| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
requested by Thomas Klausner.
|
|
|
|
"The Nmap Project is pleased to announce the immediate, free availability
of the Nmap Security Scanner version 6.00 from http://nmap.org/.
It is the product of almost three years of work, 3,924 code commits,
and more than a dozen point releases since the big Nmap 5 release in July
2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts,
better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade."
Here is a condensed Changelog:
Nmap 6.01 [2012-06-13]
o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7.
o [Zenmap] Fixed a crash that happened when activating the host filter.
o Fixed a bug that caused Nmap to fail to find any network interface when
at least one of them is in the monitor mode.
http://seclists.org/nmap-dev/2012/q2/449
http://seclists.org/nmap-dev/2012/q2/478
o Fixed the greppable output of hosts that time-out.
Nmap 6.00 [2012-05-21]
o Most important release since Nmap 5.00 in July 2009! For a list of
the most significant improvements and new features, see the
announcement at: http://nmap.org/6
o Some XML output improvements...
o Lots of NSE scripts added and updated...
o Fixed the routing table loop on OS X so that on-link routes appear.
o Upgraded included libpcap to version 1.2.1.
o Fixed a compilation problem on Solaris 9 caused by a missing
definition of IPV6_V6ONLY.
o Setting --min-parallelism by itself no longer forces the maximum
parallelism to the same value.
o [Zenmap] Fixed a crash that would happen in the profile editor when
the script.db file doesn't exist.
o [Zenmap] It is now possible to compare scans having the same name or
command line parameters.
o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
"Unexpected probespec2ascii type encountered"
o Applied a workaround to make pcap captures work better on Solaris 10.
o Fixed a bug that could cause Nsock timers to fire too early.
o Changed the way timeout calculations are made in the IPv6 OS engine.
Nmap 5.61TEST5 [2012-03-09]
o Integrated all of your IPv4 OS fingerprint submissions since June
2011 (about 1,900 of them). Added about 256 new fingerprints (and
deleted some bogus ones), bringing the new total to 3,572.
Additions include Apple iOS 5.01, OpenBSD 4.9 and 5.0, FreeBSD 7.0
through 9.0-PRERELEASE, and a ton of new WAPs, routers, and other
devices. Many existing fingerprints were improved. For more details,
see http://seclists.org/nmap-dev/2012/q1/431
o Integrated all of your service/version detection fingerprints
submitted since November 2010--more than 2,500 of them! Our
signature count increased more than 10% to 7,423 covering 862
protocols. Some amusing and bizarre new services are described at
http://seclists.org/nmap-dev/2012/q1/359
o Integrated your latest IPv6 OS submissions and corrections. We're
still low on IPv6 fingerprints, so please scan any IPv6 systems you
own or administer and submit them to http://nmap.org/submit/. Both
new fingerprints (if Nmap doesn't find a good match) and corrections
(if Nmap guesses wrong) are useful.
o IPv6 OS detection now includes a novelty detection system which
avoids printing a match when an observed fingerprint is too
different from fingerprints seen before. As the OS database is still
small, this helps to avoid making (essentially) wild guesses when
seeing a new operating system.
o Refactored the nsock library to add the nsock-engines system.
o [NSE] Added 43(!) NSE scripts, bringing the total up to 340.
o CPE (Common Platform Enumeration) OS classification is now supported
for IPv6 OS detection.
[...]
Nmap 5.61TEST4 [2012-01-02] -> Nmap 5.61TEST1
[...]
Lots of Bugfixes!
Thanks to jschauma@ for analysing a NetBSD related problem,
and to David Fifield for providing the (upstream) patch.
|
|
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
|
|
|
|
|
|
Remove devel/py-ctypes (only needed by and supporting python24).
Remove PYTHON_VERSIONS_ACCEPTED and PYTHON_VERSIONS_INCOMPATIBLE
lines that just mirror defaults now.
Miscellaneous cleanup while editing all these files.
|
|
py-* not affected, since it built different versions depending on the
setting already.
|
|
|
|
|
|
Minor bug fixes.
|
|
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)
Enjoy.
|
|
o Added checks that the argument to freeaddrinfo is not NULL, avoiding
a segmentation fault on Android and possibly other platforms.
|
|
|
|
|
|
|
|
|
|
|
|
works with python-2.7.
|
|
o [Ndiff] Added support for prerule and postrule scripts.
o [NSE] Fixed a bug which caused some NSE scripts to fail due to the
absence of the NSE SCRIPT_NAME environment variable when loaded.
o [Zenmap] Selecting one of the scan targets in the left pane is
supposed to jump to that host in the Nmap Output in the right pane
(but it wasn't).
o Fixed an obscure bug in Windows interface matching. If the MAC
address of an interface couldn't be retrieved, it might have been
used instead of the correct interface.
o [NSE] Fixed portrules in dns-zone-transfer and ftp-proftpd-backdoor
that used shortport functions incorrectly and always returned
true.
o [Ndiff] Fixed ndiff.dtd to include two elements that can be diffed:
status and address.
o [Ndiff] Fixed the ordering of hostscript-related elements in XML
output.
o [NSE] Fixed a bug in the nrpe-enum script that would make it run for
every port (when it was selected--it isn't by default).
o [NSE] When an NSE script sets a negative socket timeout, it now
causes a controlled Lua stack trace instead of a fatal error.
o [Zenmap] Worked around an error that caused the py2app bootstrap
executable to be non-universal even when the rest of the application
was universal. This prevented the binary .dmg from working on
PowerPC.
o [Ndiff] Fixed an output line that wasn't being redirected to a file
when all other output was.
|
|
|
|
|
|
Some of the highlights are:
o [Zenmap] Added a new script selection interface, allowing you to
choose scripts and arguments from a list.
o [Nping] Added echo mode, learn more about echo mode at
http://nmap.org/book/nping-man-echo-mode.html.
o [NSE] Added an amazing 46 scripts, bringing the total to 177!
You can learn more about any of them at http://nmap.org/nsedoc/
o [NSE] Added 12 new protocol libraries.
o [NSE] Added a new brute library that provides a basic framework and logic
for brute force password auditing scripts.
o [Zenmap] Greatly improved performance for large scans by
benchmarking intensively and then recoding dozens of slow parts.
o Performed a major OS detection integration run. The database has
grown more than 14% to 2,982 fingerprints and many of the existing
fingerprints were improved. David posted highlights of his integration work at
http://seclists.org/nmap-dev/2010/q4/651
o Performed a huge version detection integration run. The number of
signatures has grown by more than 11% to 7,355. David posted highlights at
http://seclists.org/nmap-dev/2010/q4/761
o [NSE] Nmap has two new NSE script scanning phases. See
http://nmap.org/book/nse-usage.html#nse-script-types
o Dramatically improved nmap.xsl (used for converting Nmap XML output
to HTML).
o Integrated cracked passwords from the Gawker.com compromise
(http://seclists.org/nmap-dev/2010/q4/674) into Nmap's top-5000
password database.
o Merged port names in the nmap-services file with allocated names
from the IANA (http://www.iana.org/assignments/port-numbers).
o [Zenmap] Made the topology node radiuses grow logarithmically
instead of linearly, so that hosts with thousands of open ports
don't overwhelm the diagram.
o Improved IPv6 host output in that we now remember and report the
forward DNS name (given by the user) and any non-scanned addresses
(usually because of round robin DNS).
o [Zenmap] Upgraded to the newer gtk.Tooltip API to avoid deprecation
messages about gtk.Tooltip.
o [NSE] Enhance ssl-cert to also report the type and bit size of SSL
certificate public keys.
o [Nping] Nping now limits concurrent open file descriptors properly
based on the resources available on the host.
o Ncat now logs Nsock debug output to stderr instead of stdout for
consistency with its other debug messages.
o Changed the name of libdnet's sctp_chunkhdr to avoid a conflict with
a struct of the same name in <netinet/sctp.h>.
o [NSE] Host tables now have a host.traceroute member available when
--traceroute is used.
o Nmap now prints the MTU for interfaces in --iflist output.
o [Ncat,NSE] Server Name Indication (SNI) is now supported by Ncat and
Nmap NSE, allowing them to connect to servers which run multiple SSL
websites on one IP address.
o [Nsock] Added a new function, nsi_set_hostname, to set the intended
hostname of the target.
o [NSE] Made sslv2.nse give special output when SSLv2 is supported,
but no SSLv2 ciphers are offered.
o Fixed the fragmentation options (-f in Nmap, --mtu in Nmap & Nping),
which were improperly sending whole packets in version 5.35DC1.
o [NSE] When receiving raw packets from Pcap, the packet capture time
is now available to scripts as an additional return value from
pcap_receive().
o Updated IANA IP address space assignment list for random IP (-iR)
generation.
o [Ncat] Ncat now uses case-insensitive string comparison when
checking authentication schemes and parameters.
o [NSE] There is now a limit of 1,000 concurrent running scripts,
instituted to keep memory under control when there are many open
ports.
Plus many bugfixes and improvements.
For full changelog, see http://nmap.org/changelog.html
|
|
|
|
|
|
|
|
PR#43975.
|
|
|
|
|
|
Some of the highlights are:
o [NSE] Added more scripts, bringing the total to 131!
o Performed a major OS detection integration run.
o Performed a large version detection integration run.
o [Zenmap] Added the ability to print Nmap output to a printer.
o [Nmap, Ncat, Nping] The default unit for time specifications is now
seconds, not milliseconds, and times may have a decimal point.
o Ports are now considered open during a SYN scan if a SYN packet
(without the ACK flag) is received in response.
o [Ncat] In listen mode, the --exec and --sh-exec options now accept a
single connection and then exit, just like in normal listen mode.
o UDP payloads are now stored in an external data file, nmap-payloads,
instead of being hard-coded in the executable.
o Added a new library, libnetutil, which contains about 2,700 lines of
networking related code which is now shared between Nmap and Nping
o Improved service detection match lines.
o Improved our brute force password guessing list by mixing in some
data sent in by Solar Designer of John the Ripper fame.
o [Zenmap] IP addresses are now sorted by octet rather than their
string representation.
o [Ncat] When receiving a connection/datagram in listen mode, Ncat now
prints the connecting source port along with the IP address.
o Added EPROTO to the list of known error codes in service scan.
o Updated IANA IP address space assignment list for random IP (-iR)
generation.
o Zenmap's "slow comprehensive scan profile" has been modified to use
the best 7-probe host discovery combination we were able to find in
extensive empirical testing
o Zenmap now lets you save scan results in normal Nmap text output
format or (as before) as XML.
o [NSE] Raw packet sending at the IP layer is now supported, in
addition to the existing Ethernet sending functionality.
o Nmap now honors routing table entries that override interface
addresses and netmasks.
o [Ncat] The HTTP proxy server now accepts client connections over
SSL, and added support for HTTP digest authentication of proxies, as
both client and server.
o Improved the MIT Kerberos version detection signatures.
Plus many bugfixes and improvements.
For full changelog, see http://nmap.org/changelog.html
|
|
Ok'ed during freeze by wiz@
|
|
Some of highlights are:
o Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!
o Added 7 new NSE scripts for a grand total of 79!
o Performed a memory consumption audit and made changes to
dramatically reduce Nmap's footprint.
o A major service detection submission integration.
o Added some new service detection probes
o Added 14 new NSE scripts for a grand total of 72! You can learn
about them all at http://nmap.org/nsedoc/. Here are the new ones:
o Nmap's --traceroute has been rewritten for better performance.
o Integrated 1,349 fingerprints (and 81 corrections).
o [NSE] Default socket parallelism has been doubled from 10 to 20.
o [NSE] Now supports worker threads
o Zenmap now includes ports in the services view whenever Nmap found
them "interesting," whatever their state.
o [Ncat, Ndiff] The exit codes of these programs now reflect whether
they succeeded.
o Optimize MAC address prefix lookup by using an std::map
o Canonicalized the list of OS detection device types to a smaller set.
o Zenmap's UI performance has improved significantly.
o [NSE] socket garbage collection was rewritten for better performance.
Many many bugfixes!
For full changelog, see http://nmap.org/changelog.html
Ok'ed during freeze by wiz@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fix for PR#41506
Fix missing @dirrm entries from PLIST*
Before we go into the detailed changes, here are the top 5 improvements in Nmap 5:
1. The new Ncat tool aims to be your Swiss Army Knife for data transfer, redirection, and debugging. We released a whole users' guide detailing security testing and network administration tasks made easy with Ncat.
2. The addition of the Ndiff scan comparison tool completes Nmap's growth into a whole suite of applications which work together to serve network administrators and security practitioners. Ndiff makes it easy to automatically scan your network daily and report on any changes (systems coming up or going down or changes to the software services they are running). The other two tools now packaged with Nmap itself are Ncat and the much improved Zenmap GUI and results viewer.
3. Nmap performance has improved dramatically. We spent last summer scanning much of the Internet and merging that data with internal enterprise scan logs to determine the most commonly open ports. This allows Nmap to scan fewer ports by default while finding more open ports. We also added a fixed-rate scan engine so you can bypass Nmap's congestion control algorithms and scan at exactly the rate (packets per second) you specify.
4. We released Nmap Network Scanning, the official Nmap guide to network discovery and security scanning. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. More than half the book is available in the free online edition.
5. The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. All existing scripts have been improved, and 32 new ones added. New scripts include a whole bunch of MSRPC/NetBIOS attacks, queries, and vulnerability probes; open proxy detection; whois and AS number lookup queries; brute force attack scripts against the SNMP and POP3 protocols; and many more. All NSE scripts and modules are described in the new NSE documentation portal.
Details are here: http://nmap.org/changelog.html
|
|
|
|
Correct handling of the length of data returned by SIOCGIFCONF. The
actual length of each item is never less than sizeof(struct ifreq), but
may be more than that. If the platform's struct sockaddr has an sa_len
field, and if the length in sa_len is larger then the space available in
ifr_ifru, then the data extends beyond the end of the ifr_ifru field by
the difference in sizes.
|
|
actual length of each item is never less than sizeof(struct ifreq), but
may be more than that. If the platform's struct sockaddr has an sa_len
field, and if the length in sa_len is larger then the space available in
ifr_ifru, then the data extends beyond the end of the ifr_ifru field by
the difference in sizes.
|
|
OK by salo@.
|
|
PKGREVISION++
|
|
Fixed the --script-updatedb command
Fixed several byte-order bugs in Traceroute
Service fingerprints in XML output are no longer be truncated
Added a UDP SNMPv3 probe to version detection
Zenmap no longer leaves any temporary files lying around.
*Lots* of Zenmap fixes
See CHANGELOG for all the details
|
|
|
