UPDATE: Nmap 7.70 Upgrade Available!

PenTestIT RSS Feed

The first exciting Nmap release of 2018 is Nmap 7.70 with improved OS and service detection capabilities in addition to an improved Npcap 0.99-r2! None of us really need any introduction to this very popular “network mapper“ which now includes an additional 9 new NSE scripts! There are a total of588 NSE scripts now!

What is Nmap?

> Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Whats’s new in Nmap 7.70?

This new release includes hundreds of new OS and service fingerprints with an update to the Npcap driver that essentially makes my favourite -sV flag faster and more accurate. The Npcap Windows packet capturing driver also features increased stability and better 802.11 raw frame capturing support. This release also contains a new --resolve-all option to resolve and scan all IP addresses of a host. Majorly, these are the changes made:

• Inclusion of user added service/version detection fingerprints submitted from March 2017 to August 2017. There are now 11,672 fingerprints, including 26 new softmatches! Nmap 7.70 now detects 1224 protocols from filenet-pch, lscp, and netassistant to sharp-remote, urbackup, and watchguard! Additionally, IPv4 OS fingerprint submissions from September 2016 to August 2017 were also added making the grand total of 5,652 OS fingerprints including iOS 11, MacOS Sierra, Linux 4.14, Android 7, among others. Additionally 33 IPv6 OS fingerprint submissions from September 2016 to August 2017 were also added including support for OpenBSD 6.0 and FreeBSD 11.0!
• A directory traversal vulnerability in the way the non-default http-fetch script sanitized URLs was also fixed in Nmap 7.70. If a user manually ran the NSE script against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. However, existing files can not be overwritten.
• The following 9 NSE scripts were added:
  1. deluge-rpc-brute.nse: This script performs brute-force credential testing against Deluge BitTorrent RPC services, using the new zlib library by Claudiu Perta.
  2. hostmap-crtsh.nse: This script lists subdomains by querying Google’s Certificate Transparency logs by Paulino Calderon (@calderpwn).
  3. http-bigip-cookie.nse: This script decodes unencrypted F5 BIG-IP cookies and reports back the IP address and port of the actual server behind the load-balancer by Seth Jackson.
  4. http-jsonp-detection.nse: This script attempts to discover JSONP endpoints in web servers that can be used to bypass Same-origin Policy restrictions in web browsers by Vinamra Bhatia.
  5. http-trane-info.nse: This script obtains information from Trane Tracer SC controllers and connected HVAC devices by Pedro Joaquin.
  6. nbd-info.nse: This script uses the new nbd.lua library to query Network Block Devices for protocol and file export information by Mak Kolybabi.
  7. rsa-vuln-roca.nse: This script checks for RSA keys generated by Infineon TPMs vulnerable to Return Of Coppersmith Attack (ROCA) (CVE-2017-15361). Checks SSH and TLS services by Daniel Miller.
  8. smb-enum-services.nse: This script retrieves the list of services running on a remote Windows machine. Modern Windows systems requires a privileged domain account in order to list the services by Rewanth Cool.
  9. tls-alpn.nse: The script checks TLS servers for Application Layer Protocol Negotiation (ALPN) support and reports supported protocols. ALPN largely replaces NPN, which tls-nextprotoneg was written for, by Daniel Miller.
• Two new libraries for NSE - idna - Support for internationalized domain names in applications (IDNA) - punycode (a transfer encoding syntax used in IDNA) by Rewanth Cool.
• Added the zlib library for NSE so scripts can easily handle compression.
• Changed version probe fallbacks so as to work cross protocol (TCP/UDP). This enables consolidating match lines for services where the responses on TCP and UDP are similar. Improved DNS service version detection coverage and consistency by using data from a Project Sonar Internet wide survey. - by Tom Sellers.

Kudos to the guys at Nmap and awesome GSoC student team for the awesome Nmap 7.70 release! A lot more changes can be found in the change log located here.

Download Nmap 7.70:

Latest stable sources and Windows installers: nmap-7.70.tar.bz2/nmap-7.70-setup.exe can be downloaded here.

The post UPDATE: Nmap 7.70 Upgrade Available! appeared first on PenTestIT.