diff --git a/CHANGELOG b/CHANGELOG index 88fe88262..64bac19ff 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -160,7 +160,7 @@ o Enhance Nmap's tcpwrapped service detection by using a shorter timeout for o All nmap.org pages are now available SSL-secured to improve privacy and ensure your binaries can't be tampered with in transit. So be - sure to download from https://nmap.org/download.html. We will soon + sure to download from https://nmap.org/download.html . We will soon remove the non-SSL version of the site. We still offer GPG-signed binaries as well: https://nmap.org/book/install.html#inst-integrity @@ -759,7 +759,7 @@ o [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 446. o Updated the Nmap license agreement to close some loopholes and stop some abusers. It's particularly targeted at companies which distribute malware-laden Nmap installers as we caught Download.com doing last - year--http://insecure.org/news/download-com-fiasco.html. The updated + year--http://insecure.org/news/download-com-fiasco.html . The updated license is in the all the normal places, including https://svn.nmap.org/nmap/COPYING. @@ -1543,7 +1543,7 @@ o Linux unreachable routes are now properly ignored. [David Fifield] o Added Dan Miller as an Nmap committer. He has done a ton of great work on Nmap, as you can see by searching for him in this CHANGELOG or reading the Nmap committers list at - https://svn.nmap.org/nmap/docs/committers.txt. + https://svn.nmap.org/nmap/docs/committers.txt . o Added a new --disable-arp-ping option. This option prevents Nmap from implicitly using ARP or ND host discovery for discovering @@ -2673,7 +2673,7 @@ o [NSE] Added 3 scripts, bringing the total to 246! You can learn o Improved AIX support for raw scans. This includes some patches originally written by Peter O'Gorman and Florian Schmid. It also involved various build fixes found necessary on AIX 6.1 and 7.1. See - http://nmap.org/book/inst-other-platforms.html. [David] + http://nmap.org/book/inst-other-platforms.html . [David] o Fixed Nmap so that it again compiles and runs on Solaris 10, including IPv6 support. [David] @@ -2682,7 +2682,7 @@ o [NSE] Moved our brute force authentication cracking scripts (*-brute) from the "auth" category into a new "brute" category. Nmap's brute force capabilities have grown tremendously! You can see all 32 of them at - http://nmap.org/nsedoc/categories/brute.html. It isn't clear + http://nmap.org/nsedoc/categories/brute.html . It isn't clear whether dns-brute should be in the brute category, so for now it isn't. [Fyodor] @@ -3268,7 +3268,7 @@ o Nmap now determines the filesystem location it is being run from and (such as nmap-services). This reduces the likelihood of needing to specify --datadir or getting data files from a different version of Nmap installed on the system. For full details, see - http://nmap.org/book/data-files-replacing-data-files.html. Thanks + http://nmap.org/book/data-files-replacing-data-files.html . Thanks to Solar Designer for implementation advice. [David] o Created a page on our SecWiki for collecting Nmap script ideas! If @@ -3528,7 +3528,7 @@ o [Nping] Added echo mode, a novel technique for discovering how your try it out against our public Nping echo server using this command: nping --echo-client "public" echo.nmap.org' Or learn more about echo mode at - http://nmap.org/book/nping-man-echo-mode.html. [Luis] + http://nmap.org/book/nping-man-echo-mode.html . [Luis] o [NSE] Added an amazing 46 scripts, bringing the total to 177! You can learn more about any of them at http://nmap.org/nsedoc/. Here @@ -3596,7 +3596,7 @@ o [NSE] Added an amazing 46 scripts, bringing the total to 177! You hostmap: Tries to find hostnames that resolve to the target's IP address by querying the online database at - http://www.bfk.de/bfk_dnslogger.html. [Ange Gutek] + http://www.bfk.de/bfk_dnslogger.html . [Ange Gutek] http-brute: Performs brute force password auditing against http basic authentication. [Patrik Karlsson] @@ -3787,7 +3787,7 @@ o Dramatically improved nmap.xsl (used for converting Nmap XML output default if Javascript is enabled). Many smaller improvements were made as well. You can find the new file at http://nmap.org/svn/docs/nmap.xsl, and here is an example - scan processed through it: http://nmap.org/tmp/newxsl.html. [Tom] + scan processed through it: http://nmap.org/tmp/newxsl.html . [Tom] o [NSE] Created a new "broadcast" script category for the broadcast-* scripts. These perform network discovery by broadcasting on the @@ -3862,11 +3862,11 @@ o [NSE] Added the ability to send and receive on unconnected sockets. unconnected UDP sockets. [David, Patrik] o [Nping] Substantially improved the Nping man page. You can read it - online at http://nmap.org/book/nping-man.html. [Luis, David] + online at http://nmap.org/book/nping-man.html . [Luis, David] o Documented the licenses of the third-party software used by Nmap and its sibling tools: - http://nmap.org/svn/docs/3rd-party-licenses.txt. [David] + http://nmap.org/svn/docs/3rd-party-licenses.txt . [David] o [NSE] Improved the SMB scripts so that they can run in parallel rather than using a mutex to force serialization. This quadrupled @@ -4554,16 +4554,16 @@ o [NSE] Added the new dns-service-discovery script which uses DNS-SD technologies known by names such as Bonjour, Rendezvous, and Zeroconf. This one script can provide as much information as a full port scan in some cases. See - http://nmap.org/nsedoc/scripts/dns-service-discovery.html. [Patrik + http://nmap.org/nsedoc/scripts/dns-service-discovery.html . [Patrik Karlsson] o [NSE] New script afp-brute for brute force authentication attempts against the Apple AFP filesharing protocol. See - http://nmap.org/nsedoc/scripts/afp-brute.html. [Patrik] + http://nmap.org/nsedoc/scripts/afp-brute.html . [Patrik] o [NSE] Added a new script afp-showmount which displays Apple AFP shares and their permissions. See - http://nmap.org/nsedoc/scripts/afp-showmount.html. [Patrik] + http://nmap.org/nsedoc/scripts/afp-showmount.html . [Patrik] o [NSE] Added the qscan script to repeatedly probe ports on a host to gather round-trip times for each port. The script then uses these @@ -4571,13 +4571,13 @@ o [NSE] Added the qscan script to repeatedly probe ports on a host to trip times. Ports in different groups could be the result of things such as port forwarding to hosts behind a NAT. It is based on work by Doug Hoyte. This script also utilizes the new NSE raw IP sending - functionality. See http://nmap.org/nsedoc/scripts/qscan.html. [Kris] + functionality. See http://nmap.org/nsedoc/scripts/qscan.html . [Kris] o [NSE] Added a new script, db2-das-info.nse, that connects to the IBM DB2 Administration Server (DAS) exports the server profile. No authentication is required for this request. The script will also set the port product and version if a version scan is requested. See - http://nmap.org/nsedoc/scripts/db2-das-info.html. [Patrik Karlsson, + http://nmap.org/nsedoc/scripts/db2-das-info.html . [Patrik Karlsson, Tom Sellers] o [NSE] Added a new library for ASN.1 parsing and adapted the SNMP @@ -4599,12 +4599,12 @@ o [NSE] Added a new library for ASN.1 parsing and adapted the SNMP o [NSE] Added the snmp-interfaces script by Thomas Buchanan, which enumerates network interfaces over SNMP. See - http://nmap.org/nsedoc/scripts/snmp-interfaces.html. + http://nmap.org/nsedoc/scripts/snmp-interfaces.html . o [NSE] Added http-vmware-path-vuln.nse, which checks for a critical and easy to exploit path-traversal vulnerability in VMWare (CVE-2009-3733). See - http://nmap.org/nsedoc/scripts/http-vmware-path-vuln.html. [Ron] + http://nmap.org/nsedoc/scripts/http-vmware-path-vuln.html . [Ron] o [NSE] Added a new library for LDAP and three new scripts by Patrik: - ldap-brute uses the unpwdb library to guess credentials for LDAP @@ -4617,7 +4617,7 @@ o [NSE] Added a new library for LDAP and three new scripts by Patrik: o [NSE] Added a new library for PostgreSQL and the script pgsql-brute that uses it to guess credentials. See - http://nmap.org/nsedoc/scripts/pgsql-brute.html. [Patrik] + http://nmap.org/nsedoc/scripts/pgsql-brute.html . [Patrik] o [NSE] Added 5 new MySQL NSE scripts and a MySQL library by Patrik Karlsson: - mysql-brute uses the unpwdb library to guess credentials for MySQL @@ -4661,11 +4661,11 @@ o [NSE] Added the ipidseq script to classify a host's IP ID sequence suitability for Nmap's Idle Scan (-sI), i.e. check if a host is an idle zombie. This is the first script to use the new raw IP sending functionality in NSE. See - http://nmap.org/nsedoc/scripts/ipidseq.html. [Kris] + http://nmap.org/nsedoc/scripts/ipidseq.html . [Kris] o [NSE] Added the ssl-enum-ciphers script by Mak Kolybabi. It lists the ciphers and compressors supported by SSL/TLS servers. See - http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html. + http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html . o [NSE] Added two new scripts for the MongoDB database from Martin Holst Swende. mongodb-info @@ -4684,20 +4684,20 @@ o [NSE] Added the scripts couchdb-databases and couchdb-stats, which o [NSE] Added the new lexmark-config script that lists product information and configuration for Lexmark printers. See - http://nmap.org/nsedoc/scripts/lexmark-config.html. [Patrik + http://nmap.org/nsedoc/scripts/lexmark-config.html . [Patrik Karlsson] o [NSE] Added the new daap-get-library script which uses the Digital Audio Access Protocol to enumerate the contents of a library. The contents contain the name of the artist, album and song. See - http://nmap.org/nsedoc/scripts/daap-get-library.html. [Patrik] + http://nmap.org/nsedoc/scripts/daap-get-library.html . [Patrik] o [NSE] Added jdwp-version.nse, a script by Michael Schierl that finds the version of a Java Debug Wire Protocol server. This is a dangerous service to find running as it does not provide any security against malicious attackers who can inject their own bytecode into the debugged process. See - http://nmap.org/nsedoc/scripts/jdwp-version.html. + http://nmap.org/nsedoc/scripts/jdwp-version.html . o [NSE] Added the smtp-enum-users script from Duarte Silva, which attempts to find user account names over SMTP by brute force testing @@ -4711,7 +4711,7 @@ o [NSE] The unpwdb library now has a default time limit on the unpwdb.passlimit Limit on number of passwords. unpwdb.timelimit Time limit in seconds. Pass 0 for any of these limits to disable it. For more details, see - http://nmap.org/nsedoc/lib/unpwdb.html. [David] + http://nmap.org/nsedoc/lib/unpwdb.html . [David] o When --open is used, Nmap no longer prints output for hosts which don't have any open ports. All output formats are treated the same @@ -4723,7 +4723,7 @@ o [NSE] Added the script http-methods from Bernd Stroessenreuther. supported by the server, highlights potentially risky methods, and optionally tests each method to see if they are restricted by IP address or something similar. See - http://nmap.org/nsedoc/scripts/http-methods.html. + http://nmap.org/nsedoc/scripts/http-methods.html . o The -v and -d options are now handled in the same way. These three forms are equivalent: @@ -5069,7 +5069,7 @@ o Dramatically improved the version detection database, integrating o [NSE] Added a new script, oracle-sid-brute, which queries the Oracle TNS-listener for default instance/sid names. The SID enumeration list was prepared by Red Database security. See - http://nmap.org/nsedoc/scripts/oracle-sid-brute.html. [Patrik + http://nmap.org/nsedoc/scripts/oracle-sid-brute.html . [Patrik Karlsson] o [Ncat] The --ssl, --output, and --hex-dump options now work with @@ -5177,30 +5177,30 @@ o Added 7 new NSE scripts for a grand total of 79! You can learn about them all at http://nmap.org/nsedoc/. Here are the new ones: * nfs-showmount displays NFS exports like "showmount -e" does. See - http://nmap.org/nsedoc/scripts/nfs-showmount.html. [Patrik + http://nmap.org/nsedoc/scripts/nfs-showmount.html . [Patrik Karlsson] * ntp-info prints the time and configuration variables provided by an NTP service. It may get such interesting information as the operating system, server build date, and upstream time server IP address. See - http://nmap.org/nsedoc/scripts/ntp-info.html. [Richard Sammet] + http://nmap.org/nsedoc/scripts/ntp-info.html . [Richard Sammet] * citrix-brute-xml uses the unpwdb library to guess credentials for the Citrix PN Web Agent Service. See - http://nmap.org/nsedoc/scripts/citrix-brute-xml.html. [Patrik Karlsson] + http://nmap.org/nsedoc/scripts/citrix-brute-xml.html . [Patrik Karlsson] * citrix-enum-apps and citrix-enum-apps-xml print a list of published applications from the Citrix ICA Browser or XML service, respectively. See http://nmap.org/nsedoc/scripts/citrix-enum-apps.html and - http://nmap.org/nsedoc/scripts/citrix-enum-apps-xml.html. [Patrik Karlsson] + http://nmap.org/nsedoc/scripts/citrix-enum-apps-xml.html . [Patrik Karlsson] * citrix-enum-servers and citrix-enum-servers-xml.nse print a list of Citrix servers from the Citrix ICA Browser or XML service, respectively. See http://nmap.org/nsedoc/scripts/citrix-enum-servers.html and - http://nmap.org/nsedoc/scripts/citrix-enum-servers-xml.html. [Patrik + http://nmap.org/nsedoc/scripts/citrix-enum-servers-xml.html . [Patrik Karlsson] o We performed a memory consumption audit and made changes to @@ -5315,20 +5315,20 @@ o Added 14 new NSE scripts for a grand total of 72! You can learn Optionally, multiple probes can be sent and the MAC address can be randomized in an attempt to exhaust the DHCP server's address pool and potentially create a denial of service condition. See - http://nmap.org/nsedoc/scripts/dhcp-discover.html. [Ron] + http://nmap.org/nsedoc/scripts/dhcp-discover.html . [Ron] o http-enum enumerates URLs used by popular web applications and servers and reports which ones exist on a target web server. See - http://nmap.org/nsedoc/scripts/http-enum.html. [Ron, Andrew Orr, + http://nmap.org/nsedoc/scripts/http-enum.html . [Ron, Andrew Orr, Rob Nicholls] o ssl-cert retrieves and prints a target server's SSL certificate. See - http://nmap.org/nsedoc/scripts/ssl-cert.html. [David] + http://nmap.org/nsedoc/scripts/ssl-cert.html . [David] o x11-access checks whether access to an X11 server is allowed (as with "xhost +" for example). See - http://nmap.org/nsedoc/scripts/x11-access.html. [jlanthea] + http://nmap.org/nsedoc/scripts/x11-access.html . [jlanthea] o db2-info enhances DB2 database instance detection. It provides detection when version probes fail, but will default to the @@ -5336,40 +5336,40 @@ o Added 14 new NSE scripts for a grand total of 72! You can learn detects the server platform and database instance name. The DB2 version detection port ranges were broadened to 50000-50025 and 60000-60025 as well. See - http://nmap.org/nsedoc/scripts/db2-info.html. [Tom] + http://nmap.org/nsedoc/scripts/db2-info.html . [Tom] o smbv2-enabled checks if the smbv2 protocol is enabled on target servers. SMBv2 has already suffered from at least one major security vulnerability. See - http://nmap.org/nsedoc/scripts/smbv2-enabled.html. [Ron] + http://nmap.org/nsedoc/scripts/smbv2-enabled.html . [Ron] o http-favicon obtains the favicon file (/favicon.ico or whatever is specified by the HTML link tag) and tries to identify its source (such as a certain web application) using a database lookup. See - http://nmap.org/nsedoc/scripts/http-favicon.html. [Vladz] + http://nmap.org/nsedoc/scripts/http-favicon.html . [Vladz] o http-date obtains the Date: header field value from an HTTP server then displays it along with how much it differs from local - time. See http://nmap.org/nsedoc/scripts/http-date.html. [David] + time. See http://nmap.org/nsedoc/scripts/http-date.html . [David] o http-userdir-enum attempts to enumerate users on a system by trying URLs with common usernames in the Apache mod_userdir format (e.g. http://target-server.com/~john). See - http://nmap.org/nsedoc/scripts/http-userdir-enum.html. [Jah] + http://nmap.org/nsedoc/scripts/http-userdir-enum.html . [Jah] o pjl-ready-message allows viewing and setting the status message on printers which support the Printer Job Language (many HP printers - do). See http://nmap.org/nsedoc/scripts/pjl-ready-message.html. + do). See http://nmap.org/nsedoc/scripts/pjl-ready-message.html . [Aaron Leininger] o http-headers performs a GET request for the root folder ("/") of a web server and displays the HTTP headers returned. See - http://nmap.org/nsedoc/scripts/http-headers.html. [Ron] + http://nmap.org/nsedoc/scripts/http-headers.html . [Ron] o http-malware-host is designed to discover hosts that are serving malware (perhaps because they were compromised), but so far it only checks for one specific attack. See - http://nmap.org/nsedoc/scripts/http-malware-host.html. [Ron] + http://nmap.org/nsedoc/scripts/http-malware-host.html . [Ron] o smb-enum-groups displays a list of groups on the remote system along with their membership (like enum.exe -G). See @@ -5394,7 +5394,7 @@ o [Zenmap] After performing or loading a scan, you can now filter This makes it easy to select just Linux hosts, or those running a certain version of Apache, or whatever interests you. You can easily modify the filter or remove it to see the whole scan again. See - http://nmap.org/book/zenmap-filter.html. [Josh Marlow] + http://nmap.org/book/zenmap-filter.html . [Josh Marlow] o For some UDP ports, Nmap will now send a protocol-specific payload that is more likely to get a response than an empty packet is. This @@ -5551,7 +5551,7 @@ o [Ncat] Ncat now prints a message like "Connection refused." by o Zenmap no longer displays down hosts in the GUI. [Josh] o The Ndiff man page was dramatically improved with examples and - sample output. See http://nmap.org/ndiff/man.html. + sample output. See http://nmap.org/ndiff/man.html . [David] o [NSE] At debug level 2 or higher (-d2), Nmap now prints all active @@ -5725,7 +5725,7 @@ o Added a check for a SMBv2 vulnerability (CVE-2009-3103) to smb-check-vulns. Due to its nature (it performs a DoS, then checks if the system is still online), the script isn't run by default and requires a special script-arg to work. See - http://nmap.org/nsedoc/scripts/smb-check-vulns.html. [Ron] + http://nmap.org/nsedoc/scripts/smb-check-vulns.html . [Ron] o Fixed an integer overflow in uptime calculation which could occur when a target with a low TCP timestamp clock frequency uses large @@ -5763,7 +5763,7 @@ o There is a new OS detection pseudo-test, SCAN.DC, which records how and DS=1%DC=D (a true one-hop connection.) [David] o Canonicalized the list of OS detection device types to a smaller set - with descriptions: http://nmap.org/svn/docs/device-types.txt. + with descriptions: http://nmap.org/svn/docs/device-types.txt . [David, Fyodor, Doug] o [Ncat] The --idle-timeout option now exits when *both* stdin and the @@ -5849,7 +5849,7 @@ o Zenmap's UI performance has improved significantly thanks to up the new host filter system. [Josh] o Add a service probe for DNS-based service discovery (DNS-SD). See - http://seclists.org/nmap-dev/2009/q3/0610.html. [David] + http://seclists.org/nmap-dev/2009/q3/0610.html . [David] o Made RPC grinding work from service detection again by changing the looked-for service name from "rpc" to "rpcbind", the name it has in @@ -5878,7 +5878,7 @@ o Ncat proxy now hides the proxy's response ("HTTP/1.0 200 OK" or o [NSE] socket garbage collection was rewritten for better performance and to ensure that socket slots are immediately available to others after a socket is closed. See - http://seclists.org/nmap-dev/2009/q2/0624.html. [Patrick] + http://seclists.org/nmap-dev/2009/q2/0624.html . [Patrick] o [NSE] Fixed a rare but possible segfault which could occur if the nsock binding attempted to push values on the stack of a thread @@ -5910,7 +5910,7 @@ o [Nsock] Added a socket_count abstraction that counts the number of Ncat with SSL in connect mode, such that a client send would cause Ncat to use 100% CPU until it received something from the server. See the thread at - http://seclists.org/nmap-dev/2009/q2/0413.html. This change will + http://seclists.org/nmap-dev/2009/q2/0413.html . This change will also make it easier to use a different back end than select in the future. [David] @@ -5966,7 +5966,7 @@ Nmap 4.90RC1 [2009-06-25] o [Zenmap] Fixed a display hanging problem on Mac OS X reported by Christopher Caldwell at - http://seclists.org/nmap-dev/2009/q2/0721.html. This was done by + http://seclists.org/nmap-dev/2009/q2/0721.html . This was done by adding gtk2 back to macports-1.8.0-universal.diff and removing the dependency on shared-mime-info so it doesn't expect /usr/share/mime files at runtime. Also included GDK pixbuf loaders statically rather @@ -6010,7 +6010,7 @@ o Added SCTP port scanning support to Nmap. SCTP is a layer 4 protocol o 42 well-known SCTP ports were added to the nmap-services file. o The server scanme.csnc.ch has been set up for your SCTP scan testing pleasure. But note that SCTP doesn't pass through most - NAT devices. See http://seclists.org/nmap-dev/2009/q2/0669.html. + NAT devices. See http://seclists.org/nmap-dev/2009/q2/0669.html . Part of the work on SCTP support was kindly sponsored by Compass Security AG, Switzerland. [Daniel Roethlisberger] @@ -6022,9 +6022,9 @@ o [NSE] Added http-iis-webdav-vuln.nse, which detects the recently o The Nmap Reference Guide has been translated to German by Open Source Press and Indonesian by Tedi Heriyanto. You can now read it - in 16 languages at http://nmap.org/docs.html. We're always looking + in 16 languages at http://nmap.org/docs.html . We're always looking for more translations of Nmap and its documentation--if you'd like - to help, see http://seclists.org/nmap-dev/2009/q2/0667.html. + to help, see http://seclists.org/nmap-dev/2009/q2/0667.html . o Open Source Press completed and released the German translation of the official Nmap book (Nmap Network Scanning). Learn more at @@ -6032,7 +6032,7 @@ o Open Source Press completed and released the German translation of o [NSE] Added socks-open-proxy.nse for scanning networks for open SOCKS proxy servers. See - http://nmap.org/nsedoc/scripts/socks-open-proxy.html. [Joao Correa] + http://nmap.org/nsedoc/scripts/socks-open-proxy.html . [Joao Correa] o [NSE] http-open-proxy.nse has been updated to attempt HEAD and CONNECT methods as well as previously supported GET method. It @@ -6081,12 +6081,12 @@ o Changed the default UDP ping (-PU) port from 31338 to 40125. This o [NSE] Added the imap-capabilities script, which uses the CAPABILITY command to determine the capabilities of a target IMAP mail server. A simple supporting IMAP library was added as well. See - http://nmap.org/nsedoc/scripts/imap-capabilities.html. [Brandon] + http://nmap.org/nsedoc/scripts/imap-capabilities.html . [Brandon] o [NSE] Brandon Enright from UCSD reports that, thanks to all the NSE fixes in this release, he no longer sees any Nmap crashes in his large scale scans. See - http://seclists.org/nmap-dev/2009/q2/0639.html. + http://seclists.org/nmap-dev/2009/q2/0639.html . o Zenmap now works on RHEL/CentOS since it no longer requires the hashlib library (which was introduced in Python 2.5, but RHEL 5 @@ -6144,7 +6144,7 @@ o [Zenmap] Added the -PS22,25,80 option found in the Quick Traceroute o Fixed a bug with the --defeat-rst-ratelimit option which prevented it from working properly. See this thread: - http://seclists.org/nmap-dev/2009/q2/0476.html. [Josh] + http://seclists.org/nmap-dev/2009/q2/0476.html . [Josh] o [Ndiff] Avoid printing a "Not shown:" line if there weren't any ports in the non-shown (extraports) list. [David] @@ -6167,12 +6167,12 @@ o [NSE] Fixed the parsing of --script-args, which was only accepting characters within the quotation marks. You may also use the quote delimiter inside the sequence so long as it is escaped by a backslash. See - http://seclists.org/nmap-dev/2009/q2/0211.html. [Patrick] + http://seclists.org/nmap-dev/2009/q2/0211.html . [Patrick] o [NSE] When a script ends for any reason, all of its mutexes are now unlocked. This prevents a permanent (and painful to debug) deadlock when a script crashes without unlocking a mutex. See - http://seclists.org/nmap-dev/2009/q2/0533.html. [Patrick] + http://seclists.org/nmap-dev/2009/q2/0533.html . [Patrick] o Fixed a bug wherein nmap would not display the post-scan count of raw packets sent during a SYN ping scan (-sP -PS). [Josh Marlow] @@ -6195,7 +6195,7 @@ o [Ncat] The Nmap Windows uninstaller now removes the Ncat CA list o Optimized some Nmap version detection match lines for slightly better performance. See - http://seclists.org/nmap-dev/2009/q2/0328.html. [Brandon] + http://seclists.org/nmap-dev/2009/q2/0328.html . [Brandon] o [NSE] Upon connection failure, a socket now immediately unlocks its "socket lock" to allow other pending socket connections to succeed @@ -6223,7 +6223,7 @@ o Fixed a bug where an ICMP echo, timestamp, or address mask reply o Improved the host expression parser to better handle a few cases where invalid target specifiers would case Nmap to scan unintended - hosts. See http://seclists.org/nmap-dev/2009/q2/0319.html. [Jah] + hosts. See http://seclists.org/nmap-dev/2009/q2/0319.html . [Jah] o [Zenmap] Fixed a crash, introduced in 4.85BETA4, that happened when searching scan results by date. [David] @@ -6315,7 +6315,7 @@ o Integrated all of your 1,156 of your OS detection submissions and fingerprints! That is more than we ever had with the first system. The 243 new fingerprints include Microsoft Windows 7 beta, Linux 2.6.28, and much more. See - http://seclists.org/nmap-dev/2009/q2/0335.html. [David] + http://seclists.org/nmap-dev/2009/q2/0335.html . [David] o [Ncat] A whole lot of work was done by David to improve SSL security and functionality: @@ -6499,7 +6499,7 @@ o New Conficker versions eliminate the loophole we were using to o [NSE] The Nmap Script Engine core (C++) was rewritten in Lua for code simplicity and extensibility. See http://seclists.org/nmap-dev/2009/q2/0090.html and - http://seclists.org/nmap-dev/2009/q1/0047.html. [Patrick] + http://seclists.org/nmap-dev/2009/q1/0047.html . [Patrick] o [Zenmap] The "Cancel" button has been restored to the main screen. It will cancel the scan that is currently being displayed. [David] @@ -6594,7 +6594,7 @@ o The NSEDoc portal at http://nmap.org/nsedoc/ now provides download links from the script and module pages to browse or download recent versions of the code. It isn't quite as up-to-date as obtaining them from svn directly, but may be more convenient. For an example, see - http://nmap.org/nsedoc/scripts/smb-check-vulns.html. [David, Fyodor] + http://nmap.org/nsedoc/scripts/smb-check-vulns.html . [David, Fyodor] o A copy of the Nmap public svn repository (/nmap, plus its zenmap, nsock, nbase, and ncat externals) is now available at @@ -6832,7 +6832,7 @@ o You can now use '-' by itself in a target IP specification to mean o Nmap was discovered in another movie! In the Russian film Khottabych, teenage hacker Gena uses Nmap (and telnet) to hack Microsoft. In response, MS sends a pretty female hacker to flush - him out. More details and screenshots: http://nmap.org/movies.html. + him out. More details and screenshots: http://nmap.org/movies.html . o Improved operating system support for the smb-enum-sessions NSE script; previous revisions worked on Windows 2003 or Windows 2000, @@ -6894,7 +6894,7 @@ o Implemented extended security negotiations in the NSE SMB o Nmap wins LinuxQuestions.Org Network Security Application of the Year for the sixth year in a row! See - http://seclists.org/nmap-dev/2009/q1/0395.html. + http://seclists.org/nmap-dev/2009/q1/0395.html . o [Zenmap] Removed some unnecessary (mostly GTK+-related) files from the Windows installer--nmap-4.85BETA4-setup.exe is now smaller than @@ -6971,7 +6971,7 @@ o [Zenmap] Fix auto-scroll behavior while Nmap is producing output, as o [Zenmap] The network topology feature (Radialnet) has been internationalized so its strings will be localized as well (as soon as the relevant language's translation files are updated. To help - out, see http://nmap.org/book/zenmap-lang.html. Some remaining search + out, see http://nmap.org/book/zenmap-lang.html . Some remaining search interface elements were internationalized as well. [David] o Improved the efficiency of the xml_convert() routine which handles @@ -7000,7 +7000,7 @@ o Removed a bunch of unnecessary files (mostly GTK related) from the o Fixed an NSE crash (assertion error) which looked like "nsock_core.c:293: handle_connect_result: Assertion `0' failed". Brandon reported the bug, which was fixed by Doug and - David. See http://seclists.org/nmap-dev/2009/q1/0546.html. + David. See http://seclists.org/nmap-dev/2009/q1/0546.html . Nmap 4.85BETA3 [2009-2-2] @@ -7045,7 +7045,7 @@ o Updated IANA assignment IP list for random IP (-iR) Nmap 4.85BETA2 [2009-1-29] o Added some duplicate GTK DLLs to Windows installer, as a temporary - fix for this issue: http://seclists.org/nmap-dev/2009/q1/0207.html. + fix for this issue: http://seclists.org/nmap-dev/2009/q1/0207.html The problem caused a warning message complaining of problems finding librsvg-2-2.dll to pop up 32 times before Zenmap would start. We're still looking for a better fix. [Fyodor, Rob, Jah] @@ -7100,7 +7100,7 @@ o Released Nmap Network Scanning: The Official Nmap Project Guide to o David spent more than a month working on algorithms to improve port scan performance while retaining or improving accuracy. The changes - are described at http://seclists.org/nmap-dev/2009/q1/0054.html. He + are described at http://seclists.org/nmap-dev/2009/q1/0054.html . He was able to reduce our "benchmark scan time" (which involves many different scan types from many source networks to many targets) from 1879 seconds to 1321 without harming accuracy. That is a 30% time @@ -7110,7 +7110,7 @@ o Introduced the NSE documentation portal, which documents every NSE script and library included with Nmap. See http://nmap.org/nsedoc/. Script documentation was improved substantially in the process. Scripts and libraries must use the new NSEDoc format, which is - described at http://nmap.org/book/nsedoc.html. Thanks to Patrick + described at http://nmap.org/book/nsedoc.html . Thanks to Patrick and David for their great work on this. o The 2nd Generation OS Detection System was dramatically improved for @@ -7178,7 +7178,7 @@ o Zenmap now runs ndiff to for its "Compare Results" function. This o Added a Russian translation of the Nmap Reference Guide by Guz Alexander. We now have translations in 15 languages available from - http://nmap.org/docs.html. More volunteer translators are welcome, + http://nmap.org/docs.html . More volunteer translators are welcome, as we are still missing some important languages. Translation instructions are available from that docs.html page. @@ -7216,7 +7216,7 @@ o [Zenmap] Internationalization has been fixed [David]. Currently o Brazilian Portuguese by Adriano Monteiro Marques (partial) For details on using an existing translation or localizing Zenmap into your own native language, see - http://nmap.org/book/zenmap-lang.html. [David] + http://nmap.org/book/zenmap-lang.html . [David] o Zenmap no longer outputs XML elements and attributes that are not in the Nmap XML DTD. This was done mostly by removing things from @@ -7281,7 +7281,7 @@ o [NSE] We now have a canonical way for scripts to check for dependency libraries such as OpenSSL. This allows them to handle the issue gracefully (by exiting or doing some of their work if possible) rather than flooding the console with error messages as - before. See http://nmap.org/nsedoc/modules/openssl.html. [Pattrick, + before. See http://nmap.org/nsedoc/modules/openssl.html . [Pattrick, David, Fyodor] o Nmap now reports a proper error message when you combine an IPv6 @@ -7290,7 +7290,7 @@ o Nmap now reports a proper error message when you combine an IPv6 o Nmap now builds with the _FORTIFY_SOURCE=2 define. With modern versions of GCC, this adds extra buffer overflow protection and other security checks. It is described at - http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html. [David, + http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html . [David, Doug] o The --excludefile option correctly handles files with no terminating @@ -7446,7 +7446,7 @@ o Enhanced the ssh service detection signatures to properly o Nsock now uses fselect() to work around problems with select() not working properly on non-socket descriptors on Windows. This was needed for Ncat to work properly on that platform. See - http://seclists.org/nmap-dev/2008/q3/0766.html. [Kris] + http://seclists.org/nmap-dev/2008/q3/0766.html . [Kris] o Removed trailing null bytes from Ncat's responses in HTTP proxy mode. [David] @@ -7639,7 +7639,7 @@ o [Zenmap] Added a new Scan Topology system. The idea is that if we into Zenmap. Joao Medeiros has been developing RadialNet for more than a year. For details, complete with some of the most beautiful Zenmap screen shots ever, visit - http://nmap.org/book/zenmap-topology.html. The integration work was + http://nmap.org/book/zenmap-topology.html . The integration work was done by SoC student Vladimir Mitrovic and his mentor David Fifield. o [Zenmap] Another exciting new Zenmap feature is Scan Aggregation. @@ -7861,7 +7861,7 @@ o Completion time estimates provided in verbose mode or when you hit a o Fixed a number of NSE scripts which used print_debug() incorrectly. See - http://seclists.org/nmap-dev/2008/q3/0470.html. [Sven Klemm] + http://seclists.org/nmap-dev/2008/q3/0470.html . [Sven Klemm] o [Zenmap] The Ports/Hosts view now provides full version detection values rather than just a simple summary. [Jurand Nogiec] @@ -7971,7 +7971,7 @@ o Improved performance of IP protocol scan by fixing a bug related to o Nmap --reason output no longer falsely reports a localhost-response during -PN scans. See - http://seclists.org/nmap-dev/2008/q3/0188.html. [Michael] + http://seclists.org/nmap-dev/2008/q3/0188.html . [Michael] o [Zenmap] The higwidgets Python package has moved so it is now a subpackage of zenmapGUI. This avoids naming conflicts with Umit, @@ -8054,7 +8054,7 @@ o Zenmap no longer leaves any temporary files lying around. [David] o Nmap only prints an uptime guess in verbose mode now, because in some situations it can be very inaccurate. See the discussion at - http://seclists.org/nmap-dev/2008/q3/0392.html. [David] + http://seclists.org/nmap-dev/2008/q3/0392.html . [David] Nmap 4.68 [2008-6-28] @@ -8468,7 +8468,7 @@ o Create /nmap/macosx directory in SVN with files necessary to build aren't quite yet distributing the results on the Nmap download page, but testing our beta versions is useful. You can find the latest universal (PPC and Intel) binary test version by looking at David - Fifield's posts at http://seclists.org/nmap-dev/2008/q2/author.html. + Fifield's posts at http://seclists.org/nmap-dev/2008/q2/author.html . You can also read /nmap/macosx/README in svn for more info. o Nmap 2008 Summer of Code students have began working (though full @@ -8615,7 +8615,7 @@ o Canonicalize NSE script license text--more than half did not even spell license correctly. They all still say that they are under Nmap's license, just with consistent capitalization and spelling, and now a link to Nmap legal page at - http://nmap.org/man/man-legal.html. + http://nmap.org/man/man-legal.html . o Updated ripeQuery.nse to not print extraneous whitespace. [Kris] @@ -8989,7 +8989,7 @@ o Canonicalized the interface type numbers used internally by libdnet. Also Libdnet now recognizes devices with type INTF_TYPE_IEEE80211 as Ethernet devices. This ought to make wireless network scanning work on Windows Vista. For more background - see http://seclists.org/nmap-dev/2007/q4/0391.html. [David] + see http://seclists.org/nmap-dev/2007/q4/0391.html . [David] o Documented the "--script all" option in the man page and NSE article. This option executes all scripts in the NSE database @@ -9399,7 +9399,7 @@ o Fixed (I hope) a problem with running Nmap on Mac OS X machines with "getinterfaces: Failed to open ethernet interface (vmnet8). A possible cause on BSD operating systems is running out of BPF devices ...." For more details, see - http://seclists.org/nmap-dev/2007/q3/0254.html. + http://seclists.org/nmap-dev/2007/q3/0254.html . o Check that --script arguments are reasonable when Nmap starts rather than potentially waiting for a bunch of port scanning to finish