PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity

A bit more work on the CHANGELOG, though still lots of cleanup remaining

Browse Source
This commit is contained in:
fyodor
2012-11-16 00:43:38 +00:00
parent 5f5d246620
commit f91bc7a100
1 changed files with 57 additions and 287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

344
CHANGELOG
View File

@@ -1,38 +1,42 @@
# Nmap Changelog ($Id$); -*-text-*-
o Add summer of code results.
Nmap 6.20BETA1 [2012-11-15]
o Scripts can now return a structured name-value table so that results
are queryable from XML output. Scripts can return a string as before,
or a table, or a table and a string. In this last case, the table will
go to XML output and the string will go to screen output.
[Daniel Miller, David Fifield, Patrick Donnelly]
o Many of the great features in this release were created by college
and grad students generously sponsored by Google's Summer of Code
program. Thanks, Google Open Source Department! This year's team
of five developers is introduced at
http://seclists.org/nmap-dev/2012/q2/204 and their successes
documented at http://seclists.org/nmap-dev/2012/q4/138
o [Nsock] Added new poll and kqueue engines. [Henri Doreau]
o [Ncat] Use the fallback nsock engine by default in order to maximize
compatibility between systems and use cases. [Henri Doreau]
o [Ncat] Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode. [Tomas Hozza]
o [NSE] Added snmp-hh3c-logins by Kurt Grutzmacher. This script uses a
weakness in the SNMP of certain modems to retrieve a list of
usernames and passwords.
o [Nsock] Fixed compilation on Windows XP by restricting the use
of the poll engine to Vista and later. [Gisle Vanem]
o [NSE] Added support for ECDSA keys to ssh-hostkey.nse. [Adam Števko]
o [Ncat] Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode. These provide compatability
with Hobbit's original Netcat. [Tomas Hozza]
o [Nsock] Added new poll and kqueue engines. [Henri Doreau]
o Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes. [David Fifield]
o [Zenmap] Corrected some typos in the Japanese translation.
[OKANO Takayoshi]
o Changed the CPE for Linux from cpe:/o:linux:kernel to
cpe:/o:linux:linux_kernel to reflect deprecation in the official CPE
dictionary.
o Fixed a bug that caused an incorrect source address to be set when
scanning certain addresses (apparently those ending in .0) on
Windows XP. The symptom of this bug was the messages
get_srcaddr: can't connect socket: The requested address is not valid in its context.
Failed to convert source address to presentation format!?! Error: Unknown error
Thanks to Robert Washam and Jorge Hernandez for reports and help
debugging. [David Fifield]
o Moved some Windows dependencies, including OpenSSL, libsvn, and the
vcredist files, into a new public Subversion directory
/nmap-mswin32-aux. This reduces the size of source code
distributions for users who don't need these files. Those who build
on Windows will need to check out /nmap-mswin32-aux in parallel to
their nmap checkout as described at
http://nmap.org/book/inst-windows.html#inst-win-source.
o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
are all listed at http://nmap.org/nsedoc/, and the summaries are
@@ -402,13 +406,23 @@ o [NSE] Added 85(!) NSE scripts, bringing the total up to 433. They
in a traceroute and optionally saves the results to a KML file,
plottable on Google earth and maps. [Patrik Karlsson]
o [NSE] Added support for ECDSA keys to ssh-hostkey.nse. [Adam Števko]
o Changed the CPE for Linux from cpe:/o:linux:kernel to
cpe:/o:linux:linux_kernel to reflect deprecation in the official CPE
dictionary.
o Fixed a bug that caused an incorrect source address to be set when
scanning certain addresses (apparently those ending in .0) on
Windows XP. The symptom of this bug was the messages
get_srcaddr: can't connect socket: The requested address is not valid in its context.
Failed to convert source address to presentation format!?! Error: Unknown error
Thanks to Robert Washam and Jorge Hernandez for reports and help
debugging. [David Fifield]
o Added some additional CPE entries to nmap-service-probes.
[Dillon Graham]
o Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes. [David Fifield]
o Fixed an assertion failure with IPv6 traceroute trying to use an
unsupported protocol:
nmap: traceroute.cc:749: virtual unsigned char*
@@ -416,23 +430,12 @@ o Fixed an assertion failure with IPv6 traceroute trying to use an
`source->ss_family == 2' failed.
This was reported by Pierre Emeriaud. [David Fifield]
o [NSE] Added oracle-brute-stealth which exploits CVE-2012-3137, a weakness
in the Oracle O5LOGIN authentication scheme. [Dhiru Kholia]
o Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e option is honored. [David Fifield]
o Upgraded the included OpenSSL to version 1.0.1c. [David Fifield]
o Moved some Windows dependencies, including OpenSSL, libsvn, and the
vcredist files, into a new public Subversion directory
/nmap-mswin32-aux. This reduces the size of source code
distributions for users who don't need these files. Those who build
on Windows will need to check out /nmap-mswin32-aux in parallel to
their nmap checkout as described at
http://nmap.org/book/inst-windows.html#inst-win-source.
o Changed libdnet's routing interface to return an interface name for
each route on the most common operating systems. This is used to
improve the quality of Nmap's matching of routes to interfaces,
@@ -457,13 +460,6 @@ o Fixed a bug that prevented Nmap from finding any interfaces when one
o Fixed protocol number-to-name mapping. A patch was contributed by
hejianet.
o [NSE] Added cassandra-brute and cassandra-info by Vlatko Kosturjak,
scripts for the Apache Cassandra database.
o [NSE] Added ipv6-ra-flood script by Adam Števko. This script sends a
flood of router advertisements, which can DoS certain operating
systems including Windows.
o [NSE] The nmap.ip_send function now takes a second argument, the
destination to send to. Previously the destination address was taken
from the packet buffer, but this failed for IPv6 link-local
@@ -471,8 +467,6 @@ o [NSE] The nmap.ip_send function now takes a second argument, the
ip_send without a destination address will continue to use the old
behavior, but this practice is deprecated.
o Added http fingerprints for Sitecore CMS. [Jesper Kückelhahn]
o Increased portability of configure scripts on systems using a libc
other than Glibc. Several problems were reported by John Spencer.
@@ -480,7 +474,8 @@ o [NSE] Fixed a bug in rpc-grind.nse that would cause unresponsive UDP
ports to be wrongly marked open. This was reported by Christopher
Clements. [David Fifield]
o [Ncat] Close connection endpoint when receiving EOF on stdin. [Michal Hlavinka].
o [Ncat] Close connection endpoint when receiving EOF on
stdin. [Michal Hlavinka].
o Fixed interface listing on NetBSD. The bug was first noticed by
Fredrik Pettai and diagnosed by Jan Schaumann. [David Fifield]
@@ -493,74 +488,30 @@ o Protocol scan (-sO) probes for TCP, UDP, and SCTP now go to ports
80, 40125, and 80 respectively, instead of being randomly generated
or going to the same port as the source port. [David Fifield]
o [NSE] Added msrpc-enum script which queries MSRPC endpoint mapper for
available services and their information. [Aleksandar Nikolic]
o Made source port numbers (used to encode probe metadata) increment
so as not to overlap between different scanning phases. Previously
it was possible for an RST response to an ACK probe from host
discovery to be misinterpreted as a reply to a SYN probe from port
scanning. [Sean Rivera, David Fifield]
o [NSE] Updated mssql.lua library to support additional data types, enhanced
some of the existing data types, added the DoneProc response token, and
reordered code for maintainability. [Tom Sellers]
o [NSE] Added http-slowloris-check script which checks if the server is vulnerable
to a Slowloris DoS attack in a safe way. [Aleksandar Nikolic]
o [NSE] Updated mssql.lua library to support additional data types,
enhanced some of the existing data types, added the DoneProc
response token, and reordered code for maintainability. [Tom
Sellers]
o Removed pos_scan scan engine as the old implementation of RPC grind was the
last scan type to use it. [Hani Benhabiles]
o [NSE] Replaced old rpc grind implementation with a new NSE based implementation
for easier maintainability and improved performance. [Hani Benhabiles]
o [NSE] Replaced old rpc grind implementation with a new NSE based
implementation for easier maintainability and improved
performance. [Hani Benhabiles]
o [NSE] Added broadcast-pim-discovery script which discovers routers that are
running PIM (Protocol Independant Multicast). [Hani Benhabiles]
o [NSE] Added mtrace script which queries for the multicast path from a source
to a destination host. [Hani Benhabiles]
o [NSE] Added broadcast-eigrp-discovery script which does network discovery and
information gathering through Cisco's EIGRP protocol. [Hani Benhabiles]
o [NSE] Added eigrp.lua library which supports parsing and generating a small subset
of Cisco's EIGRP packets. [Hani Benhabiles]
o [NSE] Added llmnr-resolve script which resolves a hostname by using the LLMNR
(Link-Local Multicast Name Resolution) protocol. [Hani Benhabiles]
o [NSE] Added broadcast-igmp-discovery script which discovers and outputs
interesting information from targets that have multicast groups memberships.
[Hani Benhabiles]
o Scripts can now return a structured name-value table so that results
are queryable from XML output. Scripts can return a string as before,
or a table, or a table and a string. In this last case, the table will
go to XML output and the string will go to screen output.
[Daniel Miller, David Fifield, Patrick Donnelly]
o [NSE] Added JDWP library, jdwp-info, jdwp-exec and jdwp-inject scripts and
needed classes. [Aleksandar Nikolic]
o [NSE] Added a BJNP library and the scripts broadcast-bjnp-discover and
bjnp-discover. [Patrik Karlsson]
o [NSE] Added eigrp.lua library which supports parsing and generating
a small subset of Cisco's EIGRP packets. [Hani Benhabiles]
o [NPING] Nping now prints out an error and exists when the user tries to use
the -p flag for a scan option where that is meaningless. [Sean Rivera]
o [NSE] Added smb-print-text script which prints specified text using SMB
shared printer. [Aleksandar Nikolic]
o [NSE] Added mrinfo script which queries a target router for multicast
information. [Hani Benhabiles]
o [NSE] Added ssl-date script which gets server's time from SSL ServerHello
reply server random part. [Aleksandar Nikolic]
o [NSE] Added smb-vuln-ms10-61 script which checks the target system for MS10-061
vulenrability in spoolss service in a safe way. [Aleksandar Nikolic]
o [NSE] Added spoolss functions and constrants to msrpc.lua. [Aleksandar Nikolic]
o [NSE] Reduced the number of names tried by http-vhosts by default.
@@ -568,16 +519,6 @@ o [NSE] Reduced the number of names tried by http-vhosts by default.
o Linux unreachable routes are now properly ignored. [David Fifield]
o [NSE] Added smb-vuln-ms10-054 script which check the target system for MS10-054
vulnerability in SMB. [Aleksandar]
o [NSE] Added rdp library and the script rdp-enum-encryption that enumerates
both the Security Layer and Encryption level of the RDP service. [Patrik
Karlsson]
o [NSE] Added flume-master-info by John Bond. This script gets info
from Apache Flume, which is a log collection service.
o Fixed a bug that prevented Nmap from finding any interfaces when any
interface had the type ARPHRD_VOID; this was the case for OpenVZ
venet interfaces. [Djalal Harouni, David Fifield]
@@ -585,10 +526,6 @@ o Fixed a bug that prevented Nmap from finding any interfaces when any
o [Zenmap] Fixed a crash when using the en_NG locale: "ValueError:
unknown locale: en_NG" [David Fifield]
o [NSE] Added http-get by Alex Weber. This script looks for a .git
repository directory accesible over HTTP and extracts useful
information from it.
o [NSE] Fixed some bugs in snmp-interfaces which prevented the script from
outputting discovered interface info and caused it to abort in the
pre-scanning phase. [jah]
@@ -596,16 +533,9 @@ o [NSE] Fixed some bugs in snmp-interfaces which prevented the script from
o [NSE] lltd-discovery scripts now parses for hostnames and outputs network
card manufacturer. [Hani Benhabiles]
o [NSE] Complete change to sip-enum-users script which now uses brute.lua for
enumeration and supports iterating over custom username lists and numeric
ranges. [Hani Benhabiles]
o Added protocol specific payloads for IPv6 hop-by-hop (0x00), routing (0x2b),
fragment (0x2c), and destination (0x3c). [Sean Rivera]
o [NSE] Added http-slowloris script which performes a slowloris DoS attack
against a Web server and reports if it's vulnerable or not. [Aleksandar Nikolic]
o Added a new --disable-arp-ping option. This option prevents Nmap
from implicitly using ARP or ND host discovery for directly
connected Ethernet targets. This is useful in networks using proxy
@@ -623,33 +553,13 @@ o [NSE] Added ospf library which handles OSPFv2 packets.
o [NSE] Fixed a false positive in http-vuln-cve2011-3192.nse, which detected
Apache 2.2.22 as vulnerable. [Michael Meyer]
o [NSE] Added changes to brute and unpwdb libraries to allow more flexible iterator
specification and control. [Aleksandar Nikolic]
o [NSE] Added ms-sql-dac script which queries the Microsoft SQL Browser service
for the DAC (Dedicated Admin Connection) port. [Patrik Karlsson]
o [NSE] Added irc-sasl-brute script which performs brute force password
auditing against IRC (Internet Relay Chat) servers supporting SASL
authentication. [Piotr Olma]
o [NSE] Added sip-methods script which enumerates a SIP server's allowed
methods. [Hani Benhabiles]
o [NSE] Added sip-call-spoof script which spoofs a call to a SIP phone and
detects the action taken by the target. [Hani Benhabiles]
o [NSE] Added changes to brute and unpwdb libraries to allow more
flexible iterator specification and control. [Aleksandar Nikolic]
o [NSE] Modified multiple scripts that operated against HTTP based services
so as to remove false positives that were generated when the target service
answers with a 200 response to all requests. [Tom Sellers]
o [NSE] Added metasploit-info script which uses Metasploit RPC service to get
information about the remote system. [Aleksandar Nikolic]
o [NSE] Added tls-nextprotoneg script which enumerates a TLS server's supported
protocols by using the next protocol negotiation extension.
[Hani Benhabiles]
o [NSOCK] Fixed an epoll-engine-specific bug. The engine didn't recognized FDs
that were internally closed and replaced by other ones. This happened during
reconnect attempts. Also, the IOD flags were not properly cleared.
@@ -663,17 +573,6 @@ o Added handling for the unexpected error WSAENETRESET (10052). This error is
currently wrapped in the ifdef for WIN32 as there error appears to be unique
to windows [Sean Rivera]
o [NSE] Added http-sitemap-generator script which spiders a web server
and displays its directory structure along with number and types
of files in each folder. [Piotr Olma]
o [NSE] Added a brute script for new Metasploit RPC interface as
metasploit-msgrpc-brute. [Aleksandar Nikolic]
o [NSE] Added the script firewall-bypass which detects a vulnerability in
netfilter and other firewalls that use helpers to dynamically open ports for
protocols such as ftp and sip. [Hani Benhabiles]
o Removed the log_errors variable. (Treating it as true everywhere). This
change did not effect the support for older scripts that still call it.
However nmap --log-errors now does nothing. Also updated the documentation to
@@ -704,25 +603,6 @@ o Made the various Makefiles' treatment of makefile.dep uniform:
o [Ncat] --output logging now works in UDP mode. Thanks to Michal
Hlavinka for reporting the bug. [David Fifield]
o [NSE] Added pcanywhere-brute script which bruteforces pcAnywhere server
for valid logins. [Aleksandar Nikolic]
o [NSE] Added http-rfi-spider script that spiders webservers in search of
remote file inclusion vulnerabilities. [Piotr Olma]
o [NSE] Added mysql-vuln-cve2012-2122 script which exploits an authentication
bypass vulnerability in MySQL/MariaDB to dump usernames and password hashes.
(CVE2012-2122) [Paulino Calderon]
o [NSE] Added http-frontpage-login script which tries to detect anonymous
login vulnerability in Frontpage Extensions. [Aleksandar Nikolic]
o [NSE] Added dns-nsec3-enum script which which abuses NSEC3 to enumerate
all domains on a DNS server. [Aleksandar Nikolic]
o [NSE] Added the script http-waf-fingerprint which tries to detect the presence of
a web application firewall and its type and version. [Hani Benhabiles]
o [NSE] More Windows 7 and Windows 2008 fixes for the smb library and smb-ls
scripts. [Patrik Karlsson]
@@ -736,39 +616,12 @@ o [NSE] Changed http-brute so that it works against the root path
o [NSE] Applied patch from Daniel Miller that fixes bug in several scripts and
libraries http://seclists.org/nmap-dev/2012/q2/593 [Daniel Miller]
o [NSE] Added the script smb-ls that lists files on SMB shares and produces
output similar to the dir command on Windows. [Patrik Karlsson]
o [Zenmap] Added Italian translation by Francesco Tombolini.
o [NSE] Added the script eppc-enum-processes that enumerates active
applications, their PID and the UID under which they run through the Apple
Remote Event protocol. [Patrik Karlsson]
o [NSE] Added the Internet Storage Name Service (iSNS) library and the
isns-info script that lists information about portals and iSCSI devices.
[Patrik Karlsson]
o [NSE] Added rmi-vuln-classloader which scans for machines vulnerable to
remote class loading. [Aleksandar Nikolic]
o [Zenmap] Added Italian translation by Francesco Tombolini and
Japanese translation b Yujiy Tounai. Some typos in the Japanese
translation were corrected by OKANO Takayoshi.
o [NSE] Rewrote mysql-brute to use brute library [Aleksandar Nikolic]
o [Zenmap] Added Japanese translation by Yuji Tounai.
o [NSE] Added the script icap-info, which tries to identify common ICAP
service names and list service and tag information. [Patrik Karlsson]
o [NSE] Added the script http-traceroute, which exploits the
Max-Forwards HTTP header to detect reverse proxies. [Hani Benhabiles]
o Added the script distcc-CVE-2004-2687 that checks and exploits a remote
command execution vulnerability in distcc. [Patrik Karlsson]
o Added two new scripts mysql-query and mysql-dump-hashes, which add support
for performing custom MySQL queries and dump MySQL password hashes. [Patrik
Karlsson]
o Improved the mysql library to handle multiple columns with the same name,
added a formatResultset function to format a query response to a table
suitable for script output. [Patrik Karlsson]
@@ -778,85 +631,12 @@ o The message "nexthost: failed to determine route to ..." is now a
this way are recorded in the XML output as "target" elements. [David
Fifield]
o [NSE] Added the script http-drupal-modules, which enumerates the installed
Drupal modules using drupal-modules.lst. [Hani Benhabiles]
o [NSE] Added the script dict-info, which retrieves information from a
DICT server, by issuing the SHOW SERVER command. [Patrik Karlsson]
o [NSE] Added the script gkrellm-info, which displays information retrieved
from the GKRellm monitoring service. [Patrik Karlsson]
o [NSE] Added the script ajp-request, which adds support for creating custom
Apache JServer Protocol requests. [Patrik Karlsson]
o [NSE] Added the script ajp-brute, which enables password brute force auditing
against the Apache JServ Protocol service. [Patrik Karlsson]
o [NSE] Added the script broadcast-tellstick-discover, which discovers Telldus
Technologies TellStickNet devices on the LAN. [Patrik Karlsson]
o [NSE] Added the Apache JServer Protocol (AJP) library and the scripts
ajp-methods, ajp-headers and ajp-auth. [Patrik Karlsson]
o Nmap's development pace has increased because Google (again)
sponsored 5 full-time college and graduate student programmer
interns this summer as part of their Summer of Code program!
Thanks, Google Open Source Department! We're delighted to introduce
the team: http://seclists.org/nmap-dev/2012/q2/204
o [NSE] Added the script mmouse-exec that connects to a Mobile Mouse server,
starts an application, and sends a sequence of keystrokes to it. [Patrik
Karlsson]
o [NSE] Added the script mmouse-brute that performs brute force password
auditing against the Mobile Mouse service. [Patrik Karlsson]
o [NSE] Added the script cups-queue-info that lists the contents of a remote
CUPS printer queue. [Patrik Karlsson]
o [NSE] Added the script ip-forwarding that detects devices that have IP
forwarding enabled (acting as routers). [Patrik Karlsson]
o [NSE] Added the script dns-check-zone that checks DNS configuration against
best practices including RFC 1912. [Patrik Karlsson]
o [NSE] Added the http-gitweb-projects-enum that queries a gitweb for a list
of Git projects, their authors and descriptions. [riemann]
o [NSE] targets-sniffer now is capable of sniffing IPv6 addresses.
[Daniel Miller]
o [NSE] Added the script traceroute-geolocation that queries geographic
locations of each traceroute hop and allows to export the results to KLM,
allowing the hops to be plotted on a map. [Patrik Karlsson]
o [NSE] Added the ipp library and the script cups-info that lists available
printers by querying the cups network daemon. [Patrik Karlsson]
o [NSE] Added the mobilme library and the scripts http-icloud-findmyiphone and
http-icloud-sendmsg, that finds the location of iOS devices and provides
functionality to send them messages. [Patrik Karlsson]
o [NSE] Added gps library and the gpsd-info script that collects GPS data
from the gpsd daemon. [Patrik Karlsson]
o [NSE] Ported the pop3-brute script to use the brute library.
[Piotr Olma]
o [NSE] Added hostmap-robtex.nse by Arturo Busleiman, which finds other
domain names sharing the IP address of the target.
o [NSE] Added http-robtex-shared-ns by Arturo Busleiman, finding
domain names that share the same name server as the target.
o [NSE] Added the script http-vlcstreamer-ls which queries the VLC Streamer
helper service for a list of files in a given directory. [Patrik Karlsson]
o [NSE] Added script http-virustotal that allows checking files, or hashes
of previously scanned files, against the major antivirus engines. [Patrik
Karlsson]
o [NSE] Added an error message indicating script failure, when Nmap is being
run in non verbose/debug mode. [Patrik Karlsson]
@@ -864,16 +644,6 @@ o Service-scan information is now included in XML and grepable output
even if -sV wasn't used. This information can be set by scripts in the
absence of -sV. [Daniel Miller]
o [NSE] Added the script dns-ip6-arpa-scan which uses a very efficient
technique to scan the ip6.arpa zone for PTR records. [Patrik Karlsson]
o [NSE] Added new script http-drupal-users-enum, which enumerates all available
Drupal user accounts by exploiting a vulnerability in the Views module.
[Hani Benhabiles]
o [NSE] Added new script broadcast-ataoe-discover, which discovers ATA over
Ethernet capable devices through LAN ethernet broadcasts. [Patrik Karlsson]
Nmap 6.01 [2012-06-16]
o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7. A symptom