I'm pretty much done with the CHANGELOG, now on to the building of 4.85BETA1!

2025-12-20 06:29:02 +00:00 · 2009-01-23 22:17:30 +00:00
parent 970a75edcf
commit 8ea37dc891
1 changed files with 158 additions and 159 deletions
--- a/317
+++ b/317
@@ -6,23 +6,23 @@ o Added Ncat, a much-improved reimplementation of the venerable Netcat
  tool which adds modern features and makes use of Nmap's efficient
  networking libraries.  Features include SSL support, proxy
  connections (client or server, socks4 or connect-based, with or
-  without authentication, optionally chained), TCP or UDP connection
+  without authentication, optionally chained), TCP and UDP connection
  redirection, connection brokering (facilitating connections between
  machines which are behind NAT gateways), and much more.  It is
  cross-platform (Linux, Windows, Mac, etc.) and supports IPv6 as well
  as standard IPv4.  See http://nmap.org/ncat/ for details.  It is now
  included in our binary packages (Windows, Linux, and Mac OS X), and
-  built by default.  You can omit it with the --without-ncat configure
+  built by default.  You can skip it with the --without-ncat configure
-  option.
+  option.  Thanks to Kris and David for their great work on this!
-o Added the Ndiff utility, which compares the results of Nmap scans.
+o Added the Ndiff utility, which compares the results of two Nmap
-  This makes it trivial to scan your networks on a regular basis and
+  scans and describes the new/removed hosts, newly open/cosed ports,
-  create a report (XML or text format) listing the new/removed hosts,
+  changed operating systems, etc.  This makes it trivial to scan your
-  newly open/closed ports, changed operating systems, etc.  See
+  networks on a regular basis and create a report (XML or text format)
-  http://nmap.org/ndiff/ and ndiff/README for more information. It is
+  on all the changes.  See http://nmap.org/ndiff/ and ndiff/README for
-  included in our binary packages and built by default, though you can
+  more information. Ndiff is included in our binary packages and built
-  prevent it from being built and installed by specifying the
+  by default, though you can prevent it from being built by specifying
-  --without-ndiff configure flag.  Thanks to David and Michael
+  the --without-ndiff configure flag.  Thanks to David and Michael
  Pattrick for their great work on this.
 o Released Nmap Network Scanning: The Official Nmap Project Guide to
@@ -34,22 +34,21 @@ o Released Nmap Network Scanning: The Official Nmap Project Guide to
  demonstrates how to apply those features to quickly solve real-world
  tasks.  It was briefly the #1 selling computer book on Amazon.
  Translations to the German, Korean, and Brazilian Portuguese
-  languages are forthcoming.  For more, see http://nmap.org/book/.
+  languages are forthcoming.  More than half of the book is already
-  More than half of the book is free online at
+  free online.  For more, see http://nmap.org/book/.
  http://nmap.org/book/toc.html.
 o David spent more than a month working on algorithms to improve port
  scan performance while retaining or improving accuracy.  The changes
  are described at http://seclists.org/nmap-dev/2009/q1/0054.html. He
  was able to reduce our "benchmark scan time" (which involves many
  different scan types from many source networks to many targets) from
-  1879 seconds to 1321.  That is a 30% time reduction without harming
+  1879 seconds to 1321 without harming accuracy.  That is a 30% time
-  accuracy!
+  reduction!
-o Introduced NSE documentation portal, with docs on every NSE script
+o Introduced the NSE documentation portal, which documents every NSE
-  and library included with Nmap. See http://nmap.org/nsedoc/.  Script
+  script and library included with Nmap. See http://nmap.org/nsedoc/.
-  documentation was improved substantially in the process.  The NSEDoc
+  Script documentation was improved substantially in the process.
-  documentation format which scripts and libraries must use is
+  Scripts and libraries must use the new NSEDoc format, which is
  described at http://nmap.org/book/nsedoc.html.  Thanks to Patrick
  and David for their great work on this.
@@ -79,49 +78,29 @@ o Integrated all of your OS detection fingerprint submissions and
  phones, routers, oscilloscopes, employee timeclocks, etc. Keep those
  submissions coming!
-o Added three new nselib modules: msrpc, netbios, and smb. As the
+o Ron Bowes embarked on a massive MSRPC/NETBIOS project to allow Nmap
-  names suggest, they contain common code for scripts using MSRPC,
+  to interrogate Windows machines much more completely.  He added
-  NetBIOS, and SMB. These modules allow scripts to extract a great
+  three new nselib modules: msrpc, netbios, and smb. As the names
-  deal of information from hosts running Windows, particularly Windows
+  suggest, they contain common code for scripts using MSRPC, NetBIOS,
  and SMB. These modules allow scripts to extract a great deal of
  information from hosts running Windows, particularly Windows
  2000. New or updated scripts using the modules are:
    nbstat.nse: get NetBIOS names and MAC address.
-    smb-enumdomains.nse: enumerate domains and policies.
+    smb-enum-domains.nse: enumerate domains and policies.
-    smb-enumsessions.nse: enumerate logins and SMB sessions.
+    smb-enum-processes.nse: allows a user with administrator
-    smb-enumshares.nse: enumerate network shares.
+       credentials to view a tree of the processes running on the
-    smb-enumusers.nse: enumerate users and information about them.
+       remote system (uses HKEY_PERFORMANCE_DATA hive).
    smb-enum-sessions.nse: enumerate logins and SMB sessions.
    smb-enum-shares.nse: enumerate network shares.
    smb-enum-users.nse: enumerate users and information about them.
    smb-os-discovery.nse: get operating system over SMB (replaces
      netbios-smb-os-discovery.nse).
    smb-security-mode.nse: determine if a host uses user-level or
      share-level security, and what other security features it
      supports.
-    smb-serverstats.nse: grab statistics such as network traffic
+    smb-server-stats.nse: grab statistics such as network traffic
      counts.
-    smb-systeminfo.nse: get lots of information from the registry.
+    smb-system-info.nse: get lots of information from the registry.
  [Ron Bowes]
 o Zenmap now runs ndiff to do its "Compare Results" function. This
  completely replaces the old diff view. The diff window size is now
  more flexible (for user resizing) as well. [David]
 o Improved port scan performance by changing the list of high priority
  ports which Nmap shifts closer to the beginning of scans because
  they are more likely to be responsive.  We based the change on
  empirical data from large-scale scanning.  The new list is:
    21, 22, 23, 25, 53, 80, 110, 111, 113, 135, 139, 143, 199, 256,
    443, 445, 554, 587, 993, 995, 1025, 1720, 1723, 3306, 3389, 5900, 
    8080, 8888 [Fyodor, David]
 o Added smb-enum-processes.nse, a script that allows a user with administrator
  credentials to view a tree of the processes running on the remote system
  (uses HKEY_PERFORMANCE_DATA hive). [Ron Bowes]
 o [NSE] Almost all scripts were renamed to be more consistent.  They
  are now all lowercase and most of them start with the name of the
  service name they query.  Words are separated by hyphens.
 o [NSE] Now that scripts are better named, the "Id" field has been
  removed and the script name (sans the .nse or directory path
  information) is used in script oputput instead.
 o A problem that caused OS detection to fail for most hosts in a
  certain case was fixed. It happened when sending raw Ethernet frames
@@ -132,6 +111,52 @@ o A problem that caused OS detection to fail for most hosts in a
  to Michael Head for running tests and especially Trent Snyder for
  testing and finding the cause of the problem. [David]
 o Zenmap now runs ndiff to for its "Compare Results" function. This
  completely replaces the old diff view. The diff window size is now
  more flexible for user resizing as well. [David]
 o Added a Russian translation of the Nmap Reference Guide by Guz
  Alexander. We now have translations in 15 languages available from
  http://nmap.org/docs.html. More volunteer translators are welcome,
  as we are still missing some important languages. Translation
  instructions are available from that docs.html page.
 o Update Windows installer to handle Windows 7 (tested with the Beta
  build 7000) [Rob Nicholls]
 o Improved port scan performance by changing the list of high priority
  ports which Nmap shifts closer to the beginning of scans because
  they are more likely to be responsive.  We based the change on
  empirical data from large-scale scanning.  The new port list is:
    21, 22, 23, 25, 53, 80, 110, 111, 113, 135, 139, 143, 199, 256,
    443, 445, 554, 587, 993, 995, 1025, 1720, 1723, 3306, 3389, 5900, 
    8080, 8888 [Fyodor, David]
 o [NSE] Almost all scripts were renamed to be more consistent.  They
  are now all lowercase and most of them start with the name of the
  service name they query.  Words are separated by hyphens. [David,
  Fyodor]
 o [NSE] Now that scripts are better named, the "Id" field has been
  removed and the script name (sans the .nse or directory path
  information) is used in script output instead. [David]
 o [NSE] Added banner.nse, a simple script which connects to open TCP
  ports and prints out anything sent in the first five seconds by the
  listening service. [Jah]
 o [NSE] Added a new OpenSSL library with functions for multiprecision
  integer arithmetic, hashing, HMAC, symmetric encryption and
  symmetric decryption. [Sven]
 o [Zenmap] Internationalization has been fixed [David]. Currently
  Zenmap has two translations:
    o German by Chris Leick
    o Brazilian Portuguese by Adriano Monteiro Marques (partial)
  For details on using an existing translation or localizing Zenmap
  into your own native language, see
  http://nmap.org/book/zenmap-lang.html. [David]
 o Zenmap no longer outputs XML elements and attributes that are not in
  the Nmap XML DTD. This was done mostly by removing things from
  Zenmap's output, and adding a few new optional things to the Nmap
@@ -141,39 +166,33 @@ o Zenmap no longer outputs XML elements and attributes that are not in
  commonly used with Nmap. Because of these changes the
  xmloutputversion has been increased to 1.03. [David]
 o The NSE registry now persists across host groups so that values
  stored in it will remain until they are explicitly removed or Nmap
  execution ends. [David]
 o Enhanced the AS Numbers script (ASN.nse) to better consolidate
  results and bail out if the DNS server doesn't support the ASN
  queries. [Jah]
-o [NSE] Added a new OpenSSL library with functions for multiprecision
+o Complete re-write of the marshaling logic for Microsoft RPC calls. 
  integer arithmetics, hashing, HMAC, symmetric encryption and
  symmetric decryption. [Sven]
 o Complete re-write of the marshalling logic for Microsoft RPC calls. 
  [Ron Bowes]
-o Added vulnerability checks for MS08-067 as well as an unfixed 
+o Added a script that checks for ms08-067-vulnerable hosts
-  denial of service in the Windows 2000 registry service.
+  (smb-check-vulns.nse) using the smb nselib. It also checks for an
-  [Ron Bowes]
+  unfixed denial of service vulnerability Ron discovered in the
-
+  Windows 2000 registry service. [Ron Bowes]
 o Added a script that checks for ms08-067-vulnerable hosts 
  (smb-check-vulns.nse) using the smb nselib. [Ron Bowes]
 o Added a Russian translation of the Nmap Reference Guide by Guz
  Alexander. We now have translations in 15 languages available from
  http://nmap.org/docs.html. More volunteer translaters are welcome,
  as we are still missing some important languages (particularly
  German!). Translation instructions are available from that docs.html
  page.
 o [Zenmap] Text size is larger on Mac OS X thanks to a new included
  gtkrc file. [David]
-o Update Windows installer to handle Windows 7 (tested with the Beta
+o Reduced memory consumption for some longer-running scans by removing
-  build 7000) [Rob Nicholls]
+  completed hosts from the lists after two minutes.  These hosts are
  kept around in case there is a late response, but this draws the
  line on how long we wait and hence keep this information in memory.
  See http://seclists.org/nmap-dev/2008/q3/0902.html for more. [Kris]
 o The Windows installer now uses Zenmap binaries built using Python
-  2.6.1 rather than 2.5.1.
+  2.6.1 rather than 2.5.1 [Fyodor]
 o When a system route can't be matched up directly with an interface
  by comparing addresses, Nmap now tries to match the route through
@@ -185,23 +204,38 @@ o When a system route can't be matched up directly with an interface
    WARNING: Unable to find appropriate interface for system route to ...
  [David]
-o Most script names were changed to make them more consistent.
+o Removed a code comment which simply declared /* WANKER ALERT! */ for
-  [Fyodor, David]
+  no good reason. [Fyodor]
 o NSE prints messages in debugging mode whenever a script starts or
  finishes [Patrick, David].
 o [Ncat] The -l option can now be specified w/o a port number to
  listen on Ncat's default port number (31337).
 o [Zenmap] The Nmap output window now scrolls automatically as a scan
  progresses. [David]
 o [NSE] We now have a canonical way for scripts to check for
  dependency libraries such as OpenSSL.  This allows them to handle
  the issue gracefully (by exiting or doing some of their work if
  possible) rather than flooding the console with error messages as
  before. See http://nmap.org/nsedoc/modules/openssl.html. [Pattrick,
  David, Fyodor]
 o Nmap now reports a proper error message when you combine an IPv6
  scan (-6) with random IPv4 address selection (-iR). [Henri Doreau]
 o Nmap now builds with the _FORTIFY_SOURCE=2 define.  With modern
  versions of GCC, this adds extra buffer overflow protection and
  other security checks.  It is described at
  http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html. [David,
  Doug]
 o The --excludefile option correctly handles files with no terminating
  newline instead of claiming "Exclude file line 0 was too long to
  read." [Henri Doreau]
 o [NSE] Added banner.nse, a simple script which connects to open TCP
  ports and prints out anything sent in the first five seconds by the
  listening service. [Jah]
 o [NSE] Changed the datafiles library to remove constraining input
  checks, move nmap.fetch_file() to read_from_file(), and make
  get_array() and get_assoc_array() into normal functions. [Sven]
@@ -216,8 +250,9 @@ o Nsock handles a certain Windows connect error, WSAEADDRNOTAVAIL
  broadcast address. Thanks to Tilo Köppe and James Liu for reporting
  the problem. [David]
-o An "elapsed" attribute has been added to the XML output, representing
+o An "elapsed" attribute has been added to the XML output (in the
-  the total scan time in seconds (floating point). [Kris]
+  "finished" tag), representing the total Nmap scanning time in
  seconds (floating point). [Kris]
 o Fixed a division by zero error in the packet rate measuring code
  that could cause a display of infinity packets per seconds near the
@@ -232,39 +267,26 @@ o Fixed a bug in the IP validation code which would have let a specially
  Nmap to segfault.  Thanks to ithilgore of sock-raw.homeunix.org for
  the very detailed bug report. [Kris]
-o [Zenmap] The crash reporter now enhances user privacy by showing all
+o [Zenmap] The crash reporter further enhances user privacy by showing
-  the information that will be submitted so you can edit it to remove
+  all the information that will be submitted so you can edit it to
-  identifying information such as the name of your home directory. If
+  remove identifying information such as the name of your home
-  you provide an email address the report will be marked private so it
+  directory. If you provide an email address the report will be marked
-  will not appear on the public bug tracker. [David]
+  private so it will not appear on the public bug tracker. [David]
 o [Zenmap] Internationalization has been fixed [David]. Currently
  Zenmap has two translations:
    o German by Chris Leick
    o Brazilian Portuguese by Adriano Monteiro Marques (partial)
 o [Zenmap] Zenmap now parses and records XSL stylesheet information
  from Nmap XML files, so files saved by Zenmap will be viewable in a
  web browser just like those produced by Nmap. [David]
-o A possible Lua stack overflow in dns.lua was fixed. Lua detects
+o A possible Lua stack overflow in the DNS module was fixed. Lua detects
  these sorts of overflows and quits. [David]
 o Nmap now builds with the _FORTIFY_SOURCE=2 define.  With modern
  versions of GCC, this adds extra buffer overflow protection and
  other security checks.  It is described at
  http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html. [David,
  Doug]
 o The NSE registry now persists across host groups so that values
  stored in it will remain until they are explicitly removed or Nmap
  execution ends. [David]
 o [NSE] Improved html-title script to support http-alt and https-alt
  (with SSL) and to handle a wider variety of redirects. [Jah]
-o Removed a code comment which simply declared /* WANKER ALERT! */ for
+o NSE scripts that require a list of DNS servers (currently only
-  no good reason. [Fyodor]
+  ASN.nse) now work when IPv6 scanning. Previously it gave an error
  message: "Failed to send dns query.  Response from dns.query(): 9".
  [Jah, David]
 o [Zenmap] Added a workaround for a crash
    GtkWarning: could not open display
@@ -281,25 +303,27 @@ o http-auth.nse now properly checks for default authentication
 o Renamed irc-zombie.nse to auth-spoof and improved its description
  and output a bit. [Fyodor]
-o Removed ripeQuery.nse because we now have the much more robust
+o Removed some unnecessary "demo" category NSE scripts: echoTest,
  chargenTest, showHTTPVersion, and showSMTPVersion.nse.  Moved
  daytimeTest from the "demo" category to "discovery".  Removed
  showHTMLTitle from the "demo" category, but it remains in the
  "default" and "safe" categories. This leaves just smtp-open-relay in
  the undocumented "demo" category. [Fyodor]
 o [NSE] Removed ripeQuery.nse because we now have the much more robust
  whois.nse which handles all the major registries. [Fyodor]
-o [Zenmap] Profile updates: The -sS option was added to the "Intense
+o [NSE] Removed showSSHVersion.nse. Its only real claim to fame was
-  scan plus UDP" and "Slow comprehensive scan" profiles.  The -PN (ping
+  the ability to trick some SSH servers (including at least OpenSSH
  only) option was added to "Quick traceroute". [David]
 o Removed showSSHVersion.nse. Its only real claim to fame was the
  ability to trick some SSH servers (including at least OpenSSH
  4.3p2-9etch3) into not logging the connection.  This trick doesn't
  seem to work with newer versions of OpenSSH, as my
  openssh-server-4.7p1-4.fc8 does log the connection. Without the
  stealth advantage, the script has no real benefit over version
  detection or the upcoming banner grabbing script. [Fyodor]
-o NSE scripts that require a list of DNS servers (currently only
+o [Zenmap] Profile updates: The -sS option was added to the "Intense
-  ASN.nse) now work when IPv6 scanning. Previously it gave an error
+  scan plus UDP" and "Slow comprehensive scan" profiles.  The -PN (ping
-  message: "Failed to send dns query.  Response from dns.query(): 9".
+  only) option was added to "Quick traceroute". [David]
  [Jah, David]
 o [NSE} The smtp-commands script output is now more compact. [Jason
  DePriest, David]
@@ -308,13 +332,6 @@ o [Zenmap] Added a simple workaround for a bug in PyXML (an add-on
  Python XML library) that caused a crash. The crash would happen when
  loading an XML file and looked like "KeyError: 0". [David]
 o Removed some unecessary "demo" category NSE scripts: echoTest,
  chargenTest, showHTTPVersion, and showSMTPVersion.nse.  Moved
  daytimeTest from the "demo" category to "discovery".  Removed
  showHTMLTitle from the "demo" category, but it remains in the
  "default" and "safe" categories. This leaves just smtp-open-relay in
  the undocumented "demo" category. [Fyodor]
 o A crash caused by an incorrect test condition was fixed. It would
  happen when running a ping scan other than a protocol ping, without
  debugging enabled, if an ICMP packet was received referring to a
@@ -325,26 +342,23 @@ o [Zenmap] The keyboard shortcut for "Save to Directory" has been
  changed from Ctrl+v to Ctrl+Alt+s so as not to conflict with the
  usual paste shortcut [Jah, Michael].
 o [Ncat] The -l option can now be specified w/o a port number to
  listen on Ncat's default port number (31337).
 o Nmap now quits if you give a "backwards" port or protocol range like
  -p 20-10. The issue was noted by Arturo "Buanzo" Busleiman. [David]
 o Fixed a bug which caused Nmap to infer an improper distance against
-  some hosts when performaing OS detection against a group whose
+  some hosts when performing OS detection against a group whose
  distance varies between members. [David, Fyodor]
 o [Zenmap] Host information windows are now like any other windows,
  and will not become unclosable by having their controls offscreen.
  Thanks to Robert Mead for the bug report.
-o showHTMLTitle.nse can now follow (non-standard) relative redirects,
+o [NSE] showHTMLTitle can now follow (non-standard) relative
-  and may do a DNS lookup to find if the redirected-to host has the
+  redirects, and may do a DNS lookup to find if the redirected-to host
-  same IP address as the scanned host. [Jah]
+  has the same IP address as the scanned host. [Jah]
-o Enhanced the tohex() function in the NSE stdnse library to support strings
+o [NSE] Enhanced the tohex() function in the stdnse library to support
-  and added options to control the formatting. [Sven]
+  strings and added options to control the formatting. [Sven]
 o [NSE] The http module tries to deal with non-standards-compliant
  HTTP traffic, particularly responses in which the header fields are
@@ -368,8 +382,6 @@ o The HTTP_open_proxy.nse script was updated to match Google Web
 o Enhanced the ssh service detection signatures to properly
  detect protocol version 2 services. [Matt Selsky]
 o [Zenmap] The Nmap output window now scrolls automatically. [David]
 o Nsock now uses fselect() to work around problems with select() not
  working properly on non-socket descriptors on Windows.  This was
  needed for Ncat to work properly on that platform. See
@@ -378,13 +390,7 @@ o Nsock now uses fselect() to work around problems with select() not
 o Removed trailing null bytes from Ncat's responses in HTTP proxy
  mode. [David]
-o Reduced memory consumption for some longer-running scans by removing
+o [NSE] daytime.nse now runs against TCP ports in addition to the UDP
  completed hosts from the lists after two minutes.  These hosts are
  kept around in case there is a late response, but this draws the
  line on how long we wait and hence keep this information in memory.
  See http://seclists.org/nmap-dev/2008/q3/0902.html for more. [Kris]
 o [NSE] daytime.nse now runs against TCP ports in additon to the UDP
  ports it already handled. The output format was also
  improved. [David]
@@ -392,13 +398,6 @@ o XML output now contains the full path to nmap.xml on Windows. The
  path is converted to a file:// URL to provide better compatibility
  across browsers. [Jah]
 o [NSE] We now have a cononical way for scripts to check for
  dependency libraries such as OpenSSL.  This allows them to handle
  the issue gracefully (by exiting or doing some of their work if
  possible) rather than flooding the console with error messages as
  before. See http://nmap.org/nsedoc/modules/openssl.html. [Pattrick,
  David, Fyodor]
 o Made DNS timeouts in NSE a bit more aggressive at higher timing
  levels such as -T4 and -T5. [Jah]
@@ -455,6 +454,12 @@ o [Zenmap] Fixed a crash related to the use of NmapOptions in
  ops.input_filename) rather than the newer dict-style
  interface. [Jah]
 o Split parallel DNS resolution and system DNS resolution into
  separate functions. Previously system DNS resolution was encapsulated
  inside the parallel DNS function, inside a big if block. Now the if
  is on the outside and decides which of the two functions to
  call. [David]
 o [NSE] Remove "\r\r" in script output. If you print "\r\n", the
  Windows C library will transform it to "\r\r\n". So we just print
  "\n" with no special case for Windows.  Also fixed
@@ -470,14 +475,14 @@ o OS scan point matching code can now handle tests worth zero
 o [Zenmap] Catch the exceptions that are cause when there's no XML
  output file, an empty one, or one that's half-complete. You can
-  cause these three situations, respectively, with: nmap -V, nmap
+  cause these three situations, respectively, with: "nmap -V", "nmap
-  --iflist, or nmap nonexistant.host.  Also remove the target
+  --iflist", or "nmap nonexistent.host".  Also remove the target
  requirement for scans because you should be able to run commands
  such as "nmap --iflist" from Zenmap. [David]
 o [Zenmap] Guard against the topology graph becoming empty in the
  middle of an animation.  This could happen if you removed a scan
-  from the list of scans durign an animation. The error looked like:
+  from the list of scans during an animation. The error looked like:
    File "usr/lib/python2.5/site-packages/radialnet/gui/RadialNet.py",
    line 1533, in __livens_up AttributeError: 'NoneType' object has no
    attribute 'get_nodes' [David]
@@ -488,12 +493,6 @@ o [Zenmap] Fixed a crash which could occur when you entered a command
  are capable of finding every possible edge case which could cause a
  crash :).
 o Split parallel DNS resolution and system DNS resolution into
  separate functions. Previously system DNS resolution was encapulated
  inside the parallel DNS function, inside a big if block. Now the if
  is on the outside and decides which of the two functions to
  call. [David]
 Nmap 4.76 [2008-9-12]
 o There is a new "external" script category, for NSE scripts which