checking authentication schemes and parameters. Florian Roth found a
server offering "BASIC" instead of "Basic", and the HTTP RFC
requires case-insensitive comparisons in most places. [David]
instituted to keep memory under control when there are many open
ports. Nathan reported 3 GB of memory use (with an out-of-memory NSE
crash) for one host with tens of thousands of open ports. This limit
can be controlled with the variable CONCURRENCY_LIMIT in
nse_main.lua. [David]
quoting of whitespace using double quotes and backslashes. This
allows recovering the original command line array even when
arguments contain whitespace. [David]
adated from a patch by Rob Nicholls. Since gtk.Tooltip was only introduced in
PyGTK 2.12, wrap it in a function that checks if the necessary function is
available.
algorithms the target SSH2 server supports, by type. If verbosity
is set, then the offered algorithms are listed. Output is reduced
for identical "client to server" and "server to client" lists by
using a single combined list. [Kris]
socket support to NSE, with updates in scripts and libraries.
o [NSE] Added the ability to send and receive on unconnected sockets.
This can be used, for example, to receive UDP broadcasts without
using pcap. A number of scripts have been changed so that they can
work as prerule scripts to discover services by UDP broadcasting,
optionally add the discovered targets to the scanning queue:
- ms-sql-info
- upnp-info
- dns-service-discovery
The nmap.new_socket function can now optionally take a default
protocol and address family, which will be used if the socket is not
connected. There is a new nmap.sendto function to be used with
unconnected UDP sockets. [David, Patrik]
and language lists can be set using new keys in the "options" table
argument. These all default to the same value used before. Also, the
required "cookie" argument is now replaced by an optional "cookie"
key in the "options" table, defaulting to random bytes as the RFC
says the value should be. [Kris]
Only ssh2's fetch_host_key() uses this function, but I'm working on
a script and noticed the design flaw regarding the cookie arg (scripts
shouldn't be required to always pass this when it's specified that its
value should be random). The rest was added because the default is
just a subset of algorithms offered across implementations.
o [Zenmap] Made the topology node radiuses grow logarithmically
instead of linearly, so that hosts with thousands of open ports
don't overwhelm the diagram. Also only open ports (not
open|filtered) are considered when calculating node sizes. [Daniel
Miller]
a struct of the same name in <netinet/sctp.h>. This caused a
compiliation error when Nmap was compiled with an OpenSSL that had
SCTP support. [Olli Hauer, Daniel Roethlisberger]
o [NSE] Added the nmap.resolve() function which takes a host name and
optionally an address family (such as "inet") and returns a table
containing all of its matching addresses. If no address family is
specified, then all of the addresses are returned for the name. [Kris]
o [NSE] Added the nmap.address_family() function which returns the address
family Nmap is using as a string (e.g., "inet6" is returned if Nmap is
called with the -6 option). [Kris]
* Adding path-mtu.nse for Path MTU Discovery
* Nmap now stores the MTU for interfaces (from SIOCGIFMTU or libdnet)
* Scripts can access the MTU for host.interface via host.interface_mtu
* Nmap prints the MTU for interfaces in --iflist
The scripts are:
- oracle-brute uses the brute and tns library to perform password guessing
- oracle-enum-users attempts to determine valid Oracle user names
[Patrik]
Domino oriented scripts:
- domino-enum-users.nse guesses users and attempts to download ID files by
exploiting (CVE-2006-5835).
- domino-enum-passwords attempts to download Internet passwords and ID files
from the web server.
- domcon-brute performs password guessing against the remote console.
- domcon-cmd adds support for running custom remote console commands.
[Patrik]
- informix-brute uses the brute framework to perform password guessing
- informix-query add support for running SQL queries against Informix
- informix-tables lists table- and column-names for a given database
[Patrik]
