Nmap Announce mailing list archives
Nmap Survey results and Matrix Redux
From: Fyodor <fyodor () insecure org>
Date: Tue, 27 May 2003 00:56:58 -0700
Hello everyone! I woke up bright and early (for me) Memorial Day morning to find the Sun shining warmly in a gorgeous blue sky. Perfect for a day trip to relax on the beaches of Santa Cruz and maybe even do some surfing! But then I remembered something even more enticing - I hadn't yet written the scripts to tabulate and analyze the Nmap survey results! So I did that instead :). But before we get to that, I have a bit more Matrix news. Many of you sent me great screen-shots, which I have put up at http://www.insecure.org/ . There are also links to articles from the BBC, SlashDot, SecurityFocus, Silicon.Com, Boston Globe, etc. I don't want to sound ungrateful for the publicity, but it is kindof sad that the media generally ignores important new versions and scanning techniques, but then they trip over themselves to write fluff pieces when a hot woman in a leather suit uses Nmap on the silver screen. (Shrug), I'll take what I can get :). In related news, I have been in contact with the Matrix 2 "Digital Asset Manager" Stephen Cronan, who wrote Trinity's hacking script. He had some insightful things to say, although he also destroyed my fantasy that Carrie-Anne requested Nmap specifically :). I was hoping to convince him to plug Nessus, Ethereal, and Snort in the next Matrix, but it has already been filmed. It is also worth noting that the new version of XScreenSaver ( 4.10 ) includes an Easter egg that plays a good full-screen simulation of Trinity's hacking scene. I have also been notified that Nmap source code is shown in the move Battle Royale, which would have excited me much more a couple weeks ago :). Links to all of this and more are now up on Insecure.Org. Now let me take a moment to thank all of you who have helped make Nmap successful! Hundreds of important contributors are listed in the newly-spam-obfuscated changelog available at http://www.insecure.org/nmap/nmap_changelog.html . Without you guys, Nmap would probably detect only a few dozen OS versions (instead of 800+) and would only work on the platforms I use personally. Now back to the survey results! For comparison, you can see the 200 results at http://lists.insecure.org/lists/nmap-hackers/2000/Apr-Jun/0141.html . I haven't gone through all the comments yet (although the ones I have read are quite insightful!) and I'm saving the "top sites" analysis for later. The questions and answers are abbreviated -- you can see the full versions at http://www.insecure.org/nmap/survey2003.html , but don't bother taking the survey again. Let's start with the feature requests! The most popular was "version fingerprinting", which would use custom probes to determine that a certain application version (e.g. Apache 1.3.20) is listening on a specific port. This confirms my thoughts, and is the next big feature I am planning to add! Appropriately, the two joke-features (auto-r00ter and Clippy) are near the bottom of the list. Here is the summary: Version Fingerprinting (Score: 3538; 1698 answers; 5 distinct) Easy OS Fingerprint Updates (Score: 3399; 1684 answers; 5 distinct) More explicit state descriptions (Score: 3393; 1681 answers; 5 distinct) Service Fingerprinting (Score: 3388; 1701 answers; 5 distinct) Faster (Score: 3329; 1692 answers; 5 distinct) Runtime time estimates (Score: 2973; 1699 answers; 5 distinct) Categorized OS Detection (Score: 2948; 1690 answers; 5 distinct) Print MAC addresses (Score: 2607; 1683 answers; 5 distinct) Traceroute support (Score: 2578; 1671 answers; 5 distinct) Distributed Scanning (Score: 2450; 1626 answers; 5 distinct) Output to DB (Score: 2428; 1643 answers; 5 distinct) .nmaprc (Score: 2256; 1592 answers; 5 distinct) Output to HTML (Score: 2238; 1657 answers; 5 distinct) Proxy (SOCKS, HTTP) bounce scanning (Score: 2119; 1507 answers; 5 distinct) Better IPv6 Support (Score: 2118; 1554 answers; 5 distinct) Scripting or module support (Score: 2049; 1576 answers; 5 distinct) Libnmap (Score: 1796; 1516 answers; 5 distinct) Zone transfers (Score: 1711; 1500 answers; 5 distinct) Improve X Windows Frontnend (Score: 1172; 1649 answers; 5 distinct) auto-r00ter (Score: 1112; 1642 answers; 5 distinct) Improved MS Windows front end (Score: 640; 1625 answers; 5 distinct) Clippy (Score: -1588; 1676 answers; 5 distinct) I found it interesting that the improved frontends did so poorly. Presumably this is because most people prefer the command line, although those two also suffered because UNIX users were neutral on improving the Win frontend and vice versa. Speaking of platforms, the Windows version has certainly been taking off! The Windows port was just a feature request item on the '00 survey, but almost half (48.4%) said they use it now. 92.1% said they use the UNIX version, so these appear to be traditional UNIX users finding some value in the Win* versions as opposed to new Windows-only users. As far as UNIX goes, Linux remained dominant. 86% used Linux, with Solaris, FreeBSD, and OpenBSD taking the next UNIX spots respectively with 15-20% usage. It is interesting that 15.4% reported using Nmap on OpenBSD, but very few are hardcore enough to use that as their desktop! The user-agent logs show only 5 OpenBSD users, vs. 20 FreeBSD, 420 Linux, and 1283 Windows users. Next let's look at geography. I was surprised to see that W. Europe was the top region, slightly ahead of the 2nd place "US except California"! If you add back California and San Francisco, the US comes out ahead, but only by about 5 percentile. I didn't realize Nmap was so popular on that side of the Atlantic! Perhaps I should focus more on localization/internationalization rather than just translating the documentation. Or maybe the large European userbase means the English version is just fine :). Eastern Europe, Asia, Africa, and the Middle East all had miserable showings, below Canada, Australia, or even California. The percentage of San Francisco Bay Area users dropped from 5% to 3% and even decreased in absolute numbers (61 to 56). I am hoping this is due to different question phrasing rather the horrible layoffs and tech recession we've been suffering through here in the Silicon Valley. I realize things are bad in many other areas too. Next comes gender. Our female penetration rate increased from 1.2% to a whopping 1.7%. That is still pathetic - there were 31 female responses and 1698 males! I might as well change the "Nmap eye" logo into a penis. I'm hoping Trinity will be a role model demonstrating that women can be überhackers too! As far as ethnicity, the survey found that 43% of you are white, 10% are black, and 26% are gray. Oh wait, that is hat color :). The white/black percentages are about the same as in 2000, but the previous 31% of gray hats dropped to 26% and there was a corresponding increase in "unanswered". Sounds like the gray hats are having an identity crisis :). The gray hats were also the least likely to leave their email address (44%), with the white hats being slightly more forthcoming (46%). Surprisingly, the self-avowed black hats were the most willing to leave their contact info (55%). I'm flattered that they trust me, or maybe they've just covered their tracks so well that they can't be trace by email :). I wonder if anyone is still reading my late-night rambling? For those who are, I'll be merciful and stop now. The raw results (with pretty histograms :) of all the multiple-choice questions can be found below. Cheers, -Fyodor I use Nmap (1843 answers; 6 distinct) Weekly [============> ] 818 (44.384%) monthly [======> ] 415 (22.518%) daily [======> ] 391 (21.215%) lessthanmonthly [==> ] 172 (9.333%) neverhave [> ] 31 (1.682%) unanswered [> ] 16 (0.868%) Age (1843 answers; 6 distinct) 20-29 [==========> ] 691 (37.493%) 30-39 [========> ] 553 (30.005%) 40-49 [===> ] 230 (12.480%) unanswered [==> ] 183 (9.929%) 50+ [=> ] 103 (5.589%) 10-19 [=> ] 83 (4.504%) Read the Nmap man page? (1843 answers; 5 distinct) yeswasgood [===================> ] 1215 (65.925%) yesbutsucks [===> ] 221 (11.991%) unanswered [===> ] 191 (10.364%) hadnotime [==> ] 184 (9.984%) no-whatismanpage [> ] 32 (1.736%) If/When I use the Windows package, I use (1843 answers; 4 distinct) unanswered [==============> ] 943 (51.167%) nmapwin [========> ] 567 (30.765%) binaryzip [====> ] 281 (15.247%) sourcetarball [> ] 52 (2.821%) And my success with the Windows version has been (1843 answers; 5 distinct) unanswered [===============> ] 969 (52.577%) perfect [======> ] 395 (21.432%) onlyminorproblems [=====> ] 370 (20.076%) gaveup [> ] 63 (3.418%) gotitworking [> ] 46 (2.496%) I live in (1842 answers; 15 distinct) W. Europe [=========> ] 617 (33.496%) United States [=========> ] 605 (32.845%) Unanswered [=> ] 106 (5.755%) Canada [=> ] 85 (4.615%) Australia [=> ] 79 (4.289%) California [=> ] 70 (3.800%) E. Europe [=> ] 68 (3.692%) San Francisco Area [> ] 56 (3.040%) Asia [> ] 49 (2.660%) S. America, Mexico [> ] 42 (2.280%) Other [> ] 21 (1.140%) Israel [> ] 17 (0.923%) Africa [> ] 12 (0.651%) Caribbean/Island Paradis [> ] 8 (0.434%) Middle East [> ] 7 (0.380%) I use Nmap for (1843 answers; 5 distinct) both [===============> ] 982 (53.283%) job [========> ] 512 (27.781%) personal [====> ] 300 (16.278%) unanswered [> ] 31 (1.682%) neither [> ] 18 (0.977%) Gender (1843 answers; 3 distinct) Male [==========================> ] 1698 (92.132%) unanswered [=> ] 114 (6.186%) Female [> ] 31 (1.682%) I (or my company) might be interested in purchasing (1843 answers; 4 distinct) tshirt [=========> ] 632 (34.292%) poloshirt [=====> ] 342 (18.557%) remotescan [==> ] 187 (10.147%) support [> ] 62 (3.364%) I run Nmap on the following operating systems (1843 answers; 13 distinct) Linux [========================> ] 1584 (85.947%) Win NT/2K [==========> ] 664 (36.028%) Win XP/2003 [=======> ] 477 (25.882%) Solaris [=====> ] 361 (19.588%) FreeBSD [=====> ] 330 (17.906%) OpenBSD [====> ] 283 (15.355%) Win 95/98/ME [==> ] 150 (8.139%) Mac OS X [==> ] 142 (7.705%) Net BSD [=> ] 81 (4.395%) aix [> ] 48 (2.604%) hp-ux [> ] 45 (2.442%) other [> ] 38 (2.062%) irix [> ] 36 (1.953%) Meanwhile, here are the results of User Agent strings used to take the survey: UserAgent used to take the survey (1838 answers; 11 distinct) Windows [====================> ] 1283 (69.804%) Linux [======> ] 420 (22.851%) Mac OS X [> ] 54 (2.938%) FreeBSD [> ] 20 (1.088%) Other/Unspecified UNIX [> ] 20 (1.088%) Solaris [> ] 17 (0.925%) Mac Classic [> ] 16 (0.871%) OpenBSD [> ] 5 (0.272%) OS/2 Warp [> ] 1 (0.054%) Mozilla 420 (Space Bison) [> ] 1 (0.054%) Sony Ericsson P800/R101 Phone [> ] 1 (0.054%) My hat color is (1843 answers; 4 distinct) white [============> ] 794 (43.082%) gray [=======> ] 477 (25.882%) unanswered [======> ] 387 (20.998%) black [==> ] 185 (10.038%) DESIRED FEATURES! Version Fingerprinting (Score: 3538; 1698 answers; 5 distinct) A BAD thing [> ] 11 (0.648%) Neutral [=> ] 64 (3.769%) Somewhat useful [====> ] 290 (17.079%) Very useful [============> ] 729 (42.933%) Extraordinarily cool [==========> ] 604 (35.571%) Easy OS Fingerprint Updates (Score: 3399; 1684 answers; 5 distinct) A BAD thing [> ] 17 (1.010%) Neutral [=> ] 99 (5.879%) Somewhat useful [=====> ] 318 (18.884%) Very useful [==========> ] 635 (37.708%) Extraordinarily cool [==========> ] 615 (36.520%) More explicit state descriptions (Score: 3393; 1681 answers; 5 distinct) A BAD thing [> ] 2 (0.119%) Neutral [=> ] 73 (4.343%) Somewhat useful [=====> ] 313 (18.620%) Very useful [=============> ] 795 (47.293%) Extraordinarily cool [========> ] 498 (29.625%) Service Fingerprinting (Score: 3388; 1701 answers; 5 distinct) A BAD thing [> ] 13 (0.764%) Neutral [=> ] 91 (5.350%) Somewhat useful [=====> ] 327 (19.224%) Very useful [============> ] 723 (42.504%) Extraordinarily cool [=========> ] 547 (32.158%) Faster (Score: 3329; 1692 answers; 5 distinct) A BAD thing [> ] 0 (0.000%) Neutral [==> ] 155 (9.161%) Somewhat useful [=====> ] 332 (19.622%) Very useful [==========> ] 618 (36.525%) Extraordinarily cool [==========> ] 587 (34.693%) Runtime time estimates (Score: 2973; 1699 answers; 5 distinct) A BAD thing [> ] 11 (0.647%) Neutral [==> ] 153 (9.005%) Somewhat useful [========> ] 483 (28.428%) Very useful [==========> ] 644 (37.905%) Extraordinarily cool [======> ] 408 (24.014%) Categorized OS Detection (Score: 2948; 1690 answers; 5 distinct) A BAD thing [> ] 14 (0.828%) Neutral [==> ] 140 (8.284%) Somewhat useful [========> ] 476 (28.166%) Very useful [===========> ] 680 (40.237%) Extraordinarily cool [======> ] 380 (22.485%) Print MAC addresses (Score: 2607; 1683 answers; 5 distinct) A BAD thing [> ] 16 (0.951%) Neutral [===> ] 207 (12.299%) Somewhat useful [=========> ] 561 (33.333%) Very useful [==========> ] 619 (36.780%) Extraordinarily cool [====> ] 280 (16.637%) Traceroute support (Score: 2578; 1671 answers; 5 distinct) A BAD thing [> ] 18 (1.077%) Neutral [===> ] 219 (13.106%) Somewhat useful [========> ] 493 (29.503%) Very useful [============> ] 702 (42.011%) Extraordinarily cool [====> ] 239 (14.303%) Distributed Scanning (Score: 2450; 1626 answers; 5 distinct) A BAD thing [=> ] 61 (3.752%) Neutral [=====> ] 303 (18.635%) Somewhat useful [=======> ] 402 (24.723%) Very useful [=======> ] 410 (25.215%) Extraordinarily cool [========> ] 450 (27.675%) Output to DB (Score: 2428; 1643 answers; 5 distinct) A BAD thing [> ] 19 (1.156%) Neutral [======> ] 348 (21.181%) Somewhat useful [=======> ] 420 (25.563%) Very useful [=========> ] 522 (31.771%) Extraordinarily cool [=====> ] 334 (20.329%) .nmaprc (Score: 2256; 1592 answers; 5 distinct) A BAD thing [> ] 24 (1.508%) Neutral [====> ] 260 (16.332%) Somewhat useful [=========> ] 546 (34.296%) Very useful [=========> ] 528 (33.166%) Extraordinarily cool [====> ] 234 (14.698%) Output to HTML (Score: 2238; 1657 answers; 5 distinct) A BAD thing [> ] 34 (2.052%) Neutral [======> ] 349 (21.062%) Somewhat useful [========> ] 500 (30.175%) Very useful [========> ] 513 (30.960%) Extraordinarily cool [====> ] 260 (15.691%) Proxy (SOCKS, HTTP) bounce scanning (Score: 2119; 1507 answers; 5 distinct) A BAD thing [> ] 8 (0.531%) Neutral [=====> ] 295 (19.575%) Somewhat useful [=========> ] 492 (32.648%) Very useful [=========> ] 493 (32.714%) Extraordinarily cool [====> ] 219 (14.532%) Better IPv6 Support (Score: 2118; 1554 answers; 5 distinct) A BAD thing [> ] 10 (0.644%) Neutral [=======> ] 403 (25.933%) Somewhat useful [=======> ] 426 (27.413%) Very useful [========> ] 433 (27.864%) Extraordinarily cool [=====> ] 282 (18.147%) Scripting or module support (Score: 2049; 1576 answers; 5 distinct) A BAD thing [=> ] 57 (3.617%) Neutral [======> ] 339 (21.510%) Somewhat useful [========> ] 465 (29.505%) Very useful [========> ] 447 (28.363%) Extraordinarily cool [====> ] 268 (17.005%) Libnmap (Score: 1796; 1516 answers; 5 distinct) A BAD thing [> ] 22 (1.451%) Neutral [========> ] 458 (30.211%) Somewhat useful [========> ] 462 (30.475%) Very useful [======> ] 344 (22.691%) Extraordinarily cool [====> ] 230 (15.172%) Zone transfers (Score: 1711; 1500 answers; 5 distinct) A BAD thing [> ] 31 (2.067%) Neutral [=======> ] 406 (27.067%) Somewhat useful [=========> ] 514 (34.267%) Very useful [=======> ] 388 (25.867%) Extraordinarily cool [===> ] 161 (10.733%) Improve X Windows Frontnend (Score: 1172; 1649 answers; 5 distinct) A BAD thing [=> ] 109 (6.610%) Neutral [============> ] 724 (43.905%) Somewhat useful [======> ] 392 (23.772%) Very useful [====> ] 274 (16.616%) Extraordinarily cool [==> ] 150 (9.096%) auto-r00ter (Score: 1112; 1642 answers; 5 distinct) A BAD thing [=======> ] 435 (26.492%) Neutral [====> ] 239 (14.555%) Somewhat useful [=====> ] 286 (17.418%) Very useful [======> ] 350 (21.315%) Extraordinarily cool [=====> ] 332 (20.219%) Improved MS Windows front end (Score: 640; 1625 answers; 5 distinct) A BAD thing [====> ] 262 (16.123%) Neutral [============> ] 710 (43.692%) Somewhat useful [=====> ] 285 (17.538%) Very useful [====> ] 225 (13.846%) Extraordinarily cool [==> ] 143 (8.800%) Clippy (Score: -1588; 1676 answers; 5 distinct) A BAD thing [====================> ] 1189 (70.943%) Neutral [==> ] 172 (10.263%) Somewhat useful [> ] 55 (3.282%) Very useful [> ] 45 (2.685%) Extraordinarily cool [===> ] 215 (12.828%) -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Nmap Survey results and Matrix Redux Fyodor (May 27)