pkgsrc-WIP-cvs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: wip/nmap

Module name:    wip
Committed by:   pettai
Date:           Thu Jan 12 22:48:36 UTC 2012

Modified Files:
        wip/nmap: Makefile PLIST PLIST.zenmap distinfo

Log Message:
Nmap 5.61TEST4 [2012-01-02]

o [NSE] Added a new httpspider library which is used for recursively
  crawling web sites for information.  New scripts using this
  functionality include http-backup-finder, http-email-harvest,
  http-grep, http-open-redirect, and http-unsafe-output-escaping. See or the list later in this file for details
  on these.
o We set up a new SVN server for the Nmap codebase.  This one uses SSL
  for better security, WebDAV rather than svnserve for greater
  functionality, is hosted on a faster (virtual) machine, provides
  Nmap code history back to 1998 rather than 2005, and removes the
  need for the special "guest" username.  The new server is at  More information:
o [NSE] Added a vulnerability management library (vulns.lua) to store and to
  report discovered vulnerabilities.  Modified these scripts to use
  the new library:
  - ftp-libopie.nse
  - http-vuln-cve2011-3192.nse
  - ftp-vuln-cve2010-4221.nse
  - ftp-vsftpd-backdoor.nse
  - smtp-vuln-cve2011-1720.nse
  - smtp-vuln-cve2011-1764.nse
  - afp-path-vuln.nse
o [NSE] Added a new script force feature.  You can force scripts to
  run against target ports (even if the "wrong" service is detected)
  by placing a plus in front of the script name passed to --script. See
o [NSE] Added 51(!) NSE scripts, bringing the total up to 297.  They
  are all listed at, and the summaries are
  below (authors listed in brackets):
o [NSE] Added some new protocol libraries
 + amqp (advanced message queuing protocol)
 + bitcoin crypto currency [Patrik Karlsson
 + dnsbl for DNS-based blacklists [Patrik Karlsson
 + rtsp (real time streaming protocol) [Patrik Karlsson]
 + httpspider and vulns have separate entries in this CHANGELOG
o Nmap now includes a nmap-update program for obtaining the latest
  updates (new scripts, OS fingerprints, etc.)  The system is
  currently only available to a few developers for testing, but we
  hope to enable a larger set of beta testers soon.
o Improved OS detection performance by scaling congestion control
  increments by the response rate during OS scan, just as was done
  for port scan before.
o [NSE] The targets-ipv6-multicast-*.nse scripts now scan all
  interfaces by default. They show the MAC address and interface name
  now too.
o Added some new version detection probes:
 + MongoDB service
 + Metasploit XMLRPC service
 + Vuze filesharing system
 + Redis key-value store
 + memcached
 + Sybase SQL Anywhere
 + VMware ESX Server
 + TCP Kerberos
 + PC-Duo
 + PC Anywhere
o Targets requiring different source addresses now go into different
  hostgroups, not only for host discovery but also for port scanning.
  Before, only responses to one of the source addresses would be
  processed, and the others would be ignored.
o Tidied up the version detection DB (nmap-service-probes) with a new
  cleanup/canonicalization program sv-tidy.  In particular, this:
 - Removes excess whitespace
 - Sorts templates in the order m p v i d o h cpe:
 - Canonicalizes template delimiters in the order: / | % = @ #.
o The --exclude and --excludefile options for excluding targets can
  now be used together.
o [NSE] Added support for detecting whether a http connection was established
  using SSL or not to the http.lua library
o [NSE] Changed the dhcp-discover script to use the DHCPINFORM request
  to query dhcp servers instead of DHCPDISCOVER. Also removed DoS code
  from dhcp-discover and placed the script into the discovery and safe
  categories. Added support for adding options to DHCP requests and
  cleaned up some code in the dhcp library.
o [NSE] Applied patch to snmp-brute that solves problems with handling
  errors that occur during community list file parsing.
o [NSE] Added new fingerprints to http-enum for:
  - Subversion, CVS and Apache Archiva
  - DVCS systems Git, Mercurial and Bazaar
o [NSE] Applied some code cleanup to the snmp library.
o [NSE] Add additional version information to Mongodb scripts
o [NSE] Added path argument to the http-auth script and update the
  script to use stdnse.format_output.
o Made a syntax change in the zenmap.desktop file for compliance with
  the XDG standard.
o [NSE] Replaced a number of GET requests to HEAD in http-
  fingerprints.lua.  HEAD is quicker and sufficient when no matching
  is performed on the returned contents.
o [NSE] Added support for retrieving SSL certificates from FTP servers.
o [Nping] The --safe-payloads option is now the default. Added
  --include-payloads for the special situations where payloads are
o [NSE] Added new functionality and fixed some bugs in the brute library:
  - Added support for restricting the number of guesses performed by the
    brute library against users, to prevent account lockouts.
  - Added support to guess the username as password. The documentation
    previously suggested (wrongly) that this was the default behavior.
  - Added support to guess an empty string as password if not
    present in the dictionary.
o [NSE] Re-enabled support for guessing the username in addition to password
  that was incorrectly removed from the metasploit-xmlrpc-brute in previous
o [NSE] Turned on promiscuous mode in targets-sniffer.nse so that it
  finds packets not only from or to the scanning host.
o The Zenmap topology display feature is now disabled when there are
  more than 1,000 target hosts.  Those topology maps slow down the
  interface and are generally too crowded to be of much use.
o [NSE] Modified the http library to support servers that don't return valid
  chunked encoded data, such as the Citrix XML service. [Patrik]
o Fixed a bug in the IPv6 OS probe called NI. The Node Information
  Query didn't include the target address as the payload, so at least
  OS X didn't respond. This differed from the probe sent by the program from which some of our fingerprints were derived.
o [NSE] Fixed an error in the mssql library that was causing the
  broadcast-ms-sql-discover script to fail when trying to update port version
o [NSE] Added the missing broadcast category to the broadcast-listener script.
o [NSE] Made changes to the categories of the following scripts (new
  categories shown):
  - http-userdir-enum.nse (auth,intrusive)
  - mysql-users.nse (auth,intrusive)
  - http-wordpress-enum.nse (auth,intrusive,vuln)
  - krb5-enum-users.nse (auth,intrusive)
  - snmp-win32-users.nse (default,auth,safe)
  - smtp-enum-users.nse (auth,external,intrusive)
  - ncp-enum-users.nse (auth,safe)
  - smb-enum-users.nse (auth,intrusive)
o Made nbase compile with the clang compiler that is a part of Xcode 4.2.
o [NSE] Added XMPP support to ssl-cert.nse.
o [NSE] Made http-wordpress-enum.nse able to get names of users who
  have no posts.
o Increased hop distance estimates from OS detection by one. The
  distance now counts the number of hops including the final one to
  the target, not just the number of intermediate nodes. The IPv6
  distance calculation already worked this way.
o Added IPv6 OS detection system! The new system utilizes many tests
  similar to IPv4, and also some IPv6-specific ones that we found to
  be particularly effective. And it uses a machine learning approach
  rather than the static classifier we use for IPv4. We hope to move
  some of the IPv6 innovations back to our IPv4 system if they work
  out well. The database is still very small, so please submit any
  fingerprints that Nmap gives you to the specified URL (as long as
  you are certain that you know what the target system is
  running). Usage and results output are basically the same as with
  IPv4, but we will soon document the internal mechanisms at, just as we have for IPv4. For an
  example, try "nmap -6 -O".
o [NSE] Added 3 scripts, bringing the total to 246!  You can learn
  more about them at Here they are (authors
  listed in brackets)
o Improved AIX support for raw scans. This includes some patches
  originally written by Peter O'Gorman and Florian Schmid. It also
  involved various build fixes found necessary on AIX 6.1 and 7.1. See
o Fixed Nmap so that it again compiles and runs on Solaris 10,
  including IPv6 support.
o [NSE] Moved our brute force authentication cracking scripts
  (*-brute) from the "auth" category into a new "brute"
  category. Nmap's brute force capabilities have grown tremendously!
  You can see all 32 of them at  It isn't clear
  whether dns-brute should be in the brute category, so for now it isn't.
o Made the interface gathering loop work on Linux when an interface
  index is more than two digits in /proc/sys/if_inet6.
o [NSE] Made irc-info.nse handle the case where the MOTD is missing.
o Updated nmap-mac-prefixes to include the latest IEEE assignments
  as of 2011-09-29.
o Added Common Platform Enumeration (CPE,
  output for OS and service versions. This is a standard way to
  identify operating systems and applications so that Nmap can
  better interoperate with other software. Nmap's own (generally more
  comprehensive) taxonomy/classification system is still supported as
  well. Some OS and version detection results don't have CPE entries
  yet. CPE entries show up in normal output with the headings "OS
  CPE:" and "Service Info:":
    OS CPE: cpe:/o:linux:kernel:2.6.39
    Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
  These also appear in XML output, which additionally has CPE entries
  for service versions.
o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4
  ARP scan. It is the default ping type for local IPv6 networks.
o Integrated your latest (IPv4) OS detection submissions and
  corrections until June 22. New fingerprints include Linux 3, FreeBSD
  9, Mac OS X 10.7 (Lion), and 300+ more. The DB size increased 11% to
  3,308 fingerprints. See Please keep those
  fingerprints coming! We now accept IPv4 and IPv6 OS fingerprints as
  well as service fingerprints, plus corrections of all types if Nmap
  guess wrong.
o [NSE] Added 27 scripts, bringing the total to 243!  You can learn
  more about any of them at Here are the new
  ones (authors listed in brackets)
o [NSE] The script arguments which start with a script name
  (e.g. http-brute.hostname or afp-ls.maxfiles) can now accept the
  unqualified arguments as well (hostname, maxfiles). This lets you
  use the generic version ("hostname") when you want to affect
  multiple scripts, while using the qualified version to target
  individual scripts. If both are specified, the qualified version
  takes precedence for that particular script. This works for library
  script arguments too (e.g. you can specify 'timelimit' rather than
o [Ncat] Updated SSL certificate store (ca-bundle.crt), primarily to
  remove the epic fail known as DigiNotar.
o Nmap now defers options parsing until it has read through all the
  command line arguments.  This removes the few remaining cases where
  option order mattered (for example, IPv6 users previously had to
  specify -6 before -S). [Shinnok]
o [NSE] Added a new default credential list for Oracle databases and
  modified the oracle-brute script to make use of it. [Patrik]
o [NSE] Our Packet library (packet.lua) now handles IPv6. This is used
  by the new multicast IPv6 host discovery scripts
  (targets-ipv6-*). [Weilin]
o [NSE] Replaced xmpp.nse with an an overhauled version named
  xmpp-info.nse which brings many new features and fixes. [Vasiliy Kulikov]
o [NSE] Fixed SSL compressor names in ssl-enum-ciphers.nse, and
  removed redundant multiple listings of the NULL compressor.
o [NSE] Added cipher strength ratings to ssl-enum-ciphers.nse.
o [NSE] Added 4 more protocol libraries. You can learn more about any
  of them at Here are the new ones (authors
  listed in brackets)
  + bittorrent supports the BitTorrent file sharing protocol
  + cvs includes support for the Concurrent Versions System (CVS)
  + sasl provides common code for "Simple Authentication and Security
    Layer" to services supporting it. The algorithms supported by the
    library are: PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM.
  + xmpp handles XMPP (Jabber) IM servers
o [NSE] Removed the mac-geolocation script, which relied on a Google
  database to determine strikingly accurate GPS coordinates for
  anyone's wireless access points (based on their MAC address).  It
  was very powerful.  Perhaps Google decided it was too powerful, as
  they discontinued the service before our script was even 2 months
o [Ncat] Added an --append-output option which, when used along with
  -o and/or -x, prevents clobbering (truncating) an existing file.
o Fixed RPC scan (part of -sV) to work on the 64-bit machines where
  "unsigned long" is 8 bytes rather than 4.  We now use the more
  portable u32 in the code.
o [NSE] Moved some scripts into the default category: giop-info,
  vnc-info, ncp-serverinfo, smb-security-mode, and and
o Relaxed the XML DTD to allow validation of files where the verbosity
  level changed during the scan.  Also made a service confidence of 8
  (used when tcpwrapped) or any other number between 0 and 10 legal.
o [NSE] Fixed authentication problems in the TNS library that would prevent
  authentication from working against Oracle XE
o [NSE] Added basic query support to the Oracle TNS library so that scripts
  can now make SQL queries against database servers.  Also improved
  support for 64-bit database servers and improved the documentation.
o Removed some restrictions on probe matching that, for example,
  prevented a RST/ACK reply from being recognized in a NULL scan.
o Rearranged some characters classes in service matches to avoid any
  that look like POSIX collating symbols ("[.xyz.]").
    InitMatch: illegal regexp: POSIX collating elements are not supported
o [NSE] Added more than 100 new signatures to http-enum (many for
  known vulnerabilities). They are in the categories: general,
  attacks, cms, security, management and database [Paulino]
o [NSE] Updated account status text in brute force password discovery 
  scripts in an effort to make the reporting more consistent across
  all scripts.  This will have an impact on any code that parses these
o Nmap now includes the Liblinear library for large linear
  classification ( We
  are using it for the upcoming IPv6 OS detection system, and (if that
  works out well) may eventually use it for IPv4 too.  It uses a
  three-clause BSD license.
o [NSE] Better error messages (including a traceback) are now provided
  when script loading fails.
o [Zenmap] Prevent Zenmap from deleting ports when merging scans
  results based on newer scans which did not actually scan the ports
  in question. Additionally Zenmap now only updates ports with new
  information if the new information uses the same protocol--not just
  the same port number.
o [Nping] Added new --safe-payloads option for echo mode which causes
  returned packet payloads to be zeroed to reduce privacy risks if
  Nping echo server was to accidentally (or through malicious intent)
  return a packet which wasn't sent by the Nping echo client.  We hope
  to soon make this behavior the default.
o Ncat SCTP mode now supports connection brokering (--sctp --broker).
o Consolidated a bunch of duplicate code between Ncat's listen
  (ncat_listen.c) and broker (ncat_broker.c) modes to ease
o Added a 'nostore' nse argument to the brute force library which
  prevents the brute force authentication cracking scripts from
  storing found credentials in the creds library (they will still be
  printed in script output).
o [Ncat] Ncat no longer blocks while an ssl handshake is taking place
  or waiting to complete.  This could make listening Ncat instances
  unavailable to other clients because one client was taking too long
  to complete the SSL handshake.  Our public Ncat chat server is now
  much more reliable (connect with: ncat --ssl -v
o [NSE] Updated SMTP and IMAP libraries to support authentication
  using both plain-text and the SASL library.
o [Zenmap] The Zenmap crash handler now instructs users to mail in
  crash information to nmap-dev rather than offering to create a
  Sourceforge bug tracker entry.
o [NSE] Applied patch from Chris Woodbury that adds the following
  additional information to the output of smb-os-discovery: NetBIOS
  computer name, NetBIOS domain name, FQDN, and forest name.
o [NSE] Updated smb-brute to add detection for valid credentials where the 
  target account was expired or limited by time or login host constraints.
o [Ncat] Ncat now supports IPV6 addresses by default without the -6 flag.
  Additionally ncat listens on both ::1 and localhost when passed
  -l, or any other listening mode unless a specific listening address is
o Fixed broken XML output in the case of timed-out hosts; the
  enclosing host element was missing.
o [NSE] Multiple ldap-brute changes by Tom Sellers:
  + Added support for 2008 R2 functional level Active Directory instances
  + Added detection for valid credentials where the target account was 
    expired or limited by time or login host constraints.
  + Added support for specifying a UPN suffix to be appended to usernames
    when brute forcing Microsoft Active Directory accounts.
  + Added support for saving discovered credentials to a CSV file.
  + Now reports valid credentials as they are discovered when the script
    is run with -vv or higher.
o [NSE] ldap-search.nse - Added support for saving search results to
  CSV.  This is done by using the ldap.savesearch script argument to
  specify an output filename prefix.
o Handle an unconventional IPv6 internal link-local address convention
  used by Mac OS X. See
o [NSE] Optimized stdnse.format_output (changing the data structures)
  to improve performance for scripts which produce a lot of output. See [Djalal]
o [NSE] Fix nping-brute so that it again works on IPv6. [Toni Ruottu]
o [NSE] Added the make_array and make_object functions to our json
  library, allowing LUA tables to be treated as JSON arrays or
  objects. See
o [NSE] The ip-geolocation-ipinfodb now allows you to specify an
  IPInfoDB API key using the apikey NSE argument.
o [NSE] Renamed http-wp-plugins to http-wordpress-plugins script for
  consistency with http-wordpress-brute and now

  Plus many bugfixes and improvements.

  For full changelog, see

To generate a diff of this commit:
cvs -z3 rdiff -u -r1.2 -r1.3 wip/nmap/Makefile wip/nmap/PLIST \
    wip/nmap/PLIST.zenmap wip/nmap/distinfo wip/nmap/

To view a diff of this commit:

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
pkgsrc-wip-cvs mailing list

Home | Main Index | Thread Index | Old Index