Fyodor, the author of Nmap, was just interviewed on SecurityFocus about the recent release of Nmap 4.00. He touched on a number of cool features that this major release has brought, and I thought it’d be worthwhile to make a list of the improvements.

These sorts of lists are helpful for me when trying to incorporate new functionality into how I currently use a tool. So, here’s the short overview:

• A rewritten scan engine makes it far faster and more memory efficient.
• Can now send raw ethernet frames — which allows it to attain full functionality on Windows XP SP2 systems that don’t have raw socket support.
• New ARP scanning and MAC spoofing capabilities.
• Far better documentation.
• Version detection vastly improved (including a threefold increase in the size of the signature database).
• You can now do runtime modification of scans, i.e. you can press enter during a scan to get an estimated time to finish, or press "v" to switch to verbose mode. Very cool.
• Major improvements in scanning multiple hosts and multiple ports on each host simultaneously.
• Parallel DNS queries.
• The addition of “port scan pings” that allow for improved performance vs. firewalled systems.

Overall, this release just looks incredible. I’m highly enthused about it (have already compiled it on my Mac), and look forward to using these new features. Oh, and for a complete list of changes, be sure to check out the changelog.:

I’m making the switch. My new system is going to be my security box as well as my main system. Well, either that or I’m going to see if work’ll buy me a Mac. Check it:

daniel@kairin daniel $ nmap tiberius Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-02-07 02:23 EST Interesting ports on tiberius (10.100.5.200): (The 1666 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1027/tcp open IIS 3389/tcp open ms-term-serv

Nmap finished: 1 IP address (1 host up) scanned in 1.900 seconds daniel@kairin daniel $

…and that’s running from OS X (compiled natively) — no remote shell to a Linux box or nuttin’. Sure, we’ve been able to do this for a long time now, but for some reason I’ve been silly and haven’t.

From now on I’m going to be compliling all my security apps natively instead of using package managers for OS X; they just aren’t mature enough to me, and the packages all seem dated.

Yeah, this rocks.