Free Security Scanner For Network Exploration & Security Audits

Zenmap

Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more.

Subscribe
Download Zenmap 7.94

Zenmap

  -  30.96 MB  -  Open Source
  • Latest Version

    Zenmap 7.94 LATEST

  • Review by

    Michael Reynolds

  • Operating System

    Windows 10 (32-bit) / Windows 10 (64-bit) / Windows 11

  • User Rating

    Click to vote
  • Author / Product

    Gordon Lyon / External Link

  • Filename

    nmap-7.94-setup.exe

  • MD5 Checksum

    aa6475a105c2c47ac2888b6daaaaf109

Zenmap is the official cross-platform GUI for the Nmap Security Scanner. Zenmap (Network Mapper) is a free and open-source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Zenmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts.

Zen map runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and macOS.

  • Zenmap 7.94 Screenshots

    The images below have been resized. Click on them to view the screenshots in full size.

What's new in this version:

Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made this effort possible:
- [Zenmap]Updated Zenmap to Python 3 and PyGObject
- [Ndiff]Updated Ndiff to Python 3
- Additional Python 3 update fixes
- [Windows]Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.71 to the latest version 1.75. It includes dozens of performance improvements, bug fixes and feature enhancements described at
- Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC prefix used previously for lookups.
- Added partial silent-install support to the Nmap Windows installer. It previously didn't offer silent mode (/S) because the free/demo version of Npcap Windoes packet capturing driver that it needs and ships with doesn't include a silent installer. Now with the /S option, Nmap checks whether Npcap is already installed (either the free version or OEM) and will silently install itself if so. This is similar to how the Wireshark installer works and is particularly helpful for organizations that want to fully automate their Nmap (and Npcap) deployments.
- Lots of profile-guided memory and processing improvements for Nmap, including OS fingerprint matching, probe matching and retransmission lookups for large hostgroups, and service name lookups. Overhauled Nmap's string interning and several other startup-related procedures to speed up start times, especially for scans using OS detection
- Integrated many of the most-submitted IPv4 OS fingerprints for recent versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints, bringing the new total to 5700!
- [NSE]dded the tftp-version script which requests a nonexistent file from a TFTP server and matches the error message to a database of known software
- [Ncat]Ncat can now accept "connections" from multiple UDP hosts in listen mode with the --keep-open option. This also enables --broker and --chat via UDP
- Upgraded OpenSSL binaries (for the Windows builds and for RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602; CVE-2022-3786) which don't impact Nmap proper since it doesn't do certificate validation, but could possibly impact Ncat when the --ssl-verify option is used.
- Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
- Removed the bogus OpenSSL message from the Windows Nmap executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL legacy provider failed to load." We actually already have the legacy provider built-in to our OpenSSL builds, and that's why loading the external one fails.
- UDP port scan (-sU) and version scan (-sV) now both use the same data source, nmap-service-probes, for data payloads. Previously, the nmap-payloads file was used for port scan. Port scan responses will be used to kick-start the version matching process
- Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel, the same as it already does for TCP services with SSL/TLS encryption. The DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent sooner in the scan
- [Ncat]Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections
- Handle Internationalized Domain Names (IDN) like ??????.?? on platforms where getaddrinfo supports the AI_IDN flag
- [Ncat]Addressed an issue from the Debian bug tracker
- Improved DNS domain name parsing to avoid recursion and enforce name length limits, avoiding a theoretical stack overflow issue with certain crafted DNS server responses, reported
- [NSE]Fix mpint packing in ssh2 library, which was causing OpenSSH errors like "ssh_dispatch_run_fatal: bignum is negative"
- Updates to the Japanese manpage translation
- [Ncat]Dramatically speed up Ncat transfers on Windows
- [Windows]Periodically reset the system idle timer to keep the system from going to sleep while scans are in process. This only affects port scans and OS detection scans, since NSE and version scan do not rely on timing data to adjust speed.
- Updated the Nmap Public Source License (NPSL) to Version 0.95. This just clarifies that the derivative works definition and all other license clauses only apply to parties who choose to accept the license in return for the special rights granted (such as Nmap redistribution rights). If a party can do everything they need to using copyright provisions outside of this license such as fair use, we support that and aren't trying to claim any control over their work. Versions of Nmap released under previous versions of the NPSL may also be used under the NPSL 0.95 terms.
- Avoid storing many small strings from IPv4 OS detection results in the global string_pool. These were effectively leaked after a host is done being scanned, since string_pool allocations are not freed until Nmap quits.

Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more.

Subscribe