UPDATE: Nmap 7.80

PenTestIT RSS Feed

Good news guys! The Nmap 7.80 update is now available and this is the Defcon release. We’ve had to wait for such a long time since the guys behind Nmap were extremely busy improving the Npcap raw packet capturing/sending driver. It now uses modern APIs and is more performant as well as more secure and more featureful than WinPcap. We all know as well that WinPcap hasn’t had an update since long. This new Nmap release includes 80+ cross-platform improvements, including 11 new NSE scripts, a couple of security fixes, a bunch of new libraries, bug fixes and performance improvements!

What is Nmap?

> Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

What’s new in Nmap?

According to me, these are the most important changes you can find in Nmap 7.80:

• [Windows] The Npcap Windows packet capturing library (https://npcap.org/) is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982
• [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598! These are the details:
  • broadcast-hid-discoveryd discovers HID devices on a LAN by sending a discoveryd network broadcast probe. [Brendan Coles]
  • broadcast-jenkins-discover discovers Jenkins servers on a LAN by sending a discovery broadcast probe. [Brendan Coles]
  • http-hp-ilo-info extracts information from HP Integrated Lights-Out (iLO) servers. [rajeevrmenon97]
  • http-sap-netweaver-leak detects SAP Netweaver Portal with the Knowledge Management Unit enabled with anonymous access. [ArphanetX]
  • https-redirect detects HTTP servers that redirect to the same port, but with HTTPS. Some nginx servers do this, which made ssl-* scripts not run properly. [Daniel Miller]
  • lu-enum enumerates Logical Units (LU) of TN3270E servers. [Soldier of Fortran]
  • rdp-ntlm-info extracts Windows domain information from RDP services. [Tom Sellers]
  • smb-vuln-webexec checks whether the WebExService is installed and allows code execution. [Ron Bowes]
  • smb-webexec-exploit exploits the WebExService to run arbitrary commands with SYSTEM privileges. [Ron Bowes]
  • ubiquiti-discovery extracts information from the Ubiquiti Discovery service and assists version detection. [Tom Sellers]
  • vulners queries the Vulners CVE database API using CPE information from Nmap’s service and application version detection. [GMedian, Daniel Miller]
• [Nsock][Ncat] Add AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat. VM sockets are used for communication between virtual machines and the hypervisor.
• [Security][Windows] Address CVE-2019-1552 in OpenSSL by building with the prefix “C:\Program Files (x86)\Nmap\OpenSSL”. This should prevent unauthorized users from modifying OpenSSL defaults by writing configuration to this directory.
• [Security] Reduced LibPCRE resource limits so that version detection can’t use as much of the stack. Previously Nmap could crash when run on low-memory systems against target services which are intentionally or accidentally difficult to match. Someone assigned CVE-2018-15173 for this issue. [Daniel Miller]
• [NSE] bin.lua is officially deprecated. Lua 5.3, added 2 years ago in Nmap 7.25BETA2, has native support for binary data packing via string.pack and string.unpack. All existing scripts and libraries have been updated. [Daniel Miller]
• Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is already used whenever possible, and the -PR option would not force it to be used in any other case. [Daniel Miller]
• [NSE] Address two protocol parsing issues in rdp-enum-encryption and the RDP nse library which broke scanning of Windows XP. Clarify protocol types [Tom Sellers]
• [NSE] Script http-fileupload-exploiter failed to locate its resource file unless executed from a specific working directory. [nnposter]
• [Ncat] Allow Ncat to connect to servers on port 0, provided that the socket implementation allows this. [Daniel Miller]
• Update the included libpcap to 1.9.0. [Daniel Miller]
• [Ncat] New ncat option provides control over whether proxy destinations are resolved by the remote proxy server or locally, by Ncat itself. See option --proxy-dns. [nnposter]
• [NSE] Fix bug in http-vuln-cve2006-3392 that prevented the script to generate the vulnerability report correctly. [rewardone]
• Nmap could be fooled into ignoring TCP response packets if they used an unknown TCP Option, which would misalign the validation, causing it to fail. [Clément Notin, Daniel Miller]
• Fixed --resume when the path to Nmap contains spaces. Reported on Windows by Adriel Desautels. [Daniel Miller]
• New service probe and match lines for adb, the Android Debug Bridge, which allows remote code execution and is left enabled by default on many devices. [Daniel Miller]

Download Nmap 7.80:

Latest stable sources and Windows installers: nmap-7.80.tar.bz2/nmap-7.80-setup.exe can be downloaded here.

The post UPDATE: Nmap 7.80 appeared first on PenTestIT.