Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more!

[Fyodor <fyodor () nmap org>]

Hi folks!  I'm happy to announce the release of Nmap 6.49BETA6 with many
great improvements!  This includes a lot of work from our Summer of Code
students as well as our regular crew of developers.  The release has 10 new
NSE scripts, hundreds of new IPv4 and IPv6 OS detection signatures, and a
bunch of new version detection sigs bringing our total above 10,000!  There
are dozens of other improvements as well.

As usual, Nmap 6.49BETA5 source code and binary packages for Linux,
Windows, and Mac are available for free download from:

https://nmap.org/download.html

If you find any bugs in this release, please let us know on the Nmap Dev
list as described at https://nmap.org/book/man-bugs.html.

Now back to the good stuff! Here are the most important changes since BETA5:

o Integrated all of your IPv4 OS fingerprint submissions from February to
October (1065 of them). Added 219 fingerprints, bringing the new total to
4985. Additions include Linux 4.1, Windows 10, OS X 10.11, iOS 9, FreeBSD
11.0, Android 5.1, and more. Highlights:
http://seclists.org/nmap-dev/2015/q4/60 [Daniel Miller]

o Integrated all of your IPv6 OS fingerprint submissions from April to
October (only 9 of them!). We are steadily improving the IPv6 database, but
we need your submissions. The classifier added 3 new groups, bringing the
new total to 93. Highlights: http://seclists.org/nmap-dev/2015/q4/61
[Daniel Miller]

o Integrated all of your service/version detection fingerprints submitted
from February to October (800+ of them). The signature count went up 2.5% to
  10293. We now detect 1089 protocols, from afp, bitcoin, and caldav to
xml-rpc, yiff, and zebra. Highlights:
http://seclists.org/nmap-dev/2015/q4/62 [Daniel Miller]

o [NSE] Added 10 NSE scripts from 5 authors, bringing the total up to 509!
They are all listed at http://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):

  + knx-gateway-discover and knx-gateway-info scripts gather information
from multicast and unicast KNX gateways, which connect home automation
systems to IP networks. [Niklaus Schiess, Dominik Schneider]

  + http-ls parses web server directory index pages with optional
recursion. [Pierre Lalet]

  + xmlrpc-methods perfoms introspection of xmlrpc services and lists
methods and their descriptions. [Gyanendra Mishra]

  + http-fetch can be used like wget or curl to fetch all files, specific
filenames, or files that match a given pattern. [Gyanendra Mishra]

  + http-svn-enum enumerates users of a Subversion repository by examining
commit logs. [Gyanendra Mishra]

  + http-svn-info requests information from a Subversion repository,
similar to the "svn info" command. [Gyanendra Mishra]

  + hnap-info detects and outputs info for Home Network Administration
Protocol devices. [Gyanendra Mishra]

  + http-webdav-scan detects WebDAV servers and reports allowed methods and
directory listing. [Gyanendra Mishra]

  + tor-consensus-checker checks the target's address with the Tor
directory authorities to determine if a target is a known Tor node. [Jiayi
Ye]

o [NSE] Several scripts have been split, combined, or renamed:

  + [GH#171] smb-check-vulns has been split into:
    * smb-vuln-conficker
    * smb-vuln-cve2009-3103
    * smb-vuln-ms06-025
    * smb-vuln-ms07-029
    * smb-vuln-regsvc-dos
    * smb-vuln-ms08-067
    The scripts now use the vulns library, and the "unsafe" script-arg has
been replaced by putting the scripts into the "dos" category. [Paulino
Calderon]

  + http-email-harvest was removed, as the new http-grep does email address
scraping by default. [Gyanendra Mishra]

  + http-drupal-modules was renamed to http-drupal-enum. Extended to
enumerate both themes and modules of Drupal installaions. [Gyanendra Mishra]

o [Ncat] [GH#193] Fix Ncat listen mode over Unix sockets (named pipes) on
OS X.
  This was crashing with the error:
    Ncat: getnameinfo failed: Undefined error: 0 QUITTING.
  Fixed by forcing the name to "localhost" [Michael Wallner]

o [Zenmap] Fix a crash in Zenmap when using Compare Results:
AttributeError: 'NoneType' object has no attribute 'get_nmap_output'
[Daniel Miller]

o [NSE] [GH#194] Add support for reading fragmented TLS messages to
ssl-enum-ciphers. [Jacob Gajek]

o [GH#51] Added IPv6 support to nmap_mass_rdns, improved reverse DNS cache,
and refactored DNS code to improve readability and extensibility. All in
all, this makes the rDNS portion of IPv6 scans much faster. [Gioacchino
Mazzurco]

o [NSE] Added NTLM brute support to http-brute. [Gyanendra Mishra]

o [NSE] Added NTLM authentication support to http.lua and a related
function to create an ntlm v2 session response in smbauth.lua. [Gyanendra
Mishra]

o [NSE] [GH#106] Added a new NSE module, ls.lua, for accumulating and
outputting file and directory listings. The afp-ls, nfs-ls, and smb-ls
scripts have been converted to use this module. [Pierre Lalet]

o [NSE] bacnet-info.nse and s7-info.nse were added to the version category.
[Paulino Calderon]

o [NSE] Added 124 new identifiers to bacnet-info.nse vendor database.
[Paulino Calderon]

o [NSE] Fixed bacnet-info.nse to bind to the service port detected during
scan instead of fixed port. [Paulino Calderon]

o [NSE] Enhanced reporting of elliptic curve names and strengths in
ssl-enum-ciphers. The name of the curve is now reported instead of just
"ec" [Brandon Paulsen]

o [GH#75] Normalize Makefile targets to use the same verb-project format,
e.g. build-ncat, check-zenmap, install-nping, clean-nsock [Gioacchino
Mazzurco]

o [NSE] Added builtin pattern and multiple pattern search to http-grep.
[Gyanendra Mishra]

o [NSE] http-crossdomainxml is now http-cross-domain-policy and supports
client access policies and uses the new SLAXML parser. [Gyanendra Mishra]

o [NSE] Added a patch for vulns lib that allows list of tables to be
submitted to fields in the vulns report. [Jacob Gajek]

o [NSE] Added additional checks for successful PUT request in http-put.
[Oleg Mitrofanov]

o [NSE] Added an update for http-methods that checks all possible methods
not in Allow or Public header of OPTIONS response. [Gyanendra Mishra]

o [NSE] Added SLAXML, an XML parser in Lua originally written by Gavin
Kistner (a.k.a. Phrogz). [Gyanendra Mishra]

o [NSE] [GH#122] Update the snmp-brute and other snmp-* scripts to use the
creds library to store brute-forced snmp community strings. This allows
Nmap to use the correct brute-forced string for each host. [Gioacchino
Mazzurco]

o Several improvements to TLS/SSL detection in nmap-service-probes. A new
probe, TLSSessionReq, and improvements to default SSL ports should help
speed up -sV scans. http://seclists.org/nmap-dev/2015/q2/17 [Daniel Miller]

o [Nsock] Clean up the API so that nsp_* calls are now nsock_pool_* and
nsi_* are nsock_iod_*. Simplify Nsock SSL init API, and make logging global
to the library instead of associated with a nspool. [Henri Doreau]

o [GH#181] The configure script now prints a summary of configured options.
Most importantly, it warns if OpenSSL was not found, since most users will
want this library compiled in. [Gioacchino Mazzurco]

o Define TCP Options for SYN scan in nmap.h instead of literally
throughout. This string is used by p0f and other IDS to detect Nmap scans,
so having it a compile-time option is a step towards better evasion.
[Daniel Miller]

o [GH#51] Nmap's parallel reverse-DNS resolver now handles IPv6 addresses.
This should result in faster -6 scans. The old behavior is available with
--system-dns. [Gioacchino Mazzurco]

o [NSE] Fix a couple odd bugs in NSE command-line parsing. Most notably,
--script broadcast-* will now work (generally, wildcards with scripts whose
name begins with a category name were not working properly). [Daniel Miller]

o [NSE] [GH#113] http-form-fuzzer will now stop increasing the size of a
request when an HTTP 413 or 414 error indicates the web server will not
accept a larger request. [Gioacchino Mazzurco]

o [NSE] [GH#159] Add the ability to tag credentials in the creds library
with freeform text for easy retrieval. This gives necessary granularity to
track credentials to multiple web apps on a single host+port. [Gioacchino
Mazzurco]

Enjoy the new release!
-Fyodor
_______________________________________________
Sent through the announce mailing list
https://nmap.org/mailman/listinfo/announce
Archived at http://seclists.org/nmap-hackers/