Uses raw IP packets in novel ways to determine what hosts are available on the network
Nmap stands for Network Mapper. Nmap was designed to be a simple utility for network exploration or security auditing.
Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
Here are some key features of "Nmap":
· Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page
· Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines
· Portable
· Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source
· Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, and tutorials. Find them in multiple languages here
· Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list
What's New in This Release: [ read full changelog ]
· [NSE] Added the script http-traceroute, which exploits the Max-Forwards HTTP header to detect reverse proxies.
· Added the script distcc-CVE-2004-2687 that checks and exploits a remote command execution vulnerability in distcc.
· Added two new scripts mysql-query and mysql-dump-hashes, which add support for performing custom MySQL queries and dump MySQL password hashes.
· Improved the mysql library to handle multiple columns with the same name, added a formatResultset function to format a query response to a table suitable for script output.
· The message "nexthost: failed to determine route to ..." is now a warning rather than a fatal error. Addresses that are skipped in this way are recorded in the XML output as elements.
· [NSE] Added the script http-drupal-modules, which enumerates the installed Drupal modules using drupal-modules.lst.
· [NSE] Added http-vuln-cve2012-1823.nse, which checks for PHP CGI installations with a remote code execution vulnerability.
Site Download Here
Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
Here are some key features of "Nmap":
· Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page
· Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines
· Portable
· Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source
· Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, and tutorials. Find them in multiple languages here
· Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list
What's New in This Release: [ read full changelog ]
· [NSE] Added the script http-traceroute, which exploits the Max-Forwards HTTP header to detect reverse proxies.
· Added the script distcc-CVE-2004-2687 that checks and exploits a remote command execution vulnerability in distcc.
· Added two new scripts mysql-query and mysql-dump-hashes, which add support for performing custom MySQL queries and dump MySQL password hashes.
· Improved the mysql library to handle multiple columns with the same name, added a formatResultset function to format a query response to a table suitable for script output.
· The message "nexthost: failed to determine route to ..." is now a warning rather than a fatal error. Addresses that are skipped in this way are recorded in the XML output as elements.
· [NSE] Added the script http-drupal-modules, which enumerates the installed Drupal modules using drupal-modules.lst.
· [NSE] Added http-vuln-cve2012-1823.nse, which checks for PHP CGI installations with a remote code execution vulnerability.
Site Download Here
Tidak ada komentar:
Posting Komentar
Hanya manusia yang berkomentar baik dan sopan. sedangkan hanya binatang yang berkomentar buruk dan tidak memikirkan perasaan dan tidak menghargai orang lain... Trima kasih....