From 5ccd15c3ceeece1445c5aaf020b780597dfe6dbd Mon Sep 17 00:00:00 2001 From: fyodor Date: Sun, 8 Aug 2021 00:26:46 +0000 Subject: [PATCH] Update CHANGELOG for Nmap 7.92 release --- CHANGELOG | 219 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 129 insertions(+), 90 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 6767eaeb1..be9269ee1 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,113 +1,152 @@ #Nmap Changelog ($Id$); -*-text-*- +Nmap 7.92 [2021-08-07] + +o [Windows] Upgraded Npcap (our Windows raw packet capturing and + transmission driver) from version 1.00 to the latest version 1.50. You can + read about the dozens of performance improvements, bug fixes and feature + enhancements at https://npcap.org/changelog. + +o [Windows] Thanks to the Npcap 1.50 upgrade, Nmap now works on the Windows + ARM architecture so you can run it on lightweight and power-efficient + tablets like the Microsoft Surface Pro X and Samsung Galaxy Book Go. More + ARM devices are on the way along with the upcoming Windows 11 release. See + the Npcap on ARM announcement at + https://seclists.org/nmap-announce/2021/2. + +o [Windows] Updated our Windows builds to Visual Studio 2019, Windows 10 + SDK, and the UCRT. This prevents Nmap from working on Windows Vista and + earlier, but they can still use older versions of Nmap on their ancient + operating system. + +o New Nmap option --unique will prevent Nmap from scanning the same IP + address twice, which can happen when different names resolve to the same + address. [Daniel Miller] + o [NSE][GH#1691] TLS 1.3 now supported by most scripts for which it is relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel connections and certificate parsing will require OpenSSL 1.1.1 or later to fully support TLS 1.3. [Daniel Miller] -o Setting --host-timeout=0 will disable the host timeout, which is set by -T5 - to 15 minutes. Earlier versions of Nmap require the user to specify a very - long timeout instead. +o [NSE] Added 3 NSE scripts, from 4 authors, bringing the total up to 604! + They are all listed at https://nmap.org/nsedoc/, and the summaries are + below: + + [GH#2201] nbns-interfaces queries NetBIOS name service (NBNS) to gather + IP addresses of the target's network interfaces [Andrey Zhukov] -o If a host times out, the XML element will have the attribute - timedout="true" and the host's timing info (srtt etc.) will still be printed. + + [GH#711] openflow-info gathers preferred and supported protocol versions + from OpenFlow devices [Jay Smith, Mak Kolybabi] -o [GH#2269] Fix an issue with -sU where payload data went out-of-scope before - it was used, causing corrupted payloads to be sent. [Mariusz Ziulek] + + port-states prints a list of ports that were found in each state, + including states that were summarized as "Not shown: X closed ports" + [Daniel Miller] -o [GH#2257] Fix an issue in addrset matching that was causing all targets to be - excluded if the --excludefile listed a CIDR range that contains an earlier, - smaller CIDR range. [Daniel Miller] +o Several changes to UDP payloads to improve accuracy: + + [GH#2269] Fix an issue with -sU where payload data went out-of-scope + before it was used, causing corrupted payloads to be sent. [Mariusz + Ziulek] -o [NSE][GH#2237] Prevent the ssl-* NSE scripts from probing ports that were - excluded from version scan, usually 9100-9107, since JetDirect will print - anything sent to these ports. [Daniel Miller] + + Nmap's retransmission limits were preventing some UDP payloads from + being tried with -sU and -PU. Now, Nmap sends each payload for a + particular port at the same time without delay. [Daniel Miller] -o Nmap's retransmission limits were preventing some UDP payloads from being - tried with -sU and -PU. Now, Nmap sends each payload for a particular port - at the same time without delay. [Daniel Miller] + + New UDP payloads: + - [GH#1279] TS3INIT1 for UDP 3389 [colcrunch] + - [GH#1895] DTLS for UDP 3391 (RD Gateway) [Arnim Rupp] -o [GH#2206] Nmap no longer produces cryptic message "Failed to convert - source address to presentation format" when unable to find useable route - to the target. [nnposter] - -o [Ncat][GH#2202] Use safety-checked versions of FD_* macros to abort early if - number of connections exceeds FD_SETSIZE. [Pavel Zhukov] - -o [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping - server data sent right after the connection got established, such as port - banners. [Sami Pönkänen] - -o Nmap will now output a list of port numbers for each "ignored" state in the - "extrareasons" element in XML output. The "All X ports" and "Not shown:" lines - in normal output have been changed slightly to provide more detail. [Daniel Miller] - -o New script port-states will print a list of ports that were found in each - state, including states that were summarized as "Not shown: X closed ports" - [Daniel Miller] - -o New Nmap option --unique will prevent Nmap from scanning the same IP address - twice, which can happen when different names resolve to the same address. [Daniel Miller] - -o [NSE][GH#2175] Fixed NSE so it will not consolidate all port script output - for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller] - -o [Zenmap][GH#2157] Fixed an issue where a failure to execute Nmap would result - in a Zenmap crash with "TypeError: coercing to Unicode" exception. - -o Nmap no longer considers an ICMP Host Unreachable as confirmation that a - target is down, in accordance with RFC 1122 which says these errors may be - transient. Instead, the probe will be destroyed and other probes used to - determine aliveness. [Daniel Miller] - -o [NSE][GH#711] New script openflow-info gathers preferred and supported - protocol versions from OpenFlow devices [Jay Smith, Mak Kolybabi] - -o [NSE][GH#2201] New script nbns-interfaces queries NetBIOS name service (NBNS) - to gather IP addresses of the target's network interfaces [Andrey Zhukov] - -o New UDP payloads: - + [GH#1279] TS3INIT1 for UDP 3389 [colcrunch] - + [GH#1895] DTLS for UDP 3391 (RD Gateway) [Arnim Rupp] - -o [Ncat][GH#2154] Ncat no longer crashes when used with Unix domain sockets. - -o [Ncat][GH#2167][GH#2168] Ncat is now again generating certificates - with the duration of one year. Due to a bug, recent versions of Ncat were - using only one minute. [Tobias Girstmair] - -o [NSE][GH#2281] URL/percent-encoding is now using uppercase hex digits - to align with RFC 3986, section 2.1, and to improve compatibility with some - real-world web servers. [nnposter] - -o [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most - visible are that certificate SANs are properly split apart and that - identities that are syntactically incorrect to be hostnames are now ignored. - [Michel Le Bihan, nnposter] - -o [GH#2199] Updated Nmap's NPSL license to rewrite a poorly-worded - clause which many folks interpreted as a "field of endeavor - restriction" related to "proprietary software companies". We are - retroactively offering Nmap versions 7.90 and 7.91 under this new - Version 0.93 of the NPSL so that users and distributors may choose - either version of the license. - -o [NSE] Loading of a Nikto database failed if the file was referenced - relative to the Nmap directory [nnposter] - -o [NSE][GH#2208][GH#2203] SMB2 dialect handling has been redesigned. Visible - changes include: +o [NSE][GH#2208][GH#2203] SMB2 dialect handling has been + redesigned. Visible changes include: * Notable improvement in speed of script smb-protocols and others * Some SMB scripts are no longer using a hardcoded dialect, improving target interoperability * Dialect names are aligned with Microsoft, such as 3.0.2, instead of 3.02 [nnposter] -o [NSE] Script smb2-vuln-uptime no longer reports false positives when - the target does not provide its boot time. [nnposter] +o Removed support for the ancient WinPcap library since we already include + our own Npcap library (https://npcap.org) supporting the same API. WinPcap + was abandoned years ago and it's official download page says that "WE + RECOMMEND USING Npcap INSTEAD" for security, stability, compatibility, and + support reasons. -o [NSE][GH#2197] Client packets composed by the DHCP library will now contain - option 51 (IP address lease time) only when requested. [nnposter] +o [GH#2257] Fix an issue in addrset matching that was causing all targets to + be excluded if the --excludefile listed a CIDR range that contains an + earlier, smaller CIDR range. [Daniel Miller] + +o Setting --host-timeout=0 will disable the host timeout, which is set by + -T5 to 15 minutes. Earlier versions of Nmap require the user to specify a + very long timeout instead. + +o Improvemenhts to Nmap's XML output: + + If a host times out, the XML element will have the attribute + timedout="true" and the host's timing info (srtt etc.) will still be + printed. + + + The "extrareasons" element now includes a list of port numbers for each + "ignored" state. The "All X ports" and "Not shown:" lines in normal + output have been changed slightly to provide more detail. [Daniel + Miller] + +o [NSE][GH#2237] Prevent the ssl-* NSE scripts from probing ports that were + excluded from version scan, usually 9100-9107, since JetDirect will print + anything sent to these ports. [Daniel Miller] + +o [GH#2206] Nmap no longer produces cryptic message "Failed to convert + source address to presentation format" when unable to find useable route + to the target. [nnposter] + +o [Ncat][GH#2202] Use safety-checked versions of FD_* macros to abort early + if number of connections exceeds FD_SETSIZE. [Pavel Zhukov] + +o [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping + server data sent right after the connection got established, such as port + banners. [Sami Pönkänen] + +o [Ncat][GH#2149] Fixed a bug in proxy connect mode which would close the + connection as soon as it was opened in Nmap 7.90 and 7.91. + +o [NSE][GH#2175] Fixed NSE so it will not consolidate all port script output + for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel + Miller] + +o [Zenmap][GH#2157] Fixed an issue where a failure to execute Nmap would + result in a Zenmap crash with "TypeError: coercing to Unicode" exception. + +o Nmap no longer considers an ICMP Host Unreachable as confirmation that a + target is down, in accordance with RFC 1122 which says these errors may be + transient. Instead, the probe will be destroyed and other probes used to + determine aliveness. [Daniel Miller] + +o [Ncat][GH#2154] Ncat no longer crashes when used with Unix domain sockets. + +o [Ncat][GH#2167][GH#2168] Ncat is now again generating certificates with + the duration of one year. Due to a bug, recent versions of Ncat were using + only one minute. [Tobias Girstmair] + +o [NSE][GH#2281] URL/percent-encoding is now using uppercase hex digits to + align with RFC 3986, section 2.1, and to improve compatibility with some + real-world web servers. [nnposter] + +o [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most + visible are that certificate SANs are properly split apart and that + identities that are syntactically incorrect to be hostnames are now + ignored. [Michel Le Bihan, nnposter] + +o [NSE] Loading of a Nikto database failed if the file was referenced + relative to the Nmap directory [nnposter] + +o [GH#2199] Updated Nmap's NPSL license to rewrite a poorly-worded clause + abiyt "proprietary software companies". The new license version 0.93 is + still available from https://nmap.org/npsl/. As described on that page, we + are also still offering Nmap 7.90, 7.91, and 7.92 under the previous Nmap + 7.80 license. Finally, we still offer the Nmap OEM program for companies + who want a non-copyleft license allowing them to redistribute Nmap with + their products at https://nmap.org/oem/. + +o [NSE] Script smb2-vuln-uptime no longer reports false positives when the + target does not provide its boot time. [nnposter] + +o [NSE][GH#2197] Client packets composed by the DHCP library will now + contain option 51 (IP address lease time) only when requested. [nnposter] o [NSE][GH#2192] XML decoding in library citrixxml no longer crashes when encountering a character reference with codepoint greater than 255. (These