value of the "args" attribute.
On Windows, I created a user account with the name "Kurt Gödel". When I ran a
scan in Zenmap, Nmap created a temporary XML file that started like
<?xml version="1.0" ?>
<?xml-stylesheet href="nmap.xsl" type="text/xsl"?>
<!-- Nmap 4.75 scan initiated Wed Sep 10 11:16:58 2008 as: nmap -T4 -F -oX c:\docume~1\kurtgö~1\locals~1\temp\zenmap-bcbuy6.xml 192.168.0.1 -->
<nmaprun scanner="nmap" args="nmap -T4 -F -oX c:\docume~1\kurtgö~1\locals~1\temp\zenmap-bcbuy6.xml 192.168.0.1" start="1221067018" startstr="Wed Sep 10 11:16:58 2008" version="4.75" xmloutputversion="1.02">
Notice the ö characters in the file names. They were not in UTF-8 but probably
whatever the filesystem encoding is. Because Nmap's XML does not declare an
encoding, it defaults to UTF-8, meaning this particular file was not even
well-formed. In Zenmap it caused a crash like
CRASH REPORTED:
SYS.PLATFORM: win32
OS.NAME: nt
Zenmap Version: 4.75
TRACEBACK:
Traceback (most recent call last):
File "C:\cygwin\home\david\nmap\zenmap\zenmapGUI\ScanNotebook.py", line 387, in verify_execution
self.load_from_command(scan)
File "C:\cygwin\home\david\nmap\zenmap\zenmapGUI\ScanNotebook.py", line 400, in load_from_command
parsed = self._parse(command.get_xml_output_filename())
File "C:\cygwin\home\david\nmap\zenmap\zenmapGUI\ScanNotebook.py", line 444, in _parse
parsed.parse_file(file_to_parse)
File "C:\cygwin\home\david\nmap\zenmap\zenmapCore\NmapParser.py", line 749, in parse_file
self.parse(f)
File "C:\cygwin\home\david\nmap\zenmap\zenmapCore\NmapParser.py", line 743, in parse
self.parser.parse(f)
File "c:\Python25\lib\xml\sax\expatreader.py", line 107, in parse
xmlreader.IncrementalParser.parse(self, source)
File "c:\Python25\lib\xml\sax\xmlreader.py", line 123, in parse
self.feed(buffer)
File "c:\Python25\lib\xml\sax\expatreader.py", line 211, in feed
self._err_handler.fatalError(exc)
File "c:\Python25\lib\xml\sax\handler.py", line 38, in fatalError
raise exception
SAXParseException: c:\docume~1\kurtgö~1\locals~1\temp\zenmap-bcbuy6.xml:3:92: not well-formed (invalid token)
Plus Internet Explorer wouldn't even open it.
This change escapes the XML so it looks like
<?xml version="1.0" ?>
<?xml-stylesheet href="nmap.xsl" type="text/xsl"?>
<!-- Nmap 4.75 scan initiated Wed Sep 10 11:52:19 2008 as: nmap -PE -PA21,23,80,3389 -A -v -T4 -oX c:\docume~1\kurtgö~1\locals~1\temp\zenmap-zih7f5.xml 192.168.0.1 -->
<nmaprun scanner="nmap" args="nmap -PE -PA21,23,80,3389 -A -v -T4 -oX c:\docume~1\kurtgö~1\locals~1\temp\zenmap-zih7f5.xml 192.168.0.1" start="1221069139" startstr="Wed Sep 10 11:52:19 2008" version="4.75" xmloutputversion="1.02">
o Added the undocumented (except here) --nogcc option which disables
global/group congestion control algorithms and so each member of a
scan group of machines is treated separately. This is just an
experimental option for now. [Fyodor]
users. Thanks to Jabra (jabra(a)spl0it.org) for the report. [Kris]
This was introduced when the ping probes were reorganized and moved
out of NmapOps (the o.pingtype check wasn't copied over)
Now does most of it's work through Lua:
From Nmap-dev: "Many of the changes consist of changing how Nmap interfaces
with Lua that were sometimes awkward or inflexible. Most of the functions
have been made to be callable directly by Lua which offers many technical
advantages: stack management is alleviated, errors are handled cleanly and
are more descriptive, and there is increased reusability."
Additionally:
-- Moved all lua_State * symbols from "l" to "L". This is to maintain
consistency with other Lua libraries (convention) and to make our macros portable.
-- Moved file system manipulation over to nse_fs.cc (from nse_init.cc)
Previously the ping probe data structures were stored in NmapOps,
now they will be stored in the scan_lists struct. All other changes
auxiliary to this reorganization.
nmap -PA80 -PA443 target
Previously this would use 443 only, and leak a little bit of memory as the
pointer to the array containing 80 was lost. Now it gives an error
Only one -PB, -PA, or -PT option is allowed. Combine port ranges with commas.
QUITTING!
of scripts chosen from when using -sC (but it's still just another category
and so can be chosen with --script like any other).
On top of updating the docs with information about this new category, I've
also updated sections to emphasize that the "default" category, -sC and -A
are considered intrusive and should not be run against target networks
without permission.
The new list is very similar to the previous "safe,intrusive" list:
Added: finger, ircServerInfo, RealVNC_auth_bypass
Removed: HTTPpasswd
Here are the 21 scripts in this new category:
anonFTP
dns-test-open-recursion
finger
ftpbounce
HTTPAuth
HTTP_open_proxy
ircServerInfo
MSSQLm
MySQLinfo
nbstat
RealVNC_auth_bypass
robots
rpcinfo
showHTMLTitle
showOwner
SMTPcommands
SNMPsysdesr
SSHv1-support
SSLv2-support
UPnP-info
zoneTrans
within a larger scan. The information is added to the XML host
element like so: [host starttime="1198292349" endtime="1198292370"]
(but of couse with angle brackets rather than square ones). It is
also printed in normal output if -d or "-v -v" are
specified. [Brandon, Kris, Fyodor]
only code left in Nmap that still uses rand() is in the Lua math
library. Perhaps at some point we'll need to expose high-quality random
numbers to Lua via our custom nmap library.
