The exceptions are the calls in ncat/ncat_connect.c and
nping/EchoServer.cc. Ncat doesn't have an option for the interface, and
I think Nping's -e option is only meant to apply to probes, not to the
echo server listener.
unspecified and causes a segmentation fault on Android Bionic libc.
Vlatko fixed the bug in his Android binaries and it was first reported
by @alexismm2.
socket support to NSE, with updates in scripts and libraries.
o [NSE] Added the ability to send and receive on unconnected sockets.
This can be used, for example, to receive UDP broadcasts without
using pcap. A number of scripts have been changed so that they can
work as prerule scripts to discover services by UDP broadcasting,
optionally add the discovered targets to the scanning queue:
- ms-sql-info
- upnp-info
- dns-service-discovery
The nmap.new_socket function can now optionally take a default
protocol and address family, which will be used if the socket is not
connected. There is a new nmap.sendto function to be used with
unconnected UDP sockets. [David, Patrik]
This is a maintenance fix for the NSE Nsock library binding. The patch focuses
on code correctness and simplicity. The patch also brings some initial updates
with an eye towards the upcoming Lua 5.2 release. See [1] for a post concerning
this branch.
[1] http://seclists.org/nmap-dev/2010/q3/710
point seconds since the epoch, and add clock_ms() and clock_us() to stdnse
for convenience (millisecond and microsecond).
qscan.nse now provides microsecond resolution.
is now available to scripts as an additional return value from
pcap_receive(). It is returned as the floating point number of
seconds since the epoch. The qscan.nse script was updated to use
this more accurate data instead of using the clock_ms() function
(which returns the current time). [Kris]
entries:
o [NSE] Raw packet sending at the IP layer is now supported, in addition to
the Ethernet sending functionality. Packets to send start with an IPv4
header and can be sent to arbitrary hosts. [Kris]
o [NSE] Added the ipidseq script to classify a host's IP ID sequence numbers
in the same way Nmap does. This can be used to test hosts' suitability for
Nmap's Idle Scan (-sI), i.e. check if a host is an idle zombie. This is
the first script to use the new raw IP sending functionality in NSE. [Kris]
o [NSE] Added the function nmap.is_privileged() to tell a script if, as far
as Nmap's concerned, it can do privileged operations. For instance, this
can be used to see if a script should be able to open a raw socket or
Ethernet interface. [Kris]
o [NSE] Added the function nmap.get_ports() to allow a script to iterate
over a host's port tables matching a certain protocol and state. [Kris,
Patrick]
relinquishes its lock. We expect only one of them to be able to grab the
newly freed lock, and the rest to go back to waiting. This seems to have
helped with a deadlock in running a large-scale favicon survey.
to be the cause of a segfault reported by Ron Bowes.
nmap -PN -p4567 -sV --script=http-* x.x.x.x
Program received signal SIGSEGV, Segmentation fault.
nsock_connect_tcp (nsp=0x83b8b38, ms_iod=0x0, handler=0x80b5cf0
<l_nsock_connect_handler(void*, void*, void*)>, timeout_msecs=10000,
userdata=0x8729308, saddr=0x871a6f8, sslen=16, port=4567)
at nsock_connect.c:154
instead of waiting until a request is made to connect. This eliminates a
little bit of bookkeeping that needed to be done to retain state on the
NSE socket. Unfortunately this alone doesn't allow binding a socket to a
source address to receive UDP data, because Nsock doesn't create the
physical socket until a connection is made.
sockaddr instead of sockaddr_storage so it got only a fraction of the
address and the inet_ntop function would look outside of the structure
into adjacent memory. A scan of localhost would look like this:
NSE: TCP ::a00:0:600:0:1234 > ::a00:4d2:0:0:25 | CONNECT
Here, for example, that 4d2 is the port number 1234 from the other
structure. Now it prints correctly:
NSE: TCP ::1:1234 > ::1:25 | CONNECT
to reconnect a socket with SSL because the initial communication on the socket
is done without SSL. See this thread [1] for more details.
[1] http://seclists.org/nmap-dev/2009/q4/3
nse_nsock_get_ssl. In older versions of OpenSSL (I don't know how old)
the argument to SSL_get_peer_certificate is not const and it caused a
compiler error reported by Ron Bowes.
