Nmap 7.95 released: OS and service detection signatures galore!

[Gordon Fyodor Lyon <fyodor () nmap org>]

Dear Nmap Community,

I just arrived in San Francisco for the RSA conference and am delighted to
announce our Nmap Version 7.95 release!  I'm most excited that we finally
tackled our backlog of OS and service detection fingerprint submissions.
We're not talking about dozens or hundreds of them-we processed more than
6,500 fingerprints!

For OS detection, we added 336 signatures, bringing the new total to 6,036.
Additions include iOS 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD
7.1, and lwIP 2.2.

As for service/version detection, signature count rose 1.4% to 12,089,
including 9 new softmatches. We now detect 1,246 protocols, including new
additions of grpc, mysqlx, essnet, remotemouse, and tuya.

We couldn't do this without all of your submissions.  Please keep them
coming!  Nmap provides the fingerprint and submission URL when it doesn't
recognize something.

Another big improvement is that we upgraded Npcap (our Windows raw packet
capturing and transmission driver) from Version 1.75 to 1.79.  It includes
many performance improvements, bug fixes, and feature enhancements
described at https://npcap.com/changelog.  We developed Npcap for Nmap, but
it's now used in Wireshark, Microsoft Defender for Identity, and hundreds
of other products as part of our Npcap OEM program (
https://npcap.com/oem/redist.html).  It's even used in Space! See:
https://seclists.org/nmap-announce/2023/1.

And we didn't stop at Npcap.  We also updated most of our third party
libraries.  We now ship Lua 5.4.6, OpenSSL 3.0.13, libpcre2 10.43, zlib
1.3.1, libssh2 1.11.0, and liblinear 2.47.

We added four new NSE scripts from the DINA community for querying
industrial control systems:

* hartip-info reads device information from devices using the Highway
Addressable Remote Transducer protocol
* iec61850-mms queries devices using Manufacturing Message Specification
requests. [Dennis Rösch, Max Helbig]
* multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All
message and prints the responses. [Stefan Eiwanger, DINA-community]
* profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the
PNIO-CM service.

Port scanning is still Nmap's core feature, so we made some performance
optimizations there.  We also improved the OS detection engine and
signature grammar.

And that’s just a summary!  You can read the full list of changes at
https://nmap.org/changelog.

Nmap 7.95 source code and binary packages for Linux, Windows, and Mac are
available for free download from the usual spot:

https://nmap.org/download.html

We also have Nmap OEM builds available for companies that wish to embed
Nmap network discovery technology within their own products. That program
is described at https://nmap.org/oem

If you find any bugs in this release, please let us know on the bug tracker
or dev list as described at https://nmap.org/book/man-bugs.html.

Happy scanning,
-Gordon "Fyodor" Lyon
_______________________________________________
Sent through the announce mailing list
https://nmap.org/mailman/listinfo/announce
Archived at https://seclists.org/nmap-announce/