Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Nmap 7.40 Network Security Scanner Makes Brute Scripts Faster and More Accurate

$
0
0

A new stable release of the popular, cross-platform, and open-source Nmap network security scanner software landed on the last minutes of December 20, 2016, versioned 7.40 .

Nmap 7.40 is here exactly two months after the release of Nmap 7.31, and promises to bring a bunch of exciting new features and goodies that ethical hackers, penetration testers, and security researchers will most definitely love, including the new "--defeat-icmp-ratelimit" option that dramatically reduces UDP scan times.

For starters, Nmap 7.40 ships with twelve new NSE scripts, including cics-enum for enumerating CICS transaction IDs, cics-user-enum for brute-forcing usernames for CICS users on TN3270 services, fingerprint-strings for printing ASCII strings found in service fingerprints, and vtam-enum for brute-forcing VTAM app IDs for TN3270 services.

The new ip-geolocation-map-bing and ip-geolocation-map-google NSE scripts will help you render IP geolocation data as images via the Bing Maps and Google Maps APIs, and ip-geolocation-map-kml records IP geolocation data found in a KML file. Furthermore, nje-pass-brute is capable of brute-forcing an NJE node's password.

There's also ssl-cert-intaddr for searching for private IP addresses in TLS certificate fields and extensions, tn3270-screen for displaying the login screen from mainframe TN3270 Telnet services, including hidden fields, as well as tso-enum and tso-brute for enumerating usernames and brute-forces passwords for TN3270 Telnet services.

Drupal added to the set of Web Apps brute forced by http-form-brute

Nmap 7.40 is a major release of the widely-used security scanner, and among other exciting new features implemented we can mention support for brute-forcing Drupal sites by http-form-brute, a greatly improved http-default-accounts script with 21 new fingerprints and many other goodies, and support for service probe for ClamAV servers.

Other than that, there's scan resume from Nmap's XML output, a new NSE library called eoip.lua, which provides a common framework for retrieving and storing IP geolocation results, faster and more accurate brute scripts, and it looks like ssl-google-cert-catalog was removed. Download Nmap 7.40 right now from our website.


Viewing all articles
Browse latest Browse all 12749

Trending Articles