the XML output in verbose mode. This allows front ends to better inform users about what is going on and when Nmap will finish. o Nmap now shows how many hops away a remote machine is (when Nmap is able to determine that). There are dozens of other changes which you can read about at http://insecure.org/nmap/changelog.html It isn't in ALPHA9 yet, but we have working prototypes of a scripting language for writing your own Nmap probes and vulnerability checks (called NSE), and also a new portable frontend and results viewer (UMIT). You can join the Nmap-dev list to keep up with those at http://cgi.insecure.org/mailman/listinfo/nmap-dev . But I must warn you that that nmap-dev has much higher mail volume than nmap-hackers . So some people prefer just browsing the archives at http://seclists.org . Cheers, Fyodor _______________________________________________ Sent through the nmap-hackers mailing list http://cgi.insecure.org/mailman/listinfo/nmap-hackers Archived at http://SecLists.Org
Current thread:
- New Nmap OS Detection System - 4.20ALPHA9 Release Fyodor (Oct 16)