Nmap is of course of the most famous port scanners and hacking tools of all time, the last stable release was back in July 2009.

For those that may not know, Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Nmap 5.20 offers more than 150 significant improvements, including:

• 30+ new Nmap Scripting Engine scripts
• Enhanced performance and reduced memory consumption
• Protocol-specific payloads for more effectie UDP scanning
• A completely rewritten traceroute engine
• Massive OS and version detection DB updates (10,000+ signatures)

You can download Nmap 5.21 here (more options):

Linux – nmap-5.21.tgz
Windows – nmap-5.21-win32.zip

Or read more here.

At last a new major release of Nmap!

If for some odd reason you don’t already know what Nmap is, it is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

The changelog shows 320 changes since 4.00 with a lot of great stuff in this release! It has a brand new GUI and results viewer (Zenmap), a scripting engine allowing you to write your own scripts for high-performance network discovery (or use one of the 40 scripts shipped with it), the 2nd generation OS detection system (now with more than a thousand fingerprints), nearly 1,500 more version detection signatures, and a lot more!

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

More on Zenmap here:

Zenmap – the Nmap GUI

You can download the new Nmap here:

Nmap 4.50

Or read more here.

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has.

Nmap approaches to fingerprinting as shown to be efficient for years. Nowadays, with the omni-presence of stateful filtering devices, PAT/NAT configurations and emerging packet normalization technologies, its approach to OS fingerprinting is becoming to be obsolete.

SinFP uses the aforementioned limitations as a basis for tests to be obsolutely avoided in used frames to identify accurately the remote operating system. That is, it only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3 (with only 1 test giving the OS reliably in most cases).

SinFP 2.04 is now available, which for the first time, can now run under Windows ActivePerl.

More info here:

SinFP

SinFP has now more than 130 signatures in its database.

For Windows users, follow these instructions:

This was tested with ActivePerl 5.8.8.819, with PPM v4.0.

  # If you are behind a proxy:
  C:\> set http_proxy=http://username:password@proxy:port

  # Add gomor repository
  C:\> ppm repo add gomor http://www.gomor.org/files/ppm/repo-8xx

  # Disable all other repo, if you have many. Or only ActiveState repo
  # by default
  C:\> ppm repo 1 off
  ...
  C:\> ppm install Net-SinFP

  # Re-enable all other repo
  C:\> ppm repo 1 on
  ...

  Launch it:
  C:\> perl C:\perl\site\bin\sinfp.pl

If you have error messages about failing to load some .dll, go to www.microsoft.com. Then, in the search field, type in vcredist_x86.exe, download it and install it.

OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.

SinFP uses the aforementioned limitations as a basis for tests to be obsolutely avoided in used frames to identify accurately the remote operating system. That is, it only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3 (with only 1 test giving the OS reliably in most cases).

New for 2.00:

• complete rewrite
• sinfp.db completely reworked
• new tests based on comparison between probe and response (TCP seq/ack comparison, IP ID value comparison)
• new matching algorithm, works like a search engine (a problem of finding intersection, by applying a deformation mask on keywords) much more efficient than in 1.xx branch
• possibility to manually pass a matching mask to change at will the matching algorithm
• passive fingerprinting much more acurate thanks to new matching algorithm
• possibility to launch P1P2P3 probes, or only P1P2 probes, or only P2 probe
• match IPv6 signatures against IPv4 ones
• API changes, not compatible with 1.xx version anymore
• DB schema changes, not compatible with 1.xx version anymore
• many bugfixes

To read more you can check out the SinFP Homepage.

You can download SinFP directly here.

OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has.

Nmap approaches to fingerprinting as shown to be efficient for years. Nowadays, with the omni-presence of stateful filtering devices, PAT/NAT configurations and emerging packet normalization, its approach to OS fingerprinting is becoming to be obsolete.

SinFP uses the aforementioned limitations as a basis for tests to be obsolutely avoided in used frames to identify accurately the remote operating system. That is, it only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3 (with
only 1 test giving the OS reliably in most cases).

Features list:

• full OS fingerprinting suite, built as a Perl module
• active fingerprinting
• passive fingerprinting (with signature matching made against active ones)
• works the same over IPv4 and IPv6 (yes, IPv6 fingerprinting)
• online mode
• offline mode (especially useful when you have a pcap file)
• heuristic matching algorithm to avoid the need to write new signature for a target stack which has some TCP option deactivated, or changed window size

To read more you can check out the SinFP Homepage.

You can download SinFP directly here.