Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nmap 5.00 Released, With Many Improvements

timothy posted about 5 years ago | from the ok-now-release-another-nsfw-introduction dept.

Security 73

iago-vL writes "The long-awaited Nmap Security Scanner version 5.00 was just released (download)! This marks the most important release since 1997, and is a huge step in Nmap's evolution from a simple port scanner to an all-around security and networking tool suite. Significant performance improvements were made, and dozens of scripts were added. For example, Nmap can now log into Windows and perform local checks (PDF), including Conficker detection. New tools included in 5.00 are Ncat, a modern reimplementation of Netcat (with IPv6, SSL, NAT traversal, port redirection, and more!), and Ndiff, for quickly comparing scan results. Other tools are in the works for future releases, but we're still waiting for them to add email and ftp clients so we can finally get off Emacs!"

cancel ×

73 comments

Bike, nigga stole my bike! (-1, Flamebait)

Anonymous Coward | about 5 years ago | (#28721669)

adddriaannnnnnnnn

Rob Malda is no longer an anal virgin (-1, Troll)

Anonymous Coward | about 5 years ago | (#28721709)

Last night I took Rob Malda's anal virginity. It was amusing listening to him squeal like a pig as my throbbing member eviscerated his asshole. It bled a little bit after we were finished but he said he had never cum so hard as he did that time. If any other Slashdot anal virgins want their anal virginity taken away in the most pleasurable way possible, please respond to this post.

Re:Rob Malda is no longer an anal virgin (-1, Offtopic)

Anonymous Coward | about 5 years ago | (#28723197)

Slashdot is known for old stories, but old comments? Fuck, Malda popped his ass cherry, shit, almost 20 years ago.

Melts in your butt not in your hands? (-1, Troll)

Anonymous Coward | about 5 years ago | (#28722017)

Slashdot, I desparately need your help! I've been trying to make a string of anal beads from a bag of peanut M&Ms but they are melting in my ass before I can pull them out. Any tips to prevent this are much appreciated my friends?

Re:Melts in your butt not in your hands? (0)

Anonymous Coward | about 5 years ago | (#28724351)

Try dipping them in liquid nitrogen before insertion.

Re:Melts in your butt not in your hands? (0)

Anonymous Coward | about 5 years ago | (#28728347)

dont do that, it really hurts and your ring gets cold very quickly.

Bloat. (2, Insightful)

girlintraining (1395911) | about 5 years ago | (#28721695)

So nmap went from a special purpose-built tool to a suite. Frack. Anyone here taking commissions on erecting a grave marker? UNIX is nice because it creates many little purpose-built utilities that can be strung together to perform complex tasks. This style of thinking seems to be going away in favor of integrated solutions that rather than doing one thing well do an umbrella of things passably okay. At least they haven't gone the approach yet of stuffing everything into a service that has to run all the time or the scanning engine will go stabby-bits on the user, which seems to be how "security" software runs on Windows... But it's only a matter of time.

Re:Bloat. (3, Interesting)

arabagast (462679) | about 5 years ago | (#28721761)

I think that this is exactly what they are doing, only that all the small tools are bundled in the same tarball.

Re:Bloat. (5, Informative)

iago-vL (760581) | about 5 years ago | (#28723523)

As the original poster, and the author of a dozen or more Nmap scripts, I agree 100%. If you look at the tool itself, you'll see that everything is fairly separate and independent, even if they share a common codebase -- between the scripting and the "bonus" tools, the core is still fairly tight.

My comment at the end about the bloat + Emacs was intended 100% as humour, not actual commentary. I'm hoping nobody took it as a legitimate stab at Nmap, because it wasn't.

Re:Bloat. (1, Funny)

Anonymous Coward | about 5 years ago | (#28725523)

It was, however, a legitimate stab at Emacs. This is not only acceptable but wholeheartedly encouraged.

Re:Bloat. (2, Informative)

Xiph (723935) | about 5 years ago | (#28721779)

When i read the summary, that's what i thought.

And to some extent, i think you might still be right.
What they've done isn't to build in Conficker detection and the like, but to enable scripting so you can extent nmap.
being able to write nmap scripts is nice, on the other hand, on the other hand, several other tools allow for scripting nmap, so i don't see the point in going the other way around it.

Re:Bloat. (-1, Flamebait)

girlintraining (1395911) | about 5 years ago | (#28721857)

And to some extent, i think you might still be right.

Yeah, but don't tell the slashdot moderators that. Anything open source at a higher version number than before that's greeted with anything but open arms tends to go -1 pretty fast. It's heresy apparently to suggest that open source software be compared to commercial software; Having to compete on feature sets, interoperability, and user satisfaction is a lot harder than claiming moral superiority. -_- This is why open source still isn't taken seriously by businesses -- the mindset of its adherents is still blatantly immature.

Re:Bloat. (-1, Troll)

Anonymous Coward | about 5 years ago | (#28721985)

Cry me a river. Then get over yourself, please.

Re:Bloat. (3, Insightful)

morgan_greywolf (835522) | about 5 years ago | (#28722193)

Having to compete on feature sets, interoperability, and user satisfaction is a lot harder than claiming moral superiority. -_- This is why open source still isn't taken seriously by businesses -- the mindset of its adherents is still blatantly immature.

Nice troll you have there.

Open source gets lots of things right -- and -- lots of things wrong.

If you want to talk about competing on feature sets, interoperability and user satisfaction, well, there are quite a few packages out there that do exactly that. OF course, you always have to take into account your audience.

Development tools like gcc, autoconf, Python, Perl, Emacs, gdb, are all at the top of their class in terms of these three things. I know several people, for example, who have been using Emacs since 1984, including myself (off and on; it's a love/hate relationship for me. :)

But then again, these are tools written by developers, for developers, not by developers for marketeers. Say what you will about Visual Studio .NET, but I can point you at scores of people that absolutely despise it, and not for the fact that it's closed source. It's terrible bug-infested bloatware, and everyone who has ever used it knows that. (That being said, there are those that are forced to use it, of ocurse).

For user software, Firefox is definitely at the top of its class in those three categories, no doubt about it. Its constantly rising market share proves that.

Apache? Despite Microsoft's best efforts, more than 2/3rds of all websites are still running Apache. Again, specifically because of user satisfaction (webmasters love Apache), interoperability (everybody makes their stuff work with Apache), and feature sets (IIS can hardly compete with Apache today, considering how badly Microsoft has stagnated it.)

Sure, there's stuff open source gets wrong, but that's not my point. My point is this: your comment is either astroturfing, or you're Microsoft zealot, or you're a troll, plain and simple.

Re:Bloat. (3, Informative)

Rycross (836649) | about 5 years ago | (#28722461)

Really? Everyone I know who uses Visual Studio .Net loves it, and I frequently hear comments, even on Slashdot, how its the "One thing that Microsoft got right." I certainly enjoy using it, and scratch my head when I come across the occasional (rare) comment that its "bloated and buggy."

Of course, using the words "bloated and buggy" has become the new "I don't like it, but don't want to give any specifics." So, yeah.

Re:Bloat. (1)

Xenographic (557057) | about 5 years ago | (#28724213)

> Really? Everyone I know who uses Visual Studio .Net loves it, and I frequently hear comments, even on Slashdot, how its the "One thing that Microsoft got right." I certainly enjoy using it, and scratch my head when I come across the occasional (rare) comment that its "bloated and buggy."

I don't know how VS is now because I haven't used it for ages, so my complaint may be outdated, but I remember trying to make some CLI applications with it years ago and finding that parts of the standard library were screwed up horribly. You couldn't safely get keyboard input the simple way without following some 3rd party instructions that told me which parts of their standard library implementation were buggy and how to change them so that they actually worked properly.

Re:Bloat. (1)

Rycross (836649) | about 5 years ago | (#28725179)

Well, excluding C#, which doesn't count (because its Microsoft-only, bar Mono), most code I've written have been cross-platform GUI programs, which I haven't had a problem with. I've only done a little CLI, and I haven't run into any implementation issues with the standard libraries. But I haven't written a CLI app in a while, and I'm mostly used to post-VC6 Visual Studio (VC6 was pretty terrible standards-wise, they even got the for-loop scoping wrong).

I was using VC 5.0 (1)

Xenographic (557057) | about 5 years ago | (#28726819)

> But I haven't written a CLI app in a while, and I'm mostly used to post-VC6 Visual Studio (VC6 was pretty terrible standards-wise, they even got the for-loop scoping wrong).

A _VERY_ old install CD that has been collecting dust for ages says that I was using VC++ 5.0, Enterprise Edition (I got it by working on a project with a professor in college; I don't think I've ever used it since then). So they've certainly had a long time to improve, even though I clearly remember how horribly broken it used to be.

Re:I was using VC 5.0 (1)

Rycross (836649) | about 5 years ago | (#28730359)

Uhg, VC5? My condolences.

Re:Bloat. (2, Informative)

Freetardo Jones (1574733) | about 5 years ago | (#28722689)

But then again, these are tools written by developers, for developers, not by developers for marketeers. Say what you will about Visual Studio .NET, but I can point you at scores of people that absolutely despise it, and not for the fact that it's closed source. It's terrible bug-infested bloatware, and everyone who has ever used it knows that. (That being said, there are those that are forced to use it, of ocurse).

I've used Visual Studio 2005, 2008 and 2010 and love them all and almost everyone else where I work loves it as well.

Re:Bloat. (1)

fractoid (1076465) | about 5 years ago | (#28725385)

Anyone who doesn't love Visual Studio should spend some time working in Borland Turbo C++. Then they'll understand what "buggy unstable crap" is really like.

Re:Bloat. (1)

morgan_greywolf (835522) | about 5 years ago | (#28728003)

Yeah. I'm with ya on that one. Turbo C++, at least the newer versions, are garbage.

Then again, as someone who cut his programming teeth on Turbo Pascal, I will always have a soft spot for Borland's products, even if they do suck. ;)

Re:Bloat. (1)

Vancorps (746090) | about 5 years ago | (#28723401)

While your basic point I believe is correct your information is dreadfully dated. The original visual studio .Net you had a point with. all versions since the release of .Net 2.0 have been solid though and every programmer I've encountered loves it.

Also I'm not sure how you can say MS has stagnated development for IIS. IIS 7 is such an improvement that I can serve twice as much content as I could with IIS 6 on the same hardware. Combined with the fact that IIS has since the time of IIS5 beaten Apache at dynamic data driven web serving and I begin to wonder where you get your information. Static serving Apache has always been king however so it depends on the type of site you're building and deploying. Historically static sites accounted for the vast majority which is why Apache has such market share now. Of course with PHP5 and the right platform I'd say it's quite competitive these days especially since adding additional hardware to help with the serving is cheap and easy although getting PHP apps to talk across load balanced machines is quite a bit more difficult than getting IIS clusters to cooperate.

The real difference between most closed-source and open source software is usability like it or not. That doesn't mean that all closed-source apps are usable and not all open source apps are unusable. You list Apache as a beacon of user satisfaction when I can say pretty confidently that most people go with it because most people in the past have gone for it. It's cheap to deploy but quite difficult to setup any advanced features without a lot of man page reading. Yeah, it'll get you up and running with basic functionality fast but so will any web server for the most part. Interoperability is a mess as well. I tried to deploy PHP 5.3 to a CentOS 5.3 install. Yep, had to compile from source and the whole thing was a much bigger pain in the ass than installing the .Net framework ever was.

Feature sets are quite the joke as well as the small tools philosophy has a strong hold in the open source community and for good reason. Lots of simple apps working together results in a very stable platform but means that individual packages don't have much functionality. The trade off is that it will be harder to implement because there will be more pieces to implement. From my perspective it's worth the extra effort but I recognize that instead of using one tool like Exchange I have to use many tools including Zimbra which only recently became competitive.

Even look at Asterisk, an app that I actually like because I set it up and go and it doesn't do anything squirrelly unless I do something squirrelly. It however is a lot harder to administer than our old closed-source extensive Televantage softPBX. Of course once you learn Asterisk you realize how much more powerful and extensible it is and in an enterprise environment like I run that is very much a necessity especially once you learn the config files that you have to modify and create your templates.

Bottom line is that both you and the parent are right with a lot of changing attitudes I think more businesses are taking Linux and open-source projects much more seriously simply from a licensing perspective and too many companies have made their licensing schemes too complicated. Oracle, Microsoft, VMWare, I'm looking at all of you! As closed-source companies make it harder to implement through fine print more people will move into the light and realize that there is another way.

Re:Bloat. (1)

girlintraining (1395911) | about 5 years ago | (#28724625)

Nice troll you have there. Open source gets lots of things right -- and -- lots of things wrong.

And my only point was that the slashdot moderators (which by proxy is the slashdot readership) does not like to hear this.

Re:Bloat. (0)

Anonymous Coward | about 5 years ago | (#28723867)

This is why open source still isn't taken seriously by businesses

Yeah, you're right. No business has made any money off of open source anything, no major business has ever promoted anything opensource.

I mean, Linux and associated applications are from just a bunch of hackers working in their basements. No major business, like IBM, Intel, or HP [linuxfoundation.org] would bother with this open source shit. None of the people that work on X.org or the Linux kernel have jobs related to this, because business won't take them seriously.

The documents from Microsoft in 1998 were simply a ghost story that coincidentally made reference to a "Linux". No one at Microsoft even knows what Linux is, nor do they care.

Re:Bloat. (0)

Anonymous Coward | about 5 years ago | (#28727021)

Having to compete on feature sets, interoperability, and user satisfaction is a lot harder than claiming moral superiority. -_- This is why open source still isn't taken seriously by businesses -- the mindset of its adherents is still blatantly immature.

I guess this was a troll, but... Which planet do you live on? Open source is taken very, very seriously nowadays. Granted, some CxOs may give out comments that seem to imply otherwise, but I've noticed that's usually related to their own business model or position in the market -- disparaging comments about open source can be useful even if the commenter takes open source very seriously indeed...

Well, back to developing free software, clients are waiting ;)

Re:Bloat. (1)

Nursie (632944) | about 5 years ago | (#28727787)

"This is why open source still isn't taken seriously by businesses"

Twat.

Of course business doesn't take FOSS seriously, I mean, that explains perfectly why Oracle, the biggest name in databases, has it's own linux distribution.

And why IBM builds its software for RedHat and SuSE/Novell on the mainframe.

And why Google runs its search engine on a custome linux version.

Think before you speak, moron.

Re:Bloat. (5, Informative)

thefear (1011449) | about 5 years ago | (#28722281)

So nmap went from a special purpose-built tool to a suite. Frack.

Step 1) Download the tarball
Step 2) Compile with '--without-ndiff --without-zenmap --without-liblua --without-ncat --without-openssl' for a classic Nmap experience
Step 3) Profit

Re:Bloat. (1)

Artifakt (700173) | about 5 years ago | (#28725867)

Or, leave Zenmap in and see if there's really that much bloat, instability or loss of speed to have a good GUI front end for NMap. It's a pretty tight GUI - sure it adds some to load times, but unless you're just determined to prove you go back to the original unix command line days, you are halfway likely to decide you like having a GUI that is well designed for its purpose. The natural terminal display for nmap has the usual problem of terminals, that is doing multiple operations tends to push all the data from older operations off the screen. Sure, you're leet, you set the terminal to much more than the default 1000 lines scrollback long ago, right? There are still ways to set up the GUI that tend to keep more info around onscreen at a time. It's up to the operator, of course, whether these are worth it or not.
     

Re:Bloat. (1)

TypoNAM (695420) | about 5 years ago | (#28722285)

Did you get all upset and angry too when you found out that g++ comes with gcc?

Re:Bloat. (1)

Rycross (836649) | about 5 years ago | (#28722565)

Its nice to have small, simple utilities that you can chain together. But at certain times its nice to have a larger tool that ties them all together for certain tasks. Ideally, you'd have a choice between both where appropriate (and in most cases, this isn't that difficult to accomplish). NMap strikes me as the kind of tool that can benefit from this sort of thing.

Re:Bloat. (1)

smash (1351) | about 5 years ago | (#28726421)

Can someone please also explain this to the creators of NSLOOKUP and DIG. Why the FUCK can I not pipe a list of hostnames or IPs into either tool is beyond me. I got the results i needed by hacking away with awk and grep and a shell loop but seriously... there needs to be a tool to just go "cat foo.iplist > nslookup-equivalent".

Re:Bloat. (1)

smash (1351) | about 5 years ago | (#28726439)

Of course, i mean "cat foo.iplist | nslookup-equivalent". *sigh*

Re:Bloat. (1)

Anonymous Coward | about 5 years ago | (#28727623)

for i in `cat foo.iplist`; do nslookup $i; done

Re:Bloat. (1)

Ecuador (740021) | about 5 years ago | (#28731821)

Wow, and you have a 4 digit id...
While on both my SuSE box and the Mac, piping to nslookup works, if it doesn't work for you and things like "for loops" are too complicated (!?), there alternatives like good ol' xargs.

cat foo.iplist |xargs -i nslookup {}

Re:Bloat. (0)

Anonymous Coward | about 5 years ago | (#28733523)

Every time you use that construction, a kitten dies. (Well, technically a cat, but I suspect it's a kitten.)

You should spare the cat and do "nslookup-equivalent foo.iplist".

Re:Bloat. (0)

Anonymous Coward | about 5 years ago | (#28733693)

Argh, and of course /. eats my less-than symbol.

Re:Bloat. (1)

Rysc (136391) | about 5 years ago | (#28732533)

You could do it like that:

while read host ; do dig $host ; done foo.iplist

But the output is ugly as sin.

ncat (3, Interesting)

arabagast (462679) | about 5 years ago | (#28721733)

i was just about to check out ncat. Seems interesting. The only downside is that is can never reach the same critical mass as the vanilla nc, and hence you cannot rely on the more advanced functions on an unknown computer. would be cool though, SSL could be handy in some situations.

Re:ncat (1)

insecuritiez (606865) | about 5 years ago | (#28722615)

Yeah, even GNU NetCat isn't really a standard replacement. Ncat isn't likely to become one either. It's another tool, it has great features, if it's useful for you use it. I'd say Ncat's primary competitor is probably socat or cryptcat rather than vanilla nc.

But my granny stilll sucks cock better (-1, Troll)

Anonymous Coward | about 5 years ago | (#28721835)

Slashdot will never be better than my Granny!

Re:But my granny stilll sucks cock better (0)

Anonymous Coward | about 5 years ago | (#28723659)


Blue Iris is dead.

Some of the best.... (2)

222 (551054) | about 5 years ago | (#28721839)

Some of the best things in life are free :- )

Re:Some of the best.... (1)

masmullin (1479239) | about 5 years ago | (#28721937)

But you can keep 'em for the birds and bees
Now give me money (that's what I want)

Re:Some of the best.... (1)

Vancorps (746090) | about 5 years ago | (#28723417)

Like mid-west boobies!

IMPORTANT! PLEASE READ!!! (-1, Flamebait)

Anonymous Coward | about 5 years ago | (#28721853)

It has come to my attention that on May 12, 2003, Slashdot ran a story [slashdot.org] in which it solicited questions for one Fyodor [securite.org] , (in)famous author of Open Source hacker tool nmap. I am rarely roused to action anymore, but I could not let what I saw pass. Millions of innocent security hobbyists and computer enthusiasts are being duped by Slashdot into using tools and websites created by Fyodor [wiretrip.net] without knowing all of the facts:

Fyodor [kitetoa.com] is not a heroic "white hat" security expert, but a depraved, insidious hacker hell-bent on criminal intrusions into systems owned by minors!

Please read on and review some of the facts so that you may come to your own conclusions about Fyodor and nmap.

Beginning innocuously enough with this post [slashdot.org] by one electricmonk [slashdot.org] , supposedly a "Linux booth babe," several lonely Slashdot geeks were trolled into replying, both on Slashdot itself and privately by email. One of the individuals who replied privately by email was none other than the subject of this exposé, Fyodor, cruising for some hot geek-loving ass. Little did Fyodor know that electricmonk [slashdot.org] was none other than SumDeusExMachina [slashdot.org] , AKA SDEM [trollaxor.com] , long-time trolling stalwart. Fyodor had let his hormones get the better of his common sense as he began an attempt to seduce electricmonk [slashdot.org] .

Not wanting to carry his charade on any further (and understandably so, with an over-excited Fyodor on his tail), SDEM explained politely and truthfully to Fyodor about the non-existant Linux booth babe who was really just a bored young man enrolled in college for the Summer. Fyodor's latest hantise femelle destroyed, he vowed revenge on SDEM no matter the cost. The word wanker echoed in his head as he decided not even the law would stop him in his unholy vengeance. In just over a week, Fyodor had owned SDEM's box and began posting about it in trolltalk.

Luckily, on one unbelievably hot, humid Kansas City day back in August of 2002, Dame Fortune guided my hand to save a copy of trolltalk complete with Fyodor gloating [trollaxor.com] at his criminal victory over SDEM. Scroll down a bit and look for posts by fv [slashdot.org] and decide for yourself. We even have a statement from one of the two parties involved [slashdot.org] and a nice summary of events by a very dependable third party [slashdot.org] who witnessed the entire fiasco. And back in the present, we have several [slashdot.org] individuals [slashdot.org] raising [slashdot.org] questions [slashdot.org] about Fyodor's morality and legal status.

I now ask you, gentle sirs and madams, would you use a tool written by a known criminal, especially a known criminal who specifically attacks underage boys? Fyodor's endorsement by Slashdot is obviously a betrayal of simple journalistic integrity and ethics, with both the Slashdot staff and Fyodor standing to experience a significant financial windfall from their collaboration. I urge you to reconsider not only your patronage of Slashdot, but also any viewing or use of tools or websites created by or related to Fyodor. He is not a man to be trusted, nor is he a man at all.

Thank you.

Re:IMPORTANT! PLEASE READ!!! (1)

CarpetShark (865376) | about 5 years ago | (#28722359)

insidious hacker hell-bent on criminal intrusions into systems owned by minors!

It's obviously some dark, nefarious plot to undermine our entire society using robotic tunnelling equipment.

Fyodor is an evil black hat (-1, Troll)

Anonymous Coward | about 5 years ago | (#28721995)

Does Fyodor still hack slashdotters?
http://it.slashdot.org/comments.pl?sid=189213&cid=15582790

Re:Fyodor is an evil black hat (-1, Troll)

Anonymous Coward | about 5 years ago | (#28722295)

And is he still a virgin?

is it recurring theme night? (0)

Anonymous Coward | about 5 years ago | (#28725211)

And is he still a virgin?

Nope. I popped his cherry.

Keep beating that horse (0, Troll)

synthesizerpatel (1210598) | about 5 years ago | (#28722117)

You really have to hand it to Fyodor, he made a career out of nmap and I would assume still manages to get something from it.

But seriously.. nmap 5? Does it have clustering agents yet? AI behind fingerprinting? Enterprise features? TCP scanning is so ZZZzz. lets see some innovation already.

Re:Keep beating that horse (0)

Anonymous Coward | about 5 years ago | (#28722163)

You really have to hand it to Fyodor, he made a career out of nmap and I would assume still manages to get something from it.

I hear he gets booth babes.

Re:Keep beating that horse (-1, Troll)

Anonymous Coward | about 5 years ago | (#28722207)

The type of chicks who'll fuck you because you wrote nmap are the type of chicks who'll fuck you for a bigmac, or who have had far too many bigmacs

Re:Keep beating that horse (5, Informative)

insecuritiez (606865) | about 5 years ago | (#28722561)

Full Disclosure: I am a Nmap developer.

Despite your trollish tone, you're right that there isn't a ton of innovation coming out in just TCP port scanning. The 5.00 release has several scanning performance improvements but port scanning is still port scanning.

But as for innovation/enterprise features:

* OS Fingerprinting (second generation engine)
* Graphing (via the Zenmap front-end) of the network topology
* Service fingerprinting
* Script engine including
    * Windows SMB/CIFS/RPC scripts
    * Windows vulnerability detection scripts
    * SQL Injection scanning script
    * Telnet/HTTP/FTP/SMB brute force scripts
    * Conficker detection script
    * A lot more
* XML output for report generation and nice XLST file for conversion to HTML

If you want to see AI behind OS fingerprinting, then submit a patch. I'd recommend starting with a Support Vector Machine as that has shown the most promise in developer testing.

If you want to see a webapp front-end for scheduling of scans and report generation then start a project.

Nmap is an open source project and despite the release wording, does not believe in bloat. Nmap isn't Nessus and never will be. If you want a client/server architecture or webapp they will be separate tools.

I use Nmap in an enterprise environment to scan 3 /16 networks (all ports). Do you?

Re:Keep beating that horse (1)

sofar (317980) | about 5 years ago | (#28722609)

I use Nmap in an enterprise environment to scan 3 /16 networks (all ports). Do you?

you poor bastard.

I had the sad experience of working on a single /16 network once for a few years. Well, obviously not much "worked" well.

With 3 /16 networks, your life must be hell. I wouldn't trust any of the code you wrote :).

Re:Keep beating that horse (3, Interesting)

timbrown (578202) | about 5 years ago | (#28724037)

Disclosure: I am an OpenVAS [openvas.org] developer...

Nmap does what it does very well. It would be a strange day that I stop using it for pentesting, in fact more likely I'll adopt some of the other tools the project has developed. Ncat in particular sounds great simply because it unifies multiple functions I currently use from other tools. The other thing I like is the NSE, great for quickly cooking up a scanner for 0day threats as we saw with Conficker check they produced.

If you want a Free Software vulnerability scanner, then support OpenVAS. The project is making quiet progress (cleaning up the code base, redesigning the architecture and most importantly adding new NVTs) and has just had a second DevCon in Germany with 16 developers from 4 continents making the trip. Nothings ever perfect but it now has NVT that are not in Nessus so if you're not using it, you're probably missing out. It's worth noting that we at OpenVAS like the nmap developments so much that a couple of the OpenVAS developers are looking to actively contribute and we're considering libnmap as a replacement for the rather fragile port / service discovery functionality we inherited.

Re:Keep beating that horse (-1, Troll)

Anonymous Coward | about 5 years ago | (#28724185)

* OS Fingerprinting (second generation engine)
* Graphing (via the Zenmap front-end) of the network topology
* Service fingerprinting
* Script engine including
        * Windows SMB/CIFS/RPC scripts
        * Windows vulnerability detection scripts
        * SQL Injection scanning script
        * Telnet/HTTP/FTP/SMB brute force scripts
        * Conficker detection script
        * A lot more
* XML output for report generation and nice XLST file for conversion to HTML

lol. lua for your scripting language.. good move. If you used something that had a lot of third-party libraries available it might be useful enough to detract away from the nmap brand.

also:

* graphing isn't innovative

* service fingerprinting isn't innovative and really just a money maker for Fyodor one can only assume by nature of licensing. (see: fingerprints)

* XML output isn't innovative since... you guys have had that for a while. Adding a different _style_ of XML.. is definitely not innovative.

So.. Yeah, I guess you can be proud of contributing but.. you guys aren't innovating. Sorry.

Re:Keep beating that horse (1)

Lord Ender (156273) | about 5 years ago | (#28724397)

Does nmap yet provide a way to update its OS fingerprints? This is the sort of thing that changes constantly, and I haven't found a good, automated way to do this, especially when using linux distribution-maintained nmap packages.

Re:Keep beating that horse (-1, Troll)

Anonymous Coward | about 5 years ago | (#28724713)

So basically, you are giving the standard open source response with faced with critism about missing features: code it yourself or shut up?

Re:Keep beating that horse (1)

RiotingPacifist (1228016) | about 5 years ago | (#28723513)

what do you want a TCP scanner to do? TCP scan. I fail to see how you benifit from clustering, if you know what your doing you can bash out a script that can use a cluster of computers to use nmap, but if you can't do that you don't really have enough of a clue to benifit from it. I also really dislike the idea of adaptive code in a network scanner, you can either recognise a scan as belonging to an os (or being similar) or you cant adaptive AI may workaround having outdated config files but you lose too much in terms of reliability!

Enterprise features?

like? NMAP is a security tool, security tools have to be dumb and require smart operators, what sort of enterprise features do you want from a TCP scanner?

Performance is really the only thing that matters if portscanners are going to matter in ipv6

Re:Keep beating that horse (2, Funny)

geminidomino (614729) | about 5 years ago | (#28729255)

what sort of enterprise features do you want from a TCP scanner?

Build in Email Client, image editor, and web browser, of course. Don't you know that no special-purpose tool is complete without them?

ncat vs socat (1)

loxosceles (580563) | about 5 years ago | (#28723883)

ncat is still fairly limited.

socat (the 2.0 beta versions) is the best app to use for that stuff. It can use arbitrary chains of protocols, which is very useful when dealing with exotic and crazy situations like trying to tunnel stuff through multiple proxies.

http://www.dest-unreach.org/socat/socat-version2.html [dest-unreach.org]

Re:ncat vs socat (1)

buchner.johannes (1139593) | about 5 years ago | (#28726665)

socat is crazy. It supports SSL/TLS and chaining of protocols (e.g. for tunnelling) and you can use this addressing scheme as a library for your projects.

checkout the Manpage [dest-unreach.org] and the examples [dest-unreach.org]

Definitely powerful, but I found it a little picky on command-line parameters -- if you just want to do simple stuff it is not that easy to get into it.

It is significantly faster (1, Informative)

peterthomas2009 (1599563) | about 5 years ago | (#28724083)

I have just added the latest version to HackerTarget.com [hackertarget.com] .

Across the board I am seeing significant speed improvements over 4.85.

Congratulations to the developers this looks like another quality release. I am looking forward to testing some of the new features to determine what additional capabilities can be added to our online scanning.

* Full disclosure - I run HackerTarget.com *

A thousand HP Directjet boxes cry out in pain ... (3, Interesting)

dbIII (701233) | about 5 years ago | (#28724771)

... and are forever silenced. Nmap is great but there are incredibly crappy devices out there that can be killed with a simple port scan. It's a good idea to make sure no such critters are on the subnet you scan when you start playing with nmap. Some non-HP older printers also need a full reset after they have been scanned. Hopefully newer devices are not designed so badly that they expect to be configured by just throwing a few bytes at a port with no attempts to find out if you should be allowed to do it.
Nmap and similar tools will show you that what in the past was called "enterprise" was simply becuase the vendors assumed you had a lot of expendable guys in red to throw at any problem. It can show you where there is none of the security the sales guy said was there.

Re:A thousand HP Directjet boxes cry out in pain . (1)

smash (1351) | about 5 years ago | (#28726401)

Heh. back in 2002 I killed a production SCO OpenServer box (running out company ERP package) with a portscan. Yes, I laughed :D Be careful - though if you can kill a box with NMAP, it probably needs patching or a firmware update.

Or, alternatively, putting in the bin...

Re:A thousand HP Directjet boxes cry out in pain . (1)

yanyan (302849) | about 5 years ago | (#28726971)

What do you mean by "killed"? The machine stops working forever?

Now this isn't the same scenario, but i have a Westell DSL modem + router combo that gets disconnected from the network and resets itself when i do a portscan of my ISP's network. I RTFM'd and tried the --scan-delay option, which fixed the disconnection and reset issue i was having. My theory is that the next hop had a threshold-based security feature, or the ISP had flaky hardware that couldn't handle the storm of packets.

Re:A thousand HP Directjet boxes cry out in pain . (1)

dbIII (701233) | about 5 years ago | (#28727495)

What do you mean by "killed"? The machine stops working forever?

Sadly yes, everything apart from the power light, it appears the firmware was flashed and filled with rubbish. HP Directjet EX Plus printserver - expensive piece of utter garbage that can really be replaced with other stuff but there are still a few around. Some HP printers and an Oce plotter required a reset to factory settings after a port scan but ran again after that. Quite an embarrassing first week at a new site but it turned up a rooted box that was hosting copies of porn dvds by ftp and costing a fortune in bandwidth charges (dunno why the accountants never asked why IT was spending it's yearly budget each month). Some manufacturers just leave security holes so an arbitrary string of bytes sent to the right port get the thing to run internal commands. Very shortsighted design on any sort of networked device and I can only assume the idiots that implemented it copied the things from some serial port stuff without thinking about a network. A dying network card sending noise could probably kill these things.

netcat /email (1, Informative)

Anonymous Coward | about 5 years ago | (#28725801)

we're still waiting for them to add email and ftp clients

Fyodor added ncat, which means you've *already* got ftp and email support. Now I bet you're gonna complain that ftp & email are hard or something, when you have to hand type the bytes...

Re:netcat /email (0)

Anonymous Coward | about 5 years ago | (#28725879)

Hard? In MY day, we had to write the IP headers ourselves? And you know what? ...

.... nevermind. You know where I'm going, and it's just going to end up with a xkcd reference..

Oh, cool! (1)

jra (5600) | about 5 years ago | (#28725913)

I'm sure movie producers everywhere [nmap.org] are pleased to hear this.

"Damnit, Eddie, that version of nmap is out of date!"

Re:Oh, cool! (0)

Anonymous Coward | about 5 years ago | (#28729415)

Color me shocked that there are no seeded torrents of haxxxor to be found (just a really old, abandoned one on TPB)

Hallelujah! (0)

Anonymous Coward | about 5 years ago | (#28726231)

This makes Windows 7 so much more of a bargain!

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...