Nmap 7.95 - 2024-04-23

[FunkyBuddha]

Windows

While Nmap was once a Unix-only tool, a Windows version was released in 2000 and has since become the second most popular Nmap platform (behind Linux). Because of this popularity and the fact that many Windows users do not have a compiler, binary executables are distributed for each major Nmap release. We support Nmap on Windows 7 and newer, as well as Windows Server 2008 and newer. We also maintain a guide for users who must run Nmap on earlier Windows releases. While it has improved dramatically, the Windows port is not quite as efficient as on Unix. Here are the known limitations:

• Nmap only supports ethernet interfaces (including most 802.11 wireless cards and many VPN clients) for raw packet scans. Unless you use the -sT -Pn options, RAS connections (such as PPP dialups) and certain VPN clients are not supported. This support was dropped when Microsoft removed raw TCP/IP socket support in Windows XP SP2. Now Nmap must send lower-level ethernet frames instead.

• When using Nmap without Npcap, you cannot generally scan your own machine from itself (using a loopback IP such as 127.0.0.1 or any of its registered IP addresses). This is a Windows limitation that we have worked around in Npcap, which is included in the Windows self-installer. Users stuck without a Npcap installation can use a TCP connect scan without pinging (-sT -Pn) as that uses the high level socket API rather than sending raw packets.

Scan speeds on Windows are generally comparable to those on Unix, though the latter often has a slight performance edge. One exception to this is connect scan (-sT), which is often much slower on Windows because of deficiencies in the Windows networking API. This is a shame, since that is the one TCP scan that works over all networking types (not just ethernet, like the raw packet scans). Connect scan performance can be improved substantially by applying the Registry changes in the nmap_performance.reg file included with Nmap. By default these changes are applied for you by the Nmap executable installer. This registry file is in the nmap-<version> directory of the Windows binary zip file, and nmap-<version>/mswin32 in the source tarball (where <version> is the version number of the specific release). These changes increase the number of ephemeral ports reserved for user applications (such as Nmap) and reduce the time delay before a closed connection can be reused. Most people simply check the box to apply these changes in the executable Nmap installer, but you can also apply them by double-clicking on nmap_performance.reg, or by running the command regedt32 nmap_performance.reg. To make the changes by hand, add these three Registry DWORD values to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters:

MaxUserPort

Set a large value such as 65534 (0x0000fffe). See MS KB 196271.

TCPTimedWaitDelay

Set the minimum value (0x0000001e). See MS KB 149532.

StrictTimeWaitSeqCheck

Set to 1 so TCPTimedWaitDelay is checked.

 

Info:

Quote

Hidden Content

Give reaction to this post to see the hidden content.

Nmap and Npcap Links:

Quote

Hidden Content

Give reaction to this post to see the hidden content.

Hidden Content

Give reaction to this post to see the hidden content.

 

[FunkyBuddha]

Nmap 7.95 [2024-04-23]

Hidden Content

Give reaction to this post to see the hidden content.

• Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures, bringing the new total to 6,036. Additions include iOS 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
• Integrated over 2,500 service/version detection fingerprints. The signature count went up 1.4% to 12,089, including 9 new softmatches. We now detect 1,246 protocols, including new additions of grpc, mysqlx, essnet, remotemouse, and tuya.
• [Windows]Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.75 to the latest version 1.79. It includes many performance improvements, bug fixes and feature enhancements described at https://npcap.com/changelog.
• [NSE]Added four new scripts from the DINA community (https://github.com/DINA-community) for querying industrial control systems:
  • hartip-info reads device information from devices using the Highway Addressable Remote Transducer protocol
  • iec61850-mms queries devices using Manufacturing Message Specification requests. [Dennis Rösch, Max Helbig]
  • multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All message and prints the responses. [Stefan Eiwanger, DINA-community]
  • profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the PNIO-CM service.
• Improvements to OS detection fingerprint matching, including a syntax change for nmap-os-db that allows ranges within the TCP Options string. This leads to more concise and maintainable fingerprints. [Daniel Miller]
• Improved the OS detection engine by using a new source port for each retry. Scans from systems such as Windows that do not send RST for unsolicited SYN|ACK responses were previously unable to get a response in subsequent tries. [Daniel Miller]
• Several profile-guided optimizations of the port scan engine. [Daniel Miller]
• Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2 1.11.0, liblinear 2.47
• [GH#2639]Upgraded OpenSSL binaries (for the Windows builds and for RPMs) to version 3.0.13. This addresses various OpenSSL vulnerabilities which don't impact Nmap (full details are in the GH issue).
• [GH#2672]Fixed an issue where TCP Connect scan (-sT) on Windows would fail to open any sockets, leading to scans that never finish. [Daniel Miller]
• [Zenmap][Ndiff][GH#2649]Zenmap and Ndiff now use setuptools, not distutils

  for packaging.
  

• [Ncat][GH#2685]Fixed Ncat UDP server mode to not quit after EOF on stdin. Reported as Debian bug: httpx://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613
• [NSE]ssh-auth-methods will now print the pre-authentication banner text when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
• [Zenmap][GH#2739]Fix a crash in Zenmap when changing a host comment.
• [NSE][GH#2766]Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
• [Zenmap][GH#2706]RPM spec files now correctly require the python3 package, not python>=3
• [GH#2731]Fix an out-of-bounds read which led to out-of-memory errors when duplicate addresses were used with --exclude
• [GH#2609]Fixed a memory leak in Nsock: compiled pcap filters were not freed.
• [GH#2658]Fixed a crash when using service name wildcards with -p, as in -p "http*"
• [NSE]Fixed DNS TXT record parsing bug which caused asn-query to fail in Nmap 7.80 and later. [David Fifield, Mike Pattrick]
• [NSE][GH#2727][GH#2728]Fixed packet size testing in KNX scripts [f0rw4rd]

Link:

Quote

Hidden Content

Give reaction to this post to see the hidden content.