diff --git a/docs/nmap-install.xml b/docs/nmap-install.xml index 4c561fd05..f96458df2 100644 --- a/docs/nmap-install.xml +++ b/docs/nmap-install.xml @@ -34,7 +34,7 @@ you should see output similar to that in felix~>nmap --version -Nmap version 4.68 ( http://nmap.org ) +Nmap version 4.76 ( http://nmap.org ) felix~> @@ -43,7 +43,7 @@ exist on the system (or if your PATH is incorrectly set), an error message such as nmap: Command not found is reported. As the example above shows, Nmap responds to the command by printing its -version number (here 4.68). +version number (here 4.76). Even if your system already has a copy of Nmap, you should consider upgrading to the latest version available from For every Nmap package download file -(e.g. nmap-4.68.tar.bz2 and -nmap-4.68-win32.zip), there is a corresponding +(e.g. nmap-4.76.tar.bz2 and +nmap-4.76-win32.zip), there is a corresponding file in the sigs directory with .gpg.txt appended -to the name (e.g. nmap-4.68.tar.bz2.gpg.txt). +to the name (e.g. nmap-4.76.tar.bz2.gpg.txt). This is the detached signature file. With the proper PGP key in your keyring and the detached @@ -168,16 +168,16 @@ linkend="ex-gpg-verify-nmap-release-bad" xrefstyle="select: label nopage"/>. Verifying PGP key fingerprints (Successful) -flog> gpg --verify nmap-4.68.tar.bz2.gpg.txt nmap-4.68.tar.bz2 -gpg: Signature made Sun 29 Jun 2008 02:40:34 AM PDT using DSA key ID 6B9355D0 +flog> gpg --verify nmap-4.76.tar.bz2.gpg.txt nmap-4.76.tar.bz2 +gpg: Signature made Fri 12 Sep 2008 02:03:59 AM PDT using DSA key ID 6B9355D0 gpg: Good signature from "Nmap Project Signing Key (http://www.insecure.org/)" Detecting a bogus file -flog> gpg --verify nmap-4.68.tar.bz2.gpg.txt nmap-4.68-hacked.tar.bz2 -gpg: Signature made Sun 29 Jun 2008 02:40:34 AM PDT using DSA key ID 6B9355D0 +flog> gpg --verify nmap-4.76.tar.bz2.gpg.txt nmap-4.76-hacked.tar.bz2 +gpg: Signature made Fri 12 Sep 2008 02:03:59 AM PDT using DSA key ID 6B9355D0 gpg: BAD signature from "Nmap Project Signing Key (http://www.insecure.org/)" @@ -193,7 +193,7 @@ Nmap.Org hashes if you obtain Nmap from a third party or feel it might have been accidentally corrupted. For every Nmap package download file, there is a corresponding file in the sigs directory with .digest.txt appended to the name -(e.g. nmap-4.68.tar.bz2.digest.txt). An example +(e.g. nmap-4.76.tar.bz2.digest.txt). An example is shown in . This is the detached signature file. The hashes from the digest file can be verified using common tools such as sha1sum, md5sum, @@ -203,30 +203,30 @@ linkend="ex-digest-file-verify" />. A typical Nmap release digest file -flog> cat nmap-4.53.tgz.digest.txt -nmap-4.53.tgz: MD5 = 0D 86 C1 C4 FA 55 E9 36 D0 B7 C8 05 1F 70 36 E9 -nmap-4.53.tgz: SHA1 = 3516 D794 8AD8 F994 F2FD B52E 1C51 7C5F ED91 E06F -nmap-4.53.tgz: RMD160 = A5DA A78C 583E 7D2D 650E E1F5 0551 A4EC 54DF 55A6 -nmap-4.53.tgz: SHA224 = 6B8B62D6 FA1B83DF D8AC2350 D2496906 A9069515 9B98FA93 - 31782297 -nmap-4.53.tgz: SHA256 = 7D415EB8 E6CBD0F6 FBC2301E A65C6A6D 3580B810 85FAF0FE - 42D00863 8BAC12FB -nmap-4.53.tgz: SHA384 = 9E2086D4 4AAE1FEA 7F347ACA C7A44363 10387CF3 F73BDB3B - 492887D5 6F1923D8 154F8D90 6B9FBDEB 903CFEC0 F6D38020 -nmap-4.53.tgz: SHA512 = 31235D3A F8C39057 91A61F7C 63E69D51 722B7540 EA457220 - FF2391E7 93B98F0D DFEF9A8B F6C02725 CBE32E0F 35766C6C - 554F759C C9D4C4BC F42227F4 6E7B2B3D +flog> cat sigs/nmap-4.76.tgz.digest.txt +nmap-4.76.tgz: MD5 = 54 B5 C9 E3 F4 4C 1A DD E1 7D F6 81 70 EB 7C FE +nmap-4.76.tgz: SHA1 = 4374 CF9C A882 2C28 5DE9 D00E 8F67 06D0 BCFA A403 +nmap-4.76.tgz: RMD160 = AE7B 80EF 4CE6 DBAA 6E65 76F9 CA38 4A22 3B89 BD3A +nmap-4.76.tgz: SHA224 = 524D479E 717D98D0 2FB0A42B 9A4E6E52 4027C9B6 1D843F95 + D419F87F +nmap-4.76.tgz: SHA256 = 0E960E05 53EB7647 0C8517A0 038092A3 969DB65C BE23C03F + D6DAEF1A CDCC9658 +nmap-4.76.tgz: SHA384 = D52917FD 9EE6EE62 F5F456BF E245675D B6EEEBC5 0A287B27 + 3CAA4F50 B171DC23 FE7808A8 C5E3A49A 4A78ACBE A5AEED33 +nmap-4.76.tgz: SHA512 = 826CD89F 7930A765 C9FE9B41 1DAFD113 2C883857 2A3A9503 + E4C1E690 20A37FC8 37564DC3 45FF0C97 EF45ABE6 6CEA49FF + E262B403 A52F4ECE C23333A0 48DEDA66 Verifying Nmap hashes -flog> sha1sum nmap-4.53.tgz -3516d7948ad8f994f2fdb52e1c517c5fed91e06f nmap-4.53.tgz -flog> md5sum nmap-4.53.tgz -0d86c1c4fa55e936d0b7c8051f7036e9 nmap-4.53.tgz -flog> gpg --print-md sha1 nmap-4.53.tgz -nmap-4.53.tgz: 3516 D794 8AD8 F994 F2FD B52E 1C51 7C5F ED91 E06F +flog> sha1sum nmap-4.76.tgz +4374cf9ca8822c285de9d00e8f6706d0bcfaa403 nmap-4.76.tgz +flog> md5sum nmap-4.76.tgz +54b5c9e3f44c1adde17df68170eb7cfe nmap-4.76.tgz +flog> gpg --print-md sha1 nmap-4.76.tgz +nmap-4.76.tgz: 4374 CF9C A882 2C28 5DE9 D00E 8F67 06D0 BCFA A403 While releases from Nmap.Org are signed as described in this @@ -796,7 +796,7 @@ as winpcap-nmap-version.exe, where version is the Nmap version rather than the WinPcap version. Alternatively, you can obtain and install the latest version from . You -must install version 4 or later. +must install version 4.0 or later. Due to the way Nmap is compiled, it requires the Microsoft Visual C++ 2008 Redistributable Package of runtime @@ -828,7 +828,7 @@ url="http://www.microsoft.com/express/vc/">Visual C++ 2008 Express.Uncompress the source code file you just downloaded. Recent releases of the free Cygwin distributionCygwin can handle both the .tar.bz2 and .tgz formats. Use the command tar xvjf nmap-version.tar.bz2 or tar xvzf nmap-version.tgz, respectively. Alternatively, the common WinZip application can decompress the .tgz version. Open Visual Studio and the Nmap solution file ( nmap-version/mswin32/nmap.sln). -Choose Build Solution from the Build Menu. Nmap should begin compiling, and end with the line -- Done -- saying that all projects built successfully and there were 0 failures. +Choose Build Solution from the Build Menu. Nmap should begin compiling, and end with the line -- Done -- saying that all projects built successfully and there were zero failures. The executable and data files can be found in nmap-version/mswin32/Release/. You can copy them to a preferred directory as long as they are all kept together. diff --git a/docs/refguide.xml b/docs/refguide.xml index 64aa86c3f..e0b9cb5f6 100644 --- a/docs/refguide.xml +++ b/docs/refguide.xml @@ -115,7 +115,7 @@ OS details: Linux 2.6.20-1 (Fedora Core 5) TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS -[Cut first 7 hops for brevity] +[Cut first seven hops for brevity] 8 10.59 so-4-2-0.mpr3.pao1.us.above.net (64.125.28.142) 9 11.00 metro0.sv.svcolo.com (208.185.168.173) 10 9.93 scanme.nmap.org (64.13.134.52) @@ -772,7 +772,7 @@ Traceroutes are performed post-scan using information from the scan results to d -Traceroute works by sending packets with a low TTL (time-to-live) in an attempt to elicit ICMP Time Exceeded messages from intermediate hops between the scanner and the target host. Standard traceroute implementations start with a TTL of 1 and increment the TTL until the destination host is reached. Nmap's traceroute starts with a high TTL and then decrements the TTL until it reaches 0. Doing it backwards lets Nmap employ clever caching algorithms to speed up traces over multiple hosts. On average Nmap sends 5–10 fewer packets per host, depending on network conditions. If a single subnet is being scanned (i.e. 192.168.0.0/24) Nmap may only have to send a single packet to most hosts. +Traceroute works by sending packets with a low TTL (time-to-live) in an attempt to elicit ICMP Time Exceeded messages from intermediate hops between the scanner and the target host. Standard traceroute implementations start with a TTL of 1 and increment the TTL until the destination host is reached. Nmap's traceroute starts with a high TTL and then decrements the TTL until it reaches zero. Doing it backwards lets Nmap employ clever caching algorithms to speed up traces over multiple hosts. On average Nmap sends 5–10 fewer packets per host, depending on network conditions. If a single subnet is being scanned (i.e. 192.168.0.0/24) Nmap may only have to send a single packet to most hosts. @@ -1275,7 +1275,7 @@ really has no open ports. If most scanned ports are closed but a few common port numbers (such as 22, 25, 53) are filtered, the system is most likely susceptible. Occasionally, systems will even show the exact opposite -behavior. If your scan shows 1000 open ports and 3 closed or filtered +behavior. If your scan shows 1000 open ports and three closed or filtered ports, then those three may very well be the truly open ones. @@ -1749,7 +1749,7 @@ way. When performing a version scan (), Nmap sends a series of probes, each of which is assigned a rarity value - between 1 and 9. The lower-numbered probes are effective + between one and nine. The lower-numbered probes are effective against a wide variety of common services, while the higher numbered ones are rarely useful. The intensity level specifies which probes should be applied. The higher the @@ -2236,7 +2236,7 @@ parallelism based on network performance. If packets are being dropped, Nmap slows down and allows fewer outstanding probes. The ideal probe number slowly rises as the network proves itself worthy. These options place minimum or maximum bounds on that variable. By default, -the ideal parallelism can drop to 1 if the network proves unreliable +the ideal parallelism can drop to one if the network proves unreliable and rise to several hundred in perfect conditions. The most common usage is to set @@ -2714,8 +2714,8 @@ lists the relevant options and describes what they do. handling these tiny packets. The old-school sniffer named Sniffit segmentation faulted immediately upon receiving the first fragment. Specify this option once, and Nmap - splits the packets into 8 bytes or less after the IP - header. So a 20-byte TCP header would be split into 3 + splits the packets into eight bytes or less after the IP + header. So a 20-byte TCP header would be split into three packets. Two with eight bytes of the TCP header, and one with the final four. Of course each fragment also has an IP header. Specify again to use 16 bytes per fragment @@ -2723,7 +2723,7 @@ lists the relevant options and describes what they do. Or you can specify your own offset size with the option. Don't also specify if you use . The offset must be a - multiple of 8. While fragmented packets won't get by + multiple of eight. While fragmented packets won't get by packet filters and firewalls that queue all IP fragments, such as the CONFIG_IP_ALWAYS_DEFRAG option in the Linux kernel, some networks can't afford the performance hit @@ -3032,12 +3032,12 @@ support the option completely, as does UDP scan. for the session. If the given string is an even number of hex digits (with the pairs optionally separated by a colon), Nmap will use those as the MAC. If fewer than 12 hex digits are provided, Nmap - fills in the remainder of the 6 bytes with random values. If the - argument isn't a 0 or hex string, Nmap looks through + fills in the remainder of the six bytes with random values. If the + argument isn't a zero or hex string, Nmap looks through nmap-mac-prefixes to find a vendor name containing the given string (it is case insensitive). If a match is found, Nmap uses the vendor's OUI (3-byte prefix)organizationally unique identifier (OUI)nmap-mac-prefixes - and fills out the remaining 3 bytes + and fills out the remaining three bytes randomly. Valid argument examples are Apple, 0, 01:02:03:04:05:06, deadbeefcafe, 0020F2, and Cisco. This option only affects raw packet scans such as SYN scan or OS detection, not connection-oriented features such as version detection or the Nmap Scripting Engine. @@ -3269,7 +3269,7 @@ piped to an awk or cut command to print the desired fields. Grepable output consists of comments (lines starting with a pound (#))grepable outputcomments in and target lines. A target line includes a combination -of 6 labeled fields, separated by tabs and followed with a colon. +of six labeled fields, separated by tabs and followed with a colon. The fields are Host, Ports, Protocols, Ignored State, OS, Seq Index, @@ -4014,7 +4014,7 @@ overwhelming requests. Specify to only see Launches host enumeration and a TCP scan at the first half - of each of the 255 possible 8 bit subnets in the 198.116 class B + of each of the 255 possible 8-bit subnets in the 198.116 class B address space. This tests whether the systems run SSH, DNS, POP3, or IMAP on their standard ports, or anything on port 4564. For any of these ports found open, version detection is used to determine diff --git a/docs/scripting.xml b/docs/scripting.xml index 4950d4ad7..707f846e4 100644 --- a/docs/scripting.xml +++ b/docs/scripting.xml @@ -939,7 +939,7 @@ action refer to . - The target host's IPv4 address as 4 byte long binary value. + The target host's IPv4 address as a 32-bit binary value. @@ -947,7 +947,7 @@ action refer to . - Our host's (running Nmap) source IPv4 address as 4 byte long binary value. + Our host's (running Nmap) source IPv4 address as a 32-bit binary value. @@ -2154,8 +2154,8 @@ a call to nmap.new_try() local try = nmap.new_try(err_catch()) -The script sets a timeout of 5000, which is equivalent to 5 -seconds. Should any operation require more time we'll receive a +The script sets a timeout of 5000 (five seconds). +Should any operation require more time we'll receive a TIMEOUT error message.