Nmap Development mailing list archives
Announce: nmap-3.30+V-2.99 ("Version" Scanning) [New File Format]
From: "Jay Freeman \(saurik\)" <saurik () saurik com>
Date: Sun, 31 Aug 2003 02:23:16 -0500
Nmap 3.30+V-2.99 o Broke the Win32 build again. In fact, probably broke many builds. Win32 will be fixed in the next 4-5 days or so depending on when I have time, but the best solution for other system is going to tend to be "upgrade your copy of gcc". If you get weird compile errors I _am_ interested in seeing them and will try to help you with possible workarounds. I really want to support all relatively recent versions of gcc, so if you have at least 3.0 _please_ tell me if you have a compile error (even if you are willing to just upgrade your compiler) as I'd love to see what I can do about compatibility thereof. For reference I use gcc 3.2 and gcc 3.2.3. o Largely rewrote everything. The file format is now really, really nice. (Well, at least in my opinion.) It's an XML file format that contains little switch commands and nesting and some simplistic flow control... it has a bunch of little goodies :). The way the <switch/> command works allows me to scan remote computers slightly faster than before as I can now short circuit the scan immediately as I get enough data to do so. (Before I would always wait until the timeout before continuing.) This doesn't tend to effect the timing of -sVV/-sVVV scans that much (which against my computer against localhost with -F are around 20 seconds, I'm still getting used to not having them take _forever_ as my older versions did, hehe), but the timing for the less intrusive -sV is now about twice as good (so on my computer against my computer about 4.5 seconds). These timings are obviously not going to help anyone else reading this tell much seeing as it's largely based on the particular set of services that I run on my computer, but hey... I thought I'd include them. Oh, and if anyone wants documentation on the new file format, please ask. I'm much better at writing documentation targetted towards someone which I can then just include in the release than I am writing just a general document that is hopefully targetting someone "out there", hehe. FTP Information (for "released" versions): Source: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.99.tgz Patch: ftp://ftp.saurik.com/pub/nmap/nmap+V-2.99 OLD Win32 Binary: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.91.win32.zip MD5 Sums: 9c6a4066d5f82ceb04dfcad42bfb660a nmap-3.30+V-2.99.tgz 05a56a0aafda62c48a5b5c839ea721c8 nmap+V-2.99 6fd5723be17b81eb28a4f1ef536b9361 nmap-3.30+V-2.91.win32.zip CVS Information (for current versions): Repository: :pserver:anoncvs () cvs saurik com:/cvs/nmap Module: nmap Password: anoncvs Simple Usage Instructions: Add -sV to your scan to get service/version detection. If you are willing to let nmap perform a number of connections to the remote machine to try sending different data in expectation of different responses (helpful if people are running services on the "wrong" port) then use -sVV instead. If you would, in addition to that, like to get whatever extraneous information I happen to pull off that port in addition to the service/version, use -sVVV. I tend to go back and forth on whether -sVV and -sVVV should be swapped, so far I've never changed them. If anyone has opinions please voice up :). Another option is to make it entirely orthogonal and make the "extra information" a different command line switch. Example Output (for the curious; and yes, it should line up with a fixed width font, although it is occasionally wider than 77 characters and wraps): [root(2)@ironclad nmap]# ./nmap -sS -sV -F localhost Starting nmap 3.30+V ( http://www.insecure.org/nmap/ ) at 2003-08-31 02:09 CDT Interesting ports on localhost.localdomain (127.0.0.1): (The 1174 ports scanned but not shown below are in state: closed) Port State Service Protocol Version 17/tcp open qotd 21/tcp open ftp FTP 22/tcp open ssh SSH 1.99-OpenSSH_3.4p1 23/tcp open telnet Telnet 25/tcp open smtp SMTP Sendmail 8.12.6/8.12.6 53/tcp open domain DNS 80/tcp open http HTTP Apache/2.1.0-dev (Unix) 110/tcp open pop-3 POP3 Cyrus v2.1.11-Invoca-RPM-2.1.11-3 111/tcp open sunrpc RPC 113/tcp open auth AUTH 139/tcp open netbios-ssn NETBIOS 143/tcp open imap2 IMAP Cyrus v2.1.11-Invoca-RPM-2.1.11-3 465/tcp open smtps SSL 587/tcp open submission SMTP Sendmail 8.12.6/8.12.6 783/tcp open hp-alarm-mgr SpamAssassin 953/tcp open rndc 993/tcp open imaps SSL 995/tcp open pop3s SSL 2000/tcp open callbook Sieve Cyrus timsieved v2.1.11-Invoca-RPM-2.1.11-3 2401/tcp open cvspserver CVS 5432/tcp open postgres PostgreSQL PostgreSQL 7.3 8009/tcp open ajp13 Ajp13 Apache Tomcat 8080/tcp open http-proxy HTTP Apache Tomcat/4.1.18-LE-jdk14 (HTTP/1.1 Connector) Nmap run completed -- 1 IP address (1 host up) scanned in 4.298 seconds [root(2)@ironclad nmap]# Sincerely, Jay Freeman (saurik) saurik () saurik com --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Announce: nmap-3.30+V-2.99 ("Version" Scanning) [New File Format] Jay Freeman (saurik) (Aug 31)