heading off for thanksgiving

CHANGELOG

@@ -1,5 +1,36 @@
 # Nmap Changelog ($Id$)
 
+UNRELEASED
+
+o Wrote a new man page from scratch.  It is much more comprehensive
+  (more than twice as long) and (IMHO) better organized than the
+  previous one.  Read it online at http://www.insecure.org/nmap/man/
+  or docs/nmap.1 from the Nmap distribution.  Let me know if you have
+  any ideas for improving it.  I am also looking for translations.  If
+  you are interested in translating to a language not already found at
+  http://www.insecure.org/nmap/nmap_documentation.html , please mail
+  Fyodor for the DocBook XML source to translate.
+
+o Removed foreign translations of the old man page from the
+  distribution.  Included the following contributed translations
+  (nroff format) of the new man page:
+    Brazilian Portuguese by Lucien Raven (lucienraven(a)yahoo.com.br)
+
+o Wrote a new "help screen", which you get when running Nmap without
+  arguments.  It is also reproduced in the man page and at
+  http://www.insecure.org/nmap/data/nmap.usage.txt .  I gave up trying
+  to fit it within a 25-line, 80-column terminal window.  It is now 78
+  lines and summarizes all but the most obscure Nmap options.
+
+o Fixed a problem which caused UDP version scanning to fail to print
+  the matched service.  Thanks to Martin Macok
+  (martin.macok(a)underground.cz) for reporting the problem and Doug
+  Hoyte (doug(a)hcsw.org) for fixing it.
+
+o Fixed a crash occured when the --exclude option was used with
+  netmasks on certain platforms.  Thanks to Adam
+  (nmapuser(a)globalmegahost.com) for reporting the problem.
+
 o Version detection softmatches (when Nmap determines the service
   protocol such as smtp but isn't able to determine the app name such as
   Postfix) can now parse out the normal match line fields such as
@@ -20,6 +51,11 @@ o Fixed a bunch of typos and misspellings throughout the Nmap source
   code (mostly in comments).  This was a 625-line patch by Saint Xavier
   (skyxav(a)skynet.be).
 
+o Nmap now accepts target list files in Windows end-of-line format (\r\n)
+  as well as standard UNIX format (\n) on all platforms.  Passing a
+  Windows style file to Nmap on UNIX didn't work before unless you ran
+  dos2unix first.
+
 o Removed Identd scan support from NmapFE since Nmap no longer
   supports it.  Thanks to Jonathan Dieter (jdieter99(a)gmx.net) for the
   patch.
@@ -38,6 +74,10 @@ o Fixed a divide-by-zero crash when you specify rather bogus
   Bart Dopheide (dopheide(a)fmf.nl) for identifying the problem and
   sending a patch.
 
+o Fixed a minor syntax error in tcpip.h that was causing problems with
+  GCC 4.1.  Thanks to Dirk Mueller (dmuell(a)gmx.net) for reporting
+  the problem and sending a fix.
+
 Nmap 3.93
 
 o Modified Libpcap's configure.ac to compile with the

Makefile.in

@@ -1,5 +1,5 @@
 export NMAP_VERSION = 3.94
-NMAP_NAME= nmap
+NMAP_NAME= Nmap
 NMAP_URL= http://www.insecure.org/nmap/
 NMAP_PLATFORM=@host@
 prefix = @prefix@

docs/nmap.dtd

@@ -1,50 +1,44 @@
-<!-- 
-     nmap.dtd
-     This is the DTD for nmap's XML output (-oX) format.
-     $Id$
+<!--
+    nmap.dtd
+    This is the DTD for nmap's XML output (-oX) format.
+    $Id$
 
-     Originally written by:
-     William McVey <wam@cisco.com> <wam+nmap@wamber.net>
+    Originally written by:
+    William McVey <wam@cisco.com> <wam+nmap@wamber.net>
 
-     Now maintained by Fyodor <fyodor@insecure.org> as part of Nmap.     
+    Now maintained by Fyodor <fyodor@insecure.org> as part of Nmap.     
 
-     To validate using this file, simply add a DOCTYPE line similar to:
-     <!DOCTYPE nmaprun SYSTEM "nmap.dtd">
-     to the nmap output immediately below the prologue (the first line).  This
-     should allow you to run a validating parser against the output (so long
-     as the dtd is in your parser's dtd search path).
+    To validate using this file, simply add a DOCTYPE line similar to:
+    <!DOCTYPE nmaprun SYSTEM "nmap.dtd">
+    to the nmap output immediately below the prologue (the first line).  This
+    should allow you to run a validating parser against the output (so long
+    as the dtd is in your parser's dtd search path).
 
-     Bugs:
-     Most of the elements are "locked" into the specific order that nmap
-     generates, when there really is no need for a specific ordering.
-     This is primarily because I don't know the xml DTD construct to
-     specify "one each of this list of elements, in any order".  If there
-     is a construct similar to SGML's '&' operator, please let me know.
-
-     Since the work to write this DTD was done as part of WAM's
-     job duties for the Cisco Secure Consulting Services group
-     (http://www.cisco.com/go/securityconsulting), the following copyright 
-     needs to be included in this and any other derived works.
-
-#   Copyright (c) 2001 by Cisco systems, Inc.
-# 
-#   Permission to use, copy, modify, and distribute modified and
-#   unmodified copies of this software for any purpose and without fee is
-#   hereby granted, provided that (a) this copyright and permission notice
-#   appear on all copies of the software and supporting documentation, (b)
-#   the name of Cisco Systems, Inc. not be used in advertising or
-#   publicity pertaining to distribution of the program without specific
-#   prior permission, and (c) notice be given in supporting documentation
-#   that use, modification, copying and distribution is by permission of
-#   Cisco Systems, Inc.
-#
-#   Cisco Systems, Inc. makes no representations about the suitability
-#   of this software for any purpose.  THIS SOFTWARE IS PROVIDED ``AS
-#   IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
-#   WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-#   FITNESS FOR A PARTICULAR PURPOSE.
-#
+    Bugs:
+    Most of the elements are "locked" into the specific order that nmap
+    generates, when there really is no need for a specific ordering.
+    This is primarily because I don't know the xml DTD construct to
+    specify "one each of this list of elements, in any order".  If there
+    is a construct similar to SGML's '&' operator, please let me know.
 
+    Portions Copyright (c) 2001-2005 Insecure.Com LLC
+    Portions Copyright (c) 2001 by Cisco systems, Inc.
+ 
+    Permission to use, copy, modify, and distribute modified and
+    unmodified copies of this software for any purpose and without fee is
+    hereby granted, provided that (a) this copyright and permission notice
+    appear on all copies of the software and supporting documentation, (b)
+    the name of Cisco Systems, Inc. not be used in advertising or
+    publicity pertaining to distribution of the program without specific
+    prior permission, and (c) notice be given in supporting documentation
+    that use, modification, copying and distribution is by permission of
+    Cisco Systems, Inc.
+ 
+    Cisco Systems, Inc. makes no representations about the suitability
+    of this software for any purpose.  THIS SOFTWARE IS PROVIDED ``AS
+    IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
+    WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+    FITNESS FOR A PARTICULAR PURPOSE.
 -->
 
 <!-- parameter entities to specify common "types" used elsewhere in the DTD -->

docs/nmap.usage.txt

@@ -1,25 +1,79 @@
-Nmap 3.93 Usage: nmap [Scan Type(s)] [Options] <host or net list>
-Some Common Scan Types ('*' options require root privileges)
-* -sS TCP SYN stealth port scan (default if privileged (root))
-  -sT TCP connect() port scan (default for unprivileged users)
-* -sU UDP port scan
-  -sP ping scan (Find any reachable machines)
-* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-  -sV Version scan probes open ports determining service & app names/versions
-  -sR RPC scan (use with other scan types)
-Some Common Options (none are required, most can be combined):
-* -O Use TCP/IP fingerprinting to guess remote operating system
-  -p <range> ports to scan.  Example range: 1-1024,1080,6666,31337
-  -F Only scans ports listed in nmap-services
-  -v Verbose. Its use is recommended.  Use twice for greater effect.
-  -P0 Don't ping hosts (needed to scan www.microsoft.com and others)
-* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-  -6 scans via IPv6 rather than IPv4
-  -T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
-  -n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-  -oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>
-  -iL <inputfile> Get targets from file; Use '-' for stdin
-* -S <your_IP>/-e <devicename> Specify source address or network interface
-  --interactive Go into interactive mode (then press h for help)
-Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
-SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES 
+Nmap 3.94 ( http://www.insecure.org/nmap/ )
+Usage: nmap [Scan Type(s)] [Options] {target specification}
+TARGET SPECIFICATION:
+  Can pass hostnames, IP addresses, networks, etc.
+  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
+  -iL <inputfilename>: Input from list of hosts/networks
+  -iR <num hosts>: Choose random targets
+  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
+  --excludefile <exclude_file>: Exclude list from file
+HOST DISCOVERY:
+  -sL: List Scan - simply list targets to scan
+  -sP: Ping Scan - go no further than determining if host is online
+  -P0: Treat all hosts as online -- skip host discovery
+  -PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
+  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
+  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
+SCAN TECHNIQUES:
+  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
+  -sN/sF/sX: TCP Null, FIN, and Xmas scans
+  --scanflags <flags>: Customize TCP scan flags
+  -sI <zombie host[:probeport]>: Idlescan
+  -sO: IP protocol scan
+  -b <ftp relay host>: FTP bounce scan
+PORT SPECIFICATION AND SCAN ORDER:
+  -p <port ranges>: Only scan specified ports
+    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
+  -F: Fast - Scan only the ports listed in the nmap-services file)
+  -r: Scan ports consecutively - don't randomize
+SERVICE/VERSION DETECTION:
+  -sV: Probe open ports to determine service/version info
+  --version_light: Limit to most likely probes for faster identification
+  --version_all: Try every single probe for version detection
+  --version_trace: Show detailed version scan activity (for debugging)
+OS DETECTION:
+  -O: Enable OS detection
+  --osscan_limit: Limit OS detection to promising targets
+  --osscan_guess: Guess OS more aggressively
+TIMING AND PERFORMANCE:
+  -T[0-6]: Set timing template (higher is faster)
+  --min_hostgroup/max_hostgroup <msec>: Parallel host scan group sizes
+  --min_parallelism/max_parallelism <msec>: Probe parallelization
+  --min_rtt_timeout/max_rtt_timeout/initial_rtt_timeout <msec>: Specifies
+      probe round trip time.
+  --host_timeout <msec>: Give up on target after this long
+  --scan_delay/--max_scan_delay <msec>: Adjust delay between probes
+FIREWALL/IDS EVASION AND SPOOFING:
+  -f; --mtu <val>: fragment packets (optionally w/given MTU)
+  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
+  -S <IP_Address>: Spoof source address
+  -e <iface>: Use specified interface
+  -g/--source_port <portnum>: Use given port number
+  --data_length <num>: Append random data to sent packets
+  --ttl <val>: Set IP time-to-live field
+  --spoof_mac <mac address/prefix/vendor name>: Spoof your MAC address
+OUTPUT:
+  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
+     and Grepable format, respectively, to the given filename.
+  -oA <basename>: Output in the three major formats at once
+  -v: Increase verbosity level (use twice for more effect)
+  -d[level]: Set or increase debugging level (Up to 9 is meaningful)
+  --packet_trace: Show all packets sent and received
+  --iflist: Print host interfaces and routes (for debugging)
+  --append_output: Append to rather than clobber specified output files
+  --resume <filename>: Resume an aborted scan
+  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
+  --no_stylesheet: Prevent associating of XSL stylesheet w/XML output
+MISC:
+  -6: Enable IPv6 scanning
+  -A: Enables OS detection and Version detection
+  --datadir <dirname>: Specify custom Nmap data file location
+  --send_eth/--send_ip: Send using raw ethernet frames or IP packets
+  --privileged: Assume that the user is fully privileged
+  -V: Print version number
+  -h: Print this help summary page.
+EXAMPLES:
+  nmap -v -A scanme.nmap.org
+  nmap -v -sP 192.168.0.0/16 10.0.0.0/8
+  nmap -v -iR 10000 -P0 -p 80
+SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES

libpcre/pcre.h

@@ -48,7 +48,17 @@ make changes to pcre.in. */
 
 /* Win32 uses DLL by default; it needs special stuff for exported functions. */
 
-/* Removed -- Fyodor */
+#ifdef _WIN32
+#  ifdef PCRE_DEFINITION
+#    ifdef DLL_EXPORT
+#      define PCRE_DATA_SCOPE __declspec(dllexport)
+#    endif
+#  else
+#    ifndef PCRE_STATIC
+#      define PCRE_DATA_SCOPE extern __declspec(dllimport)
+#    endif
+#  endif
+#endif
 
 /* For other operating systems, we use the standard "extern". */
 

nmap-services

@@ -1183,6 +1183,7 @@ supfiledbg        1127/tcp   # SUP debugging
 cce3x             1139/tcp   # ClearCommerce Engine 3.x ( www.clearcommerce.com)
 nfa               1155/tcp   # Network File Access
 nfa               1155/udp   # Network File Access
+lsnr              1158/tcp   # Oracle DB listener
 phone             1167/udp   # conference calling
 skkserv           1178/tcp   # SKK (kanji input)
 lupa              1212/tcp   # 
@@ -1977,6 +1978,7 @@ sdxauthd          5540/udp   # ACE/Server services
 sdadmind          5550/tcp   # ACE/Server services
 freeciv           5555/tcp   #
 rplay             5555/udp   # 
+isqlplus          5560/tcp   # Oracle web enabled SQL interface (version 10g+)
 pcanywheredata    5631/tcp   # 
 pcanywherestat    5632/tcp   # 
 pcanywherestat    5632/udp   # 

nmap.cc

@@ -1558,32 +1558,86 @@ struct scan_lists *getpts(char *origexpr) {
 }
 
 void printusage(char *name, int rc) {
-  printf(
-	 "Nmap %s Usage: nmap [Scan Type(s)] [Options] <host or net list>\n"
-	 "Some Common Scan Types ('*' options require root privileges)\n"
-	 "* -sS TCP SYN stealth port scan (default if privileged (root))\n"
-	 "  -sT TCP connect() port scan (default for unprivileged users)\n"
-	 "* -sU UDP port scan\n"
-	 "  -sP ping scan (Find any reachable machines)\n"
-	 "* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)\n"
-         "  -sV Version scan probes open ports determining service & app names/versions\n"
-	 "  -sR RPC scan (use with other scan types)\n"
-	 "Some Common Options (none are required, most can be combined):\n"
-	 "* -O Use TCP/IP fingerprinting to guess remote operating system\n"
-	 "  -p <range> ports to scan.  Example range: 1-1024,1080,6666,31337\n"
-	 "  -F Only scans ports listed in nmap-services\n"
-	 "  -v Verbose. Its use is recommended.  Use twice for greater effect.\n"
-	 "  -P0 Don't ping hosts (needed to scan www.microsoft.com and others)\n"
-	 "* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys\n"
-         "  -6 scans via IPv6 rather than IPv4\n"
-	 "  -T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy\n"
-	 "  -n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]\n"
-	 "  -oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>\n"
-	 "  -iL <inputfile> Get targets from file; Use '-' for stdin\n"
-	 "* -S <your_IP>/-e <devicename> Specify source address or network interface\n"
-	 "  --interactive Go into interactive mode (then press h for help)\n"
-	 "Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'\n"
-	 "SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES \n", NMAP_VERSION);
+
+printf("%s %s ( %s )\n"
+       "Usage: nmap [Scan Type(s)] [Options] {target specification}\n"
+       "TARGET SPECIFICATION:\n"
+       "  Can pass hostnames, IP addresses, networks, etc.\n"
+       "  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254\n"
+       "  -iL <inputfilename>: Input from list of hosts/networks\n"
+       "  -iR <num hosts>: Choose random targets\n"
+       "  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks\n"
+       "  --excludefile <exclude_file>: Exclude list from file\n"
+       "HOST DISCOVERY:\n"
+       "  -sL: List Scan - simply list targets to scan\n"
+       "  -sP: Ping Scan - go no further than determining if host is online\n"
+       "  -P0: Treat all hosts as online -- skip host discovery\n"
+       "  -PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports\n"
+       "  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes\n"
+       "  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]\n"
+       "SCAN TECHNIQUES:\n"
+       "  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans\n"
+       "  -sN/sF/sX: TCP Null, FIN, and Xmas scans\n"
+       "  --scanflags <flags>: Customize TCP scan flags\n"
+       "  -sI <zombie host[:probeport]>: Idlescan\n"
+       "  -sO: IP protocol scan\n"
+       "  -b <ftp relay host>: FTP bounce scan\n"
+       "PORT SPECIFICATION AND SCAN ORDER:\n"
+       "  -p <port ranges>: Only scan specified ports\n"
+       "    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080\n"
+       "  -F: Fast - Scan only the ports listed in the nmap-services file)\n"
+       "  -r: Scan ports consecutively - don't randomize\n"
+       "SERVICE/VERSION DETECTION:\n"
+       "  -sV: Probe open ports to determine service/version info\n"
+       "  --version_light: Limit to most likely probes for faster identification\n"
+       "  --version_all: Try every single probe for version detection\n"
+       "  --version_trace: Show detailed version scan activity (for debugging)\n"
+       "OS DETECTION:\n"
+       "  -O: Enable OS detection\n"
+       "  --osscan_limit: Limit OS detection to promising targets\n"
+       "  --osscan_guess: Guess OS more aggressively\n"
+       "TIMING AND PERFORMANCE:\n"
+       "  -T[0-5]: Set timing template (higher is faster)\n"
+       "  --min_hostgroup/max_hostgroup <msec>: Parallel host scan group sizes\n"
+       "  --min_parallelism/max_parallelism <msec>: Probe parallelization\n"
+       "  --min_rtt_timeout/max_rtt_timeout/initial_rtt_timeout <msec>: Specifies\n"
+       "      probe round trip time.\n"
+       "  --host_timeout <msec>: Give up on target after this long\n"
+       "  --scan_delay/--max_scan_delay <msec>: Adjust delay between probes\n"
+       "FIREWALL/IDS EVASION AND SPOOFING:\n"
+       "  -f; --mtu <val>: fragment packets (optionally w/given MTU)\n"
+       "  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys\n"
+       "  -S <IP_Address>: Spoof source address\n"
+       "  -e <iface>: Use specified interface\n"
+       "  -g/--source_port <portnum>: Use given port number\n"
+       "  --data_length <num>: Append random data to sent packets\n"
+       "  --ttl <val>: Set IP time-to-live field\n"
+       "  --spoof_mac <mac address/prefix/vendor name>: Spoof your MAC address\n"
+       "OUTPUT:\n"
+       "  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,\n"
+       "     and Grepable format, respectively, to the given filename.\n"
+       "  -oA <basename>: Output in the three major formats at once\n"
+       "  -v: Increase verbosity level (use twice for more effect)\n"
+       "  -d[level]: Set or increase debugging level (Up to 9 is meaningful)\n"
+       "  --packet_trace: Show all packets sent and received\n"
+       "  --iflist: Print host interfaces and routes (for debugging)\n"
+       "  --append_output: Append to rather than clobber specified output files\n"
+       "  --resume <filename>: Resume an aborted scan\n"
+       "  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML\n"
+       "  --no_stylesheet: Prevent associating of XSL stylesheet w/XML output\n"
+       "MISC:\n"
+       "  -6: Enable IPv6 scanning\n"
+       "  -A: Enables OS detection and Version detection\n"
+       "  --datadir <dirname>: Specify custom Nmap data file location\n"
+       "  --send_eth/--send_ip: Send using raw ethernet frames or IP packets\n"
+       "  --privileged: Assume that the user is fully privileged\n"
+       "  -V: Print version number\n"
+       "  -h: Print this help summary page.\n"
+       "EXAMPLES:\n"
+       "  nmap -v -A scanme.nmap.org\n"
+       "  nmap -v -sP 192.168.0.0/16 10.0.0.0/8\n"
+       "  nmap -v -iR 10000 -P0 -p 80\n"
+       "SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES\n", NMAP_NAME, NMAP_VERSION, NMAP_URL);
   exit(rc);
 }
 
@@ -1828,7 +1882,7 @@ char *grab_next_host_spec(FILE *inputfd, int argc, char **fakeargv) {
   } else { 
     host_spec_index = 0;
     while((ch = getc(inputfd)) != EOF) {
-      if (ch == ' ' || ch == '\n' || ch == '\t' || ch == '\0') {
+      if (ch == ' ' || ch == '\r' || ch == '\n' || ch == '\t' || ch == '\0') {
 	if (host_spec_index == 0) continue;
 	host_spec[host_spec_index] = '\0';
 	return host_spec;

nmap_winconfig.h

@@ -105,7 +105,7 @@
 #define NMAP_WINCONFIG_H
 
 #define NMAP_VERSION "3.93"
-#define NMAP_NAME "nmap"
+#define NMAP_NAME "Nmap"
 #define NMAP_URL "http://www.insecure.org/nmap"
 #define NMAP_PLATFORM "i686-pc-windows-windows"
 #define NMAPDATADIR "c:\nmap" /* FIXME: I really need to make this dynamic */

scripts/Makefile

@@ -25,9 +25,12 @@ servicematch: dummy
 
 web:
 	test x$(wroot) != x
-	cd ../docs && cp -a nmap_gpgkeys.txt nmap_manpage*.html nmap*.1 \
+	make -C $(wroot)/nmapguide manhtml manxml man manxlate
+	cp $(wroot)/nmapguide/nmap.1 ../docs
+	cd ../docs && cp -a nmap_gpgkeys.txt nmap_manpage-*.html nmap*.1 \
                             xnmap.1 nmap.usage.txt nmap.dtd nmap.xsl \
                             leet-nmap-ascii-art.txt $(wroot)/nmap/data/
+	cp $(wroot)/nmapguide/build/man-built.xml $(wroot)/nmap/data/
 	./sort-prints.pl ../nmap-os-fingerprints > nos && mv nos ../nmap-os-fingerprints
 	./produceosclasschoosebox.pl ../nmap-os-fingerprints > $(wroot)/nmap/data/os-classes.txt
 	cd .. && cp -a CHANGELOG HACKING COPYING COPYING.OpenSSL INSTALL \
@@ -48,20 +51,8 @@ distro:
 	../nmap -h > /dev/null    #Make sure nmap exists
 	rm -f ../docs/nmap.usage.txt	
 	../nmap -h > ../docs/nmap.usage.txt 
-	rm -f ../docs/nmap_manpage.html
-# nodepage option is included in man2html because of bug in that program which causes it to
-# drop lines if you let it try to delete page breaks
-	nroff -man ../docs/nmap.1 | man2html -nodepage -title 'Nmap network security scanner man page' > ../docs/nmap_manpage.html
-	nroff -man ../docs/nmap_french.1 | man2html -nodepage -title 'Nmap network security scanner man page (French translation)' > ../docs/nmap_manpage-fr.html
-	nroff -man ../docs/nmap_german.1 | man2html -nodepage -title 'Nmap network security scanner man page (German translation)' > ../docs/nmap_manpage-de.html
-	nroff -man ../docs/nmap_italian.1 | man2html -nodepage -title 'Nmap network security scanner man page (Italian translation)' > ../docs/nmap_manpage-it.html
-	nroff -man ../docs/nmap_latvian.1 | man2html -nodepage -title 'Nmap network security scanner man page (Latvian translation)' > ../docs/nmap_manpage-lv.html
-	nroff -Tlatin1 -man ../docs/nmap_lithuanian.1 | man2html -nodepage -title 'Nmap network security scanner man page (Lithuanian translation)' > ../docs/nmap_manpage-lt.html
-	nroff -man ../docs/nmap_russian.1 | man2html -nodepage -title 'Nmap network security scanner man page (Russian translation)' > ../docs/nmap_manpage-ru.html
-# We need a content-type for the Lithuanian version
-	sr '<HEAD>' '<HEAD><META http-equiv="Content-Type" content="text/html; charset=windows-1257">' ../docs/nmap_manpage-lt.html
-	nroff -man ../docs/nmap_portuguese.1 | man2html -nodepage -title 'Nmap network security scanner man page (Portuguese translation)' > ../docs/nmap_manpage-pt.html
-	nroff -man ../docs/nmap_spanish.1 | man2html -nodepage -title 'Nmap network security scanner man page (Spanish translation)' > ../docs/nmap_manpage-es.html
+	make -C $(wroot)/nmapguide man manxlate
+	cp $(wroot)/nmapguide/nmap.1 ../docs
 	rm -rf /usr/tmp/nmap-$(NMAP_VERSION)
 	mkdir /usr/tmp/nmap-$(NMAP_VERSION)
 # Make the RPM .spec file
@@ -137,15 +128,11 @@ distro:
 	$(SHTOOL) mkdir /usr/tmp/nmap-$(NMAP_VERSION)/docs
 	cd ../docs; cp -a README nmap_gpgkeys.txt \
                     nmap-fingerprinting-article.txt \
-                    nmap.deprecated.txt nmap.usage.txt nmap_doc.html \
-                    nmap_manpage-de.html nmap_manpage-es.html \
-                    nmap_manpage-fr.html nmap_manpage-it.html \
-                    nmap_manpage-lt.html nmap_manpage-pt.html \
-                    nmap_manpage-ru.html nmap_manpage.html \
-                    nmap.1 nmapfe.1 nmap_french.1 nmap_german.1 \
-                    nmap_italian.1 nmap_lithuanian.1 nmap_portuguese.1 \
-                    nmap_spanish.1 nmap_russian.1 xnmap.1 nmap.dtd nmap.xsl \
-                    leet-nmap-ascii-art.txt /usr/tmp/nmap-$(NMAP_VERSION)/docs
+                    nmap.deprecated.txt nmap.usage.txt  \
+                    nmap.1 nmapfe.1 xnmap.1 nmap.dtd nmap.xsl \
+                    leet-nmap-ascii-art.txt \
+                    $(wroot)/nmap/data/man-xlate/man-*.1 \
+                    /usr/tmp/nmap-$(NMAP_VERSION)/docs
 	$(SHTOOL) mkdir /usr/tmp/nmap-$(NMAP_VERSION)/nmapfe
 	cd ../nmapfe; cp -a Makefile.in aclocal.m4 configure configure.ac \
 	              nmapfe.c nmapfe.h nmapfe_sig.c nmapfe_sig.h \

service_scan.cc

@@ -1652,8 +1652,18 @@ ServiceGroup::~ServiceGroup() {
    PORT_OPEN. */
 static void adjustPortStateIfNeccessary(ServiceNFO *svc) {
 
+  char host[128];
+
   if (svc->port->state == PORT_OPENFILTERED) {
-    svc->target->ports.addPort(svc->portno, svc->proto, NULL, PORT_OPEN);
+    svc->port->state = PORT_OPEN;
+
+    if (o.verbose || o.debugging > 1) {
+      svc->target->NameIP(host, sizeof(host));
+
+      log_write(LOG_STDOUT, "Discovered open|filtered port %hu/%s on %s is actually open\n",
+         svc->portno, proto2ascii(svc->proto), host);
+      log_flush(LOG_STDOUT);
+    }
   }
 
   return;

targets.cc

@@ -1733,7 +1733,7 @@ int hostInExclude(struct sockaddr *checksock, size_t checksocklen,
         }
 	else {
 	  exclude_group[i++].rewind();
-	  continue;
+	  break;
 	}
       } 
       /* For ranges we need to be a little more slick, if we don't find a match

tcpip.h

@@ -286,7 +286,7 @@ class PacketTrace {
      direction must be PacketTrace::SENT or PacketTrace::RCVD .
      Optional 'now' argument makes this function slightly more
      efficient by avoiding a gettimeofday() call. */
-  static void PacketTrace::traceArp(pdirection pdir, const u8 *frame, u32 len,
+  static void traceArp(pdirection pdir, const u8 *frame, u32 len,
 				    struct timeval *now);
 };