July 31, 2002 (2:37 AM PDT) -- Insecure.Org is pleased to announce
the immediate, free availability of the Nmap Security Scanner version
3.00 from http://nmap.org/
Nmap is a utility for network exploration or security auditing. It
supports ping scanning (determine which hosts are up), many port
scanning techniques (determine what services the hosts are offering),
and TCP/IP fingerprinting (remote host operating system
identification). Nmap also offers flexible target and port
specification, decoy/stealth scanning, sunRPC scanning, and more.
Most UNIX and Windows platforms are supported in both GUI and
command-line modes. Several popular handheld devices are also
supported, including the Sharp Zaurus and the iPAQ.
Nmap has been named "Security Product of the Year" by Linux
Journal, Info World and Codetalker Digest. It has also been praised
by Network World, Wired, 2600, Computer World, Information Security,
Sun World, SANS, the CIO Institute Bulletin, and Phrack. It is
currently the 8th most popular program (out of 24,000+) on the
Freshmeat.Net software index .
Version 3.00 is the first "stable" release since 2.53 (May '00), and
we recommend that all current users upgrade. Improvements from 39 public beta releases have gone into this version.
Here is a list of the most important advantages of Nmap3 over
2.53. See the ChangeLog for a more comprehensive list:
- Added protocol scan (-sO), which determines what IP protocols
(TCP, IGMP, GRE, UDP, ICMP, etc) are supported by a given host. This
uses a clever technique designed and implemented by Gerhard Rieger .
- Nmap now recognizes more than 700 operating system versions and
network devices (printers, webcams, routers, etc) thanks to thousands
of contributions from the user community! Many operating systems were
even recognized by Nmap prior to their official release. Nmap3 also
recognizes 2148 port assignments, 451 SunRPC services, and 144 IP
- Added Idlescan (-sI), which bounces the scan off a "zombie" machine.
This can be used to bypass certain (poorly configured) firewalls and
packet filters. In addition, this is the most stealthy Nmap scan
mode, as no packets are sent to the target from your true IP address.
- The base Nmap package now builds and functions under Windows! It
is distributed in three forms: build-it-yourself source code, a
simple command-line package, or along with a nice GUI interface
(NmapWin) and a fancy installer. This is due to the hard work of
Ryan Permeh (from eEye), Andy Lutomirski, and Jens Vogt.
- Mac OS X is now supported, as well as the latest versions of
Linux, OpenBSD, Solaris, FreeBSD, and most other UNIX platforms.
Nmap has also been ported to several handheld devices -- see the
Projects page for further information.
- XML output (-oX) is now available for smooth interoperability between Nmap and other tools.
- Added ICMP Timestamp and Netmask ping types (-PP and -PM). These
(especially timestamp) can be useful against some hosts that do not
respond to normal ping (-PI) packets. Nmap still allows TCP "ping"
- Nmap can now detect the uptime of many hosts when the OS Scan option (-O) is used.
- Several new tests have been added to make OS detection more accurate and provide more granular version information.
- Removed 128.210.*.* addresses from Nmap man page examples due to
complaints from Purdue security staff.
- The --data_length option was added, allowing for longer probe
packets. Among other uses, this defeats certain simplistic IDS
- You can now specify distinct port UDP and TCP port numbers in a single scan command using a command like 'nmap -sSU -p U:53,111,137,T:21-25,80,139,515,6000,8080 target.com'. See the man page for more usage info.
- Added mysterious, undocumented --scanflags and --fuzzy options.
- Nmap now provides IPID as well as TCP ISN sequence predictability reports if you use -v and -O.
- SYN scan is now the default scan type for privileged (root)
users. This is usually offers greater performance while reducing
- Capitalized all references to God in error messages.
- Added List scan (-sL) which enumerates targets without scanning them.
- The Nmap "random IP" scanning mode is now smart enough to skip many unallocated netblocks.
- Tons of more minor features, bugfixes, and portability enhancements.
With this "stable" version out of the way, we plan to dive headfirst
into the next development cycle. Many exciting features are in the
queue, including IPv6 support, service fingerprinting, improved
performance against heavily filtered hosts, and more! Developers (or
active testers) interested in participating can join the nmap-dev list
by sending a blank email to firstname.lastname@example.org . If you
want to be notified of new releases and important announcements, send
a blank email to email@example.com to join that
Nmap is available for download from http://insecure.org/nmap
in source or binary (Linux/Windows) form. Nmap is Free software distributed under the terms of the GNU General Public License (GPL).
Direct questions or comments to firstname.lastname@example.org .
We would like to acknowledge and thank the many people who
contributed ideas and/or code to this release. Special thanks go to
Albert Chin, Alex Volkov, Andy Lutomirski, Chad Loder, Colin Phipps,
Donna Andert, Dragos Ruiu, Eilon Gishri, Evan Sparks, Jeff Nathan,
Gerhard Rieger, Germano Caronni, Giacomo Cariello, Greg Steuck, H D
Moore, Jay Freeman (Saurik), Jens Vogt, Kirby Kuehl (Vacuum), Lamont
Granquist, LaMont Jones, Lance Spitzner, Markus A. Nonym, Martyn
Tovey, Matt Connover (Shok), Matt Hargett, Matthew Franz, Nicolas
Dawson, Pasi Eronen, Patrick Mueller, Pieter ten Pierick, Ping Huang,
Raymond Mercier, Renaud Deraison, Ryan Permeh, Salvatore Sanfilippo
(Antirez), Scott Renfro, Sebastien Peterson, Takehiro Yonekura, Tim
Adam, William McVey, William Robertson, Zope Kitten, and everyone I
And of course we would also like to thank the thousands of people
who have submitted OS fingerprints and everyone who has found and
reported bugs or suggested features.
For further information, see http://insecure.org/.