General:
- Added support for Pre and Post scan NSE output. Index links at top only appear if
the sections exist.
- Host that are offline are now in a collapsible div element and collapsed by default.
- Added HTML Doctype of HTML 4.01 Strict, tidies up parsing
- The display for closed and filtered ports has been changed. By default the information
for closed and filtered ports is filtered from the tables if JavaScript is enabled.
The column header now has clickable links that will display each. The links indicate
the counts of each type (closed vs filtered) in the current table so that the user
can see at a glance if there is anything hidden. When printing the document the
printout will reflect the current status (hidden vs unhidden) of the ports. The
clickable links themselves are also not output when printing.
- There is also a floating box in the lower right hand corner of the display that contains
links that will toggle showing and hiding of ports in these states for the entire
document. This floating box contains a link to the top of the document as well.
- Traceroute - rearranged output, now uses a collapsible div element that is collapsed
by default.
- Host / Ping results section has been moved to a collapsible div element named Misc
Results. This element is collapsed by default.
- Remote OS Detection OS match wording is now more like Nmap normal output -
OS type (accuracy) instead of separate lines for os match and accuracy
- Changed how host index HTML anchors are created in order to deal with a warning about
the name attribute being deprecated
- Fixed a bug in the port script output that caused it to only span 5 columns instead of
6. Tested this with various levels of debug, verbosity, etc to make sure that the
number of columns does not change.
- Changed nmap_xsl_version variable from 9b to 9c, Changed the last updated date in the
header to be today's date (2010.12.28)
- Added Nmap version number to Scan summary section
- Wording of verbosity/debug levels changed/simplified.
- HTML title and first header wording changed.
- Added MAC vendor to host address section
- Changed host index to the format of hostname (IP) where preference is given to the
user supplied hostname.
General Style Changes:
- Changed color of script output cells in port table as well as hostscript and prescan
result tables slightly to make visual parsing easier
- First header (Nmap Scan Report..) color changed to use Nmap purple
- Closed and Filters ports - background color is now grey
- Down hosts are now denoted with a grey background in both the host index (top) and
body of results
OS Fingerprint:
- Fingerprint block now uses a collapsible div element. The block is collapsed by
default if the OS fingerprint is only present due to increased verbosity or debugging.
- Removed referenced fingerprint data ( reference fingerprint line number: 1000 )
- Reworded some sections of text for flow and readability.
Removed elements:
- Scan info Section - code was in place but has not been visible for some time. After
testing a few arrangements it was decided to just remove the data and code altogether.
- Runstats section, replaced by standard nmap completion string in the Scan Summary section
Open items:
1. Device types - currently have issues with output data consistency and formatting when
pulling a distinct list.
2. What criteria / counts should be used in situations described below? For example,
how many fingerprints are too many? How do we know if the fingerprint is high enough
quality to submit given that it may just be present due to the use of -v or -d?
> o It would be great to describe the OS detection results better.
> For example, if there are no exact matches, normal Nmap says "No
> exact OS matches for host ", followed up with "(test conditions
> non-ideal)" if that is the case. I think we should give a warning
> like this. Also, in the case that there are too many matches,
> normal Nmap says "Too many fingerprints match this host to give
> specific OS details"
> o If there are no exact matches, and Nmap feels that the quality is
> high enough for a submission, it would be great if the OS
> detection section would encourage the user to submit, just like
> normal Nmap does.
3. Does the OS fingerprint need to be printed (to paper/PDF) at all? The only scenario
that I could think of where this would be useful would be if the file was 'printed'
to digital media such as PDF.
4. Does the table of ports need to be changed so that closed and and filtered ports
are always printed (to paper/PDF) as opposed to printing in the format that is
currently displayed? My concern here is processes that automatically convert
documents, for example to PDF format.
Service fingerprints are supposed to be wrapped at 74 columns. The first
line was sometimes 148 columns because the preamble,
SF-Port1234-TCP:V=5.36TEST2%I=7%D=12/15%Time=4D096053%P=i686-pc-windows-windows
wasn't allowed to be wrapped, so this problem occurred whenever the
preamble was longer than 74 bytes.
to {"auth", "intrusive", "vuln"}. The first categories are the same as
in realvnc-auth-bypass, which would seems to be a very similar script,
but netbus-auth-bypass can have the additional side effect of breaking
future authentication attempts for all users, which is solidly
intrusive.
remote administration/backdoor program.
- netbus-info: gets configuration information.
- netbus-brute: guesses passwords.
- netbus-version: distinguishes NetBus from NetBuster, a program
that mimics the protocol but doesn't actually allow any
operations.
- netbus-auth-bypass: Checks for a bug in the server that allows
connecting without a password.
