Nmap v7.98 has been released. (21-August-2025) Nmap | Download | Repository | Changelog | Spoiler Nmap 7.98 [2025-08-21] § [SECURITY] Rebuilt the Windows self-installer with NSIS 3.11, addressing CVE-2025-43715--a race condition in earlier NSIS versions that could allow local attackers to escalate to SYSTEM privileges when a vulnerable installer is run as SYSTEM. The Nmap installer does not run as SYSTEM by default. Upgraded included libraries: OpenSSL 3.0.17, Lua 5.4.8 [Windows] Upgraded the included version of Npcap from 1.82 to 1.83, improving compatibility with PPPoE connections. See https://npcap.com/changelog [macOS][GH#3127] Fix “dnet: Failed to open device en0” errors on macOS since Nmap 7.96. [Daniel Miller] Fixed an issue in FTP bounce scan where a single null byte is written past the end of the receive buffer. The issue is triggered by a malicious server but does not cause a crash with default builds. [Tyler Zars] [GH#3130] Fix a crash (stack exhaustion due to excessive recursion) in the parallel DNS resolver. Additionally, improved performance by processing responses that come after the request has timed out. [Daniel Miller] [GH#2148] Fix the error, “Assertion failed: (datalink == DLT_EN10MB), function begin_sniffer, file scan_engine_raw.cc" when using Nmap with certain VPN interfaces. [Daniel Miller] [GH#2757] Fix a crash in traceroute when using randomly-generated decoys: “Assertion `source->ss_family == AF_INET' failed" [Daniel Miller] [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers that are registered as Extension Header values. When the --data option was used, these would fail the assertion “len == (u32) ntohs(ip6->ip6_plen)" [Daniel Miller] [GH#3086] Prevent TCP Connect scan (-sT) from leaking one socket per hostgroup, which led to progressively slower scans and assertion failures in other scan phases. [Daniel Miller] [NSE][GH#3133] Fix the error “nse_nsock.cc:637: void receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == 1' failed." when reading from an SSL connection. [Daniel Miller] [NSE] Added NSE bindings for more libssh2 functions: channel_request, channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive. ssh-brute will now use keyboard-interactive auth if password auth is not offered. [Daniel Miller, CrowdStrike] [NSE][GH#3014] Fix dns-zone-transfer to handle nontraditional TLDs [Daniel Miller] Fix a bug that was causing Nmap to send empty DNS packets for each target that was not found instead of just skipping them for reverse DNS. [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including post-quantum ciphersuites. [GH#3114][Windows] Use only the DNS servers for up and configured interfaces for forward and reverse DNS lookups. When -e or -S are used, use only DNS servers that can be connected via that interface or source address. [Daniel Miller] [Ndiff][GH#3115] Configured script check for PyPA 'build' module. [Daniel Miller] [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover the latest strings. [Zenmap][GH#2718] Zenmap language translation (i18n) files were not being installed. [Daniel Miller] [Zenmap][GH#3066] Fix Zenmap error “ValueError: I/O operation on closed file” when Nmap crashes or fails. [Daniel Miller] [Zenmap][GH#3084][GH#3127] Fix UnicodeDecodeError issues in ScriptMetadata and UmitConfigParser. [Daniel Miller] [NSE][GH#3123] WS-Discovery parsing would error out if the MessageID UUID was not prefixed with “urn:”. [nnposter]
