Streamline the loop construct

- Add support for HTTPS
  - Add support for IPv6
  - Add support for more than one path argument
  - Properly identify the Location header in the HTTP response
  - Properly identify the destination host in the Location header
  - Leverage normalized IP address comparison
  - Avoid processing the HTTP response body, possibly "endless"
  - Add the found IP address as a new scan target (optionally)
Close #3218, close #3191)

.gitignore

@@ -1,9 +1,11 @@
+*~
 *.[oa]
 *.[sl][oa]
 *.gc[dn][oa]
 gmon.out
 Makefile
 config.log
+config.cache
 config.status
 config.h
 makefile.dep
@@ -13,6 +15,8 @@ libtool
 .*.swp
 .deps/
 .libs/
+.svn/
+.dirstamp
 stamp-h1
 /libdnet-stripped/dnet-config
 /nbase/nbase_config.h
@@ -27,6 +31,8 @@ stamp-h1
 /nping/nping
 /nping/nping_config.h
 /nsock/include/nsock_config.h
+/nsock/tests/tests_main
+/tests/*_test
 /zenmap/build/
 /zenmap/INSTALLED_FILES
 TAGS
@@ -42,14 +48,19 @@ libpcap/pcap-linktype.manmisc
 libpcap/pcap-savefile.manfile
 libpcap/pcap-tstamp.manmisc
 libpcap/pcap_version.h
+libpcap/grammar.y
 libssh2/src/libssh2_config.h
 libssh2/lib/
-libpcre/pcre-config
+libpcre/pcre2-config
+libpcre/src/pcre2.h
+libpcre/src/pcre2_chartables.c
 ndiff/INSTALLED_FILES
 libz/contrib/vstudio/vc11/Debug_lib/
 libz/contrib/vstudio/vc11/Release_lib/
 libz/zconf.h
 libz/configure.log
+/liblua/lua
+/liblua/luac
 !liblinear/Makefile
 !liblinear/blas/Makefile
 !liblua/Makefile

CHANGELOG

@@ -1,5 +1,506 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [GH#3191][GH#3218] Script http-internal-ip-disclosure has been enhanced,
+  including added support for IPv6 and HTTPS and more accurate processing
+  of target responses. [nnposter]
+
+o [GH#3194] RPC-based scripts were sporadically failing due to privileged
+  port conflicts. [nnposter]
+
+o [GH#3196] Script rlogin-brute was sporadically failing due to using
+  an off-by-one range for privileged ports and not handling potential
+  port conflicts. [nnposter]
+
+Nmap 7.98 [2025-08-21]
+
+o [SECURITY] Rebuilt the Windows self-installer with NSIS 3.11, addressing
+  CVE-2025-43715--a race condition in earlier NSIS versions that could allow
+  local attackers to escalate to SYSTEM privileges when a vulnerable installer is
+  run as SYSTEM. The Nmap installer does not run as SYSTEM by default.
+
+o Upgraded included libraries: OpenSSL 3.0.17, Lua 5.4.8
+
+o [Windows] Upgraded the included version of Npcap from 1.82 to 1.83, improving
+  compatibility with PPPoE connections. See https://npcap.com/changelog
+
+o [macOS][GH#3127] Fix "dnet: Failed to open device en0" errors on macOS since
+  Nmap 7.96. [Daniel Miller]
+
+o Fixed an issue in FTP bounce scan where a single null byte is written past
+  the end of the receive buffer. The issue is triggered by a malicious server
+  but does not cause a crash with default builds. [Tyler Zars]
+
+o [GH#3130] Fix a crash (stack exhaustion due to excessive recursion) in the
+  parallel DNS resolver. Additionally, improved performance by processing
+  responses that come after the request has timed out. [Daniel Miller]
+
+o [GH#2148] Fix the error, "Assertion failed: (datalink == DLT_EN10MB), function begin_sniffer, file scan_engine_raw.cc"
+  when using Nmap with certain VPN interfaces. [Daniel Miller]
+
+o [GH#2757] Fix a crash in traceroute when using randomly-generated decoys:
+  "Assertion `source->ss_family == AF_INET' failed" [Daniel Miller]
+
+o [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers
+  that are registered as Extension Header values. When the --data option was
+  used, these would fail the assertion "len == (u32) ntohs(ip6->ip6_plen)"
+  [Daniel Miller]
+
+o [GH#3086] Prevent TCP Connect scan (-sT) from leaking one socket per
+  hostgroup, which led to progressively slower scans and assertion failures in
+  other scan phases. [Daniel Miller]
+
+o [NSE][GH#3133] Fix the error "nse_nsock.cc:637: void receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == 1' failed."
+  when reading from an SSL connection. [Daniel Miller]
+
+o [NSE] Added NSE bindings for more libssh2 functions: channel_request,
+  channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive.
+  ssh-brute will now use keyboard-interactive auth if password auth is not
+  offered. [Daniel Miller, CrowdStrike]
+
+o [NSE][GH#3014] Fix dns-zone-transfer to handle nontraditional TLDs [Daniel Miller]
+
+o Fix a bug that was causing Nmap to send empty DNS packets for each target
+  that was not found up instead of just skipping them for reverse DNS.
+
+o [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including
+  post-quantum ciphersuites.
+
+o [GH#3114][Windows] Use only the DNS servers for up and configured interfaces
+  for forward and reverse DNS lookups. When -e or -S are used, use only DNS
+  servers that can be connected via that interface or source address. [Daniel Miller]
+
+o [Ndiff][GH#3115] Have configure script check for PyPA 'build' module. [Daniel Miller]
+
+o [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover latest strings.
+
+o [Zenmap][GH#2718] Zenmap language translation (i18n) files were not being
+  installed. [Daniel Miller]
+
+o [Zenmap][GH#3066] Fix Zenmap error "ValueError: I/O operation on closed file"
+  when Nmap crashes or fails. [Daniel Miller]
+
+o [Zenmap][GH#3084][GH#3127] Fix UnicodeDecodeError issues in ScriptMetadata
+  and UmitConfigParser. [Daniel Miller]
+
+o [NSE][GH#3123] WS-Discovery parsing would error out if the MessageID UUID
+  was not prefixed with "urn:". [nnposter]
+
+Nmap 7.97 [2025-05-12]
+
+o [Zenmap][GH#3087] Fix a crash when starting a scan on Windows in locales that
+  use non-latin character sets. Also changed Nmap to print the time zone as an
+  offset from UTC instead of as a localized string. [Daniel Miller]
+
+o Fixed an issue with the parallel forward DNS resolver: it had not been
+  consulting /etc/hosts, nor did it correctly handle the 'localhost' name.
+  [Daniel Miller]
+
+o [GH#3088] Mitigate a false-positive detection by replacing a malicious URL in
+  the example output of http-malware-host [nnposter]
+
+Nmap 7.96 [2025-05-01]
+
+o Upgraded included libraries: OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1,
+  libpcap 1.10.5, libpcre2 10.45, libdnet 1.18.0
+
+o [Windows] Upgraded the included version of Npcap from version 1.79 to the
+  latest version 1.82, bringing faster packet injection, VLAN header capture,
+  and support for SR-IOV adapters, along with many other bug fixes and feature
+  enhancements described at https://npcap.com/changelog
+
+o [GH#1451] Nmap now performs forward DNS lookups in parallel, using the same
+  engine that has been reliably performing reverse-DNS lookups for nearly a
+  decade. Scanning large lists of hostnames is now enormously faster and avoids
+  the unresponsive wait for blocking system calls, so progress stats can be
+  shown. In testing, resolving 1 million website names to both IPv4 and IPv6
+  took just over an hour. The previous system took 49 hours for the same data
+  set! [Daniel Miller]
+
+o [Nping][GH#2862] Promoted Nping version number from a 0.7.95 alpha release to
+  the same release version as Nmap.
+
+o [Zenmap][GH#2358] Added dark mode, accessed via Profile->Toggle Dark Mode or
+  window::dark_mode in zenmap.conf. [Daniel Miller]
+
+o [NSE] Added 3 new scripts, for a total of 612 NSE scripts:
+
+  + [GH#2973] mikrotik-routeros-version queries MikroTik's WinBox router admin
+    service to get the RouterOS version. New service probes were also added for
+    this service. [deauther890, Daniel Miller]
+
+  + mikrotik-routeros-username-brute brute-forces WinBox usernames for the
+    router using CVE-2024-54772. [deauther890]
+
+  + targets-ipv6-eui64 generates target IPv6 addresses from a user-provided
+    file of MAC addresses, using the EUI-64 method. [Daniel Miller]
+
+o [GH#2982] Fixed an issue preventing the Nmap OEM 7.95 uninstaller from
+  correctly uninstalling Nmap OEM.
+
+o [GH#2139][Nsock][Windows] Fixed the IOCP Nsock engine, which had been demoted
+  since Nmap 7.91 due to unresolved issues around SSL sockets and IPv6. [Daniel Miller]
+
+o [GH#2113] Fixed the issue where TCP Connect scans (-sT) on Windows would show
+  'filtered' instead of 'closed', due to differences in understanding timeouts.
+
+o [GH#2900][GH#2896][GH#2897] Nmap is now able to scan IP protocol 255.
+  [nnposter]
+
+o Nmap will now allow targets to be specified both on the command line and in
+  an input file with -iL. Previously, if targets were provided in both places,
+  only the targets in the input file would be scanned, and no notice was given
+  that the command-line targets were ignored. [Daniel Miller]
+
+o [Zenmap][GH#2854] Fixed a Zenmap crash in DiffViewer when Ndiff exits with error.
+
+o [Zenmap] Fixed several UnicodeDecodeError or UnicodeEncodeError crashes
+  throughout Zenmap.
+
+o [Zenmap][GH#1696] Fixed an issue preventing Zenmap from launching if nmap was
+  not in the PATH. The issue primarily affected macOS users. [Daniel Miller]
+
+o [GH#2838][GH#2836] Fixed a couple of issues with parsing the argument to the
+  -iR option.
+
+o [NSE][GH#2852] Added TLS support to redis.lua and improved -sV detection of redis.
+
+o [GH#2954] Fix 2 potential crashes in parsing IPv6 extension headers
+  discovered using AFL++ fuzzer. [Domen Puncer Kugler, Daniel Miller]
+
+o [Nping] Bind raw socket to device when possible. This was already done for
+  IPv6, but was needed for IPv4 L3 tunnels. [ValdikSS]
+
+o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP
+  connections. This makes it more compatible with other netcats. The -k option
+  will enable the old behavior. See https://seclists.org/nmap-dev/2013/q1/188
+  [Daniel Miller]
+
+o [Nsock][GH#2788] Fix an issue affecting Ncat where unread bytes in the SSL
+  layer's buffer could not be read until more data arrived on the socket, which
+  could lead to deadlock. [Daniel Miller]
+
+o [Ncat][GH#2422] New Ncat option -q to delay quit after EOF on stdin, the
+  same as traditional netcat's -q option. [Daniel Miller]
+
+o [Ncat][GH#2843] Ncat in listen mode with -e or -c correctly handles error and
+  EOF conditions that had not been being delivered to the child process.
+
+o [Ncat][Windows] All Nsock engines now work correctly. The default is still
+  'select', but others can be set with --nsock-engine=iocp or
+  --nsock-engine=poll [Daniel Miller]
+
+o [NSE][GH#1014][GH#2616] SSH NSE scripts now catch connection errors thrown by
+  the libssh2 Lua binding, providing useful output instead of a backtrace.
+  [Joshua Rogers, Daniel Miller]
+
+o [NSE] Several fixes and extensions to the libssh2 NSE bindings: fixed
+  libssh2.channel_read_stderr, which was reading stdout instead; add binding
+  for libssh2_userauth_publickey_frommemory; allow open_channel to avoid allocating a pty;
+
+o [Nsock] Improvements for platforms without selectable pcap handles (e.g.
+  Windows). Interleaved pcap and socket events were favoring pcap reads,
+  possibly resulting in timeouts of the socket events. [Daniel Miller]
+
+o [Nsock] Improved memory performance of poll engine on Windows. [Daniel Miller]
+
+o [Nsock][GH#187][GH#2912] Improvements to Nsock event list management, fixing
+  errors like "could not find 1 of the purportedly pending events on that IOD." [Daniel Miller]
+
+o When Nmap is used with --disable-arp-ping, a local IP that cannot be
+  ARP-resolved will use the "no-route" reason instead of the "unknown-response"
+  reason, since no response was received.
+
+o [NSE][GH#2571][GH#2572][GH#2622][GH#2784] Various bug fixes in the mssql NSE
+  library. [johnjaylward, nnposter]
+
+o [NSE][GH#2925][GH#2917][GH#2924] Testing for acceptance of SSH keys for
+  a given username caused heap corruption. [Julijan Nedic, nnposter]
+
+o [NSE][GH#2919][GH#2917] Scripts were not able to load SSH public keys.
+  from a file. [nnposter]
+
+o [NSE][GH#2928][GH#2640] Encryption/decryption performed by the OpenSSL NSE
+  module did not work correctly when the IV started with a null byte.
+  [nnposter]
+
+o [NSE][GH#2901][GH#2744][GH#2745] Arbitrary separator in stdnse.tohex() is now
+  supported. Script smb-protocols now reports SMB dialects correctly.
+  [nnposter]
+
+o [NSE] ether_type inconsistency in packet.Frame has been resolved. Both
+  Frame:new() and Frame:build_ether_frame() now use an integer. [nnposter]
+
+Nmap 7.95 [2024-04-23]
+
+o Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
+  bringing the new total to 6,036.  Additions include iOS 15 & 16, macOS
+  Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
+
+o Integrated over 2,500 service/version detection fingerprints. The signature
+  count went up 1.4% to 12,089, including 9 new softmatches.  We now detect
+  1,246 protocols, including new additions of grpc, mysqlx, essnet,
+  remotemouse, and tuya.
+
+o [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission
+  driver) from version 1.75 to the latest version 1.79. It includes many
+  performance improvements, bug fixes and feature enhancements described at
+  https://npcap.com/changelog.
+
+o [NSE] Added four new scripts from the DINA community
+  (https://github.com/DINA-community) for querying industrial control
+  systems:
+
+  + hartip-info reads device information from devices using the Highway
+    Addressable Remote Transducer protocol
+
+  + iec61850-mms queries devices using Manufacturing Message Specification
+    requests. [Dennis Rösch, Max Helbig]
+
+  + multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All
+    message and prints the responses. [Stefan Eiwanger, DINA-community]
+
+  + profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the
+    PNIO-CM service.
+
+o Improvements to OS detection fingerprint matching, including a syntax
+  change for nmap-os-db that allows ranges within the TCP Options
+  string. This leads to more concise and maintainable fingerprints. [Daniel
+  Miller]
+
+o Improved the OS detection engine by using a new source port for each retry.
+  Scans from systems such as Windows that do not send RST for unsolicited
+  SYN|ACK responses were previously unable to get a response in subsequent
+  tries. [Daniel Miller]
+
+o Several profile-guided optimizations of the port scan engine. [Daniel Miller]
+
+o Upgraded from libpcre 7.6 to libpcre2 10.43.
+
+o Upgraded included libraries: Lua 5.4.6, zlib 1.3.1, libssh2 1.11.0, and
+  liblinear 2.47
+
+o [GH#2639] Upgraded OpenSSL binaries (for the Windows builds and for RPMs)
+  to version 3.0.13. This addresses various OpenSSL vulnerabilities which
+  don't impact Nmap (full details are in the GH issue).
+
+o [GH#2672] Fixed an issue where TCP Connect scan (-sT) on Windows would fail
+  to open any sockets, leading to scans that never finish. [Daniel Miller]
+
+o [Zenmap][Ndiff][GH#2649] Zenmap and Ndiff now use setuptools, not distutils
+   for packaging.
+
+o [Ncat][GH#2685] Fixed Ncat UDP server mode to not quit after EOF on
+  stdin. Reported as Debian bug:
+  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613
+
+o [NSE] ssh-auth-methods will now print the pre-authentication banner text
+  when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
+
+o [Zenmap][GH#2739] Fix a crash in Zenmap when changing a host comment.
+
+o [NSE][GH#2766] Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
+
+o [Zenmap][GH#2706] RPM spec files now correctly require the python3 package, not python>=3
+
+o [GH#2731] Fix an out-of-bounds read which led to out-of-memory errors when
+  duplicate addresses were used with --exclude
+
+o [GH#2609] Fixed a memory leak in Nsock: compiled pcap filters were not freed.
+
+o [GH#2658] Fixed a crash when using service name wildcards with -p, as in -p "http*"
+
+o [GH#2657] Fixed an issue where NSE-assigned service names could be overwritten
+  prior to output, leading to XML validation errors and unprintable screen output.
+
+o [NSE] Fixed DNS TXT record parsing bug which caused asn-query to fail in
+  Nmap 7.80 and later. [David Fifield, Mike Pattrick]
+
+o [NSE][GH#2727][GH#2728] Fixed packet size testing in KNX scripts [f0rw4rd]
+
+Nmap 7.94 [2023-05-19]
+
+o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
+  this effort possible:
+  + [GH#2088][GH#1176][Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík]
+
+  + [GH#1807][GH#1176][Ndiff] Updated Ndiff to Python 3. [Brian Quigley]
+
+  + Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
+    to those who opened Python 3-related issues and pull requests: Eli
+    Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
+    Hasan Aliyev, and others.
+
+o [Windows] Upgraded Npcap (our Windows raw packet capturing and
+  transmission driver) from version 1.71 to the latest version 1.75. It
+  includes dozens of performance improvements, bug fixes and feature
+  enhancements described at https://npcap.com/changelog.
+
+o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M
+  (28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC
+  prefix used previously for lookups.
+
+o Added partial silent-install support to the Nmap Windows
+  installer. It previously didn't offer silent mode (/S) because the
+  free/demo version of Npcap Windoes packet capturing driver that it
+  needs and ships with doesn't include a silent installer. Now with
+  the /S option, Nmap checks whether Npcap is already installed
+  (either the free version or OEM) and will silently install itself if
+  so. This is similar to how the Wireshark installer works and is
+  particularly helpful for organizations that want to fully automate
+  their Nmap (and Npcap) deployments. See
+  https://nmap.org/nmap-silent-install for more details.
+
+o Lots of profile-guided memory and processing improvements for Nmap, including
+  OS fingerprint matching, probe matching and retransmission lookups for large
+  hostgroups, and service name lookups. Overhauled Nmap's string interning and
+  several other startup-related procedures to speed up start times, especially
+  for scans using OS detection. [Daniel Miller]
+
+o Integrated many of the most-submitted IPv4 OS fingerprints for recent
+  versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints,
+  bringing the new total to 5700!
+
+o [NSE][GH#548] Added the tftp-version script which requests a
+  nonexistent file from a TFTP server and matches the error message
+  to a database of known software. [Mak Kolybabi]
+
+o [Ncat][GH#1223] Ncat can now accept "connections" from multiple UDP hosts in
+  listen mode with the --keep-open option. This also enables --broker and
+  --chat via UDP. [Daniel Miller]
+
+o [GH#2575] Upgraded OpenSSL binaries (for the Windows builds and for
+  RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602;
+  CVE-2022-3786) which don't impact Nmap proper since it doesn't do
+  certificate validation, but could possibly impact Ncat when the
+  --ssl-verify option is used.
+
+o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
+
+o [GH#2532] Removed the bogus OpenSSL message from the Windows Nmap
+  executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL
+  legacy provider failed to load." We actually already have the legacy
+  provider built-in to our OpenSSL builds, and that's why loading the
+  external one fails.
+
+o [GH#2541] UDP port scan (-sU) and version scan (-sV) now both use the same
+  data source, nmap-service-probes, for data payloads. Previously, the
+  nmap-payloads file was used for port scan. Port scan responses will be used
+  to kick-start the version matching process. [Daniel Miller]
+
+o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
+  the same as it already does for TCP services with SSL/TLS encryption. The
+  DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent
+  sooner in the scan. [Daniel Miller]
+
+o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming
+  connections. [Daniel Miller]
+
+o [GH#1023] Handle Internationalized Domain Names (IDN) like Яндекс.рф on
+  platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
+
+o [Ncat] Addressed an issue from the Debian bug tracker
+  (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
+  received immediately after a SOCKS CONNECT response. Ncat can now be
+  correctly used in the ProxyCommand option of OpenSSH.
+
+o Improved DNS domain name parsing to avoid recursion and enforce name length
+  limits, avoiding a theoretical stack exhaustion issue with certain crafted DNS
+  server responses, reported by Philippe Antoine.
+
+o [GH#2338][NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
+  errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]
+
+o [GH#2507] Updates to the Japanese manpage translation by Taichi Kotake.
+
+o [Ncat][GH#1026][GH#2426] Dramatically speed up Ncat transfers on
+  Windows by avoiding a 125ms wait for every read from
+  STDIN. [scriptjunkie]
+
+o [GH#1192][Windows] Periodically reset the system idle timer to keep the
+  system from going to sleep while scans are in process. This only affects port
+  scans and OS detection scans, since NSE and version scan do not rely on
+  timing data to adjust speed.
+
+o Updated the Nmap Public Source License (NPSL) to Version 0.95. This
+  just clarifies that the derivative works definition and all other
+  license clauses only apply to parties who choose to accept the
+  license in return for the special rights granted (such as Nmap
+  redistribution rights). If a party can do everything they need to
+  using copyright provisions outside of this license such as fair use,
+  we support that and aren't trying to claim any control over their
+  work. Versions of Nmap released under previous versions of the NPSL
+  may also be used under the NPSL 0.95 terms.
+
+o Avoid storing many small strings from IPv4 OS detection results in the global
+  string_pool. These were effectively leaked after a host is done being
+  scanned, since string_pool allocations are not freed until Nmap quits.
+
+Nmap 7.93 [2022-09-01]
+
+o This release commemorates Nmap's 25th anniversary! It all started with this
+  September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
+
+o [Windows] Upgraded Npcap (our Windows raw packet capturing and
+  transmission driver) from version 1.50 to the latest version 1.71. It
+  includes dozens of performance improvements, bug fixes and feature
+  enhancements described at https://npcap.com/changelog.
+
+o Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions.
+  Binaries for this release include OpenSSL 3.0.5.
+
+o Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
+
+o [GH#2416] Fix a bug that prevented Nmap from discovering interfaces on Linux
+  when no IPv4 addresses were configured. [Daniel Miller, nnposter]
+
+o [NSE][GH#2463] NSE "exception handling" with nmap.new_try() will no longer
+  result in a stack traceback in debug output nor a "ERROR: script execution
+  failed" message in script output, since the intended behavior has always been
+  to end the script immediately without output. [Daniel Miller]
+
+o [GH#2494] Update the Nmap output DTD to match actual output since the
+  `<hosthint>` element was added in Nmap 7.90.
+
+o [NSE][GH#2496] Fix newtargets support: since Nmap 7.92, scripts could not add
+  targets in script pre-scanning phase. [Daniel Miller]
+
+o [GH#2468] Scripts dhcp-discover and broadcast-dhcp-discover now support
+  setting a client identifier. [nnposter]
+
+o [GH#2331][GH#2471] Script oracle-tns-version was not reporting the version
+  correctly for Oracle 19c or newer [linholmes]
+
+o [GH#2296][GH#2342] Script redis-info was crashing or producing inaccurate
+  information about client connections and/or cluster nodes. [nnposter]
+
+o [GH#2379] Nmap and Nping were unable to obtain system routes on FreeBSD
+  [benpratt, nnposter]
+
+o [GH#2464] Script ipidseq was broken due to calling an unreachable library
+  function. [nnposter]
+
+o [GH#2420][GH#2436] Support for EC crypto was not properly enabled if Nmap
+  was compiled with OpenSSL in a custom location. [nnposter]
+
+o [NSE] Improvements to event handling and pcap socket garbage collection,
+  fixing potential hangs and crashes. [Daniel Miller]
+
+o We ceased creating the Nmap win32 binary zipfile. It was useful back when
+  you could just unzip it and run Nmap from there, but that hasn't worked well
+  for many years. The win32 self-installer handles Npcap installation and many
+  other dependencies and complexities. Anyone who needs the binaries for some
+  reason can still install Nmap on any system and retrieve them from there.
+  For now we're keeping the Win32 zipfile in the Nmap OEM Edition
+  (https://nmap.org/oem) for companies building Nmap into their own
+  products. But even in that case we believe that running the Nmap OEM
+  self-installer in silent mode is a better approach.
+
+o [GH#2388] Fix TDS7 password encoding for mssql.lua, which had been assuming
+  ASCII input even though other parts of the library had been passing it Unicode.
+
+o [GH#2402] Replace deprecated CPEs for IIS with their updated identifier,
+  cpe:/a:microsoft:internet_information_services [Esa Jokinen]
+
 o [NSE][GH#2393] Fix script-terminating error when unknown BSON data types are
   encountered. Added parsers for most standard data types. [Daniel Miller]
 
@@ -14,7 +515,7 @@ Nmap 7.92 [2021-08-07]
 o [Windows] Upgraded Npcap (our Windows raw packet capturing and
   transmission driver) from version 1.00 to the latest version 1.50. You can
   read about the dozens of performance improvements, bug fixes and feature
-  enhancements at https://npcap.org/changelog.
+  enhancements at https://npcap.com/changelog.
 
 o [Windows] Thanks to the Npcap 1.50 upgrade, Nmap now works on the Windows
   ARM architecture so you can run it on lightweight and power-efficient
@@ -76,7 +577,7 @@ o [GH#2350] Upgraded OpenSSL to version 1.1.1k. This addresses some
   https://github.com/nmap/nmap/issues/2350
 
 o Removed support for the ancient WinPcap library since we already include
-  our own Npcap library (https://npcap.org) supporting the same API. WinPcap
+  our own Npcap library (https://npcap.com) supporting the same API. WinPcap
   was abandoned years ago and it's official download page says that "WE
   RECOMMEND USING Npcap INSTEAD" for security, stability, compatibility, and
   support reasons.
@@ -161,6 +662,11 @@ o [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most
 o [NSE] Loading of a Nikto database failed if the file was referenced
   relative to the Nmap directory [nnposter]
 
+o We're no longer building and distributing 32-bit Linux binary RPMs since
+  the vast majority of users are on x64 systems now. Nmap still works on
+  32-bit systems and so users can build it themselves from the source
+  RPMs or tarball, or obtain it from their distribution's repository. 
+
 o [GH#2199] Updated Nmap's NPSL license to rewrite a poorly-worded clause
   about "proprietary software companies".  The new license version 0.93 is
   still available from https://nmap.org/npsl/. As described on that page, we
@@ -213,7 +719,7 @@ o [Windows] Upgraded Npcap, our Windows packet capturing (and sending)
   library to the milestone 1.00 release! It's the culmination of 7 years of
   development with 170 public pre-releases. This includes dozens of
   performance improvements, bug fixes, and feature enhancements described
-  at https://npcap.org/changelog.
+  at https://npcap.com/changelog.
 
 o Integrated over 800 service/version detection fingerprints submitted since
   August 2017. The signature count went up 1.8% to 11,878, including 17 new
@@ -506,10 +1012,10 @@ o [NSE] Fixed a bug in http-wordpress-users.nse that could cause
 
 Nmap 7.80 [2019-08-10]
 
-o [Windows] The Npcap Windows packet capturing library (https://npcap.org/)
+o [Windows] The Npcap Windows packet capturing library (https://npcap.com/)
   is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap
   from version 0.99-r2 to 0.9982, including all of these changes from the
-  last 15 Npcap releases: https://nmap.org/npcap/changelog
+  last 15 Npcap releases: https://npcap.com/changelog
 
 o [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598!
   They are all listed at https://nmap.org/nsedoc/, and the summaries are
@@ -715,8 +1221,8 @@ o [Zenmap] Fix a crash when Nmap executable cannot be found and the system
   PATH contains non-UTF-8 bytes, such as on Windows. [Daniel Miller]
 
 o [Zenmap] Fix a crash in results search when using the dir: operator:
-    AttributeError: 'SearchDB' object has no attribute 'match_dir' [Daniel
-    Miller]
+    AttributeError: 'SearchDB' object has no attribute 'match_dir'
+  [Daniel Miller]
 
 o [Ncat][GH#1372] Fixed an issue with Ncat -e on Windows that caused early
   termination of connections. [Alberto Garcia Illera]
@@ -837,11 +1343,11 @@ o New service probe and match lines for adb, the Android Debug Bridge, which
 Nmap 7.70 [2018-03-20]
 
 o [Windows] We made a ton of improvements to our Npcap Windows packet
-  capturing library (https://nmap.org/npcap/) for greater performance and
+  capturing library (https://npcap.com/) for greater performance and
   stability, as well as smoother installer and better 802.11 raw frame
   capturing support. Nmap 7.70 updates the bundled Npcap from version 0.93 to
   0.99-r2, including all these changes from the last seven Npcap releases:
-  https://nmap.org/npcap/changelog
+  https://npcap.com/changelog
 
 o Integrated all of your service/version detection fingerprints submitted from
   March 2017 to August 2017 (728 of them). The signature count went up 1.02%
@@ -1646,16 +2152,6 @@ o Various performance improvements for large-scale high-rate scanning,
   including increased ping host groups, faster probe matching, and ensuring
   data types can handle an Internet's-worth of targets. [Tudor Emil Coman]
 
-o [NSE] Added the oracle-tns-version NSE script which decodes the version
-  number from Oracle Database Server's TNS
-  listener. https://nmap.org/nsedoc/scripts/oracle-tns-version.html [Daniel
-  Miller]
-
-o [NSE] Added the clock-skew NSE script which analyzes and reports clock skew
-  between Nmap and services that report timestamps, grouping hosts with
-  similar skews. https://nmap.org/nsedoc/scripts/clock-skew.html [Daniel
-  Miller]
-
 o [Zenmap] Long-overdue Spanish language translation has been added! Muy bien!
   [Vincent Dumont, Marta Garcia De La Paz, Paulino Calderon, Patricio Castagnaro]
 
@@ -1758,7 +2254,7 @@ Nmap 7.25BETA1 [2016-07-15]
 o Nmap now ships with and uses Npcap, our new packet sniffing library
   for Windows. It's based on WinPcap (unmaintained for years), but
   uses modern Windows APIs for better performance. It also includes
-  security improvements and many bug fixes. See https://npcap.org. And
+  security improvements and many bug fixes. See https://npcap.com. And
   it enables Nmap to perform SYN scans and OS detection against
   localhost, which we haven't been able to do on Windows since
   Microsoft removed the raw sockets API in 2003. [Yang Luo, Daniel
@@ -2381,8 +2877,8 @@ o [GH#115][NSE] ssl-enum-ciphers will still produce output if OpenSSL
 Nmap 6.49BETA4 [2015-07-06]
 
 o Fix a hang on OS X in Zenmap's Topology page with error
-  "zenmap_wrapper.py[857]: GError: Couldn't recognize the image file format for
-  file '/Applications/Zenmap.app/Contents/MacOS/../Resources/share/zenmap/pixmaps/radialnet/padlock.png'
+    zenmap_wrapper.py[857]: GError: Couldn't recognize the image file format for file
+    '/Applications/Zenmap.app/Contents/MacOS/../Resources/share/zenmap/pixmaps/radialnet/padlock.png'
   http://seclists.org/nmap-dev/2015/q3/8 [Daniel Miller]
 
 o Fix a small memory leak for each target specified as a hostname which fails
@@ -4071,8 +4567,8 @@ Nmap 6.01 [2012-06-16]
 
 o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7. A symptom
   of the hang was this message in the system console:
-  "Couldn't recognize the image file format for file
-  '/Applications/Zenmap.app/Contents/MacOS/../Resources/share/zenmap/pixmaps/radialnet/padlock.png'".
+    Couldn't recognize the image file format for file
+    '/Applications/Zenmap.app/Contents/MacOS/../Resources/share/zenmap/pixmaps/radialnet/padlock.png'
   [David Fifield]
 
 o [Zenmap] Fixed a crash that happened when activating the host filter.
@@ -15892,7 +16388,7 @@ o Fixed a crash problem in NmapFE reported by sverre ( sverre(a)gmx.net )
 
 o Added an "SInfo" line to most printed fingerprints.  It looks
   similar to this:
-  SInfo(V=2.54BETA4%P=i686-pc-linux-gnu%D=9/4%Time=9681031%O=7%C=1)
+    SInfo(V=2.54BETA4%P=i686-pc-linux-gnu%D=9/4%Time=9681031%O=7%C=1)
   and contains information useful when fingerprints are reported (Nmap
   version/platform, scan date, and open/closed ports used)
 

FPEngine.cc

@@ -5,60 +5,59 @@
  * https://nmap.org/osdetect/                                               *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -77,8 +76,6 @@ extern NmapOps o;
 #ifdef WIN32
 /* Need DnetName2PcapName */
 #include "libnetutil/netutil.h"
-/* from libdnet's intf-win32.c */
-extern "C" int g_has_npcap_loopback;
 #endif
 
 #include <math.h>
@@ -142,7 +139,8 @@ void FPNetworkControl::init(const char *ifname, devtype iftype) {
   nmap_set_nsock_logger();
   nmap_adjust_loglevel(o.packetTrace());
 
-  nsock_pool_set_device(nsp, o.device);
+  if (*o.device)
+    nsock_pool_set_device(nsp, o.device);
 
   if (o.proxy_chain)
     nsock_pool_set_proxychain(this->nsp, o.proxy_chain);
@@ -157,27 +155,14 @@ void FPNetworkControl::init(const char *ifname, devtype iftype) {
   /* Flag it as already initialized so we free this nsp next time */
   this->nsock_init = true;
 
+  /* We don't need to store the eth handle because FPProbes come with a
+   * suitable one (FPProbes::getEthernet()), we just attempt to obtain one
+   * to see if it fails. */
+  netutil_eth_t *ethsd = NULL;
+
   /* Obtain raw socket or check that we can obtain an eth descriptor. */
-  if ((o.sendpref & PACKET_SEND_ETH) && (iftype == devt_ethernet
-#ifdef WIN32
-        || (g_has_npcap_loopback && iftype == devt_loopback)
-#endif
-        ) && ifname != NULL) {
-    /* We don't need to store the eth handler because FPProbes come with a
-     * suitable one (FPProbes::getEthernet()), we just attempt to obtain one
-     * to see if it fails. */
-    if (eth_open_cached(ifname) == NULL)
-      fatal("dnet: failed to open device %s", ifname);
-    this->rawsd = -1;
-  } else {
-#ifdef WIN32
-    win32_fatal_raw_sockets(ifname);
-#endif
-    if (this->rawsd >= 0)
-      close(this->rawsd);
-    rawsd = nmap_raw_socket();
-    if (rawsd < 0)
-      pfatal("Couldn't obtain raw socket in %s", __func__);
+  if (!raw_socket_or_eth(o.sendpref, ifname, iftype, &this->rawsd, &ethsd)) {
+    fatal("Couldn't obtain raw socket or eth handle in %s", __func__);
   }
 
   /* De-register existing callers */
@@ -1173,6 +1158,10 @@ int FPEngine6::os_scan(std::vector<Target *> &Targets) {
         (int) curr_hosts.size(), (int) left_hosts.size(), (int) done_hosts.size());
     }
 
+#ifdef WIN32
+    // Reset system idle timer to avoid going to sleep
+    SetThreadExecutionState(ES_SYSTEM_REQUIRED);
+#endif
     /* Go through the list of hosts and ask them to schedule their probes */
     for (unsigned int i = 0; i < curr_hosts.size(); i++) {
 
@@ -1690,9 +1679,7 @@ int FPHost6::build_probe_list() {
       "\x03\x03\x0f\x01\x02\x04\x01\x09\x08\x0A\xff\xff\xff\xff\x00\x00\x00\x00\x04\x02", 20 },
   };
 
-  sockaddr_storage ss;
-  size_t slen = 0;
-  sockaddr_in6 *ss6 = (sockaddr_in6 *)&ss;
+  const sockaddr_in6 *ss6 = NULL;
   IPv6Header *ip6;
   ICMPv6Header *icmp6;
   UDPHeader *udp;
@@ -1725,7 +1712,9 @@ int FPHost6::build_probe_list() {
     this->fp_probes[this->total_probes].host = this;
     this->fp_probes[this->total_probes].setPacket(ip6);
     this->fp_probes[this->total_probes].setProbeID(TCP_DESCS[i].id);
-    this->fp_probes[this->total_probes].setEthernet(this->target_host->SrcMACAddress(), this->target_host->NextHopMACAddress(), this->target_host->deviceName());
+    if (this->netctl->l2_frames()) {
+      this->fp_probes[this->total_probes].setEthernet(this->target_host);
+    }
     /* Mark as a timed probe. */
     this->fp_probes[this->total_probes].setTimed();
     this->timed_probes++;
@@ -1744,9 +1733,9 @@ int FPHost6::build_probe_list() {
   icmp6 = new ICMPv6Header();
   hopbyhop1 = new HopByHopHeader();
   payload = new RawData();
-  this->target_host->SourceSockAddr(&ss, &slen);
+  ss6 = (const sockaddr_in6 *) this->target_host->SourceSockAddr();
   ip6->setSourceAddress(ss6->sin6_addr);
-  this->target_host->TargetSockAddr(&ss, &slen);
+  ss6 = (const sockaddr_in6 *) this->target_host->TargetSockAddr();
   ip6->setDestinationAddress(ss6->sin6_addr);
   ip6->setFlowLabel(OSDETECT_FLOW_LABEL);
   ip6->setHopLimit(get_hoplimit());
@@ -1766,7 +1755,9 @@ int FPHost6::build_probe_list() {
   this->fp_probes[this->total_probes].host = this;
   this->fp_probes[this->total_probes].setPacket(ip6);
   this->fp_probes[this->total_probes].setProbeID("IE1");
-  this->fp_probes[this->total_probes].setEthernet(this->target_host->SrcMACAddress(), this->target_host->NextHopMACAddress(), this->target_host->deviceName());
+  if (this->netctl->l2_frames()) {
+    this->fp_probes[this->total_probes].setEthernet(this->target_host);
+  }
   this->total_probes++;
 
   /* ICMP Probe #2: Echo Request with badly ordered extension headers */
@@ -1777,9 +1768,9 @@ int FPHost6::build_probe_list() {
   hopbyhop2 = new HopByHopHeader();
   icmp6 = new ICMPv6Header();
   payload = new RawData();
-  this->target_host->SourceSockAddr(&ss, &slen);
+  ss6 = (const sockaddr_in6 *) this->target_host->SourceSockAddr();
   ip6->setSourceAddress(ss6->sin6_addr);
-  this->target_host->TargetSockAddr(&ss, &slen);
+  ss6 = (const sockaddr_in6 *) this->target_host->TargetSockAddr();
   ip6->setDestinationAddress(ss6->sin6_addr);
   ip6->setFlowLabel(OSDETECT_FLOW_LABEL);
   ip6->setHopLimit(get_hoplimit());
@@ -1803,20 +1794,22 @@ int FPHost6::build_probe_list() {
   this->fp_probes[this->total_probes].host = this;
   this->fp_probes[this->total_probes].setPacket(ip6);
   this->fp_probes[this->total_probes].setProbeID("IE2");
-  this->fp_probes[this->total_probes].setEthernet(this->target_host->SrcMACAddress(), this->target_host->NextHopMACAddress(), this->target_host->deviceName());
+  if (this->netctl->l2_frames()) {
+    this->fp_probes[this->total_probes].setEthernet(this->target_host);
+  }
   this->total_probes++;
 
   /* ICMP Probe #3: Neighbor Solicitation. (only sent to on-link targets) */
   if (this->target_host->directlyConnected()
 #ifdef WIN32
-    && !(g_has_npcap_loopback && this->target_host->ifType() == devt_loopback)
+    && this->target_host->ifType() != devt_loopback
 #endif
     ) {
     ip6 = new IPv6Header();
     icmp6 = new ICMPv6Header();
-    this->target_host->SourceSockAddr(&ss, &slen);
+    ss6 = (const sockaddr_in6 *) this->target_host->SourceSockAddr();
     ip6->setSourceAddress(ss6->sin6_addr);
-    this->target_host->TargetSockAddr(&ss, &slen);
+    ss6 = (const sockaddr_in6 *) this->target_host->TargetSockAddr();
     ip6->setDestinationAddress(ss6->sin6_addr);
     ip6->setFlowLabel(OSDETECT_FLOW_LABEL);
     /* RFC 2461 section 7.1.1: "A node MUST silently discard any received
@@ -1833,7 +1826,9 @@ int FPHost6::build_probe_list() {
     this->fp_probes[this->total_probes].host = this;
     this->fp_probes[this->total_probes].setPacket(ip6);
     this->fp_probes[this->total_probes].setProbeID("NS");
-    this->fp_probes[this->total_probes].setEthernet(this->target_host->SrcMACAddress(), this->target_host->NextHopMACAddress(), this->target_host->deviceName());
+    if (this->netctl->l2_frames()) {
+      this->fp_probes[this->total_probes].setEthernet(this->target_host);
+    }
     this->total_probes++;
   }
 
@@ -1844,9 +1839,9 @@ int FPHost6::build_probe_list() {
   ip6 = new IPv6Header();
   udp = new UDPHeader();
   payload = new RawData();
-  this->target_host->SourceSockAddr(&ss, &slen);
+  ss6 = (const sockaddr_in6 *) this->target_host->SourceSockAddr();
   ip6->setSourceAddress(ss6->sin6_addr);
-  this->target_host->TargetSockAddr(&ss, &slen);
+  ss6 = (const sockaddr_in6 *) this->target_host->TargetSockAddr();
   ip6->setDestinationAddress(ss6->sin6_addr);
   ip6->setFlowLabel(OSDETECT_FLOW_LABEL);
   ip6->setHopLimit(get_hoplimit());
@@ -1862,7 +1857,9 @@ int FPHost6::build_probe_list() {
   this->fp_probes[this->total_probes].host = this;
   this->fp_probes[this->total_probes].setPacket(ip6);
   this->fp_probes[this->total_probes].setProbeID("U1");
-  this->fp_probes[this->total_probes].setEthernet(this->target_host->SrcMACAddress(), this->target_host->NextHopMACAddress(), this->target_host->deviceName());
+  if (this->netctl->l2_frames()) {
+    this->fp_probes[this->total_probes].setEthernet(this->target_host);
+  }
   this->total_probes++;
 
   /* Set TECN probe */
@@ -1879,7 +1876,9 @@ int FPHost6::build_probe_list() {
     this->fp_probes[this->total_probes].host = this;
     this->fp_probes[this->total_probes].setPacket(ip6);
     this->fp_probes[this->total_probes].setProbeID(TCP_DESCS[i].id);
-    this->fp_probes[this->total_probes].setEthernet(this->target_host->SrcMACAddress(), this->target_host->NextHopMACAddress(), this->target_host->deviceName());
+    if (this->netctl->l2_frames()) {
+      this->fp_probes[this->total_probes].setEthernet(this->target_host);
+    }
     this->total_probes++;
   }
   i++;
@@ -1904,7 +1903,9 @@ int FPHost6::build_probe_list() {
     this->fp_probes[this->total_probes].host = this;
     this->fp_probes[this->total_probes].setPacket(ip6);
     this->fp_probes[this->total_probes].setProbeID(TCP_DESCS[i].id);
-    this->fp_probes[this->total_probes].setEthernet(this->target_host->SrcMACAddress(), this->target_host->NextHopMACAddress(), this->target_host->deviceName());
+    if (this->netctl->l2_frames()) {
+      this->fp_probes[this->total_probes].setEthernet(this->target_host);
+    }
     this->total_probes++;
   }
 
@@ -2040,7 +2041,8 @@ int FPHost6::schedule() {
       }
 
       /* Check if the probe timedout */
-      if (TIMEVAL_SUBTRACT(now, this->fp_probes[i].getTimeSent()) >= this->rto) {
+      struct timeval sent = this->fp_probes[i].getTimeSent();
+      if (TIMEVAL_SUBTRACT(now, sent) >= this->rto) {
 
         /* If we have reached the maximum number of retransmissions, mark the
          * probe as failed. Otherwise, schedule its transmission. */
@@ -2098,10 +2100,11 @@ int FPHost6::schedule() {
         continue;
       }
 
+      struct timeval sent = this->fp_probes[i].getTimeSent();
       /* If there is some timed probe for which we have already scheduled its
        * retransmission but it hasn't been sent yet, break the loop. We don't
        * have to worry about retransmitting these probes yet.*/
-      if (this->fp_probes[i].getTimeSent().tv_sec == 0)
+      if (sent.tv_sec == 0)
         return OP_SUCCESS;
 
       /* If we got a total timeout for any of the timed probes, we shouldn't
@@ -2117,7 +2120,7 @@ int FPHost6::schedule() {
        * time out (max retransmissions done and still no answer) then mark
        * it as such. Otherwise, count it so we can retransmit the whole
        * group of timed probes later if appropriate. */
-      if (TIMEVAL_SUBTRACT(now, this->fp_probes[i].getTimeSent()) >= this->rto) {
+      if (TIMEVAL_SUBTRACT(now, sent) >= this->rto) {
         if (o.debugging > 3) {
           log_write(LOG_PLAIN, "[%s] timed probe %d (%s) timedout\n",
             this->target_host->targetipstr(), i, this->fp_probes[i].getProbeID());
@@ -2317,11 +2320,13 @@ int FPHost6::callback(const u8 *pkt, size_t pkt_len, const struct timeval *tv) {
 
       /* See if the received packet is a response to a probe */
       if (this->fp_probes[i].isResponse(rcvd)) {
-          struct timeval now, time_sent;
+          struct timeval time_sent = this->fp_probes[i].getTimeSent();
+          assert(time_sent.tv_sec > 0);
+          struct timeval now;
 
           gettimeofday(&now, NULL);
           this->fp_responses[i] = new FPResponse(this->fp_probes[i].getProbeID(),
-            pkt, pkt_len, fp_probes[i].getTimeSent(), *tv);
+            pkt, pkt_len, time_sent, *tv);
           this->fp_probes[i].incrementReplies();
           match_found = true;
 
@@ -2340,8 +2345,6 @@ int FPHost6::callback(const u8 *pkt, size_t pkt_len, const struct timeval *tv) {
           }
           this->probes_answered++;
           /* Recompute the Retransmission Timeout based on this new RTT observation. */
-          time_sent = this->fp_probes[i].getTimeSent();
-          assert(time_sent.tv_sec > 0);
           this->update_RTO(TIMEVAL_SUBTRACT(now, time_sent), this->fp_probes[i].getRetransmissions() != 0);
           break;
       }
@@ -2489,22 +2492,34 @@ size_t FPPacket::getLength() const {
  * values, like this: instance.setEthernet(NULL, NULL, NULL);
  * Otherwise, pass the source address, the next hop address and the name of
  * the network interface the packet should be injected through. */
-int FPPacket::setEthernet(const u8 *src_mac, const u8 *dst_mac, const char *devname) {
-  if (src_mac == NULL || dst_mac == NULL) {
-   memset(&(this->eth_hdr), 0, sizeof(struct eth_nfo));
-   this->link_eth = false;
-   return OP_FAILURE;
-  }
-  memcpy(this->eth_hdr.srcmac, src_mac, 6);
-  memcpy(this->eth_hdr.dstmac, dst_mac, 6);
-  this->link_eth = true;
+int FPPacket::setEthernet(const Target *target) {
+  const char *devname = target->deviceName();
+  this->link_eth = false;
   if (devname != NULL) {
-    strncpy(this->eth_hdr.devname, devname, sizeof(this->eth_hdr.devname)-1);
-    if ((this->eth_hdr.ethsd = eth_open_cached(devname)) == NULL)
-      fatal("%s: Failed to open ethernet device (%s)", __func__, devname);
-  } else {
-    this->eth_hdr.devname[0] = '\0';
-    this->eth_hdr.ethsd = NULL;
+    netutil_eth_t *ethsd = eth_open_cached(devname);
+    if (ethsd == NULL) {
+      error("%s: Failed to open ethernet device (%s)", __func__, devname);
+    }
+    else if (netutil_eth_can_send(ethsd)) {
+      this->link_eth = true;
+      Strncpy(this->eth_hdr.devname, devname, sizeof(this->eth_hdr.devname));
+      if (netutil_eth_datalink(ethsd) == DLT_EN10MB){
+        const u8 *src_mac = target->SrcMACAddress();
+        const u8 *dst_mac = target->NextHopMACAddress();
+        if (src_mac == NULL || dst_mac == NULL) {
+          this->link_eth = false;
+        }
+        else {
+          memcpy(this->eth_hdr.srcmac, src_mac, 6);
+          memcpy(this->eth_hdr.dstmac, dst_mac, 6);
+        }
+      }
+    }
+  }
+
+  if (!this->link_eth) {
+   memset(&(this->eth_hdr), 0, sizeof(struct eth_nfo));
+   return OP_FAILURE;
   }
   return OP_SUCCESS;
 }
@@ -2559,8 +2574,6 @@ FPProbe::FPProbe() {
 
 
 FPProbe::~FPProbe() {
-  if (this->probe_id != NULL)
-    free(this->probe_id);
 }
 
 
@@ -2570,8 +2583,6 @@ void FPProbe::reset() {
   this->times_replied = 0;
   this->failed = false;
   this->timed = false;
-  if (this->probe_id != NULL)
-    free(this->probe_id);
   this->probe_id = NULL;
 
   /* Also call FPPacket::__reset() to free any existing packet information */
@@ -2601,7 +2612,7 @@ bool FPProbe::isResponse(PacketElement *rcvd) {
  * of the supplied string, so you can safely change its contents without
  * affecting the object's state. */
 int FPProbe::setProbeID(const char *id) {
-  this->probe_id = strdup(id);
+  this->probe_id = string_pool_insert(id);
   return OP_SUCCESS;
 }
 

FPEngine.h

@@ -5,60 +5,59 @@
  * http://insecure.org/osdetect/                                           *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -168,7 +167,8 @@ class FPNetworkControl {
   void response_reception_handler(nsock_pool nsp, nsock_event nse, void *arg);
   bool request_slots(size_t num_packets);
   int cc_report_final_timeout();
-
+  // Do we need to send l2 (ethernet) frames?
+  bool l2_frames() { return (rawsd < 0); }
 };
 
 /*        +-----------+
@@ -250,7 +250,7 @@ class FPPacket {
   int setTime(const struct timeval *tv = NULL);
   struct timeval getTime() const;
   int setPacket(PacketElement *pkt);
-  int setEthernet(const u8 *src_mac, const u8 *dst_mac, const char *devname);
+  int setEthernet(const Target *target);
   const struct eth_nfo *getEthernet() const;
   const PacketElement *getPacket() const;
   size_t getLength() const;
@@ -265,7 +265,7 @@ class FPPacket {
 class FPProbe : public FPPacket {
 
  private:
-   char *probe_id;
+   const char *probe_id;
    int probe_no;
    int retransmissions;
    int times_replied;

FingerPrintResults.cc

@@ -4,60 +4,59 @@
  * fingerprint matching against a certain host.                            *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -79,9 +78,12 @@ FingerPrintResults::FingerPrintResults() {
   distance_calculation_method = DIST_METHOD_NONE;
   maxTimingRatio = 0;
   incomplete = false;
+  this->cp = NULL;
 }
 
 FingerPrintResults::~FingerPrintResults() {
+  if (this->cp != NULL)
+    delete this->cp;
 }
 
 FingerPrintResultsIPv4::FingerPrintResultsIPv4() {
@@ -94,6 +96,7 @@ FingerPrintResultsIPv4::~FingerPrintResultsIPv4() {
 
   /* Free OS fingerprints of OS scanning was done */
   for(i=0; i < numFPs; i++) {
+    FPs[i]->erase();
     delete(FPs[i]);
     FPs[i] = NULL;
   }
@@ -101,6 +104,22 @@ FingerPrintResultsIPv4::~FingerPrintResultsIPv4() {
   free(FPs);
 }
 
+// Max length string generated by printf("%X", u32)
+#define VLEN_MAX (8 + 1)
+const char *FingerPrintResults::cp_hex(u32 val) {
+  if (this->cp == NULL)
+    this->cp = new CharPool();
+  char v[VLEN_MAX] = {0};
+  int vlen = Snprintf(v, VLEN_MAX, "%X", val);
+  assert(vlen > 0 && vlen < VLEN_MAX);
+  return this->cp->dup(v, vlen);
+}
+const char *FingerPrintResults::cp_dup(const char *src, int len) {
+  if (this->cp == NULL)
+    this->cp = new CharPool();
+  return this->cp->dup(src, len);
+}
+
 FingerPrintResultsIPv6::FingerPrintResultsIPv6() {
   unsigned int i;
 

FingerPrintResults.h

@@ -4,60 +4,59 @@
  * fingerprint matching against a certain host.                            *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -69,6 +68,7 @@ class FingerPrintResults;
 
 #include "FPEngine.h"
 #include "osscan.h"
+#include "charpool.h"
 
 /* Maximum number of results allowed in one of these things ... */
 #define MAX_FP_RESULTS 36
@@ -122,6 +122,10 @@ class FingerPrintResults {
 
   bool incomplete; /* Were we unable to send all necessary probes? */
 
+  /* Store small strings in this object's CharPool. */
+  const char *cp_hex(u32 val);
+  const char *cp_dup(const char *src, int len=-1);
+
 /* If the fingerprint is of potentially poor quality, we don't want to
    print it and ask the user to submit it.  In that case, the reason
    for skipping the FP is returned as a static string.  If the FP is
@@ -137,6 +141,7 @@ class FingerPrintResults {
   void populateClassification();
   bool classAlreadyExistsInResults(struct OS_Classification *OSC);
   struct OS_Classification_Results OSR;
+  CharPool *cp; /* Holds small strings allocated for the life of this object */
 };
 
 class FingerPrintResultsIPv4 : public FingerPrintResults {

LICENSE

@@ -1,4 +1,4 @@
-Nmap Public Source License Version 0.94
+Nmap Public Source License Version 0.95
 For more information on this license, see https://nmap.org/npsl/
 
 0. Preamble
@@ -139,14 +139,29 @@ if it does any of the following:
   above
 
 * Executes a helper program, module, or script to do any of the above.
-  This list is not exclusive, but is meant to clarify Licensor's
-  intentions with some common examples. Distribution of any works
-  which meet these criteria must be under the terms of this license
-  (including this Main License Body and GPL), with no additional
-  conditions or restrictions. They must abide by all restrictions that
-  the GPL places on derivative or collective works, including the
-  requirements for distributing their source code and allowing
-  royalty-free redistribution.
+
+
+This list is not exclusive, but is meant to clarify Licensor's
+intentions with some common examples. Distribution of any works which
+meet these criteria (and that also choose to accept this license to
+benefit from the rights granted herein) must be under the terms of
+this license (including this Main License Body and GPL), with no
+additional conditions or restrictions. They must abide by all
+restrictions that the GPL places on derivative or collective works,
+including the requirements for distributing their source code and
+allowing royalty-free redistribution.
+
+Licensor does not purport to control through this license any software
+which does not require the rights granted herein (such as rights to
+redistribute and/or incorporate Covered Software executables and
+source code). In particular, many software packages include the
+ability to parse Covered Software results provided by an end user or
+to execute Covered Software that end user may have already installed
+on their system. To the extent that copyright doctrines such as fair
+use allow their practices without the need to exercise any rights
+granted by this license, vendors and distributors of such software are
+not bound by our definition of derivative works or any other clauses
+in this license.
 
 4. Contributor Agreement (Grant of Copyright and Patent Licenses)
 
@@ -244,7 +259,7 @@ Goods is expressly excluded.
 10. Npcap and the Official Nmap Windows Builds
 
 The official Windows Nmap builds includes the Npcap driver and library
-(https://npcap.org) for packet capture and transmission on
+(https://npcap.com) for packet capture and transmission on
 Windows. That software is under its own separate license terms rather
 than this license. Therefore anyone wishing to use or redistribute
 both pieces of software must comply with both licenses. Since Npcap

MACLookup.cc

@@ -5,60 +5,59 @@
  * database.                                                               *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -71,14 +70,15 @@
 #include "MACLookup.h"
 #include "NmapOps.h"
 #include "nmap_error.h"
-#include "charpool.h"
+#include "string_pool.h"
 
 extern NmapOps o;
 
-std::map<int, char *> MacTable;
+typedef std::map<u64, const char *> MacMap;
+MacMap MacTable;
 
-static inline int MacCharPrefix2Key(const u8 *prefix) {
-  return (prefix[0] << 16) + (prefix[1] << 8) + prefix[2];
+static inline u64 nibble(char hex) {
+  return (hex & 0xf) + ((hex & 0x40) ? 9 : 0);
 }
 
 static void mac_prefix_init() {
@@ -88,8 +88,8 @@ static void mac_prefix_init() {
   char filename[256];
   FILE *fp;
   char line[128];
-  int pfx;
-  char *endptr, *vendor;
+  u64 pfx;
+  const char *endptr, *vendor;
   int lineno = 0;
 
   /* Now it is time to read in all of the entries ... */
@@ -114,7 +114,38 @@ static void mac_prefix_init() {
       break;
     }
     /* First grab the prefix */
-    pfx = strtol(line, &endptr, 16);
+    endptr = line;
+    while(*endptr && isxdigit((int) (unsigned char) *endptr)) endptr++;
+    switch (endptr - line) {
+      case 6:
+        /* MA-L: 24 bits */
+        pfx = (nibble(line[0]) << 20) + (nibble(line[1]) << 16)
+            + (nibble(line[2]) << 12) + (nibble(line[3]) << 8)
+            + (nibble(line[4]) << 4)  +  nibble(line[5])
+            + ((u64)6 << 36);
+        break;
+      case 7:
+        /* MA-M: 28 bits */
+        pfx = (nibble(line[0]) << 24) + (nibble(line[1]) << 20)
+            + (nibble(line[2]) << 16) + (nibble(line[3]) << 12)
+            + (nibble(line[4]) << 8)  + (nibble(line[5]) << 4)
+            +  nibble(line[6])
+            + ((u64)7 << 36);
+        break;
+      case 9:
+        /* MA-S: 36 bits */
+        pfx = (nibble(line[0]) << 32) + (nibble(line[1]) << 28)
+            + (nibble(line[2]) << 24) + (nibble(line[3]) << 20)
+            + (nibble(line[4]) << 16) + (nibble(line[5]) << 12)
+            + (nibble(line[6]) << 8)  + (nibble(line[7]) << 4)
+            +  nibble(line[8])
+            + ((u64)9 << 36);
+        break;
+      default:
+        error("Parse error on line #%d of %s. Giving up parsing.", lineno, filename);
+        endptr = NULL; // force failure below
+        break;
+    }
     if (!endptr || !isspace((int) (unsigned char) *endptr)) {
       error("Parse error on line #%d of %s. Giving up parsing.", lineno, filename);
       break;
@@ -124,15 +155,11 @@ static void mac_prefix_init() {
     assert(*endptr);
     vendor = endptr;
     while(*endptr && *endptr != '\n' && *endptr != '\r') endptr++;
-    *endptr = '\0';
 
-    if (MacTable.find(pfx) == MacTable.end()) {
-      MacTable[pfx] = cp_strdup(vendor);
-    } else {
-      if (o.debugging > 1)
-        error("MAC prefix %06X is duplicated in %s; ignoring duplicates.", pfx, filename);
-    }
+    std::pair<MacMap::iterator, bool> status = MacTable.insert(std::pair<u64, const char *>(pfx, string_pool_substr(vendor, endptr)));
 
+    if (!status.second && o.debugging > 1)
+      error("MAC prefix %0*lX is duplicated in %s; ignoring duplicates.", (int)(pfx >> 36), pfx & 0xfffffffffL, filename);
   }
 
   fclose(fp);
@@ -140,8 +167,8 @@ static void mac_prefix_init() {
 }
 
 
-static const char *findMACEntry(int prefix) {
-  std::map<int, char *>::iterator i;
+static const char *findMACEntry(u64 prefix) {
+  MacMap::const_iterator i;
 
   i = MacTable.find(prefix);
   if (i == MacTable.end())
@@ -150,25 +177,43 @@ static const char *findMACEntry(int prefix) {
   return i->second;
 }
 
-/* Takes a three byte MAC address prefix (passing the whole MAC is OK
-   too) and returns the company which has registered the prefix.
+/* Takes 6-byte MAC address and returns the company which has registered the prefix.
    NULL is returned if no vendor is found for the given prefix or if there
    is some other error. */
 const char *MACPrefix2Corp(const u8 *prefix) {
+  u64 key = 0;
+  const char *corp = NULL;
+
   if (!prefix) fatal("%s called with a NULL prefix", __func__);
   mac_prefix_init();
 
-  return findMACEntry(MacCharPrefix2Key(prefix));
+  /* MA-S: 36 bits (9 nibbles)*/
+  key = ((u64)prefix[0] << 28) + ((u64)prefix[1] << 20) + ((u64)prefix[2] << 12) + ((u64)prefix[3] << 4) + (prefix[4] >> 4);
+  corp = findMACEntry(((u64)9 << 36) + key);
+  if (corp)
+    return corp;
+
+  /* MA-M: 28 bits (7 nibbles) */
+  key = key >> 8;
+  corp = findMACEntry(((u64)7 << 36) + key);
+  if (corp)
+    return corp;
+
+  /* MA-L: 24 bits (6 nibbles)*/
+  key = key >> 4;
+  corp = findMACEntry(((u64)6 << 36) + key);
+
+  return corp;
 }
 
 /* Takes a string and looks through the table for a vendor name which
-   contains that string.  Sets the first three bytes in mac_data and
-   returns true for the first matching entry found.  If no entries
-   match, leaves mac_data untouched and returns false.  Note that this
+   contains that string. Sets the initial bytes in mac_data and returns the
+   number of nibbles (half-bytes) set for the first matching entry found. If no
+   entries match, leaves mac_data untouched and returns false.  Note that this
    is not particularly efficient and so should be rewritten if it is
    called often */
-bool MACCorp2Prefix(const char *vendorstr, u8 *mac_data) {
-  std::map<int, char *>::iterator i;
+int MACCorp2Prefix(const char *vendorstr, u8 *mac_data) {
+  MacMap::const_iterator i;
 
   if (!vendorstr) fatal("%s: vendorstr is NULL", __func__);
   if (!mac_data) fatal("%s: mac_data is NULL", __func__);
@@ -176,11 +221,26 @@ bool MACCorp2Prefix(const char *vendorstr, u8 *mac_data) {
 
   for (i = MacTable.begin(); i != MacTable.end(); i++) {
     if (strcasestr(i->second, vendorstr)) {
-      mac_data[0] = i->first >> 16;
-      mac_data[1] = (i->first >> 8) & 0xFF;
-      mac_data[2] = i->first & 0xFF;
-      return true;
+      int len = i->first >> 36;
+      int j = 0;
+      u64 pfx = i->first;
+      switch (len) {
+        case 9:
+          mac_data[j++] = (pfx >> 28) & 0xff;
+        case 7:
+          mac_data[j++] = (pfx >> 20) & 0xff;
+          pfx = pfx << 4;
+        case 6:
+          mac_data[j++] = (pfx >> 16) & 0xff;
+          mac_data[j++] = (pfx >> 8) & 0xff;
+          mac_data[j++] = (pfx) & 0xff;
+          break;
+        default:
+          break;
+      }
+      assert(j == (len + 1) / 2);
+      return len;
     }
   }
-  return false;
+  return 0;
 }

MACLookup.h

@@ -5,60 +5,59 @@
  * database.                                                               *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -68,19 +67,18 @@
 
 #include <nbase.h>
 
-/* Takes a three byte MAC address prefix (passing the whole MAC is OK
-   too) and returns the company which has registered the prefix.
+/* Takes a MAC address and returns the company which has registered the prefix.
    NULL is returned if no vendor is found for the given prefix or if there
    is some other error. */
 const char *MACPrefix2Corp(const u8 *prefix);
 
 /* Takes a string and looks through the table for a vendor name which
-   contains that string.  Sets the first three bytes in mac_data and
-   returns true for the first matching entry found.  If no entries
-   match, leaves mac_data untouched and returns false.  Note that this
+   contains that string. Sets the initial bytes in mac_data and returns the
+   number of nibbles (half-bytes) set for the first matching entry found. If no
+   entries match, leaves mac_data untouched and returns false.  Note that this
    is not particularly efficient and so should be rewritten if it is
    called often */
-bool MACCorp2Prefix(const char *vendorstr, u8 *mac_data);
+int MACCorp2Prefix(const char *vendorstr, u8 *mac_data);
 
 #endif /* MACLOOKUP_H */
 

Makefile.in

@@ -88,9 +88,9 @@ UNINSTALLNDIFF=@UNINSTALLNDIFF@
 UNINSTALLNPING=@UNINSTALLNPING@
 
 ifneq (@NOLUA@,yes)
-NSE_SRC=nse_main.cc nse_utility.cc nse_nsock.cc nse_dnet.cc nse_fs.cc nse_nmaplib.cc nse_debug.cc nse_pcrelib.cc nse_lpeg.cc
-NSE_HDRS=nse_main.h nse_utility.h nse_nsock.h nse_dnet.h nse_fs.h nse_nmaplib.h nse_debug.h nse_pcrelib.h nse_lpeg.h
-NSE_OBJS=nse_main.o nse_utility.o nse_nsock.o nse_dnet.o nse_fs.o nse_nmaplib.o nse_debug.o nse_pcrelib.o nse_lpeg.o
+NSE_SRC=nse_main.cc nse_utility.cc nse_nsock.cc nse_db.cc nse_dnet.cc nse_fs.cc nse_nmaplib.cc nse_debug.cc nse_lpeg.cc
+NSE_HDRS=nse_main.h nse_utility.h nse_nsock.h nse_db.h nse_dnet.h nse_fs.h nse_nmaplib.h nse_debug.h nse_lpeg.h
+NSE_OBJS=nse_main.o nse_utility.o nse_nsock.o nse_db.o nse_dnet.o nse_fs.o nse_nmaplib.o nse_debug.o nse_lpeg.o
 ifneq (@OPENSSL_LIBS@,)
 NSE_SRC+=nse_openssl.cc nse_ssl_cert.cc
 NSE_HDRS+=nse_openssl.h nse_ssl_cert.h
@@ -251,19 +251,17 @@ clean-liblinear:
 	-cd $(LIBLINEARDIR) && $(MAKE) clean
 
 clean-zenmap:
-	-cd $(ZENMAPDIR) && $(PYTHON) setup.py clean --all
 	rm -f $(ZENMAPDIR)/zenmapCore/__init__.pyc
 	rm -f $(ZENMAPDIR)/zenmapCore/Version.pyc
 	rm -f $(ZENMAPDIR)/zenmapCore/Name.pyc
 
 clean-ndiff:
-	-cd $(NDIFFDIR) && $(PYTHON) setup.py clean --all
 
 clean-nping:
 	-cd $(NPINGDIR) && $(MAKE) clean
 
 clean-tests:
-	@rm -f tests/check_dns
+	@rm -f tests/nmap_dns_test tests/expr_match_test
 
 distclean-pcap:
 	-cd $(LIBPCAPDIR) && $(MAKE) distclean
@@ -329,7 +327,6 @@ install-nmap: $(TARGET)
 	$(INSTALL) -c -m 644 docs/nmap.xsl $(DESTDIR)$(nmapdatadir)/
 	$(INSTALL) -c -m 644 docs/nmap.dtd $(DESTDIR)$(nmapdatadir)/
 	$(INSTALL) -c -m 644 nmap-services $(DESTDIR)$(nmapdatadir)/
-	$(INSTALL) -c -m 644 nmap-payloads $(DESTDIR)$(nmapdatadir)/
 	$(INSTALL) -c -m 644 nmap-rpc $(DESTDIR)$(nmapdatadir)/
 	$(INSTALL) -c -m 644 nmap-os-db $(DESTDIR)$(nmapdatadir)/
 	$(INSTALL) -c -m 644 nmap-service-probes $(DESTDIR)$(nmapdatadir)/
@@ -341,8 +338,7 @@ $(NCATDIR)/ncat.h: nmap.h
 	sed -e 's/^#[ \t]*define[ \t]\+NCAT_VERSION[ \t]\+\(".*"\)/#define NCAT_VERSION "$(NMAP_VERSION)"/' $@ > $@.tmp
 	mv -f $@.tmp $@
 
-# Update the Nping version number. This is "0.NMAP_VERSION".
-# If the 0. prefix is removed it must also be removed from nmap.spec.in.
+# Update the Nping version number.
 $(NPINGDIR)/nping.h: nmap.h
 	sed -e 's/^#[ \t]*define[ \t]\+NPING_VERSION[ \t]\+\(".*"\)/#define NPING_VERSION "0.$(NMAP_VERSION)"/' $@ > $@.tmp
 	mv -f $@.tmp $@
@@ -351,27 +347,17 @@ $(NPINGDIR)/nping.h: nmap.h
 $(ZENMAPDIR)/zenmapCore/Version.py $(ZENMAPDIR)/share/zenmap/config/zenmap_version: nmap.h
 	cd $(ZENMAPDIR) && $(PYTHON) install_scripts/utils/version_update.py "$(NMAP_VERSION)"
 
-tests/check_dns: $(OBJS)
-	 $(CXX) -o $@ $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) $^ $(LIBS) tests/nmap_dns_test.cc
+tests/%: tests/%.cc $(OBJS)
+	$(CXX) -o $@ $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) $(OBJS) $(LIBS) $<
 
-# By default distutils rewrites installed scripts to hardcode the
-# location of the Python interpreter they were built with (something
-# like #!/usr/bin/python2.4). This is the wrong thing to do when
-# installing on a machine other than the one used to do the build. Use
-# this as the location of the interpreter whenever we're not doing a
-# local installation.
-DEFAULT_PYTHON_PATH = /usr/bin/env python
+build-zenmap: $(ZENMAPDIR)/pyproject.toml $(ZENMAPDIR)/zenmapCore/Version.py
+	$(PYTHON) -m build $(ZENMAPDIR)/
 
-build-zenmap: $(ZENMAPDIR)/setup.py $(ZENMAPDIR)/zenmapCore/Version.py
-# When DESTDIR is defined, assume we're building an executable
-# distribution rather than a local installation and force a generic
-# Python interpreter location.
-	cd $(ZENMAPDIR) && $(PYTHON) setup.py build $(if $(DESTDIR),--executable "$(DEFAULT_PYTHON_PATH)")
-
-install-zenmap: $(ZENMAPDIR)/setup.py
-	$(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
-	cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --force $(if $(DESTDIR),--root "$(DESTDIR)")
+install-zenmap: $(ZENMAPDIR)/pyproject.toml
+	$(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(deskdir)
+	$(PYTHON) -m pip install $(ZENMAPDIR)/ $(if $(DESTDIR),--root "$(DESTDIR)")
 	$(INSTALL) -c -m 644 docs/zenmap.1 $(DESTDIR)$(mandir)/man1/
+	$(INSTALL) -c -m 644 $(ZENMAPDIR)/install_scripts/unix/*.desktop $(DESTDIR)$(deskdir)
 # Create a symlink from nmapfe to zenmap if nmapfe doesn't exist or is
 # already a link.
 	if [ ! -f $(DESTDIR)$(bindir)/nmapfe -o -L $(DESTDIR)$(bindir)/nmapfe ]; then \
@@ -381,13 +367,15 @@ install-zenmap: $(ZENMAPDIR)/setup.py
 	ln -sf zenmap $(DESTDIR)$(bindir)/xnmap
 
 build-ndiff:
-	cd $(NDIFFDIR) && $(PYTHON) setup.py build $(if $(DESTDIR),--executable "$(DEFAULT_PYTHON_PATH)")
+	$(PYTHON) -m build $(NDIFFDIR)/
 
 build-nping: $(NPINGDIR)/Makefile build-nbase build-nsock build-netutil $(NPINGDIR)/nping.h @DNET_BUILD@ @PCAP_BUILD@
 	@cd $(NPINGDIR) && $(MAKE)
 
 install-ndiff:
-	cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" $(if $(DESTDIR),--root "$(DESTDIR)")
+	$(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
+	$(PYTHON) -m pip install $(NDIFFDIR)/ $(if $(DESTDIR),--root "$(DESTDIR)")
+	$(INSTALL) -c -m 644 $(NDIFFDIR)/docs/ndiff.1 $(DESTDIR)$(mandir)/man1/
 
 NSE_FILES = scripts/script.db scripts/*.nse
 NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc
@@ -427,7 +415,7 @@ uninstall-nmap:
 	rm -rf $(DESTDIR)$(nmapdatadir)
 
 uninstall-zenmap:
-	cd $(ZENMAPDIR) && $(PYTHON) setup.py uninstall
+	$(PYTHON) -m pip uninstall $(ZENMAPDIR)
 	rm -f $(DESTDIR)$(mandir)/man1/zenmap.1
 # Uninstall nmapfe only if it's a symlink.
 	if [ -L $(DESTDIR)$(bindir)/nmapfe ]; then \
@@ -436,7 +424,8 @@ uninstall-zenmap:
 	rm -f $(DESTDIR)$(bindir)/xnmap
 
 uninstall-ndiff:
-	cd $(NDIFFDIR) && $(PYTHON) setup.py uninstall
+	$(PYTHON) -m pip uninstall $(NDIFFDIR)
+	rm -f $(DESTDIR)$(mandir)/man1/ndiff.1
 
 uninstall-ncat:
 	@cd $(NCATDIR) && $(MAKE) uninstall
@@ -459,10 +448,10 @@ check-nsock:
 check-zenmap:
 	@cd $(ZENMAPDIR)/test && $(PYTHON) run_tests.py
 
-check-dns: tests/check_dns
-	$<
+check-nmap: tests/nmap_dns_test tests/expr_match_test
+	for test in $^; do ./$$test; done
 
-check: @NCAT_CHECK@ @NSOCK_CHECK@ @ZENMAP_CHECK@ @NSE_CHECK@ @NDIFF_CHECK@ check-dns
+check: @NCAT_CHECK@ @NSOCK_CHECK@ @ZENMAP_CHECK@ @NSE_CHECK@ @NDIFF_CHECK@ check-nmap
 
 ${srcdir}/configure: configure.ac
 	cd ${srcdir} && autoconf

NewTargets.cc

@@ -2,60 +2,59 @@
  * NewTargets.h -- The "NewTargets" class allows NSE scripts to add new    *
  * targets to the scan queue.                                              *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -66,30 +65,12 @@
 #include "nmap_error.h"
 
 extern NmapOps o;  /* option structure */
-NewTargets *NewTargets::new_targets;
-
-/* debug level for the adding target is: 3 */
-NewTargets *NewTargets::get (void) {
-  if (new_targets)
-    return new_targets;
-  new_targets = new NewTargets();
-  return new_targets;
-}
+NewTargets *NewTargets::new_targets = NULL;
 
 void NewTargets::free_new_targets (void) {
   delete new_targets;
 }
 
-NewTargets::NewTargets (void) {
-  Initialize();
-}
-
-void NewTargets::Initialize (void) {
-  history.clear();
-  while (!queue.empty())
-    queue.pop();
-}
-
 /* This private method is used to push new targets to the
  * queue. It returns the number of targets in the queue. */
 unsigned long NewTargets::push (const char *target) {
@@ -109,7 +90,7 @@ unsigned long NewTargets::push (const char *target) {
         log_write(LOG_PLAIN, "New Targets: target %s pushed onto the queue.\n", tg.c_str());
     } else {
       if (o.debugging > 2)
-        log_write(LOG_PLAIN, "New Targets: target %s is already in the queue.\n", tg.c_str());
+        log_write(LOG_PLAIN, "New Targets: target %s was already added.\n", tg.c_str());
       /* Return 1 when the target is already in the history cache,
        * this will prevent returning 0 when the target queue is
        * empty since no target was added. */
@@ -125,6 +106,8 @@ unsigned long NewTargets::push (const char *target) {
 std::string NewTargets::read (void) {
   std::string str;
 
+  new_targets = new_targets ? new_targets : new NewTargets();
+
   /* check to see it there are targets in the queue */
   if (!new_targets->queue.empty()) {
     str = new_targets->queue.front();
@@ -134,19 +117,13 @@ std::string NewTargets::read (void) {
   return str;
 }
 
-void NewTargets::clear (void) {
-  new_targets->history.clear();
-}
-
 unsigned long NewTargets::get_number (void) {
+  new_targets = new_targets ? new_targets : new NewTargets();
   return new_targets->history.size();
 }
 
-unsigned long NewTargets::get_scanned (void) {
-  return new_targets->history.size() - new_targets->queue.size();
-}
-
 unsigned long NewTargets::get_queued (void) {
+  new_targets = new_targets ? new_targets : new NewTargets();
   return new_targets->queue.size();
 }
 
@@ -155,11 +132,8 @@ unsigned long NewTargets::get_queued (void) {
  * Returns the number of targets in the queue on success, or 0 on
  * failures or when the queue is empty. */
 unsigned long NewTargets::insert (const char *target) {
+  new_targets = new_targets ? new_targets : new NewTargets();
   if (*target) {
-    if (new_targets == NULL) {
-      error("ERROR: to add targets run with -sC or --script options.");
-      return 0;
-    }
     if (o.current_scantype == SCRIPT_POST_SCAN) {
       error("ERROR: adding targets is disabled in the Post-scanning phase.");
       return 0;

NewTargets.h

@@ -2,60 +2,59 @@
  * NewTargets.h -- The "NewTargets" class allows NSE scripts to add new    *
  * targets to the scan queue.                                              *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -71,32 +70,24 @@
 /* Adding new targets is for NSE scripts */
 class NewTargets {
 public:
-  NewTargets();
 
   /* return a previous inserted target */
   static std::string read (void);
 
-  /* clear the scanned_targets_cache */
-  static void clear (void);
-
   /* get the number of all new added targets */
   static unsigned long get_number (void);
 
-  /* get the number that have been scanned */
-  static unsigned long get_scanned (void);
-
   /* get the number of queued targets left to scan */
   static unsigned long get_queued (void);
 
-  /* get the new_targets object */
-  static NewTargets *get (void);
   /* Free the new_targets object. */
   static void free_new_targets (void);
 
   /* insert targets to the new_targets_queue */
   static unsigned long insert (const char *target);
+
 private:
-  /* unsigned long mex_new_targets; */
+  NewTargets() {};
 
   /* A queue to push new targets that were discovered by NSE scripts.
    * Nmap will pop future targets from this queue. */
@@ -106,11 +97,9 @@ private:
    * (These are targets that were pushed to Nmap scan queue) */
   std::set<std::string> history;
 
-  void Initialize();
-
   /* Save new targets onto the queue */
   unsigned long push (const char *target);
-protected:
+
   static NewTargets *new_targets;
 };
 

NmapOps.cc

@@ -4,60 +4,59 @@
  * on user-provided command-line settings.                                 *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -69,6 +68,7 @@
 #include "NmapOps.h"
 #include "osscan.h"
 #include "nmap_error.h"
+#include "libnetutil/netutil.h"
 
 NmapOps o;
 
@@ -125,6 +125,10 @@ NmapOps::~NmapOps() {
     free(datadir);
     datadir = NULL;
   }
+  if (locale) {
+    free(locale);
+    locale = NULL;
+  }
 
 #ifndef NOLUA
   if (scriptversion || script)
@@ -305,6 +309,7 @@ void NmapOps::Initialize() {
   numhosts_up = 0;
   numhosts_scanning = 0;
   noninteractive = false;
+  locale = NULL;
   current_scantype = STYPE_UNKNOWN;
   ipoptions = NULL;
   ipoptionslen = 0;
@@ -366,10 +371,14 @@ void NmapOps::ValidateOptions() {
 #ifdef WIN32
         if (!have_pcap)
           privreq = "Npcap, but it seems to be missing.\n\
-Npcap is available from https://npcap.org. The Npcap driver service must\n\
+Npcap is available from https://npcap.com. The Npcap driver service must\n\
 be started by an administrator before Npcap can be used. Running nmap.exe\n\
 will open a UAC dialog where you can start the service if you have\n\
 administrator privileges.";
+
+#define YOU_ARE_ROOT "Npcap is installed"
+#else
+#define YOU_ARE_ROOT "you are root"
 #endif
 
 
@@ -399,15 +408,15 @@ administrator privileges.";
   }
 
  if ((pingtype & PINGTYPE_UDP) && (!isr00t)) {
-   fatal("Sorry, UDP Ping (-PU) only works if you are root (because we need to read raw responses off the wire)");
+   fatal("Sorry, UDP Ping (-PU) only works if " YOU_ARE_ROOT " (because we need to read raw responses off the wire)");
  }
 
  if ((pingtype & PINGTYPE_SCTP_INIT) && (!isr00t)) {
-   fatal("Sorry, SCTP INIT Ping (-PY) only works if you are root (because we need to read raw responses off the wire)");
+   fatal("Sorry, SCTP INIT Ping (-PY) only works if " YOU_ARE_ROOT " (because we need to read raw responses off the wire)");
   }
 
  if ((pingtype & PINGTYPE_PROTO) && (!isr00t)) {
-   fatal("Sorry, IPProto Ping (-PO) only works if you are root (because we need to read raw responses off the wire)");
+   fatal("Sorry, IPProto Ping (-PO) only works if " YOU_ARE_ROOT " (because we need to read raw responses off the wire)");
  }
 
  if (ipprotscan && (TCPScan() || UDPScan() || SCTPScan())) {

NmapOps.h

@@ -4,60 +4,59 @@
  * user-provided command-line settings.                                    *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -124,24 +123,6 @@ class NmapOps {
   u8 debugging;
   bool resuming;
 
-#define PACKET_SEND_NOPREF 1
-#define PACKET_SEND_ETH_WEAK 2
-#define PACKET_SEND_ETH_STRONG 4
-#define PACKET_SEND_ETH 6
-#define PACKET_SEND_IP_WEAK 8
-#define PACKET_SEND_IP_STRONG 16
-#define PACKET_SEND_IP 24
-
-  /* How should we send raw IP packets?  Nmap can generally use either
-     ethernet or raw ip sockets.  Which is better depends on platform
-     and goals.  A _STRONG preference means that Nmap should use the
-     preferred method whenever it is possible (obviously it isn't
-     always possible -- sending ethernet frames won't work over a PPP
-     connection).  This is useful when the other type doesn't work at
-     all.  A _WEAK preference means that Nmap may use the other type
-     where it is substantially more efficient to do so. For example,
-     Nmap will still do an ARP ping scan of a local network even when
-     the pref is SEND_IP_WEAK */
   int sendpref;
   bool packetTrace() { return (debugging >= 3)? true : pTrace;  }
   bool versionTrace() { return packetTrace()? true : vTrace;  }
@@ -227,8 +208,8 @@ class NmapOps {
   /* Gets the spoofed MAC address, but returns NULL if it hasn't been set */
   const u8 *spoofMACAddress() { return spoof_mac_set? spoof_mac : NULL; }
 
-  unsigned int max_ips_to_scan; // Used for Random input (-iR) to specify how
-                       // many IPs to try before stopping. 0 means unlimited.
+  unsigned long max_ips_to_scan; // Used for Random input (-iR) to specify how
+                       // many IPs to try before stopping. 0 means unlimited if generate_random_ips is true
   int extra_payload_length; /* These two are for --data-length op */
   char *extra_payload;
   unsigned long host_timeout;
@@ -356,6 +337,7 @@ class NmapOps {
   int numhosts_scanning;
   stype current_scantype;
   bool noninteractive;
+  char *locale;
 
   bool release_memory;	/* suggest to release memory before quitting. used to find memory leaks. */
  private:

NmapOutputTable.cc

@@ -4,60 +4,59 @@
  * output into an orderly table for display to the user.                   *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */

NmapOutputTable.h

@@ -4,60 +4,59 @@
  * output into an orderly table for display to the user.                   *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */

Target.cc

@@ -5,60 +5,59 @@
  * this class as they are determined.                                      *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -145,6 +144,11 @@ void Target::FreeInternal() {
   }
 
   if (FPR) delete FPR;
+  for (std::vector<EarlySvcResponse *>::iterator it=earlySvcResponses.begin();
+      it != earlySvcResponses.end(); it++) {
+    free(*it);
+  }
+  earlySvcResponses.clear();
 }
 
 /*  Creates a "presentation" formatted string out of the IPv4/IPv6 address.

Target.h

@@ -5,60 +5,59 @@
  * this class as they are determined.                                      *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -83,6 +82,7 @@ class FingerPrintResults;
 
 #include <list>
 #include <string>
+#include <vector>
 #include <time.h> /* time_t */
 
 #ifndef INET6_ADDRSTRLEN
@@ -116,6 +116,12 @@ struct TracerouteHop {
   }
 };
 
+struct EarlySvcResponse {
+  probespec pspec;
+  int len;
+  u8 data[1];
+};
+
 class Target {
  public: /* For now ... TODO: a lot of the data members should be made private */
   Target();
@@ -248,6 +254,7 @@ class Target {
   enum dist_calc_method distance_calculation_method;
   FingerPrintResults *FPR; /* FP results get by the OS scan system. */
   PortList ports;
+  std::vector<EarlySvcResponse *> earlySvcResponses;
 
   int weird_responses; /* echo responses from other addresses, Ie a network broadcast address */
   int flags; /* HOST_UNKNOWN, HOST_UP, or HOST_DOWN. */

TargetGroup.cc

@@ -6,73 +6,77 @@
  * expressions that go into TargetGroup classes.                           *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
 
 #include "tcpip.h"
 #include "TargetGroup.h"
+#include "targets.h"
 #include "NmapOps.h"
 #include "nmap_error.h"
+#include "nmap_dns.h"
 #include "nmap.h"
 #include "libnetutil/netutil.h"
 
 #include <string>
 #include <sstream>
+#include <vector>
+#include <algorithm>
+#include <typeinfo>
 #include <errno.h>
 #include <limits.h> // CHAR_BIT
 
@@ -103,7 +107,7 @@ public:
   /* Parses an expression such as 192.168.0.0/16, 10.1.0-5.1-254, or
      fe80::202:e3ff:fe14:1102/112 and returns a newly allocated NetBlock. The af
      parameter is AF_INET or AF_INET6. Returns NULL in case of error. */
-  static NetBlock *parse_expr(const char *target_expr, int af);
+  static NetBlock *parse_expr(const char *target_expr, int af, std::vector<DNS::Request> &requests);
 
   bool is_resolved_address(const struct sockaddr_storage *ss) const;
 
@@ -111,12 +115,34 @@ public:
    * NetBlock subclass, override this method. Otherwise, it's safe to reassign
    * the return value to the pointer that this method was called through.
    * On error, return NULL. */
-  virtual NetBlock *resolve() { return this; }
+  virtual NetBlock *resolve(const DNS::Request &req) { return this; }
+  virtual void reject_last_host() {}
   virtual bool next(struct sockaddr_storage *ss, size_t *sslen) = 0;
   virtual void apply_netmask(int bits) = 0;
   virtual std::string str() const = 0;
 };
 
+class NetBlockRandomIPv4 : public NetBlock {
+public:
+  NetBlockRandomIPv4();
+
+  void reject_last_host() { if (!infinite) count++; }
+  void set_num_random(unsigned long num) {
+    if (num == 0)
+      infinite = true;
+    else
+      count = num;
+  }
+  bool next(struct sockaddr_storage *ss, size_t *sslen);
+  void apply_netmask(int bits) {}
+  std::string str() const {return "Random IPv4 addresses";}
+
+private:
+  struct sockaddr_in base;
+  unsigned long count;
+  bool infinite;
+};
+
 class NetBlockIPv4Ranges : public NetBlock {
 public:
   octet_bitvector octets[4];
@@ -154,7 +180,7 @@ public:
   int af;
   int bits;
 
-  NetBlock *resolve();
+  NetBlock *resolve(const DNS::Request &req);
 
   bool next(struct sockaddr_storage *ss, size_t *sslen);
   void apply_netmask(int bits);
@@ -255,7 +281,7 @@ static int parse_ipv4_ranges(octet_bitvector octets[4], const char *spec) {
   return 0;
 }
 
-static NetBlock *parse_expr_without_netmask(const char *hostexp, int af) {
+static NetBlock *parse_expr_without_netmask(const char *hostexp, int af, std::vector<DNS::Request> &requests) {
   struct sockaddr_storage ss;
   size_t sslen;
 
@@ -282,13 +308,19 @@ static NetBlock *parse_expr_without_netmask(const char *hostexp, int af) {
     return netblock_ipv6;
   }
 
-  return new NetBlockHostname(hostexp, af);
+  NetBlockHostname *nb = new NetBlockHostname(hostexp, af);
+  DNS::Request req;
+  req.name = hostexp;
+  req.userdata = nb;
+  req.type = DNS::ANY;
+  requests.push_back(req);
+  return nb;
 }
 
 /* Parses an expression such as 192.168.0.0/16, 10.1.0-5.1-254, or
    fe80::202:e3ff:fe14:1102/112 and returns a newly allocated NetBlock. The af
    parameter is AF_INET or AF_INET6. Returns NULL in case of error. */
-NetBlock *NetBlock::parse_expr(const char *target_expr, int af) {
+NetBlock *NetBlock::parse_expr(const char *target_expr, int af, std::vector<DNS::Request> &requests) {
   NetBlock *netblock;
   char *hostexp;
   int bits;
@@ -304,7 +336,7 @@ NetBlock *NetBlock::parse_expr(const char *target_expr, int af) {
     bits = -1;
   }
 
-  netblock = parse_expr_without_netmask(hostexp, af);
+  netblock = parse_expr_without_netmask(hostexp, af, requests);
   if (netblock == NULL)
     goto bail;
   netblock->apply_netmask(bits);
@@ -326,6 +358,28 @@ bool NetBlock::is_resolved_address(const struct sockaddr_storage *ss) const {
   return false;
 }
 
+NetBlockRandomIPv4::NetBlockRandomIPv4() : count(0), infinite(false) {
+  memset(&base, 0, sizeof(base));
+  base.sin_family = AF_INET;
+}
+
+bool NetBlockRandomIPv4::next(struct sockaddr_storage *ss, size_t *sslen) {
+  if (!infinite) {
+    if (count > 0) {
+      count--;
+    }
+    else {
+      return false;
+    }
+  }
+  do {
+    base.sin_addr.s_addr = get_random_unique_u32();
+  } while (ip_is_reserved((const struct sockaddr_storage *)&base));
+  memcpy(ss, &base, sizeof(base));
+  *sslen = sizeof(base);
+  return true;
+}
+
 NetBlockIPv4Ranges::NetBlockIPv4Ranges() {
   unsigned int i;
 
@@ -660,48 +714,42 @@ std::string NetBlockIPv6Netmask::str() const {
   return result.str();
 }
 
-NetBlock *NetBlockHostname::resolve() {
-  struct addrinfo *addrs, *addr;
+NetBlock *NetBlockHostname::resolve(const DNS::Request &req) {
   std::list<struct sockaddr_storage> resolvedaddrs;
   std::list<struct sockaddr_storage> unscanned_addrs;
   NetBlock *netblock;
-  struct sockaddr_storage ss;
-  size_t sslen;
 
-  addrs = resolve_all(this->hostname.c_str(), AF_UNSPEC);
-  for (addr = addrs; addr != NULL; addr = addr->ai_next) {
-    if (addr->ai_addrlen < sizeof(ss)) {
-      memcpy(&ss, addr->ai_addr, addr->ai_addrlen);
-      if ((o.resolve_all || resolvedaddrs.empty()) && addr->ai_family == this->af) {
-        resolvedaddrs.push_back(ss);
-      }
-      else {
-        unscanned_addrs.push_back(ss);
-      }
+  for (size_t i = 0; i < req.ssv.size(); i++) {
+    const struct sockaddr_storage &ss = req.ssv[i];
+    if (ss.ss_family == af && (o.resolve_all || resolvedaddrs.empty())) {
+      resolvedaddrs.push_back(ss);
+    }
+    else {
+      unscanned_addrs.push_back(ss);
     }
   }
-  if (addrs != NULL)
-    freeaddrinfo(addrs);
 
   if (resolvedaddrs.empty()) {
-    if (unscanned_addrs.empty())
-      return NULL;
-
-    switch (this->af) {
-      case AF_INET:
-        error("Warning: Hostname %s resolves, but not to any IPv4 address. Try scanning with -6", this->hostname.c_str());
-        break;
-      case AF_INET6:
-        error("Warning: Hostname %s resolves, but not to any IPv6 address. Try scanning without -6", this->hostname.c_str());
-        break;
-      default:
-        error("Warning: Unknown address family: %d", this->af);
-        break;
+    if (!unscanned_addrs.empty()) {
+      switch (this->af) {
+        case AF_INET:
+          error("Warning: Hostname %s resolves, but not to any IPv4 address. Try scanning with -6", this->hostname.c_str());
+          break;
+        case AF_INET6:
+          error("Warning: Hostname %s resolves, but not to any IPv6 address. Try scanning without -6", this->hostname.c_str());
+          break;
+        default:
+          error("Warning: Unknown address family: %d", this->af);
+          break;
+      }
     }
+    error("Failed to resolve \"%s\".", this->hostname.c_str());
+    if (this->hostname == "-")
+      error("Bare '-': did you put a space between '--'?");
     return NULL;
   }
-  ss = resolvedaddrs.front();
-  sslen = sizeof(ss);
+  struct sockaddr_storage &ss = resolvedaddrs.front();
+  size_t sslen = sizeof(ss);
 
   if (!unscanned_addrs.empty() && o.verbose > 1) {
     error("Warning: Hostname %s resolves to %lu IPs. Using %s.", this->hostname.c_str(),
@@ -727,8 +775,8 @@ NetBlock *NetBlockHostname::resolve() {
     return NULL;
 
   netblock->hostname = this->hostname;
-  netblock->resolvedaddrs = resolvedaddrs;
-  netblock->unscanned_addrs = unscanned_addrs;
+  netblock->resolvedaddrs.swap(resolvedaddrs);
+  netblock->unscanned_addrs.swap(unscanned_addrs);
   netblock->current_addr = netblock->resolvedaddrs.begin();
   netblock->apply_netmask(this->bits);
 
@@ -761,21 +809,72 @@ std::string NetBlockHostname::str() const {
 }
 
 TargetGroup::~TargetGroup() {
-  if (this->netblock != NULL)
-    delete this->netblock;
+  for (std::list<NetBlock *>::iterator it = netblocks.begin();
+      it != netblocks.end(); it++) {
+    delete *it;
+  }
+}
+
+void TargetGroup::reject_last_host() {
+  assert(!netblocks.empty());
+  NetBlock *nb = netblocks.front();
+  nb->reject_last_host();
 }
 
 /* Initializes (or reinitializes) the object with a new expression, such
    as 192.168.0.0/16 , 10.1.0-5.1-254 , or fe80::202:e3ff:fe14:1102 .
-   Returns 0 for success */
-int TargetGroup::parse_expr(const char *target_expr, int af) {
-  if (this->netblock != NULL)
-    delete this->netblock;
-  this->netblock = NetBlock::parse_expr(target_expr, af);
-  if (this->netblock != NULL)
-    return 0;
-  else
-    return 1;
+    */
+bool TargetGroup::load_expressions(HostGroupState *hs, int af) {
+  assert(netblocks.empty());
+  // This is a wild guess, but we need some sort of limit.
+  static const size_t EXPR_PARSE_BATCH_SZ = o.ping_group_sz;
+  const char *target_expr = NULL;
+  std::vector<DNS::Request> requests;
+  requests.reserve(EXPR_PARSE_BATCH_SZ/4);
+  while (netblocks.size() < EXPR_PARSE_BATCH_SZ
+      && NULL != (target_expr = hs->next_expression())) {
+    NetBlock *nb = NetBlock::parse_expr(target_expr, af, requests);
+    if (nb == NULL) {
+      log_bogus_target(target_expr);
+    }
+    else {
+      netblocks.push_back(nb);
+    }
+  }
+  if (netblocks.empty()) {
+    return false;
+  }
+  if (requests.size() > 0) {
+    nmap_mass_dns(requests.data(), requests.size());
+  }
+  std::list<NetBlock *>::iterator nb_it = netblocks.begin();
+  for (std::vector<DNS::Request>::const_iterator rit = requests.begin();
+      rit != requests.end(); rit++) {
+    const DNS::Request &req = *rit;
+    NetBlock *nb_old = (NetBlock *) req.userdata;
+    NetBlock *nb_new = nb_old->resolve(req);
+    nb_it = std::find(nb_it, netblocks.end(), nb_old);
+
+    if (nb_new == NULL) {
+      // Resolution failed; remove the NetBlock
+      nb_it = netblocks.erase(nb_it);
+      delete nb_old;
+    }
+    else {
+      assert (nb_new != nb_old);
+      // Resolution succeeded; replace the NetBlock
+      *nb_it = nb_new;
+      delete nb_old;
+    }
+  }
+  requests.clear();
+  return !netblocks.empty();
+}
+
+void TargetGroup::generate_random_ips(unsigned long num_random) {
+  NetBlockRandomIPv4 *nbrand = new NetBlockRandomIPv4();
+  nbrand->set_num_random(num_random);
+  netblocks.push_front(nbrand);
 }
 
 /* Grab the next host from this expression (if any) and updates its internal
@@ -783,53 +882,45 @@ int TargetGroup::parse_expr(const char *target_expr, int af) {
    fills in ss if successful.  ss must point to a pre-allocated
    sockaddr_storage structure */
 int TargetGroup::get_next_host(struct sockaddr_storage *ss, size_t *sslen) {
-  if (this->netblock == NULL)
-    return -1;
+  while (!netblocks.empty()) {
 
-  /* If all we have at this point is a hostname and netmask, resolve into
-     something where we know the address. If we ever have to use strictly the
-     hostname, without doing local DNS resolution (like with a proxy scan), this
-     has to be made conditional (and perhaps an error if the netmask doesn't
-     limit it to exactly one address). */
-  NetBlock *netblock_resolved = this->netblock->resolve();
-  if (netblock_resolved != NULL) {
-    /* resolve may return the original netblock if it's not a type that needs
-     * to be resolved. Don't delete it! */
-    if (netblock_resolved != this->netblock) {
-      delete this->netblock;
-      this->netblock = netblock_resolved;
+    NetBlock *nb = netblocks.front();
+    if (nb->next(ss, sslen)) {
+      return 0;
     }
+    // Ran out of hosts in that block. Remove it.
+    netblocks.pop_front();
+    delete nb;
   }
-  else {
-    error("Failed to resolve \"%s\".", this->netblock->hostname.c_str());
-    return -1;
-  }
-
-  if (this->netblock->next(ss, sslen))
-    return 0;
-  else
-    return -1;
+  // Ran out of netblocks
+  return -1;
 }
 
 /* Returns true iff the given address is the one that was resolved to create
    this target group; i.e., not one of the addresses derived from it with a
    netmask. */
 bool TargetGroup::is_resolved_address(const struct sockaddr_storage *ss) const {
-  return this->netblock->is_resolved_address(ss);
+  assert(!netblocks.empty());
+  NetBlock *nb = netblocks.front();
+  return nb->is_resolved_address(ss);
 }
 
 /* Return a string of the name or address that was resolved for this group. */
 const char *TargetGroup::get_resolved_name(void) const {
-  if (this->netblock->hostname.empty())
+  assert(!netblocks.empty());
+  NetBlock *nb = netblocks.front();
+  if (nb->hostname.empty())
     return NULL;
   else
-    return this->netblock->hostname.c_str();
+    return nb->hostname.c_str();
 }
 
 /* Return the list of addresses that the name for this group resolved to, but
    which were not scanned, if it came from a name resolution. */
 const std::list<struct sockaddr_storage> &TargetGroup::get_unscanned_addrs(void) const {
-  return this->netblock->unscanned_addrs;
+  assert(!netblocks.empty());
+  NetBlock *nb = netblocks.front();
+  return nb->unscanned_addrs;
 }
 
 /* is the current expression a named host */

TargetGroup.h

@@ -6,60 +6,59 @@
  * go into TargetGroup classes.                                            *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -71,22 +70,19 @@
 #include <cstddef>
 
 class NetBlock;
+class HostGroupState;
 
 class TargetGroup {
 public:
-  NetBlock *netblock;
-
-  TargetGroup() {
-    this->netblock = NULL;
-  }
+  TargetGroup() : netblocks() {}
 
   ~TargetGroup();
 
   /* Initializes (or reinitializes) the object with a new expression,
      such as 192.168.0.0/16 , 10.1.0-5.1-254 , or
      fe80::202:e3ff:fe14:1102 .  The af parameter is AF_INET or
-     AF_INET6 Returns 0 for success */
-  int parse_expr(const char *target_expr, int af);
+     AF_INET6. */
+  bool load_expressions(HostGroupState *hs, int af);
   /* Grab the next host from this expression (if any).  Returns 0 and
      fills in ss if successful.  ss must point to a pre-allocated
      sockaddr_storage structure */
@@ -102,6 +98,11 @@ public:
   const std::list<struct sockaddr_storage> &get_unscanned_addrs(void) const;
   /* is the current expression a named host */
   int get_namedhost() const;
+  void generate_random_ips(unsigned long num_random);
+  void reject_last_host();
+
+  private:
+  std::list<NetBlock *>netblocks;
 };
 
 #endif /* TARGETGROUP_H */

acinclude.m4

@@ -125,3 +125,14 @@ AC_DEFUN([LARGE_FILES_IF_NOT_BROKEN],
   AC_LANG_POP(C++)
 ]
 )
+
+AC_DEFUN([CHECK_PYTHON_MODULE],
+[
+  AC_MSG_CHECKING([for python module $1])
+  if $PYTHON -c 'import $1' 2>/dev/null ; then
+    py_have_$1=yes
+  else
+    py_have_$1=no
+  fi
+  AC_MSG_RESULT([$py_have_$1])
+])

charpool.cc

@@ -4,65 +4,66 @@
  * system.                                                                 *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
 
 #include <stddef.h>
+#undef NDEBUG
+#include <assert.h>
 
 #include "nbase.h"
 
@@ -70,96 +71,72 @@
 #include "charpool.h"
 #include "nmap_error.h"
 
-static char *charpool[16];
-static int currentcharpool;
-static int currentcharpoolsz;
-static char *nextchar;
+static CharPool g_charpool (16384);
 
-/* Allocated blocks are allocated to multiples of ALIGN_ON. This is the
-   definition used by the malloc in Glibc 2.7, which says that it "suffices for
-   nearly all current machines and C compilers." */
-#define ALIGN_ON (2 * sizeof(size_t))
-
-static int cp_init(void) {
-  static int charpool_initialized = 0;
-  if (charpool_initialized) return 0;
-
-  /* Create our char pool */
-  currentcharpool = 0;
-  currentcharpoolsz = 16384;
-  nextchar = charpool[0] = (char *) safe_malloc(currentcharpoolsz);
-  charpool_initialized = 1;
-  return 0;
+const char *cp_strndup(const char *src, int len) {
+  return g_charpool.dup(src, len);
+}
+const char *cp_strdup(const char *src) {
+  return g_charpool.dup(src);
 }
-
 void cp_free(void) {
-  int ccp;
-  for(ccp=0; ccp <= currentcharpool; ccp++)
-    if(charpool[ccp]){
-      free(charpool[ccp]);
-      charpool[ccp] = NULL;
+  return g_charpool.clear();
+}
+
+class StrTable {
+  public:
+  StrTable() {
+    memset(table, 0, sizeof(table));
+    for (int i = 1; i <= CHAR_MAX; i++) {
+      table[i*2] = static_cast<char>(i);
+    }
   }
-  currentcharpool = 0;
+  const char *get(char c) { assert(c >= 0); return &table[c*2]; }
+  private:
+  char table[2*(CHAR_MAX + 1)];
+};
+static StrTable g_table;
+
+const char *cp_char2str(char c) {
+  return g_table.get(c);
 }
 
-static inline void cp_grow(void) {
-  /* Doh!  We've got to make room */
-  if (++currentcharpool > 15) {
-    fatal("Character Pool is out of buckets!");
+CharPool::CharPool(size_t init_sz) {
+  assert(init_sz >= 256);
+  /* Create our char pool */
+  currentbucketsz = init_sz;
+  nexti = 0;
+  char *b = (char *) safe_malloc(currentbucketsz);
+  buckets.push_back(b);
+}
+
+void CharPool::clear(void) {
+  for (BucketList::iterator it=buckets.begin(); it != buckets.end(); it++) {
+    free(*it);
   }
-  currentcharpoolsz <<= 1;
-
-  nextchar = charpool[currentcharpool] = (char *)
-    safe_malloc(currentcharpoolsz);
+  buckets.clear();
 }
 
-void *cp_alloc(int sz) {
-  char *p;
-  int modulus;
+const char *CharPool::dup(const char *src, int len) {
+  if (len < 0)
+    len = strlen(src);
+  if (len == 0)
+    return g_table.get('\0');
+  else if (len == 1)
+    return g_table.get(*src);
 
-  cp_init();
+  int sz = len + 1;
+  char *p = buckets.back() + nexti;
 
-  if ((modulus = sz % ALIGN_ON))
-    sz += ALIGN_ON - modulus;
-
-  if ((nextchar - charpool[currentcharpool]) + sz <= currentcharpoolsz) {
-    p = nextchar;
-    nextchar += sz;
-    return p;
+  while (nexti + sz > currentbucketsz) {
+    /* Doh!  We've got to make room */
+    currentbucketsz <<= 1;
+    nexti = 0;
+    p = (char *) safe_malloc(currentbucketsz);
+    buckets.push_back(p);
   }
-  /* Doh!  We've got to make room */
-  cp_grow();
-
- return cp_alloc(sz);
 
-}
-
-char *cp_strdup(const char *src) {
-const char *p;
-char *q;
-/* end points to the first illegal char */
-char *end;
-int modulus;
-
- cp_init();
-
- end = charpool[currentcharpool] + currentcharpoolsz;
- q = nextchar;
- p = src;
- while((nextchar < end) && *p) {
-   *nextchar++ = *p++;
- }
-
- if (nextchar < end) {
-   /* Goody, we have space */
-   *nextchar++ = '\0';
-   if ((modulus = (nextchar - q) % ALIGN_ON))
-     nextchar += ALIGN_ON - modulus;
-   return q;
- }
-
- /* Doh!  We ran out -- need to allocate more */
- cp_grow();
-
- return cp_strdup(src);
+  nexti += sz;
+  p[len] = '\0';
+  return (const char *) memcpy(p, src, len);
 }

charpool.h

@@ -4,60 +4,59 @@
  * system.                                                                 *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -65,10 +64,31 @@
 #ifndef CHARPOOL_H
 #define CHARPOOL_H
 
-void *cp_alloc(int sz);
-char *cp_strdup(const char *src);
+#include <vector>
+
+/* len does not include null terminator */
+const char *cp_strndup(const char *src, int len);
+const char *cp_strdup(const char *src);
+// Returns a pointer to a 1-char string
+const char *cp_char2str(char c);
 
 void cp_free(void);
 
+typedef std::vector<char *> BucketList;
+
+class CharPool {
+  private:
+    BucketList buckets;
+    size_t currentbucketsz;
+    size_t nexti;
+  public:
+    CharPool(size_t init_sz=256);
+    ~CharPool() { this->clear(); }
+    // Free all allocated buckets
+    void clear();
+    // if len < 0, strlen will be used to determine src length
+    const char *dup(const char *src, int len=-1);
+};
+
 #endif
 

checklibs.sh

@@ -3,7 +3,7 @@
 NDIR=${NDIR:-$PWD}
 
 newest() {
-    perl -nE'END{$,=".";say unpack"C*",$m}$m=($m,$n)[($n=pack"C*",split/\./) gt$m]'
+  sort -V | tail -n 1
 }
 
 trim_version() {
@@ -11,30 +11,34 @@ trim_version() {
 }
 
 check_libpcre() {
-    PCRE_SOURCE="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/"
+    PCRE_SOURCE="https://github.com/PCRE2Project/pcre2/releases/latest"
     PCRE_MAJOR=""
     PCRE_MINOR=""
-    eval $(grep '^PCRE_MAJOR=' $NDIR/libpcre/configure)
-    eval $(grep '^PCRE_MINOR=' $NDIR/libpcre/configure)
-    PCRE_VERSION="$PCRE_MAJOR.$PCRE_MINOR"
-    PCRE_LATEST=$(curl -ls $PCRE_SOURCE | perl -lne 'if(/pcre-(\d+.\d+).tar.gz$/){print $1}' | newest)
+    eval $(grep '^PCRE2_MAJOR=' $NDIR/libpcre/configure)
+    eval $(grep '^PCRE2_MINOR=' $NDIR/libpcre/configure)
+    PCRE_VERSION="$PCRE2_MAJOR.$PCRE2_MINOR"
+    PCRE_LATEST=$(curl -Ls -I $PCRE_SOURCE | tee tmp.txt | perl -lne 'if(m|^Location:.*/tag/pcre2-(\d+.\d+)[\r\n]*$|){print $1;exit(0)}')
     if [ "$PCRE_VERSION" != "$PCRE_LATEST" ]; then
         echo "Newer version of libpcre available"
         echo "  Current:" $PCRE_VERSION
         echo "  Latest: " $PCRE_LATEST
         echo "  Source: $PCRE_SOURCE"
+    else
+      echo "libpcre: $PCRE_VERSION"
     fi
 }
 
 check_libpcap() {
-    PCAP_SOURCE="http://www.tcpdump.org/release/"
-    PCAP_VERSION=$(cat $NDIR/libpcap/VERSION)
-    PCAP_LATEST=$(curl -s $PCAP_SOURCE | perl -lne 'if(/libpcap-([\d.]+).tar.gz/){print $1}' | newest)
+    PCAP_SOURCE="https://www.tcpdump.org/release/"
+    PCAP_VERSION=$(cat $NDIR/libpcap/VERSION 2>/dev/null || cat $NDIR/libpcap/VERSION.txt)
+    PCAP_LATEST=$(curl -Ls $PCAP_SOURCE | perl -lne 'if(/libpcap-([\d.]+).tar.gz/){print $1}' | newest)
     if [ "$PCAP_VERSION" != "$PCAP_LATEST" ]; then
         echo "Newer version of libpcap available"
         echo "  Current:" $PCAP_VERSION
         echo "  Latest: " $PCAP_LATEST
         echo "  Source: $PCAP_SOURCE"
+    else
+      echo "libpcap: $PCAP_VERSION"
     fi
 }
 
@@ -52,43 +56,56 @@ EOC
     LUA_VERSION=$(./check_liblua)
     LUA_VERSION=${LUA_VERSION#Lua }
     rm check_liblua check_liblua.c
-    LUA_LATEST=$(curl -s $LUA_SOURCE | perl -lne 'if(/lua-([\d.]+).tar.gz/){print $1}' | newest)
+    LUA_LATEST=$(curl -Ls $LUA_SOURCE | perl -lne 'if(/lua-([\d.]+).tar.gz/){print $1}' | newest)
     if [ "$LUA_VERSION" != "$LUA_LATEST" ]; then
         echo "Newer version of liblua available"
         echo "  Current:" $LUA_VERSION
         echo "  Latest: " $LUA_LATEST
         echo "  Source: $LUA_SOURCE"
+    else
+      echo "liblua: $LUA_VERSION"
     fi
 }
 
 check_liblinear() {
-    LINEAR_SOURCE="http://www.csie.ntu.edu.tw/~cjlin/liblinear/"
-    echo "Can't check liblinear, no version information is available"
-    LINEAR_LATEST=$(curl -s $LINEAR_SOURCE | perl -lne 'if(/The current release \(([^)]+)\) of <b>LIBLINEAR/){print $1;exit 0}')
-    echo "  Latest:" $LINEAR_LATEST
+    LINEAR_SOURCE="https://www.csie.ntu.edu.tw/~cjlin/liblinear/"
+    LINEAR_VERSION=$(awk '$2=="LIBLINEAR_VERSION"{print$3;exit}' $NDIR/liblinear/linear.h | sed 's/./&./1')
+    LINEAR_LATEST=$(curl -Ls $LINEAR_SOURCE | perl -lne 'if(/liblinear-([\d.]+).tar.gz/){print $1}' | newest)
+    if [ "$LINEAR_VERSION" != "$LINEAR_LATEST" ]; then
+        echo "Newer version of liblinear available"
+        echo "  Current:" $LINEAR_VERSION
+        echo "  Latest: " $LINEAR_LATEST
+        echo "  Source: $LINEAR_SOURCE"
+    else
+      echo "liblinear: $LINEAR_VERSION"
+    fi
 }
 
 check_zlib() {
     ZLIB_SOURCE="https://zlib.net/"
     ZLIB_VERSION=$(awk '$2=="ZLIB_VERSION"{print$3;exit}' $NDIR/libz/zlib.h | tr -d '"')
-    ZLIB_LATEST=$(curl -s $ZLIB_SOURCE | perl -lne 'if(/zlib-([\d.]+).tar.gz/){print $1}' | newest)
+    ZLIB_LATEST=$(curl -Ls $ZLIB_SOURCE | perl -lne 'if(/zlib-([\d.]+).tar.gz/){print $1}' | newest)
     if [ "$ZLIB_VERSION" != "$ZLIB_LATEST" ]; then
         echo "Newer version of zlib available"
         echo "  Current:" $ZLIB_VERSION
         echo "  Latest: " $ZLIB_LATEST
         echo "  Source: $ZLIB_SOURCE"
+    else
+      echo "zlib: $ZLIB_VERSION"
     fi
 }
 
 check_libssh2() {
-    LIBSSH2_SOURCE="https://www.libssh2.org/download/"
+    LIBSSH2_SOURCE="https://libssh2.org/download/"
     LIBSSH2_VERSION=$(awk '$2=="LIBSSH2_VERSION"{print$3;exit}' $NDIR/libssh2/include/libssh2.h | tr -d '"')
-    LIBSSH2_LATEST=$(curl -s $LIBSSH2_SOURCE | perl -lne 'if(/libssh2-([\d.]+).tar.gz/){print $1}' | newest)
+    LIBSSH2_LATEST=$(curl -Ls $LIBSSH2_SOURCE | perl -lne 'if(/libssh2-([\d.]+).tar.gz/){print $1}' | newest)
     if [ "$LIBSSH2_VERSION" != "$LIBSSH2_LATEST" ]; then
         echo "Newer version of libssh2 available"
         echo "  Current:" $LIBSSH2_VERSION
         echo "  Latest: " $LIBSSH2_LATEST
         echo "  Source: $LIBSSH2_SOURCE"
+    else
+      echo "libssh2: $LIBSSH2_VERSION"
     fi
 }
 

configure.ac

@@ -230,23 +230,30 @@ AC_SEARCH_LIBS(gethostbyname, nsl)
 dnl Check IPv6 raw sending flavor.
 CHECK_IPV6_IPPROTO_RAW
 
-m4_define_default([_AM_PYTHON_INTERPRETER_LIST],[python2 python2.7 python2.6 python2.5 python2.4 python])
-AM_PATH_PYTHON([2.4], [HAVE_PYTHON=true], [HAVE_PYTHON=false])
-HAVE_PYTHON2=false
-if test $HAVE_PYTHON && test "x${PYTHON_VERSION%%.*}" = "x2"; then
-    HAVE_PYTHON2=true
+m4_define_default([_AM_PYTHON_INTERPRETER_LIST],[python3 python])
+AM_PATH_PYTHON([3], [HAVE_PYTHON=true], [HAVE_PYTHON=false])
+
+PY_BUILD_OK=false
+if $HAVE_PYTHON ; then
+  CHECK_PYTHON_MODULE(setuptools)
+  if test "$py_have_setuptools" = "yes"; then
+    CHECK_PYTHON_MODULE(build)
+    if test "$py_have_build" = "yes"; then
+      PY_BUILD_OK=true
+    fi
+  fi
 fi
 
 NDIFFDIR=ndiff
 
 # Do they want Ndiff?
 AC_ARG_WITH(ndiff, AC_HELP_STRING([--without-ndiff], [Skip installation of the Ndiff utility]), [], [with_ndiff=check])
-if $HAVE_PYTHON2 ; then : ;
+if $PY_BUILD_OK ; then : ;
 else
   if test "$with_ndiff" = "check" ; then
-    AC_MSG_WARN([Not building Ndiff because Python 2.x with x>=4 was not found])
+    AC_MSG_WARN([Not building Ndiff because Python with setuptools was not found])
   elif test "$with_ndiff" = "yes"; then
-    AC_MSG_FAILURE([--with-ndiff requires Python 2.x with x>=4])
+    AC_MSG_FAILURE([--with-ndiff requires Python with setuptools])
   fi
   with_ndiff=no
 fi
@@ -280,12 +287,12 @@ ZENMAPDIR=zenmap
 # Do they want Zenmap?
 AC_ARG_WITH(zenmap, AC_HELP_STRING([--without-zenmap], [Skip installation of the Zenmap graphical frontend]), [], [with_zenmap=check])
 
-if $HAVE_PYTHON2 ; then : ;
+if $PY_BUILD_OK ; then : ;
 else
   if test "$with_zenmap" = "check"; then
-    AC_MSG_WARN([Not building Zenmap because Python 2.x with x>=4 was not found])
+    AC_MSG_WARN([Not building Zenmap because Python was not found])
   elif test "$with_zenmap" = "yes"; then
-    AC_MSG_FAILURE([--with-zenmap requires Python 2.x with x>=4])
+    AC_MSG_FAILURE([--with-zenmap requires Python])
   fi
   with_zenmap=no
 fi
@@ -342,6 +349,9 @@ AC_SUBST(UNINSTALLNPING)
 AC_SUBST(NPING_CLEAN)
 AC_SUBST(NPING_DIST_CLEAN)
 
+# OpenSSL and NSE C modules can require dlopen
+AC_SEARCH_LIBS(dlopen, dl)
+
 # We test whether they specified openssl desires explicitly
 use_openssl="yes"
 specialssldir=""
@@ -363,43 +373,47 @@ AC_HELP_STRING([--with-openssl=DIR],[Use optional openssl libs and includes from
 )
 
 # If they didn't specify it, we try to find it
-if test "$use_openssl" = "yes" -a -z "$specialssldir"; then
+if test "$use_openssl" = "yes"; then
   AC_CHECK_HEADER(openssl/ssl.h,,
   [ use_openssl="no"
+    if test -n "$specialssldir"; then
+      AC_MSG_ERROR([Specific OpenSSL location was requested but openssl/ssl.h was not found. Try correcting the --with-openssl=DIR argument.])
+    fi
     if test "$with_openssl" = "yes"; then
       AC_MSG_ERROR([OpenSSL was explicitly requested but openssl/ssl.h was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.])
     fi
     AC_MSG_WARN([Failed to find openssl/ssl.h so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument])
   ])
+fi
 
 # use_openssl="yes" given explicitly in next 2 rules to avoid adding lib to $LIBS
- if test "$use_openssl" = "yes"; then
-   AC_CHECK_LIB(crypto, BIO_int_ctrl,
+if test "$use_openssl" = "yes"; then
+  AC_CHECK_LIB(crypto, BIO_int_ctrl,
     [ use_openssl="yes"],
     [ use_openssl="no"
-    if test "$with_openssl" = "yes"; then
-      AC_MSG_ERROR([OpenSSL was explicitly requested but libcrypto was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.])
-    fi
-    AC_MSG_WARN([Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument])
-   ])
- fi
+      if test -n "$specialssldir"; then
+        AC_MSG_ERROR([Specific OpenSSL location was requested but libcrypto was not found. Try correcting the --with-openssl=DIR argument.])
+      fi
+      if test "$with_openssl" = "yes"; then
+        AC_MSG_ERROR([OpenSSL was explicitly requested but libcrypto was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.])
+      fi
+      AC_MSG_WARN([Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument])
+    ])
+fi
 
- if test "$use_openssl" = "yes"; then
-   AC_CHECK_LIB(ssl, SSL_new,
+if test "$use_openssl" = "yes"; then
+  AC_CHECK_LIB(ssl, SSL_new,
     [ use_openssl="yes" ],
     [ use_openssl="no"
-    if test "$with_openssl" = "yes"; then
-      AC_MSG_ERROR([OpenSSL was explicitly requested but libssl was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.])
-    fi
-    AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) ],
+      if test -n "$specialssldir"; then
+        AC_MSG_ERROR([Specific OpenSSL location was requested but libssl was not found. Try correcting the --with-openssl=DIR argument.])
+      fi
+      if test "$with_openssl" = "yes"; then
+        AC_MSG_ERROR([OpenSSL was explicitly requested but libssl was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.])
+      fi
+      AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument])
+    ],
     [ -lcrypto ])
- fi
-
- if test "$use_openssl" = "yes"; then
-   AC_CHECK_LIB(crypto, EVP_PKEY_get1_EC_KEY,
-    [AC_DEFINE(HAVE_OPENSSL_EC, 1, [Have EVP_PKEY_get1_EC_KEY])],
-    [AC_MSG_WARN([Disabling support for EC crypto])])
-  fi
 fi
 
 OPENSSL_LIBS=
@@ -468,6 +482,7 @@ if test $have_libpcap = yes; then
 fi
 
 if test $have_libpcap != yes; then
+  ac_configure_args="$ac_configure_args '--disable-dbus'"
   AC_CONFIG_SUBDIRS(libpcap)
   if test "${LIBPCAP_INC+set}" = "set"; then
     CPPFLAGS="$CPPFLAGS -I$LIBPCAP_INC"
@@ -507,7 +522,7 @@ LIBPCREDIR=libpcre
 
 # First we test whether they specified libpcre explicitly
 AC_ARG_WITH(libpcre,
-AC_HELP_STRING([--with-libpcre=DIR], [Use an existing (compiled) pcre lib from DIR/include and DIR/lib.])
+AC_HELP_STRING([--with-libpcre=DIR], [Use an existing (compiled) pcre2 lib from DIR/include and DIR/lib.])
 AC_HELP_STRING([--with-libpcre=included], [Always use the version included with Nmap]),
 [  case "$with_libpcre" in
   yes)
@@ -525,27 +540,31 @@ AC_HELP_STRING([--with-libpcre=included], [Always use the version included with
 
 # If they didn't specify it, we try to find it
 if test $have_pcre != yes -a $requested_included_pcre != yes ; then
-  AC_CHECK_HEADER(pcre.h,
-    AC_CHECK_LIB(pcre, pcre_version, [have_pcre=yes ]),
-    [AC_CHECK_HEADER(pcre/pcre.h,
-      [AC_CHECK_LIB(pcre, pcre_version, [have_pcre=yes])]
-    )]
-  )
+  AC_CHECK_HEADER(pcre2.h,
+    AC_CHECK_LIB(pcre2-8,
+      pcre2_compile_8,
+      [have_pcre=yes ]),
+    AC_CHECK_HEADER(pcre2/pcre2.h,
+      AC_CHECK_LIB(pcre2-8,
+        pcre2_compile_8,
+        [have_pcre=yes
+        AC_DEFINE(HAVE_PCRE2_PCRE2_H, 1, [Using system pcre2/pcre2.h])]),
+      [],
+      [#define PCRE2_CODE_UNIT_WIDTH 8]),
+    [#define PCRE2_CODE_UNIT_WIDTH 8])
 fi
 
 # If we still don't have it, we use our own
 if test $have_pcre != yes ; then
   AC_CONFIG_SUBDIRS( libpcre )
-  CPPFLAGS="-I\$(top_srcdir)/$LIBPCREDIR $CPPFLAGS"
-  LIBPCRE_LIBS="$LIBPCREDIR/libpcre.a"
+  CPPFLAGS="-I\$(top_srcdir)/$LIBPCREDIR/src $CPPFLAGS"
+  LIBPCRE_LIBS="$LIBPCREDIR/.libs/libpcre2-8.a"
   PCRE_BUILD="build-pcre"
   PCRE_CLEAN="clean-pcre"
   PCRE_DIST_CLEAN="distclean-pcre"
-  AC_DEFINE(PCRE_INCLUDED, 1, [Using included libpcre])
+  AC_DEFINE(PCRE_INCLUDED, 1, [Using included libpcre2])
 else
-# We only need to check for and use this if we are NOT using included pcre
-  AC_CHECK_HEADERS(pcre/pcre.h)
-  LIBPCRE_LIBS="-lpcre"
+  LIBPCRE_LIBS="-lpcre2-8"
   PCRE_BUILD=""
   PCRE_CLEAN=""
   PCRE_DIST_CLEAN=""
@@ -671,7 +690,7 @@ AC_HELP_STRING([--without-libssh2], [Compile without libssh2]),
     LDFLAGS="-L$with_libssh2/lib $LDFLAGS"
 
     AC_CHECK_HEADER(libssh2.h,[
-      AC_CHECK_LIB(ssh2, libssh2_version,
+      AC_CHECK_LIB(ssh2, libssh2_userauth_banner,
         [have_libssh2=yes
         LIBSSH2_INC=$with_libssh2/include
         LIBSSH2_LIB=$with_libssh2/lib],
@@ -690,7 +709,7 @@ if test $use_libssh2 = yes -a $use_openssl = yes; then
   # If they didn't specify it, we try to find it
   if test $have_libssh2 != yes -a $requested_included_libssh2 != yes; then
     AC_CHECK_HEADER(libssh2.h,[
-      AC_CHECK_LIB(ssh2, libssh2_version,
+      AC_CHECK_LIB(ssh2, libssh2_userauth_banner,
         [have_libssh2="yes"],,[-lm])
       ])
   fi
@@ -808,9 +827,6 @@ AC_HELP_STRING([--without-liblua], [Compile without lua (this will exclude all o
   esac]
 )
 
-# OpenSSL and NSE C modules can require dlopen
-AC_SEARCH_LIBS(dlopen, dl)
-
 # They don't want lua
 if test "$no_lua" = "yes"; then
   trace_no_use="$trace_no_use lua"
@@ -826,29 +842,30 @@ else
 
   # If they didn't specify it, we try to find it
   if test $have_lua != yes; then
-    AC_CHECK_HEADERS([lua5.3/lua.h lua/5.3/lua.h lua.h lua/lua.h], [break])
-    AC_SEARCH_LIBS(lua_isyieldable, [lua5.3 lua53 lua], [have_lua=yes],, [-lm])
+    AC_CHECK_HEADERS([lua5.4/lua.h lua/5.4/lua.h lua.h lua/lua.h], [break])
+    AC_SEARCH_LIBS(lua_isyieldable, [lua5.4 lua54 lua], [have_lua=yes],, [-lm])
     AC_LANG_PUSH(C)
-    # We need Lua 5.3 exactly
-    AC_MSG_CHECKING([for lua version == 503])
+    # We need Lua 5.4 exactly
     AC_PREPROC_IFELSE([ AC_LANG_PROGRAM( [[
-      #ifdef HAVE_LUA5_3_LUA_H
-          #include <lua5.3/lua.h>
-      #elif defined HAVE_LUA_5_3_LUA_H
-          #include <lua/5.3/lua.h>
+      #ifdef HAVE_LUA5_4_LUA_H
+          #include <lua5.4/lua.h>
+      #elif defined HAVE_LUA_5_4_LUA_H
+          #include <lua/5.4/lua.h>
       #elif defined HAVE_LUA_H || defined LUA_INCLUDED
           #include <lua.h>
       #elif defined HAVE_LUA_LUA_H
           #include <lua/lua.h>
       #endif
 
-      #if (LUA_VERSION_NUM != 503)
+      #if (LUA_VERSION_NUM != 504)
           #error Incorrect Lua version
       #endif
         ]],
-        [[if(LUA_VERSION_NUM != 503) return 1;]])
+        [[if(LUA_VERSION_NUM != 504) return 1;]])
     ],
     [have_lua=yes], [have_lua=no])
+    AC_MSG_CHECKING([for lua version == 504])
+    AC_MSG_RESULT([$have_lua])
     AC_LANG_POP(C)
 
     LUA_BUILD=""
@@ -857,8 +874,9 @@ else
   fi
 
   # if we didn't find we use our own
+  AC_MSG_CHECKING([whether lua was found])
   if test $have_lua != yes; then
-    AC_MSG_RESULT(no)
+    AC_MSG_RESULT([no, will use our own])
     CPPFLAGS="-I\$(top_srcdir)/$LIBLUADIR $CPPFLAGS"
     LIBLUA_LIBS="\$(top_srcdir)/$LIBLUADIR/liblua.a"
     LUA_BUILD="build-lua"
@@ -923,8 +941,9 @@ if test $have_liblinear != yes; then
 fi
 
 # if we didn't find we use our own
+AC_MSG_CHECKING([whether liblinear was found])
 if test $have_liblinear != yes; then
-  AC_MSG_RESULT(no)
+  AC_MSG_RESULT([no, will use our own])
   CPPFLAGS="-I\$(top_srcdir)/$LIBLINEARDIR $CPPFLAGS"
   LIBLINEAR_LIBS="\$(top_srcdir)/$LIBLINEARDIR/liblinear.a"
   LIBLINEAR_BUILD="build-liblinear"

docs/3rd-party.xml

@@ -7,16 +7,16 @@
 <!ENTITY nmap_version "7.25SVN">
 
 <!-- Software source versions -->
-<!ENTITY nmap_libpcap_version "1.7.3">
-<!ENTITY nmap_libdnet_version "1.12">
-<!ENTITY nmap_pcre_version "7.6">
-<!ENTITY nmap_liblinear_version "1.7"><!-- https://github.com/cjlin1/liblinear/commit/61a6d1b38ef5c77d1d7a18c177c203708d77b0f5 -->
-<!ENTITY nmap_lua_version "5.3.3">
+<!ENTITY nmap_libpcap_version "1.10.5">
+<!ENTITY nmap_libdnet_version "1.18">
+<!ENTITY nmap_pcre_version "10.45">
+<!ENTITY nmap_liblinear_version "2.47"><!-- https://github.com/cjlin1/liblinear/commit/61a6d1b38ef5c77d1d7a18c177c203708d77b0f5 -->
+<!ENTITY nmap_lua_version "5.4.7">
 
 <!-- Software static linked versions -->
-<!ENTITY npcap_version "0.08r9">
-<!ENTITY openssl_version "1.0.2h">
-<!ENTITY python_version "2.7.11">
+<!ENTITY npcap_version "1.82">
+<!ENTITY openssl_version "3.0.16">
+<!ENTITY python_version "3.13">
 
 <!-- Lua library versions -->
 <!ENTITY slaxml_version "0.7">
@@ -260,7 +260,7 @@
     </package>
     <package id="npcap">
       <name>Npcap</name>
-      <url>https://npcap.org/</url>
+      <url>https://npcap.com/</url>
       <copyright>Nmap Software LLC ("The Nmap Project")</copyright>
       <license>&license_npcap;</license>
     </package>

docs/legal-notices.xml

@@ -6,12 +6,12 @@
   <indexterm><primary>GNU General Public License</primary></indexterm>
 
 
-<para>The Nmap Security Scanner is (C) 1996&ndash;2021 Nmap Software
+<para>The Nmap Security Scanner is (C) 1996&ndash;2022 Nmap Software
 LLC ("The Nmap Project"). Nmap is also a registered trademark of the
 Nmap Project. It is published under the <ulink
 url="https://nmap.org/npsl">Nmap Public Source License</ulink>. This
 generally allows end users to download and use Nmap for free.  It
-doesn't not allow Nmap to be used and redistributed within commercial
+doesn't allow Nmap to be used and redistributed within commercial
 software or hardware products (including appliances, virtual machines,
 and traditional applications).  We fund the project by selling a
 special Nmap OEM Edition for this purpose, as described at <ulink
@@ -41,15 +41,16 @@ copyright holders.
 </para>
       
 <para>If you have received a written license agreement or contract for
-Nmap stating terms other than these, you may choose to use and
-redistribute Nmap under those terms instead.</para>
+Nmap (such as an <ulink url="https://nmap.org/oem/">Nmap OEM
+license</ulink>) stating terms other than these, you may choose to use
+and redistribute Nmap under those terms instead.</para>
 
 </refsect2>
 
 <refsect2 id="man-copyright">
   <title>Creative Commons License for this Nmap Guide</title>
   <para>This <citetitle>Nmap Reference Guide</citetitle> is (C)
-  2005&ndash;2021 Nmap Software LLC. It is
+  2005&ndash;2022 Nmap Software LLC. It is
    hereby placed under version 3.0 of the <ulink
    url="http://creativecommons.org/licenses/by/3.0/">Creative Commons
    Attribution License</ulink>.  This allows you redistribute and modify
@@ -126,7 +127,7 @@ url="https://www.tcpdump.org">Libpcap portable packet capture
 library</ulink><indexterm><primary>libpcap</primary></indexterm>
 is distributed along with Nmap.
 The Windows version of Nmap utilizes the Libpcap-derived
-<ulink role="hidepdf" url="https://npcap.org">Ncap library</ulink><indexterm><primary>Npcap</primary></indexterm>
+<ulink role="hidepdf" url="https://npcap.com">Ncap library</ulink><indexterm><primary>Npcap</primary></indexterm>
 instead.
 Regular expression support is provided by the
 <ulink role="hidepdf" url="https://pcre.org">PCRE library</ulink>,<indexterm><primary>Perl Compatible Regular Expressions (PCRE)</primary></indexterm>

docs/licenses/PCRE-license.txt

@@ -1,38 +1,67 @@
-PCRE LICENCE
-------------
+PCRE2 Licence
+=============
 
-PCRE is a library of functions to support regular expressions whose syntax
+| SPDX-License-Identifier: | BSD-3-Clause WITH PCRE2-exception |
+|---------|-------|
+
+PCRE2 is a library of functions to support regular expressions whose syntax
 and semantics are as close as possible to those of the Perl 5 language.
 
-Release 7 of PCRE is distributed under the terms of the "BSD" licence, as
-specified below. The documentation for PCRE, supplied in the "doc"
-directory, is distributed under the same terms as the software itself.
+Releases 10.00 and above of PCRE2 are distributed under the terms of the "BSD"
+licence, as specified below, with one exemption for certain binary
+redistributions. The documentation for PCRE2, supplied in the "doc" directory,
+is distributed under the same terms as the software itself. The data in the
+testdata directory is not copyrighted and is in the public domain.
 
 The basic library functions are written in C and are freestanding. Also
-included in the distribution is a set of C++ wrapper functions.
+included in the distribution is a just-in-time compiler that can be used to
+optimize pattern matching. This is an optional feature that can be omitted when
+the library is built. The just-in-time compiler is separately licensed under the
+"2-clause BSD" licence.
 
 
-THE BASIC LIBRARY FUNCTIONS
----------------------------
+COPYRIGHT
+---------
 
-Written by:       Philip Hazel
-Email local part: ph10
-Email domain:     cam.ac.uk
+### The basic library functions
 
-University of Cambridge Computing Service,
-Cambridge, England.
+    Written by:       Philip Hazel
+    Email local part: Philip.Hazel
+    Email domain:     gmail.com
 
-Copyright (c) 1997-2008 University of Cambridge
-All rights reserved.
+    Retired from University of Cambridge Computing Service,
+    Cambridge, England.
 
+    Copyright (c) 1997-2007 University of Cambridge
+    Copyright (c) 2007-2024 Philip Hazel
+    All rights reserved.
 
-THE C++ WRAPPER FUNCTIONS
--------------------------
+### PCRE2 Just-In-Time compilation support
 
-Contributed by:   Google Inc.
+    Written by:       Zoltan Herczeg
+    Email local part: hzmester
+    Email domain:     freemail.hu
 
-Copyright (c) 2007-2008, Google Inc.
-All rights reserved.
+    Copyright (c) 2010-2024 Zoltan Herczeg
+    All rights reserved.
+
+### Stack-less Just-In-Time compiler
+
+    Written by:       Zoltan Herczeg
+    Email local part: hzmester
+    Email domain:     freemail.hu
+
+    Copyright (c) 2009-2024 Zoltan Herczeg
+    All rights reserved.
+
+The code in the `deps/sljit` directory has its own LICENSE file.
+
+### All other contributions
+
+Many other contributors have participated in the authorship of PCRE2. As PCRE2
+has never required a Contributor Licensing Agreement, or other copyright
+assignment agreement, all contributions have copyright retained by each
+original contributor or their employer.
 
 
 THE "BSD" LICENCE
@@ -41,17 +70,16 @@ THE "BSD" LICENCE
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
 
-    * Redistributions of source code must retain the above copyright notice,
-      this list of conditions and the following disclaimer.
+* Redistributions of source code must retain the above copyright notices,
+  this list of conditions and the following disclaimer.
 
-    * Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in the
-      documentation and/or other materials provided with the distribution.
+* Redistributions in binary form must reproduce the above copyright
+  notices, this list of conditions and the following disclaimer in the
+  documentation and/or other materials provided with the distribution.
 
-    * Neither the name of the University of Cambridge nor the name of Google
-      Inc. nor the names of their contributors may be used to endorse or
-      promote products derived from this software without specific prior
-      written permission.
+* Neither the name of the University of Cambridge nor the names of any
+  contributors may be used to endorse or promote products derived from this
+  software without specific prior written permission.
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -65,4 +93,12 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE.
 
-End
+
+EXEMPTION FOR BINARY LIBRARY-LIKE PACKAGES
+------------------------------------------
+
+The second condition in the BSD licence (covering binary redistributions) does
+not apply all the way down a chain of software. If binary package A includes
+PCRE2, it must respect the condition, but if package B is software that
+includes package A, the condition is not imposed on package B unless it uses
+PCRE2 independently.

docs/man-xlate/nmap-de.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Autor" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06.08.2021
+.\"      Date: 06.08.2025
 .\"    Manual: Nmap-Referenz-Handbuch
 .\"    Source: Nmap
 .\"  Language: German
 .\"
-.TH "NMAP" "1" "06.08.2021" "Nmap" "Nmap\-Referenz\-Handbuch"
+.TH "NMAP" "1" "06.08.2025" "Nmap" "Nmap\-Referenz\-Handbuch"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -151,7 +151,7 @@ PORT SPECIFICATION AND SCAN ORDER:
   \-p <port ranges>: Only scan specified ports
     Ex: \-p22; \-p1\-65535; \-p U:53,111,137,T:21\-25,80,139,8080
   \-F: Fast mode \- Scan fewer ports than the default scan
-  \-r: Scan ports consecutively \- don\*(Aqt randomize
+  \-r: Scan ports sequentially \- don\*(Aqt randomize
   \-\-top\-ports <number>: Scan <number> most common ports
   \-\-port\-ratio <ratio>: Scan ports more common than <ratio>
 SERVICE/VERSION DETECTION:
@@ -1509,7 +1509,7 @@ S, gefolgt von einem Leerzeichen und einer mit Leerzeichen getrennten Liste von
 Wenn Sie die Optionen in den gesendeten und empfangenen Paketen sehen möchten, geben Sie
 \fB\-\-packet\-trace\fR
 an\&. Mehr Informationen und Beispiele zum Einsatz von IP\-Optionen mit Nmap finden Sie unter
-\m[blue]\fB\%http://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]\&.
+\m[blue]\fB\%https://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]\&.
 .RE
 .PP
 \fB\-\-ttl \fR\fB\fIvalue\fR\fR (setzt IP\-Time\-to\-live\-Feld)
@@ -2099,10 +2099,10 @@ im
 Wie sein Autor ist auch Nmap selbst nicht perfekt\&. Aber Sie können helfen, es zu verbessern, indem Sie Fehlerberichte schicken oder sogar Patches schreiben\&. Falls Nmap sich nicht wie erwartet verhält, sollten Sie zuerst auf die neueste Version aktualisieren, die unter
 \m[blue]\fB\%https://nmap.org\fR\m[]
 verfügbar ist\&. Wenn das Problem anhält, versuchen Sie herauszufinden, ob es bereits erkannt und bearbeitet wurde\&. Suchen Sie nach der Fehlermeldung auf unserer Suchseite unter
-\m[blue]\fB\%http://insecure.org/search.html\fR\m[]
+\m[blue]\fB\%https://insecure.org/search.html\fR\m[]
 oder bei Google\&. Stöbern Sie in den
 nmap\-dev\-Archiven unter
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&.
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&.
 Lesen Sie auch diese Manpage vollständig\&. Wenn Sie keine Lösung finden, schicken Sie einen Fehlerbericht per E\-Mail an
 <dev@nmap\&.org>\&. Beschreiben Sie darin bitte alles, was Sie über das Problem wissen, inklusive der Nmap\-Version und der Betriebssystemversion, unter der Sie Nmap einsetzen\&. Berichte von Problemen und Fragen zur Anwendung von Nmap werden sehr viel wahrscheinlicher beantwortet, wenn sie an
 <dev@nmap\&.org>
@@ -2118,7 +2118,7 @@ nmap\-dev
 .PP
 Fyodor
 <fyodor@nmap\&.org>
-(\m[blue]\fB\%http://insecure.org\fR\m[])
+(\m[blue]\fB\%https://insecure.org\fR\m[])
 .PP
 Über die Jahre haben hunderte von Menschen wertvolle Beiträge zu Nmap geleistet\&. Sie sind detailliert in der Datei
 CHANGELOG

docs/man-xlate/nmap-es.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Autor" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2021
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 06/08/2025
+.\"    Manual: Guía de referencia de Nmap
+.\"    Source: Nmap
 .\"  Language: Spanish
 .\"
-.TH "NMAP" "1" "06/08/2021" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "06/08/2025" "Nmap" "Guía de referencia de Nmap"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -1570,7 +1570,7 @@ Esto sondea 4096 IPs para buscar cualquier servidor web (sin enviar sondas ICMP)
 .PP
 Al igual que su autor, Nmap no es perfecto\&. Pero tu puedes ayudar a hacerlo mejor enviando informes de fallo o incluso escribiendo parches\&. Si Nmap no se comporta como tú esperas, primero actualiza a la última versión disponible en
 \m[blue]\fB\%https://nmap.org/\fR\m[]\&. Si el problema persiste, investiga para determinar si la causa ya ha sido descubierta y solucionada\&. Busca en Google el mensaje de error o navega en los archivos de Nmap\-dev en
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. También deberías leer este manual completo\&. Si esto no te ayuda, envía un informe de error en inglés a
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. También deberías leer este manual completo\&. Si esto no te ayuda, envía un informe de error en inglés a
 <dev@nmap\&.org>\&. Por favor, incluya todo lo que haya visto del problema, así como qué versión de Nmap está utilizando y sobre qué versión del sistema operativo está trabajando\&. Hay muchas más probabilidades de que un informe de fallo o una pregunta sobre el uso de Nmap se contesten si se envían a dev@nmap\&.org que si se envían directamente a Fyodor\&.
 .PP
 Es mejor enviar parches para arreglar el código que un informe de error\&. Puedes encontrar las instrucciones básicas para crear parches con sus cambios en

docs/man-xlate/nmap-fr.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Auteur" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2021
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 06/08/2025
+.\"    Manual: Guide de référence Nmap
+.\"    Source: Nmap
 .\"  Language: French
 .\"
-.TH "NMAP" "1" "06/08/2021" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "06/08/2025" "Nmap" "Guide de référence Nmap"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -272,7 +272,7 @@ Tout ce qui n\*(Aqest pas une option (ou l\*(Aqargument d\*(Aqune option) dans l
 bits de poids fort sont les mêmes que la cible de référence\&. Par exemple, 192\&.168\&.10\&.0/24 scannerait les 256 hôtes entre 192\&.168\&.10\&.0 (en binaire:
 11000000 10101000 00001010 00000000) et 192\&.168\&.10\&.255 (en binaire:11000000 10101000 00001010 11111111) inclusivement\&. 192\&.168\&.10\&.40/24 ferait donc aussi la même chose\&. Étant donné que l\*(Aqhôte scanme\&.nmap\&.org est à l\*(Aqadresse IP 205\&.217\&.153\&.62, scanme\&.nmap\&.org/16 scannerait les 65 536 adresses IP entre 205\&.217\&.0\&.0 et 205\&.217\&.255\&.255\&. La plus petite valeur autorisée est /1 qui scanne la moitié d\*(AqInternet\&. La plus grande valeur autorisée est 32, ainsi Nmap ne scanne que la cible de référence car tous les bits de l\*(Aqadresse sont fixés\&.
 .PP
-La notation CIDR est concise mais pas toujours des plus pratiques\&. Par exemple, vous voudriez scanner 192\&.168\&.0\&.0/16 mais éviter toutes les adresses se terminant par \&.0 ou \&.255 car se sont souvent des adresses de diffusion (broadcast)\&. Nmap permet de le faire grâce à l\*(Aqadressage par intervalles\&. Plutôt que de spécifier une adresse IP normale, vous pouvez spécifier pour chaque octet de l\*(AqIP une liste d\*(Aqintervalles séparés par des virgules\&. Par exemple, 192\&.168\&.0\-255\&.1\-254 évitera toutes les adresses se terminant par \&.0 ou \&.255\&. Les intervalles ne sont pas limités aux octets finals: 0\-255\&.0\-255\&.13\&.37 exécutera un scan de toutes les adresses IP se terminant par 137\&.37\&. Ce genre de spécifications peut s\*(Aqavérer utile pour des statistiques sur Internet ou pour les chercheurs\&.
+La notation CIDR est concise mais pas toujours des plus pratiques\&. Par exemple, vous voudriez scanner 192\&.168\&.0\&.0/16 mais éviter toutes les adresses se terminant par \&.0 ou \&.255 car se sont souvent des adresses de diffusion (broadcast)\&. Nmap permet de le faire grâce à l\*(Aqadressage par intervalles\&. Plutôt que de spécifier une adresse IP normale, vous pouvez spécifier pour chaque octet de l\*(AqIP une liste d\*(Aqintervalles séparés par des virgules\&. Par exemple, 192\&.168\&.0\-255\&.1\-254 évitera toutes les adresses se terminant par \&.0 ou \&.255\&. Les intervalles ne sont pas limités aux octets finals: 0\-255\&.0\-255\&.13\&.37 exécutera un scan de toutes les adresses IP se terminant par 13\&.37\&. Ce genre de spécifications peut s\*(Aqavérer utile pour des statistiques sur Internet ou pour les chercheurs\&.
 .PP
 Les adresses IPv6 ne peuvent être spécifiées que par une adresse IPv6 pleinement qualifiée ou un nom d\*(Aqhôte\&. L\*(Aqadressage CIDR ou par intervalles n\*(Aqest pas géré avec IPv6 car les adresses ne sont que rarement utiles\&.
 .PP
@@ -1369,7 +1369,7 @@ suivit d\*(Aqun espace et d\*(Aqune liste séparée d\*(Aqespaces d\*(Aqadresses
 .sp
 Si vous souhaitez voir les options dans les paquets envoyés et recus, spécifiez
 \fB\-\-packet\-trace\fR\&. Pour plus d\*(Aqinformation et d\*(Aqexemples de l\*(Aqutilisation des options IP avec Nmap, voir
-\m[blue]\fB\%http://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]\&.
+\m[blue]\fB\%https://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]\&.
 .RE
 .PP
 \fB\-\-badsum\fR (Envoyer des paquets avec des sommes de contrôle TCP/UDP erronnées)
@@ -1572,19 +1572,19 @@ Force Nmap à afficher un résumé de chaque paquet envoyé ou reçu\&. C\*(Aqes
 \fB\-\-open\fR (Montre seulement les ports ouverts (ou potentiellement ouverts))
 .RS 4
 Il arrive que vous ne soyez interressé que par les ports sur lesquels vous pouvez effectivment vous connecter (état
-<term>open</term>), et ne voulez pas de résultats pollués par ceux qui sont
-<term>closed</term>,
-<term>filtered</term>, et
-<term>closed|filtered</term>
+open), et ne voulez pas de résultats pollués par ceux qui sont
+closed,
+filtered, et
+closed|filtered
 \&. La personnalisation est en général faite après le scan en utilisant des outils comme grep, awk, ou Perl, mais cette fonctionnalité a été ajoutée à cause d\*(Aqun grand nombre de demandes à cet égard\&. Spécifiez
 \fB\-\-open\fR
 pour voir seulement les ports
-<term>open</term>,
-<term>open|filtered</term>, et
-<term>unfiltered</term>\&. Ces trois états sont traités pour ce qu\*(Aqils sont normalement, ce qui signifie que
-<term>open|filtered</term>
+open,
+open|filtered, et
+unfiltered\&. Ces trois états sont traités pour ce qu\*(Aqils sont normalement, ce qui signifie que
+open|filtered
 et
-<term>unfiltered</term>
+unfiltered
 peuvent être regroupés dans le comptage si il y en a un grand nombre\&.
 .RE
 .PP
@@ -1830,7 +1830,7 @@ Effectue un transfert de zone DNS afin de trouver les hôtes au sein de company\
 .PP
 Comme son auteur, Nmap n\*(Aqest pas parfait\&. Mais vous pouvez aider à l\*(Aqaméliorer en envoyant les rapports de bogues ou même en écrivant des programmes de correction\&. Si Nmap ne satisfait pas à vos attentes, mettez\-le d\*(Aqabord à jour en utilisant la dernière version disponible sur
 \m[blue]\fB\%https://nmap.org/\fR\m[]\&. Si le problème persiste, faites quelques recherches afin de déterminer s\*(Aqil a déjà été remarqué et signalé\&. Essayez pour cela de mettre l\*(Aqerreur en argument sur Google ou parcourez les archives de Nmap\-dev sur
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. Lisez ce manuel en entier quoiqu\*(Aqil en soit\&. Si rien ne semble fonctionner, envoyez un rapport de bogue à
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. Lisez ce manuel en entier quoiqu\*(Aqil en soit\&. Si rien ne semble fonctionner, envoyez un rapport de bogue à
 <dev@nmap\&.org>\&. Veillez à inclure tout ce que vous avez appris au sujet de ce bogue ainsi que la version de Nmap concernée et le système d\*(Aqexploitation que vous utilisez\&. Les rapports de problèmes et les questions sur l\*(Aqutilisation de Nmap envoyés à dev@nmap\&.org ont plus de chance de trouver une réponse que ceux envoyés à Fyodor directement\&.
 .PP
 Les codes de programmes de correction destinés à régler des bogues sont encore meilleurs que les rapports de bogues\&. Les instructions de base pour créer des fichiers de programmes de correction avec vos modifications sont disponibles sur

docs/man-xlate/nmap-hr.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Author" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 08/06/2021
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 04/12/2024
+.\"    Manual: Nmap vodič
+.\"    Source: Nmap
 .\"  Language: Croatian
 .\"
-.TH "NMAP" "1" "08/06/2021" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "04/12/2024" "Nmap" "Nmap vodič"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -1511,7 +1511,7 @@ Skenira 4096 IP adresa za web serverom (bez prethodnog pinganja) i sprema izvje
 .PP
 Poput svog autora niti Nmap nije savršen, no Vi možete pomoći slanjem prijava o greškama, pa čak i pišući patcheve\&. Ukoliko se Nmap ne ponaša onako kako očekujete od njega, najprije ga nadogradite na najnoviju verziju dostupnu na
 \m[blue]\fB\%https://nmap.org/\fR\m[]\&. Ukoliko je problem i dalje tu, istražite da li je već otkriven i prijavljen\&. Pokušajte "zaguglati" poruku o grešci ili otiđite na Nmap\-dev arhive na
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. Također pročitajte i kompletan manual\&. Ukoliko ništa od toga ne pomogne, pošaljite izvještaj o grešci na
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. Također pročitajte i kompletan manual\&. Ukoliko ništa od toga ne pomogne, pošaljite izvještaj o grešci na
 <dev@nmap\&.org>\&. Molim Vas napišite sve što ste do tad otkrili o problemu, te koju verziju Nmap\- imate i koju verziju OS\-a imate\&. Izvještaji o prijavljenim problemima i upiti o korištenju Nmap\-a koji su poslani na dev@nmap\&.org imaju više šansi da budu odgovoreni nego oni poslani direktno Fyodor\-u\&.
 .PP
 Patchevi za otklanjanje bugova su još i bolji od samih prijava\&. Osnovne upute za kreiranje patch datoteka s promjenama su dostupne na

docs/man-xlate/nmap-hu.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2021
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 12/04/2024
+.\"    Manual: Nmap Referencia Útmutató
+.\"    Source: Nmap
 .\"  Language: Hungarian
 .\"
-.TH "NMAP" "1" "06/08/2021" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "12/04/2024" "Nmap" "Nmap Referencia Útmutató"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -1456,7 +1456,7 @@ paraméter és az IP címek szóközzel elválasztott listájának megadásával
 Ha szeretné nyomon követni az elküdött és a beérkezett csomagokban lévő beállításokat, adja meg a
 \fB\-\-packet\-trace\fR
 paramétert\&. Ha további információkra és példákra kíváncsi az Nmap programban használható IP paraméterekkel kapcsolatban, látogasson el a
-\m[blue]\fB\%http://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]
+\m[blue]\fB\%https://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]
 címre\&.
 .RE
 .PP
@@ -1981,7 +1981,7 @@ Visszhang próbák nélkül letapogat 4096 IP címet webkiszolgáló után kutat
 Akárcsak a program készítője, az Nmap sem tökéletes\&. De segíthet jobbá tenni, ha elküldi a felfedezett hibák leírását, vagy javítást készít hozzájuk\&. Ha az Nmap nem az elvárásai szerint működik, először mindig szerezze be a legfrissebb változatot a
 \m[blue]\fB\%https://nmap.org\fR\m[]
 címről\&. Ha a probléma továbbra is fennáll, nézzen utána, hogy felfedezték\-e már mások is\&. Keressen rá a Google\-ban a hibaüzenetre vagy böngéssze át az Nmap fejlesztői listát a
-\m[blue]\fB\%http://seclists.org/\fR\m[]
+\m[blue]\fB\%https://seclists.org/\fR\m[]
 címen\&. Olvassa végig ezt a leírást is\&. Ha nem talál semmit, küldjön egy hibajelentést az
 <dev@nmap\&.org>
 címre\&. Írjon le mindent, amit a hibával kapcsolatban tapasztalt\&. Adja meg pontosan a használt Nmap változatot és a futtató operációs rendszer változatát is\&. Az dev@nmap\&.org címre küldött hibajelzések és az Nmap használatával kapcsolatos kérdések valószínűleg gyorsabban megválaszolásra kerülnek, mintha azokat közvetlenül a program készítőjének (Fyodor) küldené\&.
@@ -1993,7 +1993,7 @@ címen\&. A hibajavítások elküldhetők az nmap\-dev listára (ez a javasolt),
 .PP
 Fyodor
 <fyodor@nmap\&.org>
-(\m[blue]\fB\%http://insecure.org\fR\m[])
+(\m[blue]\fB\%https://insecure.org\fR\m[])
 .PP
 Az évek során emberek százai járultak hozzá értékes munkájukkal az Nmap programhoz\&. Ezek részletezése megtalálható a
 CHANGELOG

docs/man-xlate/nmap-id.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Penulis" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 08/06/2021
+.\"      Date: 04/12/2024
 .\"    Manual: Panduan Referensi Nmap
 .\"    Source: Nmap
 .\"  Language: Indonesian
 .\"
-.TH "NMAP" "1" "08/06/2021" "Nmap" "Panduan Referensi Nmap"
+.TH "NMAP" "1" "04/12/2024" "Nmap" "Panduan Referensi Nmap"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -153,7 +153,7 @@ PORT SPECIFICATION AND SCAN ORDER:
   \-p <port ranges>: Only scan specified ports
     Ex: \-p22; \-p1\-65535; \-p U:53,111,137,T:21\-25,80,139,8080
   \-F: Fast mode \- Scan fewer ports than the default scan
-  \-r: Scan ports consecutively \- don\*(Aqt randomize
+  \-r: Scan ports sequentially \- don\*(Aqt randomize
   \-\-top\-ports <number>: Scan <number> most common ports
   \-\-port\-ratio <ratio>: Scan ports more common than <ratio>
 SERVICE/VERSION DETECTION:
@@ -1473,7 +1473,7 @@ diikuti oleh spasi dan kemudian daftar alamat IP yang dipisah\-spasi\&.
 .sp
 Jika anda ingin melihat opsi dalam paket yang dikirim dan diterima, berikan
 \fB\-\-packet\-trace\fR\&. Informasi dan contoh lebih lanjut tentang penggunaan opsi IP dengan Nmap, dapat dilihat di
-\m[blue]\fB\%http://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]\&.
+\m[blue]\fB\%https://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]\&.
 .RE
 .PP
 \fB\-\-ttl \fR\fB\fIvalue\fR\fR (Set IP time\-to\-live field)
@@ -2030,11 +2030,11 @@ Memeriksa 4096 IP untuk sembarang web server (tanpa mem\-ping mereka) dan menyim
 .PP
 Seperti penulisnya, Nmap tidaklah sempurna\&. Namun anda dapat membantu membuatnya lebih baik dengan mengirimkan laporan bug atau bahkan menulis patch\&. Jika Nmap tidak berlaku sesuai yang anda harapkan, pertama upgrade ke versi terakhir yang tersedia dari
 \m[blue]\fB\%https://nmap.org\fR\m[]\&. Jika masalah masih tetap, lakukan riset untuk menentukan apakah ia telah ditemukan dan diselesaikan\&. Cobalah mencari pesan kesalahan pada halaman pencarian kami
-\m[blue]\fB\%http://insecure.org/search.html\fR\m[]
+\m[blue]\fB\%https://insecure.org/search.html\fR\m[]
 atau di Google\&. Juga cobalah membrowsing arsip
 nmap\-dev
 di
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&.
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&.
 Bacalah juga halaman manual ini dengan baik\&. Jika masih belum selesai juga, kirimkan laporan bug ke
 <dev@nmap\&.org>\&. Mohon sertakan semua yang anda telah pelajari mengenai masalah, dan juga versi Nmap dan sistem operasi yang anda gunakan\&. Laporan kesalahan dan pertanyaan penggunaan Nmap yang dikirim ke
 <dev@nmap\&.org>
@@ -2049,7 +2049,7 @@ nmap\-dev
 .PP
 Fyodor
 <fyodor@nmap\&.org>
-(\m[blue]\fB\%http://insecure.org\fR\m[])
+(\m[blue]\fB\%https://insecure.org\fR\m[])
 .PP
 Selama ini, ratusan orang telah memberikan kontribusi berharga ke Nmap\&. Hal ini dirinci dalam file
 CHANGELOG

docs/man-xlate/nmap-it.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Autore" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2021
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 12/04/2024
+.\"    Manual: Guida di riferimento di Nmap
+.\"    Source: Nmap
 .\"  Language: Italian
 .\"
-.TH "NMAP" "1" "06/08/2021" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "12/04/2024" "Nmap" "Guida di riferimento di Nmap"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -151,7 +151,7 @@ PORT SPECIFICATION AND SCAN ORDER:
     Ex: \-p22; \-p1\-65535; \-p U:53,111,137,T:21\-25,80,139,8080,S:9
   \-\-exclude\-ports <port ranges>: Exclude the specified ports from scanning
   \-F: Fast mode \- Scan fewer ports than the default scan
-  \-r: Scan ports consecutively \- don\*(Aqt randomize
+  \-r: Scan ports sequentially \- don\*(Aqt randomize
   \-\-top\-ports <number>: Scan <number> most common ports
   \-\-port\-ratio <ratio>: Scan ports more common than <ratio>
 SERVICE/VERSION DETECTION:
@@ -2189,9 +2189,9 @@ Dato che questa guida di riferimento mostra nel dettaglio tutte le opzioni di Nm
 .PP
 Al pari del suo autore (e di questa traduzione, NdT), Nmap non è perfetto\&. Ma puoi fare qualcosa per aiutare a renderlo migliore mandando delle segnalazioni di bug o addirittura scrivendo delle patch\&. Se Nmap non si dovesse comportare come ti aspetteresti, prova prima l\*(Aqultima versione disponibile su
 \m[blue]\fB\%https://nmap.org/\fR\m[]\&. Se il problema persiste effettua qualche ricerca per determinare se il problema è stato già scoperto e segnalato\&. Prova a cercare sulla nostra pagina di ricerca
-\m[blue]\fB\%http://insecure.org/search.html\fR\m[]
+\m[blue]\fB\%https://insecure.org/search.html\fR\m[]
 o su Google il messaggio di errore o ancora a sfogliare l\*(Aqarchivio Nmap\-dev all\*(Aqindirizzo
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. Leggi inoltre tutta questa pagina di manuale\&. Se nulla di questo riguarda il tuo caso, manda un bug report a
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. Leggi inoltre tutta questa pagina di manuale\&. Se nulla di questo riguarda il tuo caso, manda un bug report a
 <dev@nmap\&.org>\&. Accertati di includere ogni cosa che sei riuscito a sapere sul problema, la versione di Nmap che hai installato e su quale sistema operativo la stai usando\&. Segnalazioni di problemi ed eventuali domande sull\*(Aquso di Nmap inviate a
 <dev@nmap\&.org>
 hanno più probabilità di avere risposta di quelle inviate a Fyodor direttamente\&. Se ti registri alla lista di nmap\-dev prima di inviare il messaggio, quest\*(Aqultimo non verrà moderato e quindi arriverà più velocemente\&. Iscriviti su

docs/man-xlate/nmap-ja.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2021
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 06/08/2025
+.\"    Manual: Nmap リファレンスガイド
+.\"    Source: Nmap
 .\"  Language: Japanese
 .\"
-.TH "NMAP" "1" "06/08/2021" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "06/08/2025" "Nmap" "Nmap リファレンスガイド"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -51,55 +51,49 @@ Nmapは、このポート一覧表以外にも、逆引きDNS名、OSの推測
 .RS 4
 .\}
 .nf
-# nmap \-A \-T4 scanme\&.nmap\&.org playground
+# \fBnmap \-A \-T4 scanme\&.nmap\&.org\fR
 
-Starting nmap ( https://nmap\&.org/ )
-Interesting ports on scanme\&.nmap\&.org (205\&.217\&.153\&.62):
-(The 1663 ports scanned but not shown below are in state: filtered)
-PORT    STATE  SERVICE VERSION
-22/tcp  open   ssh     OpenSSH 3\&.9p1 (protocol 1\&.99)
-53/tcp  open   domain
-70/tcp  closed gopher
-80/tcp  open   http    Apache httpd 2\&.0\&.52 ((Fedora))
-113/tcp closed auth
+Nmap scan report for scanme\&.nmap\&.org (74\&.207\&.244\&.221)
+Host is up (0\&.029s latency)\&.
+rDNS record for 74\&.207\&.244\&.221: li86\-221\&.members\&.linode\&.com
+Not shown: 995 closed ports
+PORT     STATE    SERVICE     VERSION
+22/tcp   open     ssh         OpenSSH 5\&.3p1 Debian 3ubuntu7 (protocol 2\&.0)
+| ssh\-hostkey: 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)
+|_2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)
+80/tcp   open     http        Apache httpd 2\&.2\&.14 ((Ubuntu))
+|_http\-title: Go ahead and ScanMe!
+646/tcp  filtered ldp
+1720/tcp filtered H\&.323/Q\&.931
+9929/tcp open     nping\-echo  Nping echo
 Device type: general purpose
-Running: Linux 2\&.4\&.X|2\&.5\&.X|2\&.6\&.X
-OS details: Linux 2\&.4\&.7 \- 2\&.6\&.11, Linux 2\&.6\&.0 \- 2\&.6\&.11
-Uptime 33\&.908 days (since Thu Jul 21 03:38:03 2005)
+Running: Linux 2\&.6\&.X
+OS CPE: cpe:/o:linux:linux_kernel:2\&.6\&.39
+OS details: Linux 2\&.6\&.39
+Network Distance: 11 hops
+Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
 
-Interesting ports on playground\&.nmap\&.org (192\&.168\&.0\&.40):
-(The 1659 ports scanned but not shown below are in state: closed)
-PORT     STATE SERVICE       VERSION
-135/tcp  open  msrpc         Microsoft Windows RPC
-139/tcp  open  netbios\-ssn
-389/tcp  open  ldap?
-445/tcp  open  microsoft\-ds  Microsoft Windows XP microsoft\-ds
-1002/tcp open  windows\-icfw?
-1025/tcp open  msrpc         Microsoft Windows RPC
-1720/tcp open  H\&.323/Q\&.931   CompTek AquaGateKeeper
-5800/tcp open  vnc\-http      RealVNC 4\&.0 (Resolution 400x250; VNC TCP port: 5900)
-5900/tcp open  vnc           VNC (protocol 3\&.8)
-MAC Address: 00:A0:CC:63:85:4B (Lite\-on Communications)
-Device type: general purpose
-Running: Microsoft Windows NT/2K/XP
-OS details: Microsoft Windows XP Pro RC1+ through final release
-Service Info: OSs: Windows, Windows XP
+TRACEROUTE (using port 53/tcp)
+HOP RTT      ADDRESS
+[Cut first 10 hops for brevity]
+11  17\&.65 ms li86\-221\&.members\&.linode\&.com (74\&.207\&.244\&.221)
 
-Nmap finished: 2 IP addresses (2 hosts up) scanned in 88\&.392 seconds
+Nmap done: 1 IP address (1 host up) scanned in 14\&.40 seconds
 .fi
 .if n \{\
 .RE
 .\}
 .PP
-Nmapの最新バージョンは、\m[blue]\fB\%https://nmap.org/\fR\m[]から入手できる。また、本マニュアルページの最新版は、\m[blue]\fB\%https://nmap.org/man/\fR\m[]で参照できる。
+Nmapの最新バージョンは、\m[blue]\fB\%https://nmap.org\fR\m[]から入手できる。また、本マニュアルページの最新版は、\m[blue]\fB\%https://nmap.org/book/man.html\fR\m[]で参照できる。
 .SH "オプション概要"
 .PP
 このオプション概要は、Nmapを引数なしで実行すると表示される。最新版は\m[blue]\fB\%https://nmap.org/data/nmap.usage.txt\fR\m[]で参照できる。これを見ると、比較的利用機会の多いオプションについての概要を確認できるが、本マニュアルの以下に掲載する詳細な解説に代わるものではない。使用頻度の低いオプションには、ここに含まれていないものもある。
-.PP
+.sp
 .if n \{\
 .RS 4
 .\}
 .nf
+Nmap 7\&.98 ( https://nmap\&.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc\&.
@@ -110,78 +104,114 @@ TARGET SPECIFICATION:
   \-\-excludefile <exclude_file>: Exclude list from file
 HOST DISCOVERY:
   \-sL: List Scan \- simply list targets to scan
-  \-sP: Ping Scan \- go no further than determining if host is online
-  \-P0: Treat all hosts as online \-\- skip host discovery
-  \-PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
+  \-sn: Ping Scan \- disable port scan
+  \-Pn: Treat all hosts as online \-\- skip host discovery
+  \-PS/PA/PU/PY[portlist]: TCP SYN, TCP ACK, UDP or SCTP discovery to given ports
   \-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
+  \-PO[protocol list]: IP Protocol Ping
   \-n/\-R: Never do DNS resolution/Always resolve [default: sometimes]
+  \-\-dns\-servers <serv1[,serv2],\&.\&.\&.>: Specify custom DNS servers
+  \-\-system\-dns: Use OS\*(Aqs DNS resolver
+  \-\-traceroute: Trace hop path to each host
 SCAN TECHNIQUES:
   \-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
+  \-sU: UDP Scan
   \-sN/sF/sX: TCP Null, FIN, and Xmas scans
   \-\-scanflags <flags>: Customize TCP scan flags
-  \-sI <zombie host[:probeport]>: Idlescan
+  \-sI <zombie host[:probeport]>: Idle scan
+  \-sY/sZ: SCTP INIT/COOKIE\-ECHO scans
   \-sO: IP protocol scan
-  \-b <ftp relay host>: FTP bounce scan
+  \-b <FTP relay host>: FTP bounce scan
 PORT SPECIFICATION AND SCAN ORDER:
   \-p <port ranges>: Only scan specified ports
-    Ex: \-p22; \-p1\-65535; \-p U:53,111,137,T:21\-25,80,139,8080
-  \-F: Fast \- Scan only the ports listed in the nmap\-services file)
-  \-r: Scan ports consecutively \- don\*(Aqt randomize
+    Ex: \-p22; \-p1\-65535; \-p U:53,111,137,T:21\-25,80,139,8080,S:9
+  \-\-exclude\-ports <port ranges>: Exclude the specified ports from scanning
+  \-F: Fast mode \- Scan fewer ports than the default scan
+  \-r: Scan ports sequentially \- don\*(Aqt randomize
+  \-\-top\-ports <number>: Scan <number> most common ports
+  \-\-port\-ratio <ratio>: Scan ports more common than <ratio>
 SERVICE/VERSION DETECTION:
   \-sV: Probe open ports to determine service/version info
-  \-\-version\-light: Limit to most likely probes for faster identification
-  \-\-version\-all: Try every single probe for version detection
+  \-\-version\-intensity <level>: Set from 0 (light) to 9 (try all probes)
+  \-\-version\-light: Limit to most likely probes (intensity 2)
+  \-\-version\-all: Try every single probe (intensity 9)
   \-\-version\-trace: Show detailed version scan activity (for debugging)
+SCRIPT SCAN:
+  \-sC: equivalent to \-\-script=default
+  \-\-script=<Lua scripts>: <Lua scripts> is a comma separated list of
+           directories, script\-files or script\-categories
+  \-\-script\-args=<n1=v1,[n2=v2,\&.\&.\&.]>: provide arguments to scripts
+  \-\-script\-args\-file=filename: provide NSE script args in a file
+  \-\-script\-trace: Show all data sent and received
+  \-\-script\-updatedb: Update the script database\&.
+  \-\-script\-help=<Lua scripts>: Show help about scripts\&.
+           <Lua scripts> is a comma\-separated list of script\-files or
+           script\-categories\&.
 OS DETECTION:
   \-O: Enable OS detection
   \-\-osscan\-limit: Limit OS detection to promising targets
   \-\-osscan\-guess: Guess OS more aggressively
 TIMING AND PERFORMANCE:
-  \-T[0\-6]: Set timing template (higher is faster)
+  Options which take <time> are in seconds, or append \*(Aqms\*(Aq (milliseconds),
+  \*(Aqs\*(Aq (seconds), \*(Aqm\*(Aq (minutes), or \*(Aqh\*(Aq (hours) to the value (e\&.g\&. 30m)\&.
+  \-T<0\-5>: Set timing template (higher is faster)
   \-\-min\-hostgroup/max\-hostgroup <size>: Parallel host scan group sizes
   \-\-min\-parallelism/max\-parallelism <numprobes>: Probe parallelization
-  \-\-min\-rtt\-timeout/max\-rtt\-timeout/initial\-rtt\-timeout <msec>: Specifies
+  \-\-min\-rtt\-timeout/max\-rtt\-timeout/initial\-rtt\-timeout <time>: Specifies
       probe round trip time\&.
-  \-\-host\-timeout <msec>: Give up on target after this long
-  \-\-scan\-delay/\-\-max\-scan\-delay <msec>: Adjust delay between probes
+  \-\-max\-retries <tries>: Caps number of port scan probe retransmissions\&.
+  \-\-host\-timeout <time>: Give up on target after this long
+  \-\-scan\-delay/\-\-max\-scan\-delay <time>: Adjust delay between probes
+  \-\-min\-rate <number>: Send packets no slower than <number> per second
+  \-\-max\-rate <number>: Send packets no faster than <number> per second
 FIREWALL/IDS EVASION AND SPOOFING:
   \-f; \-\-mtu <val>: fragment packets (optionally w/given MTU)
   \-D <decoy1,decoy2[,ME],\&.\&.\&.>: Cloak a scan with decoys
   \-S <IP_Address>: Spoof source address
   \-e <iface>: Use specified interface
   \-g/\-\-source\-port <portnum>: Use given port number
+  \-\-proxies <url1,[url2],\&.\&.\&.>: Relay connections through HTTP/SOCKS4 proxies
+  \-\-data <hex string>: Append a custom payload to sent packets
+  \-\-data\-string <string>: Append a custom ASCII string to sent packets
   \-\-data\-length <num>: Append random data to sent packets
+  \-\-ip\-options <options>: Send packets with specified ip options
   \-\-ttl <val>: Set IP time\-to\-live field
   \-\-spoof\-mac <mac address/prefix/vendor name>: Spoof your MAC address
+  \-\-badsum: Send packets with a bogus TCP/UDP/SCTP checksum
 OUTPUT:
   \-oN/\-oX/\-oS/\-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
      and Grepable format, respectively, to the given filename\&.
   \-oA <basename>: Output in the three major formats at once
-  \-v: Increase verbosity level (use twice for more effect)
-  \-d[level]: Set or increase debugging level (Up to 9 is meaningful)
+  \-v: Increase verbosity level (use \-vv or more for greater effect)
+  \-d: Increase debugging level (use \-dd or more for greater effect)
+  \-\-reason: Display the reason a port is in a particular state
+  \-\-open: Only show open (or possibly open) ports
   \-\-packet\-trace: Show all packets sent and received
   \-\-iflist: Print host interfaces and routes (for debugging)
   \-\-append\-output: Append to rather than clobber specified output files
   \-\-resume <filename>: Resume an aborted scan
+  \-\-noninteractive: Disable runtime interactions via keyboard
   \-\-stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
+  \-\-webxml: Reference stylesheet from Nmap\&.Org for more portable XML
   \-\-no\-stylesheet: Prevent associating of XSL stylesheet w/XML output
 MISC:
   \-6: Enable IPv6 scanning
-  \-A: Enables OS detection and Version detection
+  \-A: Enable OS detection, version detection, script scanning, and traceroute
   \-\-datadir <dirname>: Specify custom Nmap data file location
   \-\-send\-eth/\-\-send\-ip: Send using raw ethernet frames or IP packets
   \-\-privileged: Assume that the user is fully privileged
+  \-\-unprivileged: Assume the user lacks raw socket privileges
   \-V: Print version number
   \-h: Print this help summary page\&.
 EXAMPLES:
   nmap \-v \-A scanme\&.nmap\&.org
-  nmap \-v \-sP 192\&.168\&.0\&.0/16 10\&.0\&.0\&.0/8
-  nmap \-v \-iR 10000 \-P0 \-p 80
+  nmap \-v \-sn 192\&.168\&.0\&.0/16 10\&.0\&.0\&.0/8
+  nmap \-v \-iR 10000 \-Pn \-p 80
+SEE THE MAN PAGE (https://nmap\&.org/book/man\&.html) FOR MORE OPTIONS AND EXAMPLES
 .fi
 .if n \{\
 .RE
 .\}
-.sp
 .SH "ターゲットの指定"
 .PP
 Nmapのコマンドラインで、オプション(もしくはオプションの引数)でないものはすべて、ターゲットホストの指定として扱われる。最も簡単な例は、スキャンを行うターゲットのIPアドレスやホスト名の指定である。
@@ -198,22 +228,22 @@ Nmapはコマンドラインでの複数のホスト指定方法に対応して
 .PP
 ターゲットは通常、コマンドライン上で指定されるが、以下のオプションもまた、ターゲットの選択を制御するために利用できる。
 .PP
-\fB\-iL <inputfilename>\fR (リストから入力)
+\fB\-iL \fR\fB\fIinputfilename\fR\fR (リストから入力)
 .RS 4
 \fI入力ファイル名\fRから、ターゲットの指定を読み込む。コマンドラインで非常に巨大なホストリストを渡すのは不適切である場合が多いが、それが望まれるのもよくあるケースである。例えば、スキャンの対象にしたいと考えている目下の割り当てアドレスの10000個のリストが、DHCPサーバからエクスポートされる可能性もある。あるいは、不正な固定IPアドレスを使用しているホストの位置を示すアドレスを\fI除いた\fRすべてのIPアドレスをスキャンしたいと思う場合もあるかもしれない。とにかく、スキャンするべきホストのリストを作成し、そのファイル名を\fB\-iL\fRオプションの引数としてNmapに渡せばよい。入力の形式は、Nmapがコマンドラインで対応しているもの(IPアドレス、ホスト名、CIDR、IPv6、オクテット範囲)なら何でもよいが、各入力は、1つ以上のスペース、タブ、改行文字で区切る必要がある。実際のファイルではなくて標準入力から、Nmapにホストを読み込ませたい場合は、ファイル名としてハイフン(\-)を指定するとよい。
 .RE
 .PP
-\fB\-iR <num hosts>\fR (ターゲットを無作為に選ぶ)
+\fB\-iR \fR\fB\fInum hosts\fR\fR (ターゲットを無作為に選ぶ)
 .RS 4
 インターネット全域に対する調査や研究を行う場合、ターゲットを無作為に選びたい場合もあるだろう。\fIホスト数\fRの引数は、IPをいくつ生成するべきかをNmapに伝える。プライベート、マルチキャスト、未割り当てなどのアドレス範囲のような望ましくないIPは、自動的に飛ばして進むようになっている。引数に0(ゼロ)を指定すると、スキャンが無限に続けられる。ただし、ネットワーク管理者のなかには、自身の管理するネットワークを不正にスキャンされたことに腹を立ててクレームをつける場合もあることに注意しておこう。このオプションは、自己責任で使用すること！　雨の日の午後、退屈しのぎに拾い見るためのWebサーバを無作為に見つけたい場合は、\fBnmap \-sS \-PS80 \-iR 0 \-p 80\fRというコマンドを試してみるとよい。
 .RE
 .PP
-\fB\-\-exclude <host1[,host2][,host3],\&.\&.\&.>\fR (ホスト/ネットワークを除外する)
+\fB\-\-exclude \fR\fB\fIhost1\fR\fR\fB[,\fIhost2\fR[,\&.\&.\&.]]\fR (ホスト/ネットワークを除外する)
 .RS 4
 ターゲットのコンマ区切りリストを指定し、それらが指定した全ネットワーク範囲の一部であっても、スキャン対象から除外されるようにする。引数として渡すリストでは通常のNmap構文が用いられるので、ホスト名、CIDR表記のネットブロック、オクテット範囲などを含めることもできる。このオプションが役に立つのは、スキャンしたいネットワークに、ポートスキャンによって悪影響が及ぶことがわかっている、触れてはならないミッションクリティカルなサーバやシステムや、他人が管理しているサブネットワークが含まれる場合である。
 .RE
 .PP
-\fB\-\-excludefile <exclude_file>\fR (ファイルからリストを除外する)
+\fB\-\-excludefile \fR\fB\fIexclude_file\fR\fR (ファイルからリストを除外する)
 .RS 4
 \fB\-\-exclude\fRオプションとほぼ同じ機能を提供するが、異なる点は、除外されるターゲットが、コマンドラインではなく、改行文字、スペース、タブなどで区切った\fI除外ファイル\fRで渡されることである。
 .RE
@@ -221,7 +251,7 @@ Nmapはコマンドラインでの複数のホスト指定方法に対応して
 .PP
 ネットワーク偵察ミッションの第一段階に行うべきことの1つは、一連の(非常に広範な場合もある)IP範囲を限定して、アクティブな状態であるか、関心のあるホストのリストを作成することである。各IPアドレスのポートを1つ1つスキャンするのは、時間はかかるもののなかなか進まない、通常は無駄な作業である。もちろん、あるホストに興味を引かれる要因は、スキャンの目的に大きく左右される。ネットワーク管理者なら、特定のサービスを実行しているホストにしか興味を示さないかもしれないし、セキュリティ監査人なら、IPアドレスを持つデバイス1つ1つに関心を引かれる場合もあるだろう。内部ネットワーク管理者なら、自分が管理するネットワーク上のホストの位置を確認するためにICMP pingを使えるだけで満足かもしれないし、外部のペネトレーションテストの実施担当者なら、ファイアウォールの制限をすり抜けようとして、多種多様な調査手法を使う場合もあるだろう。
 .PP
-このように、ホスト発見のニーズは多岐にわたるので、Nmapには、使用する技法をカスタマイズするための幅広い種類のオプションが備わっている。ホスト探索はpingスキャンと呼ばれることもあるが、一般的なpingツールによる単純なICMPエコー要求パケットよりもはるかに優れている。ユーザは、リストスキャン(\fB\-sL\fR)を用いるか、pingを無効にして(\fB\-P0\fR)、このping段階を完全に省略するか、もしくはネットワークに対してマルチポートのTCP SYN/ACK、UDP、ICMPなどのプローブを任意に組み合わせて行うことができる。これらのプローブの目的は、IPアドレスが実際にアクティブな状態(ホストやネットワークデバイスによって使用中)であることを示す応答を誘い出すことである。多くのネットワークでは、いつでもアクティブなIPアドレスは全体のほんのわずかしかない。RFC1918で定められたプライベートアドレス空間(例：10\&.0\&.0\&.0/8)では特にそうなっている。このネットワークには、1600万個のIPアドレスがあるが、これが1000台足らずのマシンしかない企業で使われているのを見たことがある。ホスト発見を実行すると、こうした広大なIPアドレスの海の中から、まばらにIPアドレスを割り振られたマシンを探し出すことができる。
+このように、ホスト発見のニーズは多岐にわたるので、Nmapには、使用する技法をカスタマイズするための幅広い種類のオプションが備わっている。ホスト探索はpingスキャンと呼ばれることもあるが、一般的なpingツールによる単純なICMPエコー要求パケットよりもはるかに優れている。ユーザは、リストスキャン(\fB\-sL\fR)を用いるか、pingを無効にして(\fB\-Pn\fR)、このping段階を完全に省略するか、もしくはネットワークに対してマルチポートのTCP SYN/ACK、UDP、ICMPなどのプローブを任意に組み合わせて行うことができる。これらのプローブの目的は、IPアドレスが実際にアクティブな状態(ホストやネットワークデバイスによって使用中)であることを示す応答を誘い出すことである。多くのネットワークでは、いつでもアクティブなIPアドレスは全体のほんのわずかしかない。RFC1918で定められたプライベートアドレス空間(例：10\&.0\&.0\&.0/8)では特にそうなっている。このネットワークには、1600万個のIPアドレスがあるが、これが1000台足らずのマシンしかない企業で使われているのを見たことがある。ホスト発見を実行すると、こうした広大なIPアドレスの海の中から、まばらにIPアドレスを割り振られたマシンを探し出すことができる。
 .PP
 　ホスト発見のオプションが何も指定されない場合、Nmapはポート80宛てのTCP ACKパケットと、ICMPエコー要求クエリを各ターゲットマシンに送信する。この例外は、ローカル イーサネット ネットワーク上にあるターゲットに対して、ARPスキャンが用いられている場合である。高い権限のないUNIXシェルユーザでは、\fBconnect()\fRシステムコールを使って、ACKの代わりにSYNパケットが送られる。これらのデフォルトは、\fB\-PA \-PE\fR
 オプションに相当する。このホスト発見機能は、ローカルネットワークをスキャンする場合は十分だが、より包括的な一連の発見調査は、セキュリティ監査に任せた方がよい。
@@ -234,24 +264,24 @@ Nmapはコマンドラインでの複数のホスト指定方法に対応して
 .RS 4
 ホスト発見の縮小版で、単に指定されたネットワークの全ホストを一覧するだけであり、ターゲットホストには何もパケットを送らない。デフォルトでは、Nmapはホスト名を知るために、ホスト上でDNSの逆引き解決も行う。単なるホスト名とはいえ、意外なほど有用な情報をもたらしてくれることも多い。例えばfw\&.chi\&.playboy\&.comは、プレイボーイ社(Playboy Enterprises)のシカゴ(Chicago)支社のファイアウォールである。また最終的には、IPアドレスの総数についての報告もある。リストスキャンは、自分のターゲットに対して正しいIPアドレスが得られていることを確認するための有効な健全性検査になる。ターゲットのホストが見覚えのないドメイン名を示している場合は、間違って別の会社のネットワークをスキャンしてしまわないように、さらに詳しく調査するだけの価値はある。
 .sp
-リストスキャンの狙いは、単にターゲットホストのリストを出力するだけなので、ポートスキャン、OS検出、pingスキャンなどのより高度なレベルの機能を実現するためのオプションは、これと組み合わせることはできない。これらのハイレベルの機能を実行する際に、pingスキャンを無効にしたい場合は、\fB\-P0\fRオプションの項を参照のこと。
+リストスキャンの狙いは、単にターゲットホストのリストを出力するだけなので、ポートスキャン、OS検出、pingスキャンなどのより高度なレベルの機能を実現するためのオプションは、これと組み合わせることはできない。これらのハイレベルの機能を実行する際に、pingスキャンを無効にしたい場合は、\fB\-Pn\fRオプションの項を参照のこと。
 .RE
 .PP
-\fB\-sP\fR (Ping スキャン)
+\fB\-sn\fR (Ping スキャン)
 .RS 4
 このオプションを使うと、Nmapはpingスキャン(ホスト発見)\fIのみ\fRを実行し、応答した利用可能なホストの一覧を出力する。それ以上の調査(ポートスキャンやOS検出など)は行わない。リストスキャンよりも一歩立ち入った調査になるが、同じ目的で使用される場合が多い。ターゲットネットワークの予備調査を、あまり注意を引かずに軽く実行できる。攻撃者にとっては、IPおよびホスト名を1つ1つリストスキャンして得られるリストよりも、アクティブなホストがいくつあるかを知ることのほうが価値がある。
 .sp
 またこのオプションは、システム管理者の役に立つ場合も多く、ネットワーク上の利用可能なマシンの数を数えたり、サーバの可用性を監視したりするために容易に利用できる。pingスウィープと呼ばれることも多く、ブロードキャストのクエリには応答しないホストが多いために、ブロードキャストアドレスにpingを打つよりも信頼性が高い。
 .sp
-\fB\-sP\fRオプションはデフォルトで、ICMPエコー要求と80番ポート宛てのTCPパケットを送信する。高い権限がないユーザが実行する場合は、SYNパケットが(\fBconnect()\fRコールを使って)ターゲットの80番ポートに送られる。高い権限を持つユーザが、ローカル イーサネット ネットワーク上のターゲットのスキャンを試みる場合は、\fB\-\-send\-ip\fRが指定されていない限り、ARP要求(\fB\-PR\fR)が用いられる。\fB\-sP\fRオプションを、発見プローブタイプ(\fB\-P0\fRを除く\fB\-P*\fRタイプ)のオプションと組み合わせると、さらに柔軟に対応できる。このプローブタイプのどれかとポート番号のオプションを使うと、デフォルトのプローブ(ACKやエコー要求)よりも優先される。Nmapを実行している発信元ホストとターゲットネットワークの間に、制限の厳しいファイアウォールが設置してある場合は、これらの高度なテクニックを用いるべきである。さもないと、ファイアウォールでプローブパケットやホストの応答パケットが破棄された場合に、ホストを検出し損ねる可能性がある。
+\fB\-sn\fRオプションはデフォルトで、ICMPエコー要求と80番ポート宛てのTCPパケットを送信する。高い権限がないユーザが実行する場合は、SYNパケットが(\fBconnect()\fRコールを使って)ターゲットの80番ポートに送られる。高い権限を持つユーザが、ローカル イーサネット ネットワーク上のターゲットのスキャンを試みる場合は、\fB\-\-send\-ip\fRが指定されていない限り、ARP要求(\fB\-PR\fR)が用いられる。\fB\-sn\fRオプションを、発見プローブタイプ(\fB\-Pn\fRを除く\fB\-P*\fRタイプ)のオプションと組み合わせると、さらに柔軟に対応できる。このプローブタイプのどれかとポート番号のオプションを使うと、デフォルトのプローブ(ACKやエコー要求)よりも優先される。Nmapを実行している発信元ホストとターゲットネットワークの間に、制限の厳しいファイアウォールが設置してある場合は、これらの高度なテクニックを用いるべきである。さもないと、ファイアウォールでプローブパケットやホストの応答パケットが破棄された場合に、ホストを検出し損ねる可能性がある。
 .RE
 .PP
-\fB\-P0\fR (ping なし)
+\fB\-Pn\fR (ping なし)
 .RS 4
-このオプションを指定すると、Nmapが実行するホスト発見の段階が完全に省略される。Nmapは通常この検出段階で、さらに立ち入ったスキャンを行うためのアクティブなマシンを割り出す。Nmapはデフォルトでは、ポートスキャン、バージョン検出、OS検出などの立ち入ったプローブは、作動していることが判明したホストに対してしか実行しないようになっている。\fB\-P0\fRを使ってホスト発見を無効にすると、Nmapはターゲットに指定されたIPアドレス\fIすべて\fRに対して、要求されたスキャン機能を実行しようとする。つまり、クラスBのサイズのアドレス空間(/16)を、コマンドラインでターゲットに指定した場合、65,536個のIPアドレスすべてがスキャンされる。\fB\-P0\fRの2番目の文字は数字のゼロであり、英字のオーではない。リストスキャンの場合と同様に、本来行うべきホスト発見の段階は省略されるが、Nmapはそこで停止してターゲットのリストを出力するのではなくて、各ターゲットIPがアクティブであるかのように、要求された機能を実行し続ける。
+このオプションを指定すると、Nmapが実行するホスト発見の段階が完全に省略される。Nmapは通常この検出段階で、さらに立ち入ったスキャンを行うためのアクティブなマシンを割り出す。Nmapはデフォルトでは、ポートスキャン、バージョン検出、OS検出などの立ち入ったプローブは、作動していることが判明したホストに対してしか実行しないようになっている。\fB\-Pn\fRを使ってホスト発見を無効にすると、Nmapはターゲットに指定されたIPアドレス\fIすべて\fRに対して、要求されたスキャン機能を実行しようとする。つまり、クラスBのサイズのアドレス空間(/16)を、コマンドラインでターゲットに指定した場合、65,536個のIPアドレスすべてがスキャンされる。\fB\-Pn\fRの2番目の文字は数字のゼロであり、英字のオーではない。リストスキャンの場合と同様に、本来行うべきホスト発見の段階は省略されるが、Nmapはそこで停止してターゲットのリストを出力するのではなくて、各ターゲットIPがアクティブであるかのように、要求された機能を実行し続ける。
 .RE
 .PP
-\fB\-PS [portlist]\fR (TCP SYN Ping)
+\fB\-PS \fR\fB\fIportlist\fR\fR (TCP SYN Ping)
 .RS 4
 このオプションによって、SYNフラグ付きの空のTCPパケットが送信される。デフォルトの送信先ポートは80番(この設定は、nmap\&.hのDEFAULT_TCP_PROBE_PORTを書き換えてコンパイルすると変更できる)だが、代わりのポートをパラメタとして指定できる。また、コンマ区切りのポート番号リスト(例：\fB\-PS22,23,25,80,113,1050,35000\fR)を指定することも可能である。この場合、各ポートに対するプローブは同時並行で試みられる。
 .sp
@@ -262,7 +292,7 @@ Nmapでは、対象のポートが開いているか閉じているかは問題
 UNIXマシンでは通常、生のTCPパケットを送受信できるのはroot権限を持つユーザに限られる。こうした権限のないユーザの場合は、次善策が自動的に採用され、各ターゲットポートに対してconnect()システムコールが起動される。これにより、SYNパケットをターゲットホストに送信し、コネクションの確立を試みる。connect()の戻り値としてすみやかに成功か失敗(ECONNREFUSED)が得られた場合、下位のTCPスタックではSYN/ACKかRSTパケットを受信したことになり、ターゲットホストはアクセス可能と見なされる。このコネクションの試みが未確立のままでタイムアウトに達した場合は、ホストはダウンしていると見なされる。Nmapは生のIPv6パケットの生成にはまだ対応していないので、この次善策はIPv6による接続にも用いられる。
 .RE
 .PP
-\fB\-PA [portlist]\fR (TCP ACK Ping)
+\fB\-PA \fR\fB\fIportlist\fR\fR (TCP ACK Ping)
 .RS 4
 TCP ACK pingは、すぐ上で述べたSYN pingのケースに酷似している。異なる点は、想像される通り、SYNフラグの代わりにTCP ACKフラグが付けられることである。こうしたACKパケットは、確立されたTCPコネクション上のデータを承認していると称しているが、そのようなコネクションは存在しないのである。そのため、リモートホストは常にRSTパケットで応答しなければならなくなり、この過程で自らの存在を明らかにすることになる。
 .sp
@@ -275,7 +305,7 @@ SYNおよびACKの両方の pingが使えるようになっている理由は、
 \fB\-PA\fRを指定して、SYN および ACKの両方のプローブを送ることである。
 .RE
 .PP
-\fB\-PU [portlist]\fR (UDP Ping)
+\fB\-PU \fR\fB\fIportlist\fR\fR (UDP Ping)
 .RS 4
 これもホスト発見用オプションで、空の(\fB\-\-data\-length\fRが指定されている場合を除き)UDPパケットを特定のポートに送信する。ポートリストは、上で述べた\fB\-PS\fR
 や
@@ -444,7 +474,7 @@ Maimonスキャンは、発見者であるUriel Maimon氏の名前にちなん
 \fB\-sF\fRなど)も指定できる。この基本タイプによって、応答を解釈する方法をNmapに伝える。例えば、SYNスキャンであれば、応答なしはfilteredポートであることと見なし、FINスキャンであれば、同じ応答なしをopen|filteredと解釈するわけだ。Nmapは、この基本のスキャンタイプと同じ動作をするが、異なる点は、ユーザが指定するTCPフラグを代わりに使うことである。基本のスキャンタイプが指定されない場合は、SYNスキャンが使用される。
 .RE
 .PP
-\fB\-sI <zombie host[:probeport]>\fR (Idle スキャン)
+\fB\-sI \fR\fB\fIzombie host\fR\fR\fB[:\fIprobeport\fR]\fR (Idle スキャン)
 .RS 4
 この高度なスキャン手法を使用すると、対象ホストに対して完全に匿名でTCPポートスキャンを実行できる(スキャンする側の実IPアドレスからは、対象ホストにパケットが送信されない)。それだけではなく、ゾンビホスト上で連続的に生成されるIPフラグメントID(識別子)が予測可能であることを巧妙に利用した独自のサイドチャネル攻撃を実行して、対象ホスト上のopenポートに関する情報を収集することもできる。IDSシステムでは、このスキャンはこちらで指定したゾンビマシン(稼動中でかつ特定の条件を満たす必要がある)から行われているものとして表示される。この非常に興味深いスキャンタイプは複雑すぎて本稿ではとても全容を説明しきれないので、完全な詳細を掲載した非公式の論文を以下に投稿しておくことにする：\m[blue]\fB\%https://nmap.org/book/idlescan.html\fR\m[]
 .sp
@@ -462,7 +492,7 @@ IPプロトコルスキャンを使うと、ターゲットマシン上でどの
 プロトコルスキャンは、UDPスキャンと同様の仕組みで機能する。すなわち、UDPパケットのポート番号フィールドをすべて繰り返し試行する代わりに、IPパケットヘッダを送信して、8bitのIPプロトコル番号フィールドをすべて繰り返し試行する。このヘッダは通常は空で、何のデータも、求められるプロトコルに適したヘッダすら含まれていない。これには例外が3つあり、TCP、UDP、ICMPである。これらのプロトコルについては、適切なプロトコルヘッダが含まれる。そうしないとヘッダを送信しないシステムがあるからで、Nmapはすでにこれらを作成する機能を備えている。プロトコルスキャンは、ICMPポート到達不能メッセージではなくて、ICMP\fIprotocol\fR到達不能メッセージが返されるのを待つ。Nmapはターゲットホストから何らかの応答を何らかのプロトコルで受信した場合、そのプロトコルをopenとして分類する。ICMPプロトコル到達不能エラー(タイプ 3、 コード 2)が返されたら、プロトコルはclosedと分類される。その他のICMP到達不能エラー(タイプ 3、 コード 1、3、9、10、13)が返されたら、プロトコルはfilteredとマークされる(またこれにより、ICMPがopenであることも同時に明らかになる)。数回再送しても何の応答もない場合、プロトコルはopen|filteredとして分類される。
 .RE
 .PP
-\fB\-b <ftp relay host>\fR (FTP バウンス スキャン)
+\fB\-b \fR\fB\fIftp relay host\fR\fR (FTP バウンス スキャン)
 .RS 4
 FTPプロトコル(\m[blue]\fBRFC 959\fR\m[]\&\s-2\u[5]\d\s+2)の興味深い特徴の1つは、いわゆるプロキシFTP接続に対応していることである。これにより、ユーザは一台のFTPサーバに接続し、そのファイルを第三者サーバに送るように要求できる。これは、様々なレベルの悪用にうってつけの機能なので、たいていのサーバでは、サポートするのを止めている。例えば、この機能を悪用して、FTPサーバに他のホストをポートスキャンさせることも可能である。単に、ターゲットホストの興味あるポートに順にファイルを送信するよう、そのFTPサーバに要求するだけでよい。エラーメッセージには、ポートが開いているか否かが記述される。これは、ファイアウォールをすり抜けるための有効な手段になる。組織のFTPサーバは、どんなインターネットホストよりも、他の内部ホストにアクセスしやすい場所に設置されている場合が多いからだ。Nmapは、\fB\-b\fRオプションでftpバウンススキャンを実行できる。引数は\fIusername\fR:\fIpassword\fR@\fIserver\fR:\fIport\fRのような形式になる。\fIServer\fRは、この脆弱性の影響を受けるFTPサーバの名前かIPアドレスを指定する。通常のURLの場合と同様に、匿名ログインの認証情報(user:
 anonymous
@@ -474,7 +504,7 @@ password:\-wwwuser@)が使われる場合は、\fIusername\fR:\fIpassword\fRの
 .PP
 Nmapには、これまでに述べたすべてのスキャン手法に加えて、どのポートをスキャンするかや、スキャンの順序をランダムにするか順序通りにするかなどを指定するためのオプションが用意されている。デフォルトでは、Nmapは、1024番(を含む)までの全ポートと、1025番以降のポートはスキャン対象のプロトコルに応じてnmap\-servicesファイルに記載されたポートをスキャンする。
 .PP
-\fB\-p <port ranges>\fR (指定されたポートのみスキャン)
+\fB\-p \fR\fB\fIport ranges\fR\fR (指定されたポートのみスキャン)
 .RS 4
 このオプションで、スキャンしたいポートを指定できる。この指定は、デフォルトより優先される。ポート番号は個別に指定しても、ハイフン区切りの範囲(例：1\-1023)で指定してもよい。範囲の先頭や終端の値は省略できる場合があり、この場合は範囲の先頭に1、終端に65535がそれぞれ使われる。したがって、\fB\-p\-\fRと指定すると、1番から65535番までのポートをスキャンできる。ゼロ番ポートのスキャンは、明示的に指定することで実行できる。IPプロトコルスキャン(\fB\-sO\fR)を行うには、このオプションでスキャンしたいプロトコル番号を指定する(0\-255)。
 .sp
@@ -513,7 +543,7 @@ Nmapがサービスからの応答を受信しても、データベースに一
 デフォルトでは、Nmapのバージョン検出は、TCPポート9100番をスキップするようになっている。一部のプリンタはこのポートに送られたものは何でも出力するので、HTTP GETリクエストやバイナリ形式のSSLセッションリクエストなどのページが何十枚も印刷されることになるからだ。この動作を変更するには、nmap\-service\-probesの当該の「除外」(Exclude)ディレクティブを変更あるいは削除するか、もしくは\fB\-\-allports\fRを指定すると、Excludeディレクティブに関係なくすべてのポートがスキャンされるようにできる。
 .RE
 .PP
-\fB\-\-version\-intensity <intensity>\fR (バージョンスキャンの強度を設定)
+\fB\-\-version\-intensity \fR\fB\fIintensity\fR\fR (バージョンスキャンの強度を設定)
 .RS 4
 Nmapは、バージョンスキャン(\fB\-sV\fR)を実行する際に、1から9までの「希少」(rarity)値が割り振られた一連のプローブを送信する。この希少値が小さいプローブほど、よく用いられる各種サービスに対して有効であり、この希少値が大きいプローブほど、用途が限られることになる。強度レベルは、どのプローブを適用するべきかを指定するオプションである。この数字が大きいほど、サービスが正しく特定される確率は高くなる。だが、強度が高いスキャンは、それだけ時間がかかる。強度は0から9の間で指定する必要があり、デフォルトは7である。nmap\-service\-probesのportsディレクティブによって、ターゲットポートにプローブを登録すると、このプローブは強度レベルに関係なく試行される。これにより、DNSプローブは常に開ポート53番に対して試行され、SSLプローブはポート443番に対して実行されるようにすることなどができる。
 .RE
@@ -557,7 +587,7 @@ OS検出は、以下のオプションで実行および制御できる：
 .PP
 \fB\-\-osscan\-limit\fR (OS検出を有望なターゲットに絞る)
 .RS 4
-少なくとも1つのopenおよびclosedのTCPポートが見つかれば、OS検出の効率はかなり上がる。このオプションを設定すると、Nmapは上の基準に満たないホストにはOS検出を試行しないようになる。これにより、かなりの時間が節約できる。多くのホストに対して\fB\-P0\fRスキャンを行う場合は特にそうである。\fB\-O\fR
+少なくとも1つのopenおよびclosedのTCPポートが見つかれば、OS検出の効率はかなり上がる。このオプションを設定すると、Nmapは上の基準に満たないホストにはOS検出を試行しないようになる。これにより、かなりの時間が節約できる。多くのホストに対して\fB\-Pn\fRスキャンを行う場合は特にそうである。\fB\-O\fR
 あるいは
 \fB\-A\fRで、OS検出の実行をいつ要求するかだけが重要になる。
 .RE
@@ -572,7 +602,7 @@ Nmapの開発を行ううえで、常に優先事項の1つとして念頭に置
 .PP
 スキャン時間を改善するテクニックとしては、重要でないテストの省略や、Nmapを最新版にアップグレードする(パフォーマンスの強化は頻繁に行われている)などが挙げられる。タイミング(時間調節)パラメタを最適化すると、かなりの違いが生じる場合もある。この種のオプションを、以下に列挙する。
 .PP
-\fB\-\-min\-hostgroup <size>\fR; \fB\-\-max\-hostgroup <size>\fR (並列スキャンのグループサイズを調節する)
+\fB\-\-min\-hostgroup \fR\fB\fIsize\fR\fR; \fB\-\-max\-hostgroup \fR\fB\fIsize\fR\fR (並列スキャンのグループサイズを調節する)
 .RS 4
 Nmapには、複数のホストを並行してポートスキャンやバージョンスキャンする能力がある。これは、ターゲットのIP空間をいくつかのグループに分割し、一度に1グループずつスキャンすることで行われる。一般に、グループの規模を大きくするほど、効率がよくなる。デメリットは、グループ全体のスキャンが終了してからでないと、ホストの結果が得られないことである。そのため、グループサイズが50から始めた場合、ユーザがレポートを受け取るのは、(冗長モードで最新情報が提供される場合を除く)最初の50台のホストが完了してからになる。
 .sp
@@ -583,7 +613,7 @@ Nmapには、複数のホストを並行してポートスキャンやバージ
 このオプションの主な使用法は、スキャンをより高速に完了できるように、グループサイズの最小値に大きな値を指定することである。クラスC規模のネットワークをスキャンするには通常、256を指定する。数多くのポートに対してスキャンを実行する場合は、これ以上の数値を設定しても、あまり効果は期待できない。ポート数がごくわずかのスキャンを行う場合は、ホストのグループサイズを2048以上に設定すると有効だろう。
 .RE
 .PP
-\fB\-\-min\-parallelism <numprobes>\fR; \fB\-\-max\-parallelism <numprobes>\fR (プローブの並列処理を調節する)
+\fB\-\-min\-parallelism \fR\fB\fInumprobes\fR\fR; \fB\-\-max\-parallelism \fR\fB\fInumprobes\fR\fR (プローブの並列処理を調節する)
 .RS 4
 ホストグループに向けて送信されるプローブの総数を決めるオプションで、ポートスキャンやホスト発見に用いられる。デフォルトでは、Nmapは、ネットワークパフォーマンスに基づいて、常に変化する理想的な並列処理可能数を算出している。パケットが続けて破棄される場合は、Nmapは処理速度を落とし、送信するプローブの数を減らす。理想的なプローブ数は、ネットワークが示すパフォーマンスの高さに応じて、緩やかに増加する。これらのオプションは、この変数に対して上限と下限を設定する。デフォルトでは、理想的な並列処理可能数は、ネットワークの信頼性が低い場合は1まで下がり、最高の状態の場合は数百まで上がる場合もある。
 .sp
@@ -592,50 +622,162 @@ Nmapには、複数のホストを並行してポートスキャンやバージ
 Nmapがホストに対して一度に2つ以上のプローブを送れないようにするために、\fB\-\-max\-parallelism\fRオプションに「1」が設定される場合がある。これは、(下で述べる)\fB\-\-scan\-delay\fRオプションと組み合わせて用いると便利である。もっとも、後者のオプションは通常は単独でも十分に役立つものである。
 .RE
 .PP
-\fB\-\-min\-rtt\-timeout <milliseconds>\fR, \fB\-\-max\-rtt\-timeout <milliseconds>\fR, \fB\-\-initial\-rtt\-timeout <milliseconds>\fR (プローブのタイムアウトを調節する)
+\fB\-\-min\-rtt\-timeout \fR\fB\fItime\fR\fR, \fB\-\-max\-rtt\-timeout \fR\fB\fItime\fR\fR, \fB\-\-initial\-rtt\-timeout \fR\fB\fItime\fR\fR (プローブのタイムアウトを調節する)
 .RS 4
-Nmapは、プローブを中止もしくは再送信するまで、プローブの応答を待機する時間をどのくらいにするかを決める実行タイムアウト値を保持している。この値は、それまでに送信したプローブの応答時間に基づいて算出される。ネットワークの待ち時間が、かなり長くて変化しやすい場合、タイムアウト値は数秒にまで達する可能性もある。また、反応が鈍いホストをスキャンする際には、控え目な(高い)レベルから始めて、しばらくの間そのままの値にしておく場合もある。
+Nmapは、プローブを中止もしくは再送信するまで、プローブの応答を待機する時間をどのくらいにするかを決める実行タイムアウト値を保持している。 この値は、それまでに送信したプローブの応答時間に基づいて算出される。 ネットワークの待ち時間が、かなり長くて変化しやすい場合、タイムアウト値は数秒にまで達する可能性もある。 また、反応が鈍いホストをスキャンする際には、控え目な(高い)レベルから始めて、しばらくの間そのままの値にしておく場合もある。
 .sp
-これらのオプションはミリ秒単位で設定する。\fB\-\-max\-rtt\-timeout\fR
+\fB\-\-max\-rtt\-timeout\fR
 と
-\fB\-\-initial\-rtt\-timeout\fRにデフォルトより小さな値を指定すると、スキャン時間を大幅に短縮できる。厳重なフィルタ処理が施されたネットワークに対してpingなし(\fB\-P0\fR)スキャンを行う場合は特にそうなる。とはいえ、あまりアグレッシブに小さくしすぎないように。小さすぎる値を指定してしまったために、応答が送信されている間に数多くのプローブがタイムアウトして再送信されてしまい、結果的にスキャンの実行に通常より余計に時間がかかる可能性があるからだ。
+\fB\-\-initial\-rtt\-timeout\fRにデフォルトより小さな値を指定すると、スキャン時間を大幅に短縮できる。 厳重なフィルタ処理が施されたネットワークに対してpingなし(\fB\-Pn\fR)スキャンを行う場合は特にそうなる。 とはいえ、あまりアグレッシブに小さくしすぎないように。 小さすぎる値を指定してしまったために、応答が送信されている間に数多くのプローブがタイムアウトして再送信されてしまい、結果的にスキャンの実行に通常より余計に時間がかかる可能性があるからだ。
 .sp
-すべてのホストがローカルネットワーク上にある場合、\fB\-\-max\-rtt\-timeout\fRの値は100ミリ秒(ms)にするのが、アグレッシブに小さく指定するとしても妥当な値である。ルーティングが関係してくる場合は、ICMP pingユーティリティか、ファイアウォールを通過できる可能性が高いhping2などのカスタムパケット作成ツールを用いて、最初にネットワーク上のホストにpingを実行する必要がある。10個程度のパケットを送信してみて、最大往復時間(RTT)を調べること。\fB\-\-initial\-rtt\-timeout\fRの値は、この値を2倍にするとよい。また、\fB\-\-max\-rtt\-timeout\fRの値は、これを3倍か4倍にしたものにするとよいだろう。筆者は通常、pingで調査した時間の大小に関係なく、最大RTTを100ms未満に設定することはないし、1000msを超える値にすることもない。
+すべてのホストがローカルネットワーク上にある場合、100ミリ秒(ms)(\fB\-\-max\-rtt\-timeout 100ms\fR)にするのが、アグレッシブに小さく指定するとしても妥当な値である。 ルーティングが関係してくる場合は、ICMP pingユーティリティか、ファイアウォールを通過できる可能性が高いhping2などのカスタムパケット作成ツールを用いて、最初にネットワーク上のホストにpingを実行する必要がある。 10個程度のパケットを送信してみて、最大往復時間(RTT)を調べること。
+\fB\-\-initial\-rtt\-timeout\fRの値は、この値を2倍にするとよい。 また、\fB\-\-max\-rtt\-timeout\fRの値は、これを3倍か4倍にしたものにするとよいだろう。 筆者は通常、pingで調査した時間の大小に関係なく、最大RTTを100ms未満に設定することはないし、1000msを超える値にすることもない。
 .sp
-\fB\-\-min\-rtt\-timeout\fRは、ほとんど使用されないオプションであるが、ネットワークの信頼性があまりに低いために、Nmapのデフォルト値でも小さく設定しすぎになる場合に役立つと思われる。Nmapは単にタイムアウト時間を指定された最小値まで小さくするだけなので、ネットワークが信頼できると思われる場合は、この要求は異常であり、nmap\-devメーリングリストにバグとして報告されるはずである。
+\fB\-\-min\-rtt\-timeout\fRは、ほとんど使用されないオプションであるが、ネットワークの信頼性があまりに低いために、Nmapのデフォルト値でも小さく設定しすぎになる場合に役立つと思われる。 Nmapは単にタイムアウト時間を指定された最小値まで小さくするだけなので、ネットワークが信頼できると思われる場合は、この要求は異常であり、nmap\-devメーリングリストにバグとして報告すべきである。
 .RE
 .PP
-\fB\-\-host\-timeout <milliseconds>\fR (遅いターゲットホストを見切る)
+\fB\-\-host\-timeout \fR\fB\fItime\fR\fR (遅いターゲットホストを見切る)
 .RS 4
-ホストのなかには、とにかくスキャンに\fI長い\fR時間がかかるものがある。理由としては、実行手順の不手際、信頼性の低いネットワークハードウェアやソフトウェア、パケットレート制限、厳重なファイアウォールなどが考えられる。スキャン対象ホスト全体の数パーセントを占める、最も反応が遅いホストによって、スキャン時間の大半を使われてしまうこともある。このような無駄はカットして、遅いホストは最初から省くほうがよい場合がある。これは、待機しても構わない時間を\fB\-\-host\-timeout\fRにミリ秒単位の数値で指定することで実行できる。筆者は、Nmapが単一ホストに対して30分を超える時間を浪費しないように、1800000という値を指定することが多い。注意すべき点は、Nmapはこの30分の間に、同時に他のホストもスキャンできるので、まったくの無駄にはならないことだ。タイムアウトするホストはスキップされ、ポートテーブル、OS検出、バージョン検出などの結果は出力されない。
+ホストのなかには、とにかくスキャンに\fI長い\fR時間がかかるものがある。 理由としては、性能・信頼性の低いネットワークハードウェアやソフトウェア、パケットレート制限、厳重なファイアウォールなどが考えられる。 スキャン対象ホスト全体の数パーセントを占める、最も反応が遅いホストによって、スキャン時間の大半を使われてしまうこともある。このような無駄はカットして、遅いホストは最初から省くほうがよい場合がある。 これは、待機しても構わない時間の最大値を\fB\-\-host\-timeout\fRに指定することで実現できる。 たとえば、30m
+を指定して、Nmapが1つのホストで30分以上無駄にしないようにできる。 この30分の待ち時間に、Nmapは他のホストも同時にスキャンしているので、完全な時間の損失にはならないことに注意。 タイムアウトするホストはスキップされ、ポートテーブル、OS検出、バージョン検出などの結果は出力されない。
+.sp
+0
+は特別な値で
+「タイムアウトをしない」
+を指定できる。 ホストのタイムアウトを15分にデフォルトで指定する
+\fBT5\fR
+タイミングテンプレートの挙動を上書きする際に有用である。
 .RE
 .PP
-\fB\-\-scan\-delay <milliseconds>\fR; \fB\-\-max\-scan\-delay <milliseconds>\fR (プローブ間の遅滞時間を調節する)
+\fB\-\-script\-timeout \fR\fB\fItime\fR\fR
 .RS 4
-指定したホスト宛てに送られるプローブの送信間隔において、ミリ秒単位の数値で指定した時間だけNmapを待機状態にする。これは、レート制限が行われている場合に特に役に立つ。Solarisマシンは(制限が特に厳しく)、通常はUDPスキャンのプローブパケットに対して、ICMPメッセージの応答を毎秒1回しか返さない。Nmapがそれ以上のパケットを送ってもすべて無駄になる。\fB\-\-scan\-delay\fR
-に1000を指定すると、Nmapは毎秒1回という遅いレートを保つことになる。Nmapは、レート制限を検出し、それに応じてスキャンの進行を遅らせようとするが、どの程度のレートが最適であるかがすでにわかっている場合は明示的に指定してもよい。
+スクリプトの中にはコンマ数秒で完了するものもあるが、スクリプトの性質、渡された引数、ネットワークやアプリケーションの状態などによって、数時間以上かかるものもある。
+\fB\-\-script\-timeout\fR
+オプションは、スクリプトの実行時間に上限を設定する。 設定された時間を超えたスクリプトは終了し、何も表示されません。 デバッグ (\fB\-d\fR) オプションを指定すると、各タイムアウトの詳細が表示される。 ホストおよびサービススクリプトの場合、スクリプトは1つの対象ホストまたはポートのみをスキャンし、タイムアウト時間は次のスクリプトのためにリセットされる。
+0 は特別な値で 「タイムアウトをしない」 を意味する。
+タイムアウトを10分とデフォルトで指定している\fBT5\fR タイミングテンプレートを上書きするために使用できる。
+
+        .RE
+.PP
+\fB\-\-scan\-delay \fR\fB\fItime\fR\fR; \fB\-\-max\-scan\-delay \fR\fB\fItime\fR\fR (プローブ間の遅滞時間を調節する)
+.RS 4
+指定したホスト宛てに送られる各プローブの送信間隔において、指定した時間だけNmapを待機状態にする。 これは、が行われている場合に特に役に立つ。 Solarisマシンは(制限が特に厳しく)、通常はUDPスキャンのプローブパケットに対して、ICMPメッセージの応答を毎秒1回しか返さない。 Nmapがそれ以上のパケットを送ってもすべて無駄になる。\fB\-\-scan\-delay\fR
+は次のように設定する。
+1sとすると、Nmapはその遅い速度に保たれる。Nmapは毎秒1回という遅いレートを保つことになる。 Nmapは、レート制限を検出し、それに応じてスキャン遅延を調整しようとするが、どの程度のレートが最適であるかがすでにわかっている場合は明示的に指定してもよい。
+.sp
+Nmapがレート制限に対処するためにスキャン遅延を増加させた場合、スキャンの速度は大幅に低下する。
+\fB\-\-max\-scan\-delay\fRは、Nmapが許容する最大の遅延時間を指定できる。
+\fB\-\-max\-scan\-delay\fR
+に少ない時間を指定すれば、スキャンを高速化できるが、リスクがある。 時間を少なく設定しすぎると、対象が厳格なレート制限を実装している場合に、無駄なパケット再送信や、ポートの取りこぼしが発生する可能性がある。
 .sp
 \fB\-\-scan\-delay\fR
-は他にも、しきい値ベースの侵入検知や侵入防止システム(IDS/IPS)の回避に使用される。
+には、使用法がもうひとつある。 それは、閾値ベースの侵入検知・防御システム(IDS/IPS)の回避である。
+
 .RE
 .PP
-\fB\-T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane>\fR (タイミングのテンプレートを設定する)
+\fB\-\-min\-rate \fR\fB\fInumber\fR\fR; \fB\-\-max\-rate \fR\fB\fInumber\fR\fR (スキャンレートを細かく制御)
 .RS 4
-前節で述べたような、タイミングのきめ細やかな制御はとても効果が大きいが、分かりにくいと感じるユーザもいるようだ。さらには、最適化を試みているスキャンを実行するよりも、適切な数値を選ぶほうが時間がかかるという事態に陥る可能性もある。そこでNmapには、6つのタイミング用テンプレートを用いたもっと簡単なアプローチが用意されている。テンプレートは、\fB\-T\fRオプションと番号(0 \- 5)か名前で指定できる。テンプレート名は、paranoid (0)、sneaky (1)、polite (2)、normal (3)、aggressive (4)、insane (5)である。最初の2つは、IDS回避用のテンプレートである。Politeモードは、スキャン処理速度を落とし、帯域幅とターゲットマシンのリソースの使用量を少なくするためのものである。Normalモードはデフォルトなので、\fB\-T3\fRとしても特に何もしない。Aggressiveモードは、ユーザが適度に高速で信頼性の高いネットワーク上にいることを想定して、スキャン速度を上げる。最後にInsaneモードは、非常に高速なネットワーク上にいるか、あるいは速度と引き換えに精度の一部を犠牲にしても構わない場合を想定したモードである。
+Nmapのスキャン速度の自動制御は、適切なスキャン速度を見つけるのに効果的である。 しかし、適切なスキャン速度が事前にわかっている場合や、ある時間までにスキャンが終了することを保証しなければならない場合もある。 あるいは、Nmapがあまりに速くスキャンしないようにしなければならないかもしれない。
+\fB\-\-min\-rate\fR
+と
+\fB\-\-max\-rate\fR
+オプションは、このような状況に対応するために用意されている。
 .sp
-これらのテンプレートを利用すると、ユーザは、的確なタイミング値の選定はNmapに任せつつ、どの程度アグレッシブなスキャンを実行したいかを指定できる。また、今のところきめ細かい制御のオプションが存在しない、速度の微調整の一部をこのテンプレートで行うこともできる。例えば、\fB\-T4\fRは、TCPポートに対するスキャン処理の動的な遅延時間が10msを越えないようにすることができ、また\fB\-T5\fRでは、この値の上限が5msに制限される。テンプレートを最初に指定する場合に限り、きめ細かい制御オプションとテンプレートを組み合わせて用いることができる。そうしないと、テンプレートの標準値がユーザの指定した値で上書きされてしまう。適度に最近の信頼性が高いネットワークをスキャンする場合は、\fB\-T4\fRがお勧めである。きめ細かい制御オプションを追加する場合でも、このオプションを(コマンドラインの最初に)付けておくことで、テンプレートによって有効になる細部にわたる最適化のメリットを享受できる。
+\fB\-\-min\-rate\fR
+オプションが与えられると、Nmap は与えられたレートと同じかそれよりも速くパケットを送信するよう最善を尽くす。 引数は、1 秒あたりの送信パケット数を表す正の実数である。 例えば、\fB\-\-min\-rate 300\fR
+を指定すると、Nmap は送信レートを毎秒300パケット以上に維持しようとする。 最小レートを指定しても、条件が許す限り、Nmapがより速くなることはない。
 .sp
-適正なブロードバンド接続やイーサネット接続の環境にいる場合は、常時\fB\-T4\fRを利用することをお勧めする。\fB\-T5\fRを好む人もいるが、私にはアグレッシブすぎるように思われる。\fB\-T2\fRを指定しているユーザもたまにいるが、ホストをクラッシュさせる可能性が低いと見ているからか、自分のことを全般的に礼儀正しい(polite)と思っているからのようだ。こうしたユーザは単に、「\-T Polite」が実際にはいかに遅いものであるかを理解していないだけだ。Politeモードは、デフォルトスキャンの10倍の時間がかかる。デフォルトのタイミングオプション(\fB\-T3\fR)に関しては、マシンのクラッシュや帯域幅が問題になることはめったにないので、慎重なスキャンユーザには通常はこれを勧めている。タイミング値をあれこれ操作して、これらの問題を軽減しようとするよりも、バージョン検出を省略するほうがずっと効率的である。
+同様に、\fB\-\-max\-rate\fRは送信レートを最大値を指定できる。 例えば、高速なネットワークを対象に毎秒100パケットの送信に制限するには、\fB\-\-max\-rate 100\fRを使用する。 10秒に1パケットという遅いスキャンを行うには、\fB\-\-max\-rate 0\&.1\fRを使用する。
+\fB\-\-min\-rate\fR
+と
+\fB\-\-max\-rate\fR
+を一緒に使うと、レートをある範囲内に保つことができる。
+.sp
+これらの2つのオプションは全体的なもので、個々のホストにではなく、スキャン全体に影響する。 ポートスキャンとホスト発見にのみ影響する。 OS検出のような他の機能では、独自のタイミングが実装されている。
+.sp
+実際のスキャン速度が指定した最小値を下回る可能性があるのは2つの条件である。 1つは、最小値がNmapが送信できる最速レートよりも速い場合であり、これはハードウェアに依存する。 この場合、Nmapは単に可能な限り高速にパケットを送信するが、このような高速なレートでは精度が低下する可能性が高いので注意が必要である。 2つ目のケースは、Nmapが何も送信しない場合である。たとえば、スキャンの最後にプローブが送信され、Nmapがタイムアウトや応答を待っているときである。 スキャンの終了時やホストグループ間でスキャンレートが低下するのは正常な現象である。 予測できない遅延を補うために、送信レートが一時的に最大値を超えることがあるが、平均してレートは最大値以下にとどまるだろう。
+.sp
+最小レートの指定は慎重に行う必要がある。 ネットワークが対応できる速度よりも速くスキャンすると、精度が低下する可能性がある。 場合によっては、速いレートを使うと、遅いレートを使ったときよりもスキャンが\fI長く\fRなることがある。 これはNmapの
+適応伝送
+アルゴリズムが、過剰なスキャン速度によるネットワークの輻輳を検知し、精度を上げるために再送信の回数を増やすからである。 そのため、パケットが高いレートで送信されても、全体としてはより多くのパケットが送信される。 総スキャン時間の上限の設定は、\fB\-\-max\-retries\fRで再送信の回数を制限できる
+.RE
+.PP
+\fB\-\-defeat\-rst\-ratelimit\fR
+.RS 4
+多くのホストは、送信するICMPエラーメッセージ(ポート到達不能エラーなど)の数を減らすために、長い間レート制限
+
+を使用してきた。 現在、いくつかのシステムは、生成するRST(リセット)パケットに同様のレート制限を適用している。 このようなレート制限を反映させるためにタイミングを調整するため、Nmapの速度が大幅に低下することがある。
+\fB\-\-defeat\-rst\-ratelimit\fR
+を指定することにより、Nmapにこれらのレート制限を無視させることができる (SYN スキャンなど、応答がないポートを
+open
+として扱わないスキャンのために)。
+.sp
+このオプションを使用すると、Nmapがレート制限されたRST応答を十分に待たないために、一部のポートが無応答に見えるため、精度が低下する可能性がある。 SYNスキャンでは、無応答に見えたポートは
+filtered
+となり、RSTパケット受信時に見られるclosed
+状態にはならない。 このオプションは、開いているポートにしか関心がなく、closed
+と
+filtered
+を区別することに余分の時間を割けない場合に有用である。
+.RE
+.PP
+\fB\-\-defeat\-icmp\-ratelimit\fR
+.RS 4
+\fB\-\-defeat\-rst\-ratelimit\fR
+と同様に、
+\fB\-\-defeat\-icmp\-ratelimit\fR
+オプションは精度と引き換えに速度を優先し、ICMP エラーメッセージをレート制限するホストに対して UDP スキャン速度を向上させるものである。 このオプションは、Nmap がポート到達不能メッセージを受信するために遅延しないようにするので、応答しないポートには、デフォルトの
+open|filtered
+の代わりに
+closed|filtered
+というラベルが付くことになる。 これは、UDP で実際に応答するポートだけを
+open
+として扱う。 多くの UDP サービスはこの方法では応答しないので、 このオプションは
+\fB\-\-defeat\-rst\-ratelimit\fR
+よりも不正確である可能性が高い。
+.RE
+.PP
+\fB\-\-nsock\-engine iocp|epoll|kqueue|poll|select\fR
+.RS 4
+与えられたnsock IO多重化エンジンの使用を強制する。
+select(2)
+ベースのフォールバックエンジンのみが、システム上で利用可能と保証されている。 エンジンの名前は、利用するIO管理機能の名前にちなんで付けられている。 現在実装されているエンジンは、epoll、kqueue、poll、select
+だが、どのプラットフォームにも存在しないものもないとは言い切れない。 デフォルトでは、Nmapは「最適な」エンジン、すなわち、このリストの中で最初にサポートされたエンジンを使用する。
+\fBnmap \-V\fRを使って、自分のプラットフォームでどのエンジンがサポートされているかを確認できる。
+.RE
+.PP
+\fB\-T paranoid|sneaky|polite|normal|aggressive|insane\fR (タイミングテンプレートを設定する)
+.RS 4
+前節で述べたような、タイミングのきめ細やかな制御はとても効果が大きいが、分かりにくいと感じるユーザもいるようだ。 さらには、最適化を試みているスキャンを実行するよりも、適切な数値を選ぶほうが時間がかかるという事態に陥る可能性もある。 そこでNmapには、6つのタイミングテンプレートを用いたもっと簡単なアプローチが用意されている。 テンプレートは、\fB\-T\fRオプションと番号(0 \- 5)か名前で指定できる。 テンプレート名は、\fBparanoid\fR\ \&(\fB0\fR)、
+\fBsneaky\fR\ \&(\fB1\fR)、
+\fBpolite\fR\ \&(\fB2\fR)、
+\fBnormal\fR\ \&(\fB3\fR)、
+\fBaggressive\fR\ \&(\fB4\fR)、\fBinsane\fR\ \&(\fB5\fR)である。 最初の2つは、IDS回避用のテンプレートである。Politeモードは、スキャン処理速度を落とし、帯域幅とターゲットマシンのリソースの使用量を少なくするためのものである。 Normalモードはデフォルトなので、\fB\-T3\fRとしても特に何もしない。Aggressiveモードは、ユーザが適度に高速で信頼性の高いネットワーク上にいることを想定して、スキャン速度を上げる。 最後にInsaneモードは、 非常に高速なネットワーク上にいるか、あるいは速度と引き換えに精度の一部を犠牲にしても構わない場合を想定したモードである。
+.sp
+これらのテンプレートを利用すると、ユーザは、的確なタイミング値の選定はNmapに任せつつ、どの程度アグレッシブなスキャンを実行したいかを指定できる。 また、今のところきめ細かい制御のオプションが存在しない、速度の微調整の一部をこのテンプレートで行うこともできる。 例えば、\fB\-T4\fRは、TCPポートに対するスキャン処理の動的な遅延時間が10msを越えないようにすることができ、また\fB\-T5\fRでは、この値の上限が5msに制限される。 テンプレートを最初に指定する場合に限り、きめ細かい制御オプションとテンプレートを組み合わせて用いることができる。 そうしないと、テンプレートの標準値がユーザの指定した値で上書きされてしまう。適度に最近の信頼性が高いネットワークをスキャンする場合は、\fB\-T4\fRがお勧めである。 きめ細かい制御オプションを追加する場合でも、このオプションを(コマンドラインの最初に)付けておくことで、テンプレートによって有効になる細部にわたる最適化のメリットを享受できる。
+.sp
+適正なブロードバンド接続やイーサネット接続の環境にいる場合は、常時\fB\-T4\fRを利用することをお勧めする。
+\fB\-T5\fRを好む人もいるが、私にはアグレッシブすぎるように思われる。
+\fB\-T2\fRを指定しているユーザもたまにいるが、ホストをクラッシュさせる可能性が低いと見ているからか、自分のことを全般的に礼儀正しい(polite)と思っているからのようだ。 こうしたユーザは単に、「\-T Polite」が実際にはいかに遅いものであるかを理解していないだけだ。 Politeモードは、デフォルトスキャンの10倍の時間がかかる。デフォルトのタイミングオプション(\fB\-T3\fR)に関しては、マシンのクラッシュや帯域幅が問題になることはめったにないので、慎重なスキャンユーザには通常はこれを勧めている。 タイミング値をあれこれ操作して、これらの問題を軽減しようとするよりも、バージョン検出を省略するほうがずっと効率的である。
 .sp
 \fB\-T0\fR
 や
-\fB\-T1\fRは、IDSの警告を回避するには役立つかもしれないが、何千ものマシンやポートをスキャンするには非常に長い時間がかかる。そのように長いスキャンを行う場合は、あらかじめ用意された\fB\-T0\fR
+\fB\-T1\fRは、IDSの警告を回避するには役立つかもしれないが、何千ものマシンやポートをスキャンするには非常に長い時間がかかる。 そのように長いスキャンを行う場合は、あらかじめ用意された\fB\-T0\fR
 や
 \fB\-T1\fRの値に頼るよりも、必要に応じて的確なタイミング値を設定するほうが好ましいだろう。
 .sp
-\fBT0\fRの主な効果は、スキャンを連続的に実行して一度に1つのポートしかスキャンされないようにすることと、各プローブを送信する間に5分間待機することである。\fBT1\fR
+\fBT0\fRの主な効果は、スキャンを連続的に実行して一度に1つのポートしかスキャンされないようにすることと、各プローブを送信する間に5分間待機することである。
+\fBT1\fR
 と
-\fBT2\fRは似ているが、それぞれプローブ間の待機時間が15秒と0\&.4秒しかない。\fBT3\fRはNmapのデフォルト動作で、並列処理が含まれる。\fBT4\fRは\fB\-\-max\-rtt\-timeout 1250 \-\-initial\-rtt\-timeout 500\fRに相当し、TCPスキャンの最大遅延時間を10msに設定する。\fBT5\fRは\fB\-\-max\-rtt\-timeout 300 \-\-min\-rtt\-timeout 50 \-\-initial\-rtt\-timeout 250 \-\-host\-timeout 900000\fRに相当し、TCPスキャンの最大遅延時間を5msに設定する。
+\fBT2\fRは似ているが、それぞれプローブ間の待機時間が15秒と0\&.4秒しかない。
+\fBT3\fRはNmapのデフォルト動作で、並列処理が含まれる。\fBT4\fRは\fB\-\-max\-rtt\-timeout 1250ms \-\-min\-rtt\-timeout 100ms \-\-initial\-rtt\-timeout 500ms \-\-max\-retries 6\fRに相当し、TCPおよびSCTPスキャンの最大遅延時間を10msに設定する。
+\fBT5\fRは\fB\-\-max\-rtt\-timeout 300ms \-\-min\-rtt\-timeout 50ms \-\-initial\-rtt\-timeout 250ms \-\-max\-retries 2 \-\-host\-timeout 15m \-\-script\-timeout 10m \-\-max\-scan\-delay\fRに相当し、TCPおよびSCTPスキャンの最大遅延時間を5msに設定する。 UDPの最大スキャン遅延時間は
+\fBT4\fR
+や
+\fBT5\fR
+では設定できないが、
+\fB\-\-max\-scan\-delay\fR
+オプションで設定できる。
 .RE
 .SH "ファイアウォール/IDS の回避とスプーフィング"
 .PP
@@ -654,7 +796,7 @@ Nmapには、ファイアウォールルールを回避したりIDSをこっそ
 \fB\-f\fRオプションを指定すると、要求されたスキャン(pingスキャンを含む)は小さく断片化されたIPパケットを利用するようになる。これを行う目的は、TCPヘッダを複数のパケットに分割することで、パケットフィルタや侵入検知システム(IDS)などの厄介なセキュリティ策にスキャンを検知されにくくすることである。ただし、以下の点には注意が必要だ。すなわち、プログラムのなかには、このような小さなパケットの処理によって問題を生じるものがあることだ。旧式のスニファ「Sniffit」は、最初のフラグメントを受信した瞬間にセグメンテーション障害を起こした。このオプションを一度指定すると、NmapはIPヘッダを8バイトかそれ以下の大きさのパケットに分割する。つまり、20バイトのTCPヘッダは3つのパケットに分割されることになる。8バイトのパケットが2つと、残りの1つが4バイトになる。もちろん、各フラグメントにもIPヘッダがある。\fB\-f\fRを再度指定すると、フラグメントあたり16バイトが使われる(フラグメントの数は減る)。あるいは、\fB\-\-mtu\fRオプションで、ユーザ独自の分割サイズを指定することもできる。\fB\-\-mtu\fRを使う場合は、同時に\fB\-f\fRは指定しないこと。分割サイズは8の倍数にする必要がある。断片化されたパケットは、すべてのIPフラグメントを待ち行列に入れるパケットフィルタやファイアウォール（例えば、LinuxカーネルのCONFIG_IP_ALWAYS_DEFRAGオプションなど）を通り抜けることはできないが、ネットワークによっては、この断片化によって生じるパフォーマンスの低下に耐えきれないために、これを無効にしているところがある。またそれ以外にも、各フラグメントがそれぞれ異なる経路を通ってネットワークに至る可能性があるために、この機能を有効にできないところもある。一部の発信元システムでは、カーネルで発信パケットのフラグメント化を解消するものもある。コネクション追跡モジュールの「iptables」を備えるLinuxなどがこれにあたる。送信パケットがきちんとフラグメント化されていることを確認するために、Etherealなどのスニファを実行しながら、スキャンを行うようにすること。自身のホストのOSが原因で問題が生じる場合は、IP層を回避して「生」イーサネット フレームを送るために、\fB\-\-send\-eth\fRを試してみるとよい。
 .RE
 .PP
-\fB\-D <decoy1 [,decoy2][,ME],\&.\&.\&.>\fR (おとりを使ってスキャンを隠蔽する)
+\fB\-D \fR\fB\fIdecoy1\fR\fR\fB[,\fIdecoy2\fR]\fR\fB[,ME]\fR\fB[,\&.\&.\&.]\fR (おとりを使ってスキャンを隠蔽する)
 .RS 4
 おとり(囮)スキャンを実行する。おとりスキャンとは、実際のスキャンの他に、おとりとして指定したホスト(複数可)もターゲットネットワークをスキャンしているようにリモートホストに見せかけるためのものである。この結果、対象ホストのIDSは、それぞれ異なる複数のIPアドレスから、5から10のポートスキャンが実行されたことを報告する場合もあるが、実際にどのIPがスキャンを実行していたもので、どれが無実のおとりだったのかを知られることはない。このおとりスキャンは、ルータの経路追跡、応答の破棄、その他の動的メカニズムによって阻止される可能性があるが、通常は攻撃元のIPアドレスを隠蔽する技法として非常に効果的である。
 .sp
@@ -667,19 +809,19 @@ Nmapには、ファイアウォールルールを回避したりIDSをこっそ
 おとりを多く使いすぎると、スキャンの速度が低下するだけでなく、精度も下がるおそれがあることに注意する。また、一部のISPは偽装パケットをフィルタで除外しているが、偽装したIPパケットを制限しているところは少ない。
 .RE
 .PP
-\fB\-S <IP_Address>\fR (ソースアドレスを偽装する)
+\fB\-S \fR\fB\fIIP_Address\fR\fR (ソースアドレスを偽装する)
 .RS 4
 一部の環境では、Nmapがユーザのソースアドレスを特定できない場合がある(その場合はかならず、Nmapからユーザに通知がある)。こうした状況では、\fB\-S\fRオプションを使って、パケットの送信に利用したいインターフェースのIPアドレスを指定すること。
 .sp
-このフラグの他の利用方法として考えられるのは、スキャンを偽装して、\fI第三者（誰か別の人間）\fRがスキャンを実行しているとターゲットに思い込ませることだ。企業が、ライバル企業から繰り返しポートスキャンを受けたとしたらどうなるだろうか。この種の用途に用いるには、たいていの場合\fB\-e\fRオプションが必要になるだろう。また通常は\fB\-P0\fRも使った方が望ましい。
+このフラグの他の利用方法として考えられるのは、スキャンを偽装して、\fI第三者（誰か別の人間）\fRがスキャンを実行しているとターゲットに思い込ませることだ。企業が、ライバル企業から繰り返しポートスキャンを受けたとしたらどうなるだろうか。この種の用途に用いるには、たいていの場合\fB\-e\fRオプションが必要になるだろう。また通常は\fB\-Pn\fRも使った方が望ましい。
 .RE
 .PP
-\fB\-e <interface>\fR (特定のインターフェースを使用する)
+\fB\-e \fR\fB\fIinterface\fR\fR (特定のインターフェースを使用する)
 .RS 4
 パケットを送受信する際に、どのインターフェースを利用するかをNmapに伝えるためのオプション。Nmapは、インターフェースを自動的に検知できるようになっているが、検知できない場合はその旨がユーザに通知される。
 .RE
 .PP
-\fB\-\-source\-port <portnumber>;\fR \fB\-g <portnumber>\fR (ソースポート番号を偽装する)
+\fB\-\-source\-port \fR\fB\fIportnumber\fR\fR\fB;\fR \fB\-g \fR\fB\fIportnumber\fR\fR (ソースポート番号を偽装する)
 .RS 4
 よく見かける設定ミスの1つは、ソースポート番号だけを基準にして、トラフィックを信頼していることである。これがどのようにして起きるかを理解するのは簡単である。管理者が真新しいファイアウォールをセットアップすると必ず、恩知らずのユーザから、アプリケーションが機能しなくなったという苦情が殺到することになるものだ。特に、外部サーバからのUDP DNS応答がネットワークに入れなくなることが原因で、DNSが動かなくなる場合がある。この他に、FTPもよく見られる例である。アクティブFTP転送が行われる際に、リモートサーバは、要求されたファイルを転送するために、再びクライアントへのコネクションを確立しようとする。
 .sp
@@ -691,12 +833,12 @@ Nmapには、この種の弱点を突くためのオプションとして、\fB\
 や\fB\-\-source\-port\fR(これらは同等のもの)が用意されている。単ポート番号を指定すると、可能な場合であれば、Nmapはそのポートからパケットを送信する。特定のOS検出検査が正しく機能するようにするために、Nmapは様々なポート番号を使用する必要がある。NmapはDNS要求の処理にシステムのライブラリを用いているので、この\fB\-\-source\-port\fRフラグを指定していても、DNS要求には無視されることになる。SYNスキャンを含む大部分のTCPスキャン、およびUDPスキャンは、このオプションに完全に対応している。
 .RE
 .PP
-\fB\-\-data\-length <number>\fR (送信パケットにランダムデータを付加する)
+\fB\-\-data\-length \fR\fB\fInumber\fR\fR (送信パケットにランダムデータを付加する)
 .RS 4
 通常、Nmapはヘッダのみを含む最小限のパケットを送信する。従って、TCPパケットは通常40バイト、ICMPエコー要求パケットは28バイト程度の大きさしかない。このオプションは、Nmapが送信するほとんどのパケットに、指定したバイト数のランダムデータを付加するようにする。OS検出(\fB\-O\fR)パケットにはデータは付加されないが、ほとんどのping およびポートスキャンのパケットには付加される。これにより、処理速度は低下するが、スキャンを幾分でも目立たなくすることができる。
 .RE
 .PP
-\fB\-\-ttl <value>\fR (IPのTTLフィールド値を設定する)
+\fB\-\-ttl \fR\fB\fIvalue\fR\fR (IPのTTLフィールド値を設定する)
 .RS 4
 送信パケットのIPv4生存時間(TTL：Time\-to\-Live)フィールドを指定した値に設定する。
 .RE
@@ -706,7 +848,7 @@ Nmapには、この種の弱点を突くためのオプションとして、\fB\
 このオプションは、Nmapがスキャンを実行する前に、各グループあたり最大8096のホストをランダムに並び替えるようにする。これにより、特にスキャン速度を遅く設定するタイミングオプションと併用する場合は、各種ネットワーク監視システムにスキャンが検知される可能性を小さくすることができる。より大規模なグループを無作為化したい場合は、nmap\&.hのPING_GROUP_SZを増やして再コンパイルする。別の手段としては、リストスキャンでターゲットIPリストを作成し(\fB\-sL \-n \-oN \fR\fB\fIfilename\fR\fR)、これをPerlスクリプトで無作為化して、\fB\-iL\fRでリストをそのままNmapに渡す。
 .RE
 .PP
-\fB\-\-spoof\-mac <mac address, prefix, or vendor name>\fR (MACアドレスを偽装する)
+\fB\-\-spoof\-mac \fR\fB\fImac address, prefix, or vendor name\fR\fR (MACアドレスを偽装する)
 .RS 4
 Nmapが送信するすべての生イーサネット フレームに、指定したMACアドレスを使うようにする。このオプションは、Nmapが実際にイーサネットレベルのパケットを送信するように、\fB\-\-send\-eth\fRが必要条件になる。MACアドレスは、さまざまな形式で指定できる。文字列の「0」だけが指定された場合は、NmapはセッションのMACアドレスを完全に無作為に選ぶ。指定した文字列が偶数の16進数(一組ずつ状況に応じてコロンで区切る)の場合は、NmapはこれをMACアドレスとして使用する。12桁未満の16進数が指定された場合は、Nmapは残りの6バイトにランダムな値を補充する。引数が0や16進文字列ではない場合は、Nmapはnmap\-mac\-prefixes
 を調べて、指定した文字列を含むベンダ名を見つける(大文字と小文字は区別されない)。一致するものがあった場合、そのベンダのOUI(Organizationally Unique Identifier:3バイトのベンダコード)を使用し、残りの3バイトにはランダムに記入する。有効な\fB\-\-spoof\-mac\fR引数は、Apple、0、01:02:03:04:05:06、deadbeefcafe、0020F2、Ciscoなどになる。
@@ -733,12 +875,12 @@ Nmapの一部の引数とは異なり、ログファイルオプションのフ
 .PP
 \fBNmapの出力フォーマット\fR
 .PP
-\fB\-oN <filespec>\fR (通常出力)
+\fB\-oN \fR\fB\fIfilespec\fR\fR (通常出力)
 .RS 4
 通常の出力が指定した名前のファイルに書き込まれるようにする。上で述べた通り、これはインタラクティブ出力と一部異なる。
 .RE
 .PP
-\fB\-oX <filespec>\fR (XML 出力)
+\fB\-oX \fR\fB\fIfilespec\fR\fR (XML 出力)
 .RS 4
 XML出力が指定した名前のファイルに書き込まれるようにする。Nmapには文書型定義(DTD)が組み込まれており、XMLパーサーはこれを用いて、NmapのXML出力を検証する。本来はプログラムによる使用を目的としたものだが、人間がNmapのXML出力を解釈するのにも役立つ。DTDには、フォーマットの文法要素が定義されており、これらの要素が取ることのできる属性や値が列挙されていることが多い。最新版は以下から常時入手できる：\m[blue]\fB\%https://nmap.org/data/nmap.dtd\fR\m[]
 .sp
@@ -749,12 +891,12 @@ XMLは、ソフトウェアで容易に解析できる定型書式を提供す
 XML出力はXSLスタイルシートを参照して、出力結果の書式をHTMLに変換できる。これを使用する最も簡単な方法としては、単にFirefoxやIEなどのWebブラウザでXML出力を読み込むだけでよい。デフォルトでは、これはNmapを実行したマシン上(もしくは同じ構成のマシン)でのみ機能する。これは、nmap\&.xslのファイルシステムのパスがハードコード化されているためである。Webに接続したマシン上であればHTMLとして表示されるような、移植性のあるXMLファイルを作成する方法については、\fB\-\-stylesheet\fRオプションの項を参照のこと。
 .RE
 .PP
-\fB\-oS <filespec>\fR (ScRipT KIdd|3 oUTpuT)
+\fB\-oS \fR\fB\fIfilespec\fR\fR (ScRipT KIdd|3 oUTpuT)
 .RS 4
 スクリプトキディ出力は、インタラクティブ出力に似ているが、異なる点は、「l33t HaXXorZ」(leet hacker)向けに後処理してあることだ。Nmapは以前より、一貫性のある大文字やスペルの使い方のせいで、この人たちに見下されてきた。ユーモアを解さない人々は、「スクリプトキディの手助けをしている」として筆者に非難の言葉を浴びせる前に、まず気付くべきだ。このオプションが、彼らをからかうためのものだということを。
 .RE
 .PP
-\fB\-oG <filespec>\fR (Grep検索可能出力)
+\fB\-oG \fR\fB\fIfilespec\fR\fR (Grep検索可能出力)
 .RS 4
 この出力フォーマットを最後に取り上げたのは、廃止予定だからだ。XML出力フォーマットのほうがはるかに強力であり、熟練ユーザにとっての使い勝手もほぼ変わらない。XMLはパーサーの標準で、多数の優れたXMLパーサーが利用可能になっているのに対し、grep可能出力は筆者独自のスクリプトに過ぎない。XMLは拡張性が高く、Nmapの新機能がリリースされるたびに対応可能だが、grep可能出力にはこうした機能を追加する余地がないため、割愛せざるを得ないことも多い。
 .sp
@@ -767,7 +909,7 @@ Grep可能出力は、コメント行(パウンド(#)記号で始まる行)と
 XML出力の場合と同様に、本稿でこのフォーマットのすべてを論ずることはできない。Nmapのgrep可能出力フォーマットについての詳細な解説は以下で入手できる：\m[blue]\fB\%http://www.unspecific.com/nmap-oG-output\fR\m[]
 .RE
 .PP
-\fB\-oA <basename>\fR (全フォーマットに出力する)
+\fB\-oA \fR\fB\fIbasename\fR\fR (全フォーマットに出力する)
 .RS 4
 簡便のために、\fB\-oA \fR\fB\fIbasename\fR\fRを指定すると、スキャン結果を通常、XML、grep可能の3つのフォーマットで一度に保存できるようにした。それぞれ、\fIbasename\fR\&.nmap、\fIbasename\fR\&.xml、\fIbasename\fR\&.gnmapというファイルに保存される。たいていのプログラムと同じく、以下の例のようにファイル名の前にディレクトリパスを付けることもできる：~/nmaplogs/foocorp/(UNIX)、c:\ehacking\esco(Windows)
 .RE
@@ -781,7 +923,7 @@ XML出力の場合と同様に、本稿でこのフォーマットのすべて
 ほとんどの変更の効果が表れるのはインタラクティブ出力だけだが、通常出力とスクリプトキディ出力にも一部効果がある。その他の出力タイプは、コンピュータ処理するための出力なので、ユーザの手を煩わさなくとも、デフォルトでかなり詳細な情報が与えられている。それでも、その他の出力モードでもいくつか変更される点があり、詳細情報を一部省略することで、出力サイズを大幅に減らすことができる。例えば、grep可能出力のコメント行で、スキャン対象の全ポートの一覧表を提供するものは、かなり長くなる可能性があるので、冗長モードでのみ書き出される。
 .RE
 .PP
-\fB\-d [level]\fR (デバッグレベルを上げる/設定する)
+\fB\-d \fR\fB\fIlevel\fR\fR (デバッグレベルを上げる/設定する)
 .RS 4
 冗長モードでも満足する情報が得られない場合は、さらに大量の情報を得るためにデバッグを利用できる。冗長オプション(\fB\-v\fR)の場合と同様に、デバッグもコマンドラインのフラグ(\fB\-d\fR)で有効になり、これを複数回指定することで、デバッグレベルを上げることができる。もしくは、デバッグレベルは\fB\-d\fRに引数として与えることでも設定できる。例えば、\fB\-d9\fRでレベル9に設定される。これは最も効果の高いレベルであり、ごく少数のポートやターゲットに対して非常に単純なスキャンを実行するのでない限り、数千行に及ぶ出力が生成される。
 .sp
@@ -808,13 +950,13 @@ Nmapが検出したインターフェースやシステム経路のリストを
 \fB\-oN\fRなどの出力フォーマットのフラグにファイル名を指定すると、デフォルトではそのファイルは上書きされる。既存のファイルの内容はそのままにして、新しい結果を追加したい場合は、この\fB\-\-append\-output\fRオプションを指定する。こうしてNmapを実行すれば、ここで指定した出力ファイルはすべて、上書きではなくて追加されることになる。だがこれは、XMLスキャン(\-oX)のデータに対してはあまり有効ではない。XMLの結果ファイルは通常、手動で修正しないと適正に解析できないからだ。
 .RE
 .PP
-\fB\-\-resume <filename>\fR (中断したスキャンを再開する)
+\fB\-\-resume \fR\fB\fIfilename\fR\fR (中断したスキャンを再開する)
 .RS 4
 対象が広範囲にわたるNmapの実行には非常に長い時間がかかり、数日ほどに及ぶ場合もある。そのようなスキャンは、常に完了するまで続けて実行できるとは限らない。様々な制約によってNmapを就業時間内に実行できなくなったり、ネットワークがダウンしたり、Nmapが動作しているマシンが計画的あるいは予定外に再起動させられたり、Nmap自体がクラッシュしたりなどが起こる可能性があるからだ。その他いかなる理由であっても同様に、Nmapを実行している管理者は、ctrl\-Cを押すことによって実行をキャンセルできる。このような場合、スキャン全体を最初から再開するのは望ましくないだろう。幸いにも、通常出力(\fB\-oN\fR)やgrep可能出力(\fB\-oG\fR)のログが残っていれば、ユーザは、実行を中断された際のターゲットに対するスキャンを再開するようNmapに命じることができる。これを行うには、\fB\-\-resume\fR
 オプションを指定し、通常/grep可能の出力ファイルを引数として渡す。Nmapはその出力ファイルをパースして、前に指定されたのと同じものを使うので、それ以外の引数は指定できない。\fBnmap \-\-resume\fR\fB\fIlogfilename\fR\fRとして、Nmapを呼び出す。Nmapは、前回の実行で指定されたデータファイルに新たな結果を追加する。この再開オプションは、XML出力フォーマットをサポートしていない。2回の実行結果を結合して1つの妥当なXMLファイルにするのは困難であるためだ。
 .RE
 .PP
-\fB\-\-stylesheet <path or URL>\fR (XML出力変換のXSLスタイルシートを設定する)
+\fB\-\-stylesheet \fR\fB\fIpath or URL\fR\fR (XML出力変換のXSLスタイルシートを設定する)
 .RS 4
 Nmapには、XML出力を閲覧したりHTMLに変換したりするためのnmap\&.xslというXSLスタイルシートが同梱されている。XML出力には、xml\-stylesheetディレクティブが組み込まれており、Nmapが最初にインストールした場所(もしくはWindows上の現在作業中のフォルダ)にあるnmap\&.xmlを参照する。最近のWebブラウザにNmapのXML出力を読み込むと、ブラウザはファイルシステムからnmap\&.xsl
 を読み出して、出力結果の処理に使用する。別のスタイルシートを使いたい場合は、この\fB\-\-stylesheet\fRオプションの引数として指定する。引数はフルパス名かURLで指定する。よく用いられる例を以下に示す：
@@ -844,7 +986,7 @@ IPv6は必ずしも世界を席巻しているわけではないが、一部(通
 このオプションは、Additional(付加的)、Advanced(高度)、Aggressive(アグレッシブ)なオプションを有効にする。だが、このうちのどれを表すのかはまだ明確には決めていない。現在はこのオプションを指定すると、OS検出(\fB\-O\fR)とバージョンスキャン(\fB\-sV\fR)を実行できる。今後、さらに多くの機能が追加されるだろう。ポイントは、ユーザが数多くのフラグをまとめて覚えなくても済むように、複数のスキャンオプションを包括的にまとめて実行できるようにすることである。このオプションが有効にするのは機能のみで、同じくそうしたいと思われるタイミングオプション(例えば\fB\-T4\fR)や冗長オプション(\fB\-v\fR)などは、有効にならない。
 .RE
 .PP
-\fB\-\-datadir <directoryname>\fR (Nmapの特別データファイルの位置を指定する)
+\fB\-\-datadir \fR\fB\fIdirectoryname\fR\fR (Nmapの特別データファイルの位置を指定する)
 .RS 4
 Nmapは、実行時に特別なデータを、nmap\-service\-probes、nmap\-services、nmap\-protocols、nmap\-rpc、nmap\-mac\-prefixes、nmap\-os\-fingerprintsという名前のファイルに取得する。Nmapはまず、(ある場合は)\fB\-\-datadir\fR
 オプションで指定したディレクトリ内で、これらのファイルを探す。ここで見つからなかったファイルは、「NMAPDIR」環境変数で指定したディレクトリから検索する。次に、実在する有効なUID(POSIXシステムの場合)やNmapの実行ファイル(Win32の場合)が格納されているディレクトリの~/\&.nmap
@@ -923,12 +1065,12 @@ scanme\&.nmap\&.orgが属している「クラスC」ネットワーク上のマ
 .PP
 198\&.116のクラスBアドレス空間で、8ビットで表せる255のサブネットに属するホストのうち、前半(1\-127)のIPアドレスを持つホストに対して、ホストの列挙とTCPスキャンを行う。このスキャンを行う目的は、対象システムでsshd、DNS、POP3d、IMAPd、4564番ポートが動作しているかどうかを調査することだ。これらのポートのなかで開いている(open)ことが判明したポートすべてに対してバージョン検出を使用して、何のアプリケーションが動作しているかを特定する。
 .PP
-\fBnmap \-v \-iR 100000 \-P0 \-p 80\fR
+\fBnmap \-v \-iR 100000 \-Pn \-p 80\fR
 .PP
-Nmapは100,000台のホストを無作為に選び、Webサーバ(80番ポート)のスキャンを行う。ホストの列挙は\fB\-P0\fR
+Nmapは100,000台のホストを無作為に選び、Webサーバ(80番ポート)のスキャンを行う。ホストの列挙は\fB\-Pn\fR
 で無効にしてある。各ターゲットホスト上で1つのポートしか調査しないのに、どのホストが稼動中であるかを特定するためにプローブを送るのは無駄だからだ。
 .PP
-\fBnmap \-P0 \-p80 \-oX logs/pb\-port80scan\&.xml \-oG logs/pb\-port80scan\&.gnmap 216\&.163\&.128\&.20/20\fR
+\fBnmap \-Pn \-p80 \-oX logs/pb\-port80scan\&.xml \-oG logs/pb\-port80scan\&.gnmap 216\&.163\&.128\&.20/20\fR
 .PP
 4096個のIPをスキャンしてWebサーバを見つけ出し(pingなしで)、結果出力をgrep可能およびXMLフォーマットで保存する。
 .PP
@@ -937,7 +1079,7 @@ Nmapは100,000台のホストを無作為に選び、Webサーバ(80番ポート
 company\&.comに存在するホストを発見するためにDNSのゾーン転送を実行し、発見したIPアドレスをnmapに渡す。このコマンドは、筆者のGNU/Linuxマシンで使用しているものだ。他のシステムには、ゾーン転送を実行するための別のコマンドがある。
 .SH "バグ"
 .PP
-Nmapも作者と同様に完全ではない。それでもNmapのほうは、ユーザによるバグの報告やパッチの作成のおかげで、よりよいものにしてゆくことができる。Nmapを使っていて、思い通りに動かない場合は、まず\m[blue]\fB\%https://nmap.org/\fR\m[]から入手できる最新のバージョンにアップグレードしてみる。問題が続くようなら、すでに発見・対処が行われた問題かどうかを調査して確かめる。エラーメッセージをGoogle検索したり、\m[blue]\fB\%http://seclists.org/\fR\m[]でNmap\-devアーカイブを閲覧したりしてみる。このmanページも全体に目を通した方がよい。それでもどうにもならない場合は、バグレポートを<dev@nmap\&.org>宛てにメールで送ること。メールには、使用しているNmapのバージョンと、Nmapを実行しているOSの名前とバージョンなどの情報だけでなく、問題に関して分かったことは何でも書いていただきたい。問題の報告やNmapの使い方についての質問などは、dev@nmap\&.org宛てに送るほうが、筆者宛てに直接送るよりも返事がある可能性ははるかに高い。
+Nmapも作者と同様に完全ではない。それでもNmapのほうは、ユーザによるバグの報告やパッチの作成のおかげで、よりよいものにしてゆくことができる。Nmapを使っていて、思い通りに動かない場合は、まず\m[blue]\fB\%https://nmap.org/\fR\m[]から入手できる最新のバージョンにアップグレードしてみる。問題が続くようなら、すでに発見・対処が行われた問題かどうかを調査して確かめる。エラーメッセージをGoogle検索したり、\m[blue]\fB\%https://seclists.org/\fR\m[]でNmap\-devアーカイブを閲覧したりしてみる。このmanページも全体に目を通した方がよい。それでもどうにもならない場合は、バグレポートを<dev@nmap\&.org>宛てにメールで送ること。メールには、使用しているNmapのバージョンと、Nmapを実行しているOSの名前とバージョンなどの情報だけでなく、問題に関して分かったことは何でも書いていただきたい。問題の報告やNmapの使い方についての質問などは、dev@nmap\&.org宛てに送るほうが、筆者宛てに直接送るよりも返事がある可能性ははるかに高い。
 .PP
 またバグレポートより、バグを修正するためのコードパッチのほうが歓迎される。ユーザ自身のコード変更によるパッチファイルの作成方法についての基本的な注意事項は\m[blue]\fB\%https://nmap.org/data/HACKING\fR\m[]
 で参照できる。パッチは、nmap\-dev宛てに送る(推奨)か、筆者Fyodorまで直接送っていただきたい。
@@ -947,6 +1089,11 @@ Fyodor
 <fyodor@nmap\&.org>
 (\m[blue]\fB\%http://www.insecure.org\fR\m[])
 .PP
+翻訳者
+.PP
+修正（2022/7）：Taichi Kotake, a\&.k\&.a tkmru
+<taichi\&.kotake@sterrasec\&.com>
+.PP
 ここ数年で何百人もの人々から、Nmapに対して貴重な貢献をしていただいた。この詳細については、Nmapとともに配布されているCHANGELOGファイルを参照のこと。CHANGELOGファイルは以下からも入手できる：\m[blue]\fB\%https://nmap.org/nmap_changelog.html\fR\m[]
 .SH "法的通知事項"
 .SS "著作権と使用許諾"

docs/man-xlate/nmap-man-de.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!-- $Id: nmap-man.xml 13215 2009-05-08 02:47:14Z fyodor $ -->
 <article id="man" lang="de">
 <artheader>
@@ -182,7 +182,7 @@ PORT SPECIFICATION AND SCAN ORDER:
   -p &lt;port ranges&gt;: Only scan specified ports
     Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
   -F: Fast mode - Scan fewer ports than the default scan
-  -r: Scan ports consecutively - don't randomize
+  -r: Scan ports sequentially - don't randomize
   --top-ports &lt;number&gt;: Scan &lt;number&gt; most common ports
   --port-ratio &lt;ratio&gt;: Scan ports more common than &lt;ratio&gt;
 SERVICE/VERSION DETECTION:
@@ -3186,7 +3186,7 @@ IP-Adressen angeben.</para>
 <para>Wenn Sie die Optionen in den gesendeten und empfangenen Paketen 
 sehen möchten, geben Sie <option>--packet-trace</option> an. Mehr 
 Informationen und Beispiele zum Einsatz von IP-Optionen mit Nmap finden 
-Sie unter <ulink url="http://seclists.org/nmap-dev/2006/q3/0052.html"/>.
+Sie unter <ulink url="https://seclists.org/nmap-dev/2006/q3/0052.html"/>.
 </para>
 
       </listitem>
@@ -4298,9 +4298,9 @@ sollten Sie zuerst auf die neueste Version aktualisieren, die unter
 <ulink url="https://nmap.org"/> verfügbar ist. Wenn das Problem anhält, 
 versuchen Sie herauszufinden, ob es bereits erkannt und bearbeitet 
 wurde. Suchen Sie nach der Fehlermeldung auf unserer Suchseite unter 
-<ulink url="http://insecure.org/search.html"/> oder bei Google. Stöbern 
+<ulink url="https://insecure.org/search.html"/> oder bei Google. Stöbern 
 Sie in den <citetitle>nmap-dev</citetitle>-Archiven unter 
-<ulink url="http://seclists.org/" />.<indexterm><primary><citetitle>nmap-dev</citetitle> Mailingliste</primary></indexterm> 
+<ulink url="https://seclists.org/" />.<indexterm><primary><citetitle>nmap-dev</citetitle> Mailingliste</primary></indexterm> 
 Lesen Sie auch diese Manpage vollständig. Wenn Sie keine Lösung finden, 
 schicken Sie einen Fehlerbericht per E-Mail an 
 <email>dev@nmap.org</email>. Beschreiben Sie darin bitte alles, 
@@ -4325,7 +4325,7 @@ geschickt werden.</para>
     <title>Autor</title>
     <para>Fyodor 
     <email>fyodor@nmap.org</email>
-    (<ulink url="http://insecure.org" />)
+    (<ulink url="https://insecure.org" />)
     </para>
 
     <para>Über die Jahre haben hunderte von Menschen wertvolle Beiträge 

docs/man-xlate/nmap-man-hu.xml

@@ -8,6 +8,8 @@
   <refmeta>
     <refentrytitle>nmap</refentrytitle>
     <manvolnum>1</manvolnum>
+    <refmiscinfo class="source">Nmap</refmiscinfo>
+    <refmiscinfo class="manual">Nmap Referencia Útmutató</refmiscinfo>
   </refmeta>
   <refnamediv id="man-name">
     <refname>nmap</refname>
@@ -2721,7 +2723,7 @@ mértékben támogatja ezt a paramétert.</para>
       lévő beállításokat, adja meg a <option>--packet-trace</option> paramétert. 
       Ha további információkra és példákra kíváncsi az Nmap programban használható 
       IP paraméterekkel kapcsolatban, látogasson el a 
-      <ulink url="http://seclists.org/nmap-dev/2006/q3/0052.html"></ulink> címre.
+      <ulink url="https://seclists.org/nmap-dev/2006/q3/0052.html"></ulink> címre.
       </para>
 
       </listitem>
@@ -3635,7 +3637,7 @@ kapuk csak egy számként jelennek meg, ha túl sok van belőlük.
     változatot a <ulink url="https://nmap.org"></ulink> címről. Ha a probléma továbbra 
     is fennáll, nézzen utána, hogy felfedezték-e már mások is. Keressen rá a 
     Google-ban a hibaüzenetre vagy böngéssze át az Nmap fejlesztői listát a 
-    <ulink url="http://seclists.org/"></ulink> címen. Olvassa végig ezt a leírást 
+    <ulink url="https://seclists.org/"></ulink> címen. Olvassa végig ezt a leírást 
     is. Ha nem talál semmit, küldjön egy hibajelentést az <email>dev@nmap.org</email> 
     címre. Írjon le mindent, amit a hibával kapcsolatban tapasztalt. Adja meg 
     pontosan a használt Nmap változatot és a futtató operációs rendszer változatát 
@@ -3653,7 +3655,7 @@ kapuk csak egy számként jelennek meg, ha túl sok van belőlük.
     <title>Szerző</title>
     <para>Fyodor 
     <email>fyodor@nmap.org</email>
-    (<ulink url="http://insecure.org"></ulink>)
+    (<ulink url="https://insecure.org"></ulink>)
     </para>
 
     <para>Az évek során emberek százai járultak hozzá értékes munkájukkal az Nmap 

docs/man-xlate/nmap-man-id.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!-- $Id: nmap-man.xml 12855 2009-04-02 03:24:21Z fyodor $ -->
 <article id="man" lang="id">
 <artheader>
@@ -189,7 +189,7 @@ PORT SPECIFICATION AND SCAN ORDER:
   -p &lt;port ranges&gt;: Only scan specified ports
     Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
   -F: Fast mode - Scan fewer ports than the default scan
-  -r: Scan ports consecutively - don't randomize
+  -r: Scan ports sequentially - don't randomize
   --top-ports &lt;number&gt;: Scan &lt;number&gt; most common ports
   --port-ratio &lt;ratio&gt;: Scan ports more common than &lt;ratio&gt;
 SERVICE/VERSION DETECTION:
@@ -2917,7 +2917,7 @@ mendukung opsi secara penuh, demikian pula scan UDP.</para>
       <para>Jika anda ingin melihat opsi dalam paket yang dikirim dan diterima,
       berikan <option>--packet-trace</option>.  Informasi dan contoh lebih lanjut
       tentang penggunaan opsi IP dengan Nmap, dapat dilihat di
-      <ulink url="http://seclists.org/nmap-dev/2006/q3/0052.html"/>.
+      <ulink url="https://seclists.org/nmap-dev/2006/q3/0052.html"/>.
       </para>
 
       </listitem>
@@ -3940,8 +3940,8 @@ banyaknya permintaan.  Berikan <option>--open</option> untuk hanya melihat port
     Nmap tidak berlaku sesuai yang anda harapkan, pertama upgrade ke versi terakhir
     yang tersedia dari <ulink url="https://nmap.org"/>.  Jika masalah masih tetap,
     lakukan riset untuk menentukan apakah ia telah ditemukan dan diselesaikan.
-    Cobalah mencari pesan kesalahan pada halaman pencarian kami <ulink url="http://insecure.org/search.html"/> atau di Google.  Juga cobalah
-    membrowsing arsip <citetitle>nmap-dev</citetitle> di <ulink url="http://seclists.org/"/>.<indexterm significance="normal"><primary><citetitle>nmap-dev</citetitle> mailing list</primary></indexterm>
+    Cobalah mencari pesan kesalahan pada halaman pencarian kami <ulink url="https://insecure.org/search.html"/> atau di Google.  Juga cobalah
+    membrowsing arsip <citetitle>nmap-dev</citetitle> di <ulink url="https://seclists.org/"/>.<indexterm significance="normal"><primary><citetitle>nmap-dev</citetitle> mailing list</primary></indexterm>
     Bacalah juga halaman manual ini dengan baik.
     Jika masih belum selesai juga, kirimkan laporan bug ke
     <email>dev@nmap.org</email>.  Mohon sertakan semua yang
@@ -3962,7 +3962,7 @@ banyaknya permintaan.  Berikan <option>--open</option> untuk hanya melihat port
     <title>Penulis</title>
     <para>Fyodor 
     <email>fyodor@nmap.org</email>
-    (<ulink url="http://insecure.org"/>)
+    (<ulink url="https://insecure.org"/>)
     </para>
 
     <para>Selama ini, ratusan orang telah memberikan kontribusi berharga ke Nmap.

docs/man-xlate/nmap-man-it.xml

@@ -9,6 +9,8 @@
       <refentrytitle>nmap</refentrytitle>
 
       <manvolnum>1</manvolnum>
+    <refmiscinfo class="source">Nmap</refmiscinfo>
+    <refmiscinfo class="manual">Guida di riferimento di Nmap</refmiscinfo>
     </refmeta>
 
     <refnamediv id="man-name">
@@ -193,7 +195,7 @@ PORT SPECIFICATION AND SCAN ORDER:
     Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
   --exclude-ports &lt;port ranges&gt;: Exclude the specified ports from scanning
   -F: Fast mode - Scan fewer ports than the default scan
-  -r: Scan ports consecutively - don't randomize
+  -r: Scan ports sequentially - don't randomize
   --top-ports &lt;number&gt;: Scan &lt;number&gt; most common ports
   --port-ratio &lt;ratio&gt;: Scan ports more common than &lt;ratio&gt;
 SERVICE/VERSION DETECTION:
@@ -4543,9 +4545,9 @@ SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
       versione disponibile su <ulink url="https://nmap.org/" />. Se il problema
       persiste effettua qualche ricerca per determinare se il problema è stato
       già scoperto e segnalato. Prova a cercare sulla nostra pagina di ricerca
-      <ulink url="http://insecure.org/search.html" /> o su Google il messaggio
+      <ulink url="https://insecure.org/search.html" /> o su Google il messaggio
       di errore o ancora a sfogliare l'archivio Nmap-dev all'indirizzo <ulink
-      url="http://seclists.org/" />. Leggi inoltre tutta questa pagina di
+      url="https://seclists.org/" />. Leggi inoltre tutta questa pagina di
       manuale. Se nulla di questo riguarda il tuo caso, manda un bug report a
       <email>dev@nmap.org</email>. Accertati di includere ogni cosa che sei
       riuscito a sapere sul problema, la versione di Nmap che hai installato e

docs/man-xlate/nmap-man-ja.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!-- $Id: manhtml.xml 2940 2005-11-17 22:39:47Z fyodor $ -->
 <article id="man" lang="ja">
 <artheader>
@@ -8,6 +8,8 @@
   <refmeta>
     <refentrytitle>nmap</refentrytitle>
     <manvolnum>1</manvolnum>
+    <refmiscinfo class="source">Nmap</refmiscinfo>
+    <refmiscinfo class="manual">Nmap リファレンスガイド</refmiscinfo>
   </refmeta>
   <refnamediv id="man-name">
     <refname>nmap</refname>
@@ -43,49 +45,42 @@
 
     <para>Nmapは、このポート一覧表以外にも、逆引きDNS名、OSの推測、デバイスの種類、MACアドレスなどの、調査対象に関するさらに詳細な情報を提供できる。</para>
 
-    <para>典型的なNmapスキャンの例を、以下の <xref linkend="例１"/>に示した。この例で使用されているNmapの引数は、OSとそのバージョンの検出を可能にする<option>-A</option>と、処理を高速に実行するための<option>-T4</option>、および２つのターゲットホスト名だけである。</para>
+    <para>典型的なNmapスキャンの例を、以下の <xref linkend="man-ex-repscan"/>に示した。この例で使用されているNmapの引数は、OSとそのバージョンの検出を可能にする<option>-A</option>と、処理を高速に実行するための<option>-T4</option>、および２つのターゲットホスト名だけである。</para>
 
-<example id="例１"><title>Nmapスキャンの典型的な例</title>
+<example id="man-ex-repscan"><title>Nmapスキャンの典型的な例</title>
 <screen>
-# nmap -A -T4 scanme.nmap.org playground
+# <userinput>nmap -A -T4 scanme.nmap.org</userinput>
 
-Starting nmap ( https://nmap.org/ )
-Interesting ports on scanme.nmap.org (205.217.153.62):
-(The 1663 ports scanned but not shown below are in state: filtered)
-PORT    STATE  SERVICE VERSION
-22/tcp  open   ssh     OpenSSH 3.9p1 (protocol 1.99)
-53/tcp  open   domain
-70/tcp  closed gopher
-80/tcp  open   http    Apache httpd 2.0.52 ((Fedora))
-113/tcp closed auth
+Nmap scan report for scanme.nmap.org (74.207.244.221)
+Host is up (0.029s latency).
+rDNS record for 74.207.244.221: li86-221.members.linode.com
+Not shown: 995 closed ports
+PORT     STATE    SERVICE     VERSION
+22/tcp   open     ssh         OpenSSH 5.3p1 Debian 3ubuntu7 (protocol 2.0)
+| ssh-hostkey: 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)
+|_2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)
+80/tcp   open     http        Apache httpd 2.2.14 ((Ubuntu))
+|_http-title: Go ahead and ScanMe!
+646/tcp  filtered ldp
+1720/tcp filtered H.323/Q.931
+9929/tcp open     nping-echo  Nping echo
 Device type: general purpose
-Running: Linux 2.4.X|2.5.X|2.6.X
-OS details: Linux 2.4.7 - 2.6.11, Linux 2.6.0 - 2.6.11
-Uptime 33.908 days (since Thu Jul 21 03:38:03 2005)
+Running: Linux 2.6.X
+OS CPE: cpe:/o:linux:linux_kernel:2.6.39
+OS details: Linux 2.6.39
+Network Distance: 11 hops
+Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
 
-Interesting ports on playground.nmap.org (192.168.0.40):
-(The 1659 ports scanned but not shown below are in state: closed)
-PORT     STATE SERVICE       VERSION
-135/tcp  open  msrpc         Microsoft Windows RPC
-139/tcp  open  netbios-ssn
-389/tcp  open  ldap?
-445/tcp  open  microsoft-ds  Microsoft Windows XP microsoft-ds
-1002/tcp open  windows-icfw?
-1025/tcp open  msrpc         Microsoft Windows RPC
-1720/tcp open  H.323/Q.931   CompTek AquaGateKeeper
-5800/tcp open  vnc-http      RealVNC 4.0 (Resolution 400x250; VNC TCP port: 5900)
-5900/tcp open  vnc           VNC (protocol 3.8)
-MAC Address: 00:A0:CC:63:85:4B (Lite-on Communications)
-Device type: general purpose
-Running: Microsoft Windows NT/2K/XP
-OS details: Microsoft Windows XP Pro RC1+ through final release
-Service Info: OSs: Windows, Windows XP
+TRACEROUTE (using port 53/tcp)
+HOP RTT      ADDRESS
+[Cut first 10 hops for brevity]
+11  17.65 ms li86-221.members.linode.com (74.207.244.221)
 
-Nmap finished: 2 IP addresses (2 hosts up) scanned in 88.392 seconds
+Nmap done: 1 IP address (1 host up) scanned in 14.40 seconds
 </screen>
 </example>
 
-<para>Nmapの最新バージョンは、<ulink url="https://nmap.org/"/>から入手できる。また、本マニュアルページの最新版は、<ulink url="https://nmap.org/man/"/>で参照できる。</para>
+<para>Nmapの最新バージョンは、<ulink url="https://nmap.org"/>から入手できる。また、本マニュアルページの最新版は、<ulink url="https://nmap.org/book/man.html"/>で参照できる。</para>
 
   </refsect1>
 
@@ -94,87 +89,7 @@ Nmap finished: 2 IP addresses (2 hosts up) scanned in 88.392 seconds
 
 <para>このオプション概要は、Nmapを引数なしで実行すると表示される。最新版は<ulink url="https://nmap.org/data/nmap.usage.txt"/>で参照できる。これを見ると、比較的利用機会の多いオプションについての概要を確認できるが、本マニュアルの以下に掲載する詳細な解説に代わるものではない。使用頻度の低いオプションには、ここに含まれていないものもある。</para>
 
-<para>
-<literallayout class="normal">Usage: nmap [Scan Type(s)] [Options] {target specification}
-TARGET SPECIFICATION:
-  Can pass hostnames, IP addresses, networks, etc.
-  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-  -iL &lt;inputfilename&gt;: Input from list of hosts/networks
-  -iR &lt;num hosts&gt;: Choose random targets
-  --exclude &lt;host1[,host2][,host3],...&gt;: Exclude hosts/networks
-  --excludefile &lt;exclude_file&gt;: Exclude list from file
-HOST DISCOVERY:
-  -sL: List Scan - simply list targets to scan
-  -sP: Ping Scan - go no further than determining if host is online
-  -P0: Treat all hosts as online -- skip host discovery
-  -PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
-  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
-SCAN TECHNIQUES:
-  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-  -sN/sF/sX: TCP Null, FIN, and Xmas scans
-  --scanflags &lt;flags&gt;: Customize TCP scan flags
-  -sI &lt;zombie host[:probeport]&gt;: Idlescan
-  -sO: IP protocol scan
-  -b &lt;ftp relay host&gt;: FTP bounce scan
-PORT SPECIFICATION AND SCAN ORDER:
-  -p &lt;port ranges&gt;: Only scan specified ports
-    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
-  -F: Fast - Scan only the ports listed in the nmap-services file)
-  -r: Scan ports consecutively - don't randomize
-SERVICE/VERSION DETECTION:
-  -sV: Probe open ports to determine service/version info
-  --version-light: Limit to most likely probes for faster identification
-  --version-all: Try every single probe for version detection
-  --version-trace: Show detailed version scan activity (for debugging)
-OS DETECTION:
-  -O: Enable OS detection
-  --osscan-limit: Limit OS detection to promising targets
-  --osscan-guess: Guess OS more aggressively
-TIMING AND PERFORMANCE:
-  -T[0-6]: Set timing template (higher is faster)
-  --min-hostgroup/max-hostgroup &lt;size&gt;: Parallel host scan group sizes
-  --min-parallelism/max-parallelism &lt;numprobes&gt;: Probe parallelization
-  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout &lt;msec&gt;: Specifies
-      probe round trip time.
-  --host-timeout &lt;msec&gt;: Give up on target after this long
-  --scan-delay/--max-scan-delay &lt;msec&gt;: Adjust delay between probes
-FIREWALL/IDS EVASION AND SPOOFING:
-  -f; --mtu &lt;val&gt;: fragment packets (optionally w/given MTU)
-  -D &lt;decoy1,decoy2[,ME],...&gt;: Cloak a scan with decoys
-  -S &lt;IP_Address&gt;: Spoof source address
-  -e &lt;iface&gt;: Use specified interface
-  -g/--source-port &lt;portnum&gt;: Use given port number
-  --data-length &lt;num&gt;: Append random data to sent packets
-  --ttl &lt;val&gt;: Set IP time-to-live field
-  --spoof-mac &lt;mac address/prefix/vendor name&gt;: Spoof your MAC address
-OUTPUT:
-  -oN/-oX/-oS/-oG &lt;file&gt;: Output scan in normal, XML, s|&lt;rIpt kIddi3,
-     and Grepable format, respectively, to the given filename.
-  -oA &lt;basename&gt;: Output in the three major formats at once
-  -v: Increase verbosity level (use twice for more effect)
-  -d[level]: Set or increase debugging level (Up to 9 is meaningful)
-  --packet-trace: Show all packets sent and received
-  --iflist: Print host interfaces and routes (for debugging)
-  --append-output: Append to rather than clobber specified output files
-  --resume &lt;filename&gt;: Resume an aborted scan
-  --stylesheet &lt;path/URL&gt;: XSL stylesheet to transform XML output to HTML
-  --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
-MISC:
-  -6: Enable IPv6 scanning
-  -A: Enables OS detection and Version detection
-  --datadir &lt;dirname&gt;: Specify custom Nmap data file location
-  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
-  --privileged: Assume that the user is fully privileged
-  -V: Print version number
-  -h: Print this help summary page.
-EXAMPLES:
-  nmap -v -A scanme.nmap.org
-  nmap -v -sP 192.168.0.0/16 10.0.0.0/8
-  nmap -v -iR 10000 -P0 -p 80
-</literallayout>
-
-</para>
+<screen><xi:include href="../nmap.usage.txt" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></screen>
 
   </refsect1>
 
@@ -183,11 +98,12 @@ EXAMPLES:
 
 <para>Nmapのコマンドラインで、オプション(もしくはオプションの引数)でないものはすべて、ターゲットホストの指定として扱われる。最も簡単な例は、スキャンを行うターゲットのIPアドレスやホスト名の指定である。</para>
 
+<!-- Missing paragraph: "When a hostname is given as a target[...]" -->
 <para>隣接した複数のホストから成るネットワーク全体をスキャン対象としたい場合は、CIDR表記のアドレス指定を利用できる。IPアドレスやホスト名の末尾に<replaceable>bit数</replaceable>を付加すると、Nmapは、アドレスの上位から指定した<replaceable>bit数</replaceable>までが参照するIPアドレスや特定のホスト名と同じアドレスをすべてスキャンする。例えば、192.168.10.0/24を指定すると 192.168.10.0 (２進表示： <literal moreinfo="none">11000000 10101000 00001010 00000000</literal>)から192.168.10.255 (２進表示： <literal moreinfo="none">11000000 10101000 00001010 11111111</literal>)までの２５６のホストがスキャンされる。192.168.10.40/24を指定しても、まったく同じ結果になる。ホスト scanme.nmap.orgのIPアドレスが205.217.153.62であるとすると、scanme.nmap.org/16という指定では、205.217.0.0 から 205.217.255.255 までの65,536個のIPアドレスをスキャンすることになる。指定可能な最小値は/1であり、これはインターネットの半分をスキャンすることになる。最大値は/32で、すべてのアドレスビットが固定されるので、指定したホストやIPアドレスだけがスキャンされる。</para>
 
 <para>CIDR表記は簡潔であるが、必ずしも十分な柔軟性があるわけではない。例えば、192.168.0.0/16をスキャンする際に、.0や.255で終わるアドレスは、通常はブロードキャストアドレスなのですべて対象から除外したい場合があるだろう。Nmapではこのケースには、オクテット(octet=8bit)範囲のアドレス指定によって対応する。通常のIPアドレスを指定する代わりに、コンマ区切りの数のリストや各オクテット(8bit)の範囲を指定できる。例えば、192.168.0-255.1-254と指定すると、.0と.255で終わる範囲のアドレスはすべて省かれる。この範囲は最後のオクテットだけに限る必要はない。すなわち、0-255.0-255.13.37と指定すると、13.37で終わるすべてのIPアドレスをインターネット全体でスキャンする。このような広範囲からのサンプリングは、インターネットの調査や研究を行う場合に役立つ。</para>
 
-<para>IPv6アドレスは、完全修飾形(省略なし)のIPv6アドレスやホスト名でしか指定できない。IPv6では、CIDRやオクテット範囲は使い道がほとんどないため、サポートされない。</para>
+<para><!-- Outdated info in this paragraph -->IPv6アドレスは、完全修飾形(省略なし)のIPv6アドレスやホスト名でしか指定できない。IPv6では、CIDRやオクテット範囲は使い道がほとんどないため、サポートされない。</para>
 
 <para>Nmapはコマンドラインでの複数のホスト指定方法に対応しており、すべて同じ形式にしなくてもよい。<command moreinfo="none">nmap scanme.nmap.org 192.168.0.0/8 10.0.0,1,3-7.0-255</command>というコマンドを実行しても、期待通りの結果になる。</para>
 
@@ -196,7 +112,7 @@ EXAMPLES:
     <variablelist>
       <varlistentry>
         <term>
-          <option>-iL &lt;inputfilename&gt;</option> (リストから入力)
+          <option>-iL <replaceable>inputfilename</replaceable></option> (リストから入力)
         </term>
         <listitem>
           <para><replaceable>入力ファイル名</replaceable>から、ターゲットの指定を読み込む。コマンドラインで非常に巨大なホストリストを渡すのは不適切である場合が多いが、それが望まれるのもよくあるケースである。例えば、スキャンの対象にしたいと考えている目下の割り当てアドレスの10000個のリストが、DHCPサーバからエクスポートされる可能性もある。あるいは、不正な固定IPアドレスを使用しているホストの位置を示すアドレスを<emphasis>除いた</emphasis>すべてのIPアドレスをスキャンしたいと思う場合もあるかもしれない。とにかく、スキャンするべきホストのリストを作成し、そのファイル名を<option>-iL</option>オプションの引数としてNmapに渡せばよい。入力の形式は、Nmapがコマンドラインで対応しているもの(IPアドレス、ホスト名、CIDR、IPv6、オクテット範囲)なら何でもよいが、各入力は、1つ以上のスペース、タブ、改行文字で区切る必要がある。実際のファイルではなくて標準入力から、Nmapにホストを読み込ませたい場合は、ファイル名としてハイフン(<literal moreinfo="none">-</literal>)を指定するとよい。</para>
@@ -205,7 +121,7 @@ EXAMPLES:
 
       <varlistentry>
         <term>
-          <option>-iR &lt;num hosts&gt;</option> (ターゲットを無作為に選ぶ)
+          <option>-iR <replaceable>num hosts</replaceable></option> (ターゲットを無作為に選ぶ)
         </term>
         <listitem>
           <para>インターネット全域に対する調査や研究を行う場合、ターゲットを無作為に選びたい場合もあるだろう。<replaceable>ホスト数</replaceable>の引数は、IPをいくつ生成するべきかをNmapに伝える。プライベート、マルチキャスト、未割り当てなどのアドレス範囲のような望ましくないIPは、自動的に飛ばして進むようになっている。引数に<literal moreinfo="none">0(ゼロ)</literal>を指定すると、スキャンが無限に続けられる。ただし、ネットワーク管理者のなかには、自身の管理するネットワークを不正にスキャンされたことに腹を立ててクレームをつける場合もあることに注意しておこう。このオプションは、自己責任で使用すること！　雨の日の午後、退屈しのぎに拾い見るためのWebサーバを無作為に見つけたい場合は、<command moreinfo="none">nmap -sS -PS80 -iR 0 -p 80</command>というコマンドを試してみるとよい。</para>
@@ -215,7 +131,7 @@ EXAMPLES:
       <varlistentry>
         <term>
           <option>--exclude
-          &lt;host1[,host2][,host3],...&gt;</option> (ホスト/ネットワークを除外する)
+          <replaceable>host1</replaceable><optional>,<replaceable>host2</replaceable><optional>,...</optional></optional></option> (ホスト/ネットワークを除外する)
         </term>
         <listitem>
           <para>ターゲットのコンマ区切りリストを指定し、それらが指定した全ネットワーク範囲の一部であっても、スキャン対象から除外されるようにする。引数として渡すリストでは通常のNmap構文が用いられるので、ホスト名、CIDR表記のネットブロック、オクテット範囲などを含めることもできる。このオプションが役に立つのは、スキャンしたいネットワークに、ポートスキャンによって悪影響が及ぶことがわかっている、触れてはならないミッションクリティカルなサーバやシステムや、他人が管理しているサブネットワークが含まれる場合である。</para>
@@ -224,12 +140,13 @@ EXAMPLES:
 
       <varlistentry>
         <term>
-          <option>--excludefile &lt;exclude_file&gt;</option> (ファイルからリストを除外する)
+          <option>--excludefile <replaceable>exclude_file</replaceable></option> (ファイルからリストを除外する)
         </term>
         <listitem>
           <para><option>--exclude</option>オプションとほぼ同じ機能を提供するが、異なる点は、除外されるターゲットが、コマンドラインではなく、改行文字、スペース、タブなどで区切った<replaceable>除外ファイル</replaceable>で渡されることである。</para>
         </listitem>
       </varlistentry>
+      <!-- Missing option descriptions: -n -R -/-resolve-all -/-unique -/-system-dns -/-dns-servers -->
     </variablelist>
   </refsect1>
 
@@ -238,7 +155,7 @@ EXAMPLES:
  
    <para>ネットワーク偵察ミッションの第一段階に行うべきことの1つは、一連の(非常に広範な場合もある)IP範囲を限定して、アクティブな状態であるか、関心のあるホストのリストを作成することである。各IPアドレスのポートを1つ1つスキャンするのは、時間はかかるもののなかなか進まない、通常は無駄な作業である。もちろん、あるホストに興味を引かれる要因は、スキャンの目的に大きく左右される。ネットワーク管理者なら、特定のサービスを実行しているホストにしか興味を示さないかもしれないし、セキュリティ監査人なら、IPアドレスを持つデバイス1つ1つに関心を引かれる場合もあるだろう。内部ネットワーク管理者なら、自分が管理するネットワーク上のホストの位置を確認するためにICMP pingを使えるだけで満足かもしれないし、外部のペネトレーションテストの実施担当者なら、ファイアウォールの制限をすり抜けようとして、多種多様な調査手法を使う場合もあるだろう。</para>
 
-    <para>このように、ホスト発見のニーズは多岐にわたるので、Nmapには、使用する技法をカスタマイズするための幅広い種類のオプションが備わっている。ホスト探索はpingスキャンと呼ばれることもあるが、一般的な<application moreinfo="none">ping</application>ツールによる単純なICMPエコー要求パケットよりもはるかに優れている。ユーザは、リストスキャン(<option>-sL</option>)を用いるか、pingを無効にして(<option>-P0</option>)、このping段階を完全に省略するか、もしくはネットワークに対してマルチポートのTCP SYN/ACK、UDP、ICMPなどのプローブを任意に組み合わせて行うことができる。これらのプローブの目的は、IPアドレスが実際にアクティブな状態(ホストやネットワークデバイスによって使用中)であることを示す応答を誘い出すことである。多くのネットワークでは、いつでもアクティブなIPアドレスは全体のほんのわずかしかない。RFC1918で定められたプライベートアドレス空間(例：10.0.0.0/8)では特にそうなっている。このネットワークには、1600万個のIPアドレスがあるが、これが1000台足らずのマシンしかない企業で使われているのを見たことがある。ホスト発見を実行すると、こうした広大なIPアドレスの海の中から、まばらにIPアドレスを割り振られたマシンを探し出すことができる。</para>
+    <para>このように、ホスト発見のニーズは多岐にわたるので、Nmapには、使用する技法をカスタマイズするための幅広い種類のオプションが備わっている。ホスト探索はpingスキャンと呼ばれることもあるが、一般的な<application moreinfo="none">ping</application>ツールによる単純なICMPエコー要求パケットよりもはるかに優れている。ユーザは、リストスキャン(<option>-sL</option>)を用いるか、pingを無効にして(<option>-Pn</option>)、このping段階を完全に省略するか、もしくはネットワークに対してマルチポートのTCP SYN/ACK、UDP、ICMPなどのプローブを任意に組み合わせて行うことができる。これらのプローブの目的は、IPアドレスが実際にアクティブな状態(ホストやネットワークデバイスによって使用中)であることを示す応答を誘い出すことである。多くのネットワークでは、いつでもアクティブなIPアドレスは全体のほんのわずかしかない。RFC1918で定められたプライベートアドレス空間(例：10.0.0.0/8)では特にそうなっている。このネットワークには、1600万個のIPアドレスがあるが、これが1000台足らずのマシンしかない企業で使われているのを見たことがある。ホスト発見を実行すると、こうした広大なIPアドレスの海の中から、まばらにIPアドレスを割り振られたマシンを探し出すことができる。</para>
 
     <para>　ホスト発見のオプションが何も指定されない場合、Nmapはポート80宛てのTCP ACKパケットと、ICMPエコー要求クエリを各ターゲットマシンに送信する。この例外は、ローカル イーサネット ネットワーク上にあるターゲットに対して、ARPスキャンが用いられている場合である。高い権限のないUNIXシェルユーザでは、<function moreinfo="none">connect()</function>システムコールを使って、ACKの代わりにSYNパケットが送られる。これらのデフォルトは、<option>-PA -PE</option> オプションに相当する。このホスト発見機能は、ローカルネットワークをスキャンする場合は十分だが、より包括的な一連の発見調査は、セキュリティ監査に任せた方がよい。</para>
     
@@ -253,20 +170,21 @@ EXAMPLES:
         <listitem>
           <para>ホスト発見の縮小版で、単に指定されたネットワークの全ホストを一覧するだけであり、ターゲットホストには何もパケットを送らない。デフォルトでは、Nmapはホスト名を知るために、ホスト上でDNSの逆引き解決も行う。単なるホスト名とはいえ、意外なほど有用な情報をもたらしてくれることも多い。例えば<literal moreinfo="none">fw.chi.playboy.com</literal>は、プレイボーイ社(Playboy Enterprises)のシカゴ(Chicago)支社のファイアウォールである。また最終的には、IPアドレスの総数についての報告もある。リストスキャンは、自分のターゲットに対して正しいIPアドレスが得られていることを確認するための有効な健全性検査になる。ターゲットのホストが見覚えのないドメイン名を示している場合は、間違って別の会社のネットワークをスキャンしてしまわないように、さらに詳しく調査するだけの価値はある。</para>
 
-          <para>リストスキャンの狙いは、単にターゲットホストのリストを出力するだけなので、ポートスキャン、OS検出、pingスキャンなどのより高度なレベルの機能を実現するためのオプションは、これと組み合わせることはできない。これらのハイレベルの機能を実行する際に、pingスキャンを無効にしたい場合は、<option>-P0</option>オプションの項を参照のこと。</para>
+          <para>リストスキャンの狙いは、単にターゲットホストのリストを出力するだけなので、ポートスキャン、OS検出、pingスキャンなどのより高度なレベルの機能を実現するためのオプションは、これと組み合わせることはできない。これらのハイレベルの機能を実行する際に、pingスキャンを無効にしたい場合は、<option>-Pn</option>オプションの項を参照のこと。</para>
         </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>
-        <option>-sP</option> (Ping スキャン)</term>
+          <!-- Section needs updating, including replacing "ping scan" with "no port scan" -->
+        <option>-sn</option> (Ping スキャン)</term>
         <listitem>
 
            <para>このオプションを使うと、Nmapはpingスキャン(ホスト発見)<emphasis>のみ</emphasis>を実行し、応答した利用可能なホストの一覧を出力する。それ以上の調査(ポートスキャンやOS検出など)は行わない。リストスキャンよりも一歩立ち入った調査になるが、同じ目的で使用される場合が多い。ターゲットネットワークの予備調査を、あまり注意を引かずに軽く実行できる。攻撃者にとっては、IPおよびホスト名を1つ1つリストスキャンして得られるリストよりも、アクティブなホストがいくつあるかを知ることのほうが価値がある。</para>
 
            <para>またこのオプションは、システム管理者の役に立つ場合も多く、ネットワーク上の利用可能なマシンの数を数えたり、サーバの可用性を監視したりするために容易に利用できる。pingスウィープと呼ばれることも多く、ブロードキャストのクエリには応答しないホストが多いために、ブロードキャストアドレスにpingを打つよりも信頼性が高い。</para>
 
-           <para><option>-sP</option>オプションはデフォルトで、ICMPエコー要求と80番ポート宛てのTCPパケットを送信する。高い権限がないユーザが実行する場合は、SYNパケットが(<function moreinfo="none">connect()</function>コールを使って)ターゲットの80番ポートに送られる。高い権限を持つユーザが、ローカル イーサネット ネットワーク上のターゲットのスキャンを試みる場合は、<option>--send-ip</option>が指定されていない限り、ARP要求(<option>-PR</option>)が用いられる。<option>-sP</option>オプションを、発見プローブタイプ(<option>-P0</option>を除く<option>-P*</option>タイプ)のオプションと組み合わせると、さらに柔軟に対応できる。このプローブタイプのどれかとポート番号のオプションを使うと、デフォルトのプローブ(ACKやエコー要求)よりも優先される。Nmapを実行している発信元ホストとターゲットネットワークの間に、制限の厳しいファイアウォールが設置してある場合は、これらの高度なテクニックを用いるべきである。さもないと、ファイアウォールでプローブパケットやホストの応答パケットが破棄された場合に、ホストを検出し損ねる可能性がある。</para>
+           <para><option>-sn</option>オプションはデフォルトで、ICMPエコー要求と80番ポート宛てのTCPパケットを送信する。高い権限がないユーザが実行する場合は、SYNパケットが(<function moreinfo="none">connect()</function>コールを使って)ターゲットの80番ポートに送られる。高い権限を持つユーザが、ローカル イーサネット ネットワーク上のターゲットのスキャンを試みる場合は、<option>--send-ip</option>が指定されていない限り、ARP要求(<option>-PR</option>)が用いられる。<option>-sn</option>オプションを、発見プローブタイプ(<option>-Pn</option>を除く<option>-P*</option>タイプ)のオプションと組み合わせると、さらに柔軟に対応できる。このプローブタイプのどれかとポート番号のオプションを使うと、デフォルトのプローブ(ACKやエコー要求)よりも優先される。Nmapを実行している発信元ホストとターゲットネットワークの間に、制限の厳しいファイアウォールが設置してある場合は、これらの高度なテクニックを用いるべきである。さもないと、ファイアウォールでプローブパケットやホストの応答パケットが破棄された場合に、ホストを検出し損ねる可能性がある。</para>
 
         </listitem>
       </varlistentry>
@@ -274,16 +192,16 @@ EXAMPLES:
 
       <varlistentry>
         <term>
-          <option>-P0</option> (ping なし)
+          <option>-Pn</option> (ping なし)
         </term>
         <listitem>
-          <para>このオプションを指定すると、Nmapが実行するホスト発見の段階が完全に省略される。Nmapは通常この検出段階で、さらに立ち入ったスキャンを行うためのアクティブなマシンを割り出す。Nmapはデフォルトでは、ポートスキャン、バージョン検出、OS検出などの立ち入ったプローブは、作動していることが判明したホストに対してしか実行しないようになっている。<option>-P0</option>を使ってホスト発見を無効にすると、Nmapはターゲットに指定されたIPアドレス<emphasis>すべて</emphasis>に対して、要求されたスキャン機能を実行しようとする。つまり、クラスBのサイズのアドレス空間(/16)を、コマンドラインでターゲットに指定した場合、65,536個のIPアドレスすべてがスキャンされる。<option>-P0</option>の2番目の文字は数字のゼロであり、英字のオーではない。リストスキャンの場合と同様に、本来行うべきホスト発見の段階は省略されるが、Nmapはそこで停止してターゲットのリストを出力するのではなくて、各ターゲットIPがアクティブであるかのように、要求された機能を実行し続ける。</para>
+          <para>このオプションを指定すると、Nmapが実行するホスト発見の段階が完全に省略される。Nmapは通常この検出段階で、さらに立ち入ったスキャンを行うためのアクティブなマシンを割り出す。Nmapはデフォルトでは、ポートスキャン、バージョン検出、OS検出などの立ち入ったプローブは、作動していることが判明したホストに対してしか実行しないようになっている。<option>-Pn</option>を使ってホスト発見を無効にすると、Nmapはターゲットに指定されたIPアドレス<emphasis>すべて</emphasis>に対して、要求されたスキャン機能を実行しようとする。つまり、クラスBのサイズのアドレス空間(/16)を、コマンドラインでターゲットに指定した場合、65,536個のIPアドレスすべてがスキャンされる。<option>-Pn</option>の2番目の文字は数字のゼロであり、英字のオーではない。リストスキャンの場合と同様に、本来行うべきホスト発見の段階は省略されるが、Nmapはそこで停止してターゲットのリストを出力するのではなくて、各ターゲットIPがアクティブであるかのように、要求された機能を実行し続ける。</para>
         </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>
-        <option>-PS [portlist]</option> (TCP SYN Ping)</term>
+        <option>-PS <replaceable>portlist</replaceable></option> (TCP SYN Ping)</term>
         <listitem>
 
           <para>このオプションによって、SYNフラグ付きの空のTCPパケットが送信される。デフォルトの送信先ポートは80番(この設定は、<filename moreinfo="none">nmap.h</filename>のDEFAULT_TCP_PROBE_PORTを書き換えてコンパイルすると変更できる)だが、代わりのポートをパラメタとして指定できる。また、コンマ区切りのポート番号リスト(例：<option>-PS22,23,25,80,113,1050,35000</option>)を指定することも可能である。この場合、各ポートに対するプローブは同時並行で試みられる。</para>
@@ -299,7 +217,7 @@ EXAMPLES:
 
       <varlistentry>
         <term>
-        <option>-PA [portlist]</option> (TCP ACK Ping)</term>
+        <option>-PA <replaceable>portlist</replaceable></option> (TCP ACK Ping)</term>
         <listitem>
           <para>TCP ACK pingは、すぐ上で述べたSYN pingのケースに酷似している。異なる点は、想像される通り、SYNフラグの代わりにTCP ACKフラグが付けられることである。こうしたACKパケットは、確立されたTCPコネクション上のデータを承認していると称しているが、そのようなコネクションは存在しないのである。そのため、リモートホストは常にRSTパケットで応答しなければならなくなり、この過程で自らの存在を明らかにすることになる。</para>
 
@@ -313,7 +231,7 @@ EXAMPLES:
 
       <varlistentry>
         <term>
-        <option>-PU [portlist]</option> (UDP Ping)</term>
+        <option>-PU <replaceable>portlist</replaceable></option> (UDP Ping)</term>
         <listitem>
 
           <para>これもホスト発見用オプションで、空の(<option>--data-length</option>が指定されている場合を除き)UDPパケットを特定のポートに送信する。ポートリストは、上で述べた<option>-PS</option> や <option>-PA</option>のオプションの場合と同じ形式にする。特にポートが指定されていない場合、デフォルトでは31338番になる。このデフォルト値を設定するには、<filename moreinfo="none">nmap.h</filename>のDEFAULT_UDP_PROBE_PORTを書き換えてコンパイルする。ほとんど使われることがないポートがデフォルトで使用されている理由は、開放ポートへの送信が、このスキャンタイプでは特に望ましくない場合が多いからである。</para>
@@ -547,8 +465,8 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-        <option>-sI &lt;zombie
-        host[:probeport]&gt;</option> (Idle スキャン)</term>
+        <option>-sI <replaceable>zombie host</replaceable><optional>:<replaceable>probeport</replaceable></optional></option>
+            (Idle スキャン)</term>
 
         <listitem>
 
@@ -579,7 +497,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-        <option>-b &lt;ftp relay host&gt;</option> (FTP バウンス スキャン)</term>
+        <option>-b <replaceable>ftp relay host</replaceable></option> (FTP バウンス スキャン)</term>
         <listitem>
 
 <para>FTPプロトコル(<ulink url="http://www.rfc-editor.org/rfc/rfc959.txt">RFC 959</ulink>)の興味深い特徴の1つは、いわゆるプロキシFTP接続に対応していることである。これにより、ユーザは一台のFTPサーバに接続し、そのファイルを第三者サーバに送るように要求できる。これは、様々なレベルの悪用にうってつけの機能なので、たいていのサーバでは、サポートするのを止めている。例えば、この機能を悪用して、FTPサーバに他のホストをポートスキャンさせることも可能である。単に、ターゲットホストの興味あるポートに順にファイルを送信するよう、そのFTPサーバに要求するだけでよい。エラーメッセージには、ポートが開いているか否かが記述される。これは、ファイアウォールをすり抜けるための有効な手段になる。組織のFTPサーバは、どんなインターネットホストよりも、他の内部ホストにアクセスしやすい場所に設置されている場合が多いからだ。Nmapは、<option>-b</option>オプションでftpバウンススキャンを実行できる。引数は<replaceable>username</replaceable>:<replaceable>password</replaceable>@<replaceable>server</replaceable>:<replaceable>port</replaceable>のような形式になる。<replaceable>Server</replaceable>は、この脆弱性の影響を受けるFTPサーバの名前かIPアドレスを指定する。通常のURLの場合と同様に、匿名ログインの認証情報(user:
@@ -600,7 +518,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
     <variablelist>
       <varlistentry>
         <term>
-          <option>-p &lt;port ranges&gt;</option> (指定されたポートのみスキャン)
+          <option>-p <replaceable>port ranges</replaceable></option> (指定されたポートのみスキャン)
         </term>
         <listitem>
 
@@ -669,7 +587,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-          <option>--version-intensity &lt;intensity&gt;</option> (バージョンスキャンの強度を設定)
+          <option>--version-intensity <replaceable>intensity</replaceable></option> (バージョンスキャンの強度を設定)
         </term>
         <listitem>
 
@@ -745,7 +663,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
           <option>--osscan-limit</option> (OS検出を有望なターゲットに絞る)
         </term>
         <listitem>
-          <para>少なくとも1つのopenおよびclosedのTCPポートが見つかれば、OS検出の効率はかなり上がる。このオプションを設定すると、Nmapは上の基準に満たないホストにはOS検出を試行しないようになる。これにより、かなりの時間が節約できる。多くのホストに対して<option>-P0</option>スキャンを行う場合は特にそうである。<option>-O</option> あるいは <option>-A</option>で、OS検出の実行をいつ要求するかだけが重要になる。</para>
+          <para>少なくとも1つのopenおよびclosedのTCPポートが見つかれば、OS検出の効率はかなり上がる。このオプションを設定すると、Nmapは上の基準に満たないホストにはOS検出を試行しないようになる。これにより、かなりの時間が節約できる。多くのホストに対して<option>-Pn</option>スキャンを行う場合は特にそうである。<option>-O</option> あるいは <option>-A</option>で、OS検出の実行をいつ要求するかだけが重要になる。</para>
         </listitem>
       </varlistentry>
 
@@ -773,9 +691,9 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-        <option>--min-hostgroup &lt;size&gt;</option>; 
+        <option>--min-hostgroup <replaceable>size</replaceable></option>; 
         <option>--max-hostgroup
-        &lt;size&gt;</option> (並列スキャンのグループサイズを調節する)</term>
+        <replaceable>size</replaceable></option> (並列スキャンのグループサイズを調節する)</term>
         <listitem>
 <para>Nmapには、複数のホストを並行してポートスキャンやバージョンスキャンする能力がある。これは、ターゲットのIP空間をいくつかのグループに分割し、一度に1グループずつスキャンすることで行われる。一般に、グループの規模を大きくするほど、効率がよくなる。デメリットは、グループ全体のスキャンが終了してからでないと、ホストの結果が得られないことである。そのため、グループサイズが50から始めた場合、ユーザがレポートを受け取るのは、(冗長モードで最新情報が提供される場合を除く)最初の50台のホストが完了してからになる。</para>
 
@@ -790,9 +708,9 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-        <option>--min-parallelism &lt;numprobes&gt;</option>;
+        <option>--min-parallelism <replaceable>numprobes</replaceable></option>;
         <option>--max-parallelism
-        &lt;numprobes&gt;</option> (プローブの並列処理を調節する)</term>
+        <replaceable>numprobes</replaceable></option> (プローブの並列処理を調節する)</term>
         <listitem>
 
 <para>ホストグループに向けて送信されるプローブの総数を決めるオプションで、ポートスキャンやホスト発見に用いられる。デフォルトでは、Nmapは、ネットワークパフォーマンスに基づいて、常に変化する理想的な並列処理可能数を算出している。パケットが続けて破棄される場合は、Nmapは処理速度を落とし、送信するプローブの数を減らす。理想的なプローブ数は、ネットワークが示すパフォーマンスの高さに応じて、緩やかに増加する。これらのオプションは、この変数に対して上限と下限を設定する。デフォルトでは、理想的な並列処理可能数は、ネットワークの信頼性が低い場合は1まで下がり、最高の状態の場合は数百まで上がる場合もある。</para>
@@ -804,73 +722,274 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
         </listitem>
       </varlistentry>
 
+<!-- 2022/07/21時点での英語ドキュメント（Nmap 7.92）に対応 ここから -->
       <varlistentry>
         <term>
-        <option>--min-rtt-timeout &lt;milliseconds&gt;</option>, 
-        <option>--max-rtt-timeout &lt;milliseconds&gt;</option>, 
+        <option>--min-rtt-timeout <replaceable>time</replaceable></option>,
+        <option>--max-rtt-timeout <replaceable>time</replaceable></option>,
         <option>--initial-rtt-timeout
-        &lt;milliseconds&gt;</option> (プローブのタイムアウトを調節する)</term>
+        <replaceable>time</replaceable></option> (プローブのタイムアウトを調節する)</term>
         <listitem>
 
-<para>Nmapは、プローブを中止もしくは再送信するまで、プローブの応答を待機する時間をどのくらいにするかを決める実行タイムアウト値を保持している。この値は、それまでに送信したプローブの応答時間に基づいて算出される。ネットワークの待ち時間が、かなり長くて変化しやすい場合、タイムアウト値は数秒にまで達する可能性もある。また、反応が鈍いホストをスキャンする際には、控え目な(高い)レベルから始めて、しばらくの間そのままの値にしておく場合もある。</para>
+<para>Nmapは、プローブを中止もしくは再送信するまで、プローブの応答を待機する時間をどのくらいにするかを決める実行タイムアウト値を保持している。
+この値は、それまでに送信したプローブの応答時間に基づいて算出される。
+ネットワークの待ち時間が、かなり長くて変化しやすい場合、タイムアウト値は数秒にまで達する可能性もある。
+また、反応が鈍いホストをスキャンする際には、控え目な(高い)レベルから始めて、しばらくの間そのままの値にしておく場合もある。</para>
 
-<para>これらのオプションはミリ秒単位で設定する。<option>--max-rtt-timeout</option> と <option>--initial-rtt-timeout</option>にデフォルトより小さな値を指定すると、スキャン時間を大幅に短縮できる。厳重なフィルタ処理が施されたネットワークに対してpingなし(<option>-P0</option>)スキャンを行う場合は特にそうなる。とはいえ、あまりアグレッシブに小さくしすぎないように。小さすぎる値を指定してしまったために、応答が送信されている間に数多くのプローブがタイムアウトして再送信されてしまい、結果的にスキャンの実行に通常より余計に時間がかかる可能性があるからだ。</para>
+<para>
+<option>--max-rtt-timeout</option> と <option>--initial-rtt-timeout</option>にデフォルトより小さな値を指定すると、スキャン時間を大幅に短縮できる。
+厳重なフィルタ処理が施されたネットワークに対してpingなし(<option>-Pn</option>)スキャンを行う場合は特にそうなる。
+とはいえ、あまりアグレッシブに小さくしすぎないように。
+小さすぎる値を指定してしまったために、応答が送信されている間に数多くのプローブがタイムアウトして再送信されてしまい、結果的にスキャンの実行に通常より余計に時間がかかる可能性があるからだ。</para>
 
-<para>すべてのホストがローカルネットワーク上にある場合、<option>--max-rtt-timeout</option>の値は100ミリ秒(ms)にするのが、アグレッシブに小さく指定するとしても妥当な値である。ルーティングが関係してくる場合は、ICMP pingユーティリティか、ファイアウォールを通過できる可能性が高いhping2などのカスタムパケット作成ツールを用いて、最初にネットワーク上のホストにpingを実行する必要がある。10個程度のパケットを送信してみて、最大往復時間(RTT)を調べること。<option>--initial-rtt-timeout</option>の値は、この値を2倍にするとよい。また、<option>--max-rtt-timeout</option>の値は、これを3倍か4倍にしたものにするとよいだろう。筆者は通常、pingで調査した時間の大小に関係なく、最大RTTを100ms未満に設定することはないし、1000msを超える値にすることもない。 </para>
+<para>すべてのホストがローカルネットワーク上にある場合、100ミリ秒(ms)(<option>--max-rtt-timeout 100ms</option>)にするのが、アグレッシブに小さく指定するとしても妥当な値である。
+ルーティングが関係してくる場合は、ICMP pingユーティリティか、ファイアウォールを通過できる可能性が高いhping2などのカスタムパケット作成ツールを用いて、最初にネットワーク上のホストにpingを実行する必要がある。
+10個程度のパケットを送信してみて、最大往復時間(RTT)を調べること。
+<option>--initial-rtt-timeout</option>の値は、この値を2倍にするとよい。
+また、<option>--max-rtt-timeout</option>の値は、これを3倍か4倍にしたものにするとよいだろう。
+筆者は通常、pingで調査した時間の大小に関係なく、最大RTTを100ms未満に設定することはないし、1000msを超える値にすることもない。 </para>
 
-<para><option>--min-rtt-timeout</option>は、ほとんど使用されないオプションであるが、ネットワークの信頼性があまりに低いために、Nmapのデフォルト値でも小さく設定しすぎになる場合に役立つと思われる。Nmapは単にタイムアウト時間を指定された最小値まで小さくするだけなので、ネットワークが信頼できると思われる場合は、この要求は異常であり、nmap-devメーリングリストにバグとして報告されるはずである。</para>
+<para><option>--min-rtt-timeout</option>は、ほとんど使用されないオプションであるが、ネットワークの信頼性があまりに低いために、Nmapのデフォルト値でも小さく設定しすぎになる場合に役立つと思われる。
+Nmapは単にタイムアウト時間を指定された最小値まで小さくするだけなので、ネットワークが信頼できると思われる場合は、この要求は異常であり、nmap-devメーリングリストにバグとして報告すべきである。</para>
 
         </listitem>
       </varlistentry>
 
-
-      <varlistentry>
+     <varlistentry>
         <term>
-          <option>--host-timeout &lt;milliseconds&gt;</option> (遅いターゲットホストを見切る)
+          <option>--host-timeout <replaceable>time</replaceable></option>  (遅いターゲットホストを見切る)
+          <indexterm significance="normal"><primary><option>--host-timeout</option></primary></indexterm>
         </term>
         <listitem>
 
-<para>ホストのなかには、とにかくスキャンに<emphasis>長い</emphasis>時間がかかるものがある。理由としては、実行手順の不手際、信頼性の低いネットワークハードウェアやソフトウェア、パケットレート制限、厳重なファイアウォールなどが考えられる。スキャン対象ホスト全体の数パーセントを占める、最も反応が遅いホストによって、スキャン時間の大半を使われてしまうこともある。このような無駄はカットして、遅いホストは最初から省くほうがよい場合がある。これは、待機しても構わない時間を<option>--host-timeout</option>にミリ秒単位の数値で指定することで実行できる。筆者は、Nmapが単一ホストに対して30分を超える時間を浪費しないように、1800000という値を指定することが多い。注意すべき点は、Nmapはこの30分の間に、同時に他のホストもスキャンできるので、まったくの無駄にはならないことだ。タイムアウトするホストはスキップされ、ポートテーブル、OS検出、バージョン検出などの結果は出力されない。</para>
+
+<para>ホストのなかには、とにかくスキャンに<emphasis>長い</emphasis>時間がかかるものがある。
+理由としては、性能・信頼性の低いネットワークハードウェアやソフトウェア、パケットレート制限、厳重なファイアウォールなどが考えられる。
+スキャン対象ホスト全体の数パーセントを占める、最も反応が遅いホストによって、スキャン時間の大半を使われてしまうこともある。このような無駄はカットして、遅いホストは最初から省くほうがよい場合がある。
+これは、待機しても構わない時間の最大値を<option>--host-timeout</option>に指定することで実現できる。
+たとえば、<literal moreinfo="none">30m</literal> を指定して、Nmapが1つのホストで30分以上無駄にしないようにできる。
+この30分の待ち時間に、Nmapは他のホストも同時にスキャンしているので、完全な時間の損失にはならないことに注意。
+タイムアウトするホストはスキップされ、ポートテーブル、OS検出、バージョン検出などの結果は出力されない。</para>
+
+<para><literal moreinfo="none">0</literal> は特別な値で <quote>タイムアウトをしない</quote> を指定できる。
+    ホストのタイムアウトを15分にデフォルトで指定する <option>T5</option> タイミングテンプレートの挙動を上書きする際に有用である。</para>
 
         </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>
-        <option>--scan-delay &lt;milliseconds&gt;</option>;
-        <option>--max-scan-delay
-        &lt;milliseconds&gt;</option> (プローブ間の遅滞時間を調節する)</term>
+          <option>--script-timeout <replaceable>time</replaceable></option>
+          <indexterm significance="normal"><primary><option>--script-timeout</option></primary></indexterm>
+        </term>
         <listitem>
 
-<para>指定したホスト宛てに送られるプローブの送信間隔において、ミリ秒単位の数値で指定した時間だけNmapを待機状態にする。これは、レート制限が行われている場合に特に役に立つ。Solarisマシンは(制限が特に厳しく)、通常はUDPスキャンのプローブパケットに対して、ICMPメッセージの応答を毎秒1回しか返さない。Nmapがそれ以上のパケットを送ってもすべて無駄になる。<option>--scan-delay</option> に1000を指定すると、Nmapは毎秒1回という遅いレートを保つことになる。Nmapは、レート制限を検出し、それに応じてスキャンの進行を遅らせようとするが、どの程度のレートが最適であるかがすでにわかっている場合は明示的に指定してもよい。</para>
+<para>スクリプトの中にはコンマ数秒で完了するものもあるが、スクリプトの性質、渡された引数、ネットワークやアプリケーションの状態などによって、数時間以上かかるものもある。
+<option>--script-timeout</option> オプションは、スクリプトの実行時間に上限を設定する。
+設定された時間を超えたスクリプトは終了し、何も表示されません。
+デバッグ (<option>-d</option>) オプションを指定すると、各タイムアウトの詳細が表示される。
+ホストおよびサービススクリプトの場合、スクリプトは1つの対象ホストまたはポートのみをスキャンし、タイムアウト時間は次のスクリプトのためにリセットされる。</para>
 
-<para><option>--scan-delay</option> は他にも、しきい値ベースの侵入検知や侵入防止システム(IDS/IPS)の回避に使用される。</para>
+<literal moreinfo="none">0</literal> は特別な値で <quote>タイムアウトをしない</quote> を意味する。
+タイムアウトを10分とデフォルトで指定している<option>T5</option> タイミングテンプレートを上書きするために使用できる。
 
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>
+        <option>--scan-delay <replaceable>time</replaceable></option>;
+        <option>--max-scan-delay
+        <replaceable>time</replaceable></option> (プローブ間の遅滞時間を調節する)
+        <indexterm significance="normal"><primary><option>--scan-delay</option></primary></indexterm>
+        <indexterm significance="normal"><primary><option>--max-scan-delay</option></primary></indexterm>
+        </term>
+        <listitem>
+
+<para>指定したホスト宛てに送られる各プローブの送信間隔において、指定した時間だけNmapを待機状態にする。
+これは、<indexterm significance="normal"><primary>レート制限</primary></indexterm>が行われている場合に特に役に立つ。
+Solarisマシンは(制限が特に厳しく)、通常はUDPスキャンのプローブパケットに対して、ICMPメッセージの応答を毎秒1回しか返さない。
+Nmapがそれ以上のパケットを送ってもすべて無駄になる。<option>--scan-delay</option> は次のように設定する。
+<literal moreinfo="none">1s</literal>とすると、Nmapはその遅い速度に保たれる。Nmapは毎秒1回という遅いレートを保つことになる。
+Nmapは、レート制限を検出し、それに応じてスキャン遅延を調整しようとするが、どの程度のレートが最適であるかがすでにわかっている場合は明示的に指定してもよい。</para>
+
+<para>Nmapがレート制限に対処するためにスキャン遅延を増加させた場合、スキャンの速度は大幅に低下する。
+<option>--max-scan-delay</option>は、Nmapが許容する最大の遅延時間を指定できる。
+<option>--max-scan-delay</option> に少ない時間を指定すれば、スキャンを高速化できるが、リスクがある。
+時間を少なく設定しすぎると、対象が厳格なレート制限を実装している場合に、無駄なパケット再送信や、ポートの取りこぼしが発生する可能性がある。</para>
+
+<para><option>--scan-delay</option> には、使用法がもうひとつある。
+それは、閾値ベースの侵入検知・防御システム(IDS/IPS)の回避である。
+<indexterm significance="normal"><primary>intrusion detection systems</primary><secondary>evading</secondary></indexterm> <notman>
+このテクニックは、<xref linkend="defeating-ids-snort-portscan"/> で使用され、Snort IDSのデフォルトのポートスキャン検出機能を無効にできる。
+他のほとんどの侵入検知システムも、同じ方法で破ることができる。</notman>
+</para>
+
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+        <option>--min-rate <replaceable>number</replaceable></option>; <option>--max-rate <replaceable>number</replaceable></option>
+        (スキャンレートを細かく制御)
+        <indexterm significance="normal"><primary><option>--min-rate</option></primary></indexterm>
+        <indexterm significance="normal"><primary><option>--max-rate</option></primary></indexterm>
+        </term>
+        <listitem>
+
+<para>Nmapのスキャン速度の自動制御は、適切なスキャン速度を見つけるのに効果的である。
+しかし、適切なスキャン速度が事前にわかっている場合や、ある時間までにスキャンが終了することを保証しなければならない場合もある。
+あるいは、Nmapがあまりに速くスキャンしないようにしなければならないかもしれない。
+<option>--min-rate</option> と <option>--max-rate</option> オプションは、このような状況に対応するために用意されている。</para>
+
+<para><option>--min-rate</option> オプションが与えられると、Nmap は与えられたレートと同じかそれよりも速くパケットを送信するよう最善を尽くす。
+引数は、1 秒あたりの送信パケット数を表す正の実数である。
+例えば、<option>--min-rate 300</option> を指定すると、Nmap は送信レートを毎秒300パケット以上に維持しようとする。
+最小レートを指定しても、条件が許す限り、Nmapがより速くなることはない。</para>
+
+<para>同様に、<option>--max-rate</option>は送信レートを最大値を指定できる。
+例えば、高速なネットワークを対象に毎秒100パケットの送信に制限するには、<option>--max-rate 100</option>を使用する。
+10秒に1パケットという遅いスキャンを行うには、<option>--max-rate 0.1</option>を使用する。
+<option>--min-rate</option> と <option>--max-rate</option> を一緒に使うと、レートをある範囲内に保つことができる。</para>
+
+<para>これらの2つのオプションは全体的なもので、個々のホストにではなく、スキャン全体に影響する。
+ポートスキャンとホスト発見にのみ影響する。
+OS検出のような他の機能では、独自のタイミングが実装されている。</para>
+
+<para>実際のスキャン速度が指定した最小値を下回る可能性があるのは2つの条件である。
+1つは、最小値がNmapが送信できる最速レートよりも速い場合であり、これはハードウェアに依存する。
+この場合、Nmapは単に可能な限り高速にパケットを送信するが、このような高速なレートでは精度が低下する可能性が高いので注意が必要である。
+2つ目のケースは、Nmapが何も送信しない場合である。たとえば、スキャンの最後にプローブが送信され、Nmapがタイムアウトや応答を待っているときである。
+スキャンの終了時やホストグループ間でスキャンレートが低下するのは正常な現象である。
+予測できない遅延を補うために、送信レートが一時的に最大値を超えることがあるが、平均してレートは最大値以下にとどまるだろう。</para>
+
+<para>最小レートの指定は慎重に行う必要がある。
+ネットワークが対応できる速度よりも速くスキャンすると、精度が低下する可能性がある。
+場合によっては、速いレートを使うと、遅いレートを使ったときよりもスキャンが<emphasis>長く</emphasis>なることがある。
+これはNmapの <man>適応伝送</man>
+<notman><link linkend="scan-methods-adaptive-retransmission">適応伝送</link></notman>アルゴリズムが、過剰なスキャン速度によるネットワークの輻輳を検知し、精度を上げるために再送信の回数を増やすからである。
+そのため、パケットが高いレートで送信されても、全体としてはより多くのパケットが送信される。
+総スキャン時間の上限の設定は、<option>--max-retries</option>で再送信の回数を制限できる</para>
+
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--defeat-rst-ratelimit</option>
+        <indexterm significance="normal"><primary><option>--defeat-rst-ratelimit</option></primary></indexterm></term>
+        <listitem>
+
+<para>
+多くのホストは、送信するICMPエラーメッセージ(ポート到達不能エラーなど)の数を減らすために、長い間レート制限 <indexterm significance="normal"><primary>rate limiting</primary></indexterm> を使用してきた。
+現在、いくつかのシステムは、生成するRST(リセット)パケットに同様のレート制限を適用している。
+このようなレート制限を反映させるためにタイミングを調整するため、Nmapの速度が大幅に低下することがある。
+<option>--defeat-rst-ratelimit</option> を指定することにより、Nmapにこれらのレート制限を無視させることができる (SYN スキャンなど、応答がないポートを <literal moreinfo="none">open</literal> として扱わないスキャンのために)。
+</para>
+
+<para>このオプションを使用すると、Nmapがレート制限されたRST応答を十分に待たないために、一部のポートが無応答に見えるため、精度が低下する可能性がある。
+SYNスキャンでは、無応答に見えたポートは
+<literal moreinfo="none">filtered</literal> となり、RSTパケット受信時に見られる<literal moreinfo="none">closed</literal> 状態にはならない。
+このオプションは、開いているポートにしか関心がなく、<literal moreinfo="none">closed</literal> と <literal moreinfo="none">filtered</literal> を区別することに余分の時間を割けない場合に有用である。
+</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--defeat-icmp-ratelimit</option>
+        <indexterm significance="normal"><primary><option>--defeat-icmp-ratelimit</option></primary></indexterm></term>
+        <listitem>
+
+<para><option>--defeat-rst-ratelimit</option> と同様に、 <option>--defeat-icmp-ratelimit</option> オプションは精度と引き換えに速度を優先し、ICMP エラーメッセージをレート制限するホストに対して UDP スキャン速度を向上させるものである。
+このオプションは、Nmap がポート到達不能メッセージを受信するために遅延しないようにするので、応答しないポートには、デフォルトの <literal moreinfo="none">open|filtered</literal> の代わりに <literal moreinfo="none">closed|filtered</literal> というラベルが付くことになる。
+これは、UDP で実際に応答するポートだけを <literal moreinfo="none">open</literal> として扱う。
+多くの UDP サービスはこの方法では応答しないので、 このオプションは <option>--defeat-rst-ratelimit</option> よりも不正確である可能性が高い。
+</para>
+
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--nsock-engine
+        iocp|epoll|kqueue|poll|select</option>
+        <indexterm significance="normal"><primary><option>--nsock-engine</option></primary></indexterm>
+        <indexterm significance="normal"><primary>Nsock IOエンジン</primary></indexterm>
+        </term>
+        <listitem>
+
+<para>
+与えられたnsock IO多重化エンジンの使用を強制する。
+<literal moreinfo="none">select(2)</literal> ベースのフォールバックエンジンのみが、システム上で利用可能と保証されている。
+エンジンの名前は、利用するIO管理機能の名前にちなんで付けられている。
+現在実装されているエンジンは、<literal moreinfo="none">epoll</literal>、<literal moreinfo="none">kqueue</literal>、<literal moreinfo="none">poll</literal>、<literal moreinfo="none">select</literal> だが、どのプラットフォームにも存在しないものもないとは言い切れない。
+デフォルトでは、Nmapは「最適な」エンジン、すなわち、このリストの中で最初にサポートされたエンジンを使用する。
+<command moreinfo="none">nmap -V</command>を使って、自分のプラットフォームでどのエンジンがサポートされているかを確認できる。
+</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>
           <option>-T
-          &lt;Paranoid|Sneaky|Polite|Normal|Aggressive|Insane&gt;</option>
-          (タイミングのテンプレートを設定する)
+          paranoid|sneaky|polite|normal|aggressive|insane</option>
+          (タイミングテンプレートを設定する)
+        <indexterm significance="normal"><primary><option>-T</option></primary></indexterm>
+        <indexterm significance="normal"><primary>タイミングテンプレート</primary><seealso><literal moreinfo="none">paranoid</literal>, <literal moreinfo="none">sneaky</literal>, <literal moreinfo="none">polite</literal>, <literal moreinfo="none">normal</literal>, <literal moreinfo="none">aggressive</literal>, and <literal moreinfo="none">insane</literal></seealso></indexterm>
         </term>
         <listitem>
+<indexterm significance="normal"><primary><option>-T0</option></primary><see><literal moreinfo="none">paranoid</literal>タイミングテンプレート</see></indexterm>
+<indexterm significance="normal"><primary><option>-T1</option></primary><see><literal moreinfo="none">sneaky</literal> タイミングテンプレート</see></indexterm>
+<indexterm significance="normal"><primary><option>-T2</option></primary><see><literal moreinfo="none">polite</literal> タイミングテンプレート</see></indexterm>
+<indexterm significance="normal"><primary><option>-T3</option></primary><see><literal moreinfo="none">normal</literal> タイミングテンプレート</see></indexterm>
+<indexterm significance="normal"><primary><option>-T4</option></primary><see><literal moreinfo="none">aggressive</literal>タイミングテンプレート</see></indexterm>
+<indexterm significance="normal"><primary><option>-T5</option></primary><see><literal moreinfo="none">insane</literal>タイミングテンプレート</see></indexterm>
 
-<para>前節で述べたような、タイミングのきめ細やかな制御はとても効果が大きいが、分かりにくいと感じるユーザもいるようだ。さらには、最適化を試みているスキャンを実行するよりも、適切な数値を選ぶほうが時間がかかるという事態に陥る可能性もある。そこでNmapには、6つのタイミング用テンプレートを用いたもっと簡単なアプローチが用意されている。テンプレートは、<option>-T</option>オプションと番号(0 - 5)か名前で指定できる。テンプレート名は、paranoid (0)、sneaky (1)、polite (2)、normal (3)、aggressive (4)、insane (5)である。最初の2つは、IDS回避用のテンプレートである。Politeモードは、スキャン処理速度を落とし、帯域幅とターゲットマシンのリソースの使用量を少なくするためのものである。Normalモードはデフォルトなので、<option>-T3</option>としても特に何もしない。Aggressiveモードは、ユーザが適度に高速で信頼性の高いネットワーク上にいることを想定して、スキャン速度を上げる。最後にInsaneモードは、非常に高速なネットワーク上にいるか、あるいは速度と引き換えに精度の一部を犠牲にしても構わない場合を想定したモードである。 </para>
+<para>前節で述べたような、タイミングのきめ細やかな制御はとても効果が大きいが、分かりにくいと感じるユーザもいるようだ。
+さらには、最適化を試みているスキャンを実行するよりも、適切な数値を選ぶほうが時間がかかるという事態に陥る可能性もある。
+そこでNmapには、6つのタイミングテンプレートを用いたもっと簡単なアプローチが用意されている。
+テンプレートは、<option>-T</option>オプションと番号(0 - 5)か名前で指定できる。
+テンプレート名は、<option>paranoid</option> (<option>0</option>)、
+<option>sneaky</option> (<option>1</option>)、
+<option>polite</option> (<option>2</option>)、
+<option>normal</option> (<option>3</option>)、
+<option>aggressive</option> (<option>4</option>)、<option>insane</option> (<option>5</option>)である。
+最初の2つは、IDS回避用のテンプレートである。Politeモードは、スキャン処理速度を落とし、帯域幅とターゲットマシンのリソースの使用量を少なくするためのものである。
+Normalモードはデフォルトなので、<option>-T3</option>としても特に何もしない。Aggressiveモードは、ユーザが適度に高速で信頼性の高いネットワーク上にいることを想定して、スキャン速度を上げる。
+最後にInsaneモード<indexterm significance="normal"><primary><literal moreinfo="none">insane</literal> (<option>-T5</option>)</primary></indexterm>は、
+非常に高速なネットワーク上にいるか、あるいは速度と引き換えに精度の一部を犠牲にしても構わない場合を想定したモードである。 </para>
 
-<para>これらのテンプレートを利用すると、ユーザは、的確なタイミング値の選定はNmapに任せつつ、どの程度アグレッシブなスキャンを実行したいかを指定できる。また、今のところきめ細かい制御のオプションが存在しない、速度の微調整の一部をこのテンプレートで行うこともできる。例えば、<option>-T4</option>は、TCPポートに対するスキャン処理の動的な遅延時間が10msを越えないようにすることができ、また<option>-T5</option>では、この値の上限が5msに制限される。テンプレートを最初に指定する場合に限り、きめ細かい制御オプションとテンプレートを組み合わせて用いることができる。そうしないと、テンプレートの標準値がユーザの指定した値で上書きされてしまう。適度に最近の信頼性が高いネットワークをスキャンする場合は、<option>-T4</option>がお勧めである。きめ細かい制御オプションを追加する場合でも、このオプションを(コマンドラインの最初に)付けておくことで、テンプレートによって有効になる細部にわたる最適化のメリットを享受できる。</para>
+<para>これらのテンプレートを利用すると、ユーザは、的確なタイミング値の選定はNmapに任せつつ、どの程度アグレッシブなスキャンを実行したいかを指定できる。
+また、今のところきめ細かい制御のオプションが存在しない、速度の微調整の一部をこのテンプレートで行うこともできる。
+例えば、<option>-T4</option>は、TCPポートに対するスキャン処理の動的な遅延時間が10msを越えないようにすることができ、また<option>-T5</option>では、この値の上限が5msに制限される。
+テンプレートを最初に指定する場合に限り、きめ細かい制御オプションとテンプレートを組み合わせて用いることができる。
+そうしないと、テンプレートの標準値がユーザの指定した値で上書きされてしまう。適度に最近の信頼性が高いネットワークをスキャンする場合は、<option>-T4</option>がお勧めである。
+きめ細かい制御オプションを追加する場合でも、このオプションを(コマンドラインの最初に)付けておくことで、テンプレートによって有効になる細部にわたる最適化のメリットを享受できる。</para>
 
-<para>適正なブロードバンド接続やイーサネット接続の環境にいる場合は、常時<option>-T4</option>を利用することをお勧めする。<option>-T5</option>を好む人もいるが、私にはアグレッシブすぎるように思われる。<option>-T2</option>を指定しているユーザもたまにいるが、ホストをクラッシュさせる可能性が低いと見ているからか、自分のことを全般的に礼儀正しい(polite)と思っているからのようだ。こうしたユーザは単に、「-T Polite」が実際にはいかに遅いものであるかを理解していないだけだ。Politeモードは、デフォルトスキャンの10倍の時間がかかる。デフォルトのタイミングオプション(<option>-T3</option>)に関しては、マシンのクラッシュや帯域幅が問題になることはめったにないので、慎重なスキャンユーザには通常はこれを勧めている。タイミング値をあれこれ操作して、これらの問題を軽減しようとするよりも、バージョン検出を省略するほうがずっと効率的である。</para>
+<para>適正なブロードバンド接続やイーサネット接続の環境にいる場合は、常時<option>-T4</option>を利用することをお勧めする。
+<option>-T5</option>を好む人もいるが、私にはアグレッシブすぎるように思われる。
+<option>-T2</option>を指定しているユーザもたまにいるが、ホストをクラッシュさせる可能性が低いと見ているからか、自分のことを全般的に礼儀正しい(polite)と思っているからのようだ。
+こうしたユーザは単に、「-T Polite」が実際にはいかに遅いものであるかを理解していないだけだ。
+Politeモードは、デフォルトスキャンの10倍の時間がかかる。デフォルトのタイミングオプション(<option>-T3</option>)に関しては、マシンのクラッシュや帯域幅が問題になることはめったにないので、慎重なスキャンユーザには通常はこれを勧めている。
+タイミング値をあれこれ操作して、これらの問題を軽減しようとするよりも、バージョン検出を省略するほうがずっと効率的である。</para>
 
-<para><option>-T0</option> や <option>-T1</option>は、IDSの警告を回避するには役立つかもしれないが、何千ものマシンやポートをスキャンするには非常に長い時間がかかる。そのように長いスキャンを行う場合は、あらかじめ用意された<option>-T0</option> や <option>-T1</option>の値に頼るよりも、必要に応じて的確なタイミング値を設定するほうが好ましいだろう。</para>
+<para><option>-T0</option> や <option>-T1</option>は、IDSの警告を回避するには役立つかもしれないが、何千ものマシンやポートをスキャンするには非常に長い時間がかかる。
+そのように長いスキャンを行う場合は、あらかじめ用意された<option>-T0</option> や <option>-T1</option>の値に頼るよりも、必要に応じて的確なタイミング値を設定するほうが好ましいだろう。</para>
 
-<para><option>T0</option>の主な効果は、スキャンを連続的に実行して一度に1つのポートしかスキャンされないようにすることと、各プローブを送信する間に5分間待機することである。<option>T1</option> と <option>T2</option>は似ているが、それぞれプローブ間の待機時間が15秒と0.4秒しかない。<option>T3</option>はNmapのデフォルト動作で、並列処理が含まれる。<option>T4</option>は<option>--max-rtt-timeout 1250 --initial-rtt-timeout 500</option>に相当し、TCPスキャンの最大遅延時間を10msに設定する。<option>T5</option>は<option>--max-rtt-timeout 300 --min-rtt-timeout 50 --initial-rtt-timeout 250 --host-timeout 900000</option>に相当し、TCPスキャンの最大遅延時間を5msに設定する。 </para>
+<para><option>T0</option>の主な効果は、スキャンを連続的に実行して一度に1つのポートしかスキャンされないようにすることと、各プローブを送信する間に5分間待機することである。
+<option>T1</option> と <option>T2</option>は似ているが、それぞれプローブ間の待機時間が15秒と0.4秒しかない。
+<option>T3</option>はNmapのデフォルト動作で、並列処理が含まれる。<option>T4</option>は<option>--max-rtt-timeout 1250ms --min-rtt-timeout 100ms
+--initial-rtt-timeout 500ms --max-retries 6</option>に相当し、TCPおよびSCTPスキャンの最大遅延時間を10msに設定する。
+<option>T5</option>は<option>--max-rtt-timeout 300ms --min-rtt-timeout 50ms
+--initial-rtt-timeout 250ms --max-retries 2 --host-timeout 15m --script-timeout 10m --max-scan-delay</option>に相当し、TCPおよびSCTPスキャンの最大遅延時間を5msに設定する。
+UDPの最大スキャン遅延時間は <option>T4</option> や <option>T5</option> では設定できないが、 <option>--max-scan-delay</option> オプションで設定できる。
+</para>
 
         </listitem>
       </varlistentry>
     </variablelist>
+    <indexterm class="endofrange" startref="man-performance-indexterm" significance="normal"/>
+    <indexterm class="endofrange" startref="man-performance-timing-indexterm" significance="normal"/>
   </refsect1>
+<!-- 2022/07/21時点での英語ドキュメント（Nmap 7.92）に対応 ここまで -->
 
   <refsect1 id="man-bypass-firewalls-ids">
     <title>ファイアウォール/IDS の回避とスプーフィング</title>
@@ -899,7 +1018,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-          <option>-D &lt;decoy1 [,decoy2][,ME],...&gt;</option>
+          <option>-D <replaceable>decoy1</replaceable><optional>,<replaceable>decoy2</replaceable></optional><optional>,ME</optional><optional>,...</optional></option>
           (おとりを使ってスキャンを隠蔽する)
         </term>
         <listitem>
@@ -916,19 +1035,19 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-          <option>-S &lt;IP_Address&gt;</option> (ソースアドレスを偽装する)
+          <option>-S <replaceable>IP_Address</replaceable></option> (ソースアドレスを偽装する)
         </term>
         <listitem>
           <para>一部の環境では、Nmapがユーザのソースアドレスを特定できない場合がある(その場合はかならず、Nmapからユーザに通知がある)。こうした状況では、<option>-S</option>オプションを使って、パケットの送信に利用したいインターフェースのIPアドレスを指定すること。</para>
 
-          <para>このフラグの他の利用方法として考えられるのは、スキャンを偽装して、<emphasis>第三者（誰か別の人間）</emphasis>がスキャンを実行しているとターゲットに思い込ませることだ。企業が、ライバル企業から繰り返しポートスキャンを受けたとしたらどうなるだろうか。この種の用途に用いるには、たいていの場合<option>-e</option>オプションが必要になるだろう。また通常は<option>-P0</option>も使った方が望ましい。</para>
+          <para>このフラグの他の利用方法として考えられるのは、スキャンを偽装して、<emphasis>第三者（誰か別の人間）</emphasis>がスキャンを実行しているとターゲットに思い込ませることだ。企業が、ライバル企業から繰り返しポートスキャンを受けたとしたらどうなるだろうか。この種の用途に用いるには、たいていの場合<option>-e</option>オプションが必要になるだろう。また通常は<option>-Pn</option>も使った方が望ましい。</para>
 
         </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>
-          <option>-e &lt;interface&gt;</option> (特定のインターフェースを使用する)
+          <option>-e <replaceable>interface</replaceable></option> (特定のインターフェースを使用する)
         </term>
         <listitem>
           <para>パケットを送受信する際に、どのインターフェースを利用するかをNmapに伝えるためのオプション。Nmapは、インターフェースを自動的に検知できるようになっているが、検知できない場合はその旨がユーザに通知される。</para>
@@ -937,8 +1056,8 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-          <option>--source-port &lt;portnumber&gt;;</option>
-          <option>-g &lt;portnumber&gt;</option> (ソースポート番号を偽装する)
+          <option>--source-port <replaceable>portnumber</replaceable>;</option>
+          <option>-g <replaceable>portnumber</replaceable></option> (ソースポート番号を偽装する)
         </term>
         <listitem>
 
@@ -953,18 +1072,20 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
         </listitem>
       </varlistentry>
 
+      <!-- Missing options: -/-data -/-data-string -->
       <varlistentry>
         <term>
-          <option>--data-length &lt;number&gt;</option> (送信パケットにランダムデータを付加する)
+          <option>--data-length <replaceable>number</replaceable></option> (送信パケットにランダムデータを付加する)
         </term>
         <listitem>
           <para>通常、Nmapはヘッダのみを含む最小限のパケットを送信する。従って、TCPパケットは通常40バイト、ICMPエコー要求パケットは28バイト程度の大きさしかない。このオプションは、Nmapが送信するほとんどのパケットに、指定したバイト数のランダムデータを付加するようにする。OS検出(<option>-O</option>)パケットにはデータは付加されないが、ほとんどのping およびポートスキャンのパケットには付加される。これにより、処理速度は低下するが、スキャンを幾分でも目立たなくすることができる。</para>
         </listitem>
       </varlistentry>
 
+      <!-- Missing option: -/-ip-options -->
       <varlistentry>
         <term>
-          <option>--ttl &lt;value&gt;</option> (IPのTTLフィールド値を設定する)
+          <option>--ttl <replaceable>value</replaceable></option> (IPのTTLフィールド値を設定する)
         </term>
         <listitem>
           <para>送信パケットのIPv4生存時間(TTL：Time-to-Live)フィールドを指定した値に設定する。</para>
@@ -983,8 +1104,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-          <option>--spoof-mac &lt;mac address, prefix, or vendor
-          name&gt;</option> (MACアドレスを偽装する)
+          <option>--spoof-mac <replaceable>mac address, prefix, or vendor name</replaceable></option> (MACアドレスを偽装する)
         </term>
         <listitem>
 
@@ -992,6 +1112,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
         </listitem>
       </varlistentry>
+      <!-- Missing options: -/-proxies -/-badsum -/-adler32 -->
     </variablelist>
 
   </refsect1>
@@ -1015,12 +1136,13 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
 <para>Nmapの一部の引数とは異なり、ログファイルオプションのフラグ(例：<option>-oX</option>)とファイル名やハイフンとの間のスペースは必須である。この注意を無視して、引数を<option>-oG-</option>や<option>-oG-</option>のように指定したら、Nmapの下位互換機能により、それぞれ<filename moreinfo="none">G-</filename>や<filename moreinfo="none">Xscan.xml</filename>という名前の<emphasis>標準フォーマット</emphasis>の出力ファイルが作成される。</para>
 
+<!-- Missing paragraph about strftime-like conversions in file names -->
 <para>またNmapには、スキャン結果の冗長性を制御するオプションや、出力ファイルに上書きしないで追加書き込みするためのオプションも用意されている。これらのオプションについてはすべて以下で説明する。</para>
 
 <variablelist><title>Nmapの出力フォーマット</title>
       <varlistentry>
         <term>
-        <option>-oN &lt;filespec&gt;</option> (通常出力)</term>
+        <option>-oN <replaceable>filespec</replaceable></option> (通常出力)</term>
         <listitem>
           <para><literal moreinfo="none">通常の出力</literal>が指定した名前のファイルに書き込まれるようにする。上で述べた通り、これは<literal moreinfo="none">インタラクティブ出力</literal>と一部異なる。</para>
         </listitem>
@@ -1028,7 +1150,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-        <option>-oX &lt;filespec&gt;</option> (XML 出力)</term>
+        <option>-oX <replaceable>filespec</replaceable></option> (XML 出力)</term>
         <listitem>
 
           <para><literal moreinfo="none">XML出力</literal>が指定した名前のファイルに書き込まれるようにする。Nmapには文書型定義(DTD)が組み込まれており、XMLパーサーはこれを用いて、NmapのXML出力を検証する。本来はプログラムによる使用を目的としたものだが、人間がNmapのXML出力を解釈するのにも役立つ。DTDには、フォーマットの文法要素が定義されており、これらの要素が取ることのできる属性や値が列挙されていることが多い。最新版は以下から常時入手できる：<ulink url="https://nmap.org/data/nmap.dtd"/></para>
@@ -1042,7 +1164,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-        <option>-oS &lt;filespec&gt;</option> (ScRipT KIdd|3 oUTpuT)</term>
+        <option>-oS <replaceable>filespec</replaceable></option> (ScRipT KIdd|3 oUTpuT)</term>
         <listitem>
    <para>スクリプトキディ出力は、インタラクティブ出力に似ているが、異なる点は、「l33t HaXXorZ」(leet hacker)向けに後処理してあることだ。Nmapは以前より、一貫性のある大文字やスペルの使い方のせいで、この人たちに見下されてきた。ユーモアを解さない人々は、<quote>スクリプトキディの手助けをしている</quote>として筆者に非難の言葉を浴びせる前に、まず気付くべきだ。このオプションが、彼らをからかうためのものだということを。</para>
         </listitem>
@@ -1050,7 +1172,7 @@ URGACKPSHRSTSYNFIN</option>で全部指定できるわけだが、もっとも
 
       <varlistentry>
         <term>
-        <option>-oG &lt;filespec&gt;</option> (Grep検索可能出力)</term>
+        <option>-oG <replaceable>filespec</replaceable></option> (Grep検索可能出力)</term>
         <listitem>
 
 <para>この出力フォーマットを最後に取り上げたのは、廃止予定だからだ。XML出力フォーマットのほうがはるかに強力であり、熟練ユーザにとっての使い勝手もほぼ変わらない。XMLはパーサーの標準で、多数の優れたXMLパーサーが利用可能になっているのに対し、grep可能出力は筆者独自のスクリプトに過ぎない。XMLは拡張性が高く、Nmapの新機能がリリースされるたびに対応可能だが、grep可能出力にはこうした機能を追加する余地がないため、割愛せざるを得ないことも多い。</para>
@@ -1068,7 +1190,7 @@ info</literal>、<literal moreinfo="none">Version info</literal>である。</pa
 
      <varlistentry>
         <term>
-        <option>-oA &lt;basename&gt;</option> (全フォーマットに出力する)</term>
+        <option>-oA <replaceable>basename</replaceable></option> (全フォーマットに出力する)</term>
        <listitem><para>
            簡便のために、<option>-oA
            <replaceable>basename</replaceable></option>を指定すると、スキャン結果を通常、XML、grep可能の3つのフォーマットで一度に保存できるようにした。それぞれ、<replaceable>basename</replaceable>.nmap、<replaceable>basename</replaceable>.xml、<replaceable>basename</replaceable>.gnmapというファイルに保存される。たいていのプログラムと同じく、以下の例のようにファイル名の前にディレクトリパスを付けることもできる：<filename moreinfo="none">~/nmaplogs/foocorp/</filename>(UNIX)、<filename moreinfo="none">c:\hacking\sco</filename>(Windows)</para>
@@ -1092,7 +1214,7 @@ info</literal>、<literal moreinfo="none">Version info</literal>である。</pa
 
       <varlistentry>
         <term>
-          <option>-d [level]</option> (デバッグレベルを上げる/設定する)
+          <option>-d <replaceable>level</replaceable></option> (デバッグレベルを上げる/設定する)
         </term>
         <listitem>
 
@@ -1105,6 +1227,7 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
         </listitem>
       </varlistentry>
 
+      <!-- Missing options: -/-reason -/-stats-every -->
       <varlistentry>
         <term>
           <option>--packet-trace</option> (送受信したパケットやデータを追跡する)
@@ -1114,6 +1237,7 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
         </listitem>
       </varlistentry>
 
+      <!-- Missing option: -/-open -->
       <varlistentry>
         <term>
           <option>--iflist</option> (インターフェースや経路の一覧を表示する)
@@ -1138,17 +1262,19 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
 
       <varlistentry>
         <term>
-          <option>--resume &lt;filename&gt;</option> (中断したスキャンを再開する)
+          <option>--resume <replaceable>filename</replaceable></option> (中断したスキャンを再開する)
         </term>
         <listitem>
 
+          <!-- Outdated information: Nmap can now resume from XML output also. -->
           <para>対象が広範囲にわたるNmapの実行には非常に長い時間がかかり、数日ほどに及ぶ場合もある。そのようなスキャンは、常に完了するまで続けて実行できるとは限らない。様々な制約によってNmapを就業時間内に実行できなくなったり、ネットワークがダウンしたり、Nmapが動作しているマシンが計画的あるいは予定外に再起動させられたり、Nmap自体がクラッシュしたりなどが起こる可能性があるからだ。その他いかなる理由であっても同様に、Nmapを実行している管理者は、<keycap moreinfo="none">ctrl-C</keycap>を押すことによって実行をキャンセルできる。このような場合、スキャン全体を最初から再開するのは望ましくないだろう。幸いにも、通常出力(<option>-oN</option>)やgrep可能出力(<option>-oG</option>)のログが残っていれば、ユーザは、実行を中断された際のターゲットに対するスキャンを再開するようNmapに命じることができる。これを行うには、<option>--resume</option> オプションを指定し、通常/grep可能の出力ファイルを引数として渡す。Nmapはその出力ファイルをパースして、前に指定されたのと同じものを使うので、それ以外の引数は指定できない。<command moreinfo="none">nmap --resume<replaceable>logfilename</replaceable></command>として、Nmapを呼び出す。Nmapは、前回の実行で指定されたデータファイルに新たな結果を追加する。この再開オプションは、XML出力フォーマットをサポートしていない。2回の実行結果を結合して1つの妥当なXMLファイルにするのは困難であるためだ。</para>
         </listitem>
       </varlistentry>
 
+      <!-- Missing option: -/-noninteractive -->
       <varlistentry>
         <term>
-          <option>--stylesheet &lt;path or URL&gt;</option> (XML出力変換のXSLスタイルシートを設定する)
+          <option>--stylesheet <replaceable>path or URL</replaceable></option> (XML出力変換のXSLスタイルシートを設定する)
         </term>
         <listitem>
           <para>Nmapには、XML出力を閲覧したりHTMLに変換したりするための<filename moreinfo="none">nmap.xsl</filename>というXSLスタイルシートが同梱されている。XML出力には、<literal moreinfo="none">xml-stylesheet</literal>ディレクティブが組み込まれており、Nmapが最初にインストールした場所(もしくはWindows上の現在作業中のフォルダ)にある<filename moreinfo="none">nmap.xml</filename>を参照する。最近のWebブラウザにNmapのXML出力を読み込むと、ブラウザはファイルシステムから<filename moreinfo="none">nmap.xsl</filename> を読み出して、出力結果の処理に使用する。別のスタイルシートを使いたい場合は、この<option>--stylesheet</option>オプションの引数として指定する。引数はフルパス名かURLで指定する。よく用いられる例を以下に示す：
@@ -1157,6 +1283,7 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
         </listitem>
       </varlistentry>
 
+      <!-- Missing option: -/-webxml -->
       <varlistentry>
         <term>
           <option>--no-stylesheet</option> (XSLスタイルシート宣言をXMLから除外する)
@@ -1199,13 +1326,14 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
 
       <varlistentry>
         <term>
-          <option>--datadir &lt;directoryname&gt;</option> (Nmapの特別データファイルの位置を指定する)
+          <option>--datadir <replaceable>directoryname</replaceable></option> (Nmapの特別データファイルの位置を指定する)
         </term>
         <listitem>
           <para>Nmapは、実行時に特別なデータを、<filename moreinfo="none">nmap-service-probes</filename>、<filename moreinfo="none">nmap-services</filename>、<filename moreinfo="none">nmap-protocols</filename>、<filename moreinfo="none">nmap-rpc</filename>、<filename moreinfo="none">nmap-mac-prefixes</filename>、<filename moreinfo="none">nmap-os-fingerprints</filename>という名前のファイルに取得する。Nmapはまず、(ある場合は)<option>--datadir</option> オプションで指定したディレクトリ内で、これらのファイルを探す。ここで見つからなかったファイルは、「NMAPDIR」環境変数で指定したディレクトリから検索する。次に、実在する有効なUID(POSIXシステムの場合)やNmapの実行ファイル(Win32の場合)が格納されているディレクトリの<filename moreinfo="none">~/.nmap</filename> を探し、その次に、組み込みディレクトリの<filename moreinfo="none">/usr/local/share/nmap</filename> や<filename moreinfo="none">/usr/share/nmap</filename>を探す。それでもない場合は最後の手段として、Nmapはカレントディレクトリを検索する。</para>
         </listitem>
       </varlistentry>
 
+      <!-- Missing options: -/-servicedb -/-versiondb -->
       <varlistentry>
         <term>
           <option>--send-eth</option> (raw（生の）イーサネット層で送信する)
@@ -1234,6 +1362,7 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
         </listitem>
       </varlistentry>
 
+      <!-- Missing options: -/-unprivileged -/-release-memory -->
       <varlistentry>
         <term>
           <option>-V</option>; <option>--version</option> (バージョン番号を表示する)
@@ -1286,6 +1415,7 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
           <para>パケット追跡を有効にする / 無効にする</para>
         </listitem>
       </varlistentry>
+      <!-- Missing key: '?' -->
       <varlistentry>
         <term>
           その他
@@ -1323,13 +1453,13 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
     <para>198.116のクラスBアドレス空間で、8ビットで表せる255のサブネットに属するホストのうち、前半(1-127)のIPアドレスを持つホストに対して、ホストの列挙とTCPスキャンを行う。このスキャンを行う目的は、対象システムでsshd、DNS、POP3d、IMAPd、4564番ポートが動作しているかどうかを調査することだ。これらのポートのなかで開いている(open)ことが判明したポートすべてに対してバージョン検出を使用して、何のアプリケーションが動作しているかを特定する。</para>
 
     <para>
-    <userinput moreinfo="none">nmap -v -iR 100000 -P0 -p 80</userinput>
+    <userinput moreinfo="none">nmap -v -iR 100000 -Pn -p 80</userinput>
     </para>
 
-    <para>Nmapは100,000台のホストを無作為に選び、Webサーバ(80番ポート)のスキャンを行う。ホストの列挙は<option>-P0</option> で無効にしてある。各ターゲットホスト上で1つのポートしか調査しないのに、どのホストが稼動中であるかを特定するためにプローブを送るのは無駄だからだ。</para>
+    <para>Nmapは100,000台のホストを無作為に選び、Webサーバ(80番ポート)のスキャンを行う。ホストの列挙は<option>-Pn</option> で無効にしてある。各ターゲットホスト上で1つのポートしか調査しないのに、どのホストが稼動中であるかを特定するためにプローブを送るのは無駄だからだ。</para>
 
     <para>
-      <userinput moreinfo="none">nmap -P0 -p80 -oX logs/pb-port80scan.xml -oG
+      <userinput moreinfo="none">nmap -Pn -p80 -oX logs/pb-port80scan.xml -oG
       logs/pb-port80scan.gnmap 216.163.128.20/20</userinput>
     </para>
     <para>4096個のIPをスキャンしてWebサーバを見つけ出し(pingなしで)、結果出力をgrep可能およびXMLフォーマットで保存する。</para>
@@ -1343,10 +1473,12 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
 
   </refsect1>
 
+  <!-- Missing section id='man-book' -->
   <refsect1 id="man-bugs">
     <title>バグ</title>
 
-    <para>Nmapも作者と同様に完全ではない。それでもNmapのほうは、ユーザによるバグの報告やパッチの作成のおかげで、よりよいものにしてゆくことができる。Nmapを使っていて、思い通りに動かない場合は、まず<ulink url="https://nmap.org/"/>から入手できる最新のバージョンにアップグレードしてみる。問題が続くようなら、すでに発見・対処が行われた問題かどうかを調査して確かめる。エラーメッセージをGoogle検索したり、<ulink url="http://seclists.org/"/>でNmap-devアーカイブを閲覧したりしてみる。このmanページも全体に目を通した方がよい。それでもどうにもならない場合は、バグレポートを<email>dev@nmap.org</email>宛てにメールで送ること。メールには、使用しているNmapのバージョンと、Nmapを実行しているOSの名前とバージョンなどの情報だけでなく、問題に関して分かったことは何でも書いていただきたい。問題の報告やNmapの使い方についての質問などは、dev@nmap.org宛てに送るほうが、筆者宛てに直接送るよりも返事がある可能性ははるかに高い。 </para>
+    <!-- Outdated info: need information about Github here -->
+    <para>Nmapも作者と同様に完全ではない。それでもNmapのほうは、ユーザによるバグの報告やパッチの作成のおかげで、よりよいものにしてゆくことができる。Nmapを使っていて、思い通りに動かない場合は、まず<ulink url="https://nmap.org/"/>から入手できる最新のバージョンにアップグレードしてみる。問題が続くようなら、すでに発見・対処が行われた問題かどうかを調査して確かめる。エラーメッセージをGoogle検索したり、<ulink url="https://seclists.org/"/>でNmap-devアーカイブを閲覧したりしてみる。このmanページも全体に目を通した方がよい。それでもどうにもならない場合は、バグレポートを<email>dev@nmap.org</email>宛てにメールで送ること。メールには、使用しているNmapのバージョンと、Nmapを実行しているOSの名前とバージョンなどの情報だけでなく、問題に関して分かったことは何でも書いていただきたい。問題の報告やNmapの使い方についての質問などは、dev@nmap.org宛てに送るほうが、筆者宛てに直接送るよりも返事がある可能性ははるかに高い。 </para>
 
     <para>またバグレポートより、バグを修正するためのコードパッチのほうが歓迎される。ユーザ自身のコード変更によるパッチファイルの作成方法についての基本的な注意事項は<ulink url="https://nmap.org/data/HACKING"/> で参照できる。パッチは、nmap-dev宛てに送る(推奨)か、筆者Fyodorまで直接送っていただきたい。</para>
   </refsect1>
@@ -1357,7 +1489,11 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
     <email>fyodor@nmap.org</email>
     (<ulink url="http://www.insecure.org"/>)
     </para>
-
+    <para>翻訳者</para>
+    <para>
+    修正（2022/7）：Taichi Kotake, a.k.a tkmru
+    <email>taichi.kotake@sterrasec.com</email>
+    </para>
     <para>ここ数年で何百人もの人々から、Nmapに対して貴重な貢献をしていただいた。この詳細については、Nmapとともに配布されている<filename moreinfo="none">CHANGELOG</filename>ファイルを参照のこと。CHANGELOGファイルは以下からも入手できる：<ulink url="https://nmap.org/nmap_changelog.html"/></para>
 
   </refsect1>
@@ -1367,6 +1503,7 @@ rttvar: 14987 to: 100000</computeroutput>。こうした行の内容が理解で
 
 <refsect2>
   <title>著作権と使用許諾</title>
+  <!-- Outdated info: Should refer users to English version for up-to-date legal information -->
 
 <para>Nmapセキュリティスキャナの著作権は、Insecure.Com LLCに帰属している（1996-2005）。また、Nmapは、Insecure.Com LLCの登録商標。このプログラムはフリーソフトウェアであり、Free Software Foundation（FSF）が発行するGNU一般公衆利用許諾契約書のバージョン2で定められている条件に従い、再配布、改変することが可能である。これは、特定の条件下でNmapを使用、改変、再配布する権利を保証するものである。Nmapの技術を独自仕様のソフトウェアに組み込むことを希望する場合は、喜んで別の形態のライセンスを販売する（その際は、<email>sales@insecure.com</email>に連絡）。多くのセキュリティスキャナのベンダーは、ホスト発見、ポートスキャン、OS検出、サービス/バージョンの検出などの、Nmap技術のライセンスを受けている。</para>
 

docs/man-xlate/nmap-man-pl.xml

@@ -8,6 +8,8 @@
   <refmeta>
     <refentrytitle>nmap</refentrytitle>
     <manvolnum>1</manvolnum>
+    <refmiscinfo class="source">Nmap</refmiscinfo>
+    <refmiscinfo class="manual">Opis programu Nmap</refmiscinfo>
   </refmeta>
   <refnamediv id="man-name">
     <refname>nmap</refname>
@@ -3048,7 +3050,7 @@ podobnie jak i UDP.</para>
     wyst&#281;puje, wykonaj troch&#281; test&#243;w dla okre&#347;lenia czy podobny problem nie 
     zosta&#322; ju&#380; wykryty i oznaczony. Spr&#243;buj poszuka&#263; Googlem komunikatu
     b&#322;&#281;du lub poprzegl&#261;daj archiwa listy dyskusyjnej Nmap-dev pod adresem
-    <ulink url="http://seclists.org/"/>. Przeczytaj r&#243;wnie&#380; ca&#322;a dokumentacj&#281;.
+    <ulink url="https://seclists.org/"/>. Przeczytaj r&#243;wnie&#380; ca&#322;a dokumentacj&#281;.
     Je&#347;li nic nie pomo&#380;e, wy&#347;lij raport opisuj&#261;cy b&#322;&#261;d po angielsku na adres
     <email>dev@nmap.org</email>. Prosz&#281; do&#322;&#261;cz wszystko co uda&#322;o Ci
     si&#281; ustali&#263; na temat tego problemu, jak r&#243;wnie&#380; informacj&#281; o u&#380;ywanej 

docs/man-xlate/nmap-man-pt_BR.xml

@@ -13,6 +13,8 @@
       <refentrytitle>nmap</refentrytitle>
 
       <manvolnum>1</manvolnum>
+    <refmiscinfo class="source">Nmap</refmiscinfo>
+    <refmiscinfo class="manual">Guia de Referência do Nmap</refmiscinfo>
     </refmeta>
 
     <refnamediv id="man-name">
@@ -210,7 +212,7 @@ PORT SPECIFICATION AND SCAN ORDER:
   -p &lt;port ranges&gt;: Only scan specified ports
     Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
   -F: Fast - Scan only the ports listed in the nmap-services file)
-  -r: Scan ports consecutively - don't randomize
+  -r: Scan ports sequentially - don't randomize
 SERVICE/VERSION DETECTION:
   -sV: Probe open ports to determine service/version info
   --version-intensity &lt;level&gt;: Set from 0 (light) to 9 (try all probes)
@@ -3765,7 +3767,7 @@ EXAMPLES:
       url="https://nmap.org/" />. Se o problema persistir, pesquise um
       pouco para determinar se o problema já foi descoberto e encaminhado.
       Tente procurar no Google pela mensagem de erro ou navegar nos arquivos
-      da Nmap-dev em <ulink url="http://seclists.org/" />. Se não encontrar
+      da Nmap-dev em <ulink url="https://seclists.org/" />. Se não encontrar
       nada, envie uma mensagem com um relatório do erro para
       <email>dev@nmap.org</email>. Por favor, inclua tudo o que
       souber sobre o problema, bem como a versão do Nmap que você está
@@ -3782,7 +3784,7 @@ EXAMPLES:
       <title>Autor</title>
 
       <para>Fyodor <email>fyodor@nmap.org</email> (<ulink
-      url="http://insecure.org" />)</para>
+      url="https://insecure.org" />)</para>
 
       <para>Centenas de pessoas fizeram contribuições valiosas para o Nmap ao
       longo dos anos. Isso está detalhado no arquivo <filename

docs/man-xlate/nmap-man-ro.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8" standalone="no"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <article id="man" lang="ro">
   <artheader>
     <title>Ghid de referinta Nmap (Pagina Man)</title>
@@ -7,6 +7,8 @@
     <refmeta>
       <refentrytitle>nmap</refentrytitle>
       <manvolnum>1</manvolnum>
+    <refmiscinfo class="source">Nmap</refmiscinfo>
+    <refmiscinfo class="manual">Ghid de referinta Nmap</refmiscinfo>
     </refmeta>
     <refnamediv id="man-name">
       <refname>nmap</refname>
@@ -125,17 +127,15 @@
       tradus din versiunea 2991 a textului original aflat la 
       <ulink url="https://nmap.org/man/">original English
       version</ulink>de Dan Catalin Vasile 
-      <email>hardware_cta@yahoo.com</email>. Traducerea a fost facuta cu scopul
+      <email>danvasile@danvasile.com</email>. Traducerea a fost facuta cu scopul
       de a asigura o intelegere mai buna a functionalitatilor Nmap intai pentru
       autor si mai apoi pentru toti vorbitorii nativi de limba romana. Autorul
       traducerii nu va poate garanta faptul ca traducerea este la fel de
       completa cu versiunea actualizata in limba engleza. Acest produs poate fi
       modificat si redistribuit in conditiile stipulate de 
       <ulink url="http://creativecommons.org/licenses/by/2.5/">Creative Commons
-      Attribution License</ulink>. Autorul traducerii va invita de asemenea pe
-      primul site dedicat profesionistilor in securitate informatica din
-      Romania: 
-      <ulink url="http://www.itsecure.ro">ITSecure</ulink>.</para>
+      Attribution License</ulink>.
+      </para>
     </refsect1>
     <refsect1 id="man-briefoptions">
       <title>Sumarul Optiunilor</title>
@@ -166,7 +166,7 @@
         &lt;ftp relay host&gt;: FTP bounce scan PORT SPECIFICATION AND SCAN
         ORDER: -p &lt;port ranges&gt;: Only scan specified ports Ex: -p22;
         -p1-65535; -p U:53,111,137,T:21-25,80,139,8080 -F: Fast - Scan only the
-        ports listed in the nmap-services file) -r: Scan ports consecutively -
+        ports listed in the nmap-services file) -r: Scan ports sequentially -
         don't randomize SERVICE/VERSION DETECTION: -sV: Probe open ports to
         determine service/version info --version-light: Limit to most likely
         probes for faster identification --version-all: Try every single probe
@@ -2943,7 +2943,7 @@
       persista, faceti munca de cercetare pentru a vedea daca problema a fost
       descoperita si discutata. Incercati cautarea in Google a mesajului de
       eroare sau navigand prin arhivele Nmap-dev la
-      <ulink url="http://seclists.org/"></ulink>. Cititi acest manual in
+      <ulink url="https://seclists.org/"></ulink>. Cititi acest manual in
       intregime de asemenea. Daca nimic nu se rezolva, trimiteti un mail la
       <email>dev@nmap.org</email>. Va rog sa includeti tot ce ati
       aflat despre problema, precum si versiunea de Nmap pe care o folositi si

docs/man-xlate/nmap-man-sk.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!-- $Id: manhtml.xml 2991 2005-12-12 10:21:33Z fyodor $ -->
 <article id="man" lang="sk">
 <artheader>
@@ -8,6 +8,8 @@
   <refmeta>
     <refentrytitle>nmap</refentrytitle>
     <manvolnum>1</manvolnum>
+    <refmiscinfo class="source">Nmap</refmiscinfo>
+    <refmiscinfo class="manual">Nmap - Referencna prirucka</refmiscinfo>
   </refmeta>
   <refnamediv id="man-name">
     <refname>nmap</refname>
@@ -125,18 +127,18 @@ Najnovsia verzia manualu je k dispozicii na adrese <ulink url="https://nmap.org/
 
   </refsect1>
   
-  <refsect1 id="man-translation">
-  <title>Poznamky o preklade</title>
-
-  <para>Tato slovenska verzia referencnej prirucky Nmapu bola prelozena z verzie
-  2991 <ulink
+  <refsect1 id="man-translation">
+  <title>Poznamky o preklade</title>
+
+  <para>Tato slovenska verzia referencnej prirucky Nmapu bola prelozena z verzie
+  2991 <ulink
   url="https://nmap.org/man/"> povodnej anglickej verzie </ulink> 
   Stanislavom Sivakom.  Dufam sice, ze tento preklad viac spristupni Nmap slovensky hovoriacim
   ludom na celom svete, ale nemozem zarucit, ze preklad je taky uplny alebo aktualny ako
-  oficialna anglicka verzia.
-  Toto dielo moze byt modifikovane a siritelne podla podmienok licencie <ulink
-  url="http://creativecommons.org/licenses/by/2.5/">Creative
-  Commons Attribution License</ulink>.</para>
+  oficialna anglicka verzia.
+  Toto dielo moze byt modifikovane a siritelne podla podmienok licencie <ulink
+  url="http://creativecommons.org/licenses/by/2.5/">Creative
+  Commons Attribution License</ulink>.</para>
 </refsect1>
 
   <refsect1 id="man-briefoptions">
@@ -2804,7 +2806,7 @@ Niektore riadku su samovysvetlujuce, no zvysovanim stupna debugovania sa straca
 	<ulink url="https://nmap.org/"/>.  Ak problem pretrvava,
 	preskumajte, ci uz nebol objaveny a adresovany. Vyskusajte pouzit google
 	s vyrazom chybovej spravy alebo prehladajte archivy Nmap-dev na adrese
-    <ulink url="http://seclists.org/"/>.  Precitajte si aj tento plny manual.
+    <ulink url="https://seclists.org/"/>.  Precitajte si aj tento plny manual.
 	Ak nenajdete nic podobne, poslite mail o bugu na adresu 
     <email>dev@nmap.org</email>.  Zahrnte vsetko, co ste sa dozvedeli
 	o probleme spolu s verziou Nmapu a operacnym systemom. Spravy o problemoch
@@ -2833,24 +2835,24 @@ Niektore riadku su samovysvetlujuce, no zvysovanim stupna debugovania sa straca
   <refsect1 id="man-legal">
     <title>Pravne prehlasenia</title>
 	
-	<refsect2 id="translation-disclaimer">
-  <title>Unofficial Translation Disclaimer/ Zrieknutie sa zaruky nad neoficialnym prekladom</title>
-
-  <para>This is an unnofficial translation of the <ulink
-  url="https://nmap.org/man/man-legal.html">Nmap
-  license details</ulink> into Slovak.  It was not written by
-  Insecure.Com LLC, and does not legally state the distribution terms
-  for Nmap -- only the original English text does that.  However, we
-  hope that this translation helps Slovak speakers understand the
-  Nmap license better.</para>
-
-  <para>Toto je len neoficialny preklad<ulink
+	<refsect2 id="translation-disclaimer">
+  <title>Unofficial Translation Disclaimer/ Zrieknutie sa zaruky nad neoficialnym prekladom</title>
+
+  <para>This is an unnofficial translation of the <ulink
+  url="https://nmap.org/man/man-legal.html">Nmap
+  license details</ulink> into Slovak.  It was not written by
+  Insecure.Com LLC, and does not legally state the distribution terms
+  for Nmap -- only the original English text does that.  However, we
+  hope that this translation helps Slovak speakers understand the
+  Nmap license better.</para>
+
+  <para>Toto je len neoficialny preklad<ulink
   url="https://nmap.org/man/man-legal.html">licencnych 
-  podrobnosti Nmapu </ulink> do slovenciny.  Nebol vytvoreny spolocnostou 
+  podrobnosti Nmapu </ulink> do slovenciny.  Nebol vytvoreny spolocnostou 
   Insecure.Com LLC a ani legalne nevyjadruje podmienky distribucie pre Nmap; to ma za ulohu
   len povodny anglicky text. Aj tak vsak dufame, ze tento preklad pomoze slovensky hovoriacim 
   ludom lepsie pochopit licenciu pre Nmap.
-  </para>
+  </para>
 </refsect2>
 
 <refsect2 id="nmap-copyright">

docs/man-xlate/nmap-man-zh.xml

@@ -7,6 +7,8 @@
   <refmeta>
     <refentrytitle>nmap</refentrytitle>
     <manvolnum>1</manvolnum>
+    <refmiscinfo class="source">Nmap</refmiscinfo>
+    <refmiscinfo class="manual">Nmap参考指南</refmiscinfo>
   </refmeta>
   <refnamediv id="man-name">
     <refname>nmap</refname>
@@ -152,7 +154,7 @@ PORT SPECIFICATION AND SCAN ORDER:
   -p &lt;port ranges&gt;: Only scan specified ports
     Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
   -F: Fast - Scan only the ports listed in the nmap-services file)
-  -r: Scan ports consecutively - don't randomize
+  -r: Scan ports sequentially - don't randomize
 SERVICE/VERSION DETECTION:
   -sV: Probe open ports to determine service/version info
   --version-light: Limit to most likely probes for faster identification
@@ -2311,7 +2313,7 @@ rttvar: 14987 to: 100000</computeroutput>。如果对某行输出不明白，
     <para>和作者一样，Nmap也不是完美的，但可以通过发送Bug报告甚至编写
     补丁使其更加完善。如果Nmap不能满足要求，首先从<ulink url="https://nmap.org/"/>
     升级最新版本。如果总问题仍然存在，需要进行调查以确定问题是否
-    已经被解决。在<ulink url="http://seclists.org/"/>尝试搜索出错消息或
+    已经被解决。在<ulink url="https://seclists.org/"/>尝试搜索出错消息或
     浏览Nmap-dev档案，以及仔细阅读使用手册。如果问题还是不能解决，发送
     Bug报告至<email>dev@nmap.org</email>。在报告中包含所有
     有关问题的信息，以及所使用的Nmap版本、操作系统版本。问题报告以及

docs/man-xlate/nmap-pl.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Autor" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 08/06/2021
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 04/12/2024
+.\"    Manual: Opis programu Nmap
+.\"    Source: Nmap
 .\"  Language: Polish
 .\"
-.TH "NMAP" "1" "08/06/2021" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "04/12/2024" "Nmap" "Opis programu Nmap"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -1465,7 +1465,7 @@ Skanuje 4096 adresów IP w poszukiwaniu serwerów WWW (bez pingowania ich) i zap
 .PP
 Jak i jego autor, Nmap nie jest doskonały\&. Możesz jednak pomóc przysyłając raporty dotyczące błędów lub nawet wysyłając własne poprawki\&. Jeśli Nmap nie zachowuje sie w sposób którego oczekujesz, zacznij od aktualizacji do najnowszej wersji dostępnej pod adresem
 \m[blue]\fB\%https://nmap.org/\fR\m[]\&. Jeśli problem nadal występuje, wykonaj trochę testów dla określenia czy podobny problem nie został już wykryty i oznaczony\&. Spróbuj poszukać Googlem komunikatu błędu lub poprzeglądaj archiwa listy dyskusyjnej Nmap\-dev pod adresem
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. Przeczytaj również cała dokumentację\&. Jeśli nic nie pomoże, wyślij raport opisujący błąd po angielsku na adres
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. Przeczytaj również cała dokumentację\&. Jeśli nic nie pomoże, wyślij raport opisujący błąd po angielsku na adres
 <dev@nmap\&.org>\&. Proszę dołącz wszystko co udało Ci się ustalić na temat tego problemu, jak również informację o używanej wersji Nmapa i systemie operacyjnym na którym jest uruchamiany\&. Opisy problemów i pytania dotyczące używania Nmapa wysłane na adres dev@nmap\&.org z większym prawdopodobieństwem doczekają sie szybkiej odpowiedzi, niż wysłane bezpośrednio do Fyodora\&.
 .PP
 Poprawki błędnego kodu są milej widziane, niż opisy błedów\&. Podstawowe instrukcje tworzenia poprawek są opisane na stronie

docs/man-xlate/nmap-pt_BR.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Autor" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2021
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 06/08/2025
+.\"    Manual: Guia de Referência do Nmap
+.\"    Source: Nmap
 .\"  Language: Portuguese (Brazil)
 .\"
-.TH "NMAP" "1" "06/08/2021" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "06/08/2025" "Nmap" "Guia de Referência do Nmap"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -155,7 +155,7 @@ PORT SPECIFICATION AND SCAN ORDER:
   \-p <port ranges>: Only scan specified ports
     Ex: \-p22; \-p1\-65535; \-p U:53,111,137,T:21\-25,80,139,8080
   \-F: Fast \- Scan only the ports listed in the nmap\-services file)
-  \-r: Scan ports consecutively \- don\*(Aqt randomize
+  \-r: Scan ports sequentially \- don\*(Aqt randomize
 SERVICE/VERSION DETECTION:
   \-sV: Probe open ports to determine service/version info
   \-\-version\-intensity <level>: Set from 0 (light) to 9 (try all probes)
@@ -1541,7 +1541,7 @@ Este exemplo escaneia 4096 endereços IP buscando por servidores web (sem usar o
 .PP
 Como seu autor, o Nmap não é perfeito\&. Mas você pode ajudar a torná\-lo melhor enviando relatórios de erros (bug reports) ou mesmo escrevendo correções\&. Se o Nmap não se comporta da forma que você espera, primeiro atualize para a versão mais atual disponível em
 \m[blue]\fB\%https://nmap.org/\fR\m[]\&. Se o problema persistir, pesquise um pouco para determinar se o problema já foi descoberto e encaminhado\&. Tente procurar no Google pela mensagem de erro ou navegar nos arquivos da Nmap\-dev em
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. Se não encontrar nada, envie uma mensagem com um relatório do erro para
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. Se não encontrar nada, envie uma mensagem com um relatório do erro para
 <dev@nmap\&.org>\&. Por favor, inclua tudo o que souber sobre o problema, bem como a versão do Nmap que você está executando e em qual versão e sistema operacional você está rodando\-o\&.
 .PP
 Correções codificadas para consertar os erros são ainda melhores que os relatórios de erro\&. Instruções básicas para a criação de arquivos de correções com as suas alterações estão disponíveis em
@@ -1550,7 +1550,7 @@ Correções codificadas para consertar os erros são ainda melhores que os relat
 .PP
 Fyodor
 <fyodor@nmap\&.org>
-(\m[blue]\fB\%http://insecure.org\fR\m[])
+(\m[blue]\fB\%https://insecure.org\fR\m[])
 .PP
 Centenas de pessoas fizeram contribuições valiosas para o Nmap ao longo dos anos\&. Isso está detalhado no arquivo
 CHANGELOG

docs/man-xlate/nmap-pt_PT.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Autor" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 28/09/2018
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 06/08/2025
+.\"    Manual: Guia de Referência do Nmap
+.\"    Source: Nmap
 .\"  Language: Portuguese
 .\"
-.TH "NMAP" "1" "28/09/2018" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "06/08/2025" "Nmap" "Guia de Referência do Nmap"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -158,9 +158,9 @@ DETECÇÃO DO SO:
   \-\-osscan\-guess: Efectuar o rastreio do SO de forma mais agressiva
 TIMING AND PERFORMANCE:
   \-T[0\-6]: Ajustar o tempo do modelo(template) (maior é mais rápido)
-  \-\-min\-hostgroup/max\-hostgroup <msec>: Tamanho dos grupos de rastreio(scan)
+  \-\-min\-hostgroup/max\-hostgroup <tamanho>: Tamanho dos grupos de rastreio(scan)
  de anfitrião(host) paralelo
-  \-\-min\-parallelism/max\-parallelism <msec>: Rastreio paralelismo
+  \-\-min\-parallelism/max\-parallelism <numprobes>: Rastreio paralelismo
   \-\-min\-rtt\-timeout/max\-rtt\-timeout/initial\-rtt\-timeout <msec>: Ajustar o
       tempo de retorno do rastreio\&.
   \-\-host\-timeout <msec>: Desistir de um alvo após este tempo
@@ -839,7 +839,7 @@ Uma das minhas mais altas prioridades no desenvolvimento do Nmap tem sido o dese
 .PP
 Técnicas para melhorar os tempos de rastreio(scan) incluem omitir testes não\-críticos e atualizar até a versão mais recente do Nmap (melhorias de desempenho são feitas freqüentemente)\&. Otimizar os parâmetros de tempo também podem fazer uma grande diferença\&. Essas opções estão listadas abaixo\&.
 .PP
-\fB\-\-min\-hostgroup <milissegundos>\fR; \fB\-\-max\-hostgroup <milissegundos>\fR (Ajuste dos tamanhos dos grupos de rastreio(scan) paralelos)
+\fB\-\-min\-hostgroup <tamanho>\fR; \fB\-\-max\-hostgroup <tamanho>\fR (Ajuste dos tamanhos dos grupos de rastreio(scan) paralelos)
 .RS 4
 O Nmap tem a habilidade de fazer um rastreio(scan) de portas ou de versões em múltiplos anfitriões(hosts) em paralelo\&. O Nmap faz isso dividindo a faixa de endereços IP\-alvo em grupos e então rastreando um grupo de cada vez\&. No geral grupos maiores são mais eficientes\&. A contrapartida é que os resultados dos anfitriões(hosts) não pode ser fornecido até que o grupo inteiro tenha terminado\&. Portanto se o Nmap começou com um tamanho de grupo igual a 50, o usuário não receberia nenhum relatório (exceto pelas atualizações mostradas no modo verbose) até que os primeiros 50 anfitriões(hosts) tivessem completado\&.
 .sp
@@ -853,7 +853,7 @@ e o Nmap irá tentar manter o tamanho dos grupos acima desse nível\&. O Nmap po
 O uso primário destas opções é especificar um tamanho de grupo mínimo grande de forma que o rastreio(scan) completo seja executado mais rapidamente\&. Uma escolha comum é 256 para rastrear(scan) uma rede em blocos de tamanho Classe C\&. Para um rastreio(scan) com muitas portas exceder esse número não irá ajudar muito\&. Para rastreios(scans) com poucos números de portas um tamanho de grupo de anfitriões(hosts) de 2048 ou mais pode ser útil\&.
 .RE
 .PP
-\fB\-\-min\-parallelism <milissegundos>\fR; \fB\-\-max\-parallelism <milissegundos>\fR (Ajuste da paralelização das sondagens)
+\fB\-\-min\-parallelism <numprobes>\fR; \fB\-\-max\-parallelism <numprobes>\fR (Ajuste da paralelização das sondagens)
 .RS 4
 Estas opções controlam o número total de sondagens que podem estar pendentes para um grupo de anfitriões(hosts)\&. Elas são usadas para o rastreio(scan) de portas e para a descoberta de anfitriões(hosts)\&. Por default o Nmap calcula um paralelismo ideal e constantemente actualizado baseado no desempenho da rede\&. Se os pacotes estiverem sendo descartados o Nmap reduz o ritmo e liberta menos sondagens pendentes\&. O número de sondagens ideal aumenta vagarosamente conforme a rede se mostre mais confiável\&. Estas opções estabelecem limites mínimo e máximo nessa variável\&. Por default o paralelismo ideal pode cair até 1 se a rede se mostrar não\-confiável e subir até diversas centenas em condições perfeitas\&.
 .sp
@@ -1436,7 +1436,7 @@ Faz uma transferência de zona DNS para descobrir os anfitriões(hosts) em compa
 .PP
 Como o seu autor, o Nmap não é perfeito\&. Mas pode ajudar a torná\-lo melhor enviando relatórios de erros (bug reports) ou mesmo escrevendo correções\&. Se o Nmap não se comporta da forma que espera, primeiro actualize para a versão mais atual disponível em
 \m[blue]\fB\%https://nmap.org/\fR\m[]\&. Se o problema persistir, pesquise um pouco para determinar se o problema já foi descoberto e encaminhado\&. Tente procurar no Google pela mensagem de erro ou navegar nos arquivos da Nmap\-dev em
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. Se não encontrar nada envie uma mensagem com um relatório do erro para
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. Se não encontrar nada envie uma mensagem com um relatório do erro para
 <dev@nmap\&.org>\&. Por favor inclua tudo o que souber sobre o problema bem como a versão do Nmap que está executando e em qual versão e sistema operativo que está a usar\&.
 .PP
 Correções codificadas para concertar os erros são ainda melhores que os relatórios de erro\&. Instruções básicas para a criação de arquivos de correções com as suas alterações estão disponíveis em

docs/man-xlate/nmap-ro.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 09/28/2018
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 05/17/2023
+.\"    Manual: Ghid de referinta Nmap
+.\"    Source: Nmap
 .\"  Language: Romanian
 .\"
-.TH "NMAP" "1" "09/28/2018" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "05/17/2023" "Nmap" "Ghid de referinta Nmap"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -98,9 +98,8 @@ Cea mai noua versiune de Nmap poate fi obtinuta de la
 .PP
 Aceasta editie inlimba romana a Ghidului de referinta Nmap a fost tradus din versiunea 2991 a textului original aflat la
 \m[blue]\fBoriginal English version\fR\m[]\&\s-2\u[1]\d\s+2de Dan Catalin Vasile
-<hardware_cta@yahoo\&.com>\&. Traducerea a fost facuta cu scopul de a asigura o intelegere mai buna a functionalitatilor Nmap intai pentru autor si mai apoi pentru toti vorbitorii nativi de limba romana\&. Autorul traducerii nu va poate garanta faptul ca traducerea este la fel de completa cu versiunea actualizata in limba engleza\&. Acest produs poate fi modificat si redistribuit in conditiile stipulate de
-\m[blue]\fBCreative Commons Attribution License\fR\m[]\&\s-2\u[2]\d\s+2\&. Autorul traducerii va invita de asemenea pe primul site dedicat profesionistilor in securitate informatica din Romania:
-\m[blue]\fBITSecure\fR\m[]\&\s-2\u[3]\d\s+2\&.
+<danvasile@danvasile\&.com>\&. Traducerea a fost facuta cu scopul de a asigura o intelegere mai buna a functionalitatilor Nmap intai pentru autor si mai apoi pentru toti vorbitorii nativi de limba romana\&. Autorul traducerii nu va poate garanta faptul ca traducerea este la fel de completa cu versiunea actualizata in limba engleza\&. Acest produs poate fi modificat si redistribuit in conditiile stipulate de
+\m[blue]\fBCreative Commons Attribution License\fR\m[]\&\s-2\u[2]\d\s+2\&.
 .SH "SUMARUL OPTIUNILOR"
 .PP
 Acest sumar al optiunilor este printat cand Nmap este rulat fara nici un argument si ultima versiune este disponibila la
@@ -130,7 +129,7 @@ Usage: nmap [Scan
         <ftp relay host>: FTP bounce scan PORT SPECIFICATION AND SCAN
         ORDER: \-p <port ranges>: Only scan specified ports Ex: \-p22;
         \-p1\-65535; \-p U:53,111,137,T:21\-25,80,139,8080 \-F: Fast \- Scan only the
-        ports listed in the nmap\-services file) \-r: Scan ports consecutively \-
+        ports listed in the nmap\-services file) \-r: Scan ports sequentially \-
         don\*(Aqt randomize SERVICE/VERSION DETECTION: \-sV: Probe open ports to
         determine service/version info \-\-version\-light: Limit to most likely
         probes for faster identification \-\-version\-all: Try every single probe
@@ -138,9 +137,9 @@ Usage: nmap [Scan
         activity (for debugging) OS DETECTION: \-O: Enable OS detection
         \-\-osscan\-limit: Limit OS detection to promising targets \-\-osscan\-guess:
         Guess OS more aggressively TIMING AND PERFORMANCE: \-T[0\-5]: Set timing
-        template (higher is faster) \-\-min\-hostgroup/max\-hostgroup <msec>:
+        template (higher is faster) \-\-min\-hostgroup/max\-hostgroup <size>:
         Parallel host scan group sizes \-\-min\-parallelism/max\-parallelism
-        <msec>: Probe parallelization
+        <numprobes>: Probe parallelization
         \-\-min\-rtt\-timeout/max\-rtt\-timeout/initial\-rtt\-timeout <msec>:
         Specifies probe round trip time\&. \-\-host\-timeout <msec>: Give up
         on target after this long \-\-scan\-delay/\-\-max\-scan\-delay <msec>:
@@ -324,11 +323,11 @@ Principalul avantaj al acestui tip de scanare este ca poate trece de firewalluri
 .RS 4
 Pe langa tipurile de descoperire TCP si UDP uzuale discutate anterior, Nmap poate trimite pachete standard prin intermediul omniprezentului
 ping\&. Nmap un pachet ICMP de tipul 8 (solicitare de raspuns) catre adresa IP tinta, asteptand un pachet de tip 0 (raspuns) in schimb de la hosturile disponibile\&. Din pacate pentru exploratorii de retele, in zilele noastre multe hosturi si firewalluri blocheaza aceste pachete, in loc sa raspunda in conformitate cu
-\m[blue]\fBRFC1122\fR\m[]\&\s-2\u[4]\d\s+2\&. Din acest motiv scanarile ICMP simple sau rareori de incredere impotriva unor tinte necunoscute din Internet\&. Dar pentru administratorii de sistem care monitorizeaza o retea interna, ea poate fi o abordare practica si eficienta\&. Folositi optiunea
+\m[blue]\fBRFC1122\fR\m[]\&\s-2\u[3]\d\s+2\&. Din acest motiv scanarile ICMP simple sau rareori de incredere impotriva unor tinte necunoscute din Internet\&. Dar pentru administratorii de sistem care monitorizeaza o retea interna, ea poate fi o abordare practica si eficienta\&. Folositi optiunea
 \fB\-PE\fRpentru a activa acest comportament de solicitare a raspunsului\&.
 .sp
 Cu toate ca cererile de raspuns ICMP sunt standard, Nmap nu se opreste aici\&. Standardul ICMP (
-\m[blue]\fBRFC792\fR\m[]\&\s-2\u[5]\d\s+2) specifica de asemenea solicitarea amprentei de timp, a informatiilor si a mastii de retea corespunzatoare codurilor 13,15 si 17\&. Aceste solicitari au ca scop aflarea de informatii precum amprenta de timp sau masca de retea dar pot fi usor folosite si la descoperirea hosturilor\&. Un sistem care raspunde este disponibil\&. Nmap nu implementeaza inca solicitarea de informatii (15) deoarece acestea nu beneficiaza de o implementare la nivel larg\&. RFC 1122 insista ca
+\m[blue]\fBRFC792\fR\m[]\&\s-2\u[4]\d\s+2) specifica de asemenea solicitarea amprentei de timp, a informatiilor si a mastii de retea corespunzatoare codurilor 13,15 si 17\&. Aceste solicitari au ca scop aflarea de informatii precum amprenta de timp sau masca de retea dar pot fi usor folosite si la descoperirea hosturilor\&. Un sistem care raspunde este disponibil\&. Nmap nu implementeaza inca solicitarea de informatii (15) deoarece acestea nu beneficiaza de o implementare la nivel larg\&. RFC 1122 insista ca
 „un host NU TREBUIE sa implmenteze aceste mesaje\(rq\&. Solicitarile de amprenta de timp si masca de retea pot fi trimise cu ajutorul optiunilor
 \fB\-PP\fR, respectiv
 \fB\-PM\fR\&. Un raspuns amprenta de timp (ICMP cod 14) sau un raspuns masca de retea (cod 18) dezvaluie un host disponibil\&. Aceste doua interogari pot fi de folos cand administratorul de retea blocheaza pingul ICMP standard uitand faptul ca si celelalte solicitari ICMP pot fi folosite in acelasi scop\&.
@@ -442,7 +441,7 @@ connect()cu pachete brute, facandu\-l mai putin eficient\&. Apelul de sistem com
 \fB\-sU\fR(Scanare UDP)
 .RS 4
 In tim ce multe servicii in Internet ruleaza prin protocolul TCP, serviciile
-\m[blue]\fBUDP\fR\m[]\&\s-2\u[6]\d\s+2sunt si ele raspandite\&. DNS, SNMP si DHCP (porturile inregistrate 53, 161/162 si 67/68) sunt trei dintre cele mai comune\&. Deoarece scanarea UDP este in general lenta si mai dificila decat TCP, unii auditori de securitate ignora aceste porturi\&. Aceasta este o greseala, deoarece serviciile UDP exploatabile sunt destul de cunoscute si atacatorii cu siguranta nu vor ignora un intreg protocol\&. Din fericire, Nmap poate ajuta la inventarierea porturilor UDP\&.
+\m[blue]\fBUDP\fR\m[]\&\s-2\u[5]\d\s+2sunt si ele raspandite\&. DNS, SNMP si DHCP (porturile inregistrate 53, 161/162 si 67/68) sunt trei dintre cele mai comune\&. Deoarece scanarea UDP este in general lenta si mai dificila decat TCP, unii auditori de securitate ignora aceste porturi\&. Aceasta este o greseala, deoarece serviciile UDP exploatabile sunt destul de cunoscute si atacatorii cu siguranta nu vor ignora un intreg protocol\&. Din fericire, Nmap poate ajuta la inventarierea porturilor UDP\&.
 .sp
 Scanarea UDP este acivata cu optiunea
 \fB\-sU\fR\&. Poate fi combinata cu o scanare TCP cum ar fi scanrea SYN (
@@ -466,7 +465,7 @@ Nmap detecteaza rata de limitare si incetineste scanarea in conformitate cu acea
 .RS 4
 Aceste trei tipuri de scanare (chiar si mai multe posibile folosind optiunea
 \fB\-\-scanflags\fRdescrisa in aceasta sectiune) exploateaza o portita din
-\m[blue]\fBTCP RFC\fR\m[]\&\s-2\u[7]\d\s+2pentru a diferentia intre porturile
+\m[blue]\fBTCP RFC\fR\m[]\&\s-2\u[6]\d\s+2pentru a diferentia intre porturile
 deschise (open)si cele
 inchise (closed)\&. Pagina 65 spune ca
 „daca starea portului [destinatie] este INCHIS \&.\&.\&. un segment de intrare care nu contine un RST face ca un raspuns RST sa fie trimis inapoi\(rqIn urmatoarea pagina se discuta pachetele trimise catre porturile deschise fara bitii SYN, RST sau ACK setati, specificand ca:
@@ -588,7 +587,7 @@ deschis|filtrat (open|filtered)
 \fB\-b <host ftp de intermediere>\fR(Scanare FTP sarita)
 .RS 4
 Un aspect interesant al protocolului FTP (
-\m[blue]\fBRFC 959\fR\m[]\&\s-2\u[8]\d\s+2) este suportul pentru asa numitele conexiuni proxy ftp\&. Acesta permite utilizatorului conectarea la un server FTP si apoi solicitarea ca anumite fisiere sa fie trimise pe un al alt server\&. O astfel de functionalitate poate fi folosita pentru abuzuri asa ca multe servere au incetat sa o mai suporte\&. Unul dintre aceste abuzuri face ca serverul FTP sa scaneze alte hosturi\&. Cereti serverului sa trimita un fisier la fiecare port al masinii tinta\&. Mesajul de eroare va descrie daca portul este inchis sau deschis\&. Este o buna modalitate de a sari un firewall deoarece FTPurile sunt adesea plasate in zone cu acces la reteaua interna\&. Nmap suporta scanarea ftp sarita prin optiunea
+\m[blue]\fBRFC 959\fR\m[]\&\s-2\u[7]\d\s+2) este suportul pentru asa numitele conexiuni proxy ftp\&. Acesta permite utilizatorului conectarea la un server FTP si apoi solicitarea ca anumite fisiere sa fie trimise pe un al alt server\&. O astfel de functionalitate poate fi folosita pentru abuzuri asa ca multe servere au incetat sa o mai suporte\&. Unul dintre aceste abuzuri face ca serverul FTP sa scaneze alte hosturi\&. Cereti serverului sa trimita un fisier la fiecare port al masinii tinta\&. Mesajul de eroare va descrie daca portul este inchis sau deschis\&. Este o buna modalitate de a sari un firewall deoarece FTPurile sunt adesea plasate in zone cu acces la reteaua interna\&. Nmap suporta scanarea ftp sarita prin optiunea
 \fB\-b\fR\&. Preia un argument de forma
 \fInumeutilizator\fR:
 \fIparola\fR@
@@ -749,7 +748,7 @@ Una dintre prioritatile principale in dezvoltarea Nmapului a fost performanta\&.
 .PP
 Tehnicile pentru imbunatatirea vitezei de scanare includ omiterea testelor ne\-critice si upgradeul la ultima versiune de Nmap (imbunatatiri de performanta se realizeaza frecvent)\&. Optimizarea parametrilor de timp poate aduce de asemenea un spor substantial\&. Aceste optuni sunt prezentate in cele ce urmeaza\&.
 .PP
-\fB\-\-min\-hostgroup <milisecunde>\fR; \fB\-\-max\-hostgroup<milisecunde>\fR(Ajusteaza dimensiunea grupurilor pentru scanari paralele)
+\fB\-\-min\-hostgroup <dimensiune>\fR; \fB\-\-max\-hostgroup<dimensiune>\fR(Ajusteaza dimensiunea grupurilor pentru scanari paralele)
 .RS 4
 Nmap are capacitatea de a scana porturi sau versiuni pe mai multe hosturi in paralel\&. Nmap realizeaza acest lucru prin divizarea spatiului de adrese IP tinta in grupuri si scanand fiecare grup pe rand\&. In general, grupurile mari sunt mult mai eficiente\&. Aspectul negativ este ca rezultatul scanarii pentru fiecare host nu poate fi furnizat pana ce nu e terminata scanarea pentru intregul grup\&. Daca Nmap porneste scanarea unui grup de 50 de hosturi, utilizatorul nu va primi nici un raport (cu exceptia updateurilor oferite de modul vizualizare detaliata) pana ce primele nu s\-a terminat scanarea pentru aceste hosturi\&.
 .sp
@@ -995,11 +994,11 @@ formatul interactiv\&.
 .RS 4
 Cere ca
 formatul XMLsa fie directionat catre fisierul specificat\&. Nmap include o definitie a tipului de document (DTD) care permite analizatoarelor XML sa valideze fisierele cu rezultate in format XML\&. Desi este in principal folosit in programare, el poate ajuta si oamenii sa interpreteze rezultatele\&. DTD defineste elementele legale ale formatului si adesea enumera atributele si valorile pe care le pot lua\&. Ultima versiune este intotdeauna disponibila la
-\m[blue]\m[]\&\s-2\u[9]\d\s+2\&.
+\m[blue]\m[]\&\s-2\u[8]\d\s+2\&.
 .sp
 XML ofera un format stabil care este usor interpretat de software\&. Analizatoare XML sunt disponibile pentru majoritate limbajelor de programare, incluzand C/C++, Perl, Python si Java\&. Oamenii au scris programe pentru majoritatea acestor limbaje care interpreteaza direct rezultatele Nmap\&. Exemplele sunt
-\m[blue]\fBNmap::Scanner\fR\m[]\&\s-2\u[10]\d\s+2si
-\m[blue]\fBNmap::Parser\fR\m[]\&\s-2\u[11]\d\s+2in Perl CPAN\&. In majoritatea cazurilor in care o aplicatie interfereaza cu Nmap, XML este formatul preferat\&.
+\m[blue]\fBNmap::Scanner\fR\m[]\&\s-2\u[9]\d\s+2si
+\m[blue]\fBNmap::Parser\fR\m[]\&\s-2\u[10]\d\s+2in Perl CPAN\&. In majoritatea cazurilor in care o aplicatie interfereaza cu Nmap, XML este formatul preferat\&.
 .sp
 Formatul XML referentiaza un format de pagina XSL care poate fi folosit pentru convertirea rezultatelor in HTML\&. Cea mai usoara cale de a realiza acest lucru o reprezinta simpla incarcare a fisierului XML intr\-un browser cum ar fi Firefox sau IE\&. Implicit, acest lucru functioneaza doar pe masinile pe care rulati Nmap (sau pe cele configurate similar) din cauza caii fisierului
 nmap\&.xsl\&. Folositi optiunile
@@ -1040,7 +1039,7 @@ informatii SunRPC, si
 Informatii despre versiune\&.
 .sp
 Ca si pentru formaul XML, aceasta pagina man nu permite documentarea intregului format\&. O detaliere a formatului pentru comanda grep este disponibila la
-\m[blue]\m[]\&\s-2\u[12]\d\s+2\&.
+\m[blue]\m[]\&\s-2\u[11]\d\s+2\&.
 .RE
 .PP
 \fB\-oA <nume_de_baza>\fR(Scrie in toate formatele)
@@ -1271,7 +1270,7 @@ Realizeaza un transfer de zona DNS pentru a gasi toate hosturile din company\&.c
 .PP
 Asemeni autorului, Nmap nu este perfect\&. Dar ilputeti face mai bun trimitand rapoarte despre problemele aparute si chiar scriind patchuri\&. daca Nmap nu se comporta in modul in care va asteptati, faceti upgradeul la ultima versiune disponibila la
 \m[blue]\fB\%https://nmap.org/\fR\m[]\&. Daca problema persista, faceti munca de cercetare pentru a vedea daca problema a fost descoperita si discutata\&. Incercati cautarea in Google a mesajului de eroare sau navigand prin arhivele Nmap\-dev la
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. Cititi acest manual in intregime de asemenea\&. Daca nimic nu se rezolva, trimiteti un mail la
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. Cititi acest manual in intregime de asemenea\&. Daca nimic nu se rezolva, trimiteti un mail la
 <dev@nmap\&.org>\&. Va rog sa includeti tot ce ati aflat despre problema, precum si versiunea de Nmap pe care o folositi si sistemul de operare\&. Problemele si intrebarile legate de utilizarea Nmapului trimise la dev@nmap\&.org au sanse mult mai mari de a li se raspunde decat cele trimise direct la Fyodor\&.
 .PP
 Patchurile de rezolvare a problemelor sunt si mai bune decat rapoartele despre problema in sine\&. Instructiuni de baza pentru crearea patchurilor sunt disponibile la
@@ -1284,15 +1283,15 @@ Fyodor
 .PP
 Sute de oameni au facut contributii importante la Nmap de\-a lungul timpului\&. Ei sunt mentionati in fisierul
 CHANGELOGdistribuit cu Nmap si disponibil la
-\m[blue]\m[]\&\s-2\u[13]\d\s+2\&.
+\m[blue]\m[]\&\s-2\u[12]\d\s+2\&.
 .SH "ASPECTE LEGALE"
 .SS "Unofficial Translation Disclaimer / Disculparea fata de traducerea neoficiala"
 .PP
 This is an unnofficial translation of the
-\m[blue]\fBNmap license details\fR\m[]\&\s-2\u[14]\d\s+2into Romanian\&. It was not written by Insecure\&.Com LLC, and does not legally state the distribution terms for Nmap \-\- only the original English text does that\&. However, we hope that this translation helps Romanian speakers understand the Nmap license better\&.
+\m[blue]\fBNmap license details\fR\m[]\&\s-2\u[13]\d\s+2into Romanian\&. It was not written by Insecure\&.Com LLC, and does not legally state the distribution terms for Nmap \-\- only the original English text does that\&. However, we hope that this translation helps Romanian speakers understand the Nmap license better\&.
 .PP
 Aceasta este traducerea neoficiala a
-\m[blue]\fBdetaliilor de licenta ale Nmap\fR\m[]\&\s-2\u[14]\d\s+2in limba romana\&. Nu a fost scrisa de Insecure\&.Com LLC si nu statueaza in mod legal termenii distributiei Nmap – numai textul original in limba engleza realizeaza acest lucru\&. Oricum speram ca aceasta traducere sa ajute vorbitorii de limba romana sa inteleaga termenii licentei Nmap mai bine\&.
+\m[blue]\fBdetaliilor de licenta ale Nmap\fR\m[]\&\s-2\u[13]\d\s+2in limba romana\&. Nu a fost scrisa de Insecure\&.Com LLC si nu statueaza in mod legal termenii distributiei Nmap – numai textul original in limba engleza realizeaza acest lucru\&. Oricum speram ca aceasta traducere sa ajute vorbitorii de limba romana sa inteleaga termenii licentei Nmap mai bine\&.
 .SS "Dreptul de autor si licentiere"
 .PP
 Scanerul de securitate Nmap este (C) 1996\-2005 a Insecure\&.Com LLC\&. Nmap este marca inregistrata a Insecure\&.Com LLC\&. Acest program este software liber; il puteti redistribui si/sau modifica sub termenii Licentei Publice Generale (GNU General Public License) asa cum este publicata de Free Software Foundation; Versiunea 2\&. Aceasta va garanteaza dreptul de folosire, modificare si redistribuire sub anumite conditii\&. Daca doriti sa incorporati tehnologie Nmap in software proprietar, suntem dispusi sa vindem licente alternative (contact
@@ -1394,12 +1393,12 @@ Din ratiuni de securitate Nmap nu ar trebui instalat niciodata cu privilegii spe
 .SS "Software de la terti"
 .PP
 Acest produs iclude software dezvoltat de
-\m[blue]\fBApache Software Foundation\fR\m[]\&\s-2\u[15]\d\s+2\&. O versiune modificata a
-\m[blue]\fBbibliotecii de captura a pachetelor Libpcapportable\fR\m[]\&\s-2\u[16]\d\s+2este distribuita impreuna cu Nmap\&. Versiunea de Windows a Nmap utilizeaza biblioteca derivata din libpcap,
-\m[blue]\fBWinPcap\fR\m[]\&\s-2\u[17]\d\s+2\&. Suportul pentru expresiile regulate este furnizat de
-\m[blue]\fBPCRE library\fR\m[]\&\s-2\u[18]\d\s+2, software open source, scris de Philip Hazel\&. Anumite functii brute de retea folosesc biblioteca
-\m[blue]\fBLibdnet\fR\m[]\&\s-2\u[19]\d\s+2, scrisa de Dug Song\&. O versiune modificata este distribuita cu Nmap\&. Optional Nmap se poate lega de
-\m[blue]\fBTrusa criptografica OpenSSL\fR\m[]\&\s-2\u[20]\d\s+2pentru suportul de detectare a versiunii SSL\&. Toate softurile de la terti descrise in acest paragraf sunt redistribuibile gratuit sub licente de tipul BSD\&.
+\m[blue]\fBApache Software Foundation\fR\m[]\&\s-2\u[14]\d\s+2\&. O versiune modificata a
+\m[blue]\fBbibliotecii de captura a pachetelor Libpcapportable\fR\m[]\&\s-2\u[15]\d\s+2este distribuita impreuna cu Nmap\&. Versiunea de Windows a Nmap utilizeaza biblioteca derivata din libpcap,
+\m[blue]\fBWinPcap\fR\m[]\&\s-2\u[16]\d\s+2\&. Suportul pentru expresiile regulate este furnizat de
+\m[blue]\fBPCRE library\fR\m[]\&\s-2\u[17]\d\s+2, software open source, scris de Philip Hazel\&. Anumite functii brute de retea folosesc biblioteca
+\m[blue]\fBLibdnet\fR\m[]\&\s-2\u[18]\d\s+2, scrisa de Dug Song\&. O versiune modificata este distribuita cu Nmap\&. Optional Nmap se poate lega de
+\m[blue]\fBTrusa criptografica OpenSSL\fR\m[]\&\s-2\u[19]\d\s+2pentru suportul de detectare a versiunii SSL\&. Toate softurile de la terti descrise in acest paragraf sunt redistribuibile gratuit sub licente de tipul BSD\&.
 .SS "Clasificarea de control al exportului din SUA"
 .PP
 Clasificarea de control al exportului din SUA: Insecure\&.Com LLC considera ca Nmap cade sub incidenta US ECCN (numarul de control al clasificarii de export) 5D992\&. Aceasta categorie este denumita
@@ -1416,88 +1415,83 @@ Creative Commons Attribution License
 \%http://creativecommons.org/licenses/by/2.5/
 .RE
 .IP " 3." 4
-ITSecure
-.RS 4
-\%http://www.itsecure.ro
-.RE
-.IP " 4." 4
 RFC1122
 .RS 4
 \%http://www.rfc-editor.org/rfc/rfc1122.txt
 .RE
-.IP " 5." 4
+.IP " 4." 4
 RFC792
 .RS 4
 \%http://www.rfc-editor.org/rfc/rfc792.txt
 .RE
-.IP " 6." 4
+.IP " 5." 4
 UDP
 .RS 4
 \%http://www.rfc-editor.org/rfc/rfc768.txt
 .RE
-.IP " 7." 4
+.IP " 6." 4
 TCP RFC
 .RS 4
 \%http://www.rfc-editor.org/rfc/rfc793.txt
 .RE
-.IP " 8." 4
+.IP " 7." 4
 RFC 959
 .RS 4
 \%http://www.rfc-editor.org/rfc/rfc959.txt
 .RE
-.IP " 9." 4
+.IP " 8." 4
 .RS 4
 \%https://nmap.org/data/nmap.dtd
 .RE
-.IP "10." 4
+.IP " 9." 4
 Nmap::Scanner
 .RS 4
 \%http://sourceforge.net/projects/nmap-scanner/
 .RE
-.IP "11." 4
+.IP "10." 4
 Nmap::Parser
 .RS 4
 \%http://www.nmapparser.com
 .RE
-.IP "12." 4
+.IP "11." 4
 .RS 4
 \%http://www.unspecific.com/nmap-oG-output
 .RE
-.IP "13." 4
+.IP "12." 4
 .RS 4
 \%https://nmap.org/nmap_changelog.html
 .RE
-.IP "14." 4
+.IP "13." 4
 Nmap license details
 .RS 4
 \%https://nmap.org/man/man-legal.html
 .RE
-.IP "15." 4
+.IP "14." 4
 Apache Software Foundation
 .RS 4
 \%http://www.apache.org
 .RE
-.IP "16." 4
+.IP "15." 4
 bibliotecii de captura a pachetelor Libpcapportable
 .RS 4
 \%http://www.tcpdump.org
 .RE
-.IP "17." 4
+.IP "16." 4
 WinPcap
 .RS 4
 \%http://www.winpcap.org
 .RE
-.IP "18." 4
+.IP "17." 4
 PCRE library
 .RS 4
 \%http://www.pcre.org
 .RE
-.IP "19." 4
+.IP "18." 4
 Libdnet
 .RS 4
 \%http://libdnet.sourceforge.net
 .RE
-.IP "20." 4
+.IP "19." 4
 Trusa criptografica OpenSSL
 .RS 4
 \%http://www.openssl.org

docs/man-xlate/nmap-ru.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Автор" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 03/29/2019
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 08/06/2025
+.\"    Manual: Справочное руководство Nmap
+.\"    Source: Nmap
 .\"  Language: Russian
 .\"
-.TH "nmap" "1" "03/29/2019" "[FIXME: source]" "[FIXME: manual]"
+.TH "nmap" "1" "08/06/2025" "Nmap" "Справочное руководство Nmap"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -204,7 +204,7 @@ Nmap 4\&.76 ( https://nmap\&.org )
   или \*(Aqh\*(Aq (часы) к значению (напр\&. 30m)\&.
   \-T[0\-5]: Установить шаблон настроек управления временем (больше \- быстрее)
   \-\-min\-hostgroup/max\-hostgroup <кол_хостов>: Установить размер групп для параллельного сканирования
-  \-\-min\-parallelism/max\-parallelism <кол_хостов>: Регулирует распараллеливание запросов
+  \-\-min\-parallelism/max\-parallelism <количество_запросов>: Регулирует распараллеливание запросов
   \-\-min\-rtt\-timeout/max\-rtt\-timeout/initial\-rtt\-timeout <время>: Регулирует время ожидания ответа на запрос
   \-\-max\-retries <количество_попыток>: Задает максимальное количество повторных передач запроса
   \-\-host\-timeout <время>: Прекращает сканирование медленных целей
@@ -1504,7 +1504,7 @@ S, затем пробела, а затем разделенный пробел
 .sp
 Если вы хотите заданные опции в передаваемых и получаемых пакетах, задайте опцию
 \fB\-\-packet\-trace\fR\&. Для большей информации и примеров использования IP опций с Nmap, смотрите
-\m[blue]\fB\%http://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]\&.
+\m[blue]\fB\%https://seclists.org/nmap-dev/2006/q3/0052.html\fR\m[]\&.
 .RE
 .PP
 \fB\-\-ttl \fR\fB\fIзначение\fR\fR (Установить IP поле time\-to\-live (время жизни)
@@ -2040,11 +2040,11 @@ scanme\&.nmap\&.org
 .PP
 Как и ее автор, Nmap не идеальна\&. Но вы можете сделать ее лучше посылая нам отчеты об ошибках или даже написав патч\&. Если Nmap ведет себя не так, как вы ожидаете, то для начала обновитесь до последней версии с
 \m[blue]\fB\%https://nmap.org\fR\m[]\&. Если проблема останется, то выясните, не была ли эта проблема уже обнаружена кем\-то\&. Попробуйте поискать сообщения об ошибках на нашей странице поиска
-\m[blue]\fB\%http://insecure.org/search.html\fR\m[]
+\m[blue]\fB\%https://insecure.org/search.html\fR\m[]
 или в Google\&. Также попробуйте просмотреть
 nmap\-dev
 архивы на
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&.
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&.
 Также прочитайте полностью страницу руководства\&. Если ничего не помогло, отправьте сообщение об ошибке на
 <dev@nmap\&.org>\&. Пожалуйста, включите всю известную вам информацию об ошибке, какую версию Nmap вы используете, и на какой операционной системы вы запускаете Nmap\&. Сообщения о проблемах и вопросы по использованию Nmap отправленные на
 <dev@nmap\&.org>
@@ -2059,7 +2059,7 @@ nmap\-dev
 .PP
 Fyodor
 <fyodor@nmap\&.org>
-(\m[blue]\fB\%http://insecure.org\fR\m[])
+(\m[blue]\fB\%https://insecure.org\fR\m[])
 .PP
 На протяжении многих лет сотни людей внесли ценный вклад в разработку Nmap\&. Все изменения и улучшения подробно описаны в файле
 CHANGELOG, который распространяется вместе с Nmap, а также доступен на

docs/man-xlate/nmap-sk.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06. augusta 2021
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 12. apríla 2024
+.\"    Manual: Nmap - Referencna prirucka
+.\"    Source: Nmap
 .\"  Language: Slovak
 .\"
-.TH "NMAP" "1" "06. augusta 2021" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "12. apríla 2024" "Nmap" "Nmap \- Referencna prirucka"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -1466,7 +1466,7 @@ Vykona preklad domeny DNS, cim sa najdu hostitelske pocitace na adrese company\&
 .PP
 Tak ako autor, ani Nmap nie je dokonaly, no mate moznost pomoct pri jeho vylepsovani tym, ze zaslete spravu o bugoch alebo dokonca napisete patch\&. Ak sa Nmap nechova podla ocakavania, vykonajte najprv upgrade na najnovsiu verziu dostupnu z adresy
 \m[blue]\fB\%https://nmap.org/\fR\m[]\&. Ak problem pretrvava, preskumajte, ci uz nebol objaveny a adresovany\&. Vyskusajte pouzit google s vyrazom chybovej spravy alebo prehladajte archivy Nmap\-dev na adrese
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. Precitajte si aj tento plny manual\&. Ak nenajdete nic podobne, poslite mail o bugu na adresu
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. Precitajte si aj tento plny manual\&. Ak nenajdete nic podobne, poslite mail o bugu na adresu
 <dev@nmap\&.org>\&. Zahrnte vsetko, co ste sa dozvedeli o probleme spolu s verziou Nmapu a operacnym systemom\&. Spravy o problemoch a otazky na pouzivanie Nmapu budu ovela pravdepodobnejsie zodpovedane, ak budu odoslane na dev@nmap\&.org namiesto odosielania priamo Fyodorovi\&.
 .PP
 Patche s kodom na opravu bugov su este lepsie ako samotne spravy o bugoch\&. Zakladne instrukcie na tvorbu suborov patchov s vasimi zmenami su dostupne na

docs/man-xlate/nmap-zh.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "作者" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 2018-09-28
-.\"    Manual: [FIXME: manual]
-.\"    Source: [FIXME: source]
+.\"      Date: 2023-03-31
+.\"    Manual: Nmap参考指南
+.\"    Source: Nmap
 .\"  Language: Chinese
 .\"
-.TH "NMAP" "1" "2018-09-28" "[FIXME: source]" "[FIXME: manual]"
+.TH "NMAP" "1" "2023-03-31" "Nmap" "Nmap参考指南"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -139,7 +139,7 @@ PORT SPECIFICATION AND SCAN ORDER:
   \-p <port ranges>: Only scan specified ports
     Ex: \-p22; \-p1\-65535; \-p U:53,111,137,T:21\-25,80,139,8080
   \-F: Fast \- Scan only the ports listed in the nmap\-services file)
-  \-r: Scan ports consecutively \- don\*(Aqt randomize
+  \-r: Scan ports sequentially \- don\*(Aqt randomize
 SERVICE/VERSION DETECTION:
   \-sV: Probe open ports to determine service/version info
   \-\-version\-light: Limit to most likely probes for faster identification
@@ -151,8 +151,8 @@ OS DETECTION:
   \-\-osscan\-guess: Guess OS more aggressively
 TIMING AND PERFORMANCE:
   \-T[0\-6]: Set timing template (higher is faster)
-  \-\-min\-hostgroup/max\-hostgroup <msec>: Parallel host scan group sizes
-  \-\-min\-parallelism/max\-parallelism <msec>: Probe parallelization
+  \-\-min\-hostgroup/max\-hostgroup <size>: Parallel host scan group sizes
+  \-\-min\-parallelism/max\-parallelism <numprobes>: Probe parallelization
   \-\-min\-rtt\-timeout/max\-rtt\-timeout/initial\-rtt\-timeout <msec>: Specifies
       probe round trip time\&.
   \-\-host\-timeout <msec>: Give up on target after this long
@@ -676,7 +676,7 @@ Nmap开发的最高优先级是性能。在本地网络对一个主机的默认
 .PP
 改善扫描时间的技术有：忽略非关键的检测、升级最新版本的Nmap(性能增强不断改善)。 优化时间参数也会带来实质性的变化，这些参数如下。
 .PP
-\fB\-\-min\-hostgroup <milliseconds>\fR; \fB\-\-max\-hostgroup <milliseconds>\fR (调整并行扫描组的大小)
+\fB\-\-min\-hostgroup <size>\fR; \fB\-\-max\-hostgroup <size>\fR (调整并行扫描组的大小)
 .RS 4
 Nmap具有并行扫描多主机端口或版本的能力，Nmap将多个目标IP地址 空间分成组，然后在同一时间对一个组进行扫描。通常，大的组更有效。缺 点是只有当整个组扫描结束后才会提供主机的扫描结果。如果组的大小定义 为50，则只有当前50个主机扫描结束后才能得到报告(详细模式中的补充信息 除外)。
 .sp
@@ -687,7 +687,7 @@ Nmap具有并行扫描多主机端口或版本的能力，Nmap将多个目标IP
 这些选项的主要用途是说明一个最小组的大小，使得整个扫描更加快速。通常 选择256来扫描C类网段。对于端口数较多的扫描，超出该值没有意义。对于 端口数较少的扫描，2048或更大的组大小是有帮助的。
 .RE
 .PP
-\fB\-\-min\-parallelism <milliseconds>\fR; \fB\-\-max\-parallelism <milliseconds>\fR (调整探测报文的并行度)
+\fB\-\-min\-parallelism <numprobes>\fR; \fB\-\-max\-parallelism <numprobes>\fR (调整探测报文的并行度)
 .RS 4
 这些选项控制用于主机组的探测报文数量，可用于端口扫描和主机发现。默认状态下， Nmap基于网络性能计算一个理想的并行度，这个值经常改变。如果报文被丢弃， Nmap降低速度，探测报文数量减少。随着网络性能的改善，理想的探测报文数量会缓慢增加。 这些选项确定这个变量的大小范围。默认状态下，当网络不可靠时，理想的并行度值 可能为1，在好的条件下，可能会增长至几百。
 .sp
@@ -1070,7 +1070,7 @@ scanme3\&.nmap\&.org等等，虽然这些 主机目前还不存在。
 .SH "BUGS"
 .PP
 和作者一样，Nmap也不是完美的，但可以通过发送Bug报告甚至编写 补丁使其更加完善。如果Nmap不能满足要求，首先从\m[blue]\fB\%https://nmap.org/\fR\m[]
-升级最新版本。如果总问题仍然存在，需要进行调查以确定问题是否 已经被解决。在\m[blue]\fB\%http://seclists.org/\fR\m[]尝试搜索出错消息或 浏览Nmap\-dev档案，以及仔细阅读使用手册。如果问题还是不能解决，发送 Bug报告至<dev@nmap\&.org>。在报告中包含所有 有关问题的信息，以及所使用的Nmap版本、操作系统版本。问题报告以及 Nmap的使用问题发送给dev@nmap\&.org比直接发送给Gyodor能更好回答。
+升级最新版本。如果总问题仍然存在，需要进行调查以确定问题是否 已经被解决。在\m[blue]\fB\%https://seclists.org/\fR\m[]尝试搜索出错消息或 浏览Nmap\-dev档案，以及仔细阅读使用手册。如果问题还是不能解决，发送 Bug报告至<dev@nmap\&.org>。在报告中包含所有 有关问题的信息，以及所使用的Nmap版本、操作系统版本。问题报告以及 Nmap的使用问题发送给dev@nmap\&.org比直接发送给Gyodor能更好回答。
 .PP
 解决Bug的代码补丁比Bug报告更受欢迎，在\m[blue]\fB\%https://nmap.org/data/HACKING\fR\m[]
 可获得建立补丁文件的基本指令。补丁可发送给nmap\-dev(建议) 或直接发给Fyodor。

docs/nmap-install.xml

@@ -146,13 +146,13 @@ sub 2048g/D3C2241C 2005-04-24
 
 pub 1024D/6B9355D0 2005-04-24
     Key fingerprint = 436D 66AB 9A79 8425 FDA0 E3F8 01AF 9F03 6B93 55D0
-uid                Nmap Project Signing Key (http://insecure.org/)
+uid                Nmap Project Signing Key (https://insecure.org/)
 sub 2048g/A50A6A94 2005-04-24
 </screen></example>
 
 <para>For every Nmap package download file
 (e.g. <filename>nmap-4.76.tar.bz2</filename> and
-<filename>nmap-4.76-win32.zip</filename>), there is a corresponding
+<filename>nmap-4.76-setup.exe</filename>), there is a corresponding
 file in the <filename>sigs</filename> directory with <literal>.asc</literal> appended
 to the name (e.g. <filename>nmap-4.76.tar.bz2.asc</filename>).
 This is the detached signature file.</para>
@@ -481,7 +481,7 @@ If you make code changes to fix the problem, please send a patch
 <varlistentry><term>Ask Google and other Internet resources</term>
 <listitem><para>Try searching for the exact error message on Google or other search engines.  You might also want to browse recent activity on the Nmap development
 (<citetitle>nmap-dev</citetitle>)<indexterm><primary><citetitle>nmap-dev</citetitle> mailing list</primary></indexterm>
-list&mdash;archives and a search interface are available at <ulink url="http://seclists.org" />.</para></listitem></varlistentry>
+list&mdash;archives and a search interface are available at <ulink url="https://seclists.org" />.</para></listitem></varlistentry>
 
 <varlistentry><term>Ask <citetitle>nmap-dev</citetitle></term>
 <listitem><para>If none of your research leads to a solution, try
@@ -709,8 +709,8 @@ distributed for each major Nmap release.  We support Nmap on Windows 7
 and newer, as well as Windows Server 2008 and newer.  We also maintain
 a  <ulink
 url="https://secwiki.org/w/Nmap/Old_Windows_Releases">guide for users
-who must run Nmap on earlier Windows releases</ulink>.  While it has improved dramatically, the Windows port is not
-quite as efficient as on Unix.  Here are the known limitations:
+who must run Nmap on earlier Windows releases</ulink>.
+Nmap runs equally well on Windows as on Unix in nearly every way, though there are a couple of known limitations:
 </para>
 
 <indexterm><primary>Windows</primary><secondary>limitations of</secondary></indexterm>
@@ -740,15 +740,15 @@ packets.</para></listitem>
 <indexterm><primary>Windows</primary><secondary>performance of</secondary></indexterm>
 <para>Scan speeds on Windows are generally comparable to those on
 Unix, though the latter often has a slight performance edge.  One
-exception to this is connect scan (<option>-sT</option>), which is
-often much slower on Windows because of deficiencies in the Windows
-networking API.  This is a shame, since that is the one TCP scan that
-works over all networking types (not just ethernet, like the raw packet scans).
-Connect scan performance can be
-improved substantially by applying the Registry changes in the
-<filename>nmap_performance.reg</filename> file included with Nmap.  By default these changes are applied for you by the Nmap executable installer.  This registry file
-is in the <filename>nmap-<replaceable>version</replaceable></filename>
-directory of the Windows binary zip file, and
+example of this is connect scan (<option>-sT</option>), which may be
+slower on Windows because of different limits in the Windows
+networking API. Since this is the one TCP scan that
+works over all networking types (not just ethernet, like the raw packet scans),
+Nmap includes a collection of Registry changes that substantially improve connect scan performance.
+By default these changes are applied for you by the Nmap executable installer, and are also available in the
+<filename>nmap_performance.reg</filename> file
+in the <filename>nmap-<replaceable>version</replaceable></filename>
+directory of the Windows binary zip file (for <ulink url="https://nmap.org/oem/">Nmap OEM</ulink> customers), and
 <filename>nmap-<replaceable>version</replaceable>/mswin32</filename>
 in the source tarball (where <replaceable>version</replaceable> is the
 version number of the specific release).  These changes increase
@@ -798,20 +798,17 @@ command-line or through Zenmap.</para>
 <sect2 id="inst-win-zip"><title>Command-line Zip Binaries</title>
 <indexterm><primary>Windows</primary><secondary>zip binaries</secondary></indexterm>
 
-<note><para>Most users prefer installing Nmap with the self-installer discussed previously.</para></note>
+<note><para>The Zip archive is available to <ulink url="https://nmap.org/oem/">Nmap OEM</ulink> customers only. Most users prefer installing Nmap with the self-installer discussed previously.</para></note>
 
-<para>Every stable Nmap release comes with Windows
+<para>Every stable Nmap OEM release is also available as Windows
 command-line binaries and associated files in a Zip archive.  No
 graphical interface is included, so you need to run
-<literal>nmap.exe</literal> from a DOS/command window.  Or you can
-download and install a superior command shell such as those included
-with the free
-Cygwin<indexterm><primary>Cygwin</primary></indexterm>
-system available from <ulink url="https://www.cygwin.com" />.  Here are the step-by-step instructions for installing and executing the Nmap .zip binaries.</para>
+<literal>nmap.exe</literal> from a DOS/command window.
+Here are the step-by-step instructions for installing and executing the Nmap .zip binaries.</para>
 
 <sect3 id="inst-win-zip-install"><title>Installing the Nmap zip binaries</title>
 <orderedlist>
-<listitem><para>Download the .zip binaries from <ulink url="https://nmap.org/download.html" />.</para></listitem>
+<listitem><para>Download the .zip binaries from the link provided in your Nmap OEM order.</para></listitem>
 
 <listitem><para>Extract the zip file into the directory you want
 Nmap to reside in.  An example would be <filename>C:\Program
@@ -825,16 +822,16 @@ changes discussed previously.</para></listitem>
 
 <listitem><para>Nmap requires the free Npcap packet capture library.
 We include a recent Npcap installer which is available in the zip file
-as <filename>npcap-<replaceable>version</replaceable>.exe</filename>,
+as <filename>npcap-<replaceable>version</replaceable>-oem.exe</filename>,
 where <replaceable>version</replaceable> is the Npcap version rather
 than the Nmap version.  Alternatively, you can obtain and install
-the latest version from <ulink url="https://npcap.org" />.
+the latest version from <ulink url="https://npcap.com" />.
 </para></listitem>
 
 <listitem><para>Due to the way Nmap is compiled, it requires the
-<ulink role="hidepdf" url="https://aka.ms/vs/16/release/vc_redist.x86.exe">Microsoft Visual C++ Redistributable Package</ulink> of runtime
+<ulink role="hidepdf" url="https://aka.ms/vs/17/release/vc_redist.x86.exe">Microsoft Visual C++ Redistributable Package</ulink> of runtime
 components. Many systems already have this installed from other
-packages, but you should run <filename>VC_redist.x86.exe</filename>
+packages, but you should run <filename>vc_redist.x86.exe</filename>
 from the zip file just in case you need it.
 Pass the <option>/q</option> option to run these installers in quiet (non interactive) mode.</para></listitem>
 
@@ -900,11 +897,14 @@ failures.</para></listitem>
 
 <listitem><para>The executable and data files can be found in <filename>nmap-<replaceable>version</replaceable>/mswin32/Release/</filename>.  You can copy them to a preferred directory as long as they are all kept together.</para></listitem>
 
-<listitem><para>Ensure that you have Npcap installed.  You can obtain it by
-installing our binary self-installer or executing
-<filename>npcap-<replaceable>version</replaceable>.exe</filename> from
-our zip package.  Alternatively, you can obtain the official installer at
-<ulink url="https://npcap.org"/>.</para></listitem>
+<listitem><para>Ensure that you have Npcap installed.
+    The official installer for the latest version is available at <ulink
+      url="https://npcap.com/#download"/>. Users who install via
+    our binary self-installer will have Npcap installed automatically.
+    <ulink url="https://nmap.org/oem/">Nmap OEM</ulink> customers can also run
+    <filename>npcap-<replaceable>version</replaceable>.exe</filename> from
+    our zip package.
+</para></listitem>
 
 <listitem><para>Instructions for executing your compiled Nmap are
 given in the next section.</para></listitem>
@@ -937,20 +937,14 @@ detailed instructions for users who are unfamiliar with command-line
 interfaces:</para>
 
 <orderedlist>
-<listitem><para>Make sure the user you are logged in as has
-administrative privileges<indexterm><primary>privileged users</primary></indexterm>
-on the computer (user should be a member of the <literal>administrators</literal> group).</para></listitem>
-<listitem><para>Open a command/DOS Window.  Though it can be found in
-the program menu tree, the simplest approach is to choose <guimenu>Start</guimenu> 
--> <guimenuitem>Run</guimenuitem> and type <command>cmd&lt;enter&gt;</command>.  Opening a Cygwin window (if you installed it) by clicking on the Cygwin icon on the desktop works too, although the necessary commands differ slightly from those shown here.</para></listitem>
-<listitem><para>Change to the directory you installed Nmap into.  You can skip this step if Nmap is already in your command path (the Zenmap isntaller adds it there by default).  Otherwise, type the following commands.</para>
+<listitem><para>Open Terminal, PowerShell, or Command Prompt. If you are using MSYS2, Cygwin, or WSL,
+the necessary commands differ slightly from those shown here.</para></listitem>
+<listitem><para>Change to the directory you installed Nmap into.  You can skip this step if Nmap is already in your command path (the installer adds it there by default).  Otherwise, type the following commands.</para>
 <screen>
 <userinput>c:</userinput>
 <userinput>cd "\Program Files (x86)\Nmap"</userinput>
 </screen>
 
-<para>On Windows releases prior to Windows 7, specify <filename>\Program Files\Nmap</filename> instead. The directory will also be different if you chose to install Nmap in a non-default location.</para>
-
 </listitem>
 <listitem><para>Execute <command>nmap.exe</command>.  <xref linkend="fig-windows-cmdshell-exec" xrefstyle="select: label nopage" /> is a screen shot showing a simple example.</para>
 </listitem>
@@ -960,10 +954,10 @@ the program menu tree, the simplest approach is to choose <guimenu>Start</guimen
 <mediaobject>
   <imageobject>
 <web>
-    <imagedata fileref="images/nmap-windows-demo-669x326.png" format="PNG" contentwidth="669" contentdepth="326" />
+    <imagedata fileref="images/nmap-windows-demo-710x473.png" format="PNG" contentwidth="710" contentdepth="473" />
 </web>
 <print>
-    <imagedata fileref="images/nmap-windows-demo-669x326.png" format="PNG" scale="50" />
+    <imagedata fileref="images/nmap-windows-demo-710x473.png" format="PNG" scale="50" />
 </print>
   </imageobject>
 </mediaobject>

docs/nmap.1

@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 08/06/2021
+.\"      Date: 08/21/2025
 .\"    Manual: Nmap Reference Guide
 .\"    Source: Nmap
 .\"  Language: English
 .\"
-.TH "NMAP" "1" "08/06/2021" "Nmap" "Nmap Reference Guide"
+.TH "NMAP" "1" "08/21/2025" "Nmap" "Nmap Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -119,7 +119,7 @@ This options summary is printed when Nmap is run with no arguments, and the late
 .RS 4
 .\}
 .nf
-Nmap 7\&.92 ( https://nmap\&.org )
+Nmap 7\&.98SVN ( https://nmap\&.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc\&.
@@ -132,7 +132,7 @@ HOST DISCOVERY:
   \-sL: List Scan \- simply list targets to scan
   \-sn: Ping Scan \- disable port scan
   \-Pn: Treat all hosts as online \-\- skip host discovery
-  \-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
+  \-PS/PA/PU/PY[portlist]: TCP SYN, TCP ACK, UDP or SCTP discovery to given ports
   \-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
   \-PO[protocol list]: IP Protocol Ping
   \-n/\-R: Never do DNS resolution/Always resolve [default: sometimes]
@@ -153,7 +153,7 @@ PORT SPECIFICATION AND SCAN ORDER:
     Ex: \-p22; \-p1\-65535; \-p U:53,111,137,T:21\-25,80,139,8080,S:9
   \-\-exclude\-ports <port ranges>: Exclude the specified ports from scanning
   \-F: Fast mode \- Scan fewer ports than the default scan
-  \-r: Scan ports consecutively \- don\*(Aqt randomize
+  \-r: Scan ports sequentially \- don\*(Aqt randomize
   \-\-top\-ports <number>: Scan <number> most common ports
   \-\-port\-ratio <ratio>: Scan ports more common than <ratio>
 SERVICE/VERSION DETECTION:
@@ -335,6 +335,51 @@ The exclude file may contain comments that start with
 #
 and extend to the end of the line\&.
 .RE
+.PP
+\fB\-n\fR (No reverse DNS resolution)
+.RS 4
+
+Tells Nmap to
+\fInever\fR
+do reverse DNS resolution on the active IP addresses it finds\&. Since DNS can be slow even with Nmap\*(Aqs built\-in parallel stub resolver, this option can slash scanning times\&.
+.RE
+.PP
+\fB\-R\fR (Reverse DNS resolution for all targets)
+.RS 4
+Tells Nmap to
+\fIalways\fR
+do reverse DNS resolution on the target IP addresses\&. Normally reverse DNS is only performed against responsive (online) hosts\&.
+.RE
+.PP
+\fB\-\-resolve\-all\fR (Scan each resolved address)
+.RS 4
+If a hostname target resolves to more than one address, scan all of them\&. The default behavior is to only scan the first resolved address\&. Regardless, only addresses in the appropriate address family will be scanned: IPv4 by default, IPv6 with
+\fB\-6\fR\&.
+.RE
+.PP
+\fB\-\-unique\fR (Scan each address only once)
+.RS 4
+Scan each IP address only once\&. The default behavior is to scan each address as many times as it is specified in the target list, such as when network ranges overlap or different hostnames resolve to the same address\&.
+.RE
+.PP
+\fB\-\-system\-dns\fR (Use system DNS resolver)
+.RS 4
+By default, Nmap resolves names to IP addresses (and IP addresses to names) by sending queries directly to the name servers configured on your host and then listening for responses\&. Many requests (often dozens) are performed in parallel to improve performance\&. Specify this option to use your system resolver instead (one IP at a time via the
+\fBgetnameinfo\fR
+call)\&. This is slower and rarely useful unless you find a bug in the Nmap parallel resolver (please let us know if you do)\&.
+.RE
+.PP
+\fB\-\-dns\-servers \fR\fB\fIserver1\fR\fR\fB[,\fIserver2\fR[,\&.\&.\&.]]\fR\fB \fR (Servers to use for DNS queries)
+.RS 4
+By default, Nmap determines your DNS servers from your resolv\&.conf file (Unix) or the Registry (Win32)\&. Alternatively, you may use this option to specify alternate servers\&. This option is not honored if you are using
+\fB\-\-system\-dns\fR\&. Using multiple DNS servers is often faster, especially if you choose authoritative servers for your target IP space\&. This option can also improve stealth, as your requests can be bounced off just about any recursive DNS server on the Internet\&.
+.sp
+This option also comes in handy when scanning private networks\&. Sometimes only a few name servers provide proper DNS information, and you may not even know where they are\&. You can scan the network for port 53 (perhaps with version detection), then try Nmap list scans (\fB\-sL\fR) specifying each name server one at a time with
+\fB\-\-dns\-servers\fR
+until you find one which works\&.
+.sp
+This option might not be honored if the DNS response exceeds the size of a UDP packet\&. In such a situation our DNS resolver will make the best effort to extract a response from the truncated packet, and if not successful it will fall back to using the system resolver\&.
+.RE
 .SH "HOST DISCOVERY"
 .PP
 One of the very first steps in any network reconnaissance mission is to reduce a (sometimes huge) set of IP ranges into a list of active or interesting hosts\&. Scanning every port of every single IP address is slow and usually unnecessary\&. Of course what makes a host interesting depends greatly on the scan purposes\&. Network administrators may only be interested in hosts running a certain service, while security auditors may care about every single device with an IP address\&. An administrator may be comfortable using just an ICMP ping to locate hosts on his internal network, while an external penetration tester may use a diverse set of dozens of probes in an attempt to evade firewall restrictions\&.
@@ -488,9 +533,11 @@ and
 \fB\-PU \fR\fB\fIport list\fR\fR (UDP Ping)
 .RS 4
 Another host discovery option is the UDP ping, which sends a UDP packet to the given ports\&. For most ports, the packet will be empty, though some use a protocol\-specific payload that is more likely to elicit a response\&.
-The payload database is described at \m[blue]\fB\%https://nmap.org/book/nmap-payloads.html\fR\m[]\&.
 
-Packet content can also be affected with the
+The payloads are the same probes used in service and version detection and are defined in the
+nmap\-service\-probes
+
+file\&. Packet content can also be affected with the
 \fB\-\-data\fR,
 \fB\-\-data\-string\fR, and
 \fB\-\-data\-length\fR
@@ -602,46 +649,6 @@ Traceroutes are performed post\-scan using information from the scan results to
 .sp
 Traceroute works by sending packets with a low TTL (time\-to\-live) in an attempt to elicit ICMP Time Exceeded messages from intermediate hops between the scanner and the target host\&. Standard traceroute implementations start with a TTL of 1 and increment the TTL until the destination host is reached\&. Nmap\*(Aqs traceroute starts with a high TTL and then decrements the TTL until it reaches zero\&. Doing it backwards lets Nmap employ clever caching algorithms to speed up traces over multiple hosts\&. On average Nmap sends 5\(en10 fewer packets per host, depending on network conditions\&. If a single subnet is being scanned (i\&.e\&. 192\&.168\&.0\&.0/24) Nmap may only have to send two packets to most hosts\&.
 .RE
-.PP
-\fB\-n\fR (No DNS resolution)
-.RS 4
-
-Tells Nmap to
-\fInever\fR
-do reverse DNS resolution on the active IP addresses it finds\&. Since DNS can be slow even with Nmap\*(Aqs built\-in parallel stub resolver, this option can slash scanning times\&.
-.RE
-.PP
-\fB\-R\fR (DNS resolution for all targets)
-.RS 4
-Tells Nmap to
-\fIalways\fR
-do reverse DNS resolution on the target IP addresses\&. Normally reverse DNS is only performed against responsive (online) hosts\&.
-.RE
-.PP
-\fB\-\-resolve\-all\fR (Scan each resolved address)
-.RS 4
-If a hostname target resolves to more than one address, scan all of them\&. The default behavior is to only scan the first resolved address\&. Regardless, only addresses in the appropriate address family will be scanned: IPv4 by default, IPv6 with
-\fB\-6\fR\&.
-.RE
-.PP
-\fB\-\-system\-dns\fR (Use system DNS resolver)
-.RS 4
-By default, Nmap reverse\-resolves IP addresses by sending queries directly to the name servers configured on your host and then listening for responses\&. Many requests (often dozens) are performed in parallel to improve performance\&. Specify this option to use your system resolver instead (one IP at a time via the
-\fBgetnameinfo\fR
-call)\&. This is slower and rarely useful unless you find a bug in the Nmap parallel resolver (please let us know if you do)\&. The system resolver is always used for forward lookups (getting an IP address from a hostname)\&.
-.RE
-.PP
-\fB\-\-dns\-servers \fR\fB\fIserver1\fR\fR\fB[,\fIserver2\fR[,\&.\&.\&.]]\fR\fB \fR (Servers to use for reverse DNS queries)
-.RS 4
-By default, Nmap determines your DNS servers (for rDNS resolution) from your resolv\&.conf file (Unix) or the Registry (Win32)\&. Alternatively, you may use this option to specify alternate servers\&. This option is not honored if you are using
-\fB\-\-system\-dns\fR\&. Using multiple DNS servers is often faster, especially if you choose authoritative servers for your target IP space\&. This option can also improve stealth, as your requests can be bounced off just about any recursive DNS server on the Internet\&.
-.sp
-This option also comes in handy when scanning private networks\&. Sometimes only a few name servers provide proper rDNS information, and you may not even know where they are\&. You can scan the network for port 53 (perhaps with version detection), then try Nmap list scans (\fB\-sL\fR) specifying each name server one at a time with
-\fB\-\-dns\-servers\fR
-until you find one which works\&.
-.sp
-This option might not be honored if the DNS response exceeds the size of a UDP packet\&. In such a situation our DNS resolver will make the best effort to extract a response from the truncated packet, and if not successful it will fall back to using the system resolver\&. Also, responses that contain CNAME aliases will fall back to the system resolver\&.
-.RE
 .SH "PORT SCANNING BASICS"
 .PP
 While Nmap has grown in functionality over the years, it began as an efficient port scanner, and that remains its core function\&. The simple command
@@ -1241,6 +1248,10 @@ and is controlled by the following options:
 .RS 4
 Performs a script scan using the default set of scripts\&. It is equivalent to
 \fB\-\-script=default\fR\&. Some of the scripts in this category are considered intrusive and should not be run against a target network without permission\&.
+.sp
+Note that this shorthand option is ignored whenever at least one
+\fB\-\-script\fR
+is also specified\&.
 .RE
 .PP
 \fB\-\-script \fR\fB\fIfilename\fR\fR\fB|\fR\fB\fIcategory\fR\fR\fB|\fR\fB\fIdirectory\fR\fR\fB/|\fR\fB\fIexpression\fR\fR\fB[,\&.\&.\&.]\fR
@@ -1686,11 +1697,11 @@ are similar but they only wait 15 seconds and 0\&.4 seconds, respectively, betwe
 is Nmap\*(Aqs default behavior, which includes parallelization\&.
 \fB\-T4\fR
 does the equivalent of
-\fB\-\-max\-rtt\-timeout 1250ms \-\-min\-rtt\-timeout 100ms \-\-initial\-rtt\-timeout 500ms \-\-max\-retries 6\fR
+\fB \-\-max\-rtt\-timeout 1250ms \-\-min\-rtt\-timeout 100ms \-\-initial\-rtt\-timeout 500ms \-\-max\-retries 6 \fR
 and sets the maximum TCP and SCTP scan delay to 10ms\&.
 \fBT5\fR
 does the equivalent of
-\fB\-\-max\-rtt\-timeout 300ms \-\-min\-rtt\-timeout 50ms \-\-initial\-rtt\-timeout 250ms \-\-max\-retries 2 \-\-host\-timeout 15m \-\-script\-timeout 10m \-\-max\-scan\-delay\fR
+\fB \-\-max\-rtt\-timeout 300ms \-\-min\-rtt\-timeout 50ms \-\-initial\-rtt\-timeout 250ms \-\-max\-retries 2 \-\-host\-timeout 15m \-\-script\-timeout 10m \fR
 as well as setting the maximum TCP and SCTP scan delay to 5ms\&. Maximum UDP scan delay is not set by
 \fBT4\fR
 or
@@ -1833,12 +1844,12 @@ Normally Nmap sends minimalist packets containing only a header\&. So its TCP pa
 and IP protocols
 get a custom payload by default\&. This option tells Nmap to append the given number of random bytes to most of the packets it sends, and not to use any protocol\-specific payloads\&. (Use
 \fB\-\-data\-length 0\fR
-for no random or protocol\-specific payloads\&.
+for no random or protocol\-specific payloads\&.)
 OS detection (\fB\-O\fR) packets are not affected
 because accuracy there requires probe consistency, but most pinging and portscan packets support this\&. It slows things down a little, but can make a scan slightly less conspicuous\&.
 .RE
 .PP
-\fB\-\-ip\-options \fR\fB\fIS|R [route]|L [route]|T|U \&.\&.\&. \fR\fR\fB;\fR \fB\-\-ip\-options \fR\fB\fIhex string\fR\fR (Send packets with specified ip options)
+\fB\-\-ip\-options \fR\fB\fIR|S [route]|L [route]|T|U \&.\&.\&. \fR\fR\fB;\fR \fB\-\-ip\-options \fR\fB\fIhex string\fR\fR (Send packets with specified ip options)
 .RS 4
 The
 \m[blue]\fBIP protocol\fR\m[]\&\s-2\u[12]\d\s+2
@@ -1866,7 +1877,7 @@ followed by a space and then a space\-separated list of IP addresses\&.
 .sp
 If you wish to see the options in packets sent and received, specify
 \fB\-\-packet\-trace\fR\&. For more information and examples of using IP options with Nmap, see
-\m[blue]\fB\%http://seclists.org/nmap-dev/2006/q3/52\fR\m[]\&.
+\m[blue]\fB\%https://seclists.org/nmap-dev/2006/q3/52\fR\m[]\&.
 .RE
 .PP
 \fB\-\-ttl \fR\fB\fIvalue\fR\fR (Set IP time\-to\-live field)
@@ -2499,21 +2510,22 @@ file distributed with Nmap and also available from
 .SH "LEGAL NOTICES"
 .SS "Nmap Copyright and Licensing"
 .PP
-The Nmap Security Scanner is (C) 1996\(en2020 Insecure\&.Com LLC ("The Nmap Project")\&. Nmap is also a registered trademark of the Nmap Project\&. It is published under the
-\m[blue]\fBNmap Public Source License\fR\m[]\&\s-2\u[18]\d\s+2\&. This generally allows end users to download and use Nmap for free\&. It doesn\*(Aqt not allow Nmap to be used and redistributed within commercial software or hardware products (including appliances, virtual machines, and traditional applications)\&. We fund the project by selling a special Nmap OEM Edition for this purpose, as described at
+The Nmap Security Scanner is (C) 1996\(en2022 Nmap Software LLC ("The Nmap Project")\&. Nmap is also a registered trademark of the Nmap Project\&. It is published under the
+\m[blue]\fBNmap Public Source License\fR\m[]\&\s-2\u[18]\d\s+2\&. This generally allows end users to download and use Nmap for free\&. It doesn\*(Aqt allow Nmap to be used and redistributed within commercial software or hardware products (including appliances, virtual machines, and traditional applications)\&. We fund the project by selling a special Nmap OEM Edition for this purpose, as described at
 \m[blue]\fB\%https://nmap.org/oem\fR\m[]\&. Hundreds of large and small software vendors have already purchased OEM licenses to embed Nmap technology such as host discovery, port scanning, OS detection, version detection, and the Nmap Scripting Engine within their products\&.
 .PP
 The Nmap Project has permission to redistribute Npcap, a packet capturing driver and library for the Microsoft Windows platform\&. Npcap is a separate work with it\*(Aqs own license rather than this Nmap license\&. Since the Npcap license does not permit redistribution without special permission, our Nmap Windows binary packages which contain Npcap may not be redistributed without special permission\&.
 .PP
 Even though the NPSL is based on GPLv2, it contains different provisions and is not directly compatible\&. It is incompatible with some other open source licenses as well\&. In some cases we can relicense portions of Nmap or grant special permissions to use it in other open source software\&. Please contact fyodor@nmap\&.org with any such requests\&. Similarly, we don\*(Aqt incorporate incompatible open source software into Nmap without special permission from the copyright holders\&.
 .PP
-If you have received a written license agreement or contract for Nmap stating terms other than these, you may choose to use and redistribute Nmap under those terms instead\&.
+If you have received a written license agreement or contract for Nmap (such as an
+\m[blue]\fBNmap OEM license\fR\m[]\&\s-2\u[19]\d\s+2) stating terms other than these, you may choose to use and redistribute Nmap under those terms instead\&.
 .SS "Creative Commons License for this Nmap Guide"
 .PP
 This
 Nmap Reference Guide
-is (C) 2005\(en2020 Insecure\&.Com LLC\&. It is hereby placed under version 3\&.0 of the
-\m[blue]\fBCreative Commons Attribution License\fR\m[]\&\s-2\u[19]\d\s+2\&. This allows you redistribute and modify the work as you desire, as long as you credit the original source\&. Alternatively, you may choose to treat this document as falling under the same license as Nmap itself (discussed previously)\&.
+is (C) 2005\(en2022 Nmap Software LLC\&. It is hereby placed under version 3\&.0 of the
+\m[blue]\fBCreative Commons Attribution License\fR\m[]\&\s-2\u[20]\d\s+2\&. This allows you redistribute and modify the work as you desire, as long as you credit the original source\&. Alternatively, you may choose to treat this document as falling under the same license as Nmap itself (discussed previously)\&.
 .SS "Source Code Availability and Community Contributions"
 .PP
 Source is provided to this software because we believe users have a right to know exactly what a program is going to do before they run it\&. This also allows you to audit the software for security holes\&.
@@ -2521,7 +2533,7 @@ Source is provided to this software because we believe users have a right to kno
 Source code also allows you to port Nmap to new platforms, fix bugs, and add new features\&. You are highly encouraged to submit your changes as Github Pull Requests (PR) or send them to
 <dev@nmap\&.org>
 for possible incorporation into the main distribution\&. By submitting such changes, it is assumed that you are offering the Nmap Project the unlimited, non\-exclusive right to reuse, modify, and relicense the code\&. This is important because the inability to relicense code has caused devastating problems for other Free Software projects (such as KDE and NASM)\&. We also sell commercial licenses to
-\m[blue]\fBNmap OEM\fR\m[]\&\s-2\u[20]\d\s+2\&. If you wish to specify special license conditions of your contributions, just say so when you send them\&.
+\m[blue]\fBNmap OEM\fR\m[]\&\s-2\u[21]\d\s+2\&. If you wish to specify special license conditions of your contributions, just say so when you send them\&.
 .SS "No Warranty"
 .PP
 This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&.
@@ -2541,20 +2553,20 @@ Nmap is not designed, manufactured, or intended for use in hazardous environment
 .SS "Third\-Party Software and Funding Notices"
 .PP
 This product includes software developed by the
-\m[blue]\fBApache Software Foundation\fR\m[]\&\s-2\u[21]\d\s+2\&. A modified version of the
-\m[blue]\fBLibpcap portable packet capture library\fR\m[]\&\s-2\u[22]\d\s+2
+\m[blue]\fBApache Software Foundation\fR\m[]\&\s-2\u[22]\d\s+2\&. A modified version of the
+\m[blue]\fBLibpcap portable packet capture library\fR\m[]\&\s-2\u[23]\d\s+2
 is distributed along with Nmap\&. The Windows version of Nmap utilizes the Libpcap\-derived
-\m[blue]\fBNcap library\fR\m[]\&\s-2\u[23]\d\s+2
+\m[blue]\fBNcap library\fR\m[]\&\s-2\u[24]\d\s+2
 instead\&. Regular expression support is provided by the
-\m[blue]\fBPCRE library\fR\m[]\&\s-2\u[24]\d\s+2,
+\m[blue]\fBPCRE library\fR\m[]\&\s-2\u[25]\d\s+2,
 which is open\-source software, written by Philip Hazel\&.
 Certain raw networking functions use the
-\m[blue]\fBLibdnet\fR\m[]\&\s-2\u[25]\d\s+2
+\m[blue]\fBLibdnet\fR\m[]\&\s-2\u[26]\d\s+2
 networking library, which was written by Dug Song\&.
 A modified version is distributed with Nmap\&. Nmap can optionally link with the
-\m[blue]\fBOpenSSL cryptography toolkit\fR\m[]\&\s-2\u[26]\d\s+2
+\m[blue]\fBOpenSSL cryptography toolkit\fR\m[]\&\s-2\u[27]\d\s+2
 for SSL version detection support\&. The Nmap Scripting Engine uses an embedded version of the
-\m[blue]\fBLua programming language\fR\m[]\&\s-2\u[27]\d\s+2\&.
+\m[blue]\fBLua programming language\fR\m[]\&\s-2\u[10]\d\s+2\&.
 The
 \m[blue]\fBLiblinear linear classification library\fR\m[]\&\s-2\u[28]\d\s+2
 is used for our
@@ -2630,12 +2642,12 @@ RFC 1323
 .IP "10." 4
 Lua programming language
 .RS 4
-\%http://lua.org
+\%https://lua.org
 .RE
 .IP "11." 4
 precedence
 .RS 4
-\%http://www.lua.org/manual/5.1/manual.html#2.5.3
+\%http://www.lua.org/manual/5.4/manual.html#3.4.8
 .RE
 .IP "12." 4
 IP protocol
@@ -2673,50 +2685,50 @@ Nmap Public Source License
 \%https://nmap.org/npsl
 .RE
 .IP "19." 4
+Nmap OEM license
+.RS 4
+\%https://nmap.org/oem/
+.RE
+.IP "20." 4
 Creative Commons Attribution License
 .RS 4
 \%http://creativecommons.org/licenses/by/3.0/
 .RE
-.IP "20." 4
+.IP "21." 4
 Nmap OEM
 .RS 4
 \%https://nmap.org/oem
 .RE
-.IP "21." 4
+.IP "22." 4
 Apache Software Foundation
 .RS 4
 \%https://www.apache.org
 .RE
-.IP "22." 4
+.IP "23." 4
 Libpcap portable packet capture library
 .RS 4
 \%https://www.tcpdump.org
 .RE
-.IP "23." 4
+.IP "24." 4
 Ncap library
 .RS 4
-\%https://npcap.org
+\%https://npcap.com
 .RE
-.IP "24." 4
+.IP "25." 4
 PCRE library
 .RS 4
 \%https://pcre.org
 .RE
-.IP "25." 4
+.IP "26." 4
 Libdnet
 .RS 4
 \%http://libdnet.sourceforge.net
 .RE
-.IP "26." 4
+.IP "27." 4
 OpenSSL cryptography toolkit
 .RS 4
 \%https://openssl.org
 .RE
-.IP "27." 4
-Lua programming language
-.RS 4
-\%https://lua.org
-.RE
 .IP "28." 4
 Liblinear linear classification library
 .RS 4

docs/nmap.dtd

@@ -21,7 +21,7 @@
     specify "one each of this list of elements, in any order".  If there
     is a construct similar to SGML's '&' operator, please let me know.
 
-    Portions Copyright (c) 2001-2021 Nmap Software LLC
+    Portions Copyright (c) 2001-2022 Nmap Software LLC
     Portions Copyright (c) 2001 by Cisco systems, Inc.
  
     Permission to use, copy, modify, and distribute modified and
@@ -124,8 +124,8 @@
 			task		CDATA		#REQUIRED
 			time		%attr_numeric;	#REQUIRED
 			percent		%attr_percent;	#REQUIRED
-			remaining	%attr_numeric;	#REQUIRED
-			etc		%attr_numeric;	#REQUIRED
+			remaining	%attr_numeric;	#IMPLIED
+			etc		%attr_numeric;	#IMPLIED
 >
 
 <!-- this element is written in timing.c:beginOrEndTask() -->

docs/nmap.usage.txt

@@ -1,4 +1,4 @@
-Nmap 7.92SVN ( https://nmap.org )
+Nmap 7.98SVN ( https://nmap.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc.
@@ -11,7 +11,7 @@ HOST DISCOVERY:
   -sL: List Scan - simply list targets to scan
   -sn: Ping Scan - disable port scan
   -Pn: Treat all hosts as online -- skip host discovery
-  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
+  -PS/PA/PU/PY[portlist]: TCP SYN, TCP ACK, UDP or SCTP discovery to given ports
   -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
   -PO[protocol list]: IP Protocol Ping
   -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
@@ -32,7 +32,7 @@ PORT SPECIFICATION AND SCAN ORDER:
     Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
   --exclude-ports <port ranges>: Exclude the specified ports from scanning
   -F: Fast mode - Scan fewer ports than the default scan
-  -r: Scan ports consecutively - don't randomize
+  -r: Scan ports sequentially - don't randomize
   --top-ports <number>: Scan <number> most common ports
   --port-ratio <ratio>: Scan ports more common than <ratio>
 SERVICE/VERSION DETECTION:

docs/refguide.xml

@@ -330,7 +330,7 @@ you would expect.</para>
 
       <varlistentry>
         <term>
-          <option>-n</option> (No DNS resolution)
+          <option>-n</option> (No reverse DNS resolution)
           <indexterm><primary><option>-n</option></primary></indexterm>
         </term>
         <listitem>
@@ -345,7 +345,7 @@ you would expect.</para>
 
       <varlistentry>
         <term>
-          <option>-R</option> (DNS resolution for all targets)
+          <option>-R</option> (Reverse DNS resolution for all targets)
           <indexterm><primary><option>-R</option></primary></indexterm>
         </term>
         <listitem>
@@ -392,15 +392,14 @@ you would expect.</para>
         </term>
         <listitem>
 
-          <para>By default, Nmap reverse-resolves IP addresses by sending
+          <para>By default, Nmap resolves names to IP addresses (and IP addresses to names) by sending
           queries directly to the name servers configured on your host
-          and then listening for responses.  Many requests (often
+          and then listening for responses. Many requests (often
           dozens) are performed in parallel to improve performance.
           Specify this option to use your system resolver instead (one
           IP at a time via the <function>getnameinfo</function> call).  This is slower
           and rarely useful unless you find a bug in the Nmap parallel
-          resolver (please let us know if you do).  The system
-          resolver is always used for forward lookups (getting an IP address from a hostname).
+          resolver (please let us know if you do).
           </para>
         </listitem>
       </varlistentry>
@@ -408,13 +407,13 @@ you would expect.</para>
       <varlistentry>
         <term>
           <option>--dns-servers <replaceable>server1</replaceable><optional>,<replaceable>server2</replaceable><optional>,...</optional></optional>
-          </option> (Servers to use for reverse DNS queries)
+          </option> (Servers to use for DNS queries)
           <indexterm significance="preferred"><primary><option>--dns-servers</option></primary></indexterm>
         </term>
         <listitem>
 
           <para>By default, Nmap determines your DNS servers
-          (for rDNS resolution) from your resolv.conf file (Unix) or
+          from your resolv.conf file (Unix) or
           the Registry (Win32).  Alternatively, you may use this
           option to specify alternate servers.  This option is not
           honored if you are using <option>--system-dns</option>.
@@ -426,7 +425,7 @@ you would expect.</para>
 
           <para>This option also comes in handy when scanning private
           networks.  Sometimes only a few name servers provide
-          proper rDNS information, and you may not even know where
+          proper DNS information, and you may not even know where
           they are.  You can scan the network for port 53 (perhaps
           with version detection), then try Nmap list scans
           (<option>-sL</option>) specifying each name server one at a
@@ -437,8 +436,8 @@ you would expect.</para>
           exceeds the size of a UDP packet. In such a situation our DNS
           resolver will make the best effort to extract a response from the
           truncated packet, and if not successful it will fall back to
-          using the system resolver. Also, responses that contain CNAME aliases
-          will fall back to the system resolver.</para>
+          using the system resolver.
+          </para>
 
         </listitem>
       </varlistentry>
@@ -776,12 +775,14 @@ you would expect.</para>
           packet will be empty, though some use a protocol-specific
           payload that is more likely to elicit a
           response.
-<man>The payload database is described at <ulink url="https://nmap.org/book/nmap-payloads.html" />.</man>
-<notman>See <xref linkend="nmap-payloads"/> for a description of the database of payloads.</notman>
-<indexterm><primary>protocol-specific
-payloads</primary><secondary>UDP</secondary></indexterm>Packet
-content can also be affected with the <option>--data</option>,
-<option>--data-string</option>, and <option>--data-length</option> options.</para>
+          <indexterm><primary>protocol-specific payloads</primary><secondary>UDP</secondary></indexterm>
+          The payloads are the same probes used in service and version
+          detection and are defined in the
+          <filename>nmap-service-probes</filename>
+          <indexterm><primary><filename>nmap-service-probes</filename></primary></indexterm>
+          file.  Packet content can also be affected with the
+          <option>--data</option>, <option>--data-string</option>, and
+          <option>--data-length</option> options.</para>
 
           <para>The port list
           takes the same format as with the previously discussed
@@ -2255,7 +2256,7 @@ way.</para>
 
     <para>The Nmap Scripting Engine (NSE) is one of Nmap's most
     powerful and flexible features.  It allows users to write (and
-    share) simple scripts (using the <ulink url="http://lua.org">Lua programming language</ulink>
+    share) simple scripts (using the <ulink url="https://lua.org">Lua programming language</ulink>
     <indexterm><primary>Lua programming language</primary></indexterm>
     ) to automate a wide variety of
     networking tasks.  Those scripts are executed in parallel with the
@@ -2309,10 +2310,14 @@ way.</para>
 
         <listitem>
 
-          <para>Performs a script scan using the default set of scripts. It is 
-		  equivalent to <option>--script=default</option>. Some of the
-		  scripts in this category are considered intrusive and should
-		  not be run against a target network without permission. </para>
+	<para>Performs a script scan using the default set of scripts. It is
+	equivalent to <option>--script=default</option>. Some of the scripts
+	in this category are considered intrusive and should not be run against
+	a target network without permission.</para>
+
+	<para>Note that this shorthand option is ignored whenever at least one
+	<option>--script</option> is also specified.</para>
+
         </listitem>
       </varlistentry>
 
@@ -2408,7 +2413,7 @@ which lists the category or categories in which each script belongs.</para>
       <literal>and</literal>, <literal>or</literal>, and
       <literal>not</literal> operators to build Boolean expressions. The
       operators have the same
-      <ulink role="hidepdf" url="http://www.lua.org/manual/5.1/manual.html#2.5.3">precedence</ulink>
+      <ulink role="hidepdf" url="http://www.lua.org/manual/5.4/manual.html#3.4.8">precedence</ulink>
       as in Lua: <literal>not</literal> is the highest, followed by
       <literal>and</literal> and then <literal>or</literal>. You can
       alter precedence by using parentheses. Because expressions contain
@@ -2475,9 +2480,20 @@ escapes a quote. A backslash is only used to escape quotation marks in this
 special case; in all other cases a backslash is interpreted literally. Values
 may also be tables enclosed in <literal>{}</literal>, just as in Lua. A table
 may contain simple string values or more name-value pairs, including nested
-tables.  Many scripts qualify their arguments with the script name, as in <literal>xmpp-info.server_name</literal>.  You may use that full qualified version to affect just the specified script, or you may pass the unqualified version (<literal>server_name</literal> in this case) to affect all scripts using that argument name.  A script will first check for its fully qualified argument name (the name specified in its documentation) before it accepts an unqualified argument name.  A complex example of script arguments is
-<option>--script-args 'user=foo,pass=",{}=bar",whois={whodb=nofollow+ripe},xmpp-info.server_name=localhost'</option>.  The online NSE Documentation Portal at <ulink url="https://nmap.org/nsedoc/"/>
-lists the arguments that each script accepts.
+tables.  A complex example of script arguments is
+<option>--script-args 'user=foo,pass=",{}=bar",whois={whodb=nofollow+ripe},xmpp-info.server_name=localhost'</option>.
+Many scripts qualify their arguments with the script name, as in
+<literal>xmpp-info.server_name</literal>.  A script will first check for its
+fully qualified argument name (the name specified in its documentation) before
+it accepts an unqualified argument name (<literal>server_name</literal> in this
+case).  Some arguments are not specific to one script. They typically effect
+behavior of a library and therefore potentially all the scripts that use the
+library.  (One such example is <literal>http.useragent</literal>, which sets
+the default HTTP User-Agent header for every web request, regardless which
+script sends it.)  It is not possible for the exact same argument to be given
+different values for diferent scripts.  The online NSE Documentation Portal at
+<ulink url="https://nmap.org/nsedoc/"/> lists the arguments that each script
+accepts.
 </para>
 </listitem>
 </varlistentry>
@@ -3092,12 +3108,22 @@ between sending each probe.  <option>T1</option> and
 seconds, respectively, between probes.  <option>T3</option><indexterm><primary><literal>normal</literal> (<option>-T3</option>) timing template</primary></indexterm> is Nmap's
 default behavior, which includes parallelization.
 <option>-T4</option>
-does the equivalent of <option>--max-rtt-timeout 1250ms --min-rtt-timeout 100ms
---initial-rtt-timeout 500ms --max-retries 6</option> and sets the maximum TCP and SCTP scan delay
+does the equivalent of <option>
+  --max-rtt-timeout 1250ms
+  --min-rtt-timeout 100ms
+  --initial-rtt-timeout 500ms
+  --max-retries 6
+</option> and sets the maximum TCP and SCTP scan delay
 to 10ms.  <option>T5</option>
 does the equivalent of
-<option>--max-rtt-timeout 300ms --min-rtt-timeout 50ms
---initial-rtt-timeout 250ms --max-retries 2 --host-timeout 15m --script-timeout 10m --max-scan-delay</option> as well as
+<option>
+  --max-rtt-timeout 300ms
+  --min-rtt-timeout 50ms
+  --initial-rtt-timeout 250ms
+  --max-retries 2
+  --host-timeout 15m
+  --script-timeout 10m
+</option> as well as
 setting the maximum TCP and SCTP scan delay to 5ms.
 Maximum UDP scan delay is not set by <option>T4</option> or <option>T5</option>, but it can be set with the <option>--max-scan-delay</option> option.
 </para>
@@ -3448,7 +3474,7 @@ work properly.</para>
           most of the packets it sends, and not to use any
           protocol-specific payloads. (Use <option>--data-length 0</option>
           for no random or protocol-specific
-          payloads.<indexterm><primary>protocol-specific payloads</primary><secondary>disabling with <option>--data-length</option></secondary></indexterm>
+          payloads.)<indexterm><primary>protocol-specific payloads</primary><secondary>disabling with <option>--data-length</option></secondary></indexterm>
           OS detection (<option>-O</option>) packets
           are not affected<indexterm><primary><option>--data-length</option></primary><secondary>no effect in OS detection</secondary></indexterm>
           because accuracy there requires probe consistency, but most pinging and portscan packets
@@ -3459,7 +3485,7 @@ work properly.</para>
 
       <varlistentry>
       <term>
-      <option>--ip-options <replaceable>S|R [route]|L [route]|T|U ... </replaceable>;</option>
+      <option>--ip-options <replaceable>R|S [route]|L [route]|T|U ... </replaceable>;</option>
       <option>--ip-options <replaceable>hex string</replaceable></option>  (Send packets with specified ip options)
       <indexterm><primary><option>--ip-options</option></primary></indexterm>
       <indexterm><primary>IP options</primary></indexterm>
@@ -3503,7 +3529,7 @@ work properly.</para>
       <para>If you wish to see the options in packets sent and
       received, specify <option>--packet-trace</option>.  For more
       information and examples of using IP options with Nmap, see
-      <ulink url="http://seclists.org/nmap-dev/2006/q3/52"/>.
+      <ulink url="https://seclists.org/nmap-dev/2006/q3/52"/>.
       </para>
 
       </listitem>

docs/scripting.xml

@@ -56,7 +56,7 @@
           <para>When a new vulnerability is discovered, you often want
        to scan your networks quickly to identify vulnerable systems
        before the bad guys do.  While Nmap isn't a
-       comprehensive <ulink role="hidepdf" url="http://sectools.org/vuln-scanners.html">vulnerability scanner</ulink>,
+       comprehensive <ulink role="hidepdf" url="https://sectools.org/vuln-scanners.html">vulnerability scanner</ulink>,
        NSE is powerful enough to handle even demanding vulnerability
        checks. When the Heartbleed bug affected hundreds of thousands of
        systems worldwide, Nmap's developers responded with the
@@ -104,7 +104,7 @@
     <para>
       Scripts are written in the
       embedded
-      <ulink url="http://www.lua.org/">Lua programming language</ulink>, version 5.3.<indexterm><primary>Lua programming language</primary><seealso>Nmap Scripting Engine</seealso></indexterm>
+      <ulink url="https://lua.org/">Lua programming language</ulink>, version 5.4.<indexterm><primary>Lua programming language</primary><seealso>Nmap Scripting Engine</seealso></indexterm>
       The language itself is well documented in the books
 <web>
       <citetitle><ulink url="http://www.amazon.com/dp/8590379868?tag=secbks-20">Programming
@@ -117,10 +117,10 @@
       <citetitle>Lua 5.2 Reference Manual</citetitle>.
 </print>
 
-The reference manual, updated for Lua 5.3, is also
-      <ulink url="http://www.lua.org/manual/5.3/">freely available
+The reference manual, updated for Lua 5.4, is also
+      <ulink url="https://lua.org/manual/5.4/">freely available
         online</ulink>, as is the
-      <ulink url="http://www.lua.org/pil/">first edition of <citetitle>Programming in
+      <ulink url="https://lua.org/pil/">first edition of <citetitle>Programming in
   Lua</citetitle></ulink>. Given the availability of these excellent general
       Lua programming references, this document only covers aspects and
       extensions specific to Nmap's scripting engine.
@@ -248,7 +248,7 @@ Black Hat Briefings in 2010.</para>
      <variablelist>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-auth">
             <indexterm><primary sortas="auth script category">&ldquo;<literal>auth</literal>&rdquo; script category</primary></indexterm>
             <option>auth</option>
           </term>
@@ -258,7 +258,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-broadcast">
             <indexterm><primary sortas="broadcast script category">&ldquo;<literal>broadcast</literal>&rdquo; script category</primary></indexterm>
             <option>broadcast</option>
           </term>
@@ -273,7 +273,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-brute">
             <indexterm><primary sortas="brute script category">&ldquo;<literal>brute</literal>&rdquo; script category</primary></indexterm>
             <option>brute</option>
           </term>
@@ -283,7 +283,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-default">
             <indexterm><primary sortas="default script category">&ldquo;<literal>default</literal>&rdquo; script category</primary></indexterm>
             <option>default</option>
           </term>
@@ -350,7 +350,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-discovery">
             <indexterm><primary sortas="discovery script category">&ldquo;<literal>discovery</literal>&rdquo; script category</primary></indexterm>
             <option>discovery</option>
           </term>
@@ -362,7 +362,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-dos">
             <indexterm><primary sortas="dos script category">&ldquo;<literal>dos</literal>&rdquo; script category</primary></indexterm>
             <option>dos</option>
           </term>
@@ -378,7 +378,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-exploit">
             <indexterm><primary sortas="exploit script category">&ldquo;<literal>exploit</literal>&rdquo; script category</primary></indexterm>
             <option>exploit</option>
           </term>
@@ -388,7 +388,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-external">
             <indexterm><primary sortas="external script category">&ldquo;<literal>external</literal>&rdquo; script category</primary></indexterm>
             <option>external</option>
           </term>
@@ -409,7 +409,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-fuzzer">
             <indexterm><primary sortas="fuzzer script category">&ldquo;<literal>fuzzer</literal>&rdquo; script category</primary></indexterm>
             <option>fuzzer</option>
           </term>
@@ -420,7 +420,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-intrusive">
             <indexterm><primary sortas="intrusive script category">&ldquo;<literal>intrusive</literal>&rdquo; script category</primary></indexterm>
             <option>intrusive</option>
           </term>
@@ -444,7 +444,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-malware">
             <indexterm><primary sortas="malware script category">&ldquo;<literal>malware</literal>&rdquo; script category</primary></indexterm>
             <option>malware</option>
           </term>
@@ -456,7 +456,7 @@ Black Hat Briefings in 2010.</para>
 
 
         <varlistentry>
-          <term>
+          <term id="nse-category-safe">
             <indexterm><primary sortas="safe script category">&ldquo;<literal>safe</literal>&rdquo; script category</primary></indexterm>
             <option>safe</option>
           </term>
@@ -476,7 +476,7 @@ Black Hat Briefings in 2010.</para>
         </varlistentry>
 
         <varlistentry>
-          <term>
+          <term id="nse-category-version">
             <indexterm><primary sortas="version script category">&ldquo;<literal>version</literal>&rdquo; script category</primary></indexterm>
             <indexterm><primary>version detection</primary><seealso>&ldquo;<literal>version</literal>&rdquo; script category</seealso></indexterm>
             <option>version</option>
@@ -498,7 +498,7 @@ Black Hat Briefings in 2010.</para>
 
 
         <varlistentry>
-          <term>
+          <term id="nse-category-vuln">
             <indexterm><primary sortas="vuln script category">&ldquo;<literal>vuln</literal>&rdquo; script category</primary></indexterm>
             <option>vuln</option>
           </term>
@@ -911,7 +911,7 @@ https://nmap.org/nsedoc/scripts/afp-showmount.html
       <literal>and</literal>, <literal>or</literal>, and
       <literal>not</literal> operators to build Boolean expressions. The
       operators have the same
-      <ulink role="hidepdf" url="http://www.lua.org/manual/5.3/manual.html#3.4.8">precedence</ulink>
+      <ulink role="hidepdf" url="https://lua.org/manual/5.4/manual.html#3.4.8">precedence</ulink>
       as in Lua: <literal>not</literal> is the highest, followed by
       <literal>and</literal> and then <literal>or</literal>. You can
       alter precedence by using parentheses. Because expressions contain
@@ -1412,7 +1412,7 @@ details of how different return values are handled.
       <para>
 
 	The Nmap scripting language is an embedded <ulink
-	url="http://www.lua.org/">Lua</ulink> interpreter which is
+	url="https://lua.org/">Lua</ulink> interpreter which is
 	extended with libraries for interfacing with Nmap.  The Nmap
 	API is in the Lua namespace <literal>nmap</literal>.  This
 	means that all calls to resources provided by Nmap have an
@@ -1488,7 +1488,7 @@ details of how different return values are handled.
       script writing more powerful and convenient. These libraries (sometimes called modules) are compiled if necessary and installed along with 
 	  Nmap. They have their own directory, <filename>nselib</filename>, which
 	  is installed in the configured Nmap data directory. Scripts need only 
-      <ulink url="http://www.lua.org/manual/5.2/manual.html#pdf-require"><literal>require</literal></ulink> the default libraries in order to use them.
+      <ulink url="https://lua.org/manual/5.4/manual.html#pdf-require"><literal>require</literal></ulink> the default libraries in order to use them.
 	  </para>
 
       <sect2 id="nse-library-list">
@@ -1543,7 +1543,7 @@ details of how different return values are handled.
       <print><citetitle>Programming in Lua, Second Edition</citetitle>,</print>
       so this is a short summary. C modules consist of functions that
       follow the protocol of the
-      <ulink url="http://www.lua.org/manual/5.2/manual.html#lua_CFunction"><type>lua_CFunction</type></ulink>
+      <ulink url="https://lua.org/manual/5.4/manual.html#lua_CFunction"><type>lua_CFunction</type></ulink>
       type. The functions are registered with Lua and assembled into a
       library by calling the
       <function>luaL_newlib</function><indexterm><primary><function>luaL_newlib</function></primary></indexterm>
@@ -3297,7 +3297,7 @@ mutexfn = nmap.mutex(object)
         The <literal>mutexfn</literal> returned is a function which works as a
         mutex for the <literal>object</literal> passed in.  This object can be
         any <ulink role="hidepdf"
-        url="http://www.lua.org/manual/5.2/manual.html#2.1">Lua data
+        url="https://lua.org/manual/5.4/manual.html#2.1">Lua data
         type</ulink> except <literal>nil</literal>,
         Boolean, and number.  The
         returned function allows you to lock, try to lock, and release the
@@ -3423,7 +3423,7 @@ end
         <literal>condvarfn</literal> returned is a function which works as a
         condition variable for the <literal>object</literal> passed in. This
         object can be any <ulink role="hidepdf"
-        url="http://www.lua.org/manual/5.2/manual.html#2.1">Lua data
+        url="https://lua.org/manual/5.4/manual.html#2.1">Lua data
         type</ulink> except <literal>nil</literal>,
         Boolean, and number.  The
         returned function allows you to wait, signal, and broadcast on the
@@ -3503,7 +3503,7 @@ end
         independent execution stack that can be yielded and resumed.
         The standard <literal>coroutine</literal> table provides access to the
         creation and manipulation of coroutines.      Lua's online first
-        edition of <ulink url="http://www.lua.org/pil/"><citetitle>Programming in
+        edition of <ulink url="https://lua.org/pil/"><citetitle>Programming in
         Lua</citetitle></ulink> contains an excellent introduction to
         coroutines. What follows is an overview of the
         use of coroutines here for completeness, but this is no replacement for
@@ -3847,7 +3847,7 @@ end
       It then loads the standard Lua libraries and compiled NSE libraries.
       The standard Lua libraries are
       documented in the <ulink
-      url="http://www.lua.org/manual/5.2/manual.html">Lua Reference
+      url="https://lua.org/manual/5.4/manual.html">Lua Reference
       Manual</ulink>. The standard Lua libraries available to NSE are
       <literal>debug</literal>,
       <literal>io</literal>,
@@ -3860,8 +3860,11 @@ end
       of a Lua file. They include
       <literal>nmap</literal>,
       <literal>pcre</literal>,
-      <literal>bin</literal>,
-      <literal>bit</literal>, and
+      <literal>db</literal>,
+      <literal>lpeg</literal>,
+      <literal>debug</literal>,
+      <literal>zlib</literal>,
+      <literal>libssh2</literal>, and
       <literal>openssl</literal> (if available).
       </para>
  

docs/win32-installer-zenmap-buildguide.txt

@@ -12,7 +12,7 @@ Python-upgrade.txt there for more information.
 
 II. OTHER REQUIREMENTS
 
-You'll need Microsoft Visual C++ 2010 for compilation.
+You'll need Microsoft Visual Studio for compilation.
 Directions for obtaining that are at:
 https://nmap.org/install/inst-windows.html#inst-win-source.
 
@@ -21,9 +21,8 @@ You'll also need Cygwin installed in order to build the Nmap installer
 http://www.cygwin.com/.
 
 And last, you'll need the Nullsoft Scriptable Install System installed.
-You can download if from http://nsis.sourceforge.net/Download  (Version
-2.46 tested). Install in "C:\Program Files\NSIS" even if it offers
-"C:\Program Files (x86)\NSIS".
+You can download if from http://nsis.sourceforge.io/Download  (Version
+3.08 tested).
 
 
 III. BUILDING

docs/zenmap.1

@@ -2,12 +2,12 @@
 .\"     Title: zenmap
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 08/06/2021
+.\"      Date: 08/21/2025
 .\"    Manual: Zenmap Reference Guide
 .\"    Source: Zenmap
 .\"  Language: English
 .\"
-.TH "ZENMAP" "1" "08/06/2021" "Zenmap" "Zenmap Reference Guide"
+.TH "ZENMAP" "1" "08/21/2025" "Zenmap" "Zenmap Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -100,7 +100,7 @@ Like their authors, Nmap and Zenmap aren\(cqt perfect\&. But you can help make t
 \m[blue]\fB\%https://nmap.org\fR\m[]\&. If the problem persists, do some research to determine whether it has already been discovered and addressed\&. Try Googling the error message or browsing the
 nmap\-dev
 archives at
-\m[blue]\fB\%http://seclists.org/\fR\m[]\&. Read this full manual page as well\&. If nothing comes of this, mail a bug report to
+\m[blue]\fB\%https://seclists.org/\fR\m[]\&. Read this full manual page as well\&. If nothing comes of this, mail a bug report to
 <dev@nmap\&.org>\&. Please include everything you have learned about the problem, as well as what version of Zenmap you are running and what operating system version it is running on\&. Problem reports and Zenmap usage questions sent to dev@nmap\&.org are far more likely to be answered than those sent to Fyodor directly\&.
 .PP
 Code patches to fix bugs are even better than bug reports\&. Basic instructions for creating patch files with your changes are available at
@@ -115,7 +115,7 @@ Zenmap was originally derived from Umit, an Nmap GUI created during the Google\-
 .PP
 Fyodor
 <fyodor@nmap\&.org>
-(\m[blue]\fB\%http://insecure.org\fR\m[])
+(\m[blue]\fB\%https://insecure.org\fR\m[])
 .PP
 Hundreds of people have made valuable contributions to Nmap over the years\&. These are detailed in the
 CHANGELOG

docs/zenmap.xml

@@ -132,7 +132,7 @@
     latest version available from <ulink url="https://nmap.org"/>.  If
     the problem persists, do some research to determine whether it has already
     been discovered and addressed.  Try Googling the error message or browsing
-    the <citetitle>nmap-dev</citetitle> archives at <ulink url="http://seclists.org/" />.
+    the <citetitle>nmap-dev</citetitle> archives at <ulink url="https://seclists.org/" />.
     Read this
     full manual page as well.  If nothing comes of this, mail a bug report to
     <email>dev@nmap.org</email>.  Please include everything you have
@@ -166,7 +166,7 @@
       <title>Nmap</title>
       <para>Fyodor 
       <email>fyodor@nmap.org</email>
-      (<ulink url="http://insecure.org" />)
+      (<ulink url="https://insecure.org" />)
       </para>
 
       <para>Hundreds of people have made valuable contributions to Nmap

idle_scan.cc

@@ -8,60 +8,59 @@
  * experienced Nmap users.                                                 *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */
@@ -108,10 +107,6 @@
 #include <stdio.h>
 
 extern NmapOps o;
-#ifdef WIN32
-/* from libdnet's intf-win32.c */
-extern "C" int g_has_npcap_loopback;
-#endif
 
 struct idle_proxy_info {
   Target host; /* contains name, IP, source IP, timing info, etc. */
@@ -197,8 +192,7 @@ static int ipid_proxy_probe(struct idle_proxy_info *proxy, int *probes_sent,
   static int packet_send_count = 0; /* Total # of probes sent by this program -- to ensure that our sequence # always changes */
   u32 packetlen = 0;
   u8 *ipv6_packet = NULL;
-  struct sockaddr_storage ss;
-  size_t sslen;
+  const struct sockaddr_storage *ss;
   struct ip6_hdr *ip6 = NULL;
   const void *ipv6_data;
   u8 hdr;
@@ -237,8 +231,8 @@ static int ipid_proxy_probe(struct idle_proxy_info *proxy, int *probes_sent,
                         (u8 *) TCP_SYN_PROBE_OPTIONS, TCP_SYN_PROBE_OPTIONS_LEN,
                         NULL, 0,
                         &packetlen);
-      proxy->host.TargetSockAddr(&ss, &sslen);
-      res = send_ip_packet(proxy->rawsd, proxy->ethptr, &ss, ipv6_packet, packetlen);
+      ss = proxy->host.TargetSockAddr();
+      res = send_ip_packet(proxy->rawsd, proxy->ethptr, ss, ipv6_packet, packetlen);
       if (res == -1)
         fatal("Error occurred while trying to send IPv6 packet");
       free(ipv6_packet);
@@ -374,8 +368,7 @@ static void ipv6_force_fragmentation(struct idle_proxy_info *proxy, Target *targ
   u32 packetlen = 0;
   u16 pingid = 0;
   u16 seq = 0;
-  struct sockaddr_storage ss;
-  size_t sslen;
+  const struct sockaddr_storage *ss;
   int res;
   assert(proxy);
 
@@ -394,9 +387,9 @@ static void ipv6_force_fragmentation(struct idle_proxy_info *proxy, Target *targ
     log_write(LOG_STDOUT, "Packet capture filter (device %s): %s\n", proxy->host.deviceFullName(), filter);
 
   /* Make a ping that is in total 1280 byte long and send it */
-  proxy->host.TargetSockAddr(&ss, &sslen);
+  ss = proxy->host.TargetSockAddr();
   ipv6_packet = build_icmpv6_raw(proxy->host.v6sourceip(), proxy->host.v6hostip(), 0x00, 0x0000, o.ttl, seq , pingid, ICMPV6_ECHO, 0x00, data, sizeof(data) , &packetlen);
-  res = send_ip_packet(proxy->rawsd, proxy->ethptr, &ss, ipv6_packet, packetlen);
+  res = send_ip_packet(proxy->rawsd, proxy->ethptr, ss, ipv6_packet, packetlen);
   if (res == -1)
     fatal("Error occurred while trying to send ICMPv6 Echo Request to the idle host");
   free(ipv6_packet);
@@ -436,7 +429,7 @@ static void ipv6_force_fragmentation(struct idle_proxy_info *proxy, Target *targ
   memcpy(&data[4], ip, sizeof(data)-4);
 
   ipv6_packet = build_icmpv6_raw(proxy->host.v6sourceip(), proxy->host.v6hostip(), 0x00, 0x0000, o.ttl, 0x00 , 0x00, 0x02, 0x00, data, sizeof(data) , &packetlen);
-  res = send_ip_packet(proxy->rawsd, proxy->ethptr, &ss, ipv6_packet, packetlen);
+  res = send_ip_packet(proxy->rawsd, proxy->ethptr, ss, ipv6_packet, packetlen);
   if (res == -1)
     fatal("Error occurred while trying to send spoofed ICMPv6 Echo Request to the idle host");
 
@@ -449,7 +442,7 @@ static void ipv6_force_fragmentation(struct idle_proxy_info *proxy, Target *targ
   seq = get_random_u16();
 
   ipv6_packet = build_icmpv6_raw(target->v6hostip(), proxy->host.v6hostip(), 0x00, 0x0000, o.ttl, seq , pingid, ICMPV6_ECHO, 0x00, data, sizeof(data) , &packetlen);
-  res = send_ip_packet(proxy->rawsd, proxy->ethptr, &ss, ipv6_packet, packetlen);
+  res = send_ip_packet(proxy->rawsd, proxy->ethptr, ss, ipv6_packet, packetlen);
   if (res == -1)
     fatal("Error occurred while trying to send ICMPv6 Echo Request to the idle host");
 
@@ -464,7 +457,7 @@ static void ipv6_force_fragmentation(struct idle_proxy_info *proxy, Target *targ
   ipv6_packet = build_icmpv6_raw(target->v6hostip(), proxy->host.v6hostip(), 0x00, 0x0000, o.ttl, 0x00 , 0x00, 0x02, 0x00, data, sizeof(data) , &packetlen);
   /* give the decoy host time to reply to the target */
   usleep(10000);
-  res = send_ip_packet(proxy->rawsd, proxy->ethptr, &ss, ipv6_packet, packetlen);
+  res = send_ip_packet(proxy->rawsd, proxy->ethptr, ss, ipv6_packet, packetlen);
   if (res == -1)
     fatal("Error occurred while trying to send ICMPv6 PTB to the idle host");
   free(ipv6_packet);
@@ -606,30 +599,19 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName,
 
   /* Now lets send some probes to check IP ID algorithm ... */
   /* First we need a raw socket ... */
-  if ((o.sendpref & PACKET_SEND_ETH) && (proxy->host.ifType() == devt_ethernet
-#ifdef WIN32
-    || (g_has_npcap_loopback && proxy->host.ifType() == devt_loopback)
-#endif
-    )) {
+  if (!raw_socket_or_eth(o.sendpref, proxy->host.deviceName(), proxy->host.ifType(),
+        &proxy->rawsd, &proxy->eth.ethsd)) {
+    fatal("%s: Failed to open raw socket or ethernet handle", __func__);
+  }
+  if (proxy->eth.ethsd != NULL) {
     if (!setTargetNextHopMAC(&proxy->host))
       fatal("%s: Failed to determine dst MAC address for Idle proxy", __func__);
     memcpy(proxy->eth.srcmac, proxy->host.SrcMACAddress(), 6);
     memcpy(proxy->eth.dstmac, proxy->host.NextHopMACAddress(), 6);
-    proxy->eth.ethsd = eth_open_cached(proxy->host.deviceName());
-    if (proxy->eth.ethsd == NULL)
-      fatal("%s: Failed to open ethernet device (%s)", __func__, proxy->host.deviceName());
-    proxy->rawsd = -1;
     proxy->ethptr = &proxy->eth;
-  } else {
-#ifdef WIN32
-    win32_fatal_raw_sockets(proxy->host.deviceName());
-#endif
-    proxy->rawsd = nmap_raw_socket();
-    if (proxy->rawsd < 0)
-      pfatal("socket troubles in %s", __func__);
+  }
+  else {
     unblock_socket(proxy->rawsd);
-    proxy->eth.ethsd = NULL;
-    proxy->ethptr = NULL;
   }
 
   if (proxy->host.af() == AF_INET6)
@@ -1001,15 +983,12 @@ static int idlescan_countopen2(struct idle_proxy_info *proxy,
   int dotry3 = 0;
   struct eth_nfo eth;
   u8 *packet = NULL;
-  struct sockaddr_storage ss;
-  size_t sslen;
   u32 packetlen = 0;
   int res;
 
   if (seq == 0)
     seq = get_random_u32();
 
-  target->TargetSockAddr(&ss, &sslen);
   memset(&end, 0, sizeof(end));
   memset(&latestchange, 0, sizeof(latestchange));
   gettimeofday(&start, NULL);
@@ -1054,7 +1033,7 @@ static int idlescan_countopen2(struct idle_proxy_info *proxy,
                                     (u8 *) TCP_SYN_PROBE_OPTIONS, TCP_SYN_PROBE_OPTIONS_LEN,
                                     o.extra_payload, o.extra_payload_length,
                                     &packetlen);
-        res = send_ip_packet(proxy->rawsd, eth.ethsd ? &eth : NULL, &ss, packet, packetlen);
+        res = send_ip_packet(proxy->rawsd, eth.ethsd ? &eth : NULL, target->TargetSockAddr(), packet, packetlen);
         if (res == -1)
           fatal("Error occurred while trying to send IPv6 packet");
         free(packet);
@@ -1064,12 +1043,18 @@ static int idlescan_countopen2(struct idle_proxy_info *proxy,
 
   openports = -1;
   tries = 0;
-  TIMEVAL_MSEC_ADD(probe_times[0], start, MAX(50, (target->to.srtt * 3 / 4) / 1000));
-  TIMEVAL_MSEC_ADD(probe_times[1], start, target->to.srtt / 1000 );
-  TIMEVAL_MSEC_ADD(probe_times[2], end, MAX(75, (2 * target->to.srtt +
-                   target->to.rttvar) / 1000));
-  TIMEVAL_MSEC_ADD(probe_times[3], end, MIN(4000, (2 * target->to.srtt +
-                   (target->to.rttvar << 2 )) / 1000));
+
+  int tmp = (target->to.srtt * 3) / (4 * 1000);
+  tmp = MAX(50, tmp);
+  TIMEVAL_MSEC_ADD(probe_times[0], start, tmp);
+  tmp = target->to.srtt / 1000;
+  TIMEVAL_MSEC_ADD(probe_times[1], start, tmp);
+  tmp = (2 * target->to.srtt + target->to.rttvar) / 1000;
+  tmp = MAX(75, tmp);
+  TIMEVAL_MSEC_ADD(probe_times[2], end, tmp);
+  tmp = (2 * target->to.srtt + (target->to.rttvar << 2 )) / 1000;
+  tmp = MIN(4000, tmp);
+  TIMEVAL_MSEC_ADD(probe_times[3], end, tmp);
 
   do {
     if (tries == 2)

idle_scan.h

@@ -8,60 +8,59 @@
  * experienced Nmap users.                                                 *
  *                                                                         *
  ***********************IMPORTANT NMAP LICENSE TERMS************************
- *                                                                         *
- * The Nmap Security Scanner is (C) 1996-2021 Nmap Software LLC ("The Nmap  *
- * Project"). Nmap is also a registered trademark of the Nmap Project.     *
- *                                                                         *
- * This program is distributed under the terms of the Nmap Public Source   *
- * License (NPSL). The exact license text applying to a particular Nmap    *
- * release or source code control revision is contained in the LICENSE     *
- * file distributed with that version of Nmap or source code control       *
- * revision. More Nmap copyright/legal information is available from       *
- * https://nmap.org/book/man-legal.html, and further information on the    *
- * NPSL license itself can be found at https://nmap.org/npsl. This header  *
- * summarizes some key points from the Nmap license, but is no substitute  *
- * for the actual license text.                                            *
- *                                                                         *
- * Nmap is generally free for end users to download and use themselves,    *
- * including commercial use. It is available from https://nmap.org.        *
- *                                                                         *
- * The Nmap license generally prohibits companies from using and           *
- * redistributing Nmap in commercial products, but we sell a special Nmap  *
- * OEM Edition with a more permissive license and special features for     *
- * this purpose. See https://nmap.org/oem                                  *
- *                                                                         *
- * If you have received a written Nmap license agreement or contract       *
- * stating terms other than these (such as an Nmap OEM license), you may   *
- * choose to use and redistribute Nmap under those terms instead.          *
- *                                                                         *
- * The official Nmap Windows builds include the Npcap software             *
- * (https://npcap.org) for packet capture and transmission. It is under    *
- * separate license terms which forbid redistribution without special      *
- * permission. So the official Nmap Windows builds may not be              *
- * redistributed without special permission (such as an Nmap OEM           *
- * license).                                                               *
- *                                                                         *
- * Source is provided to this software because we believe users have a     *
- * right to know exactly what a program is going to do before they run it. *
- * This also allows you to audit the software for security holes.          *
- *                                                                         *
- * Source code also allows you to port Nmap to new platforms, fix bugs,    *
- * and add new features.  You are highly encouraged to submit your         *
- * changes as a Github PR or by email to the dev@nmap.org mailing list     *
- * for possible incorporation into the main distribution. Unless you       *
- * specify otherwise, it is understood that you are offering us very       *
- * broad rights to use your submissions as described in the Nmap Public    *
- * Source License Contributor Agreement. This is important because we      *
- * fund the project by selling licenses with various terms, and also       *
- * because the inability to relicense code has caused devastating          *
- * problems for other Free Software projects (such as KDE and NASM).       *
- *                                                                         *
- * The free version of Nmap is distributed in the hope that it will be     *
- * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,        *
- * indemnification and commercial support are all available through the    *
- * Npcap OEM program--see https://nmap.org/oem.                            *
- *                                                                         *
+ *
+ * The Nmap Security Scanner is (C) 1996-2025 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and
+ * add new features. You are highly encouraged to submit your changes as a
+ * Github PR or by email to the dev@nmap.org mailing list for possible
+ * incorporation into the main distribution. Unless you specify otherwise, it
+ * is understood that you are offering us very broad rights to use your
+ * submissions as described in the Nmap Public Source License Contributor
+ * Agreement. This is important because we fund the project by selling licenses
+ * with various terms, and also because the inability to relicense code has
+ * caused devastating problems for other Free Software projects (such as KDE
+ * and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
  ***************************************************************************/
 
 /* $Id$ */

libdnet-stripped/.gitignore

@@ -0,0 +1,56 @@
+# Generated objects
+*.o
+*.lo
+*.la
+
+# Backups
+**~
+
+# Local tarballs and Pyrex
+Pyrex-0*
+libdnet-*.tar.gz
+
+# Python Cache
+**/__pycache__/
+
+# Local Python virtual environment
+.virtualenv/
+
+# From configure
+config.log
+config.status
+dnet-config
+include/config.h
+include/stamp-h1
+libtool
+python/setup.py
+
+# Generated Makefiles
+Makefile
+include/Makefile
+include/dnet/Makefile
+man/Makefile
+python/Makefile
+src/Makefile
+test/Makefile
+test/check/Makefile
+test/dnet/Makefile
+
+# Generated libs/binaries from make
+autom4te.cache/
+src/.libs/
+test/dnet/.libs/
+test/dnet/dnet
+test/check/.libs/
+test/check/*.log
+test/check/*.trs
+test/check/check_addr
+test/check/check_arp
+test/check/check_blob
+test/check/check_eth
+test/check/check_fw
+test/check/check_intf
+test/check/check_ip
+test/check/check_rand
+test/check/check_route
+python/test-suite.log

libdnet-stripped/CMakeLists.txt

@@ -0,0 +1,401 @@
+cmake_minimum_required(VERSION 3.14)
+
+project(dnet VERSION 1.18.0 LANGUAGES C)
+
+find_package(TCL)
+
+include(CheckFunctionExists)
+include(CheckIncludeFile)
+include(CheckIncludeFiles)
+include(CheckStructHasMember)
+include(CheckSymbolExists)
+include(CheckTypeSize)
+include(CheckCSourceCompiles)
+include(GNUInstallDirs)
+include(CMakePushCheckState)
+
+set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules)
+set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS True)
+option(BUILD_SHARED_LIBS "Build in shared lib mode" OFF)
+
+set(DNET_LINK_LIBS "")
+
+foreach (header stdio.h stdlib.h string.h inttypes.h)
+  string(TOUPPER HAVE_${header} var)
+  string(REGEX REPLACE "\\.|/" "_" var ${var})
+  check_include_file(${header} ${var})
+endforeach ()
+
+if(WIN32)
+    find_package(Packet)
+    if(Packet_FOUND)
+        set(HAVE_PACKET32 TRUE)
+        set(HAVE_PCAP_H TRUE)
+        include_directories(${Packet_INCLUDE_DIRS})
+        set(DNET_LINK_LIBS ${Packet_LIBRARIES} ${DNET_LINK_LIBS})
+    endif(Packet_FOUND)
+endif(WIN32)
+
+if (MSVC)
+    add_definitions(-DWIN32_LEAN_AND_MEAN)
+    check_include_file(winsock2.h HAVE_WINSOCK2_H)
+    if(HAVE_WINSOCK2_H)
+        set(HAVE_SOCKADDR_IN6 TRUE)
+        set(HAVE_LIBWS2_32 TRUE)
+        set(DNET_LINK_LIBS ws2_32 ${DNET_LINK_LIBS})
+    endif()
+    check_c_source_compiles("
+        #define WIN32_LEAN_AND_MEAN
+        #include <windows.h>
+        #include <Iphlpapi.h>
+        int main() { return 0; }"
+        HAVE_IPHLPAPI_H)
+    if(HAVE_IPHLPAPI_H)
+        set(HAVE_LIBIPHLPAPI TRUE)
+        set(DNET_LINK_LIBS Iphlpapi ${DNET_LINK_LIBS})
+    endif()
+    cmake_push_check_state()
+    set(CMAKE_REQUIRED_LIBRARIES "ws2_32")
+    check_symbol_exists(inet_pton WS2tcpip.h HAVE_INET_PTON)
+    cmake_pop_check_state()
+endif()
+if(UNIX)
+    foreach (header strings.h
+            unistd.h sys/bufmod.h sys/dlpi.h sys/dlpihdr.h sys/dlpi_ext.h
+            sys/ioctl.h sys/mib.h sys/ndd_var.h sys/socket.h sys/sockio.h
+            sys/time.h sys/stat.h net/if.h net/if_var.h
+            net/if_dl.h net/pfilt.h
+            net/radix.h net/raw.h net/route.h netinet/in_var.h
+            linux/if_tun.h netinet/ip_fw.h linux/ip_fw.h
+            linux/ip_fwchains.h linux/netfilter_ipv4/ipchains_core.h
+            ip_fil_compat.h netinet/ip_fil_compat.h ip_compat.h
+            netinet/ip_compat.h ip_fil.h netinet/ip_fil.h
+            hpsecurity.h stropts.h dlfcn.h fcntl.h)
+      string(TOUPPER HAVE_${header} var)
+      string(REGEX REPLACE "\\.|/" "_" var ${var})
+      check_include_file(${header} ${var})
+    endforeach ()
+
+    check_include_files("sys/types.h;net/bpf.h" HAVE_NET_BPF_H)
+    check_include_files("sys/types.h;net/if_arp.h" HAVE_NET_IF_ARP_H)
+    check_include_files("sys/types.h;net/if_tun.h" HAVE_NET_IF_TUN_H)
+    check_include_files("sys/types.h;net/if.h;net/pfvar.h" HAVE_NET_PFVAR_H)
+    check_include_files("sys/types.h;sys/sysctl.h" HAVE_SYS_SYSCTL_H)
+endif()
+
+set(CMAKE_REQUIRED_LIBRARIES )
+foreach (func err strlcat strlcpy strse)
+  string(TOUPPER HAVE_${func} var)
+  check_function_exists(${func} ${var})
+endforeach ()
+
+if (UNIX)
+    set(CMAKE_REQUIRED_LIBRARIES "nm")
+    check_function_exists(open_mib HAVE_OPEN_MIB)
+    set(CMAKE_REQUIRED_LIBRARIES )
+
+    CHECK_STRUCT_HAS_MEMBER("struct arpreq" arp_dev net/if_arp.h HAVE_ARPREQ_ARP_DEV LANGUAGE C)
+    CHECK_STRUCT_HAS_MEMBER("struct sockaddr" sa_len sys/socket.h HAVE_SOCKADDR_SA_LEN LANGUAGE C)
+    CHECK_STRUCT_HAS_MEMBER("struct rt_msghdr" rtm_msglen "sys/socket.h;net/if.h;net/route.h" HAVE_ROUTE_RT_MSGHDR LANGUAGE C)
+
+    set(CMAKE_EXTRA_INCLUDE_FILES "netinet/in.h")
+    check_type_size("struct sockaddr_in6" HAVE_SOCKADDR_IN6  LANGUAGE C)
+    set(CMAKE_EXTRA_INCLUDE_FILES )
+
+    if (CMAKE_SYSTEM_NAME STREQUAL "Linux")
+        file(STRINGS /proc/sys/kernel/ostype PROCFS)
+        message(STATUS "${PROCFS}")
+        if (${PROCFS} STREQUAL "Linux")
+            set(HAVE_LINUX_PROCFS True)
+        endif()
+    endif()
+
+    check_include_file(inet/mib2.h HAVE_STREAMS_MIB2)
+
+    check_symbol_exists(ETH_P_ALL linux/if_ether.h HAVE_LINUX_PF_PACKET)
+
+    check_symbol_exists(RTSTR_SEND net/route.h HAVE_STREAMS_ROUTE)
+
+    check_symbol_exists(SIOCGARP sys/ioctl.h HAVE_IOCTL_ARP)
+
+    string(TOLOWER ${CMAKE_SYSTEM_NAME} CMAKE_SYSTEM_NAME_LOWER)
+
+    string(REGEX MATCH "bsd" BSD ${CMAKE_SYSTEM_NAME_LOWER})
+    string(REGEX MATCH "darwin" DARWIN ${CMAKE_SYSTEM_NAME_LOWER})
+    string(REGEX MATCH "osf" OSF ${CMAKE_SYSTEM_NAME_LOWER})
+    string(REGEX MATCH "unixware" UNIXWARE ${CMAKE_SYSTEM_NAME_LOWER})
+    string(REGEX MATCH "openbsd" OPENBSD ${CMAKE_SYSTEM_NAME_LOWER})
+    string(REGEX MATCH "solaris" SOLARIS ${CMAKE_SYSTEM_NAME_LOWER})
+    string(REGEX MATCH "irix" IRIX ${CMAKE_SYSTEM_NAME_LOWER})
+    string(REGEX MATCH "freebsd5" FREEBSD5 ${CMAKE_SYSTEM_NAME_LOWER})
+    string(REGEX MATCH "kfreebsd" KFREEBSD ${CMAKE_SYSTEM_NAME_LOWER})
+
+    if (BSD OR DARWIN OR OSF OR UNIXWARE)
+        set(HAVE_RAWIP_HOST_OFFLEN True)
+    endif()
+
+    if (OPENBSD)
+        set(HAVE_RAWIP_HOST_OFFLEN False)
+    endif()
+
+    if (SOLARIS OR IRIX)
+        set(HAVE_RAWIP_COOKED True)
+    endif()
+
+    set(CMAKE_REQUIRED_LIBRARIES )
+    foreach (func err strlcat strlcpy strse)
+      string(TOUPPER HAVE_${func} var)
+      check_function_exists(${func} ${var})
+    endforeach ()
+
+
+
+    set(CMAKE_REQUIRED_LIBRARIES nsl socket)
+    check_function_exists(gethostbyname HAVE_GETHOSTBYNAME)
+    if (NOT HAVE_GETHOSTBYNAME)
+        unset(HAVE_GETHOSTBYNAME CACHE)
+        set(CMAKE_REQUIRED_LIBRARIES nsl)
+        check_function_exists(gethostbyname HAVE_GETHOSTBYNAME)
+        if (NOT HAVE_GETHOSTBYNAME)
+            unset(HAVE_GETHOSTBYNAME CACHE)
+            set(CMAKE_REQUIRED_LIBRARIES)
+            check_function_exists(gethostbyname HAVE_GETHOSTBYNAME)
+        endif()
+    endif()
+    set(CMAKE_REQUIRED_LIBRARIES )
+    check_function_exists(gethostbyaddr HAVE_GETHOSTBYADDR)
+    check_function_exists(gethostname HAVE_GETHOSTNAME)
+endif (UNIX)
+
+check_function_exists(inet_ntoa HAVE_INET_NTOA)
+check_function_exists(memset HAVE_MEMSET)
+check_function_exists(select HAVE_SELECT)
+check_function_exists(socket HAVE_SOCKET)
+check_function_exists(strerror HAVE_STRERROR)
+check_function_exists(strsep HAVE_STRSEP)
+
+set(CMAKE_REQUIRED_LIBRARIES str)
+check_function_exists(putmsg HAVE_PUTMSG)
+set(CMAKE_REQUIRED_LIBRARIES )
+
+set(PACKAGE ${PROJECT_NAME})
+set(PACKAGE_BUGREPORT)
+set(PACKAGE_NAME ${PROJECT_NAME})
+set(PACKAGE_STRING "${PROJECT_NAME} ${CMAKE_PROJECT_VERSION}")
+set(PACKAGE_TARNAME ${PROJECT_NAME})
+set(PACKAGE_URL)
+set(PACKAGE_VERSION ${CMAKE_PROJECT_VERSION})
+set(VERSION ${CMAKE_PROJECT_VERSION})
+
+configure_file(config.h.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/config.h)
+
+set(PLATFORM_SOURCES)
+
+if (NOT HAVE_STRLCAT)
+    list(APPEND PLATFORM_SOURCES src/strlcat.c)
+endif()
+if (NOT HAVE_STRLCPY)
+    list(APPEND PLATFORM_SOURCES src/strlcpy.c)
+endif()
+if (NOT HAVE_STRSEP)
+    list(APPEND PLATFORM_SOURCES src/strsep.c)
+endif()
+
+
+if (HAVE_ROUTE_RT_MSGHDR)
+    list(APPEND PLATFORM_SOURCES src/arp-bsd.c)
+elseif (HAVE_IOCTL_ARP)
+    list(APPEND PLATFORM_SOURCES src/arp-ioctl.c)
+elseif (HAVE_IPHLPAPI_H)
+    list(APPEND PLATFORM_SOURCES src/arp-win32.c)
+else()
+    list(APPEND PLATFORM_SOURCES src/arp-none.c)
+endif()
+
+if (HAVE_PACKET32)
+    list(APPEND PLATFORM_SOURCES src/eth-win32.c)
+elseif(HAVE_NET_PFILT_H)
+    list(APPEND PLATFORM_SOURCES src/eth-pfilt.c)
+elseif(HAVE_LINUX_PF_PACKET)
+    list(APPEND PLATFORM_SOURCES src/eth-linux.c)
+elseif(HAVE_NET_BPF_H)
+    list(APPEND PLATFORM_SOURCES src/eth-bsd.c)
+elseif(HAVE_NET_RAW_H)
+    list(APPEND PLATFORM_SOURCES src/eth-snoop.c)
+elseif(HAVE_SYS_NDD_VAR_H)
+    list(APPEND PLATFORM_SOURCES src/eth-ndd.c)
+elseif(HAVE_SYS_DLPI_H OR HAVE_SYS_DLPIHDR_H)
+    list(APPEND PLATFORM_SOURCES src/eth-dlpi.c)
+else()
+    list(APPEND PLATFORM_SOURCES src/eth-none.c)
+endif()
+
+if (HAVE_IPHLPAPI_H)
+    list(APPEND PLATFORM_SOURCES src/fw-pktfilter.c)
+elseif(HAVE_NET_PFVAR_H)
+    list(APPEND PLATFORM_SOURCES src/fw-pf.c)
+elseif(HAVE_NETINET_IP_FW_H)
+    if (FREEBSD5 OR KFREEBSD)
+        list(APPEND PLATFORM_SOURCES src/fw-none.c)
+    else()
+        list(APPEND PLATFORM_SOURCES src/fw-ipfw.c)
+    endif()
+elseif(HAVE_IP_FIL_H)
+    list(APPEND PLATFORM_SOURCES src/fw-ipf.c)
+elseif(HAVE_LINUX_IP_FW_H OR HAVE_LINUX_IP_FWCHAINS_H OR HAVE_LINUX_NETFILTER_IPV4_IPCHAINS_CORE_H)
+    list(APPEND PLATFORM_SOURCES src/fw-ipchains.c)
+else()
+    list(APPEND PLATFORM_SOURCES src/fw-none.c)
+endif()
+
+if (HAVE_IPHLPAPI_H)
+    list(APPEND PLATFORM_SOURCES src/intf-win32.c)
+else()
+    list(APPEND PLATFORM_SOURCES src/intf.c)
+endif()
+
+if (HAVE_IPHLPAPI_H)
+    list(APPEND PLATFORM_SOURCES src/ip-win32.c)
+elseif(HAVE_RAWIP_COOKED)
+    list(APPEND PLATFORM_SOURCES src/ip-cooked.c)
+else()
+    list(APPEND PLATFORM_SOURCES src/ip.c)
+endif()
+
+if (HAVE_IPHLPAPI_H)
+    list(APPEND PLATFORM_SOURCES src/route-win32.c)
+elseif(HAVE_ROUTE_RT_MSGHDR)
+    list(APPEND PLATFORM_SOURCES src/route-bsd.c)
+elseif(HAVE_LINUX_PROCFS)
+    list(APPEND PLATFORM_SOURCES src/route-linux.c)
+elseif(HAVE_HPSECURITY_H)
+    list(APPEND PLATFORM_SOURCES src/route-hpux.c)
+else()
+    list(APPEND PLATFORM_SOURCES src/route-none.c)
+endif()
+
+if(HAVE_LINUX_PROCFS)
+    list(APPEND PLATFORM_SOURCES src/ndisc-linux.c)
+else()
+    list(APPEND PLATFORM_SOURCES src/ndisc-none.c)
+endif()
+
+find_file(HAVE_DEV_TUN
+            NAMES /dev/tun0
+            DOC "Check for tun0")
+
+if(HAVE_LINUX_IF_TUN_H)
+    list(APPEND PLATFORM_SOURCES src/tun-linux.c)
+elseif(HAVE_NET_IF_TUN_H)
+    if(HAVE_STROPTS_H)
+        list(APPEND PLATFORM_SOURCES src/tun-solaris.c)
+    else()
+        list(APPEND PLATFORM_SOURCES src/tun-bsd.c)
+    endif()
+elseif(HAVE_DEV_TUN)
+    list(APPEND PLATFORM_SOURCES src/tun-bsd.c)
+else()
+    list(APPEND PLATFORM_SOURCES src/tun-none.c)
+endif()
+
+add_library(${PROJECT_NAME}
+    src/addr-util.c
+    src/addr.c
+    src/blob.c
+    src/err.c
+    src/ip-util.c
+    src/ip6.c
+    src/rand.c
+    ${PLATFORM_SOURCES})
+
+target_include_directories(${PROJECT_NAME} PUBLIC
+    $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include>
+    $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
+    $<INSTALL_INTERFACE:include>
+    $<INSTALL_INTERFACE:include/dnet>
+)
+
+set(DNET_HEADERS
+    include/dnet/addr.h
+    include/dnet/arp.h
+    include/dnet/blob.h
+    include/dnet/eth.h
+    include/dnet/fw.h
+    include/dnet/icmp.h
+    include/dnet/icmpv6.h
+    include/dnet/intf.h
+    include/dnet/ip.h
+    include/dnet/ip6.h
+    include/dnet/ndisc.h
+    include/dnet/os.h
+    include/dnet/rand.h
+    include/dnet/route.h
+    include/dnet/sctp.h
+    include/dnet/tcp.h
+    include/dnet/tun.h
+    include/dnet/udp.h
+)
+set(DNET_HEADERS1
+    include/dnet.h
+    include/err.h
+    include/queue.h
+    ${CMAKE_CURRENT_BINARY_DIR}/config.h
+)
+set_target_properties(
+    ${PROJECT_NAME}
+    PROPERTIES
+    PUBLIC_HEADER "${DNET_HEADERS}"
+)
+
+if(NOT(DNET_LINK_LIBS STREQUAL ""))
+    target_link_libraries(${PROJECT_NAME} PUBLIC ${DNET_LINK_LIBS})
+endif()
+
+install(TARGETS ${PROJECT_NAME}
+    EXPORT ${PROJECT_NAME}Targets DESTINATION ${CMAKE_INSTALL_LIBDIR}
+    RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} COMPONENT runtime
+    ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} COMPONENT devel
+    PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/${PROJECT_NAME}/${PROJECT_NAME} COMPONENT devel
+)
+
+
+install(FILES ${DNET_HEADERS1}
+        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/${PROJECT_NAME}
+        COMPONENT devel)
+
+install(EXPORT ${PROJECT_NAME}Targets
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/${PROJECT_NAME}/
+    FILE ${PROJECT_NAME}Targets.cmake
+    NAMESPACE ${PROJECT_NAME}::
+    COMPONENT devel
+)
+
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/${PROJECT_NAME}-config.cmake.in
+    ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}Config.cmake
+    @ONLY
+)
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/${PROJECT_NAME}-config-version.cmake.in
+    ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}ConfigVersion.cmake
+    @ONLY
+)
+install(
+    FILES
+        ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}Config.cmake
+        ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}ConfigVersion.cmake
+    DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/${PROJECT_NAME}/
+    COMPONENT devel
+)
+
+if(UNIX)
+  if(NOT CPACK_GENERATOR)
+    set(CPACK_GENERATOR "DEB")
+  endif()
+
+  set(CPACK_DEBIAN_PACKAGE_SHLIBDEPS ON)
+  set(CPACK_STRIP_FILES 1)
+  if(${CMAKE_VERSION} VERSION_GREATER "3.5")
+    set(CPACK_DEBIAN_FILE_NAME DEB-DEFAULT)
+  endif()
+endif()
+
+include(CPack)

libdnet-stripped/INSTALL

@@ -1,6 +1,10 @@
 
 *BSD, MacOS X, Linux
 --------------------
+Make sure you have `pkg-config` installed.
+
+Install Check (https://libcheck.github.io/check/) for additional checks
+during build time.
 
 ./configure && make
 
@@ -56,4 +60,4 @@ To build a Microsoft Visual C++ native library and Python module
 	cd ../src && lib /out:dnet.lib *.obj
 
 
-# $Id: INSTALL 590 2005-02-15 07:38:19Z dugsong $
+# $Id$

libdnet-stripped/Makefile.am

@@ -1,4 +1,4 @@
-## $Id: Makefile.am 618 2006-01-15 06:42:19Z dugsong $
+## $Id$
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -6,12 +6,14 @@ SUBDIRS =	include src
 
 bin_SCRIPTS =	dnet-config
 
-EXTRA_DIST =	LICENSE Makefile.am.common acconfig.h
+EXTRA_DIST =	LICENSE Makefile.am.common acconfig.h libdnet.spec
 
 CLEANFILES =	dnet-config
 
-aux_dir = config
-
-AUX_DIST = $(aux_dir)/acinclude.m4
-
-ACLOCAL_AMFLAGS = -I config
+AUX_DIST =	$(ac_aux_dir)/acinclude.m4	\
+		$(ac_aux_dir)/config.guess	\
+		$(ac_aux_dir)/config.sub	\
+		$(ac_aux_dir)/install-sh	\
+		$(ac_aux_dir)/ltmain.sh		\
+		$(ac_aux_dir)/missing		\
+		$(ac_aux_dir)/mkinstalldirs

libdnet-stripped/Makefile.am.common

@@ -1,6 +1,7 @@
-## $Id: Makefile.am.common 623 2006-01-19 06:09:27Z dugsong $
+## $Id$
 
 AUTOMAKE_OPTIONS = foreign no-dependencies
 
-AM_CPPFLAGS = -I$(top_srcdir)/include
+ACLOCAL_AMFLAGS = -I m4
 
+AM_CPPFLAGS = -I$(top_srcdir)/include

libdnet-stripped/Makefile.in

@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -15,9 +15,65 @@
 @SET_MAKE@
 
 VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
 pkgdatadir = $(datadir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
 am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
 install_sh_DATA = $(install_sh) -c -m 644
 install_sh_PROGRAM = $(install_sh) -c
@@ -32,55 +88,163 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-DIST_COMMON = README $(am__configure_deps) $(srcdir)/../config.guess \
-	$(srcdir)/../config.sub $(srcdir)/../install-sh \
-	$(srcdir)/../ltmain.sh $(srcdir)/../missing \
-	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(srcdir)/dnet-config.in $(top_srcdir)/Makefile.am.common \
-	$(top_srcdir)/configure INSTALL THANKS TODO acconfig.h
 subdir = .
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \
-	$(top_srcdir)/configure.in
+am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \
+	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
+	$(am__configure_deps) $(am__DIST_COMMON)
 am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
  configure.lineno config.status.lineno
-mkinstalldirs = $(install_sh) -d
+mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs
 CONFIG_HEADER = $(top_builddir)/include/config.h
 CONFIG_CLEAN_FILES = dnet-config
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
 am__installdirs = "$(DESTDIR)$(bindir)"
-binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
 SCRIPTS = $(bin_SCRIPTS)
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
 depcomp =
-am__depfiles_maybe =
+am__maybe_remake_depfiles =
 SOURCES =
 DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
+RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
+	ctags-recursive dvi-recursive html-recursive info-recursive \
+	install-data-recursive install-dvi-recursive \
+	install-exec-recursive install-html-recursive \
+	install-info-recursive install-pdf-recursive \
+	install-ps-recursive install-recursive installcheck-recursive \
+	installdirs-recursive pdf-recursive ps-recursive \
+	tags-recursive uninstall-recursive
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
 RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
   distclean-recursive maintainer-clean-recursive
-ETAGS = etags
-CTAGS = ctags
+am__recursive_targets = \
+  $(RECURSIVE_TARGETS) \
+  $(RECURSIVE_CLEAN_TARGETS) \
+  $(am__extra_recursive_targets)
+AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
+	cscope distdir distdir-am dist dist-all distcheck
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
 DIST_SUBDIRS = $(SUBDIRS)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/dnet-config.in \
+	$(top_srcdir)/Makefile.am.common $(top_srcdir)/config/compile \
+	$(top_srcdir)/config/config.guess \
+	$(top_srcdir)/config/config.sub \
+	$(top_srcdir)/config/install-sh $(top_srcdir)/config/ltmain.sh \
+	$(top_srcdir)/config/missing \
+	$(top_srcdir)/config/mkinstalldirs INSTALL README.md THANKS \
+	TODO acconfig.h config/compile config/config.guess \
+	config/config.sub config/install-sh config/ltmain.sh \
+	config/missing config/mkinstalldirs
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
 am__remove_distdir = \
-  { test ! -d $(distdir) \
-    || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
-         && rm -fr $(distdir); }; }
+  if test -d "$(distdir)"; then \
+    find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+      && rm -rf "$(distdir)" \
+      || { sleep 5 && rm -rf "$(distdir)"; }; \
+  else :; fi
+am__post_remove_distdir = $(am__remove_distdir)
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
 DIST_ARCHIVES = $(distdir).tar.gz
 GZIP_ENV = --best
+DIST_TARGETS = dist-gzip
+# Exists only to be overridden by the user if desired.
+AM_DISTCHECK_DVI_TARGET = dvi
 distuninstallcheck_listfiles = find . -type f -print
+am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
+  | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
 distcleancheck_listfiles = find . -type f -print
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
@@ -89,21 +253,24 @@ AWK = @AWK@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
-CHECKINC = @CHECKINC@
-CHECKLIB = @CHECKLIB@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
+ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 GREP = @GREP@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
@@ -118,8 +285,10 @@ LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
 NM = @NM@
 NMEDIT = @NMEDIT@
@@ -132,21 +301,22 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PYTHON = @PYTHON@
 RANLIB = @RANLIB@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
-TCLINC = @TCLINC@
-TCLLIB = @TCLLIB@
+STRLCPY_HEADER = @STRLCPY_HEADER@
 VERSION = @VERSION@
 abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
 abs_top_builddir = @abs_top_builddir@
 abs_top_srcdir = @abs_top_srcdir@
+ac_aux_dir = @ac_aux_dir@
+ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
@@ -179,7 +349,6 @@ libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
 localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
@@ -187,6 +356,7 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
@@ -196,71 +366,94 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 AUTOMAKE_OPTIONS = foreign no-dependencies
+ACLOCAL_AMFLAGS = -I m4
 AM_CPPFLAGS = -I$(top_srcdir)/include
 SUBDIRS = include src
 bin_SCRIPTS = dnet-config
-EXTRA_DIST = LICENSE Makefile.am.common acconfig.h
+EXTRA_DIST = LICENSE Makefile.am.common acconfig.h libdnet.spec
 CLEANFILES = dnet-config
-aux_dir = config
-AUX_DIST = $(aux_dir)/acinclude.m4
-ACLOCAL_AMFLAGS = -I config
+AUX_DIST = $(ac_aux_dir)/acinclude.m4	\
+		$(ac_aux_dir)/config.guess	\
+		$(ac_aux_dir)/config.sub	\
+		$(ac_aux_dir)/install-sh	\
+		$(ac_aux_dir)/ltmain.sh		\
+		$(ac_aux_dir)/missing		\
+		$(ac_aux_dir)/mkinstalldirs
+
 all: all-recursive
 
 .SUFFIXES:
-am--refresh:
+am--refresh: Makefile
 	@:
 $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
 	    *$$dep*) \
-	      echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \
-	      cd $(srcdir) && $(AUTOMAKE) --foreign  \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
 		&& exit 0; \
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  Makefile'; \
-	cd $(top_srcdir) && \
-	  $(AUTOMAKE) --foreign  Makefile
-.PRECIOUS: Makefile
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    echo ' $(SHELL) ./config.status'; \
 	    $(SHELL) ./config.status;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
 	esac;
+$(top_srcdir)/Makefile.am.common $(am__empty):
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
 	$(SHELL) ./config.status --recheck
 
 $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(srcdir) && $(AUTOCONF)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
 $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
 dnet-config: $(top_builddir)/config.status $(srcdir)/dnet-config.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
 install-binSCRIPTS: $(bin_SCRIPTS)
 	@$(NORMAL_INSTALL)
-	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
+	@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
 	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  if test -f $$d$$p; then \
-	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	    echo " $(binSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(bindir)/$$f'"; \
-	    $(binSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(bindir)/$$f"; \
-	  else :; fi; \
-	done
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+	     } \
+	; done
 
 uninstall-binSCRIPTS:
 	@$(NORMAL_UNINSTALL)
-	@list='$(bin_SCRIPTS)'; for p in $$list; do \
-	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
-	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
-	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
-	done
+	@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	dir='$(DESTDIR)$(bindir)'; $(am__uninstall_files_from_dir)
 
 mostlyclean-libtool:
 	-rm -f *.lo
@@ -269,25 +462,28 @@ clean-libtool:
 	-rm -rf .libs _libs
 
 distclean-libtool:
-	-rm -f libtool
+	-rm -f libtool config.lt
 
 # This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
+# into them and run 'make' without going through this Makefile.
+# To change the values of 'make' variables: instead of editing Makefiles,
+# (1) if the variable is set in 'config.status', edit 'config.status'
+#     (which will cause the Makefiles to be regenerated when you run 'make');
+# (2) otherwise, pass the desired values on the 'make' command line.
+$(am__recursive_targets):
+	@fail=; \
+	if $(am__make_keepgoing); then \
+	  failcom='fail=yes'; \
+	else \
+	  failcom='exit 1'; \
+	fi; \
 	dot_seen=no; \
 	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	for subdir in $$list; do \
 	  echo "Making $$target in $$subdir"; \
 	  if test "$$subdir" = "."; then \
 	    dot_seen=yes; \
@@ -295,65 +491,20 @@ $(RECURSIVE_TARGETS):
 	  else \
 	    local_target="$$target"; \
 	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
 	  || eval $$failcom; \
 	done; \
 	if test "$$dot_seen" = "no"; then \
 	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
 	fi; test -z "$$fail"
 
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-recursive
+TAGS: tags
 
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
-	      END { if (nonempty) { for (i in files) print i; }; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
 	here=`pwd`; \
 	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
 	  include_option=--etags-include; \
@@ -365,45 +516,65 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	list='$(SUBDIRS)'; for subdir in $$list; do \
 	  if test "$$subdir" = .; then :; else \
 	    test ! -f $$subdir/TAGS || \
-	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
 	  fi; \
 	done; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
-	      END { if (nonempty) { for (i in files) print i; }; }'`; \
-	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
 	  test -n "$$unique" || unique=$$empty_fix; \
-	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	    $$tags $$unique; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
 	fi
-ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	tags=; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
-	      END { if (nonempty) { for (i in files) print i; }; }'`; \
-	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ctags: ctags-recursive
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
 	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$tags $$unique
+	     $$unique
 
 GTAGS:
 	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && cd $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) $$here
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscope: cscope.files
+	test ! -s cscope.files \
+	  || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
+clean-cscope:
+	-rm -f cscope.files
+cscope.files: clean-cscope cscopelist
+cscopelist: cscopelist-recursive
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
 
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+	-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
 	$(am__remove_distdir)
-	test -d $(distdir) || mkdir $(distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -419,66 +590,94 @@ distdir: $(DISTFILES)
 	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
 	  if test -d $$d/$$file; then \
 	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
 	    fi; \
-	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
 	  else \
-	    test -f $(distdir)/$$file \
-	    || cp -p $$d/$$file $(distdir)/$$file \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
 	    || exit 1; \
 	  fi; \
 	done
-	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
 	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	    distdir=`$(am__cd) $(distdir) && pwd`; \
-	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
-	    (cd $$subdir && \
+	    $(am__make_dryrun) \
+	      || test -d "$(distdir)/$$subdir" \
+	      || $(MKDIR_P) "$(distdir)/$$subdir" \
+	      || exit 1; \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
 	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$top_distdir" \
-	        distdir="$$distdir/$$subdir" \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
 		am__remove_distdir=: \
 		am__skip_length_check=: \
+		am__skip_mode_fix=: \
 	        distdir) \
 	      || exit 1; \
 	  fi; \
 	done
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
-	|| chmod -R a+r $(distdir)
+	|| chmod -R a+r "$(distdir)"
 dist-gzip: distdir
-	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	$(am__remove_distdir)
+	tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
+	$(am__post_remove_distdir)
 
 dist-bzip2: distdir
-	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
-	$(am__remove_distdir)
+	tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
+	$(am__post_remove_distdir)
 
-dist-lzma: distdir
-	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
-	$(am__remove_distdir)
+dist-lzip: distdir
+	tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
+	$(am__post_remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
+	$(am__post_remove_distdir)
+
+dist-zstd: distdir
+	tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
+	$(am__post_remove_distdir)
 
 dist-tarZ: distdir
+	@echo WARNING: "Support for distribution archives compressed with" \
+		       "legacy program 'compress' is deprecated." >&2
+	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
 	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 
 dist-shar: distdir
-	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
-	$(am__remove_distdir)
+	@echo WARNING: "Support for shar distribution archives is" \
+	               "deprecated." >&2
+	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
+	shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
+	$(am__post_remove_distdir)
 
 dist-zip: distdir
 	-rm -f $(distdir).zip
 	zip -rq $(distdir).zip $(distdir)
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 
-dist dist-all: distdir
-	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	$(am__remove_distdir)
+dist dist-all:
+	$(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
+	$(am__post_remove_distdir)
 
 # This target untars the dist file and tries a VPATH configuration.  Then
 # it guarantees that the distribution is self-contained by making another
@@ -486,29 +685,37 @@ dist dist-all: distdir
 distcheck: dist
 	case '$(DIST_ARCHIVES)' in \
 	*.tar.gz*) \
-	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
 	*.tar.bz2*) \
-	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
-	*.tar.lzma*) \
-	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lz*) \
+	  lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
 	*.tar.Z*) \
 	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
 	*.shar.gz*) \
-	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
+	*.tar.zst*) \
+	  zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
 	esac
-	chmod -R a-w $(distdir); chmod a+w $(distdir)
-	mkdir $(distdir)/_build
-	mkdir $(distdir)/_inst
+	chmod -R a-w $(distdir)
+	chmod u+w $(distdir)
+	mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
 	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
 	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
 	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
-	  && cd $(distdir)/_build \
-	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build/sub \
+	  && ../../configure \
+	    $(AM_DISTCHECK_CONFIGURE_FLAGS) \
 	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	    --srcdir=../.. --prefix="$$dc_install_base" \
 	  && $(MAKE) $(AM_MAKEFLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
 	  && $(MAKE) $(AM_MAKEFLAGS) check \
 	  && $(MAKE) $(AM_MAKEFLAGS) install \
 	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
@@ -526,14 +733,24 @@ distcheck: dist
 	  && rm -rf "$$dc_destdir" \
 	  && $(MAKE) $(AM_MAKEFLAGS) dist \
 	  && rm -rf $(DIST_ARCHIVES) \
-	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
-	$(am__remove_distdir)
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__post_remove_distdir)
 	@(echo "$(distdir) archives ready for distribution: "; \
 	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
 	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
 distuninstallcheck:
-	@cd $(distuninstallcheck_dir) \
-	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	@test -n '$(distuninstallcheck_dir)' || { \
+	  echo 'ERROR: trying to run $@ with an empty' \
+	       '$$(distuninstallcheck_dir)' >&2; \
+	  exit 1; \
+	}; \
+	$(am__cd) '$(distuninstallcheck_dir)' || { \
+	  echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
+	  exit 1; \
+	}; \
+	test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
 	   || { echo "ERROR: files left after uninstall:" ; \
 	        if test -n "$(DESTDIR)"; then \
 	          echo "  (check DESTDIR support)"; \
@@ -567,10 +784,15 @@ install-am: all-am
 
 installcheck: installcheck-recursive
 install-strip:
-	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	  `test -z '$(STRIP)' || \
-	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
 mostlyclean-generic:
 
 clean-generic:
@@ -578,6 +800,7 @@ clean-generic:
 
 distclean-generic:
 	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -598,6 +821,8 @@ dvi-am:
 
 html: html-recursive
 
+html-am:
+
 info: info-recursive
 
 info-am:
@@ -606,18 +831,28 @@ install-data-am:
 
 install-dvi: install-dvi-recursive
 
+install-dvi-am:
+
 install-exec-am: install-binSCRIPTS
 
 install-html: install-html-recursive
 
+install-html-am:
+
 install-info: install-info-recursive
 
+install-info-am:
+
 install-man:
 
 install-pdf: install-pdf-recursive
 
+install-pdf-am:
+
 install-ps: install-ps-recursive
 
+install-ps-am:
+
 installcheck-am:
 
 maintainer-clean: maintainer-clean-recursive
@@ -640,14 +875,14 @@ ps-am:
 
 uninstall-am: uninstall-binSCRIPTS
 
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
-	install-strip
+.MAKE: $(am__recursive_targets) install-am install-strip
 
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am am--refresh check check-am clean clean-generic \
-	clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \
-	dist-gzip dist-lzma dist-shar dist-tarZ dist-zip distcheck \
-	distclean distclean-generic distclean-libtool distclean-tags \
+.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
+	am--refresh check check-am clean clean-cscope clean-generic \
+	clean-libtool cscope cscopelist-am ctags ctags-am dist \
+	dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
+	dist-xz dist-zip dist-zstd distcheck distclean \
+	distclean-generic distclean-libtool distclean-tags \
 	distcleancheck distdir distuninstallcheck dvi dvi-am html \
 	html-am info info-am install install-am install-binSCRIPTS \
 	install-data install-data-am install-dvi install-dvi-am \
@@ -657,8 +892,10 @@ uninstall-am: uninstall-binSCRIPTS
 	installcheck installcheck-am installdirs installdirs-am \
 	maintainer-clean maintainer-clean-generic mostlyclean \
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags tags-recursive uninstall uninstall-am \
-	uninstall-binSCRIPTS
+	tags tags-am uninstall uninstall-am uninstall-binSCRIPTS
+
+.PRECIOUS: Makefile
+
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.

libdnet-stripped/README.md

@@ -1,4 +1,3 @@
-
 libdnet
 -------
 
@@ -8,6 +7,13 @@ arp(4) cache and route(4) table lookup and manipulation, network
 firewalling, network interface lookup and manipulation, IP tunnelling,
 and raw IP packet and Ethernet frame transmission.
 
-WWW: http://libdnet.sourceforge.net/
+Reporting issues
+----------------
 
-$Id: README 578 2005-02-14 21:00:17Z dugsong $
+Before reporting an issue, please make sure you check the 'devel' branch
+to see if it's already fixed. This is the current WIP and contains already
+a lot of fixes, but for compatibilty reasons, it's not yet included
+in the main branch.
+
+
+WWW: https://github.com/ofalk/libdnet

libdnet-stripped/THANKS

@@ -1,4 +1,4 @@
-# $Id: THANKS 596 2005-02-17 02:58:11Z dugsong $
+# $Id$
 
 many thanks to all the folks who have contributed to libdnet:
 
@@ -77,6 +77,9 @@ Niels Provos <provos@monkey.org>
 Andrew Reiter <arr@watson.org>
 	help with ipfw braindeath
 
+Daniel Roethlisberger <daniel@roe.ch>
+	initial SCTP support
+
 John S <sjohns@users.sourceforge.net>
 	VPATH build bug report
 
@@ -104,3 +107,8 @@ Christophe Ternat <christophe.ternat@rstpacket.org>
 xs <xs@nitric.net>
 	NetBSD testing
 
+Kris Katterjohn <katterjohn@gmail.com>
+	void dereferencing and ifloop NetBSD fixes
+
+David Fifield <david@bamsoftware.com>
+	Many fixes from Nmap developers

libdnet-stripped/TODO

@@ -76,4 +76,4 @@ need reliable, legit HP-UX, Unixware, and AIX accounts with root
 access to finish the ports to those platforms. i'd be happy to port to
 other platforms also, given similar (temporary) access.
 
-$Id: TODO 582 2005-02-14 21:56:59Z dugsong $
+$Id$

libdnet-stripped/acconfig.h

@@ -8,25 +8,25 @@
 #endif
 
 #ifdef __svr4__
-# define BSD_COMP	1
+# define BSD_COMP   1
 #endif
 
 #if defined(__osf__) && !defined(_SOCKADDR_LEN)
-# define _SOCKADDR_LEN	1
+# define _SOCKADDR_LEN  1
 #endif
 
 #ifndef HAVE_INET_PTON
-int	inet_pton(int, const char *, void *);
+int inet_pton(int, const char *, void *);
+#endif
+
+#ifndef HAVE_STRLCAT
+int strlcat(char *, const char *, int);
 #endif
 
 #ifndef HAVE_STRLCPY
-int	strlcpy(char *, const char *, int);
+int strlcpy(char *, const char *, int);
 #endif
 
 #ifndef HAVE_STRSEP
-char	*strsep(char **, const char *);
-#endif
-
-#ifndef HAVE_SOCKLEN_T
-typedef int socklen_t;
+char    *strsep(char **, const char *);
 #endif

libdnet-stripped/cmake/Modules/FindPacket.cmake

@@ -0,0 +1,94 @@
+#
+# Copyright (C) 2017 Ali Abdulkadir <autostart.ini@gmail.com>.
+#
+# Permission is hereby granted, free of charge, to any person
+# obtaining a copy of this software and associated documentation files
+# (the "Software"), to deal in the Software without restriction,
+# including without limitation the rights to use, copy, modify, merge,
+# publish, distribute, sub-license, and/or sell copies of the Software,
+# and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#
+# FindPacket
+# ==========
+#
+# Find the Packet library and include files.
+#
+# This module defines the following variables:
+#
+# Packet_INCLUDE_DIR     - absolute path to the directory containing Packet32.h.
+#
+# Packet_LIBRARY         - relative or absolute path to the Packet library to
+#                          link with. An absolute path is will be used if the
+#                          Packet library is not located in the compiler's
+#                          default search path.
+
+# Packet_FOUND           - TRUE if the Packet library *and* header are found.
+#
+# Hints and Backward Compatibility
+# ================================
+#
+# To tell this module where to look, a user may set the environment variable
+# Packet_ROOT to point cmake to the *root* of a directory with include and
+# lib subdirectories for packet.dll (e.g WpdPack or npcap-sdk).
+# Alternatively, Packet_ROOT may also be set from cmake command line or GUI
+# (e.g cmake -DPacket_ROOT=C:\path\to\packet [...])
+#
+
+if(CMAKE_GENERATOR_PLATFORM STREQUAL "Win32")
+  #
+  # 32-bit x86; no need to look in subdirectories of the SDK's
+  # Lib directory for the libraries, as the libraries are in
+  # the Lib directory
+  #
+else()
+  #
+  # Platform other than 32-bit x86.
+  #
+  # For the WinPcap and Npcap SDKs, the Lib subdirectory of the top-level
+  # directory contains 32-bit x86 libraries; the libraries for other
+  # platforms are in subdirectories of the Lib directory whose names
+  # are the names of the supported platforms.
+  #
+  # The only way to *FORCE* CMake to look in the appropriate
+  # subdirectory of Lib for libraries without searching in the
+  # Lib directory first appears to be to set
+  # CMAKE_LIBRARY_ARCHITECTURE to the name of the subdirectory.
+  #
+  set(CMAKE_LIBRARY_ARCHITECTURE "${CMAKE_GENERATOR_PLATFORM}")
+endif()
+
+# Find the header
+find_path(Packet_INCLUDE_DIR Packet32.h
+  PATH_SUFFIXES include Include
+)
+
+# Find the library
+find_library(Packet_LIBRARY
+  NAMES Packet packet
+)
+
+# Set Packet_FOUND to TRUE if Packet_INCLUDE_DIR and Packet_LIBRARY are TRUE.
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Packet
+  DEFAULT_MSG
+  Packet_INCLUDE_DIR
+  Packet_LIBRARY
+)
+
+mark_as_advanced(Packet_INCLUDE_DIR Packet_LIBRARY)
+
+set(Packet_INCLUDE_DIRS ${Packet_INCLUDE_DIR})
+set(Packet_LIBRARIES ${Packet_LIBRARY})

libdnet-stripped/cmake/dnet-config-version.cmake.in

@@ -0,0 +1,12 @@
+SET(PACKAGE_VERSION @PROJECT_VERSION@)
+IF (PACKAGE_FIND_VERSION VERSION_EQUAL PACKAGE_VERSION)
+  SET(PACKAGE_VERSION_EXACT "true")
+ENDIF (PACKAGE_FIND_VERSION VERSION_EQUAL PACKAGE_VERSION)
+IF (NOT PACKAGE_FIND_VERSION VERSION_GREATER PACKAGE_VERSION)
+  SET(PACKAGE_VERSION_COMPATIBLE "true")
+ELSE (NOT PACKAGE_FIND_VERSION VERSION_GREATER PACKAGE_VERSION)
+  SET(PACKAGE_VERSION_UNSUITABLE "true")
+ENDIF (NOT PACKAGE_FIND_VERSION VERSION_GREATER PACKAGE_VERSION)
+IF (PACKAGE_VERSION_UNSUITABLE)
+  MESSAGE("VERSION CHECK FAILED FOR ${PACKAGE_FIND_NAME}. WANTED ${PACKAGE_FIND_VERSION}, HAVE ${PACKAGE_VERSION}")
+ENDIF(PACKAGE_VERSION_UNSUITABLE)

libdnet-stripped/cmake/dnet-config.cmake.in

@@ -0,0 +1,5 @@
+SET(prefix "@CMAKE_INSTALL_PREFIX@")
+SET(exec_prefix "@CMAKE_INSTALL_PREFIX@")
+SET(dnet_FOUND "TRUE")
+
+include("${CMAKE_CURRENT_LIST_DIR}/dnetTargets.cmake")

libdnet-stripped/config.h.cmake.in

@@ -0,0 +1,305 @@
+/* include/config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define if arpreq struct has arp_dev. */
+#cmakedefine HAVE_ARPREQ_ARP_DEV
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#cmakedefine HAVE_DLFCN_H
+
+/* Define to 1 if you have the `err' function. */
+#cmakedefine HAVE_ERR
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#cmakedefine HAVE_FCNTL_H
+
+/* Define to 1 if you have the <hpsecurity.h> header file. */
+#cmakedefine HAVE_HPSECURITY_H
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#cmakedefine HAVE_INTTYPES_H
+
+/* Define if you have arp(7) ioctls. */
+#cmakedefine HAVE_IOCTL_ARP
+
+/* Define to 1 if you have the <Iphlpapi.h> header file. */
+#cmakedefine HAVE_IPHLPAPI_H
+
+/* Define to 1 if you have the <ip_compat.h> header file. */
+#cmakedefine HAVE_IP_COMPAT_H
+
+/* Define to 1 if you have the <ip_fil_compat.h> header file. */
+#cmakedefine HAVE_IP_FIL_COMPAT_H
+
+/* Define to 1 if you have the <ip_fil.h> header file. */
+#cmakedefine HAVE_IP_FIL_H
+
+/* Define to 1 if you have the `iphlpapi' library (-liphlpapi). */
+#cmakedefine HAVE_LIBIPHLPAPI
+
+/* Define to 1 if you have the <pcap.h> header file. */
+#cmakedefine HAVE_PCAP_H
+
+/* Define to 1 if you have the `nm' library (-lnm). */
+#cmakedefine HAVE_LIBNM
+
+/* Define to 1 if you have the `nsl' library (-lnsl). */
+#cmakedefine HAVE_LIBNSL
+
+/* Define to 1 if you have the `resolv' library (-lresolv). */
+#cmakedefine HAVE_LIBRESOLV
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#cmakedefine HAVE_LIBSOCKET
+
+/* Define to 1 if you have the `str' library (-lstr). */
+#cmakedefine HAVE_LIBSTR
+
+/* Define to 1 if you have the `ws2_32' library (-lws2_32). */
+#cmakedefine HAVE_LIBWS2_32
+
+/* Define to 1 if you have the <linux/if_tun.h> header file. */
+#cmakedefine HAVE_LINUX_IF_TUN_H
+
+/* Define to 1 if you have the <linux/ip_fwchains.h> header file. */
+#cmakedefine HAVE_LINUX_IP_FWCHAINS_H
+
+/* Define to 1 if you have the <linux/ip_fw.h> header file. */
+#cmakedefine HAVE_LINUX_IP_FW_H
+
+/* Define to 1 if you have the <linux/netfilter_ipv4/ipchains_core.h> header
+   file. */
+#cmakedefine HAVE_LINUX_NETFILTER_IPV4_IPCHAINS_CORE_H
+
+/* Define if you have Linux PF_PACKET sockets. */
+#cmakedefine HAVE_LINUX_PF_PACKET
+
+/* Define if you have the Linux /proc filesystem. */
+#cmakedefine HAVE_LINUX_PROCFS
+
+/* Define to 1 if you have the <netinet/in_var.h> header file. */
+#cmakedefine HAVE_NETINET_IN_VAR_H
+
+/* Define to 1 if you have the <netinet/ip_compat.h> header file. */
+#cmakedefine HAVE_NETINET_IP_COMPAT_H
+
+/* Define to 1 if you have the <netinet/ip_fil_compat.h> header file. */
+#cmakedefine HAVE_NETINET_IP_FIL_COMPAT_H
+
+/* Define to 1 if you have the <netinet/ip_fil.h> header file. */
+#cmakedefine HAVE_NETINET_IP_FIL_H
+
+/* Define to 1 if you have the <netinet/ip_fw.h> header file. */
+#cmakedefine HAVE_NETINET_IP_FW_H
+
+/* Define to 1 if you have the <net/bpf.h> header file. */
+#cmakedefine HAVE_NET_BPF_H
+
+/* Define to 1 if you have the <net/if_arp.h> header file. */
+#cmakedefine HAVE_NET_IF_ARP_H
+
+/* Define to 1 if you have the <net/if_dl.h> header file. */
+#cmakedefine HAVE_NET_IF_DL_H
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#cmakedefine HAVE_NET_IF_H
+
+/* Define to 1 if you have the <net/if_tun.h> header file. */
+#cmakedefine HAVE_NET_IF_TUN_H
+
+/* Define to 1 if you have the <net/if_var.h> header file. */
+#cmakedefine HAVE_NET_IF_VAR_H
+
+/* Define to 1 if you have the <net/pfilt.h> header file. */
+#cmakedefine HAVE_NET_PFILT_H
+
+/* Define to 1 if you have the <net/pfvar.h> header file. */
+#cmakedefine HAVE_NET_PFVAR_H
+
+/* Define to 1 if you have the <net/radix.h> header file. */
+#cmakedefine HAVE_NET_RADIX_H
+
+/* Define to 1 if you have the <net/raw.h> header file. */
+#cmakedefine HAVE_NET_RAW_H
+
+/* Define to 1 if you have the <net/route.h> header file. */
+#cmakedefine HAVE_NET_ROUTE_H
+
+/* Define if you have cooked raw IP sockets. */
+#cmakedefine HAVE_RAWIP_COOKED
+
+/* Define if raw IP sockets require host byte ordering for ip_off, ip_len. */
+#cmakedefine HAVE_RAWIP_HOST_OFFLEN
+
+/* Define if <net/route.h> has rt_msghdr struct. */
+#cmakedefine HAVE_ROUTE_RT_MSGHDR
+
+/* Define if <netinet/in.h> has sockaddr_in6 struct. */
+#cmakedefine HAVE_SOCKADDR_IN6
+
+/* Define if sockaddr struct has sa_len. */
+#cmakedefine HAVE_SOCKADDR_SA_LEN
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#cmakedefine HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#cmakedefine HAVE_STDIO_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#cmakedefine HAVE_STDLIB_H
+
+/* Define if you have SNMP MIB2 STREAMS. */
+#cmakedefine HAVE_STREAMS_MIB2
+
+/* Define if you have route(7) STREAMS. */
+#cmakedefine HAVE_STREAMS_ROUTE
+
+/* Define to 1 if you have the <strings.h> header file. */
+#cmakedefine HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#cmakedefine HAVE_STRING_H
+
+/* Define to 1 if you have the `strlcat' function. */
+#cmakedefine HAVE_STRLCAT
+
+/* Define to 1 if you have the `strlcpy' function. */
+#cmakedefine HAVE_STRLCPY
+
+/* Define to 1 if you have the <stropts.h> header file. */
+#cmakedefine HAVE_STROPTS_H
+
+/* Define to 1 if you have the `strsep' function. */
+#cmakedefine HAVE_STRSEP
+
+/* Define to 1 if you have the <sys/bufmod.h> header file. */
+#cmakedefine HAVE_SYS_BUFMOD_H
+
+/* Define to 1 if you have the <sys/dlpihdr.h> header file. */
+#cmakedefine HAVE_SYS_DLPIHDR_H
+
+/* Define to 1 if you have the <sys/dlpi_ext.h> header file. */
+#cmakedefine HAVE_SYS_DLPI_EXT_H
+
+/* Define to 1 if you have the <sys/dlpi.h> header file. */
+#cmakedefine HAVE_SYS_DLPI_H
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#cmakedefine HAVE_SYS_IOCTL_H
+
+/* Define to 1 if you have the <sys/mib.h> header file. */
+#cmakedefine HAVE_SYS_MIB_H
+
+/* Define to 1 if you have the <sys/ndd_var.h> header file. */
+#cmakedefine HAVE_SYS_NDD_VAR_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#cmakedefine HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+#cmakedefine HAVE_SYS_SOCKIO_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#cmakedefine HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/sysctl.h> header file. */
+#cmakedefine HAVE_SYS_SYSCTL_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#cmakedefine HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#cmakedefine HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#cmakedefine HAVE_UNISTD_H
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#cmakedefine HAVE_WINSOCK2_H
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#cmakedefine LT_OBJDIR
+
+/* Name of package */
+#cmakedefine PACKAGE "@PACKAGE@"
+
+/* Define to the address where bug reports for this package should be sent. */
+#cmakedefine PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@"
+
+/* Define to the full name of this package. */
+#cmakedefine PACKAGE_NAME "@PACKAGE_NAME@"
+
+/* Define to the full name and version of this package. */
+#cmakedefine PACKAGE_STRING "@PACKAGE_STRING@"
+
+/* Define to the one symbol short name of this package. */
+#cmakedefine PACKAGE_TARNAME "@PACKAGE_TARNAME@"
+
+/* Define to the home page for this package. */
+#cmakedefine PACKAGE_URL "@PACKAGE_URL@"
+
+/* Define to the version of this package. */
+#cmakedefine PACKAGE_VERSION "@PACKAGE_VERSION@"
+
+/* Define to 1 if all of the C90 standard headers exist (not just the ones
+   required in a freestanding environment). This macro is provided for
+   backward compatibility; new code need not use it. */
+#cmakedefine STDC_HEADERS
+
+/* Version number of package */
+#cmakedefine VERSION "@VERSION@"
+
+/* Define for faster code generation. */
+#cmakedefine WIN32_LEAN_AND_MEAN
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#cmakedefine const
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+#cmakedefine inline
+#endif
+
+/* Define as a signed integer type capable of holding a process identifier. */
+#cmakedefine pid_t
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#cmakedefine size_t
+
+/* Use MingW32's internal snprintf */
+#cmakedefine snprintf
+
+#include <sys/types.h>
+
+#ifdef HAVE_WINSOCK2_H
+# include <winsock2.h>
+# include <windows.h>
+#endif
+
+#ifdef __svr4__
+# define BSD_COMP   1
+#endif
+
+#if defined(__osf__) && !defined(_SOCKADDR_LEN)
+# define _SOCKADDR_LEN  1
+#endif
+
+/* Define to 1 if you have the `inet_pton' function. */
+#cmakedefine HAVE_INET_PTON
+
+#ifndef HAVE_INET_PTON
+int inet_pton(int, const char *, void *);
+#endif
+
+#ifndef HAVE_STRLCAT
+int strlcat(char *, const char *, int);
+#endif
+
+#ifndef HAVE_STRLCPY
+int strlcpy(char *, const char *, int);
+#endif
+
+#ifndef HAVE_STRSEP
+char    *strsep(char **, const char *);
+#endif

libdnet-stripped/config/compile

@@ -0,0 +1,348 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand '-c -o'.
+
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 1999-2021 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+nl='
+'
+
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" ""	$nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+  file=$1
+  case $file in
+    / | /[!/]*) # absolute file, and not a UNC file
+      if test -z "$file_conv"; then
+	# lazily determine how to convert abs files
+	case `uname -s` in
+	  MINGW*)
+	    file_conv=mingw
+	    ;;
+	  CYGWIN* | MSYS*)
+	    file_conv=cygwin
+	    ;;
+	  *)
+	    file_conv=wine
+	    ;;
+	esac
+      fi
+      case $file_conv/,$2, in
+	*,$file_conv,*)
+	  ;;
+	mingw/*)
+	  file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+	  ;;
+	cygwin/* | msys/*)
+	  file=`cygpath -m "$file" || echo "$file"`
+	  ;;
+	wine/*)
+	  file=`winepath -w "$file" || echo "$file"`
+	  ;;
+      esac
+      ;;
+  esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+  func_file_conv "$1"
+  if test -z "$lib_path"; then
+    lib_path=$file
+  else
+    lib_path="$lib_path;$file"
+  fi
+  linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+  lib=$1
+  found=no
+  save_IFS=$IFS
+  IFS=';'
+  for dir in $lib_path $LIB
+  do
+    IFS=$save_IFS
+    if $shared && test -f "$dir/$lib.dll.lib"; then
+      found=yes
+      lib=$dir/$lib.dll.lib
+      break
+    fi
+    if test -f "$dir/$lib.lib"; then
+      found=yes
+      lib=$dir/$lib.lib
+      break
+    fi
+    if test -f "$dir/lib$lib.a"; then
+      found=yes
+      lib=$dir/lib$lib.a
+      break
+    fi
+  done
+  IFS=$save_IFS
+
+  if test "$found" != yes; then
+    lib=$lib.lib
+  fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+  # Assume a capable shell
+  lib_path=
+  shared=:
+  linker_opts=
+  for arg
+  do
+    if test -n "$eat"; then
+      eat=
+    else
+      case $1 in
+	-o)
+	  # configure might choose to run compile as 'compile cc -o foo foo.c'.
+	  eat=1
+	  case $2 in
+	    *.o | *.[oO][bB][jJ])
+	      func_file_conv "$2"
+	      set x "$@" -Fo"$file"
+	      shift
+	      ;;
+	    *)
+	      func_file_conv "$2"
+	      set x "$@" -Fe"$file"
+	      shift
+	      ;;
+	  esac
+	  ;;
+	-I)
+	  eat=1
+	  func_file_conv "$2" mingw
+	  set x "$@" -I"$file"
+	  shift
+	  ;;
+	-I*)
+	  func_file_conv "${1#-I}" mingw
+	  set x "$@" -I"$file"
+	  shift
+	  ;;
+	-l)
+	  eat=1
+	  func_cl_dashl "$2"
+	  set x "$@" "$lib"
+	  shift
+	  ;;
+	-l*)
+	  func_cl_dashl "${1#-l}"
+	  set x "$@" "$lib"
+	  shift
+	  ;;
+	-L)
+	  eat=1
+	  func_cl_dashL "$2"
+	  ;;
+	-L*)
+	  func_cl_dashL "${1#-L}"
+	  ;;
+	-static)
+	  shared=false
+	  ;;
+	-Wl,*)
+	  arg=${1#-Wl,}
+	  save_ifs="$IFS"; IFS=','
+	  for flag in $arg; do
+	    IFS="$save_ifs"
+	    linker_opts="$linker_opts $flag"
+	  done
+	  IFS="$save_ifs"
+	  ;;
+	-Xlinker)
+	  eat=1
+	  linker_opts="$linker_opts $2"
+	  ;;
+	-*)
+	  set x "$@" "$1"
+	  shift
+	  ;;
+	*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+	  func_file_conv "$1"
+	  set x "$@" -Tp"$file"
+	  shift
+	  ;;
+	*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+	  func_file_conv "$1" mingw
+	  set x "$@" "$file"
+	  shift
+	  ;;
+	*)
+	  set x "$@" "$1"
+	  shift
+	  ;;
+      esac
+    fi
+    shift
+  done
+  if test -n "$linker_opts"; then
+    linker_opts="-link$linker_opts"
+  fi
+  exec "$@" $linker_opts
+  exit 1
+}
+
+eat=
+
+case $1 in
+  '')
+     echo "$0: No command.  Try '$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file 'INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "compile $scriptversion"
+    exit $?
+    ;;
+  cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
+  icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
+    func_cl_wrapper "$@"      # Doesn't return...
+    ;;
+esac
+
+ofile=
+cfile=
+
+for arg
+do
+  if test -n "$eat"; then
+    eat=
+  else
+    case $1 in
+      -o)
+	# configure might choose to run compile as 'compile cc -o foo foo.c'.
+	# So we strip '-o arg' only if arg is an object.
+	eat=1
+	case $2 in
+	  *.o | *.obj)
+	    ofile=$2
+	    ;;
+	  *)
+	    set x "$@" -o "$2"
+	    shift
+	    ;;
+	esac
+	;;
+      *.c)
+	cfile=$1
+	set x "$@" "$1"
+	shift
+	;;
+      *)
+	set x "$@" "$1"
+	shift
+	;;
+    esac
+  fi
+  shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+  # If no '-o' option was seen then we might have been invoked from a
+  # pattern rule where we don't need one.  That is ok -- this is a
+  # normal compilation that the losing compiler can handle.  If no
+  # '.c' file was seen then we are probably linking.  That is also
+  # ok.
+  exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
+# that we are using for the .o file.  Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
+while true; do
+  if mkdir "$lockdir" >/dev/null 2>&1; then
+    break
+  fi
+  sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+  test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+  test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:

libdnet-stripped/config/install-sh

@@ -0,0 +1,541 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2020-11-14.01; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# 'make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+tab='	'
+nl='
+'
+IFS=" $tab$nl"
+
+# Set DOITPROG to "echo" to test this script.
+
+doit=${DOITPROG-}
+doit_exec=${doit:-exec}
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+# Create dirs (including intermediate dirs) using mode 755.
+# This is like GNU 'install' as of coreutils 8.32 (2020).
+mkdir_umask=22
+
+backupsuffix=
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+is_target_a_directory=possibly
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -p            pass -p to $cpprog.
+  -s            $stripprog installed files.
+  -S SUFFIX     attempt to back up existing files, with suffix SUFFIX.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+
+By default, rm is invoked with -f; when overridden with RMPROG,
+it's up to you to specify -f if you want it.
+
+If -S is not specified, no backups are attempted.
+
+Email bug reports to bug-automake@gnu.org.
+Automake home page: https://www.gnu.org/software/automake/
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+        shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+        case $mode in
+          *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
+            echo "$0: invalid mode: $mode" >&2
+            exit 1;;
+        esac
+        shift;;
+
+    -o) chowncmd="$chownprog $2"
+        shift;;
+
+    -p) cpprog="$cpprog -p";;
+
+    -s) stripcmd=$stripprog;;
+
+    -S) backupsuffix="$2"
+        shift;;
+
+    -t)
+        is_target_a_directory=always
+        dst_arg=$2
+        # Protect names problematic for 'test' and other utilities.
+        case $dst_arg in
+          -* | [=\(\)!]) dst_arg=./$dst_arg;;
+        esac
+        shift;;
+
+    -T) is_target_a_directory=never;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --) shift
+        break;;
+
+    -*) echo "$0: invalid option: $1" >&2
+        exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+# We allow the use of options -d and -T together, by making -d
+# take the precedence; this is for compatibility with GNU install.
+
+if test -n "$dir_arg"; then
+  if test -n "$dst_arg"; then
+    echo "$0: target directory not allowed when installing a directory." >&2
+    exit 1
+  fi
+fi
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+    # Protect names problematic for 'test' and other utilities.
+    case $dst_arg in
+      -* | [=\(\)!]) dst_arg=./$dst_arg;;
+    esac
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call 'install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  if test $# -gt 1 || test "$is_target_a_directory" = always; then
+    if test ! -d "$dst_arg"; then
+      echo "$0: $dst_arg: Is not a directory." >&2
+      exit 1
+    fi
+  fi
+fi
+
+if test -z "$dir_arg"; then
+  do_exit='(exit $ret); exit $ret'
+  trap "ret=129; $do_exit" 1
+  trap "ret=130; $do_exit" 2
+  trap "ret=141; $do_exit" 13
+  trap "ret=143; $do_exit" 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+        u_plus_rw=
+      else
+        u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+        u_plus_rw=
+      else
+        u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names problematic for 'test' and other utilities.
+  case $src in
+    -* | [=\(\)!]) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+    # Don't chown directories that already exist.
+    if test $dstdir_status = 0; then
+      chowncmd=""
+    fi
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+    dst=$dst_arg
+
+    # If destination is a directory, append the input filename.
+    if test -d "$dst"; then
+      if test "$is_target_a_directory" = never; then
+        echo "$0: $dst_arg: Is a directory" >&2
+        exit 1
+      fi
+      dstdir=$dst
+      dstbase=`basename "$src"`
+      case $dst in
+	*/) dst=$dst$dstbase;;
+	*)  dst=$dst/$dstbase;;
+      esac
+      dstdir_status=0
+    else
+      dstdir=`dirname "$dst"`
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  case $dstdir in
+    */) dstdirslash=$dstdir;;
+    *)  dstdirslash=$dstdir/;;
+  esac
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+        # With -d, create the new directory with the user-specified mode.
+        # Otherwise, rely on $mkdir_umask.
+        if test -n "$dir_arg"; then
+          mkdir_mode=-m$mode
+        else
+          mkdir_mode=
+        fi
+
+        posix_mkdir=false
+	# The $RANDOM variable is not portable (e.g., dash).  Use it
+	# here however when possible just to lower collision chance.
+	tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+
+	trap '
+	  ret=$?
+	  rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
+	  exit $ret
+	' 0
+
+	# Because "mkdir -p" follows existing symlinks and we likely work
+	# directly in world-writeable /tmp, make sure that the '$tmpdir'
+	# directory is successfully created first before we actually test
+	# 'mkdir -p'.
+	if (umask $mkdir_umask &&
+	    $mkdirprog $mkdir_mode "$tmpdir" &&
+	    exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
+	then
+	  if test -z "$dir_arg" || {
+	       # Check for POSIX incompatibilities with -m.
+	       # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+	       # other-writable bit of parent directory when it shouldn't.
+	       # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+	       test_tmpdir="$tmpdir/a"
+	       ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
+	       case $ls_ld_tmpdir in
+		 d????-?r-*) different_mode=700;;
+		 d????-?--*) different_mode=755;;
+		 *) false;;
+	       esac &&
+	       $mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
+		 ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
+		 test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+	       }
+	     }
+	  then posix_mkdir=:
+	  fi
+	  rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
+	else
+	  # Remove any dirs left behind by ancient mkdir implementations.
+	  rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
+	fi
+	trap '' 0;;
+    esac
+
+    if
+      $posix_mkdir && (
+        umask $mkdir_umask &&
+        $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+        /*) prefix='/';;
+        [-=\(\)!]*) prefix='./';;
+        *)  prefix='';;
+      esac
+
+      oIFS=$IFS
+      IFS=/
+      set -f
+      set fnord $dstdir
+      shift
+      set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+        test X"$d" = X && continue
+
+        prefix=$prefix$d
+        if test -d "$prefix"; then
+          prefixes=
+        else
+          if $posix_mkdir; then
+            (umask $mkdir_umask &&
+             $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+            # Don't fail if two instances are running concurrently.
+            test -d "$prefix" || exit 1
+          else
+            case $prefix in
+              *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+              *) qprefix=$prefix;;
+            esac
+            prefixes="$prefixes '$qprefix'"
+          fi
+        fi
+        prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+        # Don't fail if two instances are running concurrently.
+        (umask $mkdir_umask &&
+         eval "\$doit_exec \$mkdirprog $prefixes") ||
+          test -d "$dstdir" || exit 1
+        obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=${dstdirslash}_inst.$$_
+    rmtmp=${dstdirslash}_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask &&
+     { test -z "$stripcmd" || {
+	 # Create $dsttmp read-write so that cp doesn't create it read-only,
+	 # which would cause strip to fail.
+	 if test -z "$doit"; then
+	   : >"$dsttmp" # No need to fork-exec 'touch'.
+	 else
+	   $doit touch "$dsttmp"
+	 fi
+       }
+     } &&
+     $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"     2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"  2>/dev/null` &&
+       set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       set +f &&
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # If $backupsuffix is set, and the file being installed
+      # already exists, attempt a backup.  Don't worry if it fails,
+      # e.g., if mv doesn't support -f.
+      if test -n "$backupsuffix" && test -f "$dst"; then
+        $doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
+      fi
+
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+        # Now remove or move aside any old file at destination location.
+        # We try this two ways since rm can't unlink itself on some
+        # systems and the destination file might be busy for other
+        # reasons.  In this case, the final cleanup might fail but the new
+        # file should still install successfully.
+        {
+          test ! -f "$dst" ||
+          $doit $rmcmd "$dst" 2>/dev/null ||
+          { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+            { $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
+          } ||
+          { echo "$0: cannot unlink or rename $dst" >&2
+            (exit 1); exit 1
+          }
+        } &&
+
+        # Now rename the file to the real destination.
+        $doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:

libdnet-stripped/config/missing

@@ -0,0 +1,215 @@
+#! /bin/sh
+# Common wrapper for a few potentially missing GNU programs.
+
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 1996-2021 Free Software Foundation, Inc.
+# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try '$0 --help' for more information"
+  exit 1
+fi
+
+case $1 in
+
+  --is-lightweight)
+    # Used by our autoconf macros to check whether the available missing
+    # script is modern enough.
+    exit 0
+    ;;
+
+  --run)
+    # Back-compat with the calling convention used by older automake.
+    shift
+    ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
+to PROGRAM being missing or too old.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+
+Supported PROGRAM values:
+  aclocal   autoconf  autoheader   autom4te  automake  makeinfo
+  bison     yacc      flex         lex       help2man
+
+Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
+'g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: unknown '$1' option"
+    echo 1>&2 "Try '$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# Run the given program, remember its exit status.
+"$@"; st=$?
+
+# If it succeeded, we are done.
+test $st -eq 0 && exit 0
+
+# Also exit now if we it failed (or wasn't found), and '--version' was
+# passed; such an option is passed most likely to detect whether the
+# program is present and works.
+case $2 in --version|--help) exit $st;; esac
+
+# Exit code 63 means version mismatch.  This often happens when the user
+# tries to use an ancient version of a tool on a file that requires a
+# minimum version.
+if test $st -eq 63; then
+  msg="probably too old"
+elif test $st -eq 127; then
+  # Program was missing.
+  msg="missing on your system"
+else
+  # Program was found and executed, but failed.  Give up.
+  exit $st
+fi
+
+perl_URL=https://www.perl.org/
+flex_URL=https://github.com/westes/flex
+gnu_software_URL=https://www.gnu.org/software
+
+program_details ()
+{
+  case $1 in
+    aclocal|automake)
+      echo "The '$1' program is part of the GNU Automake package:"
+      echo "<$gnu_software_URL/automake>"
+      echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/autoconf>"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+    autoconf|autom4te|autoheader)
+      echo "The '$1' program is part of the GNU Autoconf package:"
+      echo "<$gnu_software_URL/autoconf/>"
+      echo "It also requires GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+  esac
+}
+
+give_advice ()
+{
+  # Normalize program name to check for.
+  normalized_program=`echo "$1" | sed '
+    s/^gnu-//; t
+    s/^gnu//; t
+    s/^g//; t'`
+
+  printf '%s\n' "'$1' is $msg."
+
+  configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
+  case $normalized_program in
+    autoconf*)
+      echo "You should only need it if you modified 'configure.ac',"
+      echo "or m4 files included by it."
+      program_details 'autoconf'
+      ;;
+    autoheader*)
+      echo "You should only need it if you modified 'acconfig.h' or"
+      echo "$configure_deps."
+      program_details 'autoheader'
+      ;;
+    automake*)
+      echo "You should only need it if you modified 'Makefile.am' or"
+      echo "$configure_deps."
+      program_details 'automake'
+      ;;
+    aclocal*)
+      echo "You should only need it if you modified 'acinclude.m4' or"
+      echo "$configure_deps."
+      program_details 'aclocal'
+      ;;
+   autom4te*)
+      echo "You might have modified some maintainer files that require"
+      echo "the 'autom4te' program to be rebuilt."
+      program_details 'autom4te'
+      ;;
+    bison*|yacc*)
+      echo "You should only need it if you modified a '.y' file."
+      echo "You may want to install the GNU Bison package:"
+      echo "<$gnu_software_URL/bison/>"
+      ;;
+    lex*|flex*)
+      echo "You should only need it if you modified a '.l' file."
+      echo "You may want to install the Fast Lexical Analyzer package:"
+      echo "<$flex_URL>"
+      ;;
+    help2man*)
+      echo "You should only need it if you modified a dependency" \
+           "of a man page."
+      echo "You may want to install the GNU Help2man package:"
+      echo "<$gnu_software_URL/help2man/>"
+    ;;
+    makeinfo*)
+      echo "You should only need it if you modified a '.texi' file, or"
+      echo "any other file indirectly affecting the aspect of the manual."
+      echo "You might want to install the Texinfo package:"
+      echo "<$gnu_software_URL/texinfo/>"
+      echo "The spurious makeinfo call might also be the consequence of"
+      echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
+      echo "want to install GNU make:"
+      echo "<$gnu_software_URL/make/>"
+      ;;
+    *)
+      echo "You might have modified some files without having the proper"
+      echo "tools for further handling them.  Check the 'README' file, it"
+      echo "often tells you about the needed prerequisites for installing"
+      echo "this package.  You may also peek at any GNU archive site, in"
+      echo "case some other package contains this missing '$1' program."
+      ;;
+  esac
+}
+
+give_advice "$1" | sed -e '1s/^/WARNING: /' \
+                       -e '2,$s/^/         /' >&2
+
+# Propagate the correct exit status (expected to be 127 for a program
+# not found, 63 for a program that failed due to version mismatch).
+exit $st
+
+# Local variables:
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:

libdnet-stripped/config/mkinstalldirs

@@ -0,0 +1,162 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+
+scriptversion=2020-07-26.22; # UTC
+
+# Original author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain.
+#
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+nl='
+'
+IFS=" ""	$nl"
+errstatus=0
+dirmode=
+
+usage="\
+Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
+
+Create each directory DIR (with mode MODE, if specified), including all
+leading file name components.
+
+Report bugs to <bug-automake@gnu.org>."
+
+# process command line arguments
+while test $# -gt 0 ; do
+  case $1 in
+    -h | --help | --h*)         # -h for help
+      echo "$usage"
+      exit $?
+      ;;
+    -m)                         # -m PERM arg
+      shift
+      test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
+      dirmode=$1
+      shift
+      ;;
+    --version)
+      echo "$0 $scriptversion"
+      exit $?
+      ;;
+    --)                         # stop option processing
+      shift
+      break
+      ;;
+    -*)                         # unknown option
+      echo "$usage" 1>&2
+      exit 1
+      ;;
+    *)                          # first non-opt arg
+      break
+      ;;
+  esac
+done
+
+for file
+do
+  if test -d "$file"; then
+    shift
+  else
+    break
+  fi
+done
+
+case $# in
+  0) exit 0 ;;
+esac
+
+# Solaris 8's mkdir -p isn't thread-safe.  If you mkdir -p a/b and
+# mkdir -p a/c at the same time, both will detect that a is missing,
+# one will create a, then the other will try to create a and die with
+# a "File exists" error.  This is a problem when calling mkinstalldirs
+# from a parallel make.  We use --version in the probe to restrict
+# ourselves to GNU mkdir, which is thread-safe.
+case $dirmode in
+  '')
+    if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+      echo "mkdir -p -- $*"
+      exec mkdir -p -- "$@"
+    else
+      # On NextStep and OpenStep, the 'mkdir' command does not
+      # recognize any option.  It will interpret all options as
+      # directories to create, and then abort because '.' already
+      # exists.
+      test -d ./-p && rmdir ./-p
+      test -d ./--version && rmdir ./--version
+    fi
+    ;;
+  *)
+    if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
+       test ! -d ./--version; then
+      echo "umask 22"
+      umask 22
+      echo "mkdir -m $dirmode -p -- $*"
+      exec mkdir -m "$dirmode" -p -- "$@"
+    else
+      # Clean up after NextStep and OpenStep mkdir.
+      for d in ./-m ./-p ./--version "./$dirmode";
+      do
+        test -d $d && rmdir $d
+      done
+    fi
+    ;;
+esac
+
+echo "umask 22"
+umask 22
+
+for file
+do
+  case $file in
+    /*) pathcomp=/ ;;
+    *)  pathcomp= ;;
+  esac
+  oIFS=$IFS
+  IFS=/
+  set fnord $file
+  shift
+  IFS=$oIFS
+
+  for d
+  do
+    test "x$d" = x && continue
+
+    pathcomp=$pathcomp$d
+    case $pathcomp in
+      -*) pathcomp=./$pathcomp ;;
+    esac
+
+    if test ! -d "$pathcomp"; then
+      echo "mkdir $pathcomp"
+
+      mkdir "$pathcomp" || lasterr=$?
+
+      if test ! -d "$pathcomp"; then
+	errstatus=$lasterr
+      fi
+    fi
+
+    pathcomp=$pathcomp/
+  done
+
+  if test ! -z "$dirmode"; then
+    echo "chmod $dirmode $file"
+    chmod "$dirmode" "$file" || errstatus=$?
+  fi
+done
+
+exit $errstatus
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:

libdnet-stripped/config/test-driver

@@ -0,0 +1,153 @@
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 2011-2021 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+# Make unconditional expansion of undefined variables an error.  This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+  echo "$0: $*" >&2
+  print_usage >&2
+  exit 2
+}
+
+print_usage ()
+{
+  cat <<END
+Usage:
+  test-driver --test-name NAME --log-file PATH --trs-file PATH
+              [--expect-failure {yes|no}] [--color-tests {yes|no}]
+              [--enable-hard-errors {yes|no}] [--]
+              TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
+
+The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+See the GNU Automake documentation for information.
+END
+}
+
+test_name= # Used for reporting.
+log_file=  # Where to save the output of the test script.
+trs_file=  # Where to save the metadata of the test run.
+expect_failure=no
+color_tests=no
+enable_hard_errors=yes
+while test $# -gt 0; do
+  case $1 in
+  --help) print_usage; exit $?;;
+  --version) echo "test-driver $scriptversion"; exit $?;;
+  --test-name) test_name=$2; shift;;
+  --log-file) log_file=$2; shift;;
+  --trs-file) trs_file=$2; shift;;
+  --color-tests) color_tests=$2; shift;;
+  --expect-failure) expect_failure=$2; shift;;
+  --enable-hard-errors) enable_hard_errors=$2; shift;;
+  --) shift; break;;
+  -*) usage_error "invalid option: '$1'";;
+   *) break;;
+  esac
+  shift
+done
+
+missing_opts=
+test x"$test_name" = x && missing_opts="$missing_opts --test-name"
+test x"$log_file"  = x && missing_opts="$missing_opts --log-file"
+test x"$trs_file"  = x && missing_opts="$missing_opts --trs-file"
+if test x"$missing_opts" != x; then
+  usage_error "the following mandatory options are missing:$missing_opts"
+fi
+
+if test $# -eq 0; then
+  usage_error "missing argument"
+fi
+
+if test $color_tests = yes; then
+  # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
+  red='' # Red.
+  grn='' # Green.
+  lgn='' # Light green.
+  blu='' # Blue.
+  mgn='' # Magenta.
+  std=''     # No color.
+else
+  red= grn= lgn= blu= mgn= std=
+fi
+
+do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
+trap "st=129; $do_exit" 1
+trap "st=130; $do_exit" 2
+trap "st=141; $do_exit" 13
+trap "st=143; $do_exit" 15
+
+# Test script is run here. We create the file first, then append to it,
+# to ameliorate tests themselves also writing to the log file. Our tests
+# don't, but others can (automake bug#35762).
+: >"$log_file"
+"$@" >>"$log_file" 2>&1
+estatus=$?
+
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+  tweaked_estatus=1
+else
+  tweaked_estatus=$estatus
+fi
+
+case $tweaked_estatus:$expect_failure in
+  0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+  0:*)   col=$grn res=PASS  recheck=no  gcopy=no;;
+  77:*)  col=$blu res=SKIP  recheck=no  gcopy=yes;;
+  99:*)  col=$mgn res=ERROR recheck=yes gcopy=yes;;
+  *:yes) col=$lgn res=XFAIL recheck=no  gcopy=yes;;
+  *:*)   col=$red res=FAIL  recheck=yes gcopy=yes;;
+esac
+
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>"$log_file"
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:

libdnet-stripped/configure.ac

@@ -1,23 +1,26 @@
 dnl
 dnl configure.in
 dnl
-dnl Copyright (c) 2000 Dug Song <dugsong@monkey.org>
+dnl Copyright (c) 2023-2024 Oliver Falk <oliver@linux-kernel.at>
 dnl
-dnl $Id: configure.in 638 2007-01-20 11:39:21Z dugsong $
+dnl $Id$
 
-AC_INIT(include/dnet.h)
+AC_INIT([libdnet],[1.18.0])
+AC_CONFIG_MACRO_DIR([m4])
+AC_CONFIG_AUX_DIR(config)
+AC_SUBST(ac_aux_dir)
 
-AM_INIT_AUTOMAKE(libdnet, 1.12)
-AM_CONFIG_HEADER(include/config.h)
+AM_INIT_AUTOMAKE
+AC_CONFIG_HEADERS(include/config.h)
+
+LT_PREREQ([2.2])
+LT_INIT
 
 dnl XXX - stop the insanity!@#$
 AM_MAINTAINER_MODE
 
 dnl Check for system type.
-dnl XXX - we do this to qualify our later feature checks, since some
-dnl systems claim to support multiple features, but are quite b0rked.
 AC_CANONICAL_HOST
-dnl XXX - spoof AC_CYGWIN
 case "$host_os" in
   *cygwin*) CYGWIN=yes;;
          *) CYGWIN=no;;
@@ -31,44 +34,23 @@ fi
 dnl Checks for programs.
 AC_PROG_CC
 AC_PROG_INSTALL
-AC_LIBTOOL_DLOPEN
-AC_DISABLE_SHARED
-AM_PROG_LIBTOOL
+_LT_SET_OPTION([LT_INIT],[dlopen])
+m4_warn([obsolete],[_LT_SET_OPTION([LT_INIT],[dlopen])
+m4_warn([obsolete],[_LT_SET_OPTION([LT_INIT],[dlopen])
+m4_warn([obsolete],[_LT_SET_OPTION([LT_INIT],[dlopen])
+m4_warn([obsolete],[_LT_SET_OPTION([LT_INIT],[dlopen])
+m4_warn([obsolete],[AC_LIBTOOL_DLOPEN: Remove this warning and the call to _LT_SET_OPTION when you
+put the 'dlopen' option into LT_INIT's first parameter.])
+: Remove this warning and the call to _LT_SET_OPTION when you
+put the 'dlopen' option into LT_INIT's first parameter.])
+: Remove this warning and the call to _LT_SET_OPTION when you
+put the 'dlopen' option into LT_INIT's first parameter.])
+: Remove this warning and the call to _LT_SET_OPTION when you
+put the 'dlopen' option into LT_INIT's first parameter.])
+: Remove this warning and the call to _LT_SET_OPTION when you
+put the 'dlopen' option into LT_INIT's first parameter.])
 
-dnl Checks for Python.
-dnl XXX - use AM_PATH_PYTHON after automake upgrade
-AC_MSG_CHECKING(for Python)
-AC_ARG_WITH(python,
-[  --with-python=DIR       build Python module (using python in DIR)],
-[ case "$withval" in
-  yes)
-     AC_MSG_RESULT(yes)
-     PYTHON="python"
-     ;;
-  no)
-     AC_MSG_RESULT(no)
-     ;;
-  *)
-     AC_MSG_RESULT($withval)
-     for subdir in . bin; do
-        if test -x $withval/$subdir/python; then
-	   owd=`pwd`
-	   if cd $withval/$subdir; then withval=`pwd`; cd $owd; fi
-	   PYTHON="$withval/python"
-	   break
-	fi
-     done
-     if test "x$PYTHON" = "x"; then
-        AC_ERROR(python not found in $withval)
-     fi
-     ;;
-  esac 
-])
-AC_SUBST(PYTHON)
-AC_SUBST(TCLINC)
-AC_SUBST(TCLLIB)
-AM_CONDITIONAL(PYTHON, [test "x$PYTHON" != "x"])
-AM_CONDITIONAL(TCL, [test "x$TCLINC" != "x"])
+LT_INIT
 
 dnl XXX - stupid IRIX cpp
 if test -r /usr/include/sgidefs.h ; then
@@ -120,45 +102,7 @@ if test "$CYGWIN" != yes ; then
 	AC_CHECK_LIB(nm, open_mib)
 fi
 
-dnl Checks for Check.
-AC_MSG_CHECKING(for Check)
-AC_ARG_WITH(check,
-[  --with-check=DIR        use Check (http://check.sf.net) in DIR],
-[ case "$withval" in
-  yes|no)
-     AC_MSG_RESULT(no)
-     ;;
-  *)
-     AC_MSG_RESULT($withval)
-     if test -f $withval/include/check.h -a -f $withval/lib/libcheck.a; then
-        owd=`pwd`
-        if cd $withval; then withval=`pwd`; cd $owd; fi
-        CHECKINC="-I$withval/include"
-        CHECKLIB="-L$withval/lib -lcheck"
-     elif test -f $withval/src/check.h -a -f $withval/src/libcheck.a; then
-        owd=`pwd`
-        if cd $withval; then withval=`pwd`; cd $owd; fi
-        CHECKINC="-I$withval/src"
-        CHECKLIB="-L$withval/src -lcheck"
-     else
-        AC_ERROR(check.h or libcheck.a not found in $withval)
-     fi
-     ;;
-  esac ],
-[ if test -f ${prefix}/include/check.h -a -f ${prefix}/lib/libcheck.a; then
-     CHECKINC="-I${prefix}/include"
-     CHECKLIB="-L${prefix}/lib -lcheck"
-     AC_MSG_RESULT(yes)
-  else
-     AC_MSG_RESULT(no)
-  fi
-])
-AC_SUBST(CHECKINC)
-AC_SUBST(CHECKLIB)
-AM_CONDITIONAL(HAVE_CHECK, test "x$CHECKLIB" != "x")
 
-dnl Checks for header files.
-AC_HEADER_STDC
 if test "$CYGWIN" = yes ; then
 	AC_CHECK_HEADERS(Iphlpapi.h winsock2.h)
 else
@@ -177,11 +121,19 @@ else
 	AC_CHECK_HEADERS(hpsecurity.h stropts.h)
 	AC_CHECK_HEADERS(net/route.h, [], [],
    [
+AC_INCLUDES_DEFAULT
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
     ])
 fi
+AC_CHECK_HEADERS(bsd/string.h)
+if test "$ac_cv_header_bsd_string_h" = yes; then
+    STRLCPY_HEADER="bsd/string.h"
+else
+    STRLCPY_HEADER="string.h"
+fi
+AC_SUBST(STRLCPY_HEADER)
 
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
@@ -202,8 +154,6 @@ AC_PROG_GCC_TRADITIONAL
 if test "$GCC" = yes ; then
    	CFLAGS="$CFLAGS -Wall"
 fi
-AC_CHECK_TYPES([socklen_t], [], [], [AC_INCLUDES_DEFAULT
-#include <sys/socket.h>])
 
 dnl Checks for library functions.
 AC_FUNC_MEMCMP
@@ -284,6 +234,13 @@ else
 	AC_LIBOBJ([route-none])
 fi
 
+dnl Check for ndisc interface.
+if test "$ac_cv_dnet_linux_procfs" = yes ; then
+    AC_LIBOBJ([ndisc-linux])
+else
+    AC_LIBOBJ([ndisc-none])
+fi
+
 dnl Check for tun interface.
 if test "$ac_cv_header_linux_if_tun_h" = yes ; then
 	AC_LIBOBJ([tun-linux])
@@ -304,6 +261,7 @@ else
 	AC_LIBOBJ([tun-none])
 fi
 
-AC_OUTPUT([Makefile dnet-config include/Makefile include/dnet/Makefile
-	src/Makefile],
-	[chmod 755 dnet-config])
+AC_CONFIG_FILES([Makefile dnet-config include/Makefile include/dnet/Makefile
+	src/Makefile])
+AC_CONFIG_COMMANDS([default],[chmod 755 dnet-config],[])
+AC_OUTPUT