Nmap Development Mailing List

Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.

List Archives

Latest Posts

Re: NSE submission: detect & enumerate AI infrastructure (MCP servers + LLM inference APIs) Arturo 'Buanzo' Busleiman (Jun 30)
Hi, nice work! This may also be useful, I mentioned it to Fyodor privately
a couple weeks ago and forgot to mention here:

https://github.com/buanzo/lua-mcp
https://github.com/buanzo/lua-mcp/blob/liblua-mcp-latest/examples/nmap/mcp-listen.nse

Cheers!

NSE submission: detect & enumerate AI infrastructure (MCP servers + LLM inference APIs) Ben Williams via dev (Jun 20)
Hi,
I've opened a PR adding three NSE scripts and two shared nselibs to detect and enumerate two classes of AI
infrastructure that nmap doesn't currently cover:

* mcp-info (discovery, safe, version) + mcp-enum (discovery, safe): MCP server detection (initialize handshake over
Streamable HTTP + legacy SSE), OAuth 2.1 protected-resource discovery (RFC 9728), and read-only tools/resources/prompts
enumeration with schema-based risk...

[PATCH] nselib/bitcoin: add address classification helpers (refs #2857, PR #3371) Melo via dev (May 25)
PR #3371 adds three functions to nselib/bitcoin.lua:

- looks_like_address(value) -- regex candidate detection
- validate_address(value) -- Base58Check, Bech32, Bech32m validation
- classify_address(value) -- high-level classification

Supports mainnet, testnet, and regtest with full unittest (38/38 pass).
No network calls, no external APIs, no real keys, no changes to existing scripts.

PR: https://github.com/nmap/nmap/pull/3371
Issue:...

[NSE] matter-identify: identify Matter smart-home devices via mDNS Balázs Zoltán (May 11)
Hi,

Attached is matter-identify.nse, a new discovery script for identifying
Matter (formerly Project CHIP) smart-home devices.

It sends DNS PTR queries to 5353/udp for the three Matter service types
defined in the Matter Core Spec section 4:

_matter._tcp.local commissioned / operational nodes
_matterc._udp.local nodes in commissioning mode
_meshcop._udp.local Thread border routers

TXT records are decoded into VID,...

Re: Rahmat Ramadhan (May 01)
gaa

Pada Sen, 9 Mar 2026 08:20, Juan jose Rodriguez <
juanjoserodriguezmontoya35 () gmail com> menulis:

[PATCH 0/5] ALPN-based HTTP/2 service detection improvements Urval Kheni (Apr 14)
Hi,

This patch series introduces ALPN-based improvements to service detection
for TLS services.

It adds support for extracting the negotiated ALPN protocol and uses
"h2" as a conservative fallback signal to infer HTTP over TLS when
service detection fails.

This improves detection of HTTP/2-only services, which return binary
responses not recognized by existing probes.

The changes are structured as follows:

1. Fix OpenSSL provider...

Bug Report: ssl-enum-ciphers fails (EOF) on CloudFront/ECDSA targets supporting TLS 1.2 Jack Seredyniecki via dev (Apr 14)
Hello nmap dev team,

I am reporting a false negative where ssl-enum-ciphers fails to detect TLS
1.2 on a CloudFront target (itwisegroup.com:443) that uses an ECDSA
certificate and Post-Quantum hybrid key exchange (X25519MLKEM768).
While sslscan and openssl confirm TLS 1.2 is active, Nmap reports only TLS
1.3. My debug logs show the server is dropping the connection (EOF) during
the Nmap TLS 1.2 handshake attempt:
NSE: [ssl-enum-ciphers...

[PATCH] Support Linux capabilities for non-root raw packet scanning Ali Norouzi via dev (Apr 14)
Hi everyone,

I just opened a PR that adds support for Linux capabilities, allowing nmap to
perform raw packet scans without sudo when the binary has `CAP_NET_RAW` set via
setcap:

https://github.com/nmap/nmap/pull/3333

Please review.

Best,
Ali

Fix for issue #3326 advait deshmukh (Apr 14)
Issue link <https://github.com/nmap/nmap/issues/3326>
Pull request link <https://github.com/nmap/nmap/pull/3337>
I read the source code and, from what I understood, the current output
appears to be intentional. The ipv4 value being shown seems to refer to the
next header, i.e., the protocol of the packet encapsulated within the outer
packet, which in this case is IPv6.
Since the user has explicitly specified -6 in the command, it...

More Lists

Dozens of other network security lists are archived at SecLists.Org.