diff --git a/CHANGELOG b/CHANGELOG index 07ddc54bb..048f5491e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,10 +1,45 @@ # Nmap Changelog ($Id$); -*-text-*- -o Fixed a discrepancy between the number of targets selected with -iR and the - number of hosts scanned, resulting in output like "Nmap done: 1033 IP - addresses" when the user specified -iR 1000. [Daniel Miller] +Nmap 7.30 [2016-09-29] -o New service probe and match line for DTLS (Datagram TLS, or TLS over UDP). +o Integrated all 12 of your IPv6 OS fingerprint submissions from June to + September. No new groups, but several classifications were strengthened, + especially Windows localhost and OS X. [Daniel Miller] + +o [NSE] Added 7 NSE scripts, from 3 authors, bringing the total up to 541! + They are all listed at https://nmap.org/nsedoc/, and the summaries are below + (authors are listed in brackets): + + + [GH#369] coap-resources grabs the list of available resources from CoAP + endpoints. [Mak Kolybabi] + + + fox-info retrieves detailed version and configuration info from Tridium + Niagara Fox services. [Stephen Hilt] + + + ipmi-brute performs authentication brute-forcing on IPMI services. + [Claudiu Perta] + + + ipmi-cipher-zero checks IPMI services for Cipher Zero support, which allows + connection without a password. [Claudiu Perta] + + + ipmi-version retrieves protocol version and authentication options from + ASF-RMCP (IPMI) services. [Claudiu Perta] + + + [GH#352] mqtt-subscribe connects to a MQTT broker, subscribes to topics, + and lists the messages received. [Mak Kolybabi] + + + pcworx-info retrieves PLC model, firmware version, and date from Phoenix + Contact PLCs. [Stephen Hilt] + +o Upgraded Npcap, our new Windows packet capturing driver/library, + from version to 0.09 to 0.10r2. This includes many bug fixes, with a + particular on emphasis on concurrency issues discovered by running + hundreds of Nmap instances at a time. More details are available + from https://github.com/nmap/npcap/releases. [Yang Luo, Daniel + Miller, Fyodor] + +o New service probes and match lines for DTLS, IPMI-RMCP, MQTT, PCWorx, + ProConOS, and Tridium Fox, [Stephen Hilt, Mak Kolybabi, Daniel Miller] o Improved some output filtering to remove or escape carriage returns ('\r') that could allow output spoofing by overwriting portions of the screen. Issue @@ -13,6 +48,10 @@ o Improved some output filtering to remove or escape carriage returns ('\r') o [NSE] Fixed a few bad Lua patterns that could result in denial of service due to excessive backtracking. [Adam Rutherford, Daniel Miller] +o Fixed a discrepancy between the number of targets selected with -iR and the + number of hosts scanned, resulting in output like "Nmap done: 1033 IP + addresses" when the user specified -iR 1000. [Daniel Miller] + o Fixed a bug in port specification parsing that could cause extraneous 'T', 'U', 'S', and 'P' characters to be ignored when they should have caused an error. [David Fifield] @@ -26,29 +65,13 @@ o [Zenmap] Fixed a bug in the Compare Scans window of Zenmap on OS X resulting /Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so: mach-o, but wrong architecture Reported by Kyle Gustafson. [Daniel Miller] -o [NSE][GH#369] New script: coap-resources grabs the list of available - resources from CoAP endpoints. [Mak Kolybabi] +o [NSE] Fixed a bug in ssl-enum-ciphers and ssl-dh-params which caused them to + not output TLSv1.2 info with DHE ciphersuites or others involving + ServerKeyExchange messages. [Daniel Miller] -o [NSE] New script: ipmi-version retrieves protocol version and authentication - options from ASF-RMCP (IPMI) services. [Claudiu Perta] - -o [NSE] New script: ipmi-cipher-zero checks IPMI services for Cipher Zero - support, which allows connection without a password. [Claudiu Perta] - -o [NSE] New script: ipmi-brute performs authentication brute-forcing on IPMI - services. [Claudiu Perta] - -o [NSE][GH#352] New script: mqtt-subscribe connects to a MQTT broker, subscribes to - topics, and lists the messages received. [Mak Kolybabi] - -o [NSE] New script: fox-info retrieves detailed version and configuration info - from Tridium Niagara Fox services. [Stephen Hilt] - -o New service probe and match lines for PCWorx, ProConOS, and Tridium Fox, - based on work by Stephen Hilt of Digital Bond. - -o [NSE] New script: pcworx-info retrieves PLC model, firmware version, and date - from Phoenix Contact PLCs. [Stephen Hilt] +o [NSE] Added X509v3 extension parsing to NSE's sslcert code. ssl-cert now + shows the Subject Alternative Name extension; all extensions are shown in the + XML output. [Daniel Miller] Nmap 7.25BETA2 [2016-09-01] @@ -75,9 +98,34 @@ o Integrated all of your service/version detection fingerprints submitted from We now detect 1122 protocols, from elasticsearch, fhem, and goldengate to ptcp, resin-watchdog, and siemens-logo. [Daniel Miller] -o [Nsock][GH#148] New, very fast IOCP Nsock engine uses "Overlapped I/O" to - improve performance of version scan and NSE against many targets on Windows. - [Tudor Emil Coman] +o Upgraded Npcap, our new Windows packet capturing driver/library, + from version 0.07-r17 to 0.09. This includes many improvements you can + read about at https://github.com/nmap/npcap/releases. + +o [Nsock][GH#148] Added the new IOCP Nsock engine which uses the Windows + Overlapped I/O API to improve performance of version scan and NSE against + many targets on Windows. [Tudor Emil Coman] + +o [GH#376] Windows binaries are now code-signed with our "Insecure.Com LLC" + SHA256 certificate. This should give our users extra peace-of-mind and avoid + triggering Microsoft's ever-increasing security warnings. + +o Various performance improvements for large-scale high-rate scanning, + including increased ping host groups, faster probe matching, and ensuring + data types can handle an Internet's-worth of targets. [Tudor Emil Coman] + +o [NSE] Added the oracle-tns-version NSE script which decodes the version + number from Oracle Database Server's TNS + listener. https://nmap.org/nsedoc/scripts/oracle-tns-version.html [Daniel + Miller] + +o [NSE] Added the clock-skew NSE script which analyzes and reports clock skew + between Nmap and services that report timestamps, grouping hosts with + similar skews. https://nmap.org/nsedoc/scripts/clock-skew.html [Daniel + Miller] + +o [Zenmap] Long-overdue Spanish language translation has been added! Muy bien! + [Vincent Dumont, Marta Garcia De La Paz, Paulino Calderon, Patricio Castagnaro] o [Zenmap][GH#449] Fix a crash when closing Zenmap due to a read-only zenmap.conf. User will be warned that config cannot be saved and that they @@ -88,10 +136,6 @@ o [NSE] Fix a crash when parsing TLS certificates that OpenSSL doesn't support, will label the ciphersuite strength as "unknown." Reported by Bertrand Bonnefoy-Claudet. [Daniel Miller] -o [NSE] Fixed a bug in ssl-enum-ciphers and ssl-dh-params which caused them to - not output TLSv1.2 info with DHE ciphersuites or others involving - ServerKeyExchange messages. [Daniel Miller] - o [NSE][GH#531] Fix two issues in sslcert.lua that prevented correct operations against LDAP services when version detection or STARTTLS were used. [Tom Sellers] @@ -108,8 +152,9 @@ o [NSE][GH#234] Added a --script-timeout option for limiting run time for every individual NSE script. [Abhishek Singh] o [Ncat][GH#444] Added a -z option to Ncat. Just like the -z option in - traditional netcat, it can be used to quicky check the status of a port. Port - ranges are not supported. [Abhishek Singh] + traditional netcat, it can be used to quickly check the status of a + port. Port ranges are not supported since we recommend a certain other tool + for port scanning. [Abhishek Singh] o Fix checking of Npcap/WinPcap presence on Windows so that "nmap -A" and "nmap" with no options result in the same behaviors as on Linux (and no diff --git a/docs/nmap.1 b/docs/nmap.1 index 2e385e2fa..ea34a013b 100644 --- a/docs/nmap.1 +++ b/docs/nmap.1 @@ -130,7 +130,7 @@ This options summary is printed when Nmap is run with no arguments, and the late .RS 4 .\} .nf -Nmap 7\&.25SVN ( https://nmap\&.org ) +Nmap 7\&.30SVN ( https://nmap\&.org ) Usage: nmap [Scan Type(s)] [Options] {target specification} TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc\&. diff --git a/docs/nmap.usage.txt b/docs/nmap.usage.txt index 77afa51f3..5f5933482 100644 --- a/docs/nmap.usage.txt +++ b/docs/nmap.usage.txt @@ -1,4 +1,4 @@ -Nmap 7.25SVN ( https://nmap.org ) +Nmap 7.30SVN ( https://nmap.org ) Usage: nmap [Scan Type(s)] [Options] {target specification} TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc. diff --git a/mswin32/nmap.rc b/mswin32/nmap.rc index f607d62c2..39558e79d 100644 --- a/mswin32/nmap.rc +++ b/mswin32/nmap.rc @@ -13,7 +13,7 @@ // VS_VERSION_INFO VERSIONINFO -FILEVERSION 7,0,25,100 +FILEVERSION 7,0,30,100 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x21L @@ -30,7 +30,7 @@ BEGIN BEGIN VALUE "CompanyName", "Insecure.Org\0" VALUE "FileDescription", "Nmap\0" - VALUE "FileVersion", "7.25SVN\0" + VALUE "FileVersion", "7.30SVN\0" VALUE "InternalName", "Nmap\0" VALUE "LegalCopyright", "Copyright (c) Insecure.Com LLC (fyodor@insecure.org)\0" VALUE "LegalTrademarks", "NMAP\0" diff --git a/ncat/docs/ncat.1 b/ncat/docs/ncat.1 index f4bc62d57..60e5d138b 100644 --- a/ncat/docs/ncat.1 +++ b/ncat/docs/ncat.1 @@ -43,7 +43,7 @@ Among Ncat\*(Aqs vast number of features there is the ability to chain Ncats tog .RS 4 .\} .nf -Ncat 7\&.25SVN ( https://nmap\&.org/ncat ) +Ncat 7\&.30SVN ( https://nmap\&.org/ncat ) Usage: ncat [options] [hostname] [port] Options taking a time assume seconds\&. Append \*(Aqms\*(Aq for milliseconds, diff --git a/ncat/docs/ncat.usage.txt b/ncat/docs/ncat.usage.txt index 438efbcfb..d5cf573ad 100644 --- a/ncat/docs/ncat.usage.txt +++ b/ncat/docs/ncat.usage.txt @@ -1,4 +1,4 @@ -Ncat 7.25SVN ( https://nmap.org/ncat ) +Ncat 7.30SVN ( https://nmap.org/ncat ) Usage: ncat [options] [hostname] [port] Options taking a time assume seconds. Append 'ms' for milliseconds, diff --git a/ncat/ncat.h b/ncat/ncat.h index 40bb85b95..858e2bbab 100644 --- a/ncat/ncat.h +++ b/ncat/ncat.h @@ -145,7 +145,7 @@ /* Ncat information for output, etc. */ #define NCAT_NAME "Ncat" #define NCAT_URL "https://nmap.org/ncat" -#define NCAT_VERSION "7.25SVN" +#define NCAT_VERSION "7.30SVN" #ifndef __GNUC__ #ifndef __attribute__ diff --git a/nmap-services b/nmap-services index 9eb404192..3baec0770 100644 --- a/nmap-services +++ b/nmap-services @@ -6,6 +6,7 @@ # $Id$ # # Derived from IANA data and our own research +# # This collection of service data is (C) 1996-2011 by Insecure.Com # LLC. It is distributed under the Nmap Open Source license as # provided in the COPYING file of the source distribution or at diff --git a/nmap.h b/nmap.h index 148adef5c..8a845843f 100644 --- a/nmap.h +++ b/nmap.h @@ -193,13 +193,13 @@ #ifndef NMAP_VERSION /* Edit this definition only within the quotes, because it is read from this file by the makefiles. */ -#define NMAP_VERSION "7.25SVN" -#define NMAP_NUM_VERSION "7.0.25.100" +#define NMAP_VERSION "7.30SVN" +#define NMAP_NUM_VERSION "7.0.30.100" #endif /* The version number of updates retrieved by the nmap-update program. It can be different (but should always be the same or earlier) than NMAP_VERSION. */ -#define NMAP_UPDATE_CHANNEL "7.20" +#define NMAP_UPDATE_CHANNEL "7.30" #define NMAP_XMLOUTPUTVERSION "1.04" diff --git a/nping/nping.h b/nping/nping.h index 87201526b..aca9a43ab 100644 --- a/nping/nping.h +++ b/nping/nping.h @@ -339,7 +339,7 @@ /* General tunable defines **************************************************/ #define NPING_NAME "Nping" #define NPING_URL "https://nmap.org/nping" -#define NPING_VERSION "0.7.25SVN" +#define NPING_VERSION "0.7.30SVN" #define DEFAULT_VERBOSITY VB_0 diff --git a/zenmap/share/zenmap/config/zenmap_version b/zenmap/share/zenmap/config/zenmap_version index 6a4cc44d1..a80649845 100644 --- a/zenmap/share/zenmap/config/zenmap_version +++ b/zenmap/share/zenmap/config/zenmap_version @@ -1 +1 @@ -7.25SVN +7.30SVN diff --git a/zenmap/zenmapCore/Version.py b/zenmap/zenmapCore/Version.py index 28c6ec71f..3345358ca 100644 --- a/zenmap/zenmapCore/Version.py +++ b/zenmap/zenmapCore/Version.py @@ -1 +1 @@ -VERSION = "7.25SVN" +VERSION = "7.30SVN"