The security community has spoken! 3,000 of you shared favorite security tools for our relaunched SecTools.Org. It is sort of like Yelp for security tools. Are you familiar with all of the 49 new tools in this edition?
Nmap 5.50 Released: Now with Gopher protocol support! Our first stable release in a year includes 177 NSE scripts, 2,982 OS fingerprints, and 7,319 version detection signatures. Release focuses were the Nmap Scripting Engine, performance, Zenmap GUI, and the Nping packet analysis tool. [Download page | Release notes]
Those who missed Defcon can now watch Fyodor and David Fifield demonstrate the power of the Nmap Scripting Engine. They give an overview of NSE, use it to explore Microsoft's global network, write an NSE script from scratch, and hack a webcam--all in 38 minutes! (Presentation video)
Nmap ("Network Mapper") is a free and open source
(license) utility for
network discovery and security auditing. Many systems and network
administrators also find it useful for tasks such as network
inventory, managing service upgrade schedules, and monitoring host or
service uptime. Nmap uses raw IP packets in novel ways to determine
what hosts are available on the network, what services (application
name and version) those hosts are offering, what operating systems
(and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other characteristics. It
was designed to rapidly scan large networks, but works fine against
single hosts. Nmap runs on all major computer operating systems, and
official binary packages are available for Linux, Windows, and Mac OS
X. In addition to the classic command-line Nmap executable, the Nmap
suite includes an advanced GUI and results viewer
(Zenmap), a flexible data
transfer, redirection, and debugging tool
(Ncat), a utility for
comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Powerful: Nmap has been used to scan huge networks of
literally hundreds of thousands of machines.
Portable: Most operating systems are supported, including
Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX,
NetBSD, Sun OS, Amiga, and more.
Easy: While Nmap offers a rich set of advanced features for
power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI)
versions are available to suit your preference. Binaries are
available for those who do not wish to compile Nmap from source.
Free: The primary goals of the Nmap Project is to help make
the Internet a little more secure and to provide
administrators/auditors/hackers with an advanced tool for exploring
their networks. Nmap is available for free download, and also comes with full
source code that you may modify and redistribute under the terms of
Well Documented: Significant effort has been put into
comprehensive and up-to-date man pages, whitepapers, tutorials, and
even a whole book! Find them in multiple
Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
Acclaimed: Nmap has won numerous awards, including
"Information Security Product of the Year" by Linux Journal, Info
World and Codetalker Digest. It has been featured in hundreds of
magazine articles, several movies, dozens of books, and one comic book
series. Visit the press page
for further details.
Popular: Thousands of people download Nmap every day, and
it is included with many operating systems (Redhat Linux, Debian
Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of
30,000) programs at the Freshmeat.Net repository. This is important
because it lends Nmap its vibrant development and user support
Nmap users are encouraged to subscribe to the Nmap-hackers
mailing list. It is a low volume (4 posts in 2009), moderated list
for the most important announcements about Nmap, Insecure.org, and
related projects. You can join more than 75,000 current subscribers
by submitting your email address here:
We also have a development list for more hardcore members
(especially programmers) who are interested in helping the project by
helping with coding, testing, feature ideas, etc. New (test/beta)
versions of Nmap are sometimes released here prior to general
availability for QA purposes. You can subscribe at the Nmap-dev list
Both lists are archived (along with many other security lists) at Seclists.org.
Though it isn't nearly as active as the mailing lists, the official IRC channel is #nmap on Freenode (irc.freenode.net).