Back to Home

Nmap 7.99: NSE and Npcap updates

Nmap 7.99 Release includes library updates, Npcap 1.87, and support for VPN interfaces on Windows. Improved NSE script for detecting internal IPs with IPv6 and HTTPS. Version focused on stability and compatibility for professional network audits.

Nmap 7.99 Release: what's new for pentesters
Advertisement 728x90

# Nmap 7.99: Updates for Network Scanning and Auditing

In March 2026, version 7.99 of the popular network security scanner Nmap was released. This multi-platform solution for network auditing and active service discovery has been around for over 25 years. The previous stable release dates back to August 2025. The code is written in C, C++, and Lua, and is distributed under the NPSL license—a GPLv2-based license with recommendations for OEM integration and commercial licenses for closed-source products.

Builds are available for Linux, macOS, Windows, and UNIX systems like Solaris, FreeBSD, NetBSD, and OpenBSD. The main efforts in the new version focus on bug fixes, library updates, and expanding functionality.

Key Library and Component Updates

Nmap 7.99 includes up-to-date versions of dependencies, boosting security and performance:

Google AdInline article slot
  • OpenSSL 3.0.19;
  • libpcap 1.10.6;
  • libpcre2 10.47;
  • liblinear 2.50;
  • zlib 1.3.2.

Npcap in the Windows package has been updated from 1.83 to 1.87. Stability crashes related to packet capture have been fixed. This is critical for intensive scanning scenarios.

The graphical interface Zenmap is now distributed as a whl for Python 3. This approach simplifies installation on any compatible systems, replacing rpm packages.

New Scanning Features

Windows now supports scanning via virtual VPN interfaces, including OpenVPN TAP. This lets you analyze traffic in tunnels without extra setup.

Google AdInline article slot

The build process has been optimized for cross-platform use. Better compatibility with various environments lowers barriers for developers and admins.

The NSE script http-internal-ip-disclosure has key improvements:

  • Support for IPv6 and HTTPS.
  • Enhanced accuracy in parsing server responses.
  • Retained mechanism: sending an HTTP/1.0 request without the Host header to expose the web server's internal IP.
-- Example NSE script (fragment for demo logic)
portrule: function(host, port)
  return port.protocol == "tcp" and (port.service == "http" or port.service == "https")
end

action = function(host, port)
  local http = require("http")
  local stdnse = require("stdnse")
  local response = http.get(host, port, "/", { header={} })
  -- Parsing to extract IP
end

The script is handy for pentesting, where spotting internal topology behind NAT or proxies is key.

Google AdInline article slot

Signature Database and Fixes

New identifiers for app versions, OSes, and services have been added. This sharpens device detection in heterogeneous networks. Previously found bugs impacting scan reliability have been squashed.

The changes target mid- to senior-level pros: from build tweaks to NSE extensions. For production setups, updating is advised to cut risks from outdated libraries.

Key Takeaways

  • Npcap update to 1.87 fixes packet capture crashes on Windows.
  • VPN interface support (OpenVPN TAP) expands scanning use cases.
  • NSE script http-internal-ip-disclosure now handles IPv6 and HTTPS.
  • Universal whl for Zenmap simplifies Python 3 deployment.
  • Fresh libraries reduce vulnerabilities in the dependency chain.

— Editorial Team

Advertisement 728x90

Read Next