Nmap 7.40 Holiday Release: a dozen new NSE scripts, hundreds of new fingerprints, new Npcap, faster brute forcing, and more...

[Fyodor <fyodor () nmap org>]

Happy holidays from the Nmap Project!  In case your Christmas break plans
involve a lot of port scanning, we're delighted to announce our holiday
Nmap 7.40 release!  This version stuffs your stockings with dozens of new
features, including:

   - 12 new NSE scripts
   - Hundreds of updated OS and version detection detection signatures
   - Faster brute force authentication cracking and other NSE library
   improvements
   - A much-improved version of our Npcap Windows packet capturing
   driver/library

There are many more improvements which are all describe below.  Nmap 7.40
source code and binary packages for Linux, Windows, and Mac are
available for free download from the usual spot:

https://nmap.org/download.html

If you find any bugs in this release, please let us know on the Nmap Dev
list or bug tracker as described at https://nmap.org/book/man-bugs.html.

Here are the changes since Nmap 7.31 from October:

• [Windows] Updated the bundled Npcap from 0.10r9 to 0.78r5, with an
improved installer experience, driver signing updates to work with Windows
10 build 1607, and bugfixes for WiFi connectivity problems. [Yang Luo,
Daniel Miller]

• Integrated all of your IPv4 OS fingerprint submissions from April to
September (568 of them). Added 149 fingerprints, bringing the new total to
5,336. Additions include Linux 4.6, macOS 10.12 Sierra, NetBSD 7.0, and
more. Highlights: http://seclists.org/nmap-dev/2016/q4/110 [Daniel Miller]

• Integrated all of your service/version detection fingerprints submitted
from April to September (779 of them). The signature count went up 3.1% to
11,095. We now detect 1161 protocols, from airserv-ng, domaintime, and mep
to nutcracker, rhpp, and usher. Highlights:
http://seclists.org/nmap-dev/2016/q4/115 [Daniel Miller]

• Fix reverse DNS on Windows which was failing with the message "mass_dns:
warning: Unable to determine any DNS servers." This was because the
interface GUID comparison needed to be case-insensitive. [Robert Croteau]

• [NSE] Added 12 NSE scripts from 4 authors, bringing the total up to 552!
They are all listed at https://nmap.org/nsedoc/, and the summaries are
below:

   - cics-enum enumerates CICS transaction IDs, mapping to screens in
   TN3270 services. [Soldier of Fortran]
   - cics-user-enum brute-forces usernames for CICS users on TN3270
   services. [Soldier of Fortran]
   - fingerprint-strings will print the ASCII strings it finds in the
   service fingerprints that Nmap shows for unidentified services. [Daniel
   Miller]
   - [GH#606] ip-geolocation-map-bing renders IP geolocation data as an
   image via Bing Maps API. [Mak Kolybabi]
   - [GH#606] ip-geolocation-map-google renders IP geolocation data as an
   image via Google Maps API. [Mak Kolybabi]
   - [GH#606] ip-geolocation-map-kml records IP geolocation data in a KML
   file for import into other mapping software [Mak Kolybabi]
   - nje-pass-brute brute-forces the password to a NJE node, given a valid
   RHOST and OHOST. Helpfully, nje-node-brute can now brute force both of
   those values. [Soldier of Fortran]
   - [GH#557] ssl-cert-intaddr will search for private IP addresses in TLS
   certificate fields and extensions. [Steve Benson]
   - tn3270-screen shows the login screen from mainframe TN3270 Telnet
   services, including any hidden fields. The script is accompanied by the new
   tn3270 library. [Soldier of Fortran]
   - tso-enum enumerates usernames for TN3270 Telnet services. [Soldier of
   Fortran]
   - tso-brute brute-forces passwords for TN3270 Telnet services. [Soldier
   of Fortran]
   - vtam-enum brute-forces VTAM application IDs for TN3270 services.
   [Soldier of Fortran]


• [NSE][GH#518] Brute scripts are faster and more accurate. New feedback
and adaptivity mechanisms in brute.lua help brute scripts use resources
more efficiently, dynamically changing number of threads based on protocol
messages like FTP 421 errors, network errors like timeouts, etc. [Sergey
Khegay]

• [GH#353] New option --defeat-icmp-ratelimit dramatically reduces UDP scan
times in exchange for labeling unresponsive (and possibly open) ports as
"closed|filtered". Ports which give a UDP protocol response to one of
Nmap's scanning payloads will be marked "open". [Sergey Khegay]

• [NSE][GH#533] Removed ssl-google-cert-catalog, since Google shut off that
service at some point. Reported by Brian Morin.

• [NSE][GH#606] New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results. [Mak Kolybabi]

• [Ncat] Restore the connection success message that Ncat prints with -v.
This was accidentally suppressed when not using -z.

• [GH#316] Added scan resume from Nmap's XML output. Now you can --resume a
canceled scan from all 3 major output formats: -oN, -oG, and -oX. [Tudor
Emil Coman]

• [Ndiff][GH#591] Fix a bug where hosts with the same IP but different
hostnames were shown as changing hostnames between scans. Made sort stable
with regard to hostnames. [Daniel Miller]

• [NSE][GH#540] Add tls.servername script-arg for forcing a name to be used
for TLS Server Name Indication extension. The argument overrides the
default use of the host's targetname. [Bertrand Bonnefoy-Claudet]

• [GH#505] Updated Russian translation of Zenmap by Alexander Kozlov.

• [NSE][GH#588] Fix a crash in smb.lua when using smb-ls due to a
floating-point number being passed to os.time ("bad argument"). [Dallas
Winger]

• [NSE][GH#596] Fix a bug in mysql.lua that caused authentication failures
in mysql-brute and other scripts due to including a null terminator in the
salt value. This bug affects Nmap 7.25BETA2 and later releases.  [Daniel
Miller]

• The --open option now implies --defeat-rst-ratelimit. This may result in
inaccuracies in the numbers of "Not shown:" closed and filtered ports, but
only in situations where it also speeds up scan times. [Daniel Miller]

• [NSE] Added known Diffie-Hellman parameters for haproxy, postfix, and
IronPort to ssl-dh-params. [Frank Bergmann]

• Added service probe for ClamAV servers (clam), an open source antivirus
engine used in mail scanning. [Paulino Calderon]

• Added service probe and UDP payload for Quick UDP Internet Connection
(QUIC), a secure transport developed by Google and used with HTTP/2.
[Daniel Miller]

• [NSE] Enabled resolveall to run against any target provided as a
hostname, so the resolveall.hosts script-arg is no longer required. [Daniel
Miller]

• [NSE] Revised script http-default-accounts in several ways [nnposter]:

   - Added 21 new fingerprints, plus broadened 5 to cover more variants.
   - [GH#577] It can now can test systems that return status 200 for
   non-existent pages.
   - [GH#604] Implemented XML output. Layout of the classic text output has
   also changed, including reporting blank usernames or passwords as
   "<blank>", instead of just empty strings.
   - Added CPE entries to individual fingerprints (where known). They are
   reported only in the XML output.

• [NSE][GH#573] Updated http.lua to allow processing of HTTP responses with
malformed header names. Such header lines are still captured in the
rawheader list but skipped otherwise. [nnposter]

• [GH#416] New service probe and match line for iperf3. [Eric Gershman]

• [NSE][GH#555] Add Drupal to the set of web apps brute forced by
http-form-brute. [Nima Ghotbi]

Enjoy this new release and please do let us know if you find any problems!
Download your holiday Nmap release at https://nmap.org/download.html.

Cheers,
Fyodor
_______________________________________________
Sent through the announce mailing list
https://nmap.org/mailman/listinfo/announce
Archived at http://seclists.org/nmap-hackers/