14 DAY TRIAL // A new stable release of the popular, cross-platform, and open-source Nmap network security scanner software landed on the last minutes of December 20, 2016, versioned 7.40.
Nmap 7.40 is here exactly two months after the release of Nmap 7.31, and promises to bring a bunch of exciting new features and goodies that ethical hackers, penetration testers, and security researchers will most definitely love, including the new "--defeat-icmp-ratelimit" option that dramatically reduces UDP scan times.
For starters, Nmap 7.40 ships with twelve new NSE scripts, including cics-enum for enumerating CICS transaction IDs, cics-user-enum for brute-forcing usernames for CICS users on TN3270 services, fingerprint-strings for printing ASCII strings found in service fingerprints, and vtam-enum for brute-forcing VTAM app IDs for TN3270 services.
The new ip-geolocation-map-bing and ip-geolocation-map-google NSE scripts will help you render IP geolocation data as images via the Bing Maps and Google Maps APIs, and ip-geolocation-map-kml records IP geolocation data found in a KML file. Furthermore, nje-pass-brute is capable of brute-forcing an NJE node's password.
There's also ssl-cert-intaddr for searching for private IP addresses in TLS certificate fields and extensions, tn3270-screen for displaying the login screen from mainframe TN3270 Telnet services, including hidden fields, as well as tso-enum and tso-brute for enumerating usernames and brute-force passwords for TN3270 Telnet services.
Drupal added to the set of Web Apps brute forced by http-form-brute
Nmap 7.40 is a major release of the widely-used security scanner, and among other exciting new features implemented, we can mention support for brute-forcing Drupal sites by http-form-brute, a greatly improved http-default-accounts script with 21 new fingerprints and many other goodies, and support for service probe for ClamAV servers.
Other than that, there's scan resume from Nmap's XML output, a new NSE library called eoip.lua, which provides a common framework for retrieving and storing IP geolocation results, faster and more accurate brute scripts, and it looks like ssl-google-cert-catalog was removed. Download Nmap 7.40 right now from our website.