PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity

a bunch more improvements to the CHANGELOG

Browse Source
This commit is contained in:
fyodor
2011-01-20 23:58:26 +00:00
parent f037a54cd7
commit 43b2ce76f1
1 changed files with 118 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
CHANGELOG
View File

@@ -1,5 +1,18 @@
# Nmap Changelog ($Id$); -*-text-*-
o [Zenmap] Added a new script selection interface, allowing you to
choose scripts and arguments from a list which includes descriptions
of every available script. Just click the "Scripting" tab in the
profile editor. [kirubakaran]
o [Nping] Added echo mode, a novel technique for discovering how your
packets are changed (or dropped) in transit between the host they
originated and a target machine. You can try it out against our
public Nping echo server using this command:
nping --echo-client "public" echo.nmap.org'
Or learn more about echo mode at
http://nmap.org/book/nping-man-echo-mode.html.
o [NSE] Added an amazing 46 scripts, bringing the total to 177! You
can learn more about any of them at http://nmap.org/nsedoc/. Here
are the new ones (script authors are listed in brackets):
@@ -182,32 +195,6 @@ o [NSE] Added an amazing 46 scripts, bringing the total to 177! You
Communication Framework (WCF) web services (.NET 4.0 or
later). [Patrik Karlsson]
o [Zenmap] Added a new script selection interface, allowing you to
choose scripts and arguments from a list which includes descriptions
of every available script. Just click the "Scripting" tab in the
profile editor. [kirubakaran]
o [Nping] Added echo mode, a novel technique for discovering how your
packets are changed (or dropped) in transit between the host they
originated and a target machine. You can try it out against our
public Nping echo server using this command:
nping --echo-client "public" echo.nmap.org'
Or learn more about echo mode at
http://nmap.org/book/nping-man-echo-mode.html.
o [Ncat] Make --exec and --idle-timeout work when connecting with
--proxy. Florian Roth reported the bug. [David]
o [NSE] Added the target NSE library to let scripts to add new
discovered targets onto Nmap scanning queue. This feature, coupled
with the new prerule is well suited for NSE host discovery. [Djalal]
o [NSE] Created a new "broadcast" script category for the broadcast-*
scripts. These perform network discovery by broadcasting on the
local network and listening for responses. Since they don't
directly relate to targets specified on the command line, these are
kept out of the default category (nor do they go in "discovery").
o [NSE] Added 12 new protocol libraries:
- dhcp.lua by Ron
- dnssd.lua (DNS Service Discovery) by Patrik
@@ -222,6 +209,46 @@ o [NSE] Added 12 new protocol libraries:
- vnc.lua (Virtual Network Computing) by Patrik
- wsdd.lua (Web Service Dynamic Discovery) by Patrik
o Performed a major OS detection integration run. The database has
grown more than 14% to 2,982 fingerprints and many of the existing
fingerprints were improved. Highlights include Linux 2.6.37, iPhone
OS 4.2.1, Solaris 11, AmigaOS 3.1, GNU Hurd 0.3, and Minix 2.0.4.
David posted highlights of his integration work at
http://seclists.org/nmap-dev/2010/q4/651
o Performed a huge version detection integration run. The number of
signatures has grown by more than 11% to 7,355. More than a third
of our signatures are for http, but we also detect 743 other service
protocols, from abc, acap, access-remote-pc, and achat to zenworks,
zeo, and zmodem. You can read David's integration highlights at
http://seclists.org/nmap-dev/2010/q4/761.
o [NSE] Added the target NSE library which allows scripts to add newly
discovered targets to Nmap's scanning queue. This feature, coupled
with the new prerule is well suited for NSE host discovery. [Djalal]
o [NSE] Nmap has two new NSE script scanning phases. The new pre-scan
occurs before Nmap starts scanning. Some of the initial pre-scan
scripts use techniques like broadcast DNS service discovery or DNS
zone transfers to enumerate hosts which can optionally be treated as
targets. The other phase (post scan) runs after all of Nmap's
scanning is complete. We don't have any of these scripts yet, but
they could compile scan statistics or present the
results in a different way. One idea is a reverse index which gives
a list of IP addresses running each individual service discovered on
a network. See
http://nmap.org/book/nse-usage.html#nse-script-types. [Djalal]
o Documented the licenses of the third-party software used by Nmap and
it's sibling tools:
http://nmap.org/svn/docs/3rd-party-licenses.txt. [David]
o [NSE] Created a new "broadcast" script category for the broadcast-*
scripts. These perform network discovery by broadcasting on the
local network and listening for responses. Since they don't
directly relate to targets specified on the command line, these are
kept out of the default category (nor do they go in "discovery").
o [NSE] Added a new brute library that provides a basic framework and logic
for brute force password auditing scripts. [Patrik]
@@ -233,16 +260,6 @@ o Integrated cracked passwords from the Gawker.com compromise
"password", "12345678", "lifehack", "qwerty", "abc123", "12345",
"monkey", "111111", "consumer", and "letmein".
o [NSE] Nmap now have three different NSE script scan phases. The first
one is the script pre-scanning phase, which will run before any Nmap
scan operation. Scripts during this phase are activated by the new
rule prerule. The second phase is the classic script scan one, which
will run for every host group. Scripts during this phase are
activated by the classic portrules and hostrules. The third phase
is the script post-scanning one, which will run after all Nmap scan
operations. Scripts are activated during this phase by the new rule
postrule. [Djalal]
o XML output now excludes output for down hosts when doing host
discovery only, except in verbose mode. This is how it already
worked for normal scans, but the ping-only case was overlooked.
@@ -254,6 +271,20 @@ o Updated the Windows build process to work with (and require) Visual
http://nmap.org/book/inst-windows.html#inst-win-source [David, Rob
Nicholls, KX]
o Enabled ASLR and DEP for Nmap.exe, Ncat.exe and Nping.exe on Windows
Vista and above. Visual C++ will set the /DYNAMICBASE and /NXCOMPAT
flags in the PE header. Executables generated using py2exe or NSIS
and third party binaries (OpenSSL, WinPcap) still don't support ASLR
or DEP. Support for DEP on XP SP3, using SetProcessDEPPolicy(),
could still be implemented. See
http://seclists.org/nmap-dev/2010/q3/328. [Robert]
o Investigated using the CPE (Common Platform Enumeration) standard
for describing operating systems, devices, and service names for
Nmap OS and service detection. You can read David's reports at
http://seclists.org/nmap-dev/2010/q3/278 and
http://seclists.org/nmap-dev/2010/q3/303.
o [Zenmap] Improved the output viewer to show new output in constant
time. Previously it would get slower and slower as the output grew
longer, eventually making Zenmap appear to freeze with 100% CPU. Rob
@@ -291,12 +322,20 @@ o [NSE] Improved ssh2's kex_init() parameters: all of the algorithm
key in the "options" table, defaulting to random bytes as the RFC
says the value should be. [Kris]
o Ncat now logs Nsock debug output to stderr instead of stdout, like
its other debug messages. [David]
o Ncat now logs Nsock debug output to stderr instead of stdout for
consistency with its other debug messages. [David]
o [NSE] Added a new function, shortport.http, for HTTP script
portrules and changed 14 to use it. [David]
o Updated to the latest config.guess and config.sub. Thanks to Ty
Miller for a reminder. [David]
o [NSE] Improved the SMB scripts so that they can run in parallel
rather than using a mutex to force serialization. This quadroupled
the SMB scan speed in one large scale test. See
http://seclists.org/nmap-dev/2010/q3/819. [Ron]
o [NSE] Added prerule support to snmp-interfaces and the ability to
add the host's interface addresses to the scanning queue. The new
script arguments used for this functionality are "host" (required)
@@ -317,9 +356,13 @@ o [Zenmap] Made the topology node radiuses grow logarithmically
open|filtered) are considered when calculating node sizes. Henri
Doreau found and fixed a bug in the implementation. [Daniel Miller]
o Increased the initial RTT timeout for ARP scans from 100 ms to
200 ms. Some wireless and VPN links were taking around 300 ms to
respond. The default of one retransmit gives them 400 ms to be
o [NSE] Added the get_script_args NSE function for parsing script
arguments in a clean and standardized way
(http://nmap.org/nsedoc/lib/stdnse.html#get_script_args). [Djalal]
o Increased the initial RTT timeout for ARP scans from 100 ms to 200
ms. Some wireless and VPN links were taking around 300 ms to
respond. The default of one retransmission gives them 400 ms to be
detected.
o Upgraded the OpenSSL binaries shipped in our Windows installer to
@@ -336,6 +379,13 @@ o Changed the name of libdnet's sctp_chunkhdr to avoid a conflict with
compiliation error when Nmap was compiled with an OpenSSL that had
SCTP support. [Olli Hauer, Daniel Roethlisberger]
o [NSE] Implemented a big cleanup of the Nmap NSE Nsock library
binding code. [Patrick]
o Added a bunch of Apple and Netatalk AFP service detection
signatures. These often provide extra details such as whether the
target is a MacBook Pro, MacBook Air, Mac Mini, iMac, etc. [Brandon]
o [NSE] Host tables now have a host.traceroute member when --traceroute
is used. This array contains the IP address, reverse DNS name, and RTT
for each traceroute hop. [Henri Doreau]
@@ -348,6 +398,12 @@ o [NSE] Added the nmap.resolve() function which takes a host name and
containing all of its matching addresses. If no address family is
specified, then all of the addresses are returned for the name. [Kris]
o Added new version detection probes and signatures from Patrik for:
- Lotus Domino Console running on tcp/2050 (shows OS and hostname)
- IBM Informix Dynamic Server running native protocol (shows hostname, and file path)
- Database servers running the DRDA protocol
- IBM Websphere MQ (shows name of queue-manager and channel)
o [NSE] Added the nmap.address_family() function which returns the address
family Nmap is using as a string (e.g., "inet6" is returned if Nmap is
called with the -6 option). [Kris]
@@ -355,6 +411,13 @@ o [NSE] Added the nmap.address_family() function which returns the address
o [NSE] Scripts can now access the MTU of the host.interface device using
host.interface_mtu. [Kris]
o Restrict the default Windows DLL search path by removing the current
directory. This adds extra protection against DLL hijacking attacks,
especially if we were to add file type associations to Nmap in the
future. We implement this with SetDllDirectory function when available
(Windows XP SP1 and later). Otherwise, we call SetCurrentDirectory
with the directory containing the executable. [David]
o Nmap now prints the MTU for interfaces in --iflist output. [Kris]
o [NSE] Removed references to MD2 (OpenSSL 1.x.x doesn't support it
@@ -391,9 +454,11 @@ o [NSE] Added a "times" table to the host table passed to scripts.
updated to utilize the host's timeout value instead of the very
conservative guess of 3 seconds for read timeouts. [Kris]
o [Nmap, Nping] Fixed the fragmentation options (-f in Nmap, --mtu in
both) which were improperly sending whole packets in Nmap version
5.35DC1.
o Fixed the fragmentation options (-f in Nmap, --mtu in Nmap & Nping)
which were improperly sending whole packets in version 5.35DC1.
o Fix Nmap compilation on OpenSolaris (see
http://blogs.sun.com/sdaven/entry/nmap_5_35dc1_compile_on) [David]
o [NSE] The http library's request functions now accept an additional
"auth" table within the option table, which causes Basic
@@ -419,6 +484,14 @@ o [Zenmap] Fixed a crash that would happen after opening the search
AttributeError: 'tuple' object has no attribute 'strftime'
[David]
o Added a new packet payload--a NAT-PMP external address request for
port 5351/udp. Payloads help us elicit responses from listening UDP
services to better distinguish them from filtered ports. This
payload goes well with our new nat-pmp-info script. [David, Patrik]
o [NSE] Significant cleanup and bugfixes to the smb-psexec script
[Ron]
o Updated IANA IP address space assignment list for random IP (-iR)
generation. [Kris]
@@ -442,6 +515,7 @@ o The command line in XML output (/nmaprun/@args attribute) now does
o Added a service detection probe for master servers of Quake 3 and
related games. [Toni Ruotto]
Nmap 5.35DC1 [2010-07-16]
o [NSE] Added 17 scripts, bringing the total to 131! They are