Nmap 7.40 Released, Install on Linux Ubuntu / Debian / Linux Mint From Source Code

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Nmap 7.40 is here exactly two months after the release of Nmap 7.31, and promises to bring a bunch of exciting new features and goodies that ethical hackers, penetration testers, and security researchers will most definitely love, including the new “–defeat-icmp-ratelimit” option that dramatically reduces UDP scan times.

For starters, Nmap 7.40 ships with twelve new NSE scripts, including cics-enum for enumerating CICS transaction IDs, cics-user-enum for brute-forcing usernames for CICS users on TN3270 services, fingerprint-strings for printing ASCII strings found in service fingerprints, and vtam-enum for brute-forcing VTAM app IDs for TN3270 services.

The new ip-geolocation-map-bing and ip-geolocation-map-google NSE scripts will help you render IP geolocation data as images via the Bing Maps and Google Maps APIs, and ip-geolocation-map-kml records IP geolocation data found in a KML file. Furthermore, nje-pass-brute is capable of brute-forcing an NJE node’s password.

There’s also ssl-cert-intaddr for searching for private IP addresses in TLS certificate fields and extensions, tn3270-screen for displaying the login screen from mainframe TN3270 Telnet services, including hidden fields, as well as tso-enum and tso-brute for enumerating usernames and brute-forces passwords for TN3270 Telnet services.

Features at a glance

Key features include the ability to monitor service and host uptime, manage service upgrade schedules, do network inventory, discover available hosts on a network based on raw IP packets, as well as to discover running services and operating systems on a specific network.

In addition, it supports a wide range of advanced network mapping techniques, including ping sweeps, TCP/UDP port scanning mechanisms, as well as the ability to scan networks of hundreds of thousands of computers.

What’s new in Nmap 7.40

• [Windows] Updated the bundled Npcap from 0.10r9 to 0.78r5, with an improved installer experience, driver signing updates to work with Windows 10 build 1607, and bugfixes for WiFi connectivity problems. [Yang Luo, Daniel Miller]
• Integrated all of your IPv4 OS fingerprint submissions from April to September (568 of them). Added 149 fingerprints, bringing the new total to 5,336. Additions include Linux 4.6, macOS 10.12 Sierra, NetBSD 7.0, and more. Highlights: http://seclists.org/nmap-dev/2016/q4/110 [Daniel Miller]
• Integrated all of your service/version detection fingerprints submitted from April to September (779 of them). The signature count went up 3.1% to 11,095. We now detect 1161 protocols, from airserv-ng, domaintime, and mep to nutcracker, rhpp, and usher. Highlights: http://seclists.org/nmap-dev/2016/q4/115 [Daniel Miller]
• Fix reverse DNS on Windows which was failing with the message “mass_dns: warning: Unable to determine any DNS servers.” This was because the interface GUID comparison needed to be case-insensitive. [Robert Croteau]

[NSE] Added 12 NSE scripts from 4 authors, bringing the total up to 552! They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

• cics-enum enumerates CICS transaction IDs, mapping to screens in TN3270 services. [Soldier of Fortran]
• cics-user-enum brute-forces usernames for CICS users on TN3270 services. [Soldier of Fortran]
• fingerprint-strings will print the ASCII strings it finds in the service fingerprints that Nmap shows for unidentified services. [Daniel Miller]
• [GH#606] ip-geolocation-map-bing renders IP geolocation data as an image via Bing Maps API. [Mak Kolybabi]
• [GH#606] ip-geolocation-map-google renders IP geolocation data as an image via Google Maps API. [Mak Kolybabi]
• [GH#606] ip-geolocation-map-kml records IP geolocation data in a KML file for import into other mapping software [Mak Kolybabi]
• nje-pass-brute brute-forces the password to a NJE node, given a valid RHOST and OHOST. Helpfully, nje-node-brute can now brute force both of those values. [Soldier of Fortran]
• [GH#557] ssl-cert-intaddr will search for private IP addresses in TLS certificate fields and extensions. [Steve Benson]
• tn3270-screen shows the login screen from mainframe TN3270 Telnet services, including any hidden fields. The script is accompanied by the new tn3270 library. [Soldier of Fortran]
• tso-enum enumerates usernames for TN3270 Telnet services. [Soldier of Fortran]
• tso-brute brute-forces passwords for TN3270 Telnet services. [Soldier of Fortran]
• vtam-enum brute-forces VTAM application IDs for TN3270 services. [Soldier of Fortran]
• [NSE][GH#518] Brute scripts are faster and more accurate. New feedback and adaptivity mechanisms in brute.lua help brute scripts use resources more efficiently, dynamically changing number of threads based on protocol messages like FTP 421 errors, network errors like timeouts, etc. [Sergey Khegay]
• [GH#353] New option –defeat-icmp-ratelimit dramatically reduces UDP scan times in exchange for labeling unresponsive (and possibly open) ports as “closed|filtered”. Ports which give a UDP protocol response to one of Nmap’s scanning payloads will be marked “open”. [Sergey Khegay]
• [NSE][GH#533] Removed ssl-google-cert-catalog, since Google shut off that service at some point. Reported by Brian Morin.
• [NSE][GH#606] New NSE library, geoip.lua, provides a common framework for storing and retrieving IP geolocation results. [Mak Kolybabi]
• [Ncat] Restore the connection success message that Ncat prints with -v. This was accidentally suppressed when not using -z.
• [GH#316] Added scan resume from Nmap’s XML output. Now you can –resume a canceled scan from all 3 major output formats: -oN, -oG, and -oX. [Tudor Emil Coman]
• [Ndiff][GH#591] Fix a bug where hosts with the same IP but different hostnames were shown as changing hostnames between scans. Made sort stable with regard to hostnames. [Daniel Miller]
• [NSE][GH#540] Add tls.servername script-arg for forcing a name to be used for TLS Server Name Indication extension. The argument overrides the default use of the host’s targetname. [Bertrand Bonnefoy-Claudet]
• [GH#505] Updated Russian translation of Zenmap by Alexander Kozlov.
• [NSE][GH#588] Fix a crash in smb.lua when using smb-ls due to a floating-point number being passed to os.time (“bad argument”). [Dallas Winger]
• [NSE][GH#596] Fix a bug in mysql.lua that caused authentication failures in mysql-brute and other scripts due to including a null terminator in the salt value. This bug affects Nmap 7.25BETA2 and later releases. [Daniel Miller]
• The –open option now implies –defeat-rst-ratelimit. This may result in inaccuracies in the numbers of “Not shown:” closed and filtered ports, but only in situations where it also speeds up scan times. [Daniel Miller]
• [NSE] Added known Diffie-Hellman parameters for haproxy, postfix, and IronPort to ssl-dh-params. [Frank Bergmann]
• Added service probe for ClamAV servers (clam), an open source antivirus engine used in mail scanning. [Paulino Calderon]
• Added service probe and UDP payload for Quick UDP Internet Connection (QUIC), a secure transport developed by Google and used with HTTP/2. [Daniel Miller]
• [NSE] Enabled resolveall to run against any target provided as a hostname, so the resolveall.hosts script-arg is no longer required. [Daniel Miller]

[NSE] Revised script http-default-accounts in several ways [nnposter]:

• Added 21 new fingerprints, plus broadened 5 to cover more variants.
• [GH#577] It can now can test systems that return status 200 for non-existent pages.
• [GH#604] Implemented XML output. Layout of the classic text output has also changed, including reporting blank usernames or passwords as “”, instead of just empty strings.
• Added CPE entries to individual fingerprints (where known). They are reported only in the XML output.
• [NSE][GH#573] Updated http.lua to allow processing of HTTP responses with malformed header names. Such header lines are still captured in the rawheader list but skipped otherwise. [nnposter]
• [GH#416] New service probe and match line for iperf3. [Eric Gershman]
• [NSE][GH#555] Add Drupal to the set of web apps brute forced by http-form-brute. [Nima Ghotbi]

How to Install Nmap 7.40 on Ubuntu and Linux Mint (Ubuntu Derivative System) :