Fyodor's NMAP Talk at BlackHat USA '08

Fyodor's been scanning the internet, the whole one. He is doing it with vanilla command line nmap to make sure any problems he runs into can be fixed and fed back into the tool. This has led to some awesome new features and functionality, not to mention some great stats such as which ports are most commonly open on the whole inter-tube.

I'm not going to describe the talk and new features, because Daniel Miessler has posted such a good overview of the new features and how to use them. Go check it out. I've been using them for the last week or so, and they just make life significantly better.

I am particularly happy that the UDP scanning is so much more useful, particularly when using the -F (fast scan) and --version-intensity 0 (reduces number of service detection probes). I've done some tests and it literally will save you several hours per UDP scan. This is particularly useful because people are so bad at firewalling UDP.

For those NMAP scripting naysayers, check out the dns-safe-recursion and dns-safe-recursion-txid scripts for identifying Kaminskeyed DNS servers. Also, learning LUA will allow you to contribute much more effectively to the PSP homebrew scene :)

Finally, the talk encouraged me to look at Zenmap, which I used once a long time ago and never used again (GUIs are for the weak). The 'output management' is really cool and provides a nice way of mangling data from nmap scans. However, the new capability for it to produce network topology diagrams got an applause out of the audience. A nice breakdown is provided by Vladimir of these new features.