Zmap Versions Save

This release features several bug fixes and optimizations since v4.1.0-RC-2

Enhancements

• Use same IP TTL as ubuntu (#850)
• Add TCP options parsing in receive thread (#858)

Bug Fixes

• fix inaccurate max_packet_length with TCP options (#853)
• Fix inaccurate hit-rate printed during scan when using output filtering (#864)

Optimizations

• use existing timestamp info in libpcap to avoid the system call (#848)
• Increase the slow_start definition to 200 pps, using less CPU at lower send rates (#851)
• Reduce memory used for radix cache (#860)

This release contains several bug fixes found since tagging v4.1.0-RC1:

1. Inaccurate estimated time remaining and percentage complete calculations during a multi-port scan
2. Fixed building from source on MidnightBSD
3. Fixed hitrate calculation with multiple --probes packets per target

This release has several performance improvements and many bug fixes for various reported issues. We'll push this to the various OS package managers in about a month barring any reported issues!

Changes

• Randomize the IP packet ID to prevent fingerprinting of scan traffic
• Add support for Netmap to increase performance on supported NIC's w/ the requisite drivers
• Add hardware acceleration for AES to improve performance when the CPU begins to become the bottleneck
• Added integration tests and compilation checks for supported OS's as Github Actions
• Added --probe-args options to the TCP SYN scan module to send TCP header options identical to Ubuntu (default), MacOS, Windows, or No Options.
• Various other bug fixes and enhancements

Thanks to everyone who helped contribute features towards this release! cc: @droe @WangYihang @gutjuri @zakird

ZMap 4.0.0 (RC1) introduces the notion of multi-port scanning, which has been a long requested feature. This is a breaking change since ZMap now operates on a metric of (ip,port) target instead of simply IP (e.g., for scan rate). It also introduces new dependencies (e.g., libjudy) to support multi-port scanning and changes ZMap's command-line interface.

Features:

• Multi-port scanning support
• Store link-layer timestamp in icmp_echo_time module (#726)
• Build support for ARM-based Macs

We're happy to provide ZMap 3.0.0, only slightly under six years late. We recommend using this release over any previous 2.x release.

ZMap 3.0.0 represents several years of development and contains more than a hundred small bug fixes from ZMap 2.1.1., including many fixes for UDP modules, sharding, and progress calculation. Below, are some of the most important changes:

Bugs:

• Fix send rate calculations
• Accept RST packets for SEQ+0 (per RFC)
• Packets per second is packets per second now instead of IPs per second
• MaxResults is now the number of packets that pass the output filter (https://github.com/zmap/zmap/pull/502)
• Try all routing tables in Linux
• Fix crash on invalid UDP packets
• Fix failed initialize on single-question DNS probes
• Fix inaccurate blocklist warning
• Use monotonic OS clocks for monitoring and rate estimation
• Fix bugs in UDP template arguments
• Increase UDP PCAP snaplen to prevent packet truncation
• Exit on failed sends
• Fix incorrect time remaining calculations on sharded scans

Features:

• Added --list-of-ips feature which allows scanning a large number (e.g., hundreds of millions or billons) of individual IPS
• Improved user messages when network settings can't be automatically discovered
• Consistent ICMP support and handling across all probe modules (https://github.com/zmap/zmap/pull/470)
• Set TCP MSS flags to avoid filtering by destination hosts (https://github.com/zmap/zmap/pull/673)
• Sane default behavior that can be explained with other CLI flags
• Non-Flat Result output and JSON result encoding
• IP Fragment Checking
• DNS, TCP SYN-ACK, and Bacnet Probe Module
• Change Whitelist/Blacklist terms to Allowlist/Blocklist
• Add extended validation bytes for probe modules that can use greater entropy
• Support non-continuous source IP's (https://github.com/zmap/zmap/pull/516)
• Add NetBSD and DragonFly BSD compatibility code (https://github.com/zmap/zmap/pull/411)
• Improved ICMP validation based on returned packet (https://github.com/zmap/zmap/pull/419)

Removed Functionality:

• Drop Redis and MongoDB support (https://github.com/zmap/zmap/pull/661)

Fix bug in monitor.c that incorrectly reported time remaining.

Fixes for bugs found in 3.0.0 Beta 1, mostly centering around the UDP module.

• Fix crash on invalid UDP packets
• Fix failed initialize on single-question DNS probes
• Fix inaccurate blocklist warning
• Use monotonic OS clocks for monitoring and rate estimation
• Fix bugs in UDP template arguments
• Increase UDP PCAP snaplen to prevent packet truncation
• Exit on failed sends

ZMap 3.0.0 represents several years of development and contains more than a hundred small bug fixes from ZMap 2.1.1. Below, are some of the most important changes:

Bugs:

• Fix send rate calculations
• Fixed support for PF_RING
• Accept RST packets for SEQ+0 (per RFC)
• Packets per second is packets per second now instead of IPs per second
• MaxResults is now the number of packets that pass the output filter (#502)
• Try all routing tables in Linux

Features:

• Added --list-of-ips feature which allows scanning a large number (e.g., hundreds of millions or billons) of individual IPS
• Improved user messages when network settings can't be automatically discovered
• Consistent ICMP support and handling across all probe modules (#470)
• Set TCP MSS flags to avoid filtering by destination hosts (#673)
• Sane default behavior that can be explained with other CLI flags
• Non-Flat Result output and JSON result encoding
• IP Fragment Checking
• DNS, TCP SYN-ACK, and Bacnet Probe Module
• Change Whitelist/Blacklist terms to Allowlist/Blocklist
• Add extended validation bytes for probe modules that can use greater entropy
• Support non-continuous source IP's (#516)
• Add NetBSD and DragonFly BSD compatibility code (#411)
• Improved ICMP validation based on returned backet (#419)

Removed Functionality:

• Drop Redis and MongoDB support (#661)