o Nmap now ships with and installs (in the same directory as other data files such as nmap-os-fingerprints) an XSL stylesheet for rendering the XML output as HTML. This stylesheet was written by Benjamin Erb ( see http://www.benjamin-erb.de/nmap/ for examples). It supports tables, version detection, color-coded port states, and more. The XML output has been augmented to include an xml-stylesheet directive pointing to nmap.xsl on the local filesystem. You can point to a different XSL file by providing the filename or URL to the new --stylesheet argument. Omit the xml-stylesheet directive entirely by specifying --no-stylesheet. The XML to HTML conversion can be done with an XSLT processor such as Saxon, Sablot, or Xalan, but modern browsers can do this on the fly -- simply load the XML output file in IE or Firefox. Some features don't currently work with Firefox's on-the-fly rendering. Perhaps some Mozilla wizard can fix that in either the XSL or the browser itself. I hate having things work better in IE :). It is often more convenient to have the stylesheet loaded from a URL rather than the local filesystem, allowing the XML to be rendered on any machine regardless of whether/where the XSL is installed. For privacy reasons (avoid loading of an external URL when you view results), Nmap uses the local filesystem by default. If you would like the latest version of the stylesheet load from the web when rendering, specify --stylesheet http://www.insecure.org/nmap/data/nmap.xsl .

o Fixed fragmentation option (-f). One -f now sets sends fragments with just 8 bytes after the IP header, while -ff sends 16 bytes to reduce the number of fragments needed. You can specify your own fragmentation offset (must be a multiple of 8) with the new --mtu flag. Don't also specify -f if you use --mtu. Remember that some systems (such as Linux with connection tracking) will defragment in the kernel anyway -- so test first while sniffing with ethereal. These changes are from a patch by Martin Ma?ok (martin.macok(a)underground.cz).

o Nmap now prints the number (and total bytes) of raw IP packets sent and received when it completes, if verbose mode (-v) is enabled. The report looks like: Nmap finished: 256 IP addresses (3 hosts up) scanned in 30.632 seconds Raw packets sent: 7727 (303KB) | Rcvd: 6944 (304KB)

o Fixed (I hope) an error which would cause the Windows version of Nmap to abort under some circumstances with the error message "Unexpected error in NSE_TYPE_READ callback. Error code: 10053 (Unknown error)". Problem reported by "Tony Golding" (biz(a)tonygolding.com).

o Added new "closed|filtered" state. This is used for Idlescan, since that scan method can't distinguish between those two states. Nmap previously just used "closed", but this is more accurate.

o Null, FIN, Maimon, and Xmas scans now mark ports as "open|filtered" instead of "open" when they fail to receive any response from the target port. After all, it could just as easily be filtered as open. This is the same change that was made to UDP scan in 3.70. Also as with UDP scan, adding version detection (-sV) will change the state from open|filtered to open if it confirms that they really are open.

o Fixed a bug in ACK scan that could cause Nmap to crash with the message "Unexpected port state: 6" in some cases. Thanks to Glyn Geoghegan (glyng(a)corsaire.com) for reporting the problem.

o Change IP protocol scan (-sO) so that a response from the target host in any protocol at all will prove that protocol is open. As before, no response means "open|filtered", an ICMP protocol unreachable means "closed", and most other ICMP error messages mean "filtered".

o Patched a Winpcap issue that prevented read timeouts from being honored on Solaris (thus slowing down Nmap substantially). The problem report and patch were sent in by Ben Harris (bjh21(a)cam.ac.uk).

o Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and UDP headers when scanning protocols 1, 6, and 17, respectively. An empty IP header is still sent for all other protocols. This should prevent the error messages such as "sendto in send_ip_packet: sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not permitted" that Linux (and perhaps other systems) would give when they try to interpret the raw packet. This also makes it more likely that these protocols will elicit a response, proving that the protocol is "open".

o The windows build now uses header and static library files from Winpcap 3.1Beta4. It also now prints out the DLL version you are using when run with -d. I would recommend upgrading to 3.1Beta4 if you have an older Winpcap installed.

o Added an NTP probe and matches to the version detection database (nmap-service-probes) thanks to a submission from Martin Ma?ok (martin.macok@underground.cz).

o Applied several Nmap service detection database updates sent in by Martin Ma?ok (martin.macok(a)underground.cz).

o The XML nmaprun element now has a startstr attribute which gives the human readable calendar time format that a scan started. Similarly the finished element now has a timestr attribute describing when the scan finished. These are in addition to the existing nmaprun/start and finished/time attributes that provided the start and finish time in UNIX time_t notation. This should help in development of XSLT stylesheets for Nmap XML output.

o Fixed a memory leak that would generally consume several hundred bytes per down host scanned. While the effect for most scans is negligible, it was overwhelming when Scott Carlson (Scott.Carlson(a)schwab.com) tried to scan 24 million IPs (10.0.0.0/8). Thanks to him for reporting the problem. Also thanks to Valgrind ( http://valgrind.kde.org ) for making it easy to debug.

o Fixed a crash on Windows systems that don't include the iphlpapi DLL. This affects Win95 and perhaps other variants. Thanks to Ganga Bhavani (GBhavani(a)everdreamcorp.com) for reporting the problem and sending the patch.

o Ensured that the device type, os vendor, and os family OS fingerprinting classification values are scrubbed for XML compliance in the XML output. Thanks to Matthieu Verbert (mve(a)zurich.ibm.com) for reporting the problem and sending a patch.

o Rewrote the host IP (target specification) parser for easier maintenance and to fix a bug found by Netris (netris(a)ok.kz)

o Changed to Nmap XML DTD to use the same xmloutputversion (1.01) as newer versions of Nmap. Thanks to Laurent Estieux (laurent.estieux(a)free.fr) for reporting the problem.

o Fixed compilation on some HP-UX 11 boxes thanks to a patch by Petter Reinholdtsen (pere(a)hungry.com).

o Fixed a portability problem on some OpenBSD and FreeBSD machines thanks to a patch by Okan Demirmen (okan(a)demirmen.com).

o Applied Martin Ma?ok's (martin.macok(a)underground.cz) "cosmetics patch", which fixes a few typos and minor problems.

o I don't bother initializing winip on Windows (using winip_postopt_init()) is only a list scan was requested.

Ну что, теперь оргазма больше будет? :-))

http://www.insecure.org/nmap/nmap_haxxxor.html

А так же:

http://www.insecure.org/nmap/haxxxor-more-screens.html

а дядя фёдор шутник аднака :)

nmap рулил, рулит и будет рулить, не зря ж в матрице показали...

:)

> nmap рулил, рулит и будет рулить, не зря ж в матрице показали...

видимо сценарист линуксоид :)

bueeeeee! >:-0

вообщето уже 3.81 есть

Прикольно, не знал, а где в матрице nmap? Какой, консольный или GUI? :)

читал по-моему в "хакере" (там даже скриншоты из фильма были) - короче когда Мотфей и команда в своем супер корабле летели над руинами городов, и тогда дядя Федя чуть из кресла кинозального не выпрыгнул - а увидел он родной консольный nmap :)) порадовался от души

Если память не изменяет, то печатал он nmap 127.0.0.1 ;-)

> А так же: > > http://www.insecure.org/nmap/haxxxor-more-screens.html

а так же: ftp://194.109.206.210/incoming/tmp/Haxxxor.Vol1.mpg ftp://194.109.206.210/incoming/tmp/HaXXXor-vol1-Nmap-CD.mp4

емае когда ж sco unix поддержку добавят?

Никогда не добавят -- потому как давно убрали.

Вышел nmap 3.81

пока вы здесь спорили 3.81 вышел. идти можно по ссылке. :-)

Отмотайте страницу на семь постов выше и прочтите. Про 3.81 уже давно все в курсе.

А вот и список изменений:
http://www.insecure.org/nmap/nmap_changelog.html

Странно, что там присутствуют далеко не все выпущеные версии.

В Matrix Reloaded Троица сканирует сеть nmap' ом, правда, адрес типа 10.0.0.1, потом использует некий sshnuke и логинится как root: ssh 10.0.0.1 -l root

А потом пишет что-то типа disable grid nodes 1-127

и тыдынц. Электричество кончается.

Мне кажется, что nmap как-то очень уж часто выходит 8)) Чаще него, пожалуй, только Sylpheed да IceWM :))