mirror of
https://github.com/nmap/nmap.git
synced 2025-12-21 06:59:01 +00:00
spellcheck the new changelog entries
This commit is contained in:
fyodor
41
CHANGELOG
41
CHANGELOG
@@ -23,7 +23,7 @@ o Integrated your latest IPv6 OS submissions and corrections. We're
|
|||||||
(if Nmap guesses wrong) are useful.
|
(if Nmap guesses wrong) are useful.
|
||||||
|
|
||||||
o Scripts can now return a structured name-value table so that results
|
o Scripts can now return a structured name-value table so that results
|
||||||
are queryable from XML output. Scripts can return a string as
|
are query-able from XML output. Scripts can return a string as
|
||||||
before, or a table, or a table and a string. In this last case, the
|
before, or a table, or a table and a string. In this last case, the
|
||||||
table will go to XML output and the string will go to screen output.
|
table will go to XML output and the string will go to screen output.
|
||||||
See http://nmap.org/book/nse-api.html#nse-structured-output [Daniel
|
See http://nmap.org/book/nse-api.html#nse-structured-output [Daniel
|
||||||
@@ -57,7 +57,7 @@ o Many of the great features in this release were created by college
|
|||||||
http://seclists.org/nmap-dev/2012/q2/204 and their successes
|
http://seclists.org/nmap-dev/2012/q2/204 and their successes
|
||||||
documented at http://seclists.org/nmap-dev/2012/q4/138
|
documented at http://seclists.org/nmap-dev/2012/q4/138
|
||||||
|
|
||||||
o [NSE] Replaced old rpc grinder (rpc enumeration, performed as part
|
o [NSE] Replaced old RPC grinder (RPC enumeration, performed as part
|
||||||
of version detection when a port seems to run a SunRPC service) with
|
of version detection when a port seems to run a SunRPC service) with
|
||||||
a faster and easier to maintain NSE-based implementation. This also
|
a faster and easier to maintain NSE-based implementation. This also
|
||||||
allowed us to remove the crufty old pos_scan scan engine. [Hani
|
allowed us to remove the crufty old pos_scan scan engine. [Hani
|
||||||
@@ -81,19 +81,19 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
Apache JServ protocol. [Patrik Karlsson]
|
Apache JServ protocol. [Patrik Karlsson]
|
||||||
|
|
||||||
+ ajp-headers performs a HEAD or GET request against either the root
|
+ ajp-headers performs a HEAD or GET request against either the root
|
||||||
directory or any optional directory of an Apache JServe Protocol
|
directory or any optional directory of an Apache JServ Protocol
|
||||||
server and returns the server response headers. [Patrik Karlsson]
|
server and returns the server response headers. [Patrik Karlsson]
|
||||||
|
|
||||||
+ ajp-methods discovers which options are supported by the AJP
|
+ ajp-methods discovers which options are supported by the AJP
|
||||||
(Apache JServ Protocol) server by sending an OPTIONS request and
|
(Apache JServ Protocol) server by sending an OPTIONS request and
|
||||||
lists potentially risky methods. [Patrik Karlsson]
|
lists potentially risky methods. [Patrik Karlsson]
|
||||||
|
|
||||||
+ ajp-request requests a URI over the Apache JServe Protocol and
|
+ ajp-request requests a URI over the Apache JServ Protocol and
|
||||||
displays the result (or stores it in a file). Different AJP
|
displays the result (or stores it in a file). Different AJP
|
||||||
methods such as; GET, HEAD, TRACE, PUT or DELETE may be
|
methods such as; GET, HEAD, TRACE, PUT or DELETE may be
|
||||||
used. [Patrik Karlsson]
|
used. [Patrik Karlsson]
|
||||||
|
|
||||||
+ bjnp-discover retrievs printer or scanner information from a
|
+ bjnp-discover retrieves printer or scanner information from a
|
||||||
remote device supporting the BJNP protocol. The protocol is known
|
remote device supporting the BJNP protocol. The protocol is known
|
||||||
to be supported by network based Canon devices. [Patrik Karlsson]
|
to be supported by network based Canon devices. [Patrik Karlsson]
|
||||||
|
|
||||||
@@ -117,7 +117,7 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
Benhabiles]
|
Benhabiles]
|
||||||
|
|
||||||
+ broadcast-pim-discovery discovers routers that are running PIM
|
+ broadcast-pim-discovery discovers routers that are running PIM
|
||||||
(Protocol Independant Multicast). [Hani Benhabiles]
|
(Protocol Independent Multicast). [Hani Benhabiles]
|
||||||
|
|
||||||
+ broadcast-tellstick-discover discovers Telldus Technologies
|
+ broadcast-tellstick-discover discovers Telldus Technologies
|
||||||
TellStickNet devices on the LAN. The Telldus TellStick is used to
|
TellStickNet devices on the LAN. The Telldus TellStick is used to
|
||||||
@@ -164,7 +164,7 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
and pid of the application, if it is running, prior to requesting
|
and pid of the application, if it is running, prior to requesting
|
||||||
authentication. [Patrik Karlsson]
|
authentication. [Patrik Karlsson]
|
||||||
|
|
||||||
+ firewall-bypass detects a vulnerability in netfilter and other
|
+ firewall-bypass detects a vulnerability in Netfilter and other
|
||||||
firewalls that use helpers to dynamically open ports for protocols
|
firewalls that use helpers to dynamically open ports for protocols
|
||||||
such as ftp and sip. [Hani Benhabiles]
|
such as ftp and sip. [Hani Benhabiles]
|
||||||
|
|
||||||
@@ -223,9 +223,9 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
iPhone" enabled iOS devices by querying the MobileMe web service
|
iPhone" enabled iOS devices by querying the MobileMe web service
|
||||||
(authentication required). [Patrik Karlsson]
|
(authentication required). [Patrik Karlsson]
|
||||||
|
|
||||||
+ http-icloud-sendmsg sends a message to a iOS device throught the
|
+ http-icloud-sendmsg sends a message to a iOS device through the
|
||||||
Apple MobileMe web service. The device has to be registered with
|
Apple MobileMe web service. The device has to be registered with
|
||||||
an Apple ID using the Find My Iphone application. [Patrik
|
an Apple ID using the Find My iPhone application. [Patrik
|
||||||
Karlsson]
|
Karlsson]
|
||||||
|
|
||||||
+ http-phpself-xss crawls a web server and attempts to find PHP
|
+ http-phpself-xss crawls a web server and attempts to find PHP
|
||||||
@@ -251,7 +251,7 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
attack. [Aleksandar Nikolic]
|
attack. [Aleksandar Nikolic]
|
||||||
|
|
||||||
+ http-slowloris tests a web server for vulnerability to the
|
+ http-slowloris tests a web server for vulnerability to the
|
||||||
Slowloris DoS attack by launching a Slowlaris attack. [Aleksandar
|
Slowloris DoS attack by launching a Slowloris attack. [Aleksandar
|
||||||
Nikolic, Ange Gutek]
|
Nikolic, Ange Gutek]
|
||||||
|
|
||||||
+ http-tplink-dir-traversal exploits a directory traversal
|
+ http-tplink-dir-traversal exploits a directory traversal
|
||||||
@@ -266,7 +266,7 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
+ http-virustotal checks whether a file has been determined as
|
+ http-virustotal checks whether a file has been determined as
|
||||||
malware by virustotal. Virustotal is a service that provides the
|
malware by virustotal. Virustotal is a service that provides the
|
||||||
capability to scan a file or check a checksum against a number of
|
capability to scan a file or check a checksum against a number of
|
||||||
the major AntiVirus vendors. [Patrik Karlsson]
|
the major antivirus vendors. [Patrik Karlsson]
|
||||||
|
|
||||||
+ http-vlcstreamer-ls connects to a VLC Streamer helper service and
|
+ http-vlcstreamer-ls connects to a VLC Streamer helper service and
|
||||||
lists directory contents. The VLC Streamer helper service is used
|
lists directory contents. The VLC Streamer helper service is used
|
||||||
@@ -292,11 +292,11 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
request to a given target using the scanned host as default
|
request to a given target using the scanned host as default
|
||||||
gateway. [Patrik Karlsson]
|
gateway. [Patrik Karlsson]
|
||||||
|
|
||||||
+ ipv6-ra-flood generates a flood of Router Adverisments (RA) with
|
+ ipv6-ra-flood generates a flood of Router Advertisements (RA) with
|
||||||
random source MAC addresses and IPv6 prefixes. Computers, which
|
random source MAC addresses and IPv6 prefixes. Computers, which
|
||||||
have stateless autoconfiguration enabled by default (every major
|
have stateless autoconfiguration enabled by default (every major
|
||||||
OS), will start to compute IPv6 suffix and update their routing
|
OS), will start to compute IPv6 suffix and update their routing
|
||||||
table to reflect the accepted annoucement. This will cause 100%
|
table to reflect the accepted announcement. This will cause 100%
|
||||||
CPU usage on Windows and platforms, preventing to process other
|
CPU usage on Windows and platforms, preventing to process other
|
||||||
application requests. [Adam Stevko]
|
application requests. [Adam Stevko]
|
||||||
|
|
||||||
@@ -332,7 +332,7 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
port identified as ePO Agent port. [Didier Stevens and Daniel
|
port identified as ePO Agent port. [Didier Stevens and Daniel
|
||||||
Miller]
|
Miller]
|
||||||
|
|
||||||
+ metasploit-info gathers info from the Metasploit rpc service. It
|
+ metasploit-info gathers info from the Metasploit RPC service. It
|
||||||
requires a valid login pair. After authentication it tries to
|
requires a valid login pair. After authentication it tries to
|
||||||
determine Metasploit version and deduce the OS type. Then it
|
determine Metasploit version and deduce the OS type. Then it
|
||||||
creates a new console and executes few commands to get additional
|
creates a new console and executes few commands to get additional
|
||||||
@@ -357,7 +357,7 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
services and displays the gathered information. [Aleksandar
|
services and displays the gathered information. [Aleksandar
|
||||||
Nikolic]
|
Nikolic]
|
||||||
|
|
||||||
+ ms-sql-dac qeries the Microsoft SQL Browser service for the DAC
|
+ ms-sql-dac queries the Microsoft SQL Browser service for the DAC
|
||||||
(Dedicated Admin Connection) port of a given (or all) SQL Server
|
(Dedicated Admin Connection) port of a given (or all) SQL Server
|
||||||
instance. The DAC port is used to connect to the database instance
|
instance. The DAC port is used to connect to the database instance
|
||||||
when normal connection attempts fail, for example, when server is
|
when normal connection attempts fail, for example, when server is
|
||||||
@@ -380,7 +380,7 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
|
|||||||
hashes. [Paulino Calderon]
|
hashes. [Paulino Calderon]
|
||||||
|
|
||||||
+ oracle-brute-stealth exploits the CVE-2012-3137 vulnerability, a
|
+ oracle-brute-stealth exploits the CVE-2012-3137 vulnerability, a
|
||||||
weaknes in Oracle's O5LOGIN authentication scheme. The
|
weakness in Oracle's O5LOGIN authentication scheme. The
|
||||||
vulnerability exists in Oracle 11g R1/R2 and allows linking the
|
vulnerability exists in Oracle 11g R1/R2 and allows linking the
|
||||||
session key to a password hash. [Dhiru Kholia]
|
session key to a password hash. [Dhiru Kholia]
|
||||||
|
|
||||||
@@ -460,7 +460,7 @@ o Scans that use OS sockets (including TCP connect scan, version
|
|||||||
Linux, so that the -e option is honored. [David Fifield]
|
Linux, so that the -e option is honored. [David Fifield]
|
||||||
|
|
||||||
o [Zenmap] Host filters can now do negative matching, for example you
|
o [Zenmap] Host filters can now do negative matching, for example you
|
||||||
could use "os:!linux" to match hosts NOT detectes as Linux. [Daniel
|
could use "os:!linux" to match hosts NOT detected as Linux. [Daniel
|
||||||
Miller]
|
Miller]
|
||||||
|
|
||||||
o Fixed a bug that caused an incorrect source address to be set when
|
o Fixed a bug that caused an incorrect source address to be set when
|
||||||
@@ -599,10 +599,10 @@ o [NSE] Updated mssql.lua library to support additional data types,
|
|||||||
response token, and reordered code for maintainability. [Tom
|
response token, and reordered code for maintainability. [Tom
|
||||||
Sellers]
|
Sellers]
|
||||||
|
|
||||||
o [NPING] Nping now prints out an error and exists when the user tries to use
|
o [Nping] Nping now prints out an error and exists when the user tries to use
|
||||||
the -p flag for a scan option where that is meaningless. [Sean Rivera]
|
the -p flag for a scan option where that is meaningless. [Sean Rivera]
|
||||||
|
|
||||||
o [NSE] Added spoolss functions and constrants to msrpc.lua. [Aleksandar Nikolic]
|
o [NSE] Added spoolss functions and constants to msrpc.lua. [Aleksandar Nikolic]
|
||||||
|
|
||||||
o [NSE] Reduced the number of names tried by http-vhosts by default.
|
o [NSE] Reduced the number of names tried by http-vhosts by default.
|
||||||
[Vlatko Kosturjak]
|
[Vlatko Kosturjak]
|
||||||
@@ -651,7 +651,7 @@ o [NSE] Calling methods of unconnected sockets now causes the usual
|
|||||||
error code return value, instead of raising a Lua error. The problem
|
error code return value, instead of raising a Lua error. The problem
|
||||||
was noticed by Daniel Miller. [David Fifield]
|
was noticed by Daniel Miller. [David Fifield]
|
||||||
|
|
||||||
o [NSE] Added AUTH_UNIX support to the rpc library and nfs scripts.
|
o [NSE] Added AUTH_UNIX support to the rpc library and NFS scripts.
|
||||||
[Daniel Miller]
|
[Daniel Miller]
|
||||||
|
|
||||||
o [Zenmap] Fixed a crash in the profile editor that would happen when
|
o [Zenmap] Fixed a crash in the profile editor that would happen when
|
||||||
@@ -13311,4 +13311,3 @@ o Documentation updated and clarified slightly.
|
|||||||
|
|
||||||
o Added this CHANGELOG file to the distribution.
|
o Added this CHANGELOG file to the distribution.
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user