Hi everyone. This is the first nmap-hackers message of the
year, but
we haven't been slacking. The nmap-dev list has more than
500 posts
so far this quarter, and we've made many great improvements
to Nmap
during the period.
Nmap-hackers is reserved for the most important Nmap news,
but that
won't prevent me from starting out this message with
something
frivolous  . I
recently learned that Nmap was in not just one, but
two major motion pictures last year! In addition to the
known Bourne
Ultimatum appearance, I now have screen shots of Nmap being
used in
Die Hard 4: Live Free or Die Hard. I've posted them to the
new Nmap
movies page:
http://nmap.org/movies.ht
ml
Nmap has become quite the movie star! Who knows where it
will show up
in 2008.
The other exciting news I have for you is that Nmap 4.60 has
been
released. The changelog (http://nmap.org/change
log.html) notes more
than 60 important changes since 4.50. This includes a new
and shorter
URL (nmap.org rather than insecure.org/nmap/), massive OS
detection and
version detection signature updates, many new Nmap Scripting
Engine
scripts, bug fixes, performance optimization, and more. It
is
available now from the download page:
http://nmap.org/downloa
d.html
Don't hesitate to let us know on nmap-dev if you find any
problems.
Here is the detailed list of changes since 4.50:
4.60
o Nmap has moved. Everything at http://insecure.org/nmap/ can now be
found at http://nmap.org .
That should save your fingers from a
little bit of typing. Even though transparent redirectors
are in
place for the old URLs, please update your links and
bookmarks. And
if you don't have a link to Nmap on your web site, now is
a good
time to add one .
o All of your OS detection fingerprints up until March 10,
2008 have
now been integrated by David. The second generation
database has
grown from 1,085 fingerprints representing 421 operating
systems/devices, to 1,304 fingerprints representing 478
systems.
That is an increase of more than 20%. New fingerprints
were added
for Mac OS X Tiger, iPod Touch, the La Fonera WAP, FreeBSD
7.0,
Linux 2.6.24, Windows 2008, Vista, OpenBSD 4.2, and of
course
hundreds of broadband routers, VoIP phones, printers, some
crazy
oscilloscope, etc. We get a ton of new fingerprint
submissions, but
not as many corrections. Please remember to visit
http://nmap.org/submit/
if Nmap gives you bad results, whether they
are completely wrong or just a slight mistake (like Nmap
says Linux
2.6.20-2.6.23, but you're running 2.6.24). Of course you
need to be
certain you know exactly what is running on the target
before you do
this.
o All of your service fingerprints and corrections submitted
until
January 14, 2008 have now been integrated by Doug. As
usual, he has
documented his adventures at http://hcsw.org/blog.pl/33
. More than
a hundred signatures were added, growing the database to
4,645
signatures for 457 services. Corrections are welcome for
service
detection too -- visit http://nmap.org/submit/
if you get incorrect results.
o Nmap now saves the target name (if any) specified on the
command
line, since this can differ from the reverse DNS results.
It can be
particularly important when doing HTTP tests against
virtual hosts.
The data can be accessed from target->TargetName() from
Nmap proper
and host.targetname from NSE scripts. The NSE HTTP
library now uses
this for the Host header. Thanks to Sven Klemm for adding
this
useful feature.
o Added NSE HTTP library which allows scripts to easily
fetch URLs
with http.get_url() or create more complex requests with
http.request(). There is also an http.get() function
which takes
components (hostname, port, and path) rather than a URL.
The
HTTPAuth, robots, and showHTMLTitle NSE scripts have been
updated to
use this library. Sven Klemm wrote all of this code.
o Fixed an integer overflow in the DNS caching code that
caused nmap
to loop infinitely once it had expunging the cache of
older
entries. Thanks to David Moore for the report, and Eddie
Bell for
the fix.
o Fixed another integer overflow in the DNS caching code
which caused
infinite loops. [David]
o Added IPv6 host support to the RPC scan. Attempting this
before
(via -sV) caused a segmentation fault. Thanks to Will
Cladek for
the report. [Kris]
o Fixed an event handling bug in NSE that could cause
execution of
some in-progress scripts to be excessively delayed.
[Marek]
o A new NSE table library (tab.lua) allows scripts to
deliver better
formatted output. The Zone transfer script
(zoneTrans.nse) has been
updated to use this new facility. [Eddie]
o Rewrote HTTPpasswd.nse to use Sven's excellent HTTP
library and to
do some much-needed cleaning up. [Kris]
o Added a new MsSQL version detection probe and a bunch of
match lines
developed by Tom Sellers.
o Added a new service detection probe and signatures for the
memcached
service [Doug]
o Added new service detection probes and signatures for the
Beast
Trojan and Firebird RDBMS. [Brandon Enright]
o Fixed a crash in Zenmap which occurred when attempting to
edit or
create a new profile based on an existing one when there
wasn't one
selected. The error message was:
'NoneType' object has no attribute 'toolbar'
Now a new Profile Editor is opened. Thanks to D1N
(d1n inbox.com)
for the report. [Kris]
o Fixed another crash in Zenmap which occurred when exiting
the
Profile Editor (while editing an existing profile) by
clicking the
"X", then going to edit the same profile again.
The error message
was: "No option named '' found!". Now the same
window that appears
when clicking Cancel comes up when clicking "X".
Thanks to David
for reporting this bug. [Kris]
o Another Zenmap bug was fixed: ports consolidated into
"extra ports"
groups are now counted and shown in the "Host
Details" tab. The
closed, filtered and scanned port counts in this tab
didn't contain
this information before so they were usually very
inaccurate. [Kris]
o Another Zenmap bug was fixed: the --scan-delay and
--max-scan-delay
buttons ("amount of time between probes") under
the Advanced tab in
the Profile Editor were backwards. [Kris]
o Added the UDP Scan (-sU) and IPProto Ping (-PO) to
Zenmap's Profile
Editor and Command Wizard. [Kris]
o Reordered the UDP port selection for Traceroute: a closed
port is
now chosen before an open one. This is because an open
UDP port is
usually due to running version detection (-sV), so a
Traceroute
probe wouldn't elicit a response. [Kris]
o Add Famtech Radmin remote control software probe and
signatures to
the Nmap version detection DB. [Tom Sellers, Fyodor]
o Add "Conection: Close" header to requests from
HTTP NSE scripts so
that they finish faster. [Sven Klemm]
o Update SSLv2-support NSE script to run against more
services which
are likely SSL. [Sven Klemm]
o A bunch of service name canonicalization was done in the
Nmap
version detection file by Brandon Enright (e.g.
capitalizing D-Link
and Netgear consistently).
o Upgraded the shipped LibPCRE from version 7.4 to 7.6.
[Kris]
o Updated to latest (as of 3/15) autoconf
config.sub/config.guess
files from http://cvs.savannah.gnu.org/viewvc/config/?root=config
.
o We now escape newlines, carriage returns, and tabs
(nrt) in XML
output. While those are allowed in XML attributes, they
get
normalized which can make formatting the output difficult
for
applications which parse Nmap XML. [Joao Medeiros, David,
Fyodor]
o The Zenmap man page is now installed on Unix when
"make install" is
run. This was supposed to work before, but didn't.
[Kris]
o Fixed a man page bug related to our DocBook to Nroff
translation
software producing incorrect Nroff output. The man page
no longer
uses the ".nse" string which was being confused
with the Nroff
no-space mode command. [Fyodor]
o Fixed a bug in which some NSE error messages were
improperly escaped
so that a message including "c:nmap" would end
up with a newline
between "c:" and "map".
o Updated IANA assignment IP list for random IP (-iR)
generation. [Kris]
o The DocBook XML source code to the Nmap Scripting Engine
docs
(http://nmap.org/nse/)
is now in SVN under docs/scripting.xml .
4.53
o Impoved Windows executable installer by making uninstall
wor. [Rob Nicholls]
o The Nmap Scripting Engine (NSE) now supports run-time
interaction
and the Nmap --host-timeout option. [Doug]
o Added nmap.fetchfile() function for scripts so they can
easily find
Nmap's nmap-* data files (such as the OS/version detection
DBs, port
number mapping, etc.) [Kris]
o Updated rpcinfo.nse to use nmap.fetchfile() to read from
nmap-rpc
instead of having a huge table of RPC numbers. This
reduced the
script's size by nearly 75%. [Kris]
o Fixed multiple NSE scripts that weren't always properly
closing their
sockets. The error message was:
"bad argument #1 to 'close' (nsock expected, got no
value)" [Kris]
o Added a new version detection probe for the Trend Micro
OfficeScan
product line. [Tom Sellers, Doug]
4.51BETA
o We now have a detailed Zenmap Guide at http://nmap.org/zenmapgu
ide/ .
Thanks to David for writing it.
o Added rpcinfo.nse script, which contacts a listening RPC
portmapper
and reports the listening services and port information
(like
rpcinfo -p does). The script was written by Sven Klemm.
Fyodor
then enhanced the RPC number list with all of the entries
from
nmap-rpc.
o Added a new NSE script (MySQLinfo) which prints MySQL
server information
such as the protocol and version numbers, status, thread
id, capabilities,
and password salt. [Kris]
o Nmap's output options (-oA, -oX, etc.) now support
strftime()-like
conversions in the filename. %H, %M, %S, %m, %d, %y, and
%Y are
all the same as in strftime(). %T is the same as %H%M%S,
%R is the
same as %H%M, and %D is the same as %m%d%y. A % followed
by any
other character just yields that character (%% yields a
%). This
means that "-oX 'scan-%T-%D.xml'" uses an XML
file in the form of
"scan-144840-121307.xml". [Kris]
o Fixed Winpcap installer to install the right version of
Packet.dll
on Windows Vista. [Fyodor]
o Fixed our Winpcap installer so that it waits for a Winpcap
uninstall
(if needed) to complete before trying to install the new
Winpcap.
[Jah]
o Fix a bunch of warning/error messages which contained an
extra
newline. [Brandon Enright]
o Fixed an error when attempting to scan localhost as an
unprivileged
user on Windows (nmap --unprivileged localhost). The error
was:
"Skipping SYN Stealth Scan against localhost
(127.0.0.1) because
Windows does not support scanning your own machine
(localhost) this
way."
Now connect scan is used instead of SYN scan. [David]
o Fixed a bug that prevented the --resume option from
working on
Windows. The error message was:
..utils.cc(996): CreateFileMapping(), file 'testresume',
length 103,
mflags 000 00006: The parameter is incorrect.(87)
[Fixed by David, reported by Rob Nicholls]
o Zenmap's new web page (http://nmap.org/zenmap/)
is now shown in the
Zenmap about dialogue.
o On Windows, paths beginning with are now considered
absolute when
used with the --script option. jah
(jah(a)zadkiel.plus.com) suggested
this. [David]
o Zenmap no longer double-spaces its output (by
inadvertently
duplicating newlines) when viewing scan results that were
saved to a
file. [Joao Medeiros]
o Upgraded the shipped LibPCRE from version 7.2 to 7.4.
[Kris]
o Fixed Zenmap crash that occurred when selecting Help from
the Compar
Enjoy!
Fyodor
_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org
|