Nmap Development Mailing List

• Current Quarter
• RSS Feed
• About List
• All Lists

Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.

List Archives

• Jan–Mar
• Apr–Jun
• Jul–Sep
• Oct–Dec
• 2026
• 6
• 5
• –
• –
• 2025
• 14
• 3
• –
• 8
• 2024
• 1
• 12
• 14
• 9
• 2023
• 10
• 26
• 17
• 24
• 2022
• 10
• 12
• 12
• 4
• 2021
• 33
• 14
• 11
• 15
• 2020
• 12
• 39
• 29
• 38
• 2019
• 98
• 44
• 50
• 16
• 2018
• 55
• 54
• 49
• 58
• 2017
• 303
• 199
• 202
• 68
• 2016
• 356
• 269
• 310
• 192
• 2015
• 427
• 375
• 384
• 308
• 2014
• 358
• 571
• 514
• 390
• 2013
• 422
• 534
• 664
• 337
• 2012
• 739
• 993
• 1068
• 533
• 2011
• 1148
• 1302
• 925
• 638
• 2010
• 1248
• 1035
• 916
• 793
• 2009
• 928
• 846
• 1116
• 732
• 2008
• 568
• 911
• 1038
• 809
• 2007
• 305
• 509
• 479
• 832
• 2006
• 410
• 497
• 447
• 326
• 2005
• 175
• 257
• 202
• 251
• 2004
• 173
• 80
• 131
• 178
• 2003
• 58
• 113
• 141
• 91
• 2002
• 58
• 90
• 59
• 77
• 2001
• 18
• 3
• 51
• 46
• 2000
• –
• –
• 77
• 20

Latest Posts

Re: Rahmat Ramadhan (May 01)
gaa

Pada Sen, 9 Mar 2026 08:20, Juan jose Rodriguez <
juanjoserodriguezmontoya35 () gmail com> menulis:

[PATCH 0/5] ALPN-based HTTP/2 service detection improvements Urval Kheni (Apr 14)
Hi,

This patch series introduces ALPN-based improvements to service detection
for TLS services.

It adds support for extracting the negotiated ALPN protocol and uses
"h2" as a conservative fallback signal to infer HTTP over TLS when
service detection fails.

This improves detection of HTTP/2-only services, which return binary
responses not recognized by existing probes.

The changes are structured as follows:

1. Fix OpenSSL provider...

Bug Report: ssl-enum-ciphers fails (EOF) on CloudFront/ECDSA targets supporting TLS 1.2 Jack Seredyniecki via dev (Apr 14)
Hello nmap dev team,

I am reporting a false negative where ssl-enum-ciphers fails to detect TLS
1.2 on a CloudFront target (itwisegroup.com:443) that uses an ECDSA
certificate and Post-Quantum hybrid key exchange (X25519MLKEM768).
While sslscan and openssl confirm TLS 1.2 is active, Nmap reports only TLS
1.3. My debug logs show the server is dropping the connection (EOF) during
the Nmap TLS 1.2 handshake attempt:
NSE: [ssl-enum-ciphers...

[PATCH] Support Linux capabilities for non-root raw packet scanning Ali Norouzi via dev (Apr 14)
Hi everyone,

I just opened a PR that adds support for Linux capabilities, allowing nmap to
perform raw packet scans without sudo when the binary has `CAP_NET_RAW` set via
setcap:

https://github.com/nmap/nmap/pull/3333

Please review.

Best,
Ali

Fix for issue #3326 advait deshmukh (Apr 14)
Issue link <https://github.com/nmap/nmap/issues/3326>
Pull request link <https://github.com/nmap/nmap/pull/3337>
I read the source code and, from what I understood, the current output
appears to be intentional. The ipv4 value being shown seems to refer to the
next header, i.e., the protocol of the packet encapsulated within the outer
packet, which in this case is IPv6.
Since the user has explicitly specified -6 in the command, it...

Interview Invitation for Educational Research Muhammad Hassan Tanveer via dev (Mar 31)
Hello Everyone!

We are conducting a research study on how organizations handle the
aftermath of cybersecurity incidents and we would greatly value your
perspective. Our focus is on what happens after a security incident is
resolved. How do teams reflect on these events? How do organizations
learn from incidents?

Are you a cybersecurity practitioner? We would love to hear from you! We
invite you to participate in a ~45-minute online...

Re: GSoC 2026: Password Security Wizard - Optimizing the NSE Brute Library Adithya Shetty (Mar 13)
Ah, my mistake.

I completely missed that banner on the site.

Thanks for letting me know Gordon

[no subject] Juan jose Rodriguez (Mar 08)
Contraseña

GSoC 2026: Password Security Wizard - Optimizing the NSE Brute Library Adithya Shetty (Mar 02)
Hi Nmap Development Team and Fotis,

My name is Adithya, and I am a 4th-semester Computer Science student
specializing in Cybersecurity. I am writing to express my strong interest
in the "Password Security Wizard" project for GSoC 2026.

Over the past few days, I have cloned the repository, set up my build
environment, and have been digging into the nselib/brute.lua library and
several of the -brute.nse scripts (specifically focusing on...

Question about Nmap and GSoC 2026 Sweekar (Jan 29)
Hi Nmap developers,

I am a student contributor and have previously worked on Nmap. I am
preparing for Google Summer of Code 2026 and wanted to ask whether Nmap is
considering participating as a mentoring organization this year, or if
there are no plans at this time.

Thank you for your time and for maintaining such an important project.

Best regards,
Sweekar

PR #3277: Clean up and harden POP3 helper login functions Sweekar (Jan 23)
Hello Nmap Developers,
As suggested in CONTRIBUTION.md i am writing this mail to notify about my PR
https://github.com/nmap/nmap/pull/3277

This PR refactors and fixes the POP3 authentication helper functions used
by NSE scripts, including pop3-brute.nse.

Main changes:

-

Hardened SASL LOGIN handling
-

Improved SASL PLAIN and CRAM-MD5 logic
-

Corrected APOP handling and report missing OpenSSL support
-

Normalized...

More Lists

Dozens of other network security lists are archived at SecLists.Org.