From 158b912bf87f4266ae86758d04433155c9aeb3b6 Mon Sep 17 00:00:00 2001 From: fyodor Date: Mon, 2 Jan 2012 00:35:16 +0000 Subject: [PATCH] Some more improvements to the CHANGELOG --- CHANGELOG | 220 +++++++++++++++++++++------------------------ docs/nmap-update.1 | 4 +- docs/nmap.1 | 14 ++- docs/zenmap.1 | 4 +- ncat/docs/ncat.1 | 4 +- ndiff/docs/ndiff.1 | 4 +- nmap-os-db | 34 +++---- nping/docs/nping.1 | 4 +- 8 files changed, 141 insertions(+), 147 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 18f5c570e..c00f11c2a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,11 +1,38 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added a new httpspider library which is used for recursively + crawling web sites for information. New scripts using this + functionality include http-backup-finder, http-email-harvest, + http-grep, http-open-redirect, and http-unsafe-output-escaping. See + http://nmap.org/nsedoc/ or the list later in this file for details + on all of these. [Patrik] + +o [NSE] Added a new script-force feature. You can force scripts to + run against target ports (even if the "wrong" service is detected) + by placing a plus in front of the script name passed to --script. + See + http://nmap.org/book/nse-usage.html#nse-script-selection. [Martin + Swende] + +o [NSE] Added a vulnerability management library (vulns.lua) to store and to + report discovered vulnerabilities. Modified these scripts to use + the new library: + - ftp-libopie.nse + - http-vuln-cve2011-3192.nse + - ftp-vuln-cve2010-4221.nse + - ftp-vsftpd-backdoor.nse + - smtp-vuln-cve2011-1720.nse + - smtp-vuln-cve2011-1764.nse + - afp-path-vuln.nse + [Djalal, Henri] + o [NSE] Added 51(!) NSE scripts, bringing the total up to 297. They are all listed at http://nmap.org/nsedoc/, and the summaries are below (authors listed in brackets): + amqp-info gathers information (a list of all server properties) - from an AMQP (advanced message queuing protocol) server. [Sebastian Dragomir] + from an AMQP (advanced message queuing protocol) + server. [Sebastian Dragomir] + bitcoin-getaddr queries a BitCoin server for a list of known BitCoin nodes. [Patrik Karlsson] @@ -108,7 +135,7 @@ o [NSE] Added 51(!) NSE scripts, bringing the total up to 297. They target IP address by querying the Robtex service (http://www.robtex.com/ip/). [riemann] - + http-unsafe-output-escaping Spiders a website and attempts to + + http-unsafe-output-escaping spiders a website and attempts to identify output escaping problems where content is reflected back to the user. [Martin Holst Swende] @@ -188,11 +215,24 @@ o [NSE] Added 51(!) NSE scripts, bringing the total up to 297. They + vuze-dht-info retrieves some basic information, including protocol version from a Vuze filesharing node. [Patrik Karlsson] -o Scaled congestion control increments by the response rate during OS - scan, just like was done for port scan before. [David] +o On Windows, the directory \AppData\Roaming\nmap is now + searched for data files. This is the equivalent of $HOME/.nmap on + POSIX. [David] -o Added service probe for Redis key-value store, memcached and MochiWeb - [Patrik] +o [NSE] Added some new protocol libraries + + amqp (advanced message queuing protocol) [Sebastian Dragomir] + + bitcoin crypto currency [Patrik Karlsson + + dnsbl for DNS-based blacklists [Patrik Karlsson + + rtsp (real time streaming protocol) [Patrik Karlsson] + + httpspider and vulns ahave separate entries in this CHANGELOG + +o Improved OS detection performance by scaling congestion control + increments by the response rate during OS scan, just as was done + for port scan before. [David] + +o [NSE] The targets-ipv6-multicast-*.nse scripts now scan all + interfaces by default. They show the MAC address and interface name + now too. [David, Daniel Miller] o Targets requiring different source addresses now go into different hostgroups, not only for host discovery but also for port scanning. @@ -203,99 +243,74 @@ o [NSE] Added local port to BPF filter in snmp-brute to fix bug that would prevent multiple scripts from receiving the correct responses. The bug was discovered by Brendan Bird. [Patrik] -o [NSE] Removed DoS code from dhcp-discover and placed it into the discover and - safe categories. Added support for adding options to DHCP requests in the - dhcp library. [Patrik] +o [NSE] Changed the dhcp-discover script to use the DHCPINFORM request + to query dhcp servers instead of DHCPDISCOVER. Also removed DoS code + from dhcp-discover and placed the script into the discovery and safe + categories. Added support for adding options to DHCP requests and + cleaned up some code in the dhcp library. [Patrik] -o [NSE] Changed the dhcp-discover script to use the DHCPINFORM request to query - dhcp servers instead of DHCPDISCOVER. Cleaned up some code in the DHCP - library. [Patrik] +o [NSE] Applied patch to snmp-brute that solves problems with handling + errors that occur durring community list file parsing. [Duarte + Silva] -o [NSE] Applied patch to snmp-brute that solves problems with handling errors - that occur when parsing files with community lists. [Duarte Silva] - -o [NSE] Applied patch to http-fingerprints adding support for identifying DCVS - systems Git, Mercurial and Bazaar. [Hani Benhabiles] +o Added new fingerprints to http-enum for: + - Subversion, CVS and Apache Archiva [Duarte Silva] + - DVCS systems Git, Mercurial and Bazaar [Hani Benhabiles]. o [NSE] Applied some code cleanup to the snmp library. [Brendan Byrd] -o [NSE] Fixed a bug with an undeclared variable in snmp-ios-config.nse [Patrik] +o [NSE] Fixed an undeclared variable bug in snmp-ios-config.nse + [Patrik] -o On Windows, the directory \AppData\Roaming\nmap is now - searched for data files. This is the equivalent of $HOME/.nmap on - POSIX. [David] +o [NSE] Add additional version information to Mongodb scripts [Martin + Swende] -o [NSE] Applied patch to add additional version information to Mongodb scripts - [Martin Swende] +o [NSE] Added path argument to the http-auth script and update the + script to use stdnse.format_output. [Duarte Silva, Patrik] -o [NSE] Added path argument to the http-auth script and changed so that script - output was returned using stdnse.format_output [Duarte Silva, Patrik] - -o [NSE] Fixed bug in the http library that would fail parsing authentication - headers if no parameters were present. [Patrik] - -o Added new fingerprints to http-enum for Subversion, CVS and Apache Archiva - [Duarte Silva] +o [NSE] Fixed bug in the http library that would fail to parse + authentication headers if no parameters were present. [Patrik] o Added probes for discovering PC-Duo and PC-Anywhere hosts. [Patrik] -o [NSE] Added support for forcing scripts to run agains certain ports by adding - a plus in front of the script name. [Martin Swende] - o Made a syntax change in the zenmap.desktop file for compliance with the XDG standard. [Frederik Schwarzer] -o [NSE] Added stop function to crawler so that scripts can properly shutdown - the crawler in case they want to end early. [Patrik] - -o [NSE] Fixed issue in path encoding in the http-backup-finder script. [Patrik] - -o [NSE] Added getLimitations function to httpspider that returns any - limitations imposed on the crawler. [Patrik] - -o [NSE] Modified the httpspider library to prefetch links in the queue and - change how script arguments are processed. Script and library arguments are - now processed from within the library. [Patrik] - -o The --exclude and --excludefile options can be used together now. [David] - -o [NSE] Added a new httpspider library and the script http-email-harvest that - collects e-mail addresses by spidering a website. [Patrik] +o The --exclude and --excludefile options for excluding targets can + now be used together. [David] o [NSE] Added support for detecting whether a http connection was established - using SSL or not by the http.lua library [Patrik] + using SSL or not to the http.lua library [Patrik] -o [NSE] Applied patch that replaces a number of GET requests to HEAD in http- - fingerprints.lua where no matching was performed on the returned contents. - [Hani Benhabiles] +o [NSE] Replaced a number of GET requests to HEAD in http- + fingerprints.lua. HEAD is quicker and sufficient when no matching + is performed on the returned contents. [Hani Benhabiles] -o [NSE] Applied patch to the ssl-cert script that adds support for getting SSL - certificates from FTP servers. [Matt Selsky] +o [NSE] Added support for retrieving SSL certificates from FTP + servers. [Matt Selsky] -o [NSE] Added the a Vuze library, port probe and the script vuze-dht-info. The - script connects to a Vuze node and gets protocol, vendor and network - information. [Patrik] - -o [Nping] The --safe-payloads option is now default. Added --include-payloads - for special situations. [Colin Rice] - -o [NSE] Added whitelist capabilities to the unusual-port script to be able - to handle legitimate services on dynamic ports and discrepancies between - names of services. [Patrik] - -o Added a probe for Sybase SQL Anywhere. [Patrik] +o [Nping] The --safe-payloads option is now the default. Added + --include-payloads for the special situations where payloads are + needed. [Colin Rice] o [NSE] Added new functionality and fixed some bugs in the brute library: - - Added support for restricting the amount of guesses performed by the + - Added support for restricting the number of guesses performed by the brute library against users, to prevent account lockouts. - - Added support to guess the username as password as incorrectly - suggested as default behavior by the documentation. - - Added support to guess an empty string as password if not present - in the dictionary. [Patrik] + - Added support to guess the username as password. The documentation + previusly suggested (wrongly) that this was the default behavior. + - Added support to guess an empty string as password if not + present in the dictionary. [Patrik] -o Added a probe for the MongoDB service [Martin Holst Swende] - -o Added a probe for the Metasploit XMLRPC service [Vlatko Kosturjak] +o Added some new version detection probes: + + MongoDB service [Martin Holst Swende] + + Metasploit XMLRPC service [Vlatko Kosturjak] + + Vuze filesharing system [Patrik] + + Redis key-value store [Patrik] + + memcached [Patrik] + + MochiWeb [Patrik] + + Sybase SQL Anywhere [Patrik] + + VMware ESX Server [Aleksey Tyurin] + + TCP Kerberos [Patrik] o [NSE] Re-enabled support for guessing the username in addition to password that was incorrectly removed from the metasploit-xmlrpc-brute in previous @@ -304,22 +319,6 @@ o [NSE] Re-enabled support for guessing the username in addition to password o [NSE] Fixed bug that would prevent brute scripts from running if no service field was present in the port table. [Patrik] -o [NSE] Added the scripts bitcoin-info, bitcoin-getaddr and a supporting - Bitcoin library. The script bitcoin-info retrieves information about the - remote server, while the bitcoin-getaddr script retrieves a list of - discovered remote Bitcoin nodes. [Patrik] - -o [NSE] Modified the following vulnerability scripts to use the new - vulnerability library. - - ftp-libopie.nse - - http-vuln-cve2011-3192.nse - - ftp-vuln-cve2010-4221.nse - - ftp-vsftpd-backdoor.nse - - smtp-vuln-cve2011-1720.nse - - smtp-vuln-cve2011-1764.nse - - afp-path-vuln.nse - [Djalal, Henri] - o [NSE] Turned on promiscuous mode in targets-sniffer.nse so that it finds packets not only from or to the scanning host. [David] @@ -329,9 +328,6 @@ o [NSE] Modified the http library to support servers that don't return valid o [NSE] Fixed a bug where the brute library would not abort even after all retries were exhausted [Patrik] -o Added a service probe for VMware ESX Server. The probe is based on a - script written by Aleksey Tyurin. - o Fixed a bug in the IPv6 OS probe called NI. The Node Information Query didn't include the target address as the payload, so at least OS X didn't respond. This differed from the probe sent by the @@ -345,32 +341,22 @@ o [NSE] Fixed an error in the mssql library that was causing the o [NSE] Added the missing broadcast category to the broadcast-listener script. [Jason DePriest] -o [NSE] Made changes to the categories of the following scripts. Their new - categories are: - - http-userdir-enum.nse (auth,intrusive) - - mysql-users.nse (auth,intrusive) - - http-wordpress-enum.nse (auth,intrusive,vuln) - - krb5-enum-users.nse (auth,intrusive) - - snmp-win32-users.nse (default,auth,safe) - - smtp-enum-users.nse (auth,external,intrusive) - - ncp-enum-users.nse (auth,safe) - - smb-enum-users.nse (auth,intrusive) - [Duarte Silva] - -o [NSE] Added a vulnerability management library (vulns.lua) to store and to - report discovered vulnerabilities. [Djalal, Henri] +o [NSE] Made changes to the categories of the following scripts (new + categories shown) [Duarte Silva]: + - http-userdir-enum.nse (auth,intrusive) + - mysql-users.nse (auth,intrusive) + - http-wordpress-enum.nse (auth,intrusive,vuln) + - krb5-enum-users.nse (auth,intrusive) + - snmp-win32-users.nse (default,auth,safe) + - smtp-enum-users.nse (auth,external,intrusive) + - ncp-enum-users.nse (auth,safe) + - smb-enum-users.nse (auth,intrusive) o Made nbase compile with the clang compiler that is a part of Xcode 4.2. [Daniel J. Luke] -o [NSE] Applied patch that fixes a nil table index bug discovered in the - mongodb library. [Thomas Buchanan] - -o Added a TCP Kerberos service probe. [Patrik] - -o [NSE] The targets-ipv6-multicast-*.nse scripts now scan all - interfaces by default. They show the MAC address and interface name - now too. [David, Daniel Miller] +o [NSE] Fix a nil table index bug discovered in the mongodb + library. [Thomas Buchanan] o [NSE] Added XMPP support to ssl-cert.nse. diff --git a/docs/nmap-update.1 b/docs/nmap-update.1 index 095e9efa6..c6f067973 100644 --- a/docs/nmap-update.1 +++ b/docs/nmap-update.1 @@ -2,12 +2,12 @@ .\" Title: nmap-update .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 -.\" Date: 12/20/2011 +.\" Date: 01/01/2012 .\" Manual: nmap-update Reference Guide .\" Source: nmap-update .\" Language: English .\" -.TH "NMAP\-UPDATE" "1" "12/20/2011" "nmap\-update" "nmap\-update Reference Guide" +.TH "NMAP\-UPDATE" "1" "01/01/2012" "nmap\-update" "nmap\-update Reference Guide" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/docs/nmap.1 b/docs/nmap.1 index 3b21a54ce..ab76205c9 100644 --- a/docs/nmap.1 +++ b/docs/nmap.1 @@ -2,12 +2,12 @@ .\" Title: nmap .\" Author: [see the "Author" section] .\" Generator: DocBook XSL Stylesheets v1.76.1 -.\" Date: 12/19/2011 +.\" Date: 01/01/2012 .\" Manual: Nmap Reference Guide .\" Source: Nmap .\" Language: English .\" -.TH "NMAP" "1" "12/19/2011" "Nmap" "Nmap Reference Guide" +.TH "NMAP" "1" "01/01/2012" "Nmap" "Nmap Reference Guide" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -1248,6 +1248,9 @@ of each of the following places until found: ~/\&.nmap (not searched on Windows).\" .nmap directory .RE .RS 4 +\fIHOME\fR\eAppData\eRoaming\enmap (only on Windows).\" .nmap directory +.RE +.RS 4 the directory containing the nmap executable .RE @@ -2195,7 +2198,12 @@ option (if any)\&. Any files not found there, are searched for in the directory \fBNMAPDIR\fR.\" NMAPDIR environment variable environment variable\&. Next comes ~/\&.nmap.\" .nmap directory -for real and effective UIDs (POSIX systems only)\&. This is followed by the location of the +for real and effective UIDs; or on Windows, +\fIHOME\fR\eAppData\eRoaming\enmap +(where +\fIHOME\fR +is the user\*(Aqs home directory, like +C:\eUsers\euser)\&. This is followed by the location of the nmap executable and the same location with \&.\&./share/nmap diff --git a/docs/zenmap.1 b/docs/zenmap.1 index f06abd90d..b9b2478b7 100644 --- a/docs/zenmap.1 +++ b/docs/zenmap.1 @@ -2,12 +2,12 @@ .\" Title: zenmap .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.76.1 -.\" Date: 12/19/2011 +.\" Date: 01/01/2012 .\" Manual: Zenmap Reference Guide .\" Source: Zenmap .\" Language: English .\" -.TH "ZENMAP" "1" "12/19/2011" "Zenmap" "Zenmap Reference Guide" +.TH "ZENMAP" "1" "01/01/2012" "Zenmap" "Zenmap Reference Guide" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/ncat/docs/ncat.1 b/ncat/docs/ncat.1 index 51add47a0..464b9e7e8 100644 --- a/ncat/docs/ncat.1 +++ b/ncat/docs/ncat.1 @@ -2,12 +2,12 @@ .\" Title: Ncat .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.76.1 -.\" Date: 12/19/2011 +.\" Date: 01/01/2012 .\" Manual: Ncat Reference Guide .\" Source: Ncat .\" Language: English .\" -.TH "NCAT" "1" "12/19/2011" "Ncat" "Ncat Reference Guide" +.TH "NCAT" "1" "01/01/2012" "Ncat" "Ncat Reference Guide" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/ndiff/docs/ndiff.1 b/ndiff/docs/ndiff.1 index 8571bdddd..6b4e8cefa 100644 --- a/ndiff/docs/ndiff.1 +++ b/ndiff/docs/ndiff.1 @@ -2,12 +2,12 @@ .\" Title: ndiff .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.76.1 -.\" Date: 12/19/2011 +.\" Date: 01/01/2012 .\" Manual: User Commands .\" Source: Ndiff .\" Language: English .\" -.TH "NDIFF" "1" "12/19/2011" "Ndiff" "User Commands" +.TH "NDIFF" "1" "01/01/2012" "Ndiff" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/nmap-os-db b/nmap-os-db index 92a6ee038..671a3db0f 100644 --- a/nmap-os-db +++ b/nmap-os-db @@ -39422,6 +39422,23 @@ T7(R=N) U1(DF=N%T=3B-45%TG=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=N%T=3B-45%TG=40%CD=S) +# Linux 2.6.39.1-linode34 #1 SMP Tue Jun 21 10:29:24 EDT 2011 i686 GNU/Linux +Fingerprint Linux 2.6.39 +Class Linux | Linux | 2.6.X | general purpose +SEQ(SP=C7-D1%GCD=1-6%ISR=C7-D1%TI=Z%CI=Z%II=I%TS=A) +OPS(O1=M5B4ST11NW5%O2=M5B4ST11NW5%O3=M5B4NNT11NW5%O4=M5B4ST11NW5%O5=M5B4ST11NW5%O6=M5B4ST11) +WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890) +ECN(R=Y%DF=Y%T=3B-45%TG=40%W=3908%O=M5B4NNSNW5%CC=Y%Q=) +T1(R=Y%DF=Y%T=3B-45%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=N) +T4(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=N) +U1(DF=N%T=3B-45%TG=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) +IE(DFI=N%T=3B-45%TG=40%CD=S) + # Linux 2.6.5-7.97-pseries64 #1 SMP Fri Jul 2 14:21:59 UTC 2004 ppc64 ppc64 ppc64 GNU/Linux Fingerprint Linux 2.6.5 Class Linux | Linux | 2.6.X | general purpose @@ -66988,20 +67005,3 @@ T6(R=N) T7(R=N) U1(DF=N%T=FE%TG=FF%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=N%T=FE%TG=FF%CD=S) - -# Linux 2.6.39.1-linode34 #1 SMP Tue Jun 21 10:29:24 EDT 2011 i686 GNU/Linux -Fingerprint Linux 2.6.39 -Class Linux | Linux | 2.6.X | general purpose -SEQ(SP=C7-D1%GCD=1-6%ISR=C7-D1%TI=Z%CI=Z%II=I%TS=A) -OPS(O1=M5B4ST11NW5%O2=M5B4ST11NW5%O3=M5B4NNT11NW5%O4=M5B4ST11NW5%O5=M5B4ST11NW5%O6=M5B4ST11) -WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890) -ECN(R=Y%DF=Y%T=3B-45%TG=40%W=3908%O=M5B4NNSNW5%CC=Y%Q=) -T1(R=Y%DF=Y%T=3B-45%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=N) -T4(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=N) -U1(DF=N%T=3B-45%TG=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) -IE(DFI=N%T=3B-45%TG=40%CD=S) diff --git a/nping/docs/nping.1 b/nping/docs/nping.1 index a5c13b35f..6fdd456d0 100644 --- a/nping/docs/nping.1 +++ b/nping/docs/nping.1 @@ -2,12 +2,12 @@ .\" Title: nping .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.76.1 -.\" Date: 12/19/2011 +.\" Date: 01/01/2012 .\" Manual: Nping Reference Guide .\" Source: Nping .\" Language: English .\" -.TH "NPING" "1" "12/19/2011" "Nping" "Nping Reference Guide" +.TH "NPING" "1" "01/01/2012" "Nping" "Nping Reference Guide" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" -----------------------------------------------------------------