PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-14 02:19:03 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: PenTest:72b6830067b528ae49dd4edcb7ca2cc037b5f7d8
Branches Tags
PenTest:master PenTest:revert-2402-master
...
compare: PenTest:master
Branches Tags
PenTest:master PenTest:revert-2402-master

46 Commits
72b6830067 ... master

Author SHA1 Message Date
dmiller
240174c03b Document Windows installer options. Fixes #2375 2026-01-12 17:52:16 +00:00
dmiller
1b3ca45054 Compatibility fixes and Github autobuilds. Closes #3214 2026-01-12 16:59:25 +00:00
nnposter
ce0c08997e Remove unused socket connect/close from ipp.Helper. Close #3245 2026-01-01 22:34:15 +00:00
nnposter
fd94457aeb Remove unnecessary variable initialization 2025-12-25 22:35:10 +00:00
nnposter
06a2c214a1 Check for a prefix, not a substring, and trivial cosmetics 2025-12-10 18:40:25 +00:00
nnposter
4d7ed415c0 Implement script argument hostmap-crtsh.lax. Close #3239, fix #2183 2025-12-10 18:29:53 +00:00
nnposter
cf24dab1c9 Streamline the loop construct 2025-12-04 19:44:12 +00:00
nnposter
df4896eadb Remove unnecessary conditional 2025-12-04 19:39:52 +00:00
nnposter
472b586767 Refactor the script to address multiple issues 
- Add support for HTTPS
  - Add support for IPv6
  - Add support for more than one path argument
  - Properly identify the Location header in the HTTP response
  - Properly identify the destination host in the Location header
  - Leverage normalized IP address comparison
  - Avoid processing the HTTP response body, possibly "endless"
  - Add the found IP address as a new scan target (optionally)
Close #3218, close #3191)
 2025-12-02 23:55:01 +00:00
nnposter
306263da43 Explain the effect of arguments that are not script-specific. Close #3223, close #3221, fix #3211 2025-12-02 22:48:31 +00:00
nnposter
c0a01aa7e1 Keep a local function local 2025-12-02 04:49:44 +00:00
nnposter
46fe5228f4 Populate jobname and owner even without Apple-specific attributes 2025-11-28 03:48:38 +00:00
nnposter
6dc02c9bcd Remove duplicate code 2025-11-28 03:45:12 +00:00
nnposter
3d205335b9 Remove development leftover 2025-11-28 03:41:56 +00:00
nnposter
138c7b7467 Eliminate unnecessary repeated lookups 2025-11-28 03:40:56 +00:00
nnposter
5daccaed1d Remove unnecessary variable shadowing logically the same parameter 2025-11-25 03:03:26 +00:00
nnposter
790deb7daf Remove unused variable 2025-11-25 02:59:19 +00:00
nnposter
a04fc3389e Use the correct variable for error checking. Close #3232 2025-11-23 02:55:21 +00:00
nnposter
a74125aef5 Add missing cookie attributes 2025-11-01 23:34:30 +00:00
nnposter
f5a3251e97 Use the correct the port range, 512-1023, not 513-1024. 
Detect if binding a socket to a given port failed and retry.
Close #3196
 2025-11-01 22:52:49 +00:00
nnposter
8d7fa538e3 Properly detect if binding an RPC socket to a given port failed. Close #3194 
Testing the return status of socket:bind() and socket:connect() is not enough.
For details, see #1939.
 2025-11-01 22:34:51 +00:00
nnposter
8d06576dbb Remove deprecated category "Application". Close #3217 2025-10-28 22:57:18 +00:00
nnposter
d2d591ce0c Avoid a crash when the IP contains a colon but no hextets 2025-10-27 01:19:40 +00:00
nnposter
4f7c92fbac Include operand "ne" in the documentation 2025-10-26 19:54:18 +00:00
nnposter
d2fbcc6cd6 Perform effective socket error checking 2025-10-26 02:23:22 +00:00
nnposter
b4b921c913 Streamline the code by using math.min() 2025-10-26 02:14:47 +00:00
nnposter
81b0568452 Remove redundant code 2025-10-26 01:42:15 +00:00
nnposter
7a989ff957 Remove duplicate of previously defined skip_space() 2025-10-26 01:37:00 +00:00
nnposter
9289bbccee Skip over contiguous linear whitespace in a single step 2025-10-26 01:35:07 +00:00
dmiller
f2548e68a8 Add changelog entry for #2657. Closes #2657 2025-10-24 19:27:53 +00:00
nnposter
eb1ed93540 Skip over empty content encoding placeholders 2025-10-19 19:13:24 +00:00
nnposter
384113e746 Add locations used by the official Python installer 2025-10-19 02:33:20 +00:00
nnposter
77f3edfc8a Make sure that all locations are added, not just the last one 2025-10-19 02:29:36 +00:00
nnposter
a36c660bf2 Delay the expansion to avoid syntax issues. Closes #3177 2025-10-19 02:15:12 +00:00
dmiller
ef6d17eb28 Fix formatting of TCP sequence info in Zenmap topology. Fixes #3189 2025-10-17 18:16:49 +00:00
dmiller
3a39ec6d9b Ignore RTN_UNSPEC, possible with -e and -S. Fixes #2955 2025-10-14 18:43:59 +00:00
nnposter
fcf6f0cb19 Use simpler/cheaper portrule 2025-10-08 23:08:04 +00:00
nnposter
6b7652513e Remove a repeated word 2025-10-04 21:39:16 +00:00
nnposter
83824ff04d Socket timeout must be set before connecting 2025-09-29 22:24:51 +00:00
dmiller
751d5fd58b ensure IPV6 OS engine has a device name to use 2025-09-09 20:46:39 +00:00
dmiller
b4e536f371 Only use eth handle for Ethernet on non-Windows systems. 2025-09-03 17:04:48 +00:00
dmiller
99e396b4a0 Fix various fatal errors around --send-eth 2025-09-03 17:04:47 +00:00
dmiller
5bb82a2ad0 Fix crash in socket_bindtodevice: NULL device is permissible 2025-09-03 17:04:46 +00:00
nnposter
cca10689fe Rectify orphaned or misaligned AC_MSG_RESULT output 2025-08-31 02:59:44 +00:00
nnposter
9e0479b618 Do not include dbus support in own libpcap. See #3165 2025-08-31 02:51:18 +00:00
dmiller
9bd68008df Ensure we don't use --send-eth for localhost 2025-08-28 19:28:41 +00:00
49 changed files with 883 additions and 369 deletions
Expand all files Collapse all files

206
.github/workflows/build.yml vendored Normal file
View File

@@ -0,0 +1,206 @@
name: nmap multiplatform autobuilds
on:
push:
paths:
- ".github/workflows/build.yml"
- "**/*.c"
- "**/*.cc"
- "**/*.cpp"
- "**/*.h"
- "**/*.H"
- "**/*.in"
- "**/*.am"
- "**/*.ac"
- "**/*.lua"
- "**/*.cmakein"
- "**/configure"
- "**/*.pl"
- "**/*.py"
- "**/*.awk"
- "**/*.sh"
- "**/*.toml"
branches:
- master
pull_request:
workflow_dispatch:
inputs:
deploymentName:
description: "Name for this deployment"
required: true
default: "Manual Deployment"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
MAKEFLAGS: -j3
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- name: ubuntu-latest-gcc
os: ubuntu-latest
cc: gcc
- name: ubuntu-latest-gcc-arm64
os: ubuntu-latest
cc: gcc
arch: arm64
- name: ubuntu-latest-clang
os: ubuntu-latest
cc: clang
- name: macos-15-clang
os: macos-15
cc: clang
- name: macos-26-clang
os: macos-26
cc: clang
- name: freebsd-15-gcc
os: ubuntu-latest
cc: gcc
- name: freebsd-15-clang
os: ubuntu-latest
cc: clang
- name: openbsd-7-gcc
os: ubuntu-latest
cc: egcc
- name: openbsd-7-clang
os: ubuntu-latest
cc: clang
- name: netbsd-10-gcc
os: ubuntu-latest
cc: gcc
- name: netbsd-10-clang
os: ubuntu-latest
cc: clang
- name: solaris-11-gcc
os: ubuntu-latest
cc: gcc
- name: solaris-11-clang
os: ubuntu-latest
cc: clang
- name: windows-latest-msvc
os: windows-latest
cc: msvc
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Set up QEMU for ARM64
if: matrix.arch == 'arm64'
uses: docker/setup-qemu-action@v3
with:
platforms: linux/arm64
- name: Build Linux
if: startsWith(matrix.name,'ubuntu') && matrix.arch != 'arm64'
run: |
sudo apt-get update
sudo apt-get install -y build-essential clang tree libpcap-dev libnet-dev libpcre2-dev
./configure
make
make install DESTDIR=/tmp
tree /tmp/usr
- name: Build Linux ARM64
if: startsWith(matrix.name,'ubuntu') && matrix.arch == 'arm64'
run: |
docker run --rm --platform linux/arm64 -v $PWD:/work -w /work ubuntu:latest bash -c "
apt-get update -q -y &&
apt-get install -q -y build-essential tree libpcap-dev libnet-dev libpcre2-dev autoconf automake &&
./configure
make &&
make install DESTDIR=/tmp &&
tree /tmp/usr
"
- name: Build MacOS
if: startsWith(matrix.name,'macos')
run: |
brew update
# PCRE2 is already installed
brew install tree libpcap libnet
./configure
make
make install DESTDIR=/tmp
tree /tmp/usr
- name: Build FreeBSD
if: startsWith(matrix.name,'freebsd')
uses: vmactions/freebsd-vm@v1
with:
release: "15.0"
usesh: true
prepare: |
# OS has libpcap already installed (and adding puts a second in /usr/local)
pkg install -y gcc llvm autotools tree pkgconf libnet pcre2 gmake dbus
run: |
./configure
gmake
gmake install DESTDIR=/tmp
tree /tmp/usr
- name: Build OpenBSD
if: startsWith(matrix.name,'openbsd')
uses: vmactions/openbsd-vm@v1
with:
usesh: true
prepare: |
export PKG_PATH=https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -m)/
pkg_add -I autoconf%2.72 automake%1.17 gcc%11 llvm%19 tree pkgconf libnet%1.1 pcre2 gmake dbus
run: |
export AUTOCONF_VERSION=2.72
export AUTOMAKE_VERSION=1.17
./configure
gmake
gmake install DESTDIR=/tmp
tree /tmp/usr
- name: Build NetBSD
if: startsWith(matrix.name,'netbsd')
uses: vmactions/netbsd-vm@v1
with:
usesh: true
prepare: |
export PATH=/usr/sbin:/usr/pkg/sbin:/usr/pkg/bin:$PATH
export PKG_PATH="http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/$(uname -r | cut -d_ -f1)/All"
pkg_add gcc13 clang autoconf automake pkgconf libpcap libnet gmake dbus
run: |
./configure
gmake
gmake install DESTDIR=/tmp
tree /tmp/usr
- name: Build Solaris
if: startsWith(matrix.name,'solaris')
uses: vmactions/solaris-vm@v1
with:
usesh: true
prepare: |
pkg install gcc-c clang autoconf automake pcre2 libpcap libnet developer/build/gnu-make
run: |
./configure
gmake
gmake install DESTDIR=/tmp
tree /tmp/usr
- name: Install Subversion
if: startsWith(matrix.name,'windows')
shell: powershell
run: |
choco install svn -y --no-progress
$env:PATH = "C:\Program Files (x86)\Subversion\bin;C:\Program Files\Subversion\bin;$env:PATH"
echo "C:\Program Files (x86)\Subversion\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
echo "C:\Program Files\Subversion\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
- name: Build Windows
if: startsWith(matrix.name,'windows')
shell: cmd
run: |
cd mswin32
Build.bat

23
CHANGELOG
View File

@@ -1,5 +1,25 @@
#Nmap Changelog ($Id$); -*-text-*-
o [GH#3214] Improve compatibility of build process on various platforms and add
multiplatform autobuilds in Github workflow. [Jordan Ritter]
o [GH#2183][GH#3239] Script hostmap-crtsh now reports only true subdomains
of a given target hostname by default. In the past, it was reporting any
DNS name that included the target hostname as a substring (but not
necessarily as a suffix). The old behavior can be enabled by setting script
argument hostmap-crtsh.lax. [Sweekar-cmd, nnposter]
o [GH#3191][GH#3218] Script http-internal-ip-disclosure has been enhanced,
including added support for IPv6 and HTTPS and more accurate processing
of target responses. [nnposter]
o [GH#3194] RPC-based scripts were sporadically failing due to privileged
port conflicts. [nnposter]
o [GH#3196] Script rlogin-brute was sporadically failing due to using
an off-by-one range for privileged ports and not handling potential
port conflicts. [nnposter]
Nmap 7.98 [2025-08-21]
o [SECURITY] Rebuilt the Windows self-installer with NSIS 3.11, addressing
@@ -298,6 +318,9 @@ o [GH#2609] Fixed a memory leak in Nsock: compiled pcap filters were not freed.
o [GH#2658] Fixed a crash when using service name wildcards with -p, as in -p "http*"
o [GH#2657] Fixed an issue where NSE-assigned service names could be overwritten
prior to output, leading to XML validation errors and unprintable screen output.
o [NSE] Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]

7
FPEngine.cc
View File

@@ -118,7 +118,7 @@ FPNetworkControl::~FPNetworkControl() {
/* (Re)-Initialize object's state (default parameter setup and nsock
* initialization). */
void FPNetworkControl::init(const char *ifname) {
void FPNetworkControl::init(const char *ifname, devtype iftype) {
/* Init congestion control parameters */
this->cc_init();
@@ -161,7 +161,7 @@ void FPNetworkControl::init(const char *ifname) {
netutil_eth_t *ethsd = NULL;
/* Obtain raw socket or check that we can obtain an eth descriptor. */
if (!raw_socket_or_eth(o.sendpref, ifname, &this->rawsd, &ethsd)) {
if (!raw_socket_or_eth(o.sendpref, ifname, iftype, &this->rawsd, &ethsd)) {
fatal("Couldn't obtain raw socket or eth handle in %s", __func__);
}
@@ -1122,7 +1122,7 @@ int FPEngine6::os_scan(std::vector<Target *> &Targets) {
/* Initialize variables, timers, etc. */
gettimeofday(&begin_time, NULL);
global_netctl.init(Targets[0]->deviceName());
global_netctl.init(Targets[0]->deviceName(), Targets[0]->ifType());
for (size_t i = 0; i < Targets.size(); i++) {
if (o.debugging > 3) {
log_write(LOG_PLAIN, "[FPEngine] Allocating FPHost6 for %s %s\n",
@@ -2502,6 +2502,7 @@ int FPPacket::setEthernet(const Target *target) {
}
else if (netutil_eth_can_send(ethsd)) {
this->link_eth = true;
Strncpy(this->eth_hdr.devname, devname, sizeof(this->eth_hdr.devname));
if (netutil_eth_datalink(ethsd) == DLT_EN10MB){
const u8 *src_mac = target->SrcMACAddress();
const u8 *dst_mac = target->NextHopMACAddress();

2
FPEngine.h
View File

@@ -157,7 +157,7 @@ class FPNetworkControl {
public:
FPNetworkControl();
~FPNetworkControl();
void init(const char *ifname);
void init(const char *ifname, devtype iftype);
int register_caller(FPHost *newcaller);
int unregister_caller(FPHost *oldcaller);
int setup_sniffer(const char *iface, const char *bfp_filter);

16
Makefile.in
View File

@@ -312,7 +312,7 @@ distclean-%: clean-%
-cd $* && $(MAKE) distclean
install-nmap: $(TARGET)
$(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(nmapdatadir)
mkdir -p $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(nmapdatadir)
$(INSTALL) -c -m 755 nmap $(DESTDIR)$(bindir)/nmap
# Use strip -x to avoid stripping dynamically loaded NSE functions. See
# http://seclists.org/nmap-dev/2007/q4/0272.html.
@@ -320,7 +320,7 @@ install-nmap: $(TARGET)
$(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/
if [ "$(USE_NLS)" = "yes" ]; then \
for ll in $(filter $(ALL_LINGUAS),$(LINGUAS)); do \
$(INSTALL) -d $(DESTDIR)$(mandir)/$$ll/man1; \
mkdir -p $(DESTDIR)$(mandir)/$$ll/man1; \
$(INSTALL) -c -m 644 docs/man-xlate/$(TARGET)-$$ll.1 $(DESTDIR)$(mandir)/$$ll/man1/$(TARGET).1; \
done; \
fi
@@ -354,7 +354,7 @@ build-zenmap: $(ZENMAPDIR)/pyproject.toml $(ZENMAPDIR)/zenmapCore/Version.py
$(PYTHON) -m build $(ZENMAPDIR)/
install-zenmap: $(ZENMAPDIR)/pyproject.toml
$(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(deskdir)
mkdir -p $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(deskdir)
$(PYTHON) -m pip install $(ZENMAPDIR)/ $(if $(DESTDIR),--root "$(DESTDIR)")
$(INSTALL) -c -m 644 docs/zenmap.1 $(DESTDIR)$(mandir)/man1/
$(INSTALL) -c -m 644 $(ZENMAPDIR)/install_scripts/unix/*.desktop $(DESTDIR)$(deskdir)
@@ -373,7 +373,7 @@ build-nping: $(NPINGDIR)/Makefile build-nbase build-nsock build-netutil $(NPINGD
@cd $(NPINGDIR) && $(MAKE)
install-ndiff:
$(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
mkdir -p $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
$(PYTHON) -m pip install $(NDIFFDIR)/ $(if $(DESTDIR),--root "$(DESTDIR)")
$(INSTALL) -c -m 644 $(NDIFFDIR)/docs/ndiff.1 $(DESTDIR)$(mandir)/man1/
@@ -381,8 +381,8 @@ NSE_FILES = scripts/script.db scripts/*.nse
NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc
install-nse: $(TARGET)
$(INSTALL) -d $(DESTDIR)$(nmapdatadir)/scripts
$(INSTALL) -d $(DESTDIR)$(nmapdatadir)/nselib
mkdir -p $(DESTDIR)$(nmapdatadir)/scripts
mkdir -p $(DESTDIR)$(nmapdatadir)/nselib
# Remove obsolete scripts from a previous installation.
(cd $(DESTDIR)$(nmapdatadir)/scripts && rm -f $(OLD_SCRIPT_NAMES))
@@ -390,9 +390,9 @@ install-nse: $(TARGET)
$(INSTALL) -c -m 644 nse_main.lua $(DESTDIR)$(nmapdatadir)/
$(INSTALL) -c -m 644 $(NSE_FILES) $(DESTDIR)$(nmapdatadir)/scripts
$(INSTALL) -c -m 644 $(NSE_LIB_LUA_FILES) $(DESTDIR)$(nmapdatadir)/nselib
$(INSTALL) -d $(DESTDIR)$(nmapdatadir)/nselib/data
mkdir -p $(DESTDIR)$(nmapdatadir)/nselib/data
for f in `find nselib/data -name .svn -prune -o -type d -print`; do \
$(INSTALL) -d $(DESTDIR)$(nmapdatadir)/$$f; \
mkdir -p $(DESTDIR)$(nmapdatadir)/$$f; \
done
for f in `find nselib/data -name .svn -prune -o -type f -print`; do \
$(INSTALL) -c -m 644 $$f $(DESTDIR)$(nmapdatadir)/$$f; \

1
charpool.cc
View File

@@ -64,6 +64,7 @@
#include <stddef.h>
#undef NDEBUG
#include <assert.h>
#include <climits>
#include "nbase.h"

61
configure vendored
View File

@@ -7258,6 +7258,7 @@ fi
fi
if test $have_libpcap != yes; then
ac_configure_args="$ac_configure_args '--disable-dbus'"
subdirs="$subdirs libpcap"
if test "${LIBPCAP_INC+set}" = "set"; then
@@ -7275,6 +7276,48 @@ printf "%s\n" "#define PCAP_INCLUDED 1" >>confdefs.h
printf "%s\n" "#define HAVE_PCAP_SET_IMMEDIATE_MODE 1" >>confdefs.h
# Check if D-Bus is available (in case --disable-dbus didn't work)
# and add it to LIBS if needed for static linking
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dbus_connection_read_write in -ldbus-1" >&5
printf %s "checking for dbus_connection_read_write in -ldbus-1... " >&6; }
if test ${ac_cv_lib_dbus_1_dbus_connection_read_write+y}
then :
printf %s "(cached) " >&6
else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldbus-1 $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
char dbus_connection_read_write ();
int
main (void)
{
return dbus_connection_read_write ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"
then :
ac_cv_lib_dbus_1_dbus_connection_read_write=yes
else $as_nop
ac_cv_lib_dbus_1_dbus_connection_read_write=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dbus_1_dbus_connection_read_write" >&5
printf "%s\n" "$ac_cv_lib_dbus_1_dbus_connection_read_write" >&6; }
if test "x$ac_cv_lib_dbus_1_dbus_connection_read_write" = xyes
then :
LIBS="$LIBS -ldbus-1"
fi
else
# We assume our included libpcap doesn't need this check-and-define
# link with -lpcap for the purposes of this test
@@ -7997,8 +8040,6 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
# We need Lua 5.4 exactly
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lua version == 504" >&5
printf %s "checking for lua version == 504... " >&6; }
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -8165,6 +8206,10 @@ else $as_nop
have_lua=no
fi
rm -f conftest.err conftest.i conftest.$ac_ext
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lua version == 504" >&5
printf %s "checking for lua version == 504... " >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $have_lua" >&5
printf "%s\n" "$have_lua" >&6; }
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -8178,9 +8223,11 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
fi
# if we didn't find we use our own
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether lua was found" >&5
printf %s "checking whether lua was found... " >&6; }
if test $have_lua != yes; then
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
printf "%s\n" "no" >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, will use our own" >&5
printf "%s\n" "no, will use our own" >&6; }
CPPFLAGS="-I\$(top_srcdir)/$LIBLUADIR $CPPFLAGS"
LIBLUA_LIBS="\$(top_srcdir)/$LIBLUADIR/liblua.a"
LUA_BUILD="build-lua"
@@ -8298,9 +8345,11 @@ done
fi
# if we didn't find we use our own
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether liblinear was found" >&5
printf %s "checking whether liblinear was found... " >&6; }
if test $have_liblinear != yes; then
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
printf "%s\n" "no" >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, will use our own" >&5
printf "%s\n" "no, will use our own" >&6; }
CPPFLAGS="-I\$(top_srcdir)/$LIBLINEARDIR $CPPFLAGS"
LIBLINEAR_LIBS="\$(top_srcdir)/$LIBLINEARDIR/liblinear.a"
LIBLINEAR_BUILD="build-liblinear"

13
configure.ac
View File

@@ -482,6 +482,7 @@ if test $have_libpcap = yes; then
fi
if test $have_libpcap != yes; then
ac_configure_args="$ac_configure_args '--disable-dbus'"
AC_CONFIG_SUBDIRS(libpcap)
if test "${LIBPCAP_INC+set}" = "set"; then
CPPFLAGS="$CPPFLAGS -I$LIBPCAP_INC"
@@ -494,6 +495,9 @@ if test $have_libpcap != yes; then
PCAP_DIST_CLEAN="distclean-pcap"
AC_DEFINE(PCAP_INCLUDED, 1, [Using included libpcap])
AC_DEFINE(HAVE_PCAP_SET_IMMEDIATE_MODE, 1, [Included libpcap has pcap_set_immediate_mode])
# Check if D-Bus is available (in case --disable-dbus didn't work)
# and add it to LIBS if needed for static linking
AC_CHECK_LIB([dbus-1], [dbus_connection_read_write], [LIBS="$LIBS -ldbus-1"])
else
# We assume our included libpcap doesn't need this check-and-define
# link with -lpcap for the purposes of this test
@@ -845,7 +849,6 @@ else
AC_SEARCH_LIBS(lua_isyieldable, [lua5.4 lua54 lua], [have_lua=yes],, [-lm])
AC_LANG_PUSH(C)
# We need Lua 5.4 exactly
AC_MSG_CHECKING([for lua version == 504])
AC_PREPROC_IFELSE([ AC_LANG_PROGRAM( [[
#ifdef HAVE_LUA5_4_LUA_H
#include <lua5.4/lua.h>
@@ -864,6 +867,8 @@ else
[[if(LUA_VERSION_NUM != 504) return 1;]])
],
[have_lua=yes], [have_lua=no])
AC_MSG_CHECKING([for lua version == 504])
AC_MSG_RESULT([$have_lua])
AC_LANG_POP(C)
LUA_BUILD=""
@@ -872,8 +877,9 @@ else
fi
# if we didn't find we use our own
AC_MSG_CHECKING([whether lua was found])
if test $have_lua != yes; then
AC_MSG_RESULT(no)
AC_MSG_RESULT([no, will use our own])
CPPFLAGS="-I\$(top_srcdir)/$LIBLUADIR $CPPFLAGS"
LIBLUA_LIBS="\$(top_srcdir)/$LIBLUADIR/liblua.a"
LUA_BUILD="build-lua"
@@ -938,8 +944,9 @@ if test $have_liblinear != yes; then
fi
# if we didn't find we use our own
AC_MSG_CHECKING([whether liblinear was found])
if test $have_liblinear != yes; then
AC_MSG_RESULT(no)
AC_MSG_RESULT([no, will use our own])
CPPFLAGS="-I\$(top_srcdir)/$LIBLINEARDIR $CPPFLAGS"
LIBLINEAR_LIBS="\$(top_srcdir)/$LIBLINEARDIR/liblinear.a"
LIBLINEAR_BUILD="build-liblinear"

46
docs/nmap-install.xml
View File

@@ -793,6 +793,52 @@ Install System</ulink>. After it completes, read <xref
linkend="inst-win-exec"/> for instructions on executing Nmap on the
command-line or through Zenmap.</para>
<sect3 id="inst-win-exe-options">
<title>Installer options</title>
<para>
The installer accepts several command-line options to change the installer
behavior or the selection of some of the components of the installation. By
default, all components are selected. The options are:
</para>
<variablelist>
<varlistentry>
<term><option>/NMAP=NO</option></term>
<listitem>Don't install Nmap</listitem>
</varlistentry>
<varlistentry>
<term><option>/NPCAP=NO</option></term>
<listitem>Don't install Npcap. Unless Npcap is installed separately, some
features of Nmap and Nping will not work.</listitem>
</varlistentry>
<varlistentry>
<term><option>/NCAT=NO</option></term>
<listitem>Don't install Ncat.</listitem>
</varlistentry>
<varlistentry>
<term><option>/NPING=NO</option></term>
<listitem>Don't install Nping.</listitem>
</varlistentry>
<varlistentry>
<term><option>/ZENMAP=NO</option></term>
<listitem>Don't install Zenmap. Nmap OEM does not include Zenmap.</listitem>
</varlistentry>
<varlistentry>
<term><option>/NDIFF=NO</option></term>
<listitem>Don't install Ndiff. Nmap OEM does not include Ndiff.</listitem>
</varlistentry>
<varlistentry>
<term><option>/REGISTRYMODS=NO</option></term>
<listitem>Don't install performance-related registry modifications.</listitem>
</varlistentry>
<varlistentry>
<term><option>/REGISTERPATH=NO</option></term>
<listitem>Don't add the installation directory to <envar>PATH</envar>.</listitem>
</varlistentry>
</variablelist>
<para>Additionally, the <option>/D</option> can be used to change the
installation directory. Nmap OEM installers also accept <option>/S</option>
for silent installation.</para>
</sect3>
</sect2>
<sect2 id="inst-win-zip"><title>Command-line Zip Binaries</title>

17
docs/refguide.xml
View File

@@ -2480,9 +2480,20 @@ escapes a quote. A backslash is only used to escape quotation marks in this
special case; in all other cases a backslash is interpreted literally. Values
may also be tables enclosed in <literal>{}</literal>, just as in Lua. A table
may contain simple string values or more name-value pairs, including nested
tables. Many scripts qualify their arguments with the script name, as in <literal>xmpp-info.server_name</literal>. You may use that full qualified version to affect just the specified script, or you may pass the unqualified version (<literal>server_name</literal> in this case) to affect all scripts using that argument name. A script will first check for its fully qualified argument name (the name specified in its documentation) before it accepts an unqualified argument name. A complex example of script arguments is
<option>--script-args 'user=foo,pass=",{}=bar",whois={whodb=nofollow+ripe},xmpp-info.server_name=localhost'</option>. The online NSE Documentation Portal at <ulink url="https://nmap.org/nsedoc/"/>
lists the arguments that each script accepts.
tables. A complex example of script arguments is
<option>--script-args 'user=foo,pass=",{}=bar",whois={whodb=nofollow+ripe},xmpp-info.server_name=localhost'</option>.
Many scripts qualify their arguments with the script name, as in
<literal>xmpp-info.server_name</literal>. A script will first check for its
fully qualified argument name (the name specified in its documentation) before
it accepts an unqualified argument name (<literal>server_name</literal> in this
case). Some arguments are not specific to one script. They typically effect
behavior of a library and therefore potentially all the scripts that use the
library. (One such example is <literal>http.useragent</literal>, which sets
the default HTTP User-Agent header for every web request, regardless which
script sends it.) It is not possible for the exact same argument to be given
different values for diferent scripts. The online NSE Documentation Portal at
<ulink url="https://nmap.org/nsedoc/"/> lists the arguments that each script
accepts.
</para>
</listitem>
</varlistentry>

2
idle_scan.cc
View File

@@ -599,7 +599,7 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName,
/* Now lets send some probes to check IP ID algorithm ... */
/* First we need a raw socket ... */
if (!raw_socket_or_eth(o.sendpref, proxy->host.deviceName(),
if (!raw_socket_or_eth(o.sendpref, proxy->host.deviceName(), proxy->host.ifType(),
&proxy->rawsd, &proxy->eth.ethsd)) {
fatal("%s: Failed to open raw socket or ethernet handle", __func__);
}

19
libdnet-stripped/src/arp-bsd.c
View File

@@ -35,6 +35,11 @@
#include "dnet.h"
/* NetBSD 10+ removed RTF_LLINFO */
#ifndef RTF_LLINFO
#define RTF_LLINFO 0
#endif
struct arp_handle {
int fd;
int seq;
@@ -138,13 +143,13 @@ arp_add(arp_t *arp, const struct arp_entry *entry)
errno = EADDRNOTAVAIL;
return (-1);
}
if (sin->sin_addr.s_addr == entry->arp_pa.addr_ip) {
if ((msg.rtm.rtm_flags & RTF_LLINFO) == 0 ||
(msg.rtm.rtm_flags & RTF_GATEWAY) != 0) {
errno = EADDRINUSE;
return (-1);
}
}
if (sin->sin_addr.s_addr == entry->arp_pa.addr_ip) {
if ((RTF_LLINFO && ((msg.rtm.rtm_flags & RTF_LLINFO) == 0)) ||
(msg.rtm.rtm_flags & RTF_GATEWAY) != 0) {
errno = EADDRINUSE;
return (-1);
}
}
if (sa->sa_family != AF_LINK) {
errno = EADDRNOTAVAIL;
return (-1);

20
libdnet-stripped/src/intf.c
View File

@@ -904,7 +904,7 @@ intf_get_src(intf_t *intf, struct intf_entry *entry, struct addr *src)
int
intf_get_dst(intf_t *intf, struct intf_entry *entry, struct addr *dst)
{
union sockunion sun;
union sockunion su;
socklen_t n;
int fd;
@@ -913,19 +913,19 @@ intf_get_dst(intf_t *intf, struct intf_entry *entry, struct addr *dst)
errno = EINVAL;
return (-1);
}
addr_ntos(dst, (struct sockaddr *)&sun);
sun.sin.sin_port = htons(666);
addr_ntos(dst, (struct sockaddr *)&su);
su.sin.sin_port = htons(666);
fd = dst->addr_type == ADDR_TYPE_IP6 ? intf->fd6 : intf->fd;
if (connect(fd, (struct sockaddr *)&sun, sizeof(sun)) < 0)
if (connect(fd, (struct sockaddr *)&su, sizeof(su)) < 0)
return (-1);
n = sizeof(sun);
if (getsockname(fd, (struct sockaddr *)&sun, &n) < 0)
n = sizeof(su);
if (getsockname(fd, (struct sockaddr *)&su, &n) < 0)
return (-1);
addr_ston((struct sockaddr *)&sun, &entry->intf_addr);
addr_ston((struct sockaddr *)&su, &entry->intf_addr);
if (intf_loop(intf, _match_intf_src, entry) != 1)
return (-1);

6
liblinear/Makefile
View File

@@ -35,9 +35,9 @@ linear.o: linear.cpp linear.h
$(CXX) $(CFLAGS) -c -o linear.o linear.cpp
blas/blas.a: blas/*.c blas/*.h
make -C blas OPTFLAGS='$(CFLAGS)' CC='$(CC)';
$(MAKE) -C blas OPTFLAGS='$(CFLAGS)' CC='$(CC)';
clean:
make -C blas clean
make -C matlab clean
$(MAKE) -C blas clean
$(MAKE) -C matlab clean
rm -f *~ newton.o linear.o train predict liblinear.so.$(SHVER)

37
libnetutil/netutil.cc
View File

@@ -1019,7 +1019,20 @@ netutil_eth_t *netutil_eth_open(const char *device) {
} while (0);
#else
eth_handle(e) = eth_open(device);
e->datalink = DLT_EN10MB;
if (eth_handle(e)) {
eth_addr_t ea;
/* No guarantees this is Ethernet. Dnet doesn't offer a way to check the L2
* protocol, so we'll try to get the Ethernet address to confirm.
*/
if (0 == eth_get(eth_handle(e), &ea) && 0 != memcmp(&ea, "\0\0\0\0\0\0", 6)) {
e->datalink = DLT_EN10MB;
}
else {
// Not a data link we know about.
eth_handle_close(eth_handle(e));
eth_handle(e) = NULL;
}
}
#endif
if (eth_handle(e) == NULL) {
@@ -1120,18 +1133,29 @@ int netutil_raw_socket(const char *device) {
netutil_perror("setsockopt(SO_BROADCAST) failed");
}
sethdrinclude(rawsd);
socket_bindtodevice(rawsd, device);
if (device) {
socket_bindtodevice(rawsd, device);
}
return rawsd;
#endif
}
int raw_socket_or_eth(int sendpref, const char *ifname,
int raw_socket_or_eth(int sendpref, const char *ifname, devtype iftype,
int *rawsd, netutil_eth_t **ethsd) {
assert(rawsd != NULL);
*rawsd = -1;
assert(ethsd != NULL);
*ethsd = NULL;
#ifndef WIN32
/* In general, on Windows we need to use Ether headers.
* On other platforms, avoid it. */
if (iftype != devt_ethernet) {
sendpref = PACKET_SEND_IP;
}
#endif
bool may_try_eth = ifname && !(sendpref & PACKET_SEND_IP_STRONG);
bool may_try_ip = !(sendpref & PACKET_SEND_ETH_STRONG);
bool try_eth = may_try_eth && (sendpref & PACKET_SEND_ETH);
@@ -3289,7 +3313,7 @@ static int route_dst_netlink(const struct sockaddr_storage *dst,
len -= NLMSG_LENGTH(sizeof(*nlmsg));
/* See rtnetlink(7). Anything matching this route is actually unroutable. */
if (rtmsg->rtm_type == RTN_UNREACHABLE || rtmsg->rtm_type == RTN_UNSPEC
if (rtmsg->rtm_type == RTN_UNREACHABLE
|| rtmsg->rtm_type == RTN_BLACKHOLE || rtmsg->rtm_type == RTN_PROHIBIT)
return 0;
@@ -3329,6 +3353,11 @@ static int route_dst_netlink(const struct sockaddr_storage *dst,
if (ii != NULL) {
rnfo->ii = *ii;
if (rnfo->srcaddr.ss_family == AF_UNSPEC) {
assert(!spoofss);
assert(rnfo->ii.addr.ss_family == dst->ss_family);
rnfo->srcaddr = rnfo->ii.addr;
}
return 1;
} else {
return 0;

2
libnetutil/netutil.h
View File

@@ -330,7 +330,7 @@ int netutil_raw_socket(const char *device);
#define PACKET_SEND_IP_WEAK 0x08
#define PACKET_SEND_IP_STRONG 0x10
#define PACKET_SEND_IP (PACKET_SEND_IP_WEAK | PACKET_SEND_IP_STRONG)
int raw_socket_or_eth(int sendpref, const char *ifname,
int raw_socket_or_eth(int sendpref, const char *ifname, devtype iftype,
int *rawsd, netutil_eth_t **ethsd);
/* Takes a protocol number like IPPROTO_TCP, IPPROTO_UDP, or

36
libpcap/Makefile.in
View File

@@ -160,8 +160,8 @@ GENHDR = \
TAGFILES = \
$(SRC) $(HDR)
CLEANFILES = $(OBJ) libpcap.a libpcap.so.`cat $(srcdir)/VERSION` \
$(PROG)-`cat $(srcdir)/VERSION`.tar.gz \
CLEANFILES = $(OBJ) libpcap.a libpcap.so.`cat $(srcdir)/VERSION.txt` \
$(PROG)-`cat $(srcdir)/VERSION.txt`.tar.gz \
lex.yy.c pcap-config libpcap.pc libpcap.$(DYEXT)
MAN1 = pcap-config.1
@@ -443,8 +443,8 @@ shared: libpcap.$(DYEXT)
libpcap.so: $(OBJ)
@rm -f $@
VER=`cat $(srcdir)/VERSION`; \
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
VER=`cat $(srcdir)/VERSION.txt`; \
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION.txt`; \
@V_SHLIB_CMD@ $(LDFLAGS) @V_SHLIB_OPT@ @V_SONAME_OPT@$@.$$MAJOR_VER \
-o $@.$$VER $(OBJ) $(ADDLOBJS) $(LIBS)
@@ -466,10 +466,10 @@ libpcap.so: $(OBJ)
#
libpcap.dylib: $(OBJ)
rm -f libpcap*.dylib
VER=`cat $(srcdir)/VERSION`; \
VER=`cat $(srcdir)/VERSION.txt`; \
MAJOR_VER=A; \
COMPAT_VER=1; \
CURRENT_VER=`sed 's/[^0-9.].*$$//' $(srcdir)/VERSION`; \
CURRENT_VER=`sed 's/[^0-9.].*$$//' $(srcdir)/VERSION.txt`; \
$(CC) -dynamiclib -undefined error $(LDFLAGS) @V_LIB_LDFLAGS_FAT@ \
-o libpcap.$$VER.dylib $(OBJ) $(ADDLOBJS) $(LIBS) \
-install_name $(libdir)/libpcap.$$MAJOR_VER.dylib \
@@ -489,9 +489,9 @@ libpcap.dylib: $(OBJ)
# linker, even with GCC.
#
libpcap.sl: $(OBJ)
@MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
@MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION.txt`; \
rm -f libpcap.$$MAJOR_VER
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION.txt`; \
ld -b $(LDFLAGS) -o libpcap.$$MAJOR_VER +h libpcap.$$MAJOR_VER \
$(OBJ) $(ADDLOBJS) $(LIBS)
@@ -682,15 +682,15 @@ install-shared: install-shared-$(DYEXT)
install-shared-so: libpcap.so
[ -d $(DESTDIR)$(libdir) ] || \
(mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
VER=`cat $(srcdir)/VERSION`; \
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
VER=`cat $(srcdir)/VERSION.txt`; \
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION.txt`; \
$(INSTALL_PROGRAM) libpcap.so.$$VER $(DESTDIR)$(libdir)/libpcap.so.$$VER; \
ln -sf libpcap.so.$$VER $(DESTDIR)$(libdir)/libpcap.so.$$MAJOR_VER; \
ln -sf libpcap.so.$$MAJOR_VER $(DESTDIR)$(libdir)/libpcap.so
install-shared-dylib: libpcap.dylib
[ -d $(DESTDIR)$(libdir) ] || \
(mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
VER=`cat $(srcdir)/VERSION`; \
VER=`cat $(srcdir)/VERSION.txt`; \
MAJOR_VER=A; \
$(INSTALL_PROGRAM) libpcap.$$VER.dylib $(DESTDIR)$(libdir)/libpcap.$$VER.dylib; \
ln -sf libpcap.$$VER.dylib $(DESTDIR)$(libdir)/libpcap.$$MAJOR_VER.dylib; \
@@ -698,7 +698,7 @@ install-shared-dylib: libpcap.dylib
install-shared-sl: libpcap.sl
[ -d $(DESTDIR)$(libdir) ] || \
(mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION.txt`; \
$(INSTALL_PROGRAM) libpcap.$$MAJOR_VER $(DESTDIR)$(libdir)
ln -sf libpcap.$$MAJOR_VER $(DESTDIR)$(libdir)/libpcap.sl
#
@@ -765,19 +765,19 @@ uninstall: uninstall-shared uninstall-rpcapd
uninstall-shared: uninstall-shared-$(DYEXT)
uninstall-shared-so:
VER=`cat $(srcdir)/VERSION`; \
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
VER=`cat $(srcdir)/VERSION.txt`; \
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION.txt`; \
rm -f $(DESTDIR)$(libdir)/libpcap.so.$$VER; \
rm -f $(DESTDIR)$(libdir)/libpcap.so.$$MAJOR_VER; \
rm -f $(DESTDIR)$(libdir)/libpcap.so
uninstall-shared-dylib:
VER=`cat $(srcdir)/VERSION`; \
VER=`cat $(srcdir)/VERSION.txt`; \
MAJOR_VER=A; \
rm -f $(DESTDIR)$(libdir)/libpcap.$$VER.dylib; \
rm -f $(DESTDIR)$(libdir)/libpcap.$$MAJOR_VER.dylib; \
rm -f $(DESTDIR)$(libdir)/libpcap.dylib
uninstall-shared-sl:
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION.txt`; \
rm -f $(DESTDIR)$(libdir)/libpcap.$$MAJOR_VER; \
rm -f $(DESTDIR)$(libdir)/libpcap.sl
uninstall-shared-shareda:
@@ -824,7 +824,7 @@ tags: $(TAGFILES)
# git archive doesn't write one.)
#
releasetar:
@TAG=$(PROG)-`cat VERSION` && \
@TAG=$(PROG)-`cat VERSION.txt` && \
if [ ! -d .git ]; then echo 'Not in a git clone, stop.'; exit 1; fi && \
TMPTESTFILE=`mktemp -t tmptestfile_XXXXXXXX` && \
rm -f "$$TMPTESTFILE" && \
@@ -850,7 +850,7 @@ releasetar:
rm -rf "$$AUTORECONF_DIR"
releasecheck: releasetar
@TAG=$(PROG)-`cat VERSION` && \
@TAG=$(PROG)-`cat VERSION.txt` && \
INSTALL_DIR=/tmp/install_"$$TAG"_$$$$ && \
DIR=`pwd` && \
cd /tmp && \

1
libpcap/configure.ac
View File

@@ -2927,6 +2927,7 @@ if test "x$enable_dbus" != "xno"; then
V_INCLS="$V_INCLS $DBUS_CFLAGS"
ADDITIONAL_LIBS="$ADDITIONAL_LIBS $DBUS_LIBS"
ADDITIONAL_LIBS_STATIC="$ADDITIONAL_LIBS_STATIC $DBUS_LIBS_STATIC"
LIBS_PRIVATE="$LIBS_PRIVATE $DBUS_LIBS"
REQUIRES_PRIVATE="$REQUIRES_PRIVATE dbus-1"
],
[

125
mswin32/Build.bat
View File

@@ -2,18 +2,75 @@
set TARGET=%1
set VCCONFIG=%2
for /f "usebackq delims=#" %%a in (`"%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere" -version 16 -property installationPath`) do call "%%a\VC\Auxiliary\Build\vcvarsall.bat" x86 && goto :next
:: Set defaults if not provided
if "%TARGET%" == "" set TARGET=Build
if "%VCCONFIG%" == "" set VCCONFIG=Release
:: Find and initialize Visual Studio environment first
:: Try VS 2019 first, then fall back to latest
"%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe" -version "[16.0,17.0)" -property installationPath > "%TEMP%\vspath.txt" 2>nul
for /f "usebackq delims=" %%i in ("%TEMP%\vspath.txt") do (
call "%%i\VC\Auxiliary\Build\vcvarsall.bat" x86
set VS_GENERATOR=Visual Studio 16 2019
goto :generator_set
)
:: VS 2019 not found, use latest
"%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe" -version "[16.0,)" -latest -property installationPath > "%TEMP%\vspath.txt" 2>nul
"%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe" -version "[16.0,)" -latest -property installationVersion > "%TEMP%\vsver.txt" 2>nul
for /f "usebackq delims=" %%i in ("%TEMP%\vspath.txt") do call "%%i\VC\Auxiliary\Build\vcvarsall.bat" x86
:: Determine generator from version
set VS_GENERATOR=Visual Studio 17 2022
for /f "usebackq delims=" %%v in ("%TEMP%\vsver.txt") do (
set VSVER=%%v
if "%%v:~0,2%%" == "16" set VS_GENERATOR=Visual Studio 16 2019
if "%%v:~0,2%%" == "17" set VS_GENERATOR=Visual Studio 17 2022
if "%%v:~0,2%%" == "18" set VS_GENERATOR=Visual Studio 18 2025
)
:generator_set
del "%TEMP%\vspath.txt" 2>nul
del "%TEMP%\vsver.txt" 2>nul
:: Check and install dependencies
set NMAP_AUX_DIR=%~dp0..\..\nmap-mswin32-aux
if not exist "%NMAP_AUX_DIR%" (
echo.
echo ========================================
echo Installing required dependencies...
echo ========================================
call :install_dependencies
if errorlevel 1 goto :QUIT
)
:: Verify dependencies are present
if not exist "%NMAP_AUX_DIR%\Npcap\Include\pcap.h" (
echo ERROR: Npcap SDK not found after installation
exit /b 1
)
if not exist "%NMAP_AUX_DIR%\OpenSSL\include\openssl\ssl.h" (
echo ERROR: OpenSSL not found after installation
exit /b 1
)
echo Dependencies verified successfully.
echo.
:next
echo Detected Visual Studio Generator: %VS_GENERATOR%
@echo on
if "%TARGET%" == "Vars" ( goto :vars )
if "%TARGET%" == "Clean" (
rd /S /Q build-pcre2
) else (
echo Using CMake Generator: %VS_GENERATOR%
mkdir build-pcre2
cd build-pcre2
cmake.exe -A Win32 -G "Visual Studio 16 2019" ..\..\libpcre\ || goto :QUIT
cmake.exe -A Win32 -G "%VS_GENERATOR%" ..\..\libpcre\ || goto :QUIT
cd ..
)
msbuild -nologo nmap.sln -m -t:%TARGET% -p:Configuration="%VCCONFIG%" -p:Platform="Win32" -fl
@@ -22,5 +79,69 @@ goto :QUIT
:vars
cl.exe /nologo /EP make-vars.h > make-vars.make
:install_dependencies
echo.
echo Creating auxiliary directory: %NMAP_AUX_DIR%
mkdir "%NMAP_AUX_DIR%" 2>nul
:: Install Npcap SDK
echo Downloading Npcap SDK...
set NPCAP_URL=https://npcap.com/dist/npcap-sdk-1.13.zip
set NPCAP_ZIP=%TEMP%\npcap-sdk.zip
powershell -Command "Invoke-WebRequest -Uri '%NPCAP_URL%' -OutFile '%NPCAP_ZIP%'"
if errorlevel 1 (
echo ERROR: Failed to download Npcap SDK
exit /b 1
)
echo Extracting Npcap SDK...
powershell -Command "Expand-Archive -Path '%NPCAP_ZIP%' -DestinationPath '%NMAP_AUX_DIR%\Npcap' -Force"
if errorlevel 1 (
echo ERROR: Failed to extract Npcap SDK
exit /b 1
)
del "%NPCAP_ZIP%" 2>nul
:: Install OpenSSL - Use nmap's SVN repository
echo Downloading OpenSSL from nmap SVN repository...
set OPENSSL_SVN_URL=https://svn.nmap.org/nmap-mswin32-aux/OpenSSL
:: Check if svn is available
where svn >nul 2>&1
if %ERRORLEVEL% EQU 0 (
echo Using SVN to download OpenSSL...
svn export "%OPENSSL_SVN_URL%" "%NMAP_AUX_DIR%\OpenSSL" --force
if errorlevel 1 (
echo WARNING: SVN export failed, trying alternative method...
goto :openssl_fallback
)
goto :openssl_done
)
:openssl_fallback
echo SVN not available, downloading OpenSSL headers manually...
mkdir "%NMAP_AUX_DIR%\OpenSSL\include\openssl" 2>nul
mkdir "%NMAP_AUX_DIR%\OpenSSL\lib" 2>nul
:: Download from nmap SVN via HTTP
set SVN_BASE=https://svn.nmap.org/nmap-mswin32-aux/OpenSSL
echo Downloading OpenSSL files from nmap repository...
:: Use PowerShell to recursively download the directory structure
powershell -Command "$ErrorActionPreference='SilentlyContinue'; $wc=New-Object System.Net.WebClient; $wc.DownloadFile('%SVN_BASE%/include/openssl/ssl.h','%NMAP_AUX_DIR%\OpenSSL\include\openssl\ssl.h'); $wc.DownloadFile('%SVN_BASE%/include/openssl/crypto.h','%NMAP_AUX_DIR%\OpenSSL\include\openssl\crypto.h'); $wc.DownloadFile('%SVN_BASE%/include/openssl/opensslconf.h','%NMAP_AUX_DIR%\OpenSSL\include\openssl\opensslconf.h')"
if not exist "%NMAP_AUX_DIR%\OpenSSL\include\openssl\ssl.h" (
echo ERROR: Failed to download OpenSSL files
echo Please install SVN or manually download OpenSSL to %NMAP_AUX_DIR%\OpenSSL
exit /b 1
)
:openssl_done
echo.
echo Dependencies installed successfully!
echo.
exit /b 0
:QUIT
exit /b %errorlevel%

6
mswin32/python-wrap.bat
View File

@@ -12,7 +12,7 @@ rem (excluding extension).
set PROG=%~dpn0.py
if not exist "%PROG%" (
echo Cannot run %PROG%
echo Cannot run !PROG!
echo because that file does not exist.
exit /B 1
)
@@ -22,8 +22,10 @@ set PATH=%NMAPDIR%\zenmap\bin;%PATH%
for /D %%P in ("%ProgramFiles%\Python 3.*",
"%ProgramFiles(x86)%\Python 3.*",
"%ProgramFiles%\Python3*",
"%ProgramFiles(x86)%\Python3*",
"%LocalAppData%\Programs\Python\Python3*"
) do set PATH=%PATH%;%%~P
) do set PATH=!PATH!;%%~P
for %%P in ( py.exe, python.exe) do (
set PYTHON=%%~f$PATH:P

28
nbase/nbase_misc.c
View File

@@ -266,20 +266,22 @@ int block_socket(int sd) {
int socket_bindtodevice(int sd, const char *device) {
#ifdef SO_BINDTODEVICE
char padded[sizeof(int)];
size_t len;
size_t len = 0;
len = strlen(device) + 1;
/* In Linux 2.6.20 and earlier, there is a bug in SO_BINDTODEVICE that causes
EINVAL to be returned if the optlen < sizeof(int); this happens for example
with the interface names "" and "lo". Pad the string with null characters
so it is above this limit if necessary.
http://article.gmane.org/gmane.linux.network/71887
http://article.gmane.org/gmane.linux.network/72216 */
if (len < sizeof(padded)) {
/* We rely on strncpy padding with nulls here. */
strncpy(padded, device, sizeof(padded));
device = padded;
len = sizeof(padded);
if (device) {
len = strlen(device) + 1;
/* In Linux 2.6.20 and earlier, there is a bug in SO_BINDTODEVICE that causes
EINVAL to be returned if the optlen < sizeof(int); this happens for example
with the interface names "" and "lo". Pad the string with null characters
so it is above this limit if necessary.
http://article.gmane.org/gmane.linux.network/71887
http://article.gmane.org/gmane.linux.network/72216 */
if (len < sizeof(padded)) {
/* We rely on strncpy padding with nulls here. */
strncpy(padded, device, sizeof(padded));
device = padded;
len = sizeof(padded);
}
}
/* Linux-specific sockopt asking to use a specific interface. See socket(7). */

12
ncat/configure vendored
View File

@@ -5815,8 +5815,6 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lua version >= 504" >&5
printf %s "checking for lua version >= 504... " >&6; }
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -5982,6 +5980,10 @@ else $as_nop
have_lua=no
fi
rm -f conftest.err conftest.i conftest.$ac_ext
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lua version >= 504" >&5
printf %s "checking for lua version >= 504... " >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $have_lua" >&5
printf "%s\n" "$have_lua" >&6; }
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -5996,9 +5998,11 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
fi
# if we didn't find we use our own
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether lua was found" >&5
printf %s "checking whether lua was found... " >&6; }
if test $have_lua != yes; then
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
printf "%s\n" "no" >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, will use our own" >&5
printf "%s\n" "no, will use our own" >&6; }
CPPFLAGS="-I\$(top_srcdir)/$LIBLUADIR $CPPFLAGS"
LIBLUA_LIBS="\$(top_srcdir)/$LIBLUADIR/liblua.a"
LUA_DEPENDS="\$(top_srcdir)/$LIBLUADIR/liblua.a"

6
ncat/configure.ac
View File

@@ -263,7 +263,6 @@ else
AC_CHECK_HEADERS([lua5.4/lua.h lua/5.4/lua.h lua.h lua/lua.h], [break])
AC_SEARCH_LIBS(lua_isyieldable, [lua5.4 lua54 lua], [have_lua=yes],, [-lm])
AC_LANG_PUSH(C)
AC_MSG_CHECKING([for lua version >= 504])
AC_PREPROC_IFELSE([ AC_LANG_PROGRAM(
[[
#ifdef HAVE_LUA5_4_LUA_H
@@ -282,6 +281,8 @@ else
]],
[[if(LUA_VERSION_NUM < 504) return 1;]])],
[have_lua=yes], [have_lua=no])
AC_MSG_CHECKING([for lua version >= 504])
AC_MSG_RESULT([$have_lua])
AC_LANG_POP(C)
LUA_DEPENDS=""
@@ -291,8 +292,9 @@ else
fi
# if we didn't find we use our own
AC_MSG_CHECKING([whether lua was found])
if test $have_lua != yes; then
AC_MSG_RESULT(no)
AC_MSG_RESULT([no, will use our own])
CPPFLAGS="-I\$(top_srcdir)/$LIBLUADIR $CPPFLAGS"
LIBLUA_LIBS="\$(top_srcdir)/$LIBLUADIR/liblua.a"
LUA_DEPENDS="\$(top_srcdir)/$LIBLUADIR/liblua.a"

3
nping/Crypto.cc
View File

@@ -69,7 +69,8 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
#if ((OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER) || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20000000L)
#define HAVE_OPAQUE_EVP_PKEY 1
#else
#define EVP_MD_CTX_new EVP_MD_CTX_create

14
nping/Makefile.in
View File

@@ -26,8 +26,8 @@ export NDIR=$(shell pwd)
CC = @CC@
CXX = @CXX@
CCOPT =
DBGFLAGS =
CCOPT =
DBGFLAGS =
STRIP = @STRIP@
LIBPCAPDIR = @libpcapdir@
export LIBDNETDIR = @LIBDNETDIR@
@@ -58,7 +58,7 @@ export RPMTDIR=$(HOME)/rpm
# DESTDIR is used by some package maintainers to install Nping under
# its usual directory structure into a different tree. See the
# its usual directory structure into a different tree. See the
# CHANGELOG for more info.
DESTDIR =
@@ -107,7 +107,7 @@ generate-tarball:
cd nping-priv && ./create_tarballs.sh
# Update the web site. WARNING: "make generate-tarball" must have been called first.
web:
web:
cd nping-priv && ./update_web.sh
clean:
@@ -124,7 +124,7 @@ distclean: clean
stamp-h.in config.cache config.log config.status
install-nping: $(TARGET)
$(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
mkdir -p $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
$(INSTALL) -c -m 755 nping $(DESTDIR)$(bindir)/nping
# Use strip -x to avoid stripping dynamically loaded NSE functions. See
# http://seclists.org/nmap-dev/2007/q4/0272.html.
@@ -136,13 +136,13 @@ install-nping: $(TARGET)
install: install-nping
@echo "NPING SUCCESSFULLY INSTALLED"
uninstall: uninstall-nping
uninstall: uninstall-nping
uninstall-nping:
rm -f $(DESTDIR)$(bindir)/$(TARGET)
rm -f $(DESTDIR)$(mandir)/man1/$(TARGET).1
${srcdir}/configure: configure.ac
${srcdir}/configure: configure.ac
cd ${srcdir} && autoconf
## autoheader might not change config.h.in, so touch a stamp file.

1
nping/NpingOps.cc
View File

@@ -71,6 +71,7 @@
#include "ArgParser.h"
#include "output.h"
#include "common.h"
#include <climits>
/******************************************************************************

3
nse_openssl.cc
View File

@@ -13,7 +13,8 @@
#include <openssl/hmac.h>
#include <openssl/rand.h>
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
#if ((OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER) || \
(defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
#define HAVE_OPAQUE_STRUCTS 1
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
# include <openssl/provider.h>

21
nse_ssl_cert.cc
View File

@@ -79,7 +79,8 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
#if ((OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER) || \
(defined LIBRESSL_VERSION_NUMBER && LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
/* Technically some of these things were added in 0x10100006
* but that was pre-release. */
#define HAVE_OPAQUE_STRUCTS 1
@@ -491,6 +492,22 @@ int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) {
/* According to RFC 5480 section 2.1.1, explicit curves must not be used with
X.509. This may change in the future, but for now it doesn't seem worth it
to add in code to extract the extra parameters. */
#if defined(LIBRESSL_VERSION_NUMBER)
/* LibreSSL doesn't have EC_GROUP_get_field_type, and explicit curves are rare.
* Just mark as UNKNOWN. */
lua_pushstring(L, "UNKNOWN");
#elif HAVE_OPAQUE_STRUCTS
nid = EC_GROUP_get_field_type(group);
if (nid == NID_X9_62_prime_field) {
lua_pushstring(L, "explicit_prime");
}
else if (nid == NID_X9_62_characteristic_two_field) {
lua_pushstring(L, "explicit_char2");
}
else {
lua_pushstring(L, "UNKNOWN");
}
#else
nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
if (nid == NID_X9_62_prime_field) {
lua_pushstring(L, "explicit_prime");
@@ -499,9 +516,9 @@ int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) {
lua_pushstring(L, "explicit_char2");
}
else {
/* Something weird happened. */
lua_pushstring(L, "UNKNOWN");
}
#endif
lua_setfield(L, -2, "ec_curve_type");
}
lua_setfield(L, -2, "curve_params");

2
nselib/brute.lua
View File

@@ -246,7 +246,7 @@
-- @args brute.mode can be user, pass or creds and determines what mode to run
-- the engine in.
-- * user - the unpwdb library is used to guess passwords, every password
-- password is tried for each user. (The user iterator is in the
-- is tried for each user. (The user iterator is in the
-- outer loop)
-- * pass - the unpwdb library is used to guess passwords, each password
-- is tried for every user. (The password iterator is in the

6
nselib/ftp.lua
View File

@@ -236,18 +236,18 @@ end
--- Start PASV mode
--
-- For IPv6 connections, attempts to use EPSV (RFC 2428). If the server sends an address that is not the target address, then this is an error.
-- For IPv6 connections, attempts to use EPSV (RFC 2428). If the server sends
-- an address that is not the target address, then this is an error.
-- @param socket The connected command socket
-- @param buffer The receive buffer
-- @return The connected data socket, or nil on error
-- @return Error message if data socket is nil
function pasv(socket, buffer)
local epsv = false
local status, lhost, lport, rhost, rport = socket:get_info()
if not status then
return nil, ("Can't determine remote host IP: %s"):format(lhost)
end
epsv = #ipOps.ip_to_str(rhost) > 4
local epsv = #ipOps.ip_to_str(rhost) > 4
::TRY_AGAIN::
local cmd = epsv and "EPSV" or "PASV"

66
nselib/http.lua
View File

@@ -276,7 +276,6 @@ local function get_quoted_string(s, offset, crlf)
-- continuation." So there are really two definitions of quoted-string,
-- depending on whether it's in a header field or not. This function does
-- not allow CRLF.
c = s:sub(i, i)
if c ~= "\t" and c:match("^[\0\001-\031\127]$") then
error(string.format("Unexpected control character in quoted-string: 0x%02X.", c:byte(1)))
end
@@ -292,10 +291,9 @@ local function skip_lws(s, pos)
local _, e
while true do
while string.match(s, "^[ \t]", pos) do
pos = pos + 1
end
_, e = string.find(s, "^\r?\n[ \t]", pos)
_, pos = string.find(s, "^[ \t]*", pos)
pos = pos + 1
_, e = string.find(s, "^\r?\n[ \t]+", pos)
if not e then
return pos
end
@@ -360,7 +358,19 @@ local function validate_options(options)
stdnse.debug1("http: options.cookies[i].max-age should be a string")
bad = true
end
elseif not (cookie_key == 'httponly' or cookie_key == 'secure') then
elseif(cookie_key == 'domain') then
if(type(cookie_value) ~= 'string') then
stdnse.debug1("http: options.cookies[i].domain should be a string")
bad = true
end
elseif(cookie_key == 'samesite') then
if(type(cookie_value) ~= 'string') then
stdnse.debug1("http: options.cookies[i].samesite should be a string")
bad = true
end
elseif not (cookie_key == 'httponly'
or cookie_key == 'secure'
or cookie_key == 'partitioned') then
stdnse.debug1("http: Unknown field in cookie table: %s", cookie_key)
-- Ignore unrecognized attributes (per RFC 6265, Section 5.2)
end
@@ -858,7 +868,10 @@ local decode_body = function (body, encodings, maxlen)
local undecoded = tableaux.tcopy(encodings)
while #undecoded > 0 do
local enc = undecoded[1]:lower()
if enc == "identity" then
if enc == "" then
-- do nothing (empty encoding placeholder)
table.remove(undecoded, 1)
elseif enc == "identity" then
-- do nothing
table.insert(decoded, table.remove(undecoded, 1))
elseif enc == "gzip" and have_zlib then
@@ -2021,27 +2034,24 @@ function pipeline_go(host, port, all_requests)
stdnse.debug3("HTTP pipeline: connlimit=%d, batchlimit=%d", connlimit, batchlimit)
while #responses < #all_requests do
local status, err
-- reconnect if necessary
if connsent >= connlimit or resp.truncated or not socket:get_info() then
socket:close()
stdnse.debug3("HTTP pipeline: reconnecting")
socket:connect(host, port, bopt)
if not socket then
return nil
end
socket:set_timeout(pipeline_comm_opts.request_timeout)
status, err = socket:connect(host, port, bopt)
if not status then
stdnse.debug3("HTTP pipeline: cannot reconnect: %s", err)
return responses
end
partial = ""
connsent = 0
end
if connlimit > connsent + #all_requests - #responses then
connlimit = connsent + #all_requests - #responses
end
-- decrease the connection limit to match what we still need to send
connlimit = math.min(connlimit, connsent + #all_requests - #responses)
-- determine the current batch size
local batchsize = connlimit - connsent
if batchsize > batchlimit then
batchsize = batchlimit
end
local batchsize = math.min(connlimit - connsent, batchlimit)
stdnse.debug3("HTTP pipeline: batch=%d, conn=%d/%d, resp=%d/%d", batchsize, connsent, connlimit, #responses, #all_requests)
-- build and send a batch of requests
@@ -2052,7 +2062,11 @@ function pipeline_go(host, port, all_requests)
req.options.header = force_header(req.options.header, "Connection", connmode)
table.insert(requests, build_request(host, port, req.method, req.path, req.options))
end
socket:send(table.concat(requests))
status, err = socket:send(table.concat(requests))
if not status then
stdnse.debug3("HTTP pipeline: cannot send: %s", err)
return responses
end
-- receive batch responses
for i = 1, batchsize do
@@ -2079,19 +2093,9 @@ function pipeline_go(host, port, all_requests)
return responses
end
-- Parsing of specific headers. skip_space and the read_* functions return the
-- Parsing of specific headers. The read_* functions return the
-- byte index following whatever they have just read, or nil on error.
-- Skip whitespace (that has already been folded from LWS). See RFC 2616,
-- section 2.2, definition of LWS.
local function skip_space(s, pos)
local _
_, pos = string.find(s, "^[ \t]*", pos)
return pos + 1
end
-- See RFC 2616, section 2.2.
local function read_token(s, pos)
local _, token

9
nselib/ipOps.lua
View File

@@ -216,9 +216,9 @@ end
-- @param left String representing an IPv4 or IPv6 address. Shortened
-- notation is permitted.
-- @param op A comparison operator which may be one of the following strings:
-- <code>"eq"</code>, <code>"ge"</code>, <code>"le"</code>,
-- <code>"gt"</code> or <code>"lt"</code> (respectively ==, >=, <=,
-- >, <).
-- <code>"eq"</code>, <code>"ne"</code>, <code>"ge"</code>,
-- <code>"le"</code>, <code>"gt"</code> or <code>"lt"</code>
-- (respectively ==, ~=, >=, <=, >, <).
-- @param right String representing an IPv4 or IPv6 address. Shortened
-- notation is permitted.
-- @usage
@@ -381,6 +381,9 @@ expand_ip = function( ip, family )
for hdt in string.gmatch( ip, "[%.z%x]+" ) do
hexadectets[#hexadectets+1] = hdt
end
if #hexadectets == 0 then
return nil, ( err4:gsub( "IPv4", "IPv6" ) )
end
-- deal with IPv4in6 (last hexadectet only)
local t = {}

87
nselib/ipp.lua
View File

@@ -83,35 +83,30 @@ IPP = {
attrib.value = {}
table.insert(attrib.value, { tag = attrib.tag, val = val })
repeat
while pos + 3 < #data do
local tag, name_len, val
if ( #data < pos + 3 ) then
tag, name_len, pos = string.unpack(">BI2", data, pos)
if name_len > 0 then
-- done; start of a new attribute
pos = pos - 3
break
end
tag, name_len, pos = string.unpack(">BI2", data, pos)
if ( name_len == 0 ) then
val, pos = string.unpack(">s2", data, pos)
table.insert(attrib.value, { tag = tag, val = val })
else
pos = pos - 3
end
until( name_len ~= 0 )
val, pos = string.unpack(">s2", data, pos)
table.insert(attrib.value, { tag = tag, val = val })
end
-- do minimal decoding
for i=1, #attrib.value do
if ( attrib.value[i].tag == IPP.Attribute.IPP_TAG_INTEGER ) then
attrib.value[i].val = string.unpack(">I4", attrib.value[i].val)
elseif ( attrib.value[i].tag == IPP.Attribute.IPP_TAG_ENUM ) then
attrib.value[i].val = string.unpack(">I4", attrib.value[i].val)
for _, av in ipairs(attrib.value) do
if av.tag == IPP.Attribute.IPP_TAG_INTEGER then
av.val = string.unpack(">I4", av.val)
elseif av.tag == IPP.Attribute.IPP_TAG_ENUM then
av.val = string.unpack(">I4", av.val)
end
end
if ( 1 == #attrib.value ) then
attrib.value = attrib.value[1].val
end
--print(attrib.name, attrib.value, stdnse.tohex(val))
return pos, attrib
end,
@@ -152,26 +147,14 @@ IPP = {
-- @param tag number containing the attribute tag
getAttribute = function(self, name, tag)
for _, attrib in ipairs(self.attribs) do
if ( attrib.name == name ) then
if ( not(tag) ) then
return attrib
elseif ( tag and attrib.tag == tag ) then
return attrib
end
if attrib.name == name and (not tag or attrib.tag == tag) then
return attrib
end
end
end,
getAttributeValue = function(self, name, tag)
for _, attrib in ipairs(self.attribs) do
if ( attrib.name == name ) then
if ( not(tag) ) then
return attrib.value
elseif ( tag and attrib.tag == tag ) then
return attrib.value
end
end
end
return (self:getAttribute(name, tag) or {}).value
end,
__tostring = function(self)
@@ -307,19 +290,13 @@ HTTP = {
Helper = {
new = function(self, host, port, options)
local o = { host = host, port = port, options = options or {} }
new = function(self, host, port)
local o = { host = host, port = port }
setmetatable(o, self)
self.__index = self
return o
end,
connect = function(self)
self.socket = nmap.new_socket()
self.socket:set_timeout(self.options.timeout or 10000)
return self.socket:connect(self.host, self.port)
end,
getPrinters = function(self)
local attribs = {
@@ -332,7 +309,7 @@ Helper = {
request:addAttributeGroup(ag)
local status, response = HTTP.Request( self.host, self.port, tostring(request) )
if ( not(response) ) then
if not status then
return status, response
end
@@ -350,9 +327,7 @@ Helper = {
local printer = {}
for k, v in pairs(attrib) do
if ( ag:getAttributeValue(k) ) then
printer[v] = ag:getAttributeValue(k)
end
printer[v] = ag:getAttributeValue(k)
end
table.insert(printers, printer)
end
@@ -360,7 +335,7 @@ Helper = {
end,
getQueueInfo = function(self, uri)
local uri = uri or ("ipp://%s/"):format(self.host.ip)
uri = uri or ("ipp://%s/"):format(self.host.ip)
local attribs = {
IPP.Attribute:new(IPP.Attribute.IPP_TAG_CHARSET, "attributes-charset", "utf-8" ),
@@ -375,7 +350,7 @@ Helper = {
{ tag = IPP.Attribute.IPP_TAG_KEYWORD, val = "job-name" },
{ tag = IPP.Attribute.IPP_TAG_KEYWORD, val = "job-state" },
{ tag = IPP.Attribute.IPP_TAG_KEYWORD, val = "printer-uri" },
-- { tag = IPP.Attribute.IPP_TAG_KEYWORD, val = "job-originating-user-name" },
{ tag = IPP.Attribute.IPP_TAG_KEYWORD, val = "job-originating-user-name" },
-- { tag = IPP.Attribute.IPP_TAG_KEYWORD, val = "job-printer-state-message" },
-- { tag = IPP.Attribute.IPP_TAG_KEYWORD, val = "job-printer-uri" },
{ tag = IPP.Attribute.IPP_TAG_KEYWORD, val = "time-at-creation" } } ),
@@ -387,23 +362,25 @@ Helper = {
request:addAttributeGroup(ag)
local status, response = HTTP.Request( self.host, self.port, tostring(request) )
if ( not(response) ) then
if not status then
return status, response
end
local results = {}
for _, ag in ipairs(response:getAttributeGroups(IPP.Attribute.IPP_TAG_JOB)) do
local uri = ag:getAttributeValue("printer-uri")
local printer = uri:match(".*/(.*)$") or "Unknown"
local printer = ag:getAttributeValue("printer-uri"):match(".*/(.*)$") or "Unknown"
-- some jobs have multiple state attributes, so far the ENUM ones have been correct
local state = ag:getAttributeValue("job-state", IPP.Attribute.IPP_TAG_ENUM) or ag:getAttributeValue("job-state")
-- some jobs have multiple id tag, so far the INTEGER type have shown the correct ID
local id = ag:getAttributeValue("job-id", IPP.Attribute.IPP_TAG_INTEGER) or ag:getAttributeValue("job-id")
local attr = ag:getAttribute("time-at-creation")
local tm = ag:getAttributeValue("time-at-creation")
local size = ag:getAttributeValue("job-k-octets") .. "k"
local jobname = ag:getAttributeValue("com.apple.print.JobInfo.PMJobName") or "Unknown"
local owner = ag:getAttributeValue("com.apple.print.JobInfo.PMJobOwner") or "Unknown"
local jobname = ag:getAttributeValue("com.apple.print.JobInfo.PMJobName")
or ag:getAttributeValue("job-name")
or "Unknown"
local owner = ag:getAttributeValue("com.apple.print.JobInfo.PMJobOwner")
or ag:getAttributeValue("job-originating-user-name")
or "Unknown"
results[printer] = results[printer] or {}
table.insert(results[printer], {
@@ -429,10 +406,6 @@ Helper = {
return output
end,
close = function(self)
return self.socket:close()
end,
}
return _ENV;

85
nselib/rpc.lua
View File

@@ -154,67 +154,54 @@ Comm = {
-- @return status boolean true on success, false on failure
-- @return string containing error message (if status is false)
Connect = function(self, host, port, timeout)
local status, err, socket
status, err = self:ChkProgram()
if (not(status)) then
timeout = timeout or stdnse.get_timeout(host, 10000)
local status, err = self:ChkProgram()
if not status then
return status, err
end
status, err = self:ChkVersion()
if (not(status)) then
if not status then
return status, err
end
timeout = timeout or stdnse.get_timeout(host, 10000)
local new_socket = function(...)
local socket = nmap.new_socket(...)
socket:set_timeout(timeout)
return socket
end
if ( port.protocol == "tcp" ) then
if nmap.is_privileged() then
-- Try to bind to a reserved port
for i = 1, 10, 1 do
local resvport = math.random(512, 1023)
socket = new_socket()
status, err = socket:bind(nil, resvport)
local socket = nmap.new_socket(port.protocol)
if nmap.is_privileged() then
-- Let's make several attempts to bind to an unused well-known port
for _ = 1, 10 do
local srcport = math.random(512, 1023)
status, err = socket:bind(nil, srcport)
if status then
socket:set_timeout(timeout)
status, err = socket:connect(host, port)
if status then
status, err = socket:connect(host, port)
if status or err == "TIMEOUT" then break end
socket:close()
-- socket:connect() succeeds even if mksock_bind_addr() fails.
-- It just assigns an ephemeral port instead of our choice,
-- so we need to check the actual source port afterwards.
local lport
status, err, lport = socket:get_info()
if status then
if lport == srcport then
break
end
status = false
err = "Address already in use"
end
end
end
else
socket = new_socket()
status, err = socket:connect(host, port)
socket:close()
end
else
if nmap.is_privileged() then
-- Try to bind to a reserved port
for i = 1, 10, 1 do
local resvport = math.random(512, 1023)
socket = new_socket("udp")
status, err = socket:bind(nil, resvport)
if status then
status, err = socket:connect(host, port)
if status or err == "TIMEOUT" then break end
socket:close()
end
end
else
socket = new_socket("udp")
status, err = socket:connect(host, port)
end
-- No privileges to force a specific source port
status, err = socket:connect(host, port)
end
if (not(status)) then
return status, string.format("%s connect error: %s",
self.program, err)
else
self.socket = socket
self.host = host
self.ip = host.ip
self.port = port.number
self.proto = port.protocol
return status, nil
if not status then
return status, ("%s connect error: %s"):format(self.program, err)
end
self.socket = socket
self.host = host
self.ip = host.ip
self.port = port.number
self.proto = port.protocol
return status, nil
end,
--- Disconnects from the remote program

7
nsock/src/nsock_pcap.c
View File

@@ -414,7 +414,13 @@ int do_actual_pcap_read(struct nevent *nse) {
switch (rc) {
case 1: /* read good packet */
#ifdef PCAP_RECV_TIMEVAL_VALID
#ifdef __OpenBSD__
/* OpenBSD has bpf_timeval which is incompatible with struct timeval */
npp.ts.tv_sec = pkt_header->ts.tv_sec;
npp.ts.tv_usec = pkt_header->ts.tv_usec;
#else
npp.ts = pkt_header->ts;
#endif
#else
/* On these platforms time received from pcap is invalid.
* It's better to set current time */
@@ -517,4 +523,3 @@ int nsock_iod_is_pcap(nsock_iod iod) {
}
#endif /* HAVE_PCAP */

9
osscan2.cc
View File

@@ -1176,8 +1176,10 @@ struct eth_nfo *HostOsScanStats::fill_eth_nfo(struct eth_nfo *eth, netutil_eth_t
if (ethsd == NULL)
return NULL;
memcpy(eth->srcmac, target->SrcMACAddress(), sizeof(eth->srcmac));
memcpy(eth->dstmac, target->NextHopMACAddress(), sizeof(eth->srcmac));
if (netutil_eth_datalink(ethsd) == DLT_EN10MB) {
memcpy(eth->srcmac, target->SrcMACAddress(), sizeof(eth->srcmac));
memcpy(eth->dstmac, target->NextHopMACAddress(), sizeof(eth->dstmac));
}
eth->ethsd = ethsd;
eth->devname[0] = '\0';
@@ -1335,8 +1337,9 @@ HostOsScan::HostOsScan(Target *t) {
pd = NULL;
rawsd = -1;
ethsd = NULL;
int sendpref = o.sendpref;
if (!raw_socket_or_eth(o.sendpref, t->deviceName(), &rawsd, &ethsd)) {
if (!raw_socket_or_eth(sendpref, t->deviceName(), t->ifType(), &rawsd, &ethsd)) {
fatal("%s: Failed to open raw socket or ethernet device", __func__);
}
if (rawsd >= 0)

3
scan_engine.cc
View File

@@ -956,7 +956,8 @@ void UltraScanInfo::Init(std::vector<Target *> &Targets, const struct scan_lists
assert(!(sendpref & PACKET_SEND_IP_STRONG));
sendpref = PACKET_SEND_ETH;
}
if (!raw_socket_or_eth(sendpref, Targets[0]->deviceName(), &rawsd, &ethsd)) {
if (!raw_socket_or_eth(sendpref, Targets[0]->deviceName(), Targets[0]->ifType(),
&rawsd, &ethsd)) {
fatal("Couldn't open a raw socket or eth handle.");
}
/* Raw scan types also need to know the source IP. */

10
scripts/cups-info.nse
View File

@@ -1,7 +1,6 @@
local ipp = require "ipp"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
description = [[
@@ -51,13 +50,8 @@ local verbose_states = {
action = function(host, port)
local helper = ipp.Helper:new(host, port)
if ( not(helper:connect()) ) then
return stdnse.format_output(false, "Failed to connect to server")
end
local status, printers = helper:getPrinters()
if ( not(status) ) then
local status, printers = ipp.Helper:new(host, port):getPrinters()
if not status then
return
end

9
scripts/cups-queue-info.nse
View File

@@ -35,13 +35,8 @@ categories = {"safe", "discovery"}
portrule = shortport.port_or_service(631, "ipp", "tcp", "open")
action = function(host, port)
local helper = ipp.Helper:new(host, port)
if ( not(helper:connect()) ) then
return stdnse.format_output(false, "Failed to connect to server")
end
local output = helper:getQueueInfo()
if ( output ) then
local output = ipp.Helper:new(host, port):getQueueInfo()
if output then
return stdnse.format_output(true, output)
end
end

2
scripts/domcon-brute.nse
View File

@@ -35,7 +35,7 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"intrusive", "brute"}
portrule = shortport.port_or_service(2050, "", "tcp", "open")
portrule = shortport.portnumber(2050, "tcp", "open")
local not_admins = {}

2
scripts/hnap-info.nse
View File

@@ -74,7 +74,7 @@ local ELEMENTS = {["Type"] = "Type",
["string"] = "SOAPACTIONS",
["SubDeviceURLs"] = "Sub Device URLs"}
function get_text_callback(store, name)
local function get_text_callback(store, name)
if ELEMENTS[name] == nil then return end
name = ELEMENTS[name]
if name == 'SOAPACTIONS' or name == 'Sub Device URLs' or name == 'Type' then

48
scripts/hostmap-crtsh.nse
View File

@@ -14,6 +14,11 @@ References:
---
-- @args hostmap.prefix If set, saves the output for each host in a file
-- called "<prefix><target>". The file contains one entry per line.
--
-- @args hostmap-crtsh.lax If set, include hostname-like identities from CT logs
-- that are not strict subdomains. When unset (default), only true subdomains
-- of the target hostname are returned.
--
-- @args newtargets If set, add the new hostnames to the scanning queue.
-- This the names presumably resolve to the same IP address as the
-- original target, this is only useful for services such as HTTP that
@@ -38,16 +43,7 @@ References:
-- <elem key="filename">output_nmap.org</elem>
---
-- TODO:
-- At the moment the script reports all hostname-like identities where
-- the parent hostname is present somewhere in the identity. Specifically,
-- the script does not verify that a returned identity is truly a subdomain
-- of the parent hostname. As an example, one of the returned identities for
-- "google.com" is "google.com.gr".
-- Since fixing it would change the script behavior that some users might
-- currently depend on then this should be discussed first. [nnposter]
author = "Paulino Calderon <calderon@websec.mx>"
author = {"Paulino Calderon <calderon@websec.mx>", "Sweekar-cmd"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
@@ -88,31 +84,42 @@ local function is_valid_hostname (name)
return true
end
local function query_ctlogs(hostname)
local url = string.format("https://crt.sh/?q=%%.%s&output=json", hostname)
local function is_subdomain (name, suffix)
-- suffix already includes ".", e.g., ".google.com"
return #name > #suffix and name:sub(-#suffix) == suffix
end
local function query_ctlogs (hostname, lax_mode)
hostname = hostname:lower()
local suffix = "." .. hostname
local url = string.format("https://crt.sh/?q=%%%s&output=json", suffix)
local response = http.get_url(url)
if not (response.status == 200 and response.body) then
stdnse.debug1("Error: Could not GET %s", url)
return
end
local jstatus, jresp = json.parse(response.body)
if not jstatus then
stdnse.debug1("Error: Invalid response from %s", url)
stdnse.debug1("Error: Invalid JSON response from %s", url)
return
end
local hostnames = {}
for _, cert in ipairs(jresp) do
local names = cert.name_value;
local names = cert.name_value
if type(names) == "string" then
for _, name in ipairs(stringaux.strsplit("%s+", names:lower())) do
-- if this is a wildcard name, just proceed with the static portion
if name:find("*.", 1, true) == 1 then
if name:sub(1, 2) == "*." then
name = name:sub(3)
end
if name ~= hostname and not hostnames[name] and is_valid_hostname(name) then
hostnames[name] = true
if target.ALLOW_NEW_TARGETS then
target.add(name)
if lax_mode or is_subdomain(name, suffix) then
hostnames[name] = true
if target.ALLOW_NEW_TARGETS then
target.add(name)
end
end
end
end
@@ -136,7 +143,10 @@ end
action = function(host)
local filename_prefix = stdnse.get_script_args("hostmap.prefix")
local hostname = get_hostname(host)
local hostnames = query_ctlogs(hostname)
local lax = stdnse.get_script_args("hostmap-crtsh.lax")
local lax_mode = lax == true or lax == "true" or lax == 1
local hostnames = query_ctlogs(hostname, lax_mode)
if not hostnames then return end
local output_tab = stdnse.output_table()

111
scripts/http-internal-ip-disclosure.nse
View File

@@ -1,21 +1,30 @@
local comm = require "comm"
local ipOps = require "ipOps"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local ipOps = require "ipOps"
local target = require "target"
local url = require "url"
description = [[
Determines if the web server leaks its internal IP address when sending an HTTP/1.0 request without a Host header.
Determines if the web server leaks its internal IP address when sending
an HTTP/1.0 request without a Host header.
Some misconfigured web servers leak their internal IP address in the response
headers when returning a redirect response. This is a known issue for some
versions of Microsoft IIS, but affects other web servers as well.
If script argument <code>newtargets</code> is set, the script will
add the found IP address as a new target into the scan queue. (See
the documentation for NSE library <code>target</code> for details.)
]]
---
-- @usage nmap --script http-internal-ip-disclosure <target>
-- @usage nmap --script http-internal-ip-disclosure --script-args http-internal-ip-disclosure.path=/path <target>
-- @usage nmap --script http-internal-ip-disclosure --script-args http-internal-ip-disclosure.path=/mypath <target>
--
-- @args http-internal-ip-disclosure.path Path to URI. Default: /
-- @args http-internal-ip-disclosure.path Path (or a table of paths) to probe
-- Default: /
--
-- @output
-- 80/tcp open http syn-ack
@@ -27,61 +36,59 @@ versions of Microsoft IIS, but affects other web servers as well.
--
-- @see ssl-cert-intaddr.nse
author = "Josh Amishav-Zlatin"
author = {"Josh Amishav-Zlatin", "nnposter"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = { "vuln", "discovery", "safe" }
portrule = shortport.http
local function generateHttpV1_0Req(host, port, path)
local redirectIP, privateIP
local socket = nmap.new_socket()
socket:connect(host, port)
local cmd = "GET " .. path .. " HTTP/1.0\r\n\r\n"
socket:send(cmd)
while true do
local status, lines = socket:receive_lines(1)
if not status then
break
end
-- Check if the response contains a location header
if lines:match("Location") then
local locTarget = lines:match("Location: [%a%p%d]+")
-- Check if the redirect location contains an IP address
redirectIP = locTarget:match("[%d%.]+")
if redirectIP then
privateIP = ipOps.isPrivate(redirectIP)
end
stdnse.debug1("Location: %s", locTarget )
stdnse.debug1("Internal IP: %s", redirectIP )
end
end
socket:close()
-- Only report if the internal IP leaked is different then the target IP
if privateIP and redirectIP ~= host.ip then
return redirectIP
end
end
action = function(host, port)
local output = stdnse.output_table()
local path = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/"
local IP = generateHttpV1_0Req(host, port, path)
-- Check /images which is often vulnerable on some unpatched IIS servers
if not IP and path ~= "/images" then
path = "/images"
IP = generateHttpV1_0Req(host, port, path)
local patharg = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/"
if type(patharg) ~= "table" then
patharg = {patharg}
end
local paths = stdnse.output_table()
for _, path in ipairs(patharg) do
paths[path] = 1
end
paths["/images"] = 1
if IP then
output["Internal IP Leaked"] = IP
return output
local socket
local bopt = nil
local try = nmap.new_try(function () socket:close() end)
for path in pairs(paths) do
local req = "GET " .. path .. " HTTP/1.0\r\n\r\n"
local resp
if not bopt then
socket, resp, bopt = comm.tryssl(host, port, req)
if not socket then return end
else
try(socket:connect(host, port, bopt))
try(socket:send(req))
resp = ""
end
local findhead = function (s)
return s:find("\r?\n\r?\n")
end
if not findhead(resp) then
resp = resp .. try(socket:receive_buf(findhead, true))
end
socket:close()
local loc = resp:lower():match("\nlocation:[ \t]+(%S+)")
local lochost = url.parse(loc or "").host
if lochost and lochost ~= "" then
-- remove any IPv6 enclosure
lochost = lochost:gsub("^%[(.*)%]$", "%1")
if ipOps.isPrivate(lochost) and ipOps.compare_ip(lochost, "ne", host.ip) then
if target.ALLOW_NEW_TARGETS then
target.add(lochost)
end
local output = stdnse.output_table()
output["Internal IP Leaked"] = lochost
return output
end
end
end
end

48
scripts/rlogin-brute.nse
View File

@@ -51,34 +51,36 @@ Driver = {
end,
-- connects to the rlogin service
-- it sets the source port to a random value between 513 and 1024
-- it sets the source port to a random value between 512 and 1023
connect = function(self)
local status
local status, err
self.socket = brute.new_socket()
-- apparently wee need a source port below 1024
-- this approach is not very elegant as it causes address already in
-- use errors when the same src port is hit in a short time frame.
-- hopefully the retry count should take care of this as a retry
-- should choose a new random port as source.
local srcport = math.random(513, 1024)
self.socket:bind(nil, srcport)
self.socket:set_timeout(self.timeout)
local err
status, err = self.socket:connect(self.host, self.port)
if ( status ) then
local lport, _
status, _, lport = self.socket:get_info()
if (not(status) ) then
return false, "failed to retrieve socket status"
-- Let's make several attempts to bind to an unused well-known port
for _ = 1, 10 do
local srcport = math.random(512, 1023)
status, err = self.socket:bind(nil, srcport)
if status then
self.socket:set_timeout(self.timeout)
status, err = self.socket:connect(self.host, self.port)
if status then
-- socket:connect() succeeds even if mksock_bind_addr() fails.
-- It just assigns an ephemeral port instead of our choice,
-- so we need to check the actual source port afterwards.
local lport
status, err, lport = self.socket:get_info()
if status then
if lport == srcport then
return status
end
status = false
err = "Address already in use"
end
end
end
else
self.socket:close()
end
if ( not(status) ) then
stdnse.debug3("ERROR: failed to connect to server")
if not status then
stdnse.debug2("Unable to bind to a well-known port (%s)", err)
end
return status
end,

5
shtool
View File

@@ -615,7 +615,7 @@ mkdir )
if [ ".$opt_t" = .yes ]; then
echo "mkdir $p" 1>&2
fi
mkdir $p || errstatus=$?
mkdir -p $p || errstatus=$?
if [ ".$opt_o" != . ]; then
if [ ".$opt_t" = .yes ]; then
echo "chown $opt_o $p" 1>&2
@@ -652,7 +652,7 @@ mkdir )
if [ ".$opt_t" = .yes ]; then
echo "mkdir $pathcomp" 1>&2
fi
mkdir $pathcomp || errstatus=$?
mkdir -p $pathcomp || errstatus=$?
if [ ".$opt_o" != . ]; then
if [ ".$opt_t" = .yes ]; then
echo "chown $opt_o $pathcomp" 1>&2
@@ -683,4 +683,3 @@ mkdir )
esac
shtool_exit 0

3
traceroute.cc
View File

@@ -837,7 +837,8 @@ TracerouteState::TracerouteState(std::vector<Target *> &targets) {
assert(targets.size() > 0);
if (!raw_socket_or_eth(o.sendpref, targets[0]->deviceName(), &rawsd, &ethsd)) {
if (!raw_socket_or_eth(o.sendpref, targets[0]->deviceName(), targets[0]->ifType(),
&rawsd, &ethsd)) {
fatal("traceroute: socket troubles");
}

2
zenmap/install_scripts/unix/zenmap-root.desktop
View File

@@ -6,6 +6,6 @@ Exec=su-to-zenmap.sh %F
Terminal=false
Icon=zenmap
Type=Application
Categories=Application;Network;Security;
Categories=Network;Security;
Comment=A cross-platform GUI for the Nmap Security Scanner.
Keywords=network;scan;scanner;IP;security;

2
zenmap/install_scripts/unix/zenmap.desktop
View File

@@ -6,6 +6,6 @@ Exec=zenmap %F
Terminal=false
Icon=zenmap
Type=Application
Categories=Application;Network;Security;
Categories=Network;Security;
Comment=A cross-platform GUI for the Nmap Security Scanner.
Keywords=network;scan;scanner;IP;security;

2
zenmap/radialnet/gui/NodeNotebook.py
View File

@@ -602,7 +602,7 @@ class SystemPage(BWScrolledWindow):
tcp_note.set_line_wrap(False)
tcp_note.set_alignment(1.0, 0.5)
tcp_note.set_markup(
TCP_SEQ_NOTE % (tcp['index'], tcp['difficulty']))
TCP_SEQ_NOTE % tcp)
table.attach(tcp_note, 0, 3, 4, 5)