Here is a mostly exhaustive list of the changes:
o Removes the SCRIPT_ENGINE_* status defines and replaces the
instances with regular boolean integer returns or changes the
procedure to return void. The latter case is better generally because
the caller ignores any status return (e.g. nmap.cc calling open_nse)
and/or the procedure raises a fatal error when unsuccessful.
o Moves the SCRIPT_ENGINE_LUA_DIR and the like to the nse_main.h header file.
o Removes the use of the SCRIPT_ENGINE_TRY (there was only one left)
and thus changes the call to l_dnet_open to a void function called
directly by luaopen_nsock (in nse_nsock.cc) instead of luaopen_nmap
(in nse_nmaplib.cc). I felt moving the function was also an
appropriate (but somewhat unrelated to the intent of the patch) change
as opening the dnet metatable is very related to opening up the
nsock library. This confines errors in opening the nsock library, including
opening the dnet metatable, to the call to luaopen_nsock.
o The FILES and DIRS defines are moved in to nse_fs.h where they are
more appropriate and localalized.
certain function that is not in OpenSSL before 0.9.7, but is required
for correct operation after 0.9.7. The technique is from Network
Security with OpenSSL, whose code is at http://www.opensslbook.com/code.html
(see ssl/common.c).
automatically converted to bare LF when input is from the console, but
not when it is from a pipe or a file. No newline translation is done
on output (it was being done before). This makes it possible to
transfer binary files with Ncat on Windows without any corruption.
a layer 4 protocol used mostly for telephony related applications.
This brings the following new features:
o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
chunk, closed ones an ABORT chunk. This is the SCTP equivalent
of a TCP SYN stealth scan.
o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent,
closed ports return an ABORT chunk.
o SCTP INIT chunk ping probes (-PY): host discovery using SCTP
INIT chunk packets.
o SCTP-specific IP protocol scan (-sO -p sctp).
o SCTP-specific traceroute support (--traceroute).
o The ability to use the deprecated Adler32 algorithm as specified
in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
o 42 well-known SCTP ports were added to the nmap-services file.
Part of the work on SCTP support was kindly sponsored by
Compass Security AG, Switzerland. [Daniel Roethlisberger]
Some scripts would fail due to an error (whois.nse) causing other
scripts to become deadlocked on a mutex that would never unlock. This
patch fixes this problem. See [1] for more information.
[1] http://seclists.org/nmap-dev/2009/q2/0533.html
Previously, the --script-args switch would only accept values
with alphanumeric characters or underscores. A full treatise
of the history of changes to this switch and problems can be
found here [2].
Here are the new rules for --script-args definitively:
--script-args <string>
<string> may contain a sequence of key=value pairs and array entries
separated by commas. All whitespace except where noted below is
ignored.
A key, value, or array value may be a sequence of characters except
'{', '}', ',', '=', and all space characters. You may overcome this
restriction by using quotes (single or double) to allow all characters
within the quotation marks. You may also use the quote delimiter
inside the sequence so long as it is escaped by a backslash.
A value for a key/value pair or an array value are allowed to be
a nested table delimited by '{' and '}'.
[1] http://seclists.org/nmap-dev/2009/q2/0204.html
[2] http://seclists.org/nmap-dev/2009/q2/0211.html
with the struct (bin) library available:
function hextobin(str) return bin.pack("H", str) end
function bintohex(str) return bin.unpack("H", str) end
Also removed a commented copy that was in the sniffer-detect.nse script.
right type of probe (0 with 8, 14 with 13, 18 with 17). With the new
default ping, I was scanning a network where an echo reply would
mistakenly be interpreted as a response to a timestamp request, even
though that host didn't respond to timestamp requests. That host would
become the global ping host, and all its probes would be dropped,
slowing the scan way down. A ping scan of a /24 took over 1,000 seconds
when it should have taken about 10.
