Nmap Security Scanner
News
- Nmap 5.50 Released: Now with Gopher protocol support! Our first stable release in a year includes 177 NSE scripts, 2,982 OS fingerprints, and 7,319 version detection signatures. Release focuses were the Nmap Scripting Engine, performance, Zenmap GUI, and the Nping packet analysis tool. [Download page | Release notes]
- Those who missed Defcon can now watch Fyodor and David Fifield demonstrate the power of the Nmap Scripting Engine. They give an overview of NSE, use it to explore Microsoft's global network, write an NSE script from scratch, and hack a webcam--all in 38 minutes! (Presentation video)
- Icons of the Web: explore favicons for the top million web sites with our new poster and online viewer.
- We have 8 college/grad students working full time this year to improve Nmap! Meet the 2010 Nmap/Google Summer of Code Team!
- We're delighted to announce the immediate, free availability of the Nmap Security Scanner version 5.00. Don't miss the top 5 improvements in Nmap 5.
- After years of effort, we are delighted to release Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning!
- We now have an active Nmap Facebook page and Twitter feed to augment the mailing lists. All of these options offer RSS feeds as well.
Introduction
Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in eight movies, including The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum.
Nmap is ...
Read More and Download...http://nmap.org/
I looked in my Fedora 14 Repos and I already had Nmap and some companion apps installed. But, I don't remember trying it out. That happens allot. I install Apps allot thinking I will try them out later and then forget all bout it... I noticed a GTK GUI App too so I installed it as well. This gave me Zenmap too. So, I tried it out and it is great!:) First it opens up a little root login window. Just give it your root password (in Fedora, Ubuntu may take setting a root password, not sure) and go to work. I scanned my Computer and my Web Server. It works very fast and gives allot of very helpful info on Open Ports and even told me what my Hosts Allow File said. I will definitely be using Zenmap from now on... Umit, the other GUI for Nmap just gives an error message and doesn't let you give it a root password. So, you would have to open Umit from a root Terminal Window. Not a real problem. But what a Pain!:O Come on People the lack of GUI's in otherwise great Applications, is one of the Main Reasons that People aren't switching to Linux!:O But, I did it even though I didn't want to;) Umit does all the same things that Zenmap does, with a couple of differences. It uses different names for the Scan Types. And it has a Wizard called Umit Command constructor wizard. It looks pretty cool, but I have to admit I'm not a Network Pro, so I really didn't know what I was doing with it. I just selected some things that I am familiar with and went through it, like TCP connect scan and a couple of things that sounded interesting. The first time it tried to do the scan and then got an error, saying that two of the things I selected couldn't be done together. The second time, I just selected TCP connect scan and left the rest blank. That just gave me a simple Operating System Detection scan. Which I could have just selected from the Drop Down List on in the Main Window. So, there's a learning curve for me there. All in all, I like the Zenmap GUI best for running Nmap. It is fast and easy for a Novice. That's what has in the Wizard, Novice and Expert modes... Definitely, whither you are an Expert or Novice in all things to do with Networking and Security. Nmap is a Great Tool to Try Out!:)
Don
Rather than give a dry overview of NSE, Fyodor and Nmap co-maintainer David Fifield demonstrate practical solutions to common problems. They have scanned millions of hosts with NSE and discuss vulnerabilities found on enterprise networks and how Nmap can be used to quickly detect those problems on your own systems. Then they demonstrate how easy it is to write custom NSE scripts by writing one from scratch and using it to hack a webcam. All in 38 minutes, as given live at Defcon 18!
Presentation Video
Go there and Watch or Download the Videos...http://nmap.org/presentations/BHDC10/
Mastering the Nmap Scripting Engine - Fyodor & David Fifield - Defcon 18 from Gordon Fyodor Lyon on Vimeo.