The quintessential open-source network mapper, Nmap, was updated to version 7 yesterday. This version includes mature IPv6 support and expanded capabilities for its scripting engine. The biggest draw for security-wary developers and admins alike, however, may be the top-shelf SSL/TLS scanning.
With SSL and TLS vulnerable to so many different attacks discovered over the past two years, it can be a daunting task to ensure every system in the business is safe from outside attacks. Nmap 7 has added SSL and TLS vulnerability-detection capabilities, crowned by ssl-enum-ciphers, which enumerate SSL/TLS protocol versions and cipher suites.
Finding vulnerable servers will be faster as well, as this new version includes speedups and scanning improvements. In many cases, timeouts are shorter for scripts, and version scanning is faster due to optimizations. This last improvement comes from the changing of the scan engine underneath the RPC Grinder code.
That engine was written in the newer, faster Nmap Scripting Engine. The engine allows users to write Lua code to automate many common network tasks. These scripts can then be executed in parallel. As a result of the improvements to the scripting engine, the library of Nmap scripts has expanded from 348 to 515.
The Nmap team identified the new scripting engine as the reason scripts for “celebrity” vulnerabilities were produced quickly. There are scripts in that 515 to check for SSL vulnerabilities such as Heartbleed, POODLE and Shellshock, but also scanners for HTTP vulnerabilities such as Slowloris and Misfortune Cookie.
Vulnerabilities aren’t the only thing the new scripting engine can handle, however. NSE can output parsable XML now, and it has support for shared libraries across scripts. Libraries can assist with tasks such as formatting directory listings, parsing expressions and Unicode.