Nmap is one of the most versatile tools in the system administrator’s kit. It’s especially useful for web hosting providers who have to manage the security and availability of hundreds of servers.
As a network and port scanner, Nmap has dozens of uses. One of its key applications is security vulnerability discovery, which makes Nmap as popular among black hats as it is among legitimate system administrators.
Nmap works by sending specially crafted packets to a server and analyzing the packets that are returned. In this way, it is capable of detecting everything from the operating system version running on a server to specific security vulnerabilities.
Towards the end of last year, Nmap 7 was released. It’s a major upgrade with dozens of bug fixes and many new features. I’d like to take a look at the standouts among the enhancements that Nmap 7 provides to web hosting system administrators.
Enhanced Scripting Engine
The Nmap Scripting Engine (NSE) is one of Nmap’s most useful features. It allows users to script predefined scans — written in Lua — for the discovery of specific vulnerabilities. When a new vulnerability is discovered by researchers, it’s essential that system administrators are able to determine whether the servers under their care are affected as quickly as possible — something we discussed in our earlier article about Cisco’s Open Vulnerability API. Once a script has been written and added to Nmap’s library, other system administrators can download and run it, significantly reducing the time it takes to verify the vulnerability or otherwise of their servers.
As a simple example, there is a script that is capable of detecting whether a server is vulnerable to a Slow Loris DoS attack.
Nmap 7 adds almost 200 hundred new scripts.
Better IPv6 Support
Nmap has supported IPv6 for almost 15 years, but version seven brings some nice improvements, including full Unicast CIDR-style range scanning and idle scans. Many NSE scripts are now IPv6 compatible too.
Better SSL / TLS Scanning
SSL version probes have been updated so that they’re able to detect the most recent versions of TLS. One of the nicest improvements to SSL / TLS handling is a significant expansion of the amount of data returned. Instead of a simple “weak” or “strong” pronouncement, the ssl-enum script will score handshakes based on data from Qualys SSL Labs, as well as encryption bit strength and server certificate strength, among other details.
Nmap 7 is a strong upgrade to an essential tool, increasing the sophistication of the network scanning functionality available to system administrators and making it easier to quickly find vulnerabilities in large server deployments.