PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-23 16:09:02 +00:00
Code Issues Projects Releases Wiki Activity

Clarify and reorder CHANGELOG entries in prep for next release. More work is still needed

Browse Source
This commit is contained in:
fyodor
2008-09-05 04:27:36 +00:00
parent 27374d6531
commit f49082d2bf
1 changed files with 142 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

329
CHANGELOG
View File

@@ -1,129 +1,40 @@
# Nmap Changelog ($Id$); -*-text-*-
4.69BETA1
o Expanded nmap-services to include information on how frequently each
port number is found open. The results were generated by scanning
tens of millions of IPs on the Internet.
tens of millions of IPs on the Internet. [Fyodor]
o Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional). This is a decrease from
1,715 TCP ports and 1,488 UDP ports in Nmap 4.68. So Nmap is faster
by default and, since the port selection is better, often finds more
of the open ports as well.
of the open ports as well. [Fyodor]
o Nmap fast scan (-F) now scans the top 100 ports by default in either
protocol. This is a decrease from 1,276 (TCP) and 1,017 (UDP) in
Nmap 4.68, leading to an order of magnitude decrease in port
scanning time.
scanning time. [Fyodor]
o The --top-ports option lets you specify the number of ports you wish
to scan in each protocol, and will pick the most popular ports for
you based on the new frequency data. For both TCP and UDP, the top
10 ports gets you roughly half of the open ports. The top 1,000
(out of 65,536 possible) finds roughly 93% of the open TCP ports and
more than 95% of the open UDP ports.
more than 95% of the open UDP ports. [Fyodor]
o Added dns-safe-recursion-port and dns-safe-recursion-txid (non
default NSE scripts) which use the 3rd party dns-oarc.net to test
the source port and transaction ID randomness of a discovered DNS
server (assuming it allows recursion at all). These scripts, which
test for the "Kaminsky" DNS bugs, were contributed by Brandon
default NSE scripts) which use the 3rd party dns-oarc.net lookup to
test the source port and transaction ID randomness of discovered DNS
servers (assuming they allow recursion at all). These scripts,
which test for the "Kaminsky" DNS bugs, were contributed by Brandon
Enright.
o Added some Windows and MinGW compatibility patches submitted by
Gisle Vanem.
o Fix a bug in --script-trace hex dump output resulting in bytes with
highest bit set to be prefixed by ffffff. [Sven Klemm]
o Updated rpcinfo NSE script to use the new pack/unpack (binlib)
functions, use the new tab library, include better documentation, and
fix some bugs. [Sven Klemm]
o Fix a bug in the NSE http library which would cause some scripts to
give the error: SCRIPT ENGINE: C:\Program
Files\Nmap\nselib/http.lua:77: attempt to call field 'parse' (a nil
value) [Jah]
o The NSE datafiles library now has generic file parsing routines, and
the parsing of the standard nmap data files (e.g. nmap-services,
nmap-protocols, etc.) now uses those generic routines. NSE scripts
and libraries may find them useful for dealing with their own data
files, such as password lists. [Jah]
o Fixed a Makefile problem (race condition) which could lead to build
failures when launching make in parallel mode (e.g. -j4). [Michal
Januszewski]
o Added new addrow() function to NSE tab library. It allows
developers to add a whole row at once rather than doing a separate
add() call for each column in a row. [Sven Klemm]
o The NSE http library now supports chunked encoding. [Sven Klemm]
o Fixed a number of NSE scripts which used print_debug()
incorrectly. See
http://seclists.org/nmap-dev/2008/q3/0470.html. [Sven Klemm].
o Improve the nebtios-smb-os-discovery NSE script to improve target
port selection and to also decode the system's timestamp from an SMB
response. [Ron at SkullSecurity]
o Merged in my nmap-exp/jurand/ branch that involves the Context
Sensitive help system for the Profile Editor. The purpose of the
Profile Editor is to allow you to assemble an nmap command to run
in the Zenmap program by using graphical selection of text and
checkbox input. The new help system allows you to mouse over options
used in the Profile Editor and to display a bit of an overview about
what it is used for and what proper input for that option is in the
help textbox. [Jurand Nogiec]
o Added a context-sensitive help system to the Zenmap Profile Editor.
You can now mouse-over options to learn more about what they are
used for and the proper argument syntax. [Jurand Nogiec]
o Compiled the Context Sensitive Help texts along with David Fifield
in the profile_editor.xml file. [Jurand Nogiec]
o Rewrote the Icons.py get_os to use the osclass versus doing
pattern-matching on os_match. Also, added get_best_osclass to match
get_best_osmatch. [Jurand Nogiec]
o Fixed the bug where Ports/Hosts Version tabs are not populated with
the full data (i.e. "OpenSSH 4.3" vs "OpenSSH 4.3 (protocol 2.0)").
[Jurand Nogiec]
o Improvements to the Terminate scan fix, which add the function that
the cancel button for scan is only usable during an actual scan and
allows one to save partial results. [Jurand Nogiec]
o Made change that allows for graceful way for cancelling a Scan in
progress without losing the data obtained so far. I have added a
"Cancel" button that will cancel a Scan within the current tab.
The "Scanning" status is changed to "Cancelled" when the button is
clicked. [Jurand Nogiec]
o Fixed the problem where scans loaded from an XML file did not
necessarily reflect the profile and target that was shown in the
interface. I completed this by fixing that the same parse_result
method was called by both the XML "live-scan temporary" and
"save-scan" from a file, and made separate cases. [Jurand Nogiec]
o This modification handles the problem where if a user modifies the
command entry field, Zenmap does not necessarily execute this
command and instead it will follow what the Target/Entry fields
specify instead. This can lead to unpredictable results for the
end-user, which must be avoided. This avoids a bug where if you
edited a command, then selected a different target, the edited
command line would be replaced with one from the currently selected
profile. [Jurand Nogiec]
o Documentation for the ScanToolbar.py and ScanNotebook.py files in
zenmap/zenmapGUI folder. [Jurand Nogiec]
o Nsock now returns data from UDP packets individually, preserving the
packet boundary, rather than concatenating the data from multiple
packets into a single buffer. This fixes a problem related to our
reverse-DNS system, which can only handle one DNS packet at a time.
Thanks to Tim Adam of ManageSoft for debugging the problem and
sending the patch. Doug Hoyte helped with testing, and it was
applied by Fyodor.
o Fyodor made a number of performance tweaks, such as:
o increase host group sizes in many cases, so Nmap will now commonly
scan 64 hosts at a time rather than 30
@@ -135,11 +46,6 @@ o Fyodor made a number of performance tweaks, such as:
receiving enough responses to normal scan to properly calculate
timing variables and detect packet drops.
o Added the undocumented (except here) --nogcc option which disables
global/group congestion control algorithms and so each member of a
scan group of machines is treated separately. This is just an
experimental option for now. [Fyodor]
o Added a new NSE Unpwdb (username/password database) library for
easily obtaining usernames or passwords from a list. The functions
usernames() and passwords() return a closure which returns a new
@@ -147,60 +53,122 @@ o Added a new NSE Unpwdb (username/password database) library for
can specify your own username and/or password lists via the script
arguments userdb and passdb, respectively. [Kris]
o The Ports/Hosts display in Zenmap now has different colors for open
and closed ports. [Vladimir]
o Nmap's Nsock-utilizing subsystems (DNS, NSE, version detection) have
been updated to support the -S and --ip-options flags. [Kris]
o Fixed the "resolution errors not showing up" bug. Actually, from now
on, all errors will be displayed properly in the Zenmap window,
since stderr is also redirected there (until now, only stdout was
displayed). [Vladimir]
o A new --max-rate option was added, which complements --min-rate. It
allows you to specify the maximum byte rate that Nmap is allowed to
send packets. [David]
o NSE now works with the Ping Scan (-sP) to execute host
scripts. [Kris]
o Enabled nmap to switch between multiple types of timing pings during
port scanning. The order preferences of timing probes were also
improved. This speeds up scans against certain firewalled hosts. [Michael]
o [NSE] nse_string has been removed and equivalent, cleaner,
procedures have been moved to nse_main and nse_nsock. [Patrick]
o [NSE] Case insensitive categories. [Patrick]
o [NSE] Porttests and Hosttests tables are now in the Lua registry
where they belong. [Patrick]
o [NSE] Each thread for a script gets its own action closure (and
upvalues). See: http://seclists.org/nmap-dev/2008/q2/0549.html
[Patrick]
o [NSE] script_scan_result structure has been changed to a class,
ScriptResult, that now uses std::strings to hold a Script's output
and id. This alleviates the need to manage memory on the heap
explicitly (malloc & free). [Patrick]
o [NSE] The runlevel structure has been placed in the thread record
structure so we no longer need to manage the runlevel explicitly on
the heap. [Patrick]
o Fixed host discovery probe matching when looking at the returned TCP
data in an ICMP error message. This could lead to incorrectly
discarded responses and the debugging error message: "Bogus trynum
or sequence number in ICMP error message" [Kris]
o Added IPProto Ping (-PO) support to Traceroute, and fixed support for
IPProto Scan (-sO) and the ICMP Pings (-PE, -PP, -PM) in Traceroute
as well. These would cause Nmap to hang during Traceroute. [Kris]
o Fixed a segmentation fault in Nsock which occurred when calling
nsock_write() with a data length of -1 (which means the data is a
NULL-terminated string and Nsock should take the length itself) and
the Nsock trace level was at least 2. [Kris]
o Added --ip-options support for the connect() scan (-sT). [Kris]
o Nsock now supports binding to a local address and setting IPv4
options with nsi_set_localaddr() and nsi_set_ipoptions(),
respectively. [Kris]
o Nmap's Nsock-utilizing subsystems (DNS, NSE, version detection) have
been updated to support the -S and --ip-options flags. [Kris]
o Added IPProto Ping (-PO) support to Traceroute, and fixed support for
IPProto Scan (-sO) and the ICMP Pings (-PE, -PP, -PM) in Traceroute
as well. These could cause Nmap to hang during Traceroute. [Kris]
o Added --ip-options support for the connect() scan (-sT). [Kris]
o Added a "Cancel" button to Zenmap which allows you to cancel a scan
in progress without losing the Nmap output obtained so far. [Jurand
Nogiec]
o Improve the nebtios-smb-os-discovery NSE script to improve target
port selection and to also decode the system's timestamp from an SMB
response. [Ron at SkullSecurity]
o The NSE http library now supports chunked encoding. [Sven Klemm]
o The NSE datafiles library now has generic file parsing routines, and
the parsing of the standard nmap data files (e.g. nmap-services,
nmap-protocols, etc.) now uses those generic routines. NSE scripts
and libraries may find them useful for dealing with their own data
files, such as password lists. [Jah]
o Added some Windows and MinGW compatibility patches submitted by
Gisle Vanem.
o Fix a cosmetic bug in --script-trace hex dump output which resulting
in bytes with the highest bit set being prefixed with ffffff. [Sven
Klemm]
o Updated rpcinfo NSE script to use the new pack/unpack (binlib)
functions, use the new tab library, include better documentation, and
fix some bugs. [Sven Klemm]
o Fix a bug in the NSE http library which would cause some scripts to
give the error: SCRIPT ENGINE: C:\Program
Files\Nmap\nselib/http.lua:77: attempt to call field 'parse' (a nil
value) [Jah]
o Fixed a Makefile problem (race condition) which could lead to build
failures when launching make in parallel mode (e.g. -j4). [Michal
Januszewski]
o Added new addrow() function to NSE tab library. It allows
developers to add a whole row at once rather than doing a separate
add() call for each column in a row. [Sven Klemm]
o Fixed a number of NSE scripts which used print_debug()
incorrectly. See
http://seclists.org/nmap-dev/2008/q3/0470.html. [Sven Klemm].
o The Zenmap Ports/Hosts view now provides full version detection
values rather than just a simple summary. [Jurand Nogiec]
o Zenmap: When you edit the command-entry field, then change the
target selection, Nmap no longer blows away your edits in favor of
using your current profile. [Jurand Nogiec]
o Nsock now returns data from UDP packets individually, preserving the
packet boundary, rather than concatenating the data from multiple
packets into a single buffer. This fixes a problem related to our
reverse-DNS system, which can only handle one DNS packet at a time.
Thanks to Tim Adam of ManageSoft for debugging the problem and
sending the patch. Doug Hoyte helped with testing, and it was
applied by Fyodor.
o Added the undocumented (except here) --nogcc option which disables
global/group congestion control algorithms and so each member of a
scan group of machines is treated separately. This is just an
experimental option for now. [Fyodor]
o The Ports/Hosts display in Zenmap now has different colors for open
and closed ports. [Vladimir]
o Fixed Zenmap so that it displays all Nmap errors. Previously, only
stdout was redirected into the window, and not stderr. Now they are
both redirected. [Vladimir]
o NSE can now be used in combination with ping scan (e.g. "-sP
--script") so that you can execute host scripts without needing to
perform a port scan. [Kris]
o [NSE] Category names are now case insensitive. [Patrick]
o [NSE] Each thread for a script now gets its own action closure (and
upvalues). See: http://seclists.org/nmap-dev/2008/q2/0549.html
[Patrick]
o [NSE] The script_scan_result structure has been changed to a class,
ScriptResult, which now holds a Script's output in an std::string.
This removes the need to use malloc and free to manage this memory.
A similar change was made to the runlevel structure. [Patrick]
o Fixed host discovery probe matching when looking at the returned TCP
data in an ICMP error message. This could formerly lead to
incorrectly discarded responses and the debugging error message:
"Bogus trynum or sequence number in ICMP error message" [Kris]
o Fixed a segmentation fault in Nsock which occurred when calling
nsock_write() with a data length of -1 (which means the data is a
NUL-terminated string and Nsock should take the length itself) and
the Nsock trace level was at least 2. [Kris]
o The NSE Comm library now defaults to trying to read as many bytes as
are available rather than lines if neither the "bytes" nor "lines"
@@ -209,14 +177,9 @@ o The NSE Comm library now defaults to trying to read as many bytes as
o Updated zoneTrans.nse to replace length bytes in returned domain
names to periods itself rather than relying on NSE's old behavior of
replacing non- printable characters with periods. Thanks to Rob
replacing non-printable characters with periods. Thanks to Rob
Nicholls for reporting the problem. [Kris]
o Changed the order preference of timing ping probes. [Michael]
o Enabled nmap to switch between multiple types of timing pings during
port scanning. [Michael]
o Some Zenmap crashes have been fixed: trying to "refresh" the output
of a scan loaded from a file, and trying to re-save a file loaded
from the command line in some circumstances. [David]
@@ -226,49 +189,45 @@ o The file selector in Zenmap now remembers what directory it was last
o Zenmap defaults to showing files matching both *.xml and *.usr in
the file selector. Previously it only showed those matching *.usr.
The new combined format will be XML and .usr will be deprecated.
See http://seclists.org/nmap-dev/2008/q3/0093.html .
o Nmap avoids printing the sending rate in bytes per second during a
TCP connect scan. Because the number of bytes per probe is not
known, it used to print Current sending rates: 11248.85 packets / s,
0.00 bytes / s. Now it will print simply Current sending rates:
11248.85 packets / s.
known, it used to print current sending rates: 11248.85 packets / s,
0.00 bytes / s. Now it will print simply print rates like "11248.85
packets / s". [David]
o Nmap's makefile will now install menu items for launching zenmap as
a privileged or non-privileged process on linux. This will mainly
effect people who install nmap and zenmap directly from the source
code. [Michael]
o Nmap's installation process now install menu items for launching
zenmap as a privileged or non-privileged process on Linux. This will
mainly effect people who install nmap and zenmap directly from the
source code. [Michael]
o Nmap will no longer misreport a localhost-responce during -PN scans
o Nmap no longer misreports a localhost-response during -PN scans
[Michael]
o There is a new --max-rate option complementary to
--min-rate. [David]
o The higwidgets Python package used by Zenmap has been made a
subpackage of zenmapGUI. This is to avoid naming conflicts with
Umit, which uses a slightly different version of higwidgets. [David]
o A bug that could cause some host discovery probes to be incorrectly
interpreted as drops was fixed. This occurred only when the IP
protocol ping (-PO) option was combined with other ping
types. [David]
o The NSE C modules in nselib-bin are now linked explicitly against
liblua. Before this, loading such modules from a static build of
Nmap failed, leading to this error whenever one was used:
SCRIPT ENGINE: error while initializing script rules:
error loading module 'bit' from file '/usr/libexec/nmap/nselib-bin/bit.so':
/usr/libexec/nmap/nselib-bin/bit.so: undefined symbol: lua_pushnumber
Because RPM builds are static this fixes NSE C modules in
RPMs. [David]
o A new attribute has been added to XML output, scanflags, which lists
o A new scanflags attribute has been added to XML output, which lists
all user specified --scanflags for the scan. nmap.dtd has been
modified to account for this. [Michael]
o The loading of the nmap-services file has been made faster. In the
common case using the default nmap-services file loading was
measured to be over nine times faster.
o The loading of the nmap-services file has been made much
faster--roughly 9 times faster in common cases. This is important
for the new (much larger) frequency augmented nmap-services
file. [David]
o The shtool build helper script has been updated to version 2.0.8. An
older version of shutil caused installation to fail when the locale
was set to et_EE. Thanks to Michal Januszewski for the bug report.
was set to et_EE. Thanks to Michal Januszewski for the bug
report. [David]
o Nmap sometimes sent packets with incorrect IP checksums,
particularly when sending the UDP probes in OS detection. This has
@@ -284,11 +243,7 @@ o Zenmap no longer leaves any temporary files lying around. [David]
o Nmap only prints an uptime guess in verbose mode now, because in
some situations it can be very inaccurate. See the discussion at
http://seclists.org/nmap-dev/2008/q3/0392.html.
o The higwidgets Python package used by Zenmap has been made a
subpackage of zenmapGUI. This is to avoid naming conflicts with
Umit, which uses a slightly different version of higwidgets. [David]
http://seclists.org/nmap-dev/2008/q3/0392.html. [David]
Nmap 4.68 [2008-6-28]