PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Tentatively done with CHANGELOG updates for 4.85BETA9 release

Browse Source
This commit is contained in:
fyodor
2009-05-13 02:12:07 +00:00
parent aeed0c814e
commit be9c7bf7ad
1 changed files with 84 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
CHANGELOG
View File

@@ -1,27 +1,48 @@
# Nmap Changelog ($Id$); -*-text-*-
o Integrated all of your OS detection submissions (1,156) and
corrections (50) since January 8. Please keep them coming! The
second generation OS detection DB has grown 14% and now has more
than 2,000 fingerprints. That is more than we ever had with the
first system. The 243 new fingerprints include Microsoft Windows 7
beta, Linux 2.6.28, and much more. See
Nmap 4.85BETA9 [2009-05-12]
o Integrated all of your 1,156 of your OS detection submissions and
your 50 corrections since January 8. Please keep them coming! The
second generation OS detection DB has grown 14% to more than 2,000
fingerprints! That is more than we ever had with the first system.
The 243 new fingerprints include Microsoft Windows 7 beta, Linux
2.6.28, and much more. See
http://seclists.org/nmap-dev/2009/q2/0335.html. [David]
o [Ncat] The HTTP proxy now works on Windows. [David]
o [Ncat] A whole lot of work was done by David to improve SSL
security and functionality too:
o Ncat now does certificate domain and trust validation against
trusted certificate lists if you specify --ssl-verify.
o [Ncat] To enable SSL certificate verification on systems whose
default trusted certificate stores aren't easily usable by
OpenSSL, we install a set of certificates extracted from Windows
in the file ca-bundle.crt. The trusted contents of this file are
added to whatever default trusted certificates the operating
system may provide. [David]
o Ncat now automatically generates a temporary keypair and
certificate in memory when you request it to act as an SSL server
but you don't specify your own key using --ssl-key and --ssl-cert
options. [David]
o [Ncat] In SSL mode, Ncat now always uses secure connections,
meaning that it uses only good ciphers and doesn't use
SSLv2. Certificates can optionally be verified with the
--ssl-verify and --ssl-trustfile options. Nsock provides the
option of making SSL connections that prioritize either speed or
security; Ncat uses security while version detection and NSE
continue to use speed. [David]
o Fixed a bug in the new NSE Lua core which caused it to round
fractional runlevel values to the next integer. This could cause
dependency problems for the smb-* scripts and others which rely on
floating point runlevel values (e.g. that smb-bruete at runlevel 0.5
will run before smb-system-info at the default runlevel of 1).
o [NSE] Added Boolean Operators for --script. You may now use ("and",
"or", or "not") combined with categories, filenames, and wildcarded filenames
to match a set files. Parenthetical subexpressions are allowed for
precedence too. For example, you can now run:
o [NSE] Added Boolean Operators for --script. You may now use a boolean
operator ("and", "or", or "not") combined with categories, filenames,
and filenames with a '*', wildcard, to match many files. This change
requires the script database to be recompiled. Please see the thread at
http://seclists.org/nmap-dev/2009/q2/0100.html for more
information. [Patrick]
nmap --script "(default or safe or intrusive) and not http-*" scanme.nmap.org
For more details, see
http://nmap.org/book/nse-usage.html#nse-args. [Patrick]
o [Ncat] The HTTP proxy server now works on Windows too. [David]
o [Zenmap] The command wizard has been removed. The profile editor has
the same capabilities with a better interface that doesn't require
@@ -30,43 +51,21 @@ o [Zenmap] The command wizard has been removed. The profile editor has
without saving a new profile. The profile editor now comes up
showing the current command rather than being blank. [David]
o [Ncat] Ncat now automatically generates a temporary keypair and
certificate in memory when you don't use the --ssl-key and
--ssl-cert options. [David]
o [Zenmap] Added an small animated throbber which indicates that a
scan is still running (similar in concept to the one on the
upper-right Firefox corner which animates while a page is
loading). [David]
o [Ncat] To enable SSL certificate verification on systems whose
default trusted certificate stores aren't easily usable by OpenSSL,
we install a set of certificates extracted from Windows in the file
ca-bundle.crt. The trusted contents of this file are added to
whatever default trusted certificates the operating system may
provide. [David]
o Regenerate script.db to remove references to non-existent
smb-check-vulns-2.nse. This caused the following error messages when
people used the --script=all option: "nse_main.lua:319:
smb-check-vulns-2.nse is not a file!" The script.db entries are now
sorted again to make diffs easier to read. [David,Patrick]
o [Zenmap] There is now a little indicator that animates while a scan
is running, to provide some reassurance for thos long-running scans.
[David]
o The SEQ.CI OS detection test introduced in 4.85BETA4 now has some
examples in nmap-os-db and has been assigned a MatchPoints value of
50. [David]
o [Ncat] When using --send-only, Ncat will now close the network
connection and terminate after receiving EOF on standard input.
[Daniel Roethlisberger]
o [Ncat] Unbreak hostname resolution on BSD systems where a recently
fixed libc bug caused getaddrinfo(3) to fail unless a socket type
hint is provided. Patch originally provided by Hajimu UMEMOTO of
FreeBSD. [Daniel Roethlisberger]
o [NSE] Fixed bug in the DNS library which caused the error message
"nselib/dns.lua:54: 'for' limit must be a number". [Jah]
o [Ncat] In SSL mode, Ncat now always uses secure connections, meaning
that it uses only good ciphers and doesn't use SSLv2. Certificates
can optionally be verified with the --ssl-verify and --ssl-trustfile
options. Nsock provides the option of making SSL connections that
prioritize either speed or security; Ncat uses security while
version detection and NSE continue to use speed. [David]
o Fixed --script-update on Windows--it was adding bogus backslashes
preceding file names in the generated script.db. Reported by
Michael Patrick at http://seclists.org/nmap-dev/2009/q2/0192.html,
and fixed by Jah. The error message was also improved.
o The official Windows binaries are now compiled with MS Visual C++
2008 Express Edition SP1 rather than the RTM version. We also now
@@ -74,15 +73,39 @@ o The official Windows binaries are now compiled with MS Visual C++
(vcredist_x86.exe). A number of compiler warnings were fixed
too. [Fyodor,David]
o Fixed a bug in the new NSE Lua core which caused it to round
fractional runlevel values to the next integer. This could cause
dependency problems for the smb-* scripts and others which rely on
floating point runlevel values (e.g. that smb-brute at runlevel 0.5
will run before smb-system-info at the default runlevel of 1).
o The SEQ.CI OS detection test introduced in 4.85BETA4 now has some
examples in nmap-os-db and has been assigned a MatchPoints value of
50. [David]
o [Ncat] When using --send-only, Ncat will now close the network
connection and terminate after receiving EOF on standard input.
This is useful for, say, piping a file to a remote ncat where you
don't care to wait for any response. [Daniel Roethlisberger]
o [Ncat] Fix hostname resolution on BSD systems where a recently
fixed libc bug caused getaddrinfo(3) to fail unless a socket type
hint is provided. Patch originally provided by Hajimu Umemoto of
FreeBSD. [Daniel Roethlisberger]
o [NSE] Fixed bug in the DNS library which caused the error message
"nselib/dns.lua:54: 'for' limit must be a number". [Jah]
o Fixed Solaris 10 compilation by renaming a yield structure which
conflicted with a yield function declared in unistd.h on that
platform. [Pieter Bowman, Patrick]
o [Ncat] Minor code cleanup of Ncat memory allocation and string
duplication calls. [Ithilgore]
o Updated IANA assignment IP list for random IP (-iR)
generation. [Kris]
o Fixed a bug which could cause -iR to only scan the first
host group and then terminate prematurely. The problem related to the
way hosts are counted by o.numhosts_scanned. [David]
o Fixed a bug which could cause -iR to only scan the first host group
and then terminate prematurely. The problem related to the way
hosts are counted by o.numhosts_scanned. [David]
o Fixed a bug in the su-to-zenmap.sh script so that, in the cases
where it calls su, it uses the proper -c option rather than
@@ -101,10 +124,6 @@ o [NSE] Made hexify in nse_nsock.cc take an unsigned char * to work
http://seclists.org/nmap-dev/2007/q2/0257.html, in regard to
non-ASCII characters in nmap-mac-prefixes. [David]
o Fixed Solaris 10 compilation by renaming a yield structure which
conflicted with a yeild function declared in unistd.h on that
platform. [Pieter Bowman, Patrick]
o [NSE] Fixed a segmentation fault which could occur in scripts which
use the NSE pcap library. The problem was reported by Lionel Cons
and fixed by Patrick.
@@ -112,16 +131,8 @@ o [NSE] Fixed a segmentation fault which could occur in scripts which
o [NSE] Port script start/finish debug messages now show the target
port number as well as the host/IP. [Jah]
o Fixed script.db on Windows--it was adding bogus backslashes
preceeding file names. Reported by Michael Patrick at
http://seclists.org/nmap-dev/2009/q2/0192.html, and fixed by Jah.
The error message was also improved.
o Regenerate script.db to remove references to non-existant
smb-check-vulns-2.nse. This caused the following error messages when
people used the --script=all option: "nse_main.lua:319:
smb-check-vulns-2.nse is not a file!" The script.db entries are now
sorted again to make diffs easier to read. [David,Patrick]
o Updated IANA assignment IP list for random IP (-iR)
generation. [Kris]
o [NSE] Fixed http.table_argument so that user-supplied HTTP headers
are now properly sent in HTTP requests. [Jah]