From f49082d2bfa80c6e58d1ea66acf6fdbd2524af18 Mon Sep 17 00:00:00 2001 From: fyodor Date: Fri, 5 Sep 2008 04:27:36 +0000 Subject: [PATCH] Clarify and reorder CHANGELOG entries in prep for next release. More work is still needed --- CHANGELOG | 329 +++++++++++++++++++++++------------------------------- 1 file changed, 142 insertions(+), 187 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index dd1b9b468..b5b225a13 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,129 +1,40 @@ # Nmap Changelog ($Id$); -*-text-*- +4.69BETA1 + o Expanded nmap-services to include information on how frequently each port number is found open. The results were generated by scanning - tens of millions of IPs on the Internet. + tens of millions of IPs on the Internet. [Fyodor] o Nmap now scans the most common 1,000 ports by default in either protocol (UDP scan is still optional). This is a decrease from 1,715 TCP ports and 1,488 UDP ports in Nmap 4.68. So Nmap is faster by default and, since the port selection is better, often finds more - of the open ports as well. + of the open ports as well. [Fyodor] o Nmap fast scan (-F) now scans the top 100 ports by default in either protocol. This is a decrease from 1,276 (TCP) and 1,017 (UDP) in Nmap 4.68, leading to an order of magnitude decrease in port - scanning time. + scanning time. [Fyodor] o The --top-ports option lets you specify the number of ports you wish to scan in each protocol, and will pick the most popular ports for you based on the new frequency data. For both TCP and UDP, the top 10 ports gets you roughly half of the open ports. The top 1,000 (out of 65,536 possible) finds roughly 93% of the open TCP ports and - more than 95% of the open UDP ports. + more than 95% of the open UDP ports. [Fyodor] o Added dns-safe-recursion-port and dns-safe-recursion-txid (non - default NSE scripts) which use the 3rd party dns-oarc.net to test - the source port and transaction ID randomness of a discovered DNS - server (assuming it allows recursion at all). These scripts, which - test for the "Kaminsky" DNS bugs, were contributed by Brandon + default NSE scripts) which use the 3rd party dns-oarc.net lookup to + test the source port and transaction ID randomness of discovered DNS + servers (assuming they allow recursion at all). These scripts, + which test for the "Kaminsky" DNS bugs, were contributed by Brandon Enright. -o Added some Windows and MinGW compatibility patches submitted by - Gisle Vanem. - -o Fix a bug in --script-trace hex dump output resulting in bytes with - highest bit set to be prefixed by ffffff. [Sven Klemm] - -o Updated rpcinfo NSE script to use the new pack/unpack (binlib) - functions, use the new tab library, include better documentation, and - fix some bugs. [Sven Klemm] - -o Fix a bug in the NSE http library which would cause some scripts to - give the error: SCRIPT ENGINE: C:\Program - Files\Nmap\nselib/http.lua:77: attempt to call field 'parse' (a nil - value) [Jah] - -o The NSE datafiles library now has generic file parsing routines, and - the parsing of the standard nmap data files (e.g. nmap-services, - nmap-protocols, etc.) now uses those generic routines. NSE scripts - and libraries may find them useful for dealing with their own data - files, such as password lists. [Jah] - -o Fixed a Makefile problem (race condition) which could lead to build - failures when launching make in parallel mode (e.g. -j4). [Michal - Januszewski] - -o Added new addrow() function to NSE tab library. It allows - developers to add a whole row at once rather than doing a separate - add() call for each column in a row. [Sven Klemm] - -o The NSE http library now supports chunked encoding. [Sven Klemm] - -o Fixed a number of NSE scripts which used print_debug() - incorrectly. See - http://seclists.org/nmap-dev/2008/q3/0470.html. [Sven Klemm]. - -o Improve the nebtios-smb-os-discovery NSE script to improve target - port selection and to also decode the system's timestamp from an SMB - response. [Ron at SkullSecurity] - -o Merged in my nmap-exp/jurand/ branch that involves the Context - Sensitive help system for the Profile Editor. The purpose of the - Profile Editor is to allow you to assemble an nmap command to run - in the Zenmap program by using graphical selection of text and - checkbox input. The new help system allows you to mouse over options - used in the Profile Editor and to display a bit of an overview about - what it is used for and what proper input for that option is in the - help textbox. [Jurand Nogiec] +o Added a context-sensitive help system to the Zenmap Profile Editor. + You can now mouse-over options to learn more about what they are + used for and the proper argument syntax. [Jurand Nogiec] -o Compiled the Context Sensitive Help texts along with David Fifield - in the profile_editor.xml file. [Jurand Nogiec] - -o Rewrote the Icons.py get_os to use the osclass versus doing - pattern-matching on os_match. Also, added get_best_osclass to match - get_best_osmatch. [Jurand Nogiec] - -o Fixed the bug where Ports/Hosts Version tabs are not populated with - the full data (i.e. "OpenSSH 4.3" vs "OpenSSH 4.3 (protocol 2.0)"). - [Jurand Nogiec] - -o Improvements to the Terminate scan fix, which add the function that - the cancel button for scan is only usable during an actual scan and - allows one to save partial results. [Jurand Nogiec] - -o Made change that allows for graceful way for cancelling a Scan in - progress without losing the data obtained so far. I have added a - "Cancel" button that will cancel a Scan within the current tab. - The "Scanning" status is changed to "Cancelled" when the button is - clicked. [Jurand Nogiec] - -o Fixed the problem where scans loaded from an XML file did not - necessarily reflect the profile and target that was shown in the - interface. I completed this by fixing that the same parse_result - method was called by both the XML "live-scan temporary" and - "save-scan" from a file, and made separate cases. [Jurand Nogiec] - -o This modification handles the problem where if a user modifies the - command entry field, Zenmap does not necessarily execute this - command and instead it will follow what the Target/Entry fields - specify instead. This can lead to unpredictable results for the - end-user, which must be avoided. This avoids a bug where if you - edited a command, then selected a different target, the edited - command line would be replaced with one from the currently selected - profile. [Jurand Nogiec] - -o Documentation for the ScanToolbar.py and ScanNotebook.py files in - zenmap/zenmapGUI folder. [Jurand Nogiec] - -o Nsock now returns data from UDP packets individually, preserving the - packet boundary, rather than concatenating the data from multiple - packets into a single buffer. This fixes a problem related to our - reverse-DNS system, which can only handle one DNS packet at a time. - Thanks to Tim Adam of ManageSoft for debugging the problem and - sending the patch. Doug Hoyte helped with testing, and it was - applied by Fyodor. - o Fyodor made a number of performance tweaks, such as: o increase host group sizes in many cases, so Nmap will now commonly scan 64 hosts at a time rather than 30 @@ -135,11 +46,6 @@ o Fyodor made a number of performance tweaks, such as: receiving enough responses to normal scan to properly calculate timing variables and detect packet drops. -o Added the undocumented (except here) --nogcc option which disables - global/group congestion control algorithms and so each member of a - scan group of machines is treated separately. This is just an - experimental option for now. [Fyodor] - o Added a new NSE Unpwdb (username/password database) library for easily obtaining usernames or passwords from a list. The functions usernames() and passwords() return a closure which returns a new @@ -147,60 +53,122 @@ o Added a new NSE Unpwdb (username/password database) library for can specify your own username and/or password lists via the script arguments userdb and passdb, respectively. [Kris] -o The Ports/Hosts display in Zenmap now has different colors for open - and closed ports. [Vladimir] +o Nmap's Nsock-utilizing subsystems (DNS, NSE, version detection) have + been updated to support the -S and --ip-options flags. [Kris] -o Fixed the "resolution errors not showing up" bug. Actually, from now - on, all errors will be displayed properly in the Zenmap window, - since stderr is also redirected there (until now, only stdout was - displayed). [Vladimir] +o A new --max-rate option was added, which complements --min-rate. It + allows you to specify the maximum byte rate that Nmap is allowed to + send packets. [David] -o NSE now works with the Ping Scan (-sP) to execute host - scripts. [Kris] +o Enabled nmap to switch between multiple types of timing pings during + port scanning. The order preferences of timing probes were also + improved. This speeds up scans against certain firewalled hosts. [Michael] -o [NSE] nse_string has been removed and equivalent, cleaner, - procedures have been moved to nse_main and nse_nsock. [Patrick] - -o [NSE] Case insensitive categories. [Patrick] - -o [NSE] Porttests and Hosttests tables are now in the Lua registry - where they belong. [Patrick] - -o [NSE] Each thread for a script gets its own action closure (and - upvalues). See: http://seclists.org/nmap-dev/2008/q2/0549.html - [Patrick] - -o [NSE] script_scan_result structure has been changed to a class, - ScriptResult, that now uses std::strings to hold a Script's output - and id. This alleviates the need to manage memory on the heap - explicitly (malloc & free). [Patrick] - -o [NSE] The runlevel structure has been placed in the thread record - structure so we no longer need to manage the runlevel explicitly on - the heap. [Patrick] - -o Fixed host discovery probe matching when looking at the returned TCP - data in an ICMP error message. This could lead to incorrectly - discarded responses and the debugging error message: "Bogus trynum - or sequence number in ICMP error message" [Kris] - -o Added IPProto Ping (-PO) support to Traceroute, and fixed support for - IPProto Scan (-sO) and the ICMP Pings (-PE, -PP, -PM) in Traceroute - as well. These would cause Nmap to hang during Traceroute. [Kris] - -o Fixed a segmentation fault in Nsock which occurred when calling - nsock_write() with a data length of -1 (which means the data is a - NULL-terminated string and Nsock should take the length itself) and - the Nsock trace level was at least 2. [Kris] +o Added --ip-options support for the connect() scan (-sT). [Kris] o Nsock now supports binding to a local address and setting IPv4 options with nsi_set_localaddr() and nsi_set_ipoptions(), respectively. [Kris] -o Nmap's Nsock-utilizing subsystems (DNS, NSE, version detection) have - been updated to support the -S and --ip-options flags. [Kris] +o Added IPProto Ping (-PO) support to Traceroute, and fixed support for + IPProto Scan (-sO) and the ICMP Pings (-PE, -PP, -PM) in Traceroute + as well. These could cause Nmap to hang during Traceroute. [Kris] -o Added --ip-options support for the connect() scan (-sT). [Kris] +o Added a "Cancel" button to Zenmap which allows you to cancel a scan + in progress without losing the Nmap output obtained so far. [Jurand + Nogiec] + +o Improve the nebtios-smb-os-discovery NSE script to improve target + port selection and to also decode the system's timestamp from an SMB + response. [Ron at SkullSecurity] + +o The NSE http library now supports chunked encoding. [Sven Klemm] + +o The NSE datafiles library now has generic file parsing routines, and + the parsing of the standard nmap data files (e.g. nmap-services, + nmap-protocols, etc.) now uses those generic routines. NSE scripts + and libraries may find them useful for dealing with their own data + files, such as password lists. [Jah] + +o Added some Windows and MinGW compatibility patches submitted by + Gisle Vanem. + +o Fix a cosmetic bug in --script-trace hex dump output which resulting + in bytes with the highest bit set being prefixed with ffffff. [Sven + Klemm] + +o Updated rpcinfo NSE script to use the new pack/unpack (binlib) + functions, use the new tab library, include better documentation, and + fix some bugs. [Sven Klemm] + +o Fix a bug in the NSE http library which would cause some scripts to + give the error: SCRIPT ENGINE: C:\Program + Files\Nmap\nselib/http.lua:77: attempt to call field 'parse' (a nil + value) [Jah] + +o Fixed a Makefile problem (race condition) which could lead to build + failures when launching make in parallel mode (e.g. -j4). [Michal + Januszewski] + +o Added new addrow() function to NSE tab library. It allows + developers to add a whole row at once rather than doing a separate + add() call for each column in a row. [Sven Klemm] + +o Fixed a number of NSE scripts which used print_debug() + incorrectly. See + http://seclists.org/nmap-dev/2008/q3/0470.html. [Sven Klemm]. + +o The Zenmap Ports/Hosts view now provides full version detection + values rather than just a simple summary. [Jurand Nogiec] + +o Zenmap: When you edit the command-entry field, then change the + target selection, Nmap no longer blows away your edits in favor of + using your current profile. [Jurand Nogiec] + +o Nsock now returns data from UDP packets individually, preserving the + packet boundary, rather than concatenating the data from multiple + packets into a single buffer. This fixes a problem related to our + reverse-DNS system, which can only handle one DNS packet at a time. + Thanks to Tim Adam of ManageSoft for debugging the problem and + sending the patch. Doug Hoyte helped with testing, and it was + applied by Fyodor. + +o Added the undocumented (except here) --nogcc option which disables + global/group congestion control algorithms and so each member of a + scan group of machines is treated separately. This is just an + experimental option for now. [Fyodor] + +o The Ports/Hosts display in Zenmap now has different colors for open + and closed ports. [Vladimir] + +o Fixed Zenmap so that it displays all Nmap errors. Previously, only + stdout was redirected into the window, and not stderr. Now they are + both redirected. [Vladimir] + +o NSE can now be used in combination with ping scan (e.g. "-sP + --script") so that you can execute host scripts without needing to + perform a port scan. [Kris] + +o [NSE] Category names are now case insensitive. [Patrick] + +o [NSE] Each thread for a script now gets its own action closure (and + upvalues). See: http://seclists.org/nmap-dev/2008/q2/0549.html + [Patrick] + +o [NSE] The script_scan_result structure has been changed to a class, + ScriptResult, which now holds a Script's output in an std::string. + This removes the need to use malloc and free to manage this memory. + A similar change was made to the runlevel structure. [Patrick] + +o Fixed host discovery probe matching when looking at the returned TCP + data in an ICMP error message. This could formerly lead to + incorrectly discarded responses and the debugging error message: + "Bogus trynum or sequence number in ICMP error message" [Kris] + +o Fixed a segmentation fault in Nsock which occurred when calling + nsock_write() with a data length of -1 (which means the data is a + NUL-terminated string and Nsock should take the length itself) and + the Nsock trace level was at least 2. [Kris] o The NSE Comm library now defaults to trying to read as many bytes as are available rather than lines if neither the "bytes" nor "lines" @@ -209,14 +177,9 @@ o The NSE Comm library now defaults to trying to read as many bytes as o Updated zoneTrans.nse to replace length bytes in returned domain names to periods itself rather than relying on NSE's old behavior of - replacing non- printable characters with periods. Thanks to Rob + replacing non-printable characters with periods. Thanks to Rob Nicholls for reporting the problem. [Kris] -o Changed the order preference of timing ping probes. [Michael] - -o Enabled nmap to switch between multiple types of timing pings during - port scanning. [Michael] - o Some Zenmap crashes have been fixed: trying to "refresh" the output of a scan loaded from a file, and trying to re-save a file loaded from the command line in some circumstances. [David] @@ -226,49 +189,45 @@ o The file selector in Zenmap now remembers what directory it was last o Zenmap defaults to showing files matching both *.xml and *.usr in the file selector. Previously it only showed those matching *.usr. + The new combined format will be XML and .usr will be deprecated. + See http://seclists.org/nmap-dev/2008/q3/0093.html . o Nmap avoids printing the sending rate in bytes per second during a TCP connect scan. Because the number of bytes per probe is not - known, it used to print Current sending rates: 11248.85 packets / s, - 0.00 bytes / s. Now it will print simply Current sending rates: - 11248.85 packets / s. + known, it used to print current sending rates: 11248.85 packets / s, + 0.00 bytes / s. Now it will print simply print rates like "11248.85 + packets / s". [David] -o Nmap's makefile will now install menu items for launching zenmap as - a privileged or non-privileged process on linux. This will mainly - effect people who install nmap and zenmap directly from the source - code. [Michael] +o Nmap's installation process now install menu items for launching + zenmap as a privileged or non-privileged process on Linux. This will + mainly effect people who install nmap and zenmap directly from the + source code. [Michael] -o Nmap will no longer misreport a localhost-responce during -PN scans +o Nmap no longer misreports a localhost-response during -PN scans [Michael] -o There is a new --max-rate option complementary to - --min-rate. [David] +o The higwidgets Python package used by Zenmap has been made a + subpackage of zenmapGUI. This is to avoid naming conflicts with + Umit, which uses a slightly different version of higwidgets. [David] o A bug that could cause some host discovery probes to be incorrectly interpreted as drops was fixed. This occurred only when the IP protocol ping (-PO) option was combined with other ping types. [David] -o The NSE C modules in nselib-bin are now linked explicitly against - liblua. Before this, loading such modules from a static build of - Nmap failed, leading to this error whenever one was used: - SCRIPT ENGINE: error while initializing script rules: - error loading module 'bit' from file '/usr/libexec/nmap/nselib-bin/bit.so': - /usr/libexec/nmap/nselib-bin/bit.so: undefined symbol: lua_pushnumber - Because RPM builds are static this fixes NSE C modules in - RPMs. [David] - -o A new attribute has been added to XML output, scanflags, which lists +o A new scanflags attribute has been added to XML output, which lists all user specified --scanflags for the scan. nmap.dtd has been modified to account for this. [Michael] -o The loading of the nmap-services file has been made faster. In the - common case using the default nmap-services file loading was - measured to be over nine times faster. +o The loading of the nmap-services file has been made much + faster--roughly 9 times faster in common cases. This is important + for the new (much larger) frequency augmented nmap-services + file. [David] o The shtool build helper script has been updated to version 2.0.8. An older version of shutil caused installation to fail when the locale - was set to et_EE. Thanks to Michal Januszewski for the bug report. + was set to et_EE. Thanks to Michal Januszewski for the bug + report. [David] o Nmap sometimes sent packets with incorrect IP checksums, particularly when sending the UDP probes in OS detection. This has @@ -284,11 +243,7 @@ o Zenmap no longer leaves any temporary files lying around. [David] o Nmap only prints an uptime guess in verbose mode now, because in some situations it can be very inaccurate. See the discussion at - http://seclists.org/nmap-dev/2008/q3/0392.html. - -o The higwidgets Python package used by Zenmap has been made a - subpackage of zenmapGUI. This is to avoid naming conflicts with - Umit, which uses a slightly different version of higwidgets. [David] + http://seclists.org/nmap-dev/2008/q3/0392.html. [David] Nmap 4.68 [2008-6-28]