OK, I think I'm done with the CHANGELOG\!

2025-12-21 06:59:01 +00:00 · 2011-06-30 22:07:33 +00:00
parent 789977d8df
commit 9e1fc9cffb
1 changed files with 120 additions and 186 deletions
--- a/306
+++ b/306
@@ -163,9 +163,53 @@ o [NSE] Added 40 scripts, bringing the total to 217!  You can learn
    addresses. If the newtargets script argument is set, discovered
    addresses are added to the scan queue. [Nick Nikolaou]
-  + xmpp: Connects to an XMPP server (port 5222) and collects server information such as
+  + xmpp: Connects to an XMPP server (port 5222) and collects server
-    supported auth mechanisms, compression methods and whether TLS is supported
+    information such as supported auth mechanisms, compression methods
-    and mandatory. [Vasiliy Kulikov]
+    and whether TLS is supported and mandatory. [Vasiliy Kulikov]
 o Nmap has long supported IPv6 for basic (connect) port scans, basic
  host discovery, version detection, Nmap Scripting Engine.  This
  release dramatically expands and improves IPv6 support:
  + IPv6 raw packet scans (including SYN scan, UDP scan, ACK scan,
    etc.) are now supported. [David, Weilin]
  + IPv6 raw packet host discovery (IPv6 echo requests, TCP/UDP
    discovery packets, etc.) is now supported. [David, Weilin]
  + IPv6 traceroute is now supported [David]
  + IPv6 protocol scan (-sO) is now supported, including creating
    realistic headers for many protocols. [David]
  + IPv6 support to the wsdd, dnssd and upnp NSE libraries. [Daniel
    Miller, Patrik]
  + The --exclude and --excludefile now support IPV6 addresses with
    netmasks.  [Colin]
 o Scanme.Nmap.Org (the system anyone is allowed to scan for testing
  purposes) is now dual-stacked (has an IPv6 address as well as IPv4)
  so you can scan it during IPv6 testing.  We also added a DNS record
  for ScanmeV6.nmap.org which is IPv6-only. See
  http://seclists.org/nmap-dev/2011/q2/428. [Fyodor]
 o The Nmap.Org website as well as sister sites Insecure.Org,
  SecLists.Org, and SecTools.Org all have working IPv6 addresses now
  (dual stacked). [Fyodor]
 o Nmap now determines the filesystem location it is being run from and
  that path is now included early in the search path for data files
  (such as nmap-services).  This reduces the likelihood of needing to
  specify --datadir or getting data files from a different version of
  Nmap installed on the system.  For full details, see
  http://nmap.org/book/data-files-replacing-data-files.html.  Thanks
  to Solar Designer for implementation advice. [David]
 o Created a page on our SecWiki for collecting Nmap script ideas! If
  you have a good idea, post it to the incoming section of the page.
  Or if you're in a script writing mood but don't know what to write,
  come here for inspiration: https://secwiki.org/w/Nmap_Script_Ideas.
 o The development pace has greatly increased because Google (again)
  sponsored a 7 full-time college and graduate student programmer
  interns this summer as part of their Summer of Code program!
  Thanks, Google Open Source Department!  We're delighted to introduce
  the team: http://seclists.org/nmap-dev/2011/q2/312
 o [NSE] Added 7 new protocol libraries, bringing the total to 66.  You
  can read about them all at http://nmap.org/nsedoc/. Here are the new
@@ -190,7 +234,8 @@ o [NSE] Added 7 new protocol libraries, bringing the total to 66.  You
  + srvloc: A relatively small implementation of the Service Location
    Protocol. [Patrik Karlsson]
-  + tftp: Implements a minimal TFTP server. [Patrik Karlsson]
+  + tftp: Implements a minimal TFTP server. It is used in
    snmp-ios-config to obtain router config files.[Patrik Karlsson]
 o Improved Nmap's service/version detection database by adding:
  + Apple iPhoto (DPAP) protocol probe [Patrik]
@@ -200,81 +245,52 @@ o Improved Nmap's service/version detection database by adding:
  + Signature improvements for a wide variety of services (we now have
    7,375 signatures)
-o [NSE] Replaced http-trace with a new more effective version. [Paulino]
+o [NSE] ssh-hostkey now additionally has a postrule that prints hosts
-
+  found during the scan which share the same hostkey. [Henri Doreau]
 o Added support for raw-packet IPv6 scans!  This means SYN scan, UDP
  scan, and ICMP host discovery and similar work for IPv6 now!  A few
  notes:
  o OS detection isn't yet supported.  That is a huge task (requires
    an all-new database), but we're working hard on it.
  o IPv6 CIDR address notation isn't yet supported (it is rarely useful
    due to the size of IPv6 networks, but we plan to add it anyway).
  o Neighbor Discovery-based host discovery (analog to ARP scan) isn't
    yet supported.
  o Multicast host discovery isn't yet supported.
  o Windows Teredo tunnels (a system for tunneling IPv6 to systems
    which don't support it natively) are not supported by the raw
    system, but you can still use -6 with --unprivileged to scan through
    those interfaces.
  o When scanning link local IPv6 addresses (they start with fe80),
    you might need to put the interface name at the end like you
    sometimes do with ping6 and other system IPv6 tools
    (e.g. fe80::9afc:22ee:bc91:3e1d%eth0)
  [Added by David and Weilin]
 o Added IPv6 --traceroute support. [David]
 o Added IPv6 protocol scan (-sO) support, including creating realistic
  headers for many protocols. [David]
 o [NSE] Added ipv6 support to the wsdd, dnssd and upnp libraries. Applied
  patch from Dan Miller that fixes errors in processing and sorting ipv6
  addresses in scripts using these libraries. [Daniel Miller, Patrik]
 o Scanme.Nmap.Org is now dual-stacked (has an IPv6 address as well as
  IPv4) so you can scan it during IPv6 testing.  We also added a DNS
  record for ScanmeV6.nmap.org which is IPv6-only. [Fyodor]
 o [Nmap] --exclude and --excludefile now support IPV6 addresses with netmasks 
  [Colin]
 o The Nmap.Org website as well as sister sites Insecure.Org,
  SecLists.Org, and SecTools.Org all have working IPv6 addresses now.
 o Performed some output cleanup work to remove various status lines in cases
  that they don't really matter.  This makes it easier to find the
  good stuff! [David]
 o The development pace has greatly increased because Google (again)
  sponsored a 7 full-time college and graduate student programmer
  interns this summer as part of their Summer of Code program!
  Thanks, Google Open Source Department!  We're delighted to introduce
  the team: http://seclists.org/nmap-dev/2011/q2/312
 o [Zenmap] Fixed issue with Zenmap not being able to kill the Nmap scan 
  subprocess upon canceling a scan or quitting the application on Windows.
  [Shinnok]
 o [Zenmap] Fixed issue with Zenmap not waiting for the return exit code
  of the Nmap scan subprocess after killing it on Posix systems, thus 
  leaving the processes in a defunct(zombie) state. [Shinnok]
 o [NSE] Banned scripts from being in both the "default" and
  "intrusive" categories.  We did this by removing dhcp-discover and
  dns-zone-transfer from the set of scripts run by default (leaving
  them "intrusive"), and reclassifying dns-recusion, ftp-bounce,
  http-open-proxy, and socks-open-proxy as "safe" rather than
  "intrusive" (keeping them in the "default" set).
 o [NSE] The host.bin_ip and host.bin_ip_src entries now also work with
  16-byte IPv6 addresses. [David]
 o [NSE] Added 300+ new signatures to http-enum which look for admin
  directories, JBoss, Tomcat, TikiWiki, Majordomo2, MS SQL, Wordpress,
  and more. [Paulino]
-o [Ncat] Updated the ca-bundle.crt list of certificate authority
+o Made the final IP address space assignment update as all available
-  certificates. [David]
+  IPv4 address blocks have now been allocated to the regional
  registries.  Our random IP generation (-iR) logic now only excludes
  the various reserved blocks.  Thanks to Kris for years of regular
  updates to this function!
 o [NSE] Replaced http-trace with a new more effective version. [Paulino]
 o Performed some output cleanup work to remove unimportant status
  lines so that it is easier to find the good stuff! [David]
 o [Zenmap] now properly kills Nmap scan subprocess when you cancel a
  scan or quit Zenmap on Windows. [Shinnok]
 o [NSE] Banned scripts from being in both the "default" and
  "intrusive" categories.  We did this by removing dhcp-discover and
  dns-zone-transfer from the set of scripts run by default (leaving
  them "intrusive"), and reclassifying dns-recursion, ftp-bounce,
  http-open-proxy, and socks-open-proxy as "safe" rather than
  "intrusive" (keeping them in the "default" set).
 o [NSE] Added a credential storage library (creds.lua) and modified
  the brute library and scripts to make use of it. [Patrik]
 o [Ncat] Created a portable version of ncat.exe that you can just drop
  onto Microsoft Windows systems without having to run any installer
  or copy over extra library files. See the Ncat page
  (http://nmap.org/ncat/) for binary downloads and a link to build
  instructions. [Shinnok]
 o Fix a segmentation fault which could occur when running Nmap on
  various Android-based phones.  The problem related to NULL being
  passed to freeaddrinfo(). [David, Vlatko Kosturjak]
 o [NSE] The host.bin_ip and host.bin_ip_src entries now also work with
  16-byte IPv6 addresses. [David]
 o [Ncat] Updated the ca-bundle.crt list of trusted certificate
  authority certificates. [David]
 o [NSE] Fixed a bug in the SMB Authentication library which could
  prevent concurrently running scripts with valid credentials from
@@ -283,25 +299,12 @@ o [NSE] Fixed a bug in the SMB Authentication library which could
 o [NSE] Re-worked http-form-brute.nse to better autodetect form
  fields, allow brute force attempts where only the password (no
  username) is needed, follow HTTP redirects, and better detect
-  incorrect login attempts. [Patrik]
+  incorrect login attempts. [Patrik, Daniel Miller]
-o [Zenmap] Changed "Slow comprehensive scan" profile script selection from 
+o [Zenmap] Changed the "slow comprehensive scan" profile's NSE script
-  "all" to "default or (discovery and safe)" categories, which specifies that
+  selection from "all" to "default or (discovery and safe)"
-  all scripts in default category as well as all scripts that are both in
+  categories.  Except for testing and debugging, "--script all" is
-  discovery and safe should be executed.
+  rarely desirable.
  The "all" profile is pretty dangerous to be run since it includes denial of
  service and exploit scripts among many others and because in some cases the
  scan might never finish.
 o [NSE] Added credential storage library (creds.lua) and modified the brute
  library and scripts to make use of it. [Patrik]
 o [Ncat] Added support for building a portable version of Ncat for the
  Microsoft Windows platform, by means of static linking.  This allows
  you to drop it by itself on pretty much any Windows system without
  worrying about installing anything else or including a bunch of DLL
  library or data files.  You can read more about it in Ncat's INSTALL
  file (http://nmap.org/svn/ncat/INSTALL).
 o [NSE] Added the stdnse.silent_require method which is used for
  library requires that you know might fail (e.g. "openssl" fails if
@@ -312,84 +315,40 @@ o [NSE] Added the stdnse.silent_require method which is used for
  failure messages as would happen with a normal require. [Patrick
  Donnelly]
-o [Ncat] ncat now listens on localhost and ::1 when you do ncat -l. If you
+o [Ncat] ncat now listens on both localhost and ::1 when you run ncat
-  specify an address or use -4,-6 it works as before.
+  -l. It works as before if you specify -4 or -6 or a specific
  address. [Colin Rice]
-o [NSE] Added the Simple Mail Transfer Protocol (SMTP) library. [Djalal]
+o [Zenmap] Fixed a bug in topology mapper which caused endpoints
  behind firewalls to sometimes show up in the wrong place (see
  http://seclists.org/nmap-dev/2011/q2/733).  [Colin Rice]
-o [Zenmap] Fixed endpoints which were behind firewalls during a traceroute being
+o [Zenmap] If you scan a system twice, any open ports from the first
-  attached to the wrong spot on the topology map. [Colin Rice]
+  scan which are closed in the 2nd will be properly marked as
-
+  closed. [Colin Rice].
 o [Zenmap] Fixed issue with ports closed in newer scan not being removed
  from the ports list [Colin Rice]
 o Stopped linking against libnl when not necessary (when linking
  dynamically with libpcap). Patch by Kevin Locke.
 o [NSE] Applied patch from Daniel Miller that fixes a bug in http-form-brute
  reported by Josh Greenwood. The script would break if autodetection of
  either brute form fields would fail.
 o [Zenmap] Fixed an error that could cause a crash ("TypeError: an
  integer is required") if a sort column in the ports table was unset.
  [David]
-o [Ndiff] Added nmaprun element information to the diff. [Daniel
+o [Ndiff] Added nmaprun element information (Nmap version, scan date,
-  Miller]
+  etc.) to the diff.  Also, the Nmap banner with version number and
-
+  data is now only printed if there were other differences in the
-o Created a page on our SecWiki for collecting Nmap script ideas! If
+  scan. [Daniel Miller, David, Dr. Jesus]
  you have a good idea, post it to the incoming section of the page.
  Or if you're in a script writing mood but don't know what to write,
  come here for inspiration: https://secwiki.org/w/Nmap_Script_Ideas.
 o Added a GKrellM service probe from Toni Ruottu.
 o [NSE] Added nmap.get_interface and nmap.get_interface_info functions
  so scripts can access characteristics of the scanning interface.
-  [Djalal]
+  Removed nmap.get_interface_link. [Djalal]
 o [NSE] Removed the nmap.get_interface_link function, which was
  deprecated by the new nmap.get_interface_info. The sniffer-detect
  script now calls the nmap.get_interface_info function to retrieve
  the network interface link type. [Djalal]
 o [NSE] Fixed a bug reported by Daniel Miller that was causing the
  nfs-ls script to ignore NFS mounts when the Mount version is 1.
  [Djalal]
 o Added a service probe for BackOrifice contributed by Gorjan
  Petrovski.
 o Added a service probe for Zend Java Bridge, which is vulnerable if
  exposed to an untrusted network. It was contributed by Michael
  Schierl.
 o Fixed an overflow in scan elapsed time display that caused negative
  times to be printed after about 25 days. [Daniel Miller]
 o [NSE] ssh-hostkey now additionally has a postrule that prints hosts
  found during the scan which share the same hostkey. [Henri Doreau]
 o Nmap now determines the location it is being run from and that
  location is now included early in the search path for data files
  (such as nmap-services).  For full details, see
  http://nmap.org/book/data-files-replacing-data-files.html.  Thanks
  to Solar Designer for implementation advice. [David]
 o Updated nmap-rpc from the master list, now maintained by IANA.
  [Daniel Miller, David]
 o [Ndiff] The Nmap banner (with the version number and date of the scan)
  is not printed unless there were other differences. This makes Nidff
  produce no output when there wre no differences other than the version
  number and date. Dr. Jesus contributed an initial patch. [David]
 o [Zenmap] Fixed a bug in the option parser: -sN (null scan) was
  interpreted as -sn (no port scan). This was reported by
-  shitaneddine. [David]
+  Shitaneddine. [David]
 o [NSE] Fixed a problem in oracle-brute that would fail due to connection
  exhaustion. Fixed some debugging messages in the brute library [Patrik]
 o [Ndiff] Fixed the Mac OS X packages to use the correct path for
  Python: /usr/bin/python instead of /opt/local/bin/python. The bug
@@ -399,19 +358,12 @@ o Removed the -sR (RPC scan) option--it is now an alias for -sV
  (version scan), which always does RPC scan when an rpcinfo service
  is detected.
-o [NSE] Merged the ms-sql branch with several improvements and changes to the
+o [NSE] Improved the ms-sql scripts and library in several ways:
-  ms-sql scripts and library:
+  - Improved version detection and server discovery
-  - Improved version detection
+  - Added support for named pipes, integrated authentication, and
-  - Improved server discovery
+    connecting to instances by name or port
-  - Add support for named pipes
+  - Improved script and library stability and documentation.
-  - Add support for integrated authentication
+  [Patrik Karlsson, Chris Woodbury]
  - Add support for connecting to instances by name or port
  - Improved script and library stability
  - Improved script and library documentation
 [Patrik Karlsson, Chris Woodbury]
 o [NSE] Added probe for Apple iPhoto (DPAP) and the dpap-brute script that
  performs password guessing against a shared iPhoto library. [Patrik]
 o [NSE] Fixed http.validate_options when handling a cookie table.
  [Sebastian Prengel]
@@ -421,18 +373,6 @@ o Added a Service Tags UDP probe for port 6481/udp. [David]
 o [NSE] Enabled firewalk.nse to automatically find the gateways at
  which probes are dropped and fixed various bugs. [Henri Doreau]
 o [NSE] Use the correct script name in the usage example of the
  smtp-enum-users script. Reported by Jamuse, who also contributed
  a patch.
 o [NSE] db2-das-info - Corrected a bug that caused the script to fail
  when DB2 Discovery mode is disabled on the DAS service on port 523.
  [Tom]
 o Added checks that the argument to freeaddrinfo is not NULL, avoiding
  a segmentation fault on Android and possibly other platforms.
  Suggested by Vlatko Kosturjak and Alexismm2.
 o [Zenmap] Worked around a pycairo bug that prevented saving the
  topology graphic as PNG on Windows: "Error Saving Snapshot:
  Surface.write_to_png takes one argument which must be a filename
@@ -447,18 +387,8 @@ o The -V and --version options now show the platform Nmap was compiled
 o Fixed some inconsistencies in nmap-os-db reported by Xavier Sudre
  from netVigilance.
 o Made the final IP address space assignment update as all available
  IPv4 address blocks have now been allocated to the regional
  registries.  Our random IP generation (-iR) logic now only excludes
  the various reserved blocks.  Thanks to Kris for years of regular
  updates to this function!
 o The Nmap Win32 uninstaller now properly deletes nping.exe. [Fyodor]
 o Fix a segmentation fault which could occur when running Nmap on
  various Andriod-based phones.  The problem related to NULL being
  passed to freeaddrinfo(). [David, Vlatko Kosturjak]
 o [NSE] Added a shortport.ssl function which can be used as a script
  portrule to match SSL services.  It is similar in concept to our
  existing shortport.http. [David]
@@ -472,6 +402,10 @@ o We no longer support Nmap on versions of Windows earlier than XP
  But if you must use Nmap on such systems anyway, please see
  https://secwiki.org/w/Nmap_On_Old_Windows_Releases.
 o There were hundreds of other little bug fixes and improvements
  (especially to NSE scripts).  See the SVN logs for revisions 22,274
  through 24,460 for details.
 Nmap 5.51 [2011-02-11]
 o [Ndiff] Added support for prerule and postrule scripts. [David]