More than a year since the last release network security scanner release , designed to conduct a network audit and identify active network services. Part 3 new NSE scripts to automate various actions with Nmap. Over 1200 new signatures have been added to identify network applications and operating systems.
Among the changes in Nmap 7.90:
- The project has switched from using a modified GPLv2 license to a license , which has not changed fundamentally and is also based on GPLv2, but better structured and provided with clearer language. Differences from GPLv2 come down to adding a few exceptions and conditions, such as the ability to use the Nmap code in products under licenses incompatible with the GPL after obtaining permission from the author, and the need to separately license the distribution and use of nmap as part of proprietary products.
- More than 800 application and service version identifiers have been added, and the total size of the identifier database has reached 11878 entries. Added detection of MySQL 8.x, Microsoft SQL Server 2019, MariaDB, Crate.io CrateDB and PostreSQL installations in Docker. Improved accuracy of MS SQL version detection. The number of defined protocols has increased from 1193 to 1237, including the addition of support for airmedia-audio protocols,
banner-ivu, control-m, insteon-plm, pi-hole-stats and
ums-webviewer. - Approximately 400 operating system identifiers have been added, 330 for IPv4 and 67 for IPv6, including identifiers for iOS 12/13, macOS Catalina and Mojave, Linux 5.4, and FreeBSD 13. The number of defined OS versions has been increased to 5678.
- New libraries have been added to the Nmap Scripting Engine (NSE), designed to automate various actions with Nmap: outlib with functions for output processing and string formatting, and dicom with an implementation of the DICOM protocol used to store and transfer medical images.
- Added new :
- dicom-brute to match AET (Application Entity Title) IDs on servers (Digital Imaging and Communications in Medicine);
- dicom-ping to find DICOM servers and determine connectivity using AET identifiers;
- uptime-agent-info to collect system information from Idera Uptime Infrastructure Monitor agents.
- Added 23 new UDP test requests (, protocol-specific queries that result in a response rather than ignoring the UDP packet) created for the Rapid7 InsightVM network scanning engine and allowing you to increase the accuracy of determining various UDP services.
- Added UDP queries to define STUN (Session Traversal Utilities for NAT) and GPRS Tunneling Protocol (GTP).
- Added "--discovery-ignore-rst" option to ignore TCP RST responses when determining target host health (helps if firewalls or traffic inspection systems RST packets to terminate the connection).
- Added "--ssl-servername" option to change hostname value in TLS SNI.
- Added the ability to use the "--resume" option to resume interrupted IPv6 scan sessions.
- The nmap-update utility, which was developed to organize the updating of identifier databases and NSE scripts, was removed, but the infrastructure for these actions was not created.
A few days ago there was also issue , libraries for capturing and substituting packets on the Windows platform, developed as a replacement for and using the modern Windows API . Version 1.0 summed up seven years of development and marked Npcap's stabilization and readiness for widespread use. The Npcap library, compared to WinPcap, demonstrates higher performance, security and reliability, is fully compatible with Windows 10 and supports many advanced features such as raw mode, requesting administrator rights to run, using ASLR and DEP for protection, capture and substitution packages on the loopback interface, compatibility with the Libpcap and WinPcap APIs.
Source: opennet.ru