SSLStrip is not the only service to respond to the GenericLines probe
with the "HTTP 400 Bad Request" match: TwistedWeb and at least one
home router does too. The softmatch will allow these other services
to be queried by more specific probes.
It would obviously be better to find a better way of matching SSLStrip
and this softmatch may yet be deleted if it causes services to be
erroneously labelled as sslstrip where there is no better match.
See thread at http://seclists.org/nmap-dev/2014/q1/337
The HLIM feature was miscategorizing probes where the route from the
target was shorter than the route to the target. This would result, e.g.
in a distance calculation of 9 and a received hop limit of 57. Adding
the distance to the hop limit remaining gave a guessed initial hop limit
of 66, which would exceed the "64" category. In IPv4 fingerprints, we
put the TG test (initial TTL guess) as a range of 5 up or down from the
expected number to allow for this and other interference. This patch
does the same for IPv6.
- smb-ls parameter `path` is now optional (defaults to '\').
- smb-ls parameter `maxdepth` now defaults to 1 (no recursion)
instead of 0 (infinite recursion).
- smb-ls has a new `shares` parameter to specify a comma-separated
list of shares to browse.
- smb-enum-shares adds found shares to an array in the host
registry, and smb-ls uses this array when no `share` or `shares`
parameter have been specified.
Patch by Pierre LALET <pierre.lalet@cea.fr>
In addition to silencing an unnecessary fatal error when nmap-os-db is
not found but user has requested -6, this should make start times a bit
more efficient, since only 1 or the other database is loaded. Patch by
Alexandru Geana
Fixes#97
Increased rarity of TLSSessionReq from 2 to 7, since SSLSessionReq
should catch most things.
Moved some obvious SSL ports (989-995) to sslports directives.
Added a few SSL ports to the existing SSL* probes.
