Windows and UNIX, and install/distro system for the source tarball, RPM, OS X
installer (thanks to David) and the Windows installer.
configure --without-ncat keeps it out on Unix
Something like it should remain a part of NSE, because it helped me to see what
was in the Lua stack inside GDB. I got the function from
http://www.lua.org/pil/24.2.3.html.
o A script could be executed twice if it was given with the --script
option, also in the "version" category, and version detection (-sV)
was requested. This has been fixed. [David]
file name is already in the table. Previously duplicates were only checked for
in a table that was an upvalue of the entry function, allowing duplicates to
sneak in elsewhere.
This prevents a script from being loaded twice when it is given by name, and is
in the "version" category and version detection is used.
sent to nmap-dev before the Comm update to default to bytes=1, but added after
the change. I tested the scripts out and they still work fine of course.
- not returning services in the same fashion as parse_services(protocol) did
- bad logic prevented parse_file( filename, { } ) from returning an array
of lines where filename was one of Nmap's data files (as it does for
other files)
- creating a table key with a value of nil when the pattern for the key
matches, but the pattern for the value doesn't - this was made most
obvious by the recent changes as it prevented them returning the correct
data
npf (Winpcap) service during install/uninstall. Also the silent
install mode was improved to avoid a case where the Winpcap
uninstaller was (non-silently) shown. [Rob Nicholls]
value of the "args" attribute.
On Windows, I created a user account with the name "Kurt Gödel". When I ran a
scan in Zenmap, Nmap created a temporary XML file that started like
<?xml version="1.0" ?>
<?xml-stylesheet href="nmap.xsl" type="text/xsl"?>
<!-- Nmap 4.75 scan initiated Wed Sep 10 11:16:58 2008 as: nmap -T4 -F -oX c:\docume~1\kurtgö~1\locals~1\temp\zenmap-bcbuy6.xml 192.168.0.1 -->
<nmaprun scanner="nmap" args="nmap -T4 -F -oX c:\docume~1\kurtgö~1\locals~1\temp\zenmap-bcbuy6.xml 192.168.0.1" start="1221067018" startstr="Wed Sep 10 11:16:58 2008" version="4.75" xmloutputversion="1.02">
Notice the ö characters in the file names. They were not in UTF-8 but probably
whatever the filesystem encoding is. Because Nmap's XML does not declare an
encoding, it defaults to UTF-8, meaning this particular file was not even
well-formed. In Zenmap it caused a crash like
CRASH REPORTED:
SYS.PLATFORM: win32
OS.NAME: nt
Zenmap Version: 4.75
TRACEBACK:
Traceback (most recent call last):
File "C:\cygwin\home\david\nmap\zenmap\zenmapGUI\ScanNotebook.py", line 387, in verify_execution
self.load_from_command(scan)
File "C:\cygwin\home\david\nmap\zenmap\zenmapGUI\ScanNotebook.py", line 400, in load_from_command
parsed = self._parse(command.get_xml_output_filename())
File "C:\cygwin\home\david\nmap\zenmap\zenmapGUI\ScanNotebook.py", line 444, in _parse
parsed.parse_file(file_to_parse)
File "C:\cygwin\home\david\nmap\zenmap\zenmapCore\NmapParser.py", line 749, in parse_file
self.parse(f)
File "C:\cygwin\home\david\nmap\zenmap\zenmapCore\NmapParser.py", line 743, in parse
self.parser.parse(f)
File "c:\Python25\lib\xml\sax\expatreader.py", line 107, in parse
xmlreader.IncrementalParser.parse(self, source)
File "c:\Python25\lib\xml\sax\xmlreader.py", line 123, in parse
self.feed(buffer)
File "c:\Python25\lib\xml\sax\expatreader.py", line 211, in feed
self._err_handler.fatalError(exc)
File "c:\Python25\lib\xml\sax\handler.py", line 38, in fatalError
raise exception
SAXParseException: c:\docume~1\kurtgö~1\locals~1\temp\zenmap-bcbuy6.xml:3:92: not well-formed (invalid token)
Plus Internet Explorer wouldn't even open it.
This change escapes the XML so it looks like
<?xml version="1.0" ?>
<?xml-stylesheet href="nmap.xsl" type="text/xsl"?>
<!-- Nmap 4.75 scan initiated Wed Sep 10 11:52:19 2008 as: nmap -PE -PA21,23,80,3389 -A -v -T4 -oX c:\docume~1\kurtgö~1\locals~1\temp\zenmap-zih7f5.xml 192.168.0.1 -->
<nmaprun scanner="nmap" args="nmap -PE -PA21,23,80,3389 -A -v -T4 -oX c:\docume~1\kurtgö~1\locals~1\temp\zenmap-zih7f5.xml 192.168.0.1" start="1221069139" startstr="Wed Sep 10 11:52:19 2008" version="4.75" xmloutputversion="1.02">
involves traffic between the target and a third-party host. It's fairly
innocuous because there's no third-party traffic from the scanning computer, so
I left it in the default category.
giving a directory) and OpenSSL is not found. This is meant to guard against
mistakenly building an RPM without OpenSSL on a machine where it is not
available.
If you don't give any arguments, configure still works the same way: it checks
for OpenSSL and doesn't use it if it's not present. If you use
--with-openssl=DIR or --without-openssl then configure takes you at your word
without checking anything. If you say --with-openssl and OpenSSL is fine then
Nmap is built with OpenSSL. The only difference this change introduces is if
you say --with-openssl and OpenSSL is not found. Now the configure script
quits, where previously it would continue with a warning.
