Nmap 7 brings faster scanning and improved IPv6 support

There are a lot of network management and monitoring goodies inside the latest version of Nmap

Nmap 7 brings faster scanning and improved IPv6 support
Kevin Dooley (Creative Commons BY or BY-SA)

Nmap 7 is finally here, and it comes packed with significant improvements.

The culmination of three and a half years of work from more than 100 contributors and almost 3,200 code commits, the changelog lists more than 330 enhancements made to the tool since Version 6. There are five major developments in the latest version of this popular open source network discovery and security auditing tool: major expansion of the Nmap Scripting Engine (NSE), mature IPv6 support, upgrades to the infrastructure, faster scans, and faster and better SSL/TLS-related scans.

“Nmap turned 18 years old in September this year and celebrates its birthday with 171 new NSE scripts, expanded IPv6 support, world-class SSL/TLS analysis, and more user-requested features than ever,” the project members wrote on the official site.

Short for Network Mapper, Nmap lets administrators find unauthorized, vulnerable, and infected devices on the network. Nmap is used to scan a subnet, query DNS from the host, see open ports on a device, and identify what a machine at a specific IP address is doing. Nmap uses raw IP packets to identify what applications and versions are installed on the hosts, tracking the operating system versions and dozens of other characteristics. Systems and network administrators typically use Nmap for network inventory, monitoring uptime, and managing upgrade schedules.

The first major improvements can be found with the NSE subsystem. Users can write and share Lua scripts to automate a variety of networking tasks, and NSE is now powerful enough to take on core functions such as host discovery, version scanning, and RPC grinding. By moving the RPC grinder to an NSE script, the project was able to “cull a bunch of old C code in favor of more maintainable Lua,” as well as improve scanning speed.

Nmap 7 added 171 new scripts and 20 libraries and removed four, bringing a total of 515 scripts. NSE is the “tool of choice” for rapid vulnerability scanning for high-profile bugs such as Heartbleed, Shellshock, POODLE, Logjam, Stuxnet, and even Slowloris attacks, the team said.

Nmap has supported IPv6 since 2002, but the latest version beefed up support even more. Full Unicast CIDR-style IPv6 range scanning and idle scan have been added. The majority of NSE scripts are now IPv6-ready, and the parallel reverse DNS resolver now handles IPv6 addresses. There are also several IPv6-specific NSE scripts for advanced host discovery and denial of service. IPv6 OS fingerprinting and traceroute has also been improved.

The Nmap Project said the team also spent time on the infrastructure to ensure the tool can handle a growing user base. The official project site, nmap.org, has been moved to use HTTPS. And Nmap now integrates with Travis CI for continuous integration testing; if a build ever breaks, the developers are notified immediately. Code submissions should be made as Github pull requests, the team said.

The official bug tracker is now available on GitHub, which “has already reduced the number [of bugs and requests] which fall through the cracks,” the team wrote.

Performance remained a “top priority” for the project. Version scanning is quicker and new poll and kqueue Nsock engines boost performance on Windows, OSX, and BSD systems, the team said.

To improve SSL/TLS scanning, version scanning probes have been updated to detect the newest TLS handshake versions. The ssl-enum ciphers script has been entirely revamped to perform fast analysis of TLS deployment problems. And instead of merely reporting if a ciphersuite is “weak” or “strong,” Nmap now actually scores each handshake using data from Qualys SSL Labs, server certificate strength, Diffie-Hellman parameter size, and encryption bit strength. NSE scripts can also perform TLS checks against LDAP, IMAP, and POP3 services.

Nmap 7 works on a wide range of operating systems, including Linux, Windows 10, OS X 10.8 Mountain Lion through 10.11 El Capitan, IBM’s AIX, and Oracle’s Solaris UNIX. Nmap 7 can also work on older Windows systems such as those running Vista and XP, although the project developers recommend updating those aging machines.

The general availability of Nmap 7 hits days after the developers of Wireshark, a popular network protocol analyzer, released Version 2.0 that comes with a new user interface, new features, and API changes. New versions of Wireshark and Nmap will simplify many network management tasks, and administrators are encouraged to update as soon as possible.

Stay up to date with InfoWorld’s newsletters for software developers, analysts, database programmers, and data scientists. • Get expert insights from our member-only Insider articles.