PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 05:01:29 +00:00
Code Issues Projects Releases Wiki Activity

Update --proxies docs

Browse Source
This commit is contained in:
fyodor
2013-08-17 20:09:03 +00:00
parent 179451f485
commit 9a4d5de988
3 changed files with 48 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
CHANGELOG
View File

@@ -34,13 +34,6 @@ o [Ncat] Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT, NCAT_LOCAL_ADDR
Nmap 6.40 [2013-07-29] Nmap 6.40 [2013-07-29]
o [Nsock] Added initial proxy support to Nsock. Nmap version detection and
NSE can now establish TCP connections through chains of proxies. HTTP
CONNECT and SOCKS4 protocols are supported, with some limitations. Use the
Nmap --proxies option with a chain of one or more proxies as the argument
(example: http://localhost:8080,socks4://someproxy.example.com) [Henri
Doreau]
o [Ncat] Added --lua-exec. This feature is basically the equivalent of 'ncat o [Ncat] Added --lua-exec. This feature is basically the equivalent of 'ncat
--sh-exec "lua <scriptname>"' and allows you to run Lua scripts with Ncat, --sh-exec "lua <scriptname>"' and allows you to run Lua scripts with Ncat,
redirecting all stdin and stdout operations to the socket connection. See redirecting all stdin and stdout operations to the socket connection. See
@@ -65,23 +58,14 @@ o Integrated your latest IPv6 OS submissions and corrections. We're still
fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap
guesses wrong) are useful. [David Fifield] guesses wrong) are useful. [David Fifield]
o Updated the Nmap license agreement to close some loopholes and stop some o [Nsock] Added initial proxy support to Nsock. Nmap version detection
abusers. It's particularly targeted at companies which distribute and NSE can now establish TCP connections through chains of one or
malware-laden Nmap installers as we caught Download.com doing last more CONNECT or SOCKS4 proxies. Use the Nmap --proxies option with a
year--http://insecure.org/news/download-com-fiasco.html. The updated chain of one or more proxies as the argument (example:
license is in the all the normal places, including http://localhost:8080,socks4://someproxy.example.com). Note that
https://svn.nmap.org/nmap/COPYING. only version detection and NSE are supported so far (no port
scanning or host discovery), and there are other limitations
o [NSE] Oops, there was a vulnerability in one of our 437 NSE scripts. If described in the man page. [Henri Doreau]
you ran the (fortunately non-default) http-domino-enum-passwords script
with the (fortunately also non-default) domino-enum-passwords.idpath
parameter against a malicious server, it could cause an arbitrarily named
file to to be written to the client system. Thanks to Trustwave researcher
Piotr Duszynski for discovering and reporting the problem. We've fixed
that script, and also updated several other scripts to use a new
stdnse.filename_escape function for extra safety. This breaks our record
of never having a vulnerability in the 16 years that Nmap has existed, but
that's still a fairly good run! [David, Fyodor]
o [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 446. o [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 446.
They are all listed at http://nmap.org/nsedoc/, and the summaries are They are all listed at http://nmap.org/nsedoc/, and the summaries are
@@ -140,6 +124,24 @@ o [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 446.
versions 2.1.2 and above and tries to determine version and versions 2.1.2 and above and tries to determine version and
configuration information. [Marin Maržić] configuration information. [Marin Maržić]
o Updated the Nmap license agreement to close some loopholes and stop some
abusers. It's particularly targeted at companies which distribute
malware-laden Nmap installers as we caught Download.com doing last
year--http://insecure.org/news/download-com-fiasco.html. The updated
license is in the all the normal places, including
https://svn.nmap.org/nmap/COPYING.
o [NSE] Oops, there was a vulnerability in one of our 437 NSE scripts. If
you ran the (fortunately non-default) http-domino-enum-passwords script
with the (fortunately also non-default) domino-enum-passwords.idpath
parameter against a malicious server, it could cause an arbitrarily named
file to to be written to the client system. Thanks to Trustwave researcher
Piotr Duszynski for discovering and reporting the problem. We've fixed
that script, and also updated several other scripts to use a new
stdnse.filename_escape function for extra safety. This breaks our record
of never having a vulnerability in the 16 years that Nmap has existed, but
that's still a fairly good run! [David, Fyodor]
o Unicast CIDR-style IPv6 range scanning is now supported, so you can o Unicast CIDR-style IPv6 range scanning is now supported, so you can
specify targets such as en.wikipedia.org/120. Obviously it will take ages specify targets such as en.wikipedia.org/120. Obviously it will take ages
if you specify a huge space. For example, a /64 contains if you specify a huge space. For example, a /64 contains

41
docs/refguide.xml
View File

@@ -3437,38 +3437,39 @@ work properly.</para>
<varlistentry> <varlistentry>
<term> <term>
<option>--proxies <replaceable>Comma-separated list of proxy <option>--proxies <replaceable>Comma-separated list of proxy
URLs</replaceable></option> Relay TCP connections via a chain of URLs</replaceable></option> (Relay TCP connections through a chain of
proxies. proxies)
<indexterm significance="preferred"><primary><option>--proxies</option></primary></indexterm> <indexterm significance="preferred"><primary><option>--proxies</option></primary></indexterm>
<indexterm><primary>proxy</primary></indexterm> <indexterm><primary>proxy</primary></indexterm>
<indexterm><primary>proxies</primary></indexterm> <indexterm><primary>proxies</primary></indexterm>
</term> </term>
<listitem> <listitem>
<para>Asks Nmap to establish TCP connections via the supplied chain of
<indexterm><primary>proxies</primary></indexterm>. Connections are
established to the first node of the chain, which is in turn asked to
connect to the second one... to eventually reach the target. This
technique degrades performance, mostly by introducing latency. It is
up to the user to adjust timeouts and other scan parameters
accordingly when invoking nmap. Typically, some proxies might refuse
to handle as many concurrent connections as nmap's default
parallelism.</para>
<para>The option takes a list of proxies as argument, expressed as <para>Asks Nmap to establish TCP connections with a final
URLs like <literal>proto://host:port</literal>. Use commas to separate target through supplied chain of one or more HTTP or SOCKS4
node URLs of a chain. No authentication is supported yet. Valid <indexterm><primary>proxies</primary></indexterm>. Proxies
can help hide the true source of a scan or evade certain
firewall restrictions, but they can hamper scan performance
by increasing latency. Users may need to adjust Nmap
timeouts and other scan parameters accordingly. In
particular, a lower <option>--max-prallelism</option> may
help because some proxies refuse to handle as many
concurrent connections as Nmap opens by default.</para>
<para>This option takes a list of proxies as argument, expressed as
URLs in the format <literal>proto://host:port</literal>. Use commas to separate
node URLs in a chain. No authentication is supported yet. Valid
protocols are <literal>HTTP</literal> and <literal>SOCKS4</literal>. protocols are <literal>HTTP</literal> and <literal>SOCKS4</literal>.
</para> </para>
<para>Warning: this feature is still under development and has <para>Warning: this feature is still under development and has
limitations. It is implemented within the nsock library and thus has limitations. It is implemented within the nsock library and thus has
no effect on the ping, port scanning and OS discovery phases. Only no effect on the ping, port scanning and OS discovery phases
NSE and version scan already benefit from this option. Also, SSL of a scan. Only NSE and version scan benefit from this
connections are not supported yet, as well as proxy-side DNS option so far&mdash;other features may disclose your true address. SSL
resolving (hostnames are always resolved by nmap). In other words, connections are not yet supported, nor is proxy-side DNS
the current implementation does not aim to provide strong resolution (hostnames are always resolved by nmap).</para>
anonymity.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

2
nmap.cc
View File

@@ -333,7 +333,7 @@ static void printusage(int rc) {
" -S <IP_Address>: Spoof source address\n" " -S <IP_Address>: Spoof source address\n"
" -e <iface>: Use specified interface\n" " -e <iface>: Use specified interface\n"
" -g/--source-port <portnum>: Use given port number\n" " -g/--source-port <portnum>: Use given port number\n"
" --proxies <url1,[url2],..>: Relay TCP connections through a chain of proxies\n" " --proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies\n"
" --data-length <num>: Append random data to sent packets\n" " --data-length <num>: Append random data to sent packets\n"
" --ip-options <options>: Send packets with specified ip options\n" " --ip-options <options>: Send packets with specified ip options\n"
" --ttl <val>: Set IP time-to-live field\n" " --ttl <val>: Set IP time-to-live field\n"