smtp-enum-users.method script argument was changed to
smtp-enum-users.methods and now takes an array. 252 and 550 error codes
are handled now. In verbose mode, the method used is included in the
output.
slower one-at-a-time enumeration method that has proved to be more
robust. Other changes:
- Fixes the "malformed packet" bug.
- Treats RSTs as rejections, not fatal errors.
- Adds some obsolete ciphers that were requested.
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
- SSL_RSA_FIPS_WITH_DES_CBC_SHA
- Adds some other cipher definitions.
- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
- TLS_DHE_DSS_WITH_RC4_128_SHA
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
- TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
- TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
gather round-trip times for each port. The script then uses these
times to group together ports with statistically equivalent RTTs.
Ports in different groups could be the result of things such as port
forwarding to hosts behind a NAT. This is based on work by Doug
Hoyte. [Kris]
nfs-showmount scripts to use the new library. The new scripts are:
- nfs-acls shows the owner and directory mode of NFS exports
- nfs-dirlist lists the contents of NFS exports
- nfs-statfs shows file system statistics for NFS exports
[Patrik]
entries:
o [NSE] Raw packet sending at the IP layer is now supported, in addition to
the Ethernet sending functionality. Packets to send start with an IPv4
header and can be sent to arbitrary hosts. [Kris]
o [NSE] Added the ipidseq script to classify a host's IP ID sequence numbers
in the same way Nmap does. This can be used to test hosts' suitability for
Nmap's Idle Scan (-sI), i.e. check if a host is an idle zombie. This is
the first script to use the new raw IP sending functionality in NSE. [Kris]
o [NSE] Added the function nmap.is_privileged() to tell a script if, as far
as Nmap's concerned, it can do privileged operations. For instance, this
can be used to see if a script should be able to open a raw socket or
Ethernet interface. [Kris]
o [NSE] Added the function nmap.get_ports() to allow a script to iterate
over a host's port tables matching a certain protocol and state. [Kris,
Patrick]
recommendation from Daniel Roethlisberger. TRACE is interesting because
it can be used to get cookies or authentication data in a cross-site
scripting attack. See http://www.owasp.org/index.php/Cross_Site_Tracing.
methods it discovers are in (GET, HEAD, POST, OPTIONS, TRACE). In
verbose mode, or if any other method is discovered, it prints all
methods (and optionally retests them). See
http://seclists.org/nmap-dev/2010/q1/401.
make use of it. Added 5 scripts that use the new libraries:
- snmp-netstat shows listening and connected sockets
- snmp-processes shows process information including name, pid, path and
parameters
- snmp-win32-services shows the names of running Windows services
- snmp-win32-shares shows the names and path of Windows shares
- snmp-win32-software shows a list of installed Windows software
- snmp-win32-users shows a list of local Windows users
the script indicating where to download it if it is not available. Make
the script check whether the file is the normal binary from 5.20 or
before, or the XOR-encoded binary from 5.21.
This script sends an HTTP OPTIONS request to get the methods
supported by the server, and optionally tests each method to see if
they are restricted by IP address or something similar.
