Nmap Reloaded: "Biggest Release Since 1997"

New Ncat utility could replace netcat...
By Patrick Gray
Start the discussion 0 Comments
July 16, 2009 -- 

A new version of nmap has just been released by its creator, Gordon "Fyodor" Lyon, who describes it as the software's "most important release since 1997".

The new package, nmap 5.0, includes Ncat, billed as a "a much more advanced and modern reimplementation of the beloved Netcat". Also included is Ndiff, which is designed to portscan networks and alert administrators to changes.

Lyon decided on a "surprise release" of the new nmap network scanner to avoid deadline pressure. "It is very hard to predict software release dates, especially open source," he told Risky.Biz before the launch. "So rather than keep giving dates and missing them, I just keep my mouth shut and then release suddenly when it is ready."

The new and improved tool had been through an extensive beta phase before the final release hit the nmap website at 9am Pacific time in the USA.

"Really, when you get into the double digits with your beta release counts, that's a good sign to say maybe you should release a non-beta version," Lyon says. "Otherwise you end up in perpetual beta like Google."

The new version is available here.

Adam Pointon, a Melbourne-based CSO and former penetration tester, was given the opportunity to preview the new nmap. "Ncat is sweet... I'm going to alias nc to ncat," Pointon says. "With most systems using or enabling IPv6 these days, it fills the gap in the toolset... and will replace the need for multiple tools working together, such as netcat, zebedee, stunnel or s_client."

The connection-brokering and I/O redirection features make it even richer, and innovative in IPv6 land, Pointon added.

Nmap was first released in 1997 and has become the de facto standard port scanning utility for penetration testers and network administrators.

It's also cracked Hollywood. During a scene in The Matrix Reloaded the movie's character Trinity is shown using the software while hacking into a power station's control systems.

Want more exclusive security news? Sign up for our weekly newsletter here. Create an account to post to our forums!