Nmap 7.80 DEF CON Release: First Stable Version in Over a Year


In a post to the “Nmap Announce” mailing list, developer Gordon Lyon announced the release of Nmap 7.80 while attending the DEF CON security conference.

“I’m here in Las Vegas for Defcon and delighted to release Nmap 7.80.  It’s the first formal Nmap release in more than a year, and I hope you find it worth the wait!”

With this release, Nmap is updated to version 7.80 and contains numerous improvements to the Npacp packet capture library, which provides better support for Windows 10 compared to the previous Winpcap library.

“The Npcap Windows packet capturing library (https://npcap.org/) is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all of these changes from thelast 15 Npcap releases: https://nmap.org/npcap/changelog” stated the Nmap 7.80 changelog.

Npcap has been designed to replace the Winpcap packet capture library that has historically been used with many network sniffing and port scanning tools such as Nmap and Wireshark. As Winpcap relies on older APIs that Microsoft could change at any time, projects have started to switch to Npcap, which uses modern APIs and contains performance improvements.

Also included in Nmap 7.80 are eleven additional Nmap Scripting Engine (NSE) scripts that were contributed by 8 different authors. The list of new NSEs included are:

  • [GH#1232] broadcast-hid-discoveryd discovers HID devices on a LAN by sending a discoveryd network broadcast probe. [Brendan Coles]
  • [GH#1236] broadcast-jenkins-discover discovers Jenkins servers on a LAN by sending a discovery broadcast probe. [Brendan Coles]
  • [GH#1016][GH#1082] http-hp-ilo-info extracts information from HP Integrated Lights-Out (iLO) servers. [rajeevrmenon97]
  • [GH#1243] http-sap-netweaver-leak detects SAP Netweaver Portal with the Knowledge Management Unit enabled with anonymous access. [ArphanetX]
  • https-redirect detects HTTP servers that redirect to the same port, but with HTTPS. Some nginx servers do this, which made ssl-* scripts not run properly. [Daniel Miller]
  • [GH#1504] lu-enum enumerates Logical Units (LU) of TN3270E servers. [Soldier of Fortran]
  • [GH#1633] rdp-ntlm-info extracts Windows domain information from RDP services. [Tom Sellers]
  • smb-vuln-webexec checks whether the WebExService is installed and allows code execution. [Ron Bowes]
  • smb-webexec-exploit exploits the WebExService to run arbitrary commands with SYSTEM privileges. [Ron Bowes]
  • [GH#1457] ubiquiti-discovery extracts information from the Ubiquiti Discovery service and assists version detection. [Tom Sellers]
  • [GH#1126] vulners queries the Vulners CVE database API using CPE information from Nmap’s service and application version detection. [GMedian, Daniel Miller]

Nmap 7.80 is available now from the main download page and is available for Windows, Linux, and Mac OS.