The Five Coolest New Features in Nmap 4.5

| December 17, 2007

Fyodor has released the tenth-anniversary edition of Nmap! Version 4.50 hit the Internet on December 12th, and it includes hundreds of tweaks, enhancements, and feature additions since the last major release a year ago.

Even with all of these new features, there are a handful that shine a bit brighter than others. If you’ve already take advantage of Nmap’s numerous capabilities, you’ll really like these cool new features!

Nmap’s “Smart” Traceroute

We’ve all used traceroute to determine the route that packets traverse between devices, and these capabilities now exist in Nmap 4.50. In keeping with Nmap’s ongoing philosophy of clean and efficient code, Nmap’s traceroute feature has been built with a few extra “smarts.”

  • Nmap’s traceroute won’t repeat a traceroute leg if a scan during the same Nmap session has already determined the route.
  • Nmap’s traceroute includes a dynamic timing model that’s similar to Nmap’s port-scanning engine. If your scan is operating across a slow network link, Nmap’s traceroute will slow down to allow the trace to perform accurately.
  • The traceroute output information is consolidated and displayed for maximum efficiency.

Why it’s cool:

These are two great tools that work great together, and Nmap’s traceroute comes with the same quality and efficiency you would expect from any other Nmap feature.

Zenmap (formerly known as Umit)

Nmap is traditionally known as a command-line tool, but Nmap also has a history with graphical front-ends. Nmap previously included a graphical front-end called NmapFE, but a new front-end from Adriano Monteiro Marques has now been integrated into Nmap 4.50. Previously known as Umit, the new Zenmap graphical front-end can execute Nmap scans along with these other cool features:

  • The ability to load and save structured Nmap scan profiles
  • A novice and expert wizard that guides you through all of Nmap’s options
  • The capability to save and load Nmap scan results
  • A built-in search feature to easily locate information from previously saved scans
  • A color-based comparison engine to contrast results between two separate Nmap scans

Why it’s cool:

Nmap scans can now be saved, searched, and compared against each other. This graphical ease-of-use brings Nmap’s powerful capabilities into the hands of any network professional.

New Operating System Detection Engine

Nmap is much more than a port scanner. For years, Nmap power-users have taken advantage of Nmap’s patented operating system detection to easily identify remote systems. With just a few packet probes, Nmap can quickly and accurately determine the operating system of a remote device.

Nmap’s new second-generation operating system detection engine has again set the standard for the industry. This new OS detection method is so powerful that the original first-generation method isn’t even included with Nmap’s source code! All new operating system fingerprints are now only accepted in the new second-generation format, and all of Nmap’s OS scans now run with the new second-generation engine.

Why it’s cool:

Nmap’s OS detection is both efficient and elegant, and the latest generation takes the idea of remote OS probes to the next level. Read the details about these techniques in Fyodor’s extensive documentation.

Detailed Explanations for Port Dispositions (–reason)

Nmap is a powerful port scanner, but Nmap’s scan results were occasionally shrouded in mystery. Did Nmap define a port as “filtered” because there was no response from the remote device, or did an ICMP message tell Nmap that the route wasn’t accessible? With Nmap’s new –reason option, you’ll know the decision process Nmap used to determine the port disposition.

Why it’s cool:

You’ll now know how Nmap is working behind the scenes without searching through packet traces, and it’s all integrated alongside Nmap’s existing scan output. For seasoned security professionals, this detailed level of information is incredibly useful.

Nmap Scripting Engine (NSE)

Of all of the latest Nmap features, the Nmap Scripting Engine is by far the most impressive. With NSE, Nmap can be extended to provide additional capabilities that aren’t inherently part of Nmap’s feature set.

For example, if Nmap identifies a proxy server, an NSE script can be run automatically to test the proxy server to see if it can be accessed without authentication. Other scripts might be used to attempt the extraction of specific information from a SQL database, or to determine which version of SSH is supported by a remote device.

Why it’s cool:

Nmap 4.50 includes forty different NSE scripts, and new scripts are frequently created by the Nmap community. Now you can make Nmap do exactly what you want!

Tags: , ,

Category: Nmap

Comments are closed.