Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Nmap 4.60 and new movies page

From: Fyodor <fyodor () insecure org>
Date: Mon, 24 Mar 2008 13:39:15 -0700
Hi everyone.  This is the first nmap-hackers message of the year, but
we haven't been slacking.  The nmap-dev list has more than 500 posts
so far this quarter, and we've made many great improvements to Nmap
during the period.

Nmap-hackers is reserved for the most important Nmap news, but that
won't prevent me from starting out this message with something
frivolous :).  I recently learned that Nmap was in not just one, but
two major motion pictures last year!  In addition to the known Bourne
Ultimatum appearance, I now have screen shots of Nmap being used in
Die Hard 4: Live Free or Die Hard.  I've posted them to the new Nmap
movies page:

http://nmap.org/movies.html

Nmap has become quite the movie star!  Who knows where it will show up
in 2008.

The other exciting news I have for you is that Nmap 4.60 has been
released.  The changelog (http://nmap.org/changelog.html) notes more
than 60 important changes since 4.50.  This includes a new and shorter
URL (nmap.org rather than insecure.org/nmap/), massive OS detection and
version detection signature updates, many new Nmap Scripting Engine
scripts, bug fixes, performance optimization, and more.  It is
available now from the download page:

http://nmap.org/download.html

Don't hesitate to let us know on nmap-dev if you find any problems.
Here is the detailed list of changes since 4.50:

4.60

o Nmap has moved.  Everything at http://insecure.org/nmap/ can now be
  found at http://nmap.org .  That should save your fingers from a
  little bit of typing.  Even though transparent redirectors are in
  place for the old URLs, please update your links and bookmarks. And
  if you don't have a link to Nmap on your web site, now is a good
  time to add one :).

o All of your OS detection fingerprints up until March 10, 2008 have
  now been integrated by David.  The second generation database has
  grown from 1,085 fingerprints representing 421 operating
  systems/devices, to 1,304 fingerprints representing 478 systems.
  That is an increase of more than 20%.  New fingerprints were added
  for Mac OS X Tiger, iPod Touch, the La Fonera WAP, FreeBSD 7.0,
  Linux 2.6.24, Windows 2008, Vista, OpenBSD 4.2, and of course
  hundreds of broadband routers, VoIP phones, printers, some crazy
  oscilloscope, etc.  We get a ton of new fingerprint submissions, but
  not as many corrections.  Please remember to visit
  http://nmap.org/submit/ if Nmap gives you bad results, whether they
  are completely wrong or just a slight mistake (like Nmap says Linux
  2.6.20-2.6.23, but you're running 2.6.24).  Of course you need to be
  certain you know exactly what is running on the target before you do
  this.

o All of your service fingerprints and corrections submitted until
  January 14, 2008 have now been integrated by Doug.  As usual, he has
  documented his adventures at http://hcsw.org/blog.pl/33 .  More than
  a hundred signatures were added, growing the database to 4,645
  signatures for 457 services.  Corrections are welcome for service
  detection too -- visit http://nmap.org/submit/ if you get incorrect results.

o Nmap now saves the target name (if any) specified on the command
  line, since this can differ from the reverse DNS results.  It can be
  particularly important when doing HTTP tests against virtual hosts.
  The data can be accessed from target->TargetName() from Nmap proper
  and host.targetname from NSE scripts.  The NSE HTTP library now uses
  this for the Host header.  Thanks to Sven Klemm for adding this
  useful feature.

o Added NSE HTTP library which allows scripts to easily fetch URLs
  with http.get_url() or create more complex requests with
  http.request().  There is also an http.get() function which takes
  components (hostname, port, and path) rather than a URL.  The
  HTTPAuth, robots, and showHTMLTitle NSE scripts have been updated to
  use this library. Sven Klemm wrote all of this code.

o Fixed an integer overflow in the DNS caching code that caused nmap
  to loop infinitely once it had expunging the cache of older
  entries.  Thanks to David Moore for the report, and Eddie Bell for
  the fix.

o Fixed another integer overflow in the DNS caching code which caused
  infinite loops. [David]

o Added IPv6 host support to the RPC scan.  Attempting this before
  (via -sV) caused a segmentation fault.  Thanks to Will Cladek for
  the report. [Kris]

o Fixed an event handling bug in NSE that could cause execution of
  some in-progress scripts to be excessively delayed. [Marek]

o A new NSE table library (tab.lua) allows scripts to deliver better
  formatted output.  The Zone transfer script (zoneTrans.nse) has been
  updated to use this new facility. [Eddie]

o Rewrote HTTPpasswd.nse to use Sven's excellent HTTP library and to
  do some much-needed cleaning up. [Kris]

o Added a new MsSQL version detection probe and a bunch of match lines
  developed by Tom Sellers.

o Added a new service detection probe and signatures for the memcached
  service [Doug]

o Added new service detection probes and signatures for the Beast
  Trojan and Firebird RDBMS. [Brandon Enright]

o Fixed a crash in Zenmap which occurred when attempting to edit or
  create a new profile based on an existing one when there wasn't one
  selected.  The error message was:
    'NoneType' object has no attribute 'toolbar'
  Now a new Profile Editor is opened.  Thanks to D1N (d1n () inbox com)
  for the report. [Kris]

o Fixed another crash in Zenmap which occurred when exiting the
  Profile Editor (while editing an existing profile) by clicking the
  "X", then going to edit the same profile again.  The error message
  was: "No option named '' found!".  Now the same window that appears
  when clicking Cancel comes up when clicking "X".  Thanks to David
  for reporting this bug. [Kris]

o Another Zenmap bug was fixed: ports consolidated into "extra ports"
  groups are now counted and shown in the "Host Details" tab.  The
  closed, filtered and scanned port counts in this tab didn't contain
  this information before so they were usually very inaccurate. [Kris]

o Another Zenmap bug was fixed: the --scan-delay and --max-scan-delay
  buttons ("amount of time between probes") under the Advanced tab in
  the Profile Editor were backwards. [Kris]

o Added the UDP Scan (-sU) and IPProto Ping (-PO) to Zenmap's Profile
  Editor and Command Wizard. [Kris]

o Reordered the UDP port selection for Traceroute: a closed port is
  now chosen before an open one.  This is because an open UDP port is
  usually due to running version detection (-sV), so a Traceroute
  probe wouldn't elicit a response. [Kris]

o Add Famtech Radmin remote control software probe and signatures to
  the Nmap version detection DB. [Tom Sellers, Fyodor]

o Add "Conection: Close" header to requests from HTTP NSE scripts so
  that they finish faster. [Sven Klemm]

o Update SSLv2-support NSE script to run against more services which
  are likely SSL. [Sven Klemm]

o A bunch of service name canonicalization was done in the Nmap
  version detection file by Brandon Enright (e.g. capitalizing D-Link
  and Netgear consistently).

o Upgraded the shipped LibPCRE from version 7.4 to 7.6. [Kris]

o Updated to latest (as of 3/15) autoconf config.sub/config.guess
  files from http://cvs.savannah.gnu.org/viewvc/config/?root=config .

o We now escape newlines, carriage returns, and tabs (\n\r\t) in XML
  output.  While those are allowed in XML attributes, they get
  normalized which can make formatting the output difficult for
  applications which parse Nmap XML. [Joao Medeiros, David, Fyodor]

o The Zenmap man page is now installed on Unix when "make install" is
  run.  This was supposed to work before, but didn't. [Kris]

o Fixed a man page bug related to our DocBook to Nroff translation
  software producing incorrect Nroff output.  The man page no longer
  uses the ".nse" string which was being confused with the Nroff
  no-space mode command. [Fyodor]

o Fixed a bug in which some NSE error messages were improperly escaped
  so that a message including "c:\nmap" would end up with a newline
  between "c:" and "map".

o Updated IANA assignment IP list for random IP (-iR)
  generation. [Kris]

o The DocBook XML source code to the Nmap Scripting Engine docs
  (http://nmap.org/nse/) is now in SVN under docs/scripting.xml .

4.53

o Impoved Windows executable installer by making uninstall wor. [Rob Nicholls]

o The Nmap Scripting Engine (NSE) now supports run-time interaction
  and the Nmap --host-timeout option. [Doug]

o Added nmap.fetchfile() function for scripts so they can easily find
  Nmap's nmap-* data files (such as the OS/version detection DBs, port
  number mapping, etc.) [Kris]

o Updated rpcinfo.nse to use nmap.fetchfile() to read from nmap-rpc
  instead of having a huge table of RPC numbers.  This reduced the
  script's size by nearly 75%. [Kris]

o Fixed multiple NSE scripts that weren't always properly closing their
  sockets.  The error message was:
  "bad argument #1 to 'close' (nsock expected, got no value)" [Kris]

o Added a new version detection probe for the Trend Micro OfficeScan
  product line. [Tom Sellers, Doug]

4.51BETA

o We now have a detailed Zenmap Guide at http://nmap.org/zenmapguide/ .
  Thanks to David for writing it.

o Added rpcinfo.nse script, which contacts a listening RPC portmapper
  and reports the listening services and port information (like
  rpcinfo -p does).  The script was written by Sven Klemm.  Fyodor
  then enhanced the RPC number list with all of the entries from
  nmap-rpc.

o Added a new NSE script (MySQLinfo) which prints MySQL server information
  such as the protocol and version numbers, status, thread id, capabilities,
  and password salt. [Kris]

o Nmap's output options (-oA, -oX, etc.) now support strftime()-like
  conversions in the filename.  %H, %M, %S, %m, %d, %y, and %Y are
  all the same as in strftime().  %T is the same as %H%M%S, %R is the
  same as %H%M, and %D is the same as %m%d%y.  A % followed by any
  other character just yields that character (%% yields a %).  This
  means that "-oX 'scan-%T-%D.xml'" uses an XML file in the form of
  "scan-144840-121307.xml". [Kris]

o Fixed Winpcap installer to install the right version of Packet.dll
  on Windows Vista. [Fyodor]

o Fixed our Winpcap installer so that it waits for a Winpcap uninstall
  (if needed) to complete before trying to install the new Winpcap.
  [Jah]

o Fix a bunch of warning/error messages which contained an extra
  newline. [Brandon Enright]

o Fixed an error when attempting to scan localhost as an unprivileged
  user on Windows (nmap --unprivileged localhost). The error was:
   "Skipping SYN Stealth Scan against localhost (127.0.0.1) because
    Windows does not support scanning your own machine (localhost) this
    way."
  Now connect scan is used instead of SYN scan. [David]

o Fixed a bug that prevented the --resume option from working on
  Windows. The error message was:
  ..\utils.cc(996): CreateFileMapping(), file 'testresume', length 103,
  mflags 000 00006: The parameter is incorrect.(87)
  [Fixed by David, reported by Rob Nicholls]

o Zenmap's new web page (http://nmap.org/zenmap/) is now shown in the
  Zenmap about dialogue.

o On Windows, paths beginning with \ are now considered absolute when
  used with the --script option. jah (jah(a)zadkiel.plus.com) suggested
  this. [David]

o Zenmap no longer double-spaces its output (by inadvertently
  duplicating newlines) when viewing scan results that were saved to a
  file. [Joao Medeiros]

o Upgraded the shipped LibPCRE from version 7.2 to 7.4. [Kris]

o Fixed Zenmap crash that occurred when selecting Help from the Compar


Enjoy!
Fyodor

_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org
Previous By Date Next
Previous By Thread Next

Current thread: