The Nmap Project has officially launched the highly anticipated Nmap 7.96, bringing a wealth of new features, performance upgrades, and bug fixes to the popular network scanning tool. As a fundamental utility for network discovery and security auditing, Nmap has been a go-to solution for security professionals, and version 7.96 makes it even more powerful.
One of the standout features of Nmap 7.96 is the massive overhaul of its DNS resolution system. The new approach leverages parallel forward DNS lookups, speeding up the scanning process. For example, resolving one million website names to both IPv4 and IPv6 now takes just over an hour, a vast improvement from the previous method, which could take up to 49 hours. This improvement is especially beneficial when scanning large lists of hostnames, making Nmap more efficient and effective for network audits and vulnerability assessments.
In addition to DNS resolution improvements, Nmap 7.96 introduces several upgrades to its underlying libraries. The updated versions of OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1, libpcap 1.10.5, and libpcre2 10.45 offer enhanced performance and greater compatibility with modern systems. These updates are crucial for security professionals who rely on Nmap for network reconnaissance and vulnerability assessment tasks.
New and Improved Features with Nmap 7.96
Alongside these technical enhancements, Nmap 7.96 includes a host of new features designed to streamline the user experience and bolster its capabilities. NSE (Nmap Scripting Engine), a key part of Nmap, has received several new scripts. Notably, the mikrotik-routeros-version script queries MikroTik’s WinBox router admin service to obtain RouterOS version information, while the mikrotik-routeros-username-brute script helps automate brute-force attacks against MikroTik routers using CVE-2024-54772. Another script, targets-ipv6-eui64, generates IPv6 target addresses from MAC addresses using the EUI-64 method. With these additions, the Nmap Scripting Engine continues to expand, bringing the total number of NSE scripts to 612.
The update also introduces dark mode for Zenmap, Nmap’s graphical user interface. This feature allows users to toggle dark mode through the “Profile->Toggle Dark Mode” setting or by configuring the window::dark_mode parameter in the zenmap.conf file. The new theme offers improved usability in low-light environments and reduces eye strain, particularly during extended scanning sessions.
Ncat, another component of the Nmap suite, has also undergone improvements. It now features a new default mode for closing connections and introduces the “-q” option, which delays the program’s exit after receiving an EOF (end of file) from standard input.
Enhanced Scanning Capabilities
The core functionality of Nmap 7.96 has been bolstered with several scanning improvements that make it even more efficient for security professionals. Key highlights include:
- Parallel DNS Resolution: Nmap now performs forward DNS lookups in parallel, drastically reducing scan times. This new method utilizes the same high-performance engine previously used for reverse DNS resolution.
- Custom Stub Resolver: Nmap continues to use its own custom DNS resolver, allowing it to perform multiple requests in parallel instead of relying on slower system DNS libraries.
- Flexible DNS Resolution Options: Users can fine-tune DNS resolution using various options such as -n (disable DNS), -R (always resolve), –system-dns (use system resolver), and –dns-servers (specify custom DNS servers).
- Improved DNS Parsing: The release also enhances domain name parsing, addressing issues with recursion and enforcing name length limits to prevent stack overflow vulnerabilities.
These improvements not only speed up the scanning process but also enhance Nmap’s reliability when working with large-scale networks or domains.
Bug Fixes and Compatibility Enhancements
Nmap 7.96 also addresses several long-standing issues. Notably, it resolves problems with the IOCP Nsock engine on Windows, as well as a bug in TCP Connect scans (-sT) where ports were incorrectly labeled as “filtered” instead of “closed.” Additionally, users can now scan IP protocol 255 and have the ability to specify target lists both from the command line and input files, a feature previously unavailable.
Conclusion
Nmap 7.96 introduces new improvements, offering faster scans and greater flexibility, especially for large-scale host discovery, while enhancing the functionality of the Nmap Scripting Engine (NSE) with new scripts that target specific vulnerabilities and automate tasks.
The upgraded DNS resolution and parallel query handling further solidify Nmap as one of the fastest and most reliable tools for network security. This release continues the Nmap Project’s commitment to providing essential tools for network administrators, security auditors, and ethical hackers, with the latest version available for download in various formats from the official website.
