PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Tentatively done with CHANGELOG updates for 4.85BETA9 release

Browse Source
This commit is contained in:
fyodor
2009-05-13 02:12:07 +00:00
parent aeed0c814e
commit be9c7bf7ad
1 changed files with 84 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
CHANGELOG
View File

@@ -1,27 +1,48 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o Integrated all of your OS detection submissions (1,156) and Nmap 4.85BETA9 [2009-05-12]
corrections (50) since January 8. Please keep them coming! The
second generation OS detection DB has grown 14% and now has more o Integrated all of your 1,156 of your OS detection submissions and
than 2,000 fingerprints. That is more than we ever had with the your 50 corrections since January 8. Please keep them coming! The
first system. The 243 new fingerprints include Microsoft Windows 7 second generation OS detection DB has grown 14% to more than 2,000
beta, Linux 2.6.28, and much more. See fingerprints! That is more than we ever had with the first system.
The 243 new fingerprints include Microsoft Windows 7 beta, Linux
2.6.28, and much more. See
http://seclists.org/nmap-dev/2009/q2/0335.html. [David] http://seclists.org/nmap-dev/2009/q2/0335.html. [David]
o [Ncat] The HTTP proxy now works on Windows. [David] o [Ncat] A whole lot of work was done by David to improve SSL
security and functionality too:
o Ncat now does certificate domain and trust validation against
trusted certificate lists if you specify --ssl-verify.
o [Ncat] To enable SSL certificate verification on systems whose
default trusted certificate stores aren't easily usable by
OpenSSL, we install a set of certificates extracted from Windows
in the file ca-bundle.crt. The trusted contents of this file are
added to whatever default trusted certificates the operating
system may provide. [David]
o Ncat now automatically generates a temporary keypair and
certificate in memory when you request it to act as an SSL server
but you don't specify your own key using --ssl-key and --ssl-cert
options. [David]
o [Ncat] In SSL mode, Ncat now always uses secure connections,
meaning that it uses only good ciphers and doesn't use
SSLv2. Certificates can optionally be verified with the
--ssl-verify and --ssl-trustfile options. Nsock provides the
option of making SSL connections that prioritize either speed or
security; Ncat uses security while version detection and NSE
continue to use speed. [David]
o Fixed a bug in the new NSE Lua core which caused it to round o [NSE] Added Boolean Operators for --script. You may now use ("and",
fractional runlevel values to the next integer. This could cause "or", or "not") combined with categories, filenames, and wildcarded filenames
dependency problems for the smb-* scripts and others which rely on to match a set files. Parenthetical subexpressions are allowed for
floating point runlevel values (e.g. that smb-bruete at runlevel 0.5 precedence too. For example, you can now run:
will run before smb-system-info at the default runlevel of 1).
o [NSE] Added Boolean Operators for --script. You may now use a boolean nmap --script "(default or safe or intrusive) and not http-*" scanme.nmap.org
operator ("and", "or", or "not") combined with categories, filenames,
and filenames with a '*', wildcard, to match many files. This change For more details, see
requires the script database to be recompiled. Please see the thread at http://nmap.org/book/nse-usage.html#nse-args. [Patrick]
http://seclists.org/nmap-dev/2009/q2/0100.html for more
information. [Patrick] o [Ncat] The HTTP proxy server now works on Windows too. [David]
o [Zenmap] The command wizard has been removed. The profile editor has o [Zenmap] The command wizard has been removed. The profile editor has
the same capabilities with a better interface that doesn't require the same capabilities with a better interface that doesn't require
@@ -30,43 +51,21 @@ o [Zenmap] The command wizard has been removed. The profile editor has
without saving a new profile. The profile editor now comes up without saving a new profile. The profile editor now comes up
showing the current command rather than being blank. [David] showing the current command rather than being blank. [David]
o [Ncat] Ncat now automatically generates a temporary keypair and o [Zenmap] Added an small animated throbber which indicates that a
certificate in memory when you don't use the --ssl-key and scan is still running (similar in concept to the one on the
--ssl-cert options. [David] upper-right Firefox corner which animates while a page is
loading). [David]
o [Ncat] To enable SSL certificate verification on systems whose o Regenerate script.db to remove references to non-existent
default trusted certificate stores aren't easily usable by OpenSSL, smb-check-vulns-2.nse. This caused the following error messages when
we install a set of certificates extracted from Windows in the file people used the --script=all option: "nse_main.lua:319:
ca-bundle.crt. The trusted contents of this file are added to smb-check-vulns-2.nse is not a file!" The script.db entries are now
whatever default trusted certificates the operating system may sorted again to make diffs easier to read. [David,Patrick]
provide. [David]
o [Zenmap] There is now a little indicator that animates while a scan o Fixed --script-update on Windows--it was adding bogus backslashes
is running, to provide some reassurance for thos long-running scans. preceding file names in the generated script.db. Reported by
[David] Michael Patrick at http://seclists.org/nmap-dev/2009/q2/0192.html,
and fixed by Jah. The error message was also improved.
o The SEQ.CI OS detection test introduced in 4.85BETA4 now has some
examples in nmap-os-db and has been assigned a MatchPoints value of
50. [David]
o [Ncat] When using --send-only, Ncat will now close the network
connection and terminate after receiving EOF on standard input.
[Daniel Roethlisberger]
o [Ncat] Unbreak hostname resolution on BSD systems where a recently
fixed libc bug caused getaddrinfo(3) to fail unless a socket type
hint is provided. Patch originally provided by Hajimu UMEMOTO of
FreeBSD. [Daniel Roethlisberger]
o [NSE] Fixed bug in the DNS library which caused the error message
"nselib/dns.lua:54: 'for' limit must be a number". [Jah]
o [Ncat] In SSL mode, Ncat now always uses secure connections, meaning
that it uses only good ciphers and doesn't use SSLv2. Certificates
can optionally be verified with the --ssl-verify and --ssl-trustfile
options. Nsock provides the option of making SSL connections that
prioritize either speed or security; Ncat uses security while
version detection and NSE continue to use speed. [David]
o The official Windows binaries are now compiled with MS Visual C++ o The official Windows binaries are now compiled with MS Visual C++
2008 Express Edition SP1 rather than the RTM version. We also now 2008 Express Edition SP1 rather than the RTM version. We also now
@@ -74,15 +73,39 @@ o The official Windows binaries are now compiled with MS Visual C++
(vcredist_x86.exe). A number of compiler warnings were fixed (vcredist_x86.exe). A number of compiler warnings were fixed
too. [Fyodor,David] too. [Fyodor,David]
o Fixed a bug in the new NSE Lua core which caused it to round
fractional runlevel values to the next integer. This could cause
dependency problems for the smb-* scripts and others which rely on
floating point runlevel values (e.g. that smb-brute at runlevel 0.5
will run before smb-system-info at the default runlevel of 1).
o The SEQ.CI OS detection test introduced in 4.85BETA4 now has some
examples in nmap-os-db and has been assigned a MatchPoints value of
50. [David]
o [Ncat] When using --send-only, Ncat will now close the network
connection and terminate after receiving EOF on standard input.
This is useful for, say, piping a file to a remote ncat where you
don't care to wait for any response. [Daniel Roethlisberger]
o [Ncat] Fix hostname resolution on BSD systems where a recently
fixed libc bug caused getaddrinfo(3) to fail unless a socket type
hint is provided. Patch originally provided by Hajimu Umemoto of
FreeBSD. [Daniel Roethlisberger]
o [NSE] Fixed bug in the DNS library which caused the error message
"nselib/dns.lua:54: 'for' limit must be a number". [Jah]
o Fixed Solaris 10 compilation by renaming a yield structure which
conflicted with a yield function declared in unistd.h on that
platform. [Pieter Bowman, Patrick]
o [Ncat] Minor code cleanup of Ncat memory allocation and string o [Ncat] Minor code cleanup of Ncat memory allocation and string
duplication calls. [Ithilgore] duplication calls. [Ithilgore]
o Updated IANA assignment IP list for random IP (-iR) o Fixed a bug which could cause -iR to only scan the first host group
generation. [Kris] and then terminate prematurely. The problem related to the way
hosts are counted by o.numhosts_scanned. [David]
o Fixed a bug which could cause -iR to only scan the first
host group and then terminate prematurely. The problem related to the
way hosts are counted by o.numhosts_scanned. [David]
o Fixed a bug in the su-to-zenmap.sh script so that, in the cases o Fixed a bug in the su-to-zenmap.sh script so that, in the cases
where it calls su, it uses the proper -c option rather than where it calls su, it uses the proper -c option rather than
@@ -101,10 +124,6 @@ o [NSE] Made hexify in nse_nsock.cc take an unsigned char * to work
http://seclists.org/nmap-dev/2007/q2/0257.html, in regard to http://seclists.org/nmap-dev/2007/q2/0257.html, in regard to
non-ASCII characters in nmap-mac-prefixes. [David] non-ASCII characters in nmap-mac-prefixes. [David]
o Fixed Solaris 10 compilation by renaming a yield structure which
conflicted with a yeild function declared in unistd.h on that
platform. [Pieter Bowman, Patrick]
o [NSE] Fixed a segmentation fault which could occur in scripts which o [NSE] Fixed a segmentation fault which could occur in scripts which
use the NSE pcap library. The problem was reported by Lionel Cons use the NSE pcap library. The problem was reported by Lionel Cons
and fixed by Patrick. and fixed by Patrick.
@@ -112,16 +131,8 @@ o [NSE] Fixed a segmentation fault which could occur in scripts which
o [NSE] Port script start/finish debug messages now show the target o [NSE] Port script start/finish debug messages now show the target
port number as well as the host/IP. [Jah] port number as well as the host/IP. [Jah]
o Fixed script.db on Windows--it was adding bogus backslashes o Updated IANA assignment IP list for random IP (-iR)
preceeding file names. Reported by Michael Patrick at generation. [Kris]
http://seclists.org/nmap-dev/2009/q2/0192.html, and fixed by Jah.
The error message was also improved.
o Regenerate script.db to remove references to non-existant
smb-check-vulns-2.nse. This caused the following error messages when
people used the --script=all option: "nse_main.lua:319:
smb-check-vulns-2.nse is not a file!" The script.db entries are now
sorted again to make diffs easier to read. [David,Patrick]
o [NSE] Fixed http.table_argument so that user-supplied HTTP headers o [NSE] Fixed http.table_argument so that user-supplied HTTP headers
are now properly sent in HTTP requests. [Jah] are now properly sent in HTTP requests. [Jah]