Fixed a discrepancy between the number of targets selected with -iR and
the number of hosts scanned. Because "up" hosts did not count towards
the number of hosts in a hostgroup, Nmap would run an extra Ping scan
phase on that number of new targets before scanning. Those extra targets
in the last hostgroup would result in output like "Nmap done: 1056 IP
addresses" when the user specified -iR 1000.
https://security.stackexchange.com/questions/138150/scans-more-ips-than-asked
These are not observed in the wild, but derived from source code, namely
http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/proto_http.c;h=50e3d486ee4798ae8d329b7a78a23b8ba82cff68
There were already matches for status codes 403 and 503 (not counting
the 200 for the statistics page); this change adds codes 400, 401, 403,
405, 407, 408, 429, 500, 502, 503, and 504.
Additionally, I dug through the history back to about 2006 and found a
few places where the responses changed. The new possible version ranges
are (available ranges depend on the status code):
< 1.3.1
>= 1.3.1
1.4.0 - 1.5.10
< 1.5.0
>= 1.5.0
>= 1.5.10
>= 1.6.0
http://seclists.org/nmap-dev/2016/q3/285
On reading 'T', 'U', 'S', or 'P', getpts_aux would unconditionally
consume the character before checking to see whether it was followed by
a ':'. You could insert 'T', 'U', 'S', or 'P' in several places and it
would just be ignored, which is different treatment than other letters
got.
Behavior before:
nmap -p 9
# scans port 9
nmap -p discard
# scans port 9
nmap -p Tdiscard
# scans port 9
nmap -p T:Tdiscard
# scans port 9
nmap -p Tdi*ard
# scans port 9
nmap -p Xdiscard
# Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
Behavior after:
nmap -p 9
# scans port 9
nmap -p discard
# scans port 9
nmap -p Tdiscard
# Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
nmap -p T:Tdiscard
# Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
nmap -p Tdi*ard
# Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
nmap -p Xdiscard
# Error #485: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
Three sources:
1. all-caps PUBLIC and PRIVATE because community strings are
case-sensitive
2. Cisco small-business switch backdoor SNMP community string
3. Phenoelit's Default Password List
