For reasons unknown, Hollywood has decided that Nmap is the
tool to show whenever hacking scenes are needed. At least it is a lot
more realistic than silly 3D animation approach used in many previous
movies (e.g. "hacking the Gibson" on Hackers, or the much worse
portrayals on Swordfish). We always like to see Nmap in the movies,
so we have catalogued known instances here.
If you catch Nmap in another flick,
please mail Fyodor. The
first person to do so wins a signed copy
of Nmap Network Scanning and credit on this page when the movie is added!
Movie script writers, artists, and digital asset managers are also
welcome to email Fyodor for
advice. We've been pleased to help out to make a number of movies slightly more realistic and entertaining by improving the hacking scenes.
While Nmap had been used in some previous obscure movies, it was
The Matrix Reloaded (IMDB) which really turned Nmap into a movie star!
We have all seen many movies like Hackers which pass off ridiculous 3D animated eye-candy scenes as hacking. So Fyodor was
shocked to find that Trinity does it properly in The Matrix Reloaded.
Needing to hack the city power grid, she whips out Nmap version
2.54BETA25, uses
it to find a vulnerable SSH server, and then proceeds to exploit it
using the SSH1
CRC32 exploit from 2001. Shame on the city for being vulnerable (timing notes).
JWZ has added this cracking scene as an XScreenSaver 4.10 Easter Egg - run 'xmatrix -small -crack'.
Several people have submitted matrix-themed banners to the propaganda gallery. Feel free to use any of these to link to Insecure.org - we appreciate it!
The UK's Scotland Yard Computer Crime Unit and the British Computer Society have put out a joint warning that "Viewers of the new box office blockbuster 'Matrix Reloaded' should not be tempted to emulate the realistic depiction of computer hacking." Kids - don't try this at home!
Bourne Ultimatum
In The Bourne Ultimatum (Wikipedia, IMDB), the CIA needs to hack the mail server of a newspaper (The Guardian UK) to read the email of a reporter they assassinated. So they turn to Nmap and its new official GUI Zenmap to hack the mail server! Nmap reports that the mail server is running SSH 3.9p1, Posfix smtpd, and a name server (presumably bind). They also make substantial use of Bash, the Bourne-again shell. Congratulations to Roger Chui for being the first to spot this. He also sent a scene transcript and the following HD screen shots (click for full resolution):
Die Hard 4
Yippee Ki-Yay! In Die Hard 4: Live Free or Die Hard
(Wikipedia,
IMDB), Detective John McClane (Bruce Willis) is dispatched to retrieve hacker Matthew Farrell (Justin Long) because the FBI suspects him of breaching their computer systems. Later, Justin is enlisted to help thwart terrorist mastermind Thomas Gabrial's attempts at total World destruction. In this Scene, Farrell demonstrates his Nmap skills:
Thanks to Andrew Hake for catching the cameo and sending these HD screen shots.The scene occurs about 8 minutes into the movie.
The Girl with the Dragon Tattoo
The Girl with the Dragon Tattoo (Swedish: Män som hatar kvinnor) is a 2009 Swedish thriller film (Wikipedia,
IMDB) based on the Internationally bestselling novel by Stieg Larsson. It follows Lisabeth, a troubled young hacker suffering from Asperger syndrome and a history of abuse by authority figures, as she works with a journalist trying to solve a 40-year old murder mystery. It was the third-highest grossing non-English film of 2009.
Nmap and NmapFE were used in
The Listening (IMDB), a 2006 movie about a former NSA officer who defects and mounts a clandestine counter-listening station high in the Italian alps. Thanks to Addy Yeow Chin Heng for the screenshots.
13: Game of Death
Nmap was used in the acclaimed Thai thriller
movie 13:
Game of Death
(Wikipedia,
IMDB), also known as "13 Beloved" and "13 game sayawng". This movie follows the story of a man given the chance to complete 13 challenges to win $100,000,000. Successive challenges become increasingly intense, dangerous, illegal, degrading, and grotesque. What would you do for $100 million? Eventually one of his sysadmin friends gets worried about him and she demonstrates Nmap hacking skills by breaking into the twisted game's website (longer summary).
Thanks to Tazman for first notifying me of the scene, and to Laga Mahesa and Ithilgore for sending screenshots.
Battle Royale
Battle Royale (Wikipedia,
IMDB), also known as Batoru Rowaiaru,
is a bizarre and controversial Japanese movie about a class of 9th graders sent by the government to an abandoned island to be fitted with explosive collars and forced to kill each as part of a twisted survival game. One of the students is a hacker, and can be seen referencing Nmap source code in these clips:
Khottabych
Nmap (and then telnet) are used by a teenage hacker (Gena) to deface Microsoft.Com in the 2006 Russian film Khottabych
(Wikipedia, IMDB). Microsoft and the US authorities are understandably upset by the attack, so they send the attractive female hacker Annie to flush him out. The movie also features an epic battle between powerful genies (the kind which come in a bottle) fighting for dominion over Earth. Thanks to Paul Shatov for notifying us and sending the screenshots! I bought this DVD from Amazon, but it is region 5 and offers no English dubbing or subtitles. I had to use this subtitle file. Wikipedia claims that a region 1 English DVD was released.
HaXXXor: No Longer Floppy
With the risque "HaXXXor" series of low-budget films, Nmap makes the leap from Science fiction to soft-core pornography. “HaXXXor Volume 1: No Longer Floppy” includes a lengthy Nmap training scene by model E-Lita. Here are some photos from early in the scene while she is still clothed:
