Nmap, abbreviazione di Network Mapper, è uno strumento open-source ampiamente utilizzato progettato per la scoperta di rete e l'audit di sicurezza. Sviluppato da Gordon Lyon, Nmap è utilizzato da amministratori di rete, professionisti della sicurezza e hacker per scansionare reti e identificare host e servizi. È estremamente efficace per l'inventario di rete, la gestione dei programmi di aggiornamento dei servizi e il monitoraggio del tempo di attività di host o servizi.

Nmap opera inviando pacchetti appositamente creati agli host mirati e analizzando le loro risposte. Questo processo gli consente di determinare lo stato di vari dispositivi su una rete, inclusi quali porte sono aperte, quali servizi sono in esecuzione e quali sistemi operativi sono in uso. Nmap supporta un'ampia gamma di tecniche di scansione, incluse TCP connect, SYN scan, UDP scan e rilevamento OS, permettendo un'analisi approfondita della rete.

Una delle caratteristiche principali di Nmap è il suo motore di scripting (NSE), che consente agli utenti di automatizzare compiti come il rilevamento di vulnerabilità, la scoperta di malware e l'esecuzione di una ricognizione avanzata della rete. Gli script NSE sono scritti in Lua, un linguaggio di programmazione leggero, che permette agli utenti di estendere la funzionalità di Nmap e personalizzare le scansioni secondo le loro esigenze specifiche.

Nmap è supportato su più piattaforme, inclusi Windows, macOS e Linux, rendendolo accessibile per utenti attraverso diversi sistemi operativi. Le sue caratteristiche robuste e la facilità d'uso rendono Nmap uno strumento essenziale per le valutazioni di sicurezza della rete e un componente fondamentale di molti toolkit di cybersecurity.

Caratteristiche principali:

• Scoperta degli Host: Trova gli host attivi su una rete.
• Port Scanning: Scansiona le porte aperte per vedere quali servizi sono in esecuzione.
• Rilevamento della Versione del Servizio: Identifica le versioni del software sulle porte aperte.
• Rilevamento del sistema operativo: Rileva il sistema operativo e il tipo di dispositivo di un host.
• Nmap Scripting Engine (NSE): Utilizza script per compiti come la rilevazione delle vulnerabilità e l'automazione.
• Elusione del firewall: Bypassa i firewall e i sistemi di sicurezza durante le scansioni.
• Output flessibile: supporta più formati per i risultati, come testo, XML e HTML.
• Scansione Stealth: Scansiona silenziosamente per evitare il rilevamento da parte dei sistemi di sicurezza.
• Supporto per IPv6: funziona con reti sia IPv4 che IPv6.
• GUI (Zenmap): Offre un'interfaccia grafica per un uso più semplice.

• [NSE] Add ssl-heartbleed script to detect the Heartbleed bug in OpenSSL
• [NSE] Fixed an error-handling bug in socks-open-proxy that caused it to fail when scanning a SOCKS4-only proxy.
• [NSE] Improved ntp-info script to handle underscores in returned data.
• [NSE] Add quake1-info script for retrieving server and player information from Quake 1 game servers. Reports potential DoS amplification factor.
• [NSE] Add unicode library for decoding and encoding UTF-8, UTF-16, CP437 and other character sets to Unicode code points. Scripts that previously just added or skipped nulls in UTF-16 data can use this to support non-ASCII characters.
• When doing a ping scan (-sn), the --open option will prevent down hosts from being shown when -v is specified. This aligns with similar output for other scan types.
• [Ncat] Added support for socks5 and corresponding regression tests.
• [NSE] Add http-ntlm-info script for getting server information from Web servers that require NTLM authentication.
• Added TCP support to dns.lua.
• Added safe fd_set operations. This makes nmap fail gracefully instead of crashing when the number of file descriptors grows over FD_SETSIZE.
• [NSE] Added tls library for functions related to SSLv3 and TLS messages. Existing ssl-enum-ciphers, ssl-date, and tls-nextprotoneg scripts were updated to use this library.
• [NSE] Add sstp-discover script to discover Microsoft's Secure Socket Tunnelling Protocol
• [NSE] Added unittest library and NSE script for adding unit tests to NSE libraries. See unittest.lua for examples, and run `nmap --script=unittest --script-args=unittest.run -d` to run the tests.
• Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)
• Added version detection signatures and probes for a bunch of Android remote mouse/keyboard servers, including AndroMouse, AirHID, Wifi-mouse, and RemoteMouse.
• [NSE] Added allseeingeye-info for gathering information from games using this query protocol. A version detection probe was also added.
• [NSE] Add freelancer-info to gather information about the Freelancer game server. Also added a related version detection probe and UDP protocol payload for detecting the service.
• [Ncat] Fixed compilation when --without-liblua is specified in configure (an #include needed an ifdef guard).
• [NSE] Add http-server-header script to grab the Server header as a last-ditch effort to get a software version. This can't be done as a softmatch because of the need to match non-HTTP services that obey some HTTP requests.
• [NSE] Add rfc868-time script to get the date and time from an RFC 868 Time server.
• [NSE] Add weblogic-t3-info script that detects the T3 RMI protocol used by Oracle/BEA Weblogic. Extracts the Weblogic version, as well
• Fixed a bug in libdnet with handling interfaces with AF_LINK addresses on FreeBSD >9 .Likely affected other *BSDs. Handled by skipping these non-network addresses.
• Fixed a bug with UDP checksum calculation. When the UDP checksum is zero (0x0000), it must be transmitted as 1's-complement -0 (0xffff) to avoid ambiguity with +0, which indicates no checksum was calculated. This affected UDP on IPv4 only.
• [NSE] Removed a fixed value (28428) which was being set for the Request ID in the snmpWalk library function; a value based on nmap.clock_ms will now be set instead.
• [NSE] Add http-iis-short-name-brute script that detects Microsoft IIS servers vulnerable to a file/folder name disclosure and a denial of service vulnerability. The script obtains the "shortnames" of the files and folders in the webroot folder.
• Idle scan now supports IPv6. IPv6 packets don't usually come with fragments identifiers like IPv4 packets do, so new techniques had to be developed to make idle scan possible.
• [NSE] Add http-dlink-backdoor script that detects DLink routers with firmware backdoor allowing admin access over HTTP interface.
• The ICMP ID of ICMP probes is now matched against the sent ICMP ID, to reduce the chance of false matches.
• [NSE] Made telnet-brute support multiple parallel guessing threads, reuse connections, and support password-only logins.
• [NSE] Made the table returned by ssh1.fetch_host_key contain a "key" element, like that of ssh2.fetch_host_key. This fixed a crash in the ssh-hostkey script. The "key" element of ssh2.fetch_host_key now is base64-encoded, to match the format used by the known_hosts file.
• [Nsock] Handle timers and timeouts via a priority queue (using a heap) for improved performance. Nsock now only iterates over events which are completed or expired instead of inspecting the entire event set at each iteration.
• [NSE] Update dns-cache-snoop script to use a new list of top 50 domains rather than a 2010 list.
• [NSE] Added the qconn-exec script , which tests the QNX QCONN service for remote command execution.
• [Zenmap] Fixed a crash that would happen when you entered a search term starting with a colon: "AttributeError: 'FilteredNetworkInventory' object has no attribute 'match_'".
• [Ncat] Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT, NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being set in all --*-exec child processes.