Nmap 7.80 DEF CON Release: First Stable Version in Over a Year

Mark Funk
Posted by Mark Funk August 13, 2019
NMAP

In an article on the mailing list of “Nmap Announce,” developer Gordon Lyon announced that Nmap 7.80 had been released at the DEF CON Security Conference.

“That is my first official Nmap release in more than a year, and I hope you’ll find it worth waiting for” With this release Nmap is updated to version 7.80, with many changes to the Npacp packet capture library, which gives stronger assistance to Windows 10 than in the past Winpcap library.

“The Npcap Windows packet capturing library (https://npcap.org/) is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all of these changes from the last 15 Npcap releases: https://nmap.org/npcap/changelog” stated the NMap 7.80 changelog.

Npcap is intended to substitute the Winpcap capture library used for many network sniffing and port scanning instruments, such as Nmap and Wireshark. Because Winpcap depends on older APIs Microsoft can always alter, projects have switched to Npcap, which utilizes advanced APIs and has improvements in efficiency.

Eleven additional Nmap Scripting Engine (NSE) scripts contributed by eight different authors have also been included in Nmap 7.80. The new NSEs listed are:

  • [GH#1232] broadcast-hid-discoveryd discovers HID devices on a LAN by sending a discoveryd network broadcast probe. [Brendan Coles]
  • [GH#1236] broadcast-jenkins-discover discovers Jenkins servers on a LAN by sending a discovery broadcast probe. [Brendan Coles]
  • [GH#1016][GH#1082] http-hp-ilo-info extracts information from HP Integrated Lights-Out (iLO) servers. [rajeevrmenon97]
  • [GH#1243] http-sap-netweaver-leak detects SAP Netweaver Portal with the Knowledge Management Unit enabled with anonymous access. [ArphanetX]
  • https-redirect detects HTTP servers that redirect to the same port, but with HTTPS. Some nginx servers do this, which made ssl-* scripts not run properly. [Daniel Miller]
  • [GH#1504] lu-enum enumerates Logical Units (LU) of TN3270E servers. [Soldier of Fortran]
  • [GH#1633] rdp-ntlm-info extracts Windows domain information from RDP services. [Tom Sellers]
  • smb-vuln-webexec checks whether the WebExService is installed and allows code execution. [Ron Bowes]
  • smb-webexec-exploit exploits the WebExService to run arbitrary commands with SYSTEM privileges. [Ron Bowes]
  • [GH#1457] ubiquiti-discovery extracts information from the Ubiquiti Discovery service and assists version detection. [Tom Sellers]
  • [GH#1126] vulners queries the Vulners CVE database API using CPE information from Nmap’s service and application version detection. [GMedian, Daniel Miller]

Nmap 7.80 can now be downloaded from the main download page for Windows, Linux and Mac OS.

Mark Funk
Mark Funk
View More Posts
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.