diff --git a/CHANGELOG b/CHANGELOG
index bcdb4dfe3..d85e8fd52 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,26 +8,57 @@ o [GH#103][GH#364] Made Nmap's parallel reverse DNS resolver more robust, fully
handling truncated replies. If a response is too long, we now fall back to
using the system resolver to answer it. [Abhishek Singh]
-o [NSE][GH#365] Added sslv2-drown for detecting vulnerability to the DROWN
- attack, including CVE-2016-0703 and CVE-2016-0704 that enable fast attacks on
- OpenSSL. [Bertrand Bonnefoy-Claudet]
-
-o [NSE] Added http-mcmp for detecting mod_cluster Management Protocol (MCMP)
- and dumping its configuration. [Frank Spierings]
-
-o [Nping] Nping is now fully compatible with Npcap. [Daniel Miller]
-
o [GH#279][Zenmap] Added a legend for the Topography window. [Suraj Hande]
-o [NSE] Added clamav-exec to detect ClamAV servers vulnerable to unauthorized
- clamav command execution. [Paulino Calderon]
+Nmap 7.25BETA1 [2016-07-15]
-o [NSE] Added http-aspnet-debug to detect ASP.NET applications with
- debugging enabled. Script submitted by Josh Amishav-Zlatin. [Paulino Calderon]
+o Nmap now ships with and uses Npcap, our new packet sniffing library
+ for Windows. It's based on WinPcap (unmaintained for years), but
+ uses modern Windows APIs for better performance. It also includes
+ security improvements and many bug fixes. See http://npcap.org. And
+ it enables Nmap to perform SYN scans and OS detection against
+ localhost, which we haven't been able to do on Windows since
+ Microsoft removed the raw sockets API in 2003. [Yang Luo, Daniel
+ Miller, Fyodor]
-o Nmap can now make full use of Npcap, the Nmap Project's packet sniffing
- library for Windows. Most notably, this enables SYN scan and OS detection
- against localhost. [Yang Luo]
+o [NSE] Added 6 NSE scripts, from 5 authors, bringing the total up to 533!
+ They are all listed at https://nmap.org/nsedoc/, and the summaries are below
+ (authors are listed in brackets):
+
+ + clamav-exec detects ClamAV servers vulnerable to unauthorized clamav
+ command execution. [Paulino Calderon]
+
+ + http-aspnet-debug detects ASP.NET applications with debugging enabled.
+ [Josh Amishav-Zlatin]
+
+ + http-internal-ip-disclosure determines if the web server leaks its internal
+ IP address when sending an HTTP/1.0 request without a Host header. [Josh
+ Amishav-Zlatin]
+
+ + [GH#304] http-mcmp detects mod_cluster Management Protocol (MCMP) and dumps
+ its configuration. [Frank Spierings]
+
+ + [GH#365] sslv2-drown detects vulnerability to the DROWN attack, including
+ CVE-2016-0703 and CVE-2016-0704 that enable fast attacks on OpenSSL.
+ [Bertrand Bonnefoy-Claudet]
+
+ + vnc-title logs in to VNC servers and grabs the desktop title, geometry, and
+ color depth. [Daniel Miller]
+
+o Integrated all of your IPv4 OS fingerprint submissions from January
+ to April (539 of them). Added 98 fingerprints, bringing the new total
+ to 5187. Additions include Linux 4.4, Android 6.0, Windows Server
+ 2016, and more. [Daniel Miller]
+
+o Integrated all 31 of your IPv6 OS fingerprint submissions from January to
+ June. The classifier added 2 groups and expanded several others. Several
+ Apple OS X groups were consolidated, reducing the total number of groups to
+ 93. [Daniel Miller]
+
+o Update oldest supported Windows version to Vista (Windows 6.0). This enables
+ the use of the poll Nsock engine, which has significant performance and
+ accuracy advantages. Windows XP users can still use Nmap 7.12, available from
+ https://nmap.org/dist/?C=M&O=D [Daniel Miller]
o [NSE] Fix a crash that happened when trying to print the percent done of 0
NSE script threads:
@@ -36,11 +67,54 @@ o [NSE] Fix a crash that happened when trying to print the percent done of 0
pressed a key or specified a short --stats-every interval. Reported by
Richard Petrie. [Daniel Miller]
-o [NSE] ssl-enum-ciphers will give a failing score to any server with an RSA
- certificate whose public key uses an exponent of 1. [Daniel Miller]
+o [GH#283][Nsock] Avoid "unknown protocol:0" debug messages and an "Unknown
+ address family 0" crash on Windows and other platforms that do not set the
+ src_addr argument to recvfrom for TCP sockets. [Daniel Miller]
-o Update oldest supported Windows version to Vista (Windows 6.0). This enables
- the use of the poll Nsock engine. [Daniel Miller]
+o Retrieve the correct network prefix length for an adapter on Windows. If more
+ than one address was configured on an adapter, the same prefix length would
+ be used for both. This incorrect behavior is still used on Windows XP and
+ earlier. Reported by Niels Bohr. [Daniel Miller]
+
+o Changed libdnet-stripped to avoid bailing completely when an interface is
+ encountered with an unsupported hardware address type. Caused "INTERFACES:
+ NONE FOUND!" bugs in Nmap whenever Linux kernel added new hardware address
+ types. [Daniel Miller]
+
+o Improved service detection of Docker and fixed a bug in the output of
+ docker-version script. [Tom Sellers]
+
+o Fix detection of Microsoft Terminal Services (RDP). Our improved TLS service
+ probes were matching on port 3389 before our specific Terminal Services
+ probe, causing the port to be labeled as "ssl/unknown". Reported by Josh
+ Amishav-Zlatin.
+
+o [NSE] Update to enable smb-os-discovery to augment version detection
+ for certain SMB related services using data that the script discovers.
+ [Tom Sellers]
+
+o Improved version detection and descriptions for Microsoft and Samba
+ SMB services. Also addresses certain issues with OS identification.
+ [Tom Sellers]
+
+o [NSE] ssl-enum-ciphers will give a failing score to any server with an RSA
+ certificate whose public key uses an exponent of 1. It will also cap the
+ score of an RC4-ciphersuite handshake at C and output a warning referencing
+ RFC 7465. [Daniel Miller]
+
+o [NSE] Refactored some SSLv2 functionality into a new library, sslv2.lua .
+ [Daniel Miller]
+
+o [GH#399] Zenmap's authorization wrapper now uses an AppleScript method for
+ privilege escalation on OS X, avoiding the deprecated
+ AuthorizationExecuteWithPrivileges method previously used. [Vincent Dumont]
+
+o [GH#454] The OS X binary package is distributed in a .dmg disk image that now
+ features an instructive background image. [Vincent Dumont]
+
+o [GH#420] Our OS X build system now uses gtk-mac-bundler and jhbuild to
+ provide all dependencies. We no longer use Macports for this purpose.
+ [Vincent Dumont]
o [GH#345][Zenmap] On Windows, save Zenmap's stderr output to a writeable
location (%LOCALAPPDATA%\zenmap.exe.log or %TEMP%\zenmap.exe.log) instead of
@@ -50,27 +124,10 @@ o [GH#345][Zenmap] On Windows, save Zenmap's stderr output to a writeable
o [GH#379][NSE] Fix http-iis-short-name-brute to report non vulnerable hosts.
Reported by alias1. [Paulino Calderon]
-o [GH#283][Nsock] Avoid "unknown protocol:0" debug messages and an "Unknown
- address family 0" crash on Windows and other platforms that do not set the
- src_addr argument to recvfrom for TCP sockets. [Daniel Miller]
-
o [NSE][GH#371] Fix mysql-audit by adding needed library requires to the
mysql-cis.audit file. The script would fail with "Failed to load rulebase"
message. [Paolo Perego]
-o Retrieve the correct network prefix length for an adapter on Windows. If more
- than one address was configured on an adapter, the same prefix length would
- be used for both. This incorrect behavior is still used on Windows XP and
- earlier. Reported by Niels Bohr. [Daniel Miller]
-
-o [NSE] ssl-enum-ciphers will cap the score of an RC4-ciphersuite handshake at
- C and output a warning referencing RFC 7465.
-
-o Changed libdnet-stripped to avoid bailing completely when an interface is
- encountered with an unsupported hardware address type. Caused "INTERFACES:
- NONE FOUND!" bugs in Nmap whenever Linux kernel added new hardware address
- types. [Daniel Miller]
-
o [NSE][GH#362] Added support for LDAP over udp to ldap-rootdse.nse.
Also added version detection and information extraction to match the
new LDAP LDAPSearchReq and LDAPSearchReqUDP probes. [Tom Sellers]
@@ -78,24 +135,13 @@ o [NSE][GH#362] Added support for LDAP over udp to ldap-rootdse.nse.
o [GH#354] Added new version detection Probes for LDAP services, LDAPSearchReq
and LDAPSearchReqUDP. The second is Microsoft Active Directory specific. The
Probes will elicit responses from target services that allow better finger
- -printing and information extraction. Also added nmap-payload entry for
+ -printing and information extraction. Also added nmap-payload entry for
detecting LDAP on udp. [Tom Sellers]
-o [NSE] Added vnc-title for logging in to VNC servers and grabbing the desktop
- title, geometry, and color depth. [Daniel Miller]
-
o [NSE] More VNC updates: Support for VeNCrypt and Tight auth types, output of
authentication sub-types in vnc-info, and all zero-authentication types are
recognized and reported. [Daniel Miller]
-o [NSE] Update to enable smb-os-discovery to augment version detection
- for certain SMB related services using data that the script discovers.
- [Tom Sellers]
-
-o Improved version detection and descriptions for Microsoft and Samba
- SMB services. Also addresses certain issues with OS identification.
- [Tom Sellers]
-
Nmap 7.12 [2016-03-29]
o [Zenmap] Avoid file corruption in zenmap.conf, reported as files containing
diff --git a/docs/nmap-update.1 b/docs/nmap-update.1
index 70adba7ab..3bae091f1 100644
--- a/docs/nmap-update.1
+++ b/docs/nmap-update.1
@@ -2,12 +2,12 @@
.\" Title: nmap-update
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 06/22/2016
+.\" Date: 07/19/2016
.\" Manual: nmap-update Reference Guide
.\" Source: nmap-update
.\" Language: English
.\"
-.TH "NMAP\-UPDATE" "1" "06/22/2016" "nmap\-update" "nmap\-update Reference Guide"
+.TH "NMAP\-UPDATE" "1" "07/19/2016" "nmap\-update" "nmap\-update Reference Guide"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/docs/nmap.1 b/docs/nmap.1
index 5b32ae013..b9bacabdb 100644
--- a/docs/nmap.1
+++ b/docs/nmap.1
@@ -2,12 +2,12 @@
.\" Title: nmap
.\" Author: [see the "Author" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 06/22/2016
+.\" Date: 07/19/2016
.\" Manual: Nmap Reference Guide
.\" Source: Nmap
.\" Language: English
.\"
-.TH "NMAP" "1" "06/22/2016" "Nmap" "Nmap Reference Guide"
+.TH "NMAP" "1" "07/19/2016" "Nmap" "Nmap Reference Guide"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -130,7 +130,7 @@ This options summary is printed when Nmap is run with no arguments, and the late
.RS 4
.\}
.nf
-Nmap 7\&.12SVN ( https://nmap\&.org )
+Nmap 7\&.25SVN ( https://nmap\&.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc\&.
diff --git a/docs/nmap.usage.txt b/docs/nmap.usage.txt
index 1045118b8..77afa51f3 100644
--- a/docs/nmap.usage.txt
+++ b/docs/nmap.usage.txt
@@ -1,4 +1,4 @@
-Nmap 7.12SVN ( https://nmap.org )
+Nmap 7.25SVN ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
diff --git a/docs/zenmap.1 b/docs/zenmap.1
index 1eeccd8da..a74e17fcf 100644
--- a/docs/zenmap.1
+++ b/docs/zenmap.1
@@ -2,12 +2,12 @@
.\" Title: zenmap
.\" Author: [see the "Authors" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 06/22/2016
+.\" Date: 07/19/2016
.\" Manual: Zenmap Reference Guide
.\" Source: Zenmap
.\" Language: English
.\"
-.TH "ZENMAP" "1" "06/22/2016" "Zenmap" "Zenmap Reference Guide"
+.TH "ZENMAP" "1" "07/19/2016" "Zenmap" "Zenmap Reference Guide"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/mswin32/nmap.rc b/mswin32/nmap.rc
index 47d4040ac..f607d62c2 100644
--- a/mswin32/nmap.rc
+++ b/mswin32/nmap.rc
@@ -13,7 +13,7 @@
//
VS_VERSION_INFO VERSIONINFO
-FILEVERSION 7,0,12,1
+FILEVERSION 7,0,25,100
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x21L
@@ -30,7 +30,7 @@ BEGIN
BEGIN
VALUE "CompanyName", "Insecure.Org\0"
VALUE "FileDescription", "Nmap\0"
- VALUE "FileVersion", "7.12SVN\0"
+ VALUE "FileVersion", "7.25SVN\0"
VALUE "InternalName", "Nmap\0"
VALUE "LegalCopyright", "Copyright (c) Insecure.Com LLC (fyodor@insecure.org)\0"
VALUE "LegalTrademarks", "NMAP\0"
diff --git a/ncat/docs/ncat.1 b/ncat/docs/ncat.1
index ac413cc25..18782c06c 100644
--- a/ncat/docs/ncat.1
+++ b/ncat/docs/ncat.1
@@ -2,12 +2,12 @@
.\" Title: Ncat
.\" Author: [see the "Authors" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 06/22/2016
+.\" Date: 07/19/2016
.\" Manual: Ncat Reference Guide
.\" Source: Ncat
.\" Language: English
.\"
-.TH "NCAT" "1" "06/22/2016" "Ncat" "Ncat Reference Guide"
+.TH "NCAT" "1" "07/19/2016" "Ncat" "Ncat Reference Guide"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -43,7 +43,7 @@ Among Ncat\*(Aqs vast number of features there is the ability to chain Ncats tog
.RS 4
.\}
.nf
-Ncat 7\&.12SVN ( https://nmap\&.org/ncat )
+Ncat 7\&.25SVN ( https://nmap\&.org/ncat )
Usage: ncat [options] [hostname] [port]
Options taking a time assume seconds\&. Append \*(Aqms\*(Aq for milliseconds,
@@ -73,6 +73,7 @@ Options taking a time assume seconds\&. Append \*(Aqms\*(Aq for milliseconds,
\-\-sctp Use SCTP instead of default TCP
\-v, \-\-verbose Set verbosity level (can be used several times)
\-w, \-\-wait