Thema: Nmap ...

[SiLæncer]

Whats new: >>

o [NSE] Made numerous improvements to ssl-heartbleed to provide
  more reliable detection of the vulnerability.

o [Zenmap] Fixed a bug which caused this crash message:
     IOError: [Errno socket error] [Errno 10060] A connection attempt failed
     because the connected party did not properly respond after a period of
     time, or established connection failed because connected host has
     failed to
     respond
  The bug was caused by us adding a DOCTYPE definition to Nmap's XML
  output which caused Python's XML parser to try and fetch the DTD
  every time it parses an XML file.  We now override that DTD-fetching
  behavior. [Daniel Miller]

o [NSE] Fix some bugs which could cause snmp-ios-config and
  snmp-sysdescr scripts to crash
  (http://seclists.org/nmap-dev/2014/q2/120) [Patrik Karlsson]

o [NSE] Improved performance of citrixlua library when handling large XML
  responses containing application lists. [Tom Sellers]

http://nmap.org/

[SiLæncer]

Changelog

- Integrated all of your IPv4 OS fingerprint submissions since June 2013. Added 366 fingerprints, bringing the new total to 4485. Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2, OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
- (Windows, RPMs) Upgraded the included OpenSSL to version 1.0.1i.
- (Windows) Upgraded the included Python to version 2.7.8.
- Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This was added in 6.45, and resulted in trouble for Nmap XML parsers without network access, as well as increased traffic to Nmap's servers.
- [Ndiff] Fixed the installation process on Windows, which was missing the actual Ndiff Python module since we separated it from the driver script.
- [Ndiff] Fixed the ndiff.bat wrapper in the zipfile Windows distribution, which was giving the error, "\Microsoft was unexpected at this time.
- [Zenmap] Fixed the Zenmap .dmg installer for OS X.
- [Ncat] Fixed SOCKS5 username/password authentication. The password length was being written in the wrong place, so authentication could not succeed.
- Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts this to the string "(null)", but it caused segfault on Solaris.
- [Zenmap][Ndiff] Avoid crashing when users have the antiquated PyXML package installed. Python tries to be nice and loads it when we import xml, but it isn't compatible. Instead, we force Python to use the standard library xml module.
- Handle ICMP admin-prohibited messages when doing service version detection.
- [NSE] Fix a bug causing http.head to not honor redirects.
- [Zenmap] Fix a bug in DiffViewer causing this crash: TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only buffer, not NmapParserSAX Crash happened when trying to compare two scans within Zenmap.

[close]

http://nmap.org/

[SiLæncer]

Changelog

Nmap 6.49BETA1 [2015-06-03]

o Integrated all of your IPv4 OS fingerprint submissions from May 2014 to
  February 2015 (1900+ of them). Added 281 fingerprints, bringing the new total
  to 4766. Addtions include Linux 3.18, Windows 8.1, OS X 10.10, Android 5.0,
  FreeBSD 10.1, OpenBSD 5.6, and more. Highlights:
  http://seclists.org/nmap-dev/2015/q2/169 [Daniel Miller]

o Integrated all of your service/version detection fingerprints submitted from
  June 2013 to February 2015 (2500+ of them). The signature count soared over
  the 10000 mark, a 12% increase. We now detect 1062 protocols, from http,
  telnet, and ftp to jute, bgp, and slurm. Highlights:
  http://seclists.org/nmap-dev/2015/q2/171 [Daniel Miller]

o Integrated all of your IPv6 OS fingerprint submissions from June 2013 to
  April 2015 (only 97 of them!). We are steadily improving the IPv6 database,
  but we need your submissions. The classifier added 9 new groups, bringing the
  new total to 90. Highlights: http://seclists.org/nmap-dev/2015/q2/170 [Daniel
  Miller]

o Nmap now has an official bug tracker! We are using Github Issues, which you
  can reach from http://issues.nmap.org/. We welcome your bug reports,
  enhancement requests, and code submissions via the Issues and Pull Request
  features of Github (https://github.com/nmap/nmap), though the repository
  itself is just a mirror of our authoritative Subversion repository.

o [Zenmap] New Chinese-language (zh) translation from Jie Jiang, new Hindi (hi)
  translation by Gyanendra Mishra, and updated translations for German (de,
  Chris Leick), Italian (it, Jan Reister), Polish (pl, Jacek Wielemborek), and
  French (fr, MaZ)

o Added options --data <hex string> and --data-string <string> to send custom
  payloads in scan packet data. [Jay Bosamiya]

o --reason is enabled for verbosity > 2, and now includes the TTL of received
  packets in Normal output (this was already present in XML) [Jay Bosamiya]

o Update our Windows build system to VS 2013 on Windows 8.1. Also, we now build
  our included OpenSSL with DEP, ASLR, and SafeSEH enabled. [Daniel Miller]

o Our OS X installer is now built for a minimum supported version of 10.8
  (Mountain Lion), a much-needed update from 10.5 (Leopard). Additionally,
  OpenSSL is now statically linked, allowing us to distribute the latest from
  Macports instead of being subjected to the 0.9.8 branch still in use as of
  10.9. [Daniel Miller]

o New features for the IPv6 OS detection engine allow for better classification
  of systems: IPv6 guessed initial hop limit (TTL) and ratio of TCP initial
  window size to maximum segment size. [Alexandru Geana]

o [NSE] Rework ssl-enum-ciphers to actually score the strength of the SSL/TLS
  handshake, including certificate key size and DH parameters if applicable.
  This is similar to Qualys's SSL Labs scanner, and means that we no longer
  maintain a list of scores per ciphersuite. [Daniel Miller]

o All nmap.org pages are now available SSL-secured to improve privacy
  and ensure your binaries can't be tampered with in transit. So be
  sure to download from https://nmap.org/download.html. We will soon
  remove the non-SSL version of the site. We still offer GPG-signed
  binaries as well: https://nmap.org/book/install.html#inst-integrity

o [NSE] Added 25 NSE scripts from 17 authors, bringing the total up to 494!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below
  (authors are listed in brackets):

  + bacnet-info gets device information from SCADA/ICS devices via BACnet
    (Building Automation and Control Networks) [Stephen Hilt, Michael Toecker]

  + docker-version detects and fingerprints Docker [Claudio Criscione]

  + enip-info gets device information from SCADA/ICS devices via EtherNet/IP
    [Stephen Hilt]

  + fcrdns performs a Forward-confirmed Reverse DNS lookup and reports
    anomalous results. [Daniel Miller]

  + http-avaya-ipoffice-users enumerates users in Avaya IP Office 7.x systems.
    [Paulino Calderon]

  + http-cisco-anyconnect gets version and tunnel information from Cisco SSL
    VPNs. [Patrik Karlsson]

  + http-crossdomainxml detects overly permissive crossdomain policies and
    finds trusted domain names available for purchase. [Paulino Calderon]

  + http-shellshock detects web applications vulnerable to Shellshock
    (CVE-2014-6271). [Paulino Calderon]

  + http-vuln-cve2006-3392 exploits a file disclosure vulnerability in Webmin.
    [Paul AMAR]

  + http-vuln-cve2014-2126, http-vuln-cve2014-2127, http-vuln-cve2014-2128 and
    http-vuln-cve2014-2129 detect specific vulnerabilities in Cisco AnyConnect
    SSL VPNs. [Patrik Karlsson]

  + http-vuln-cve2015-1427 detects Elasticsearch servers vulnerable to remote
    code execution. [Gyanendra Mishra]

  + http-vuln-cve2015-1635 detects Microsoft Windows systems vulnerable to
    MS15-034. [Paulino Calderon]

  + http-vuln-misfortune-cookie detects the "Misfortune Cookie" vulnerability
    in Allegro RomPager 4.07, commonly used in SOHO routers for TR-069 access.
    [Andrew Orr]

  + http-wordpress-plugins was renamed http-wordpress-enum and extended to
    enumerate both plugins and themes of Wordpress installations and their
    versions. http-wordpress-enum is now http-wordpress-users. [Paulino Calderon]

  + mikrotik-routeros-brute performs password auditing attacks against
    Mikrotik's RouterOS API. [Paulino Calderon]

  + omron-info gets device information from Omron PLCs via the FINS service.
    [Stephen Hilt]

  + s7-info gets device information from Siemens PLCs via the S7 service,
    tunneled over ISO-TSAP on TCP port 102. [Stephen Hilt]

  + snmp-info gets the enterprise number and other information from the
    snmpEngineID in an SNMPv3 response packet. [Daniel Miller]

  + ssl-ccs-injection detects whether a server is vulnerable to the SSL/TLS
    CCS Injection vulnerability (CVE-2014-0224) [Claudiu Perta]

  + ssl-poodle detects the POODLE bug in SSLv3 (CVE-2014-3566) [Daniel Miller]

  + supermicro-ipmi-conf exploits Supermicro IPMI/BMC controllers. [Paulino
    Calderon]

  + targets-ipv6-map4to6 generates target IPv6 addresses which correspond to
    IPv4 addresses mapped within a particular IPv6 subnet. [Raúl Fuentes]

  + targets-ipv6-wordlist generates target IPv6 addresses from a wordlist made
    of hexadecimal characters. [Raúl Fuentes]

o Enhance Nmap's tcpwrapped service detection by using a shorter timeout for
  the tcpwrapped designation. This prevents falsely labeling services as
  tcpwrapped which merely have a read timeout shorter than 6 seconds. Full
  discussion: http://issues.nmap.org/39 [nnposter, Daniel Miller]

o Fix ICMP Echo (-PE) host discovery for IPv6, broken since 6.45, caused by
  failing to set the ICMP ID for outgoing packets which is used to match
  incoming responses. [Andrew Waters]

o Add 2 more ASCII-art configure splash images to be rotated randomly with the
  traditional dragon image. New ideas for other images to use here may be sent
  to dev@nmap.org. [Jay Bosamiya, Daniel Miller]

o Solve a crash on Windows (reported on Windows 8.1 on Surface Pro 3) caused by
  passing a NULL pointer to a WinPcap function that then tries to write an
  error message to it. [Peter Malecka]

o Fix compilation and several bugs on AIX. [Daniel Miller]

o Fix a bug in libdnet-stripped on Solaris that resulted in the wrong MAC
  address being detected for all interfaces.
  http://seclists.org/nmap-dev/2015/q2/1 [Daniel Miller]

o [NSE] Improved http-form-brute autodetection and behavior to handle more
  unusual-but-valid HTML syntax, non-POST forms, success/failure testing on
  HTTP headers, and more. [nnposter]

o [NSE] Reduce many NSE default timeouts and base them on Nmap's detected
  timeouts for those hosts from the port scan phase. Scripts which take timeout
  script-args can now handle 's' and 'ms' suffixes, just like Nmap's own
  options. [Daniel Miller]

o [NSE] Remove db2-discover, as its functionality was performed by service
  version detection since the broadcast portion was separated into
  broadcast-db2-discover. http://seclists.org/nmap-dev/2014/q3/415 [Daniel
  Miller]

o Cache dnet names not found on Windows when enumerating interfaces in the
  Windows Registry. Reduces startup times. [Elon Natovich]

o [NSE] Make smb-ls able to leverage results from smb-enum-shares or list of
  shares specified on command line. [Pierre Lalet]

o [NSE] Fix X509 cert date parsing for dates after 2049. Reported by Teppo
  Turtiainen. [Daniel Miller]

o Handle a bunch of socket errors that can result from odd ICMP Type 3
  Destination Unreachable messages received during service scanning. The crash
  reported was "Unexpected error in NSE_TYPE_READ callback.  Error code: 92
  (Protocol not available)" [Daniel Miller]

o Fixed a crash (NULL pointer dereference) in PortList::isTCPwrapped when using
  -sV and -O on an unknown service not listed in nmap-services. [Pierre Lalet]

o Fixed a benign TOCTOU race between stat() and open() in mmapfile().
  Reported by Camille Mougey. [Henri Doreau]

o Reduce CPU consumption when using nsock poll engine with no registered FD,
  by actually calling Poll() for the time until timeout, instead of directly
  returning zero and entering the loop again. [Henri Doreau]

o Change the URI for the fingerprint submitter to its new location at
  https://nmap.org/cgi-bin/submit.cgi

o [NSE] Added a check for Cisco ASA version disclosure, CVE-2014-3398, to
  http-enum in the 'security' category [Daniel Miller]

o Fixed a bug that caused Nmap to fail to find any network interface when a
  Prism interface is in monitor mode. The fix was to define the
  ARP_HRD_IEEE80211_PRISM header identifier in the libdnet-stripped code.
  [Brad Johnson]

o Added a version probe for Tor. [David Fifield]

o [NSE] Add support to citrix-enum-apps-xml for reporting if Citrix
   published applications in the list are enforcing/requiring the level
   of ICA/session data encryption shown in the script result.
   [Tom Sellers]

o [NSE] Updated our Wordpress plugin list to improve the
  http-wordpress-enum NSE script. We can now detect 34,077 plugins,
  up from 18,570. [Danila Poyarkov]

o [NSE] Add the signature algorithm that was used to sign the target port's
  x509 certificate to the output of ssl-cert.nse [Tom Sellers]

o [NSE] Fixed a bug in the sslcert.lua library that was triggered against
  certain services when version detection was used. [Tom Sellers]

o [NSE] vulns.Report:make_output() now generates XML structured output
  reports automatically. [Paulino Calderon]

o [NSE] Add port.reason_ttl, host.reason, host.reason_ttl for use in scripts
  [Jay Bosamiya]

o [NSE] If a version script is run by name, nmap.version_intensity() returns
  the maximum value (9) for it [Jay Bosamiya]

o [NSE] shortport.version_port_or_service() takes an optional rarity parameter
  now to run only when version intensity > rarity [Jay Bosamiya]

o [NSE] Added nmap.version_intensity() function so that NSE version scripts
  can use the argument to --version-intensity (which can be overridden by the
  script arg 'script-intensity') in order to decide whether to run or not
  [Jay Bosamiya]

o Improve OS detection; If a port is detected to be 'tcpwrapped', then it will
  not be used for OS detection. This helps in cases where a firewall might be
  the port to be 'tcpwrapped' [Jay Bosamiya]

o [Zenmap] Reduce noise generated in Topology View due to anonymous
  hops [Jay Bosamiya]

o Added option --exclude-ports to Nmap so that some ports can be excluded from
  scanning (for example, due to policy) [Jay Bosamiya]

o [Zenmap] Catch the MemoryError caused in Zenmap due to large Nmap Output,
  and display a more helpful error message [Jay Bosamiya]

o Catch badly named output files (such as those unintentionally caused by
  "-oX -sV logfile.xml") [Jay Bosamiya]

o [Zenmap] Improved NmapParser to increase speed in opening scans. Large scans
  now open in seconds instead of hours. [Jay Bosamiya]

o Modify the included libpcap configure script to disable certain unused
  features: bluetooth, usb, usb-can, and dbus sniffing. Dbus support caused a
  build problem on CentOS 6.5. [Daniel Miller]

o Updated the bundled libpcap from 1.2.1 to 1.5.3 [Jay Bosamiya]

o Correct the Target MAC Address in Nmap's ARP discovery to conform to what IP
  stacks in currently popular operating systems use. [Jay Bosamiya]

o Fixed a bug which caused Nmap to be unable to have any runtime interaction
  when called from sudo or from a shell script. [Jay Bosamiya]

o Improvements to whois-ip.nse: fix an unhandled error when a referred-to
  response could not be understood; add a new pattern to recognise a
  LACNIC "record not found" type of response and update the way ARIN is
  queried. [jah]

[close]

http://nmap.org/

[SiLæncer]

Changelog

Nmap 6.49BETA2

o Nmap now has an official bug tracker! We are using Github Issues, which you
  can reach from http://issues.nmap.org/. We welcome your bug reports,
  enhancement requests, and code submissions via the Issues and Pull Request
  features of Github (https://github.com/nmap/nmap), though the repository
  itself is just a mirror of our authoritative Subversion repository.

o [GH#154] Fix a crash (assertion error) when Nmap recieves an ICMP Host
  Unreachable message.

o [GH#158] Fix a configure failure when Python is not present, but no Python
  projects were requested. [Gioacchino Mazzurco]

o [GH#161] [Zenmap] Fix Zenmap on OS X which was failing with
  zipimport.ZipImportError due to architecture mismatch.

o [NSE] Remove ahbl.org checks from dnsbl.lua, since the service was shut down.
  [Forrest B.]

[close]

http://nmap.org/

[SiLæncer]

Changelog

Fix Ncat listen mode on Solaris and other platforms where struct sockaddr does not have a sa_len member. This also affected use of the -p and -s options. Brandon Haberfeld reported the crash.
Fix a Zenmap failure ot open on OS X with the error: "dyld: Symbol not found: _iconv Referenced from: /usr/lib/libcups.2.dylib" We had to remove the DYLD_LIBRARY_PATH environment variable from zenmap_wrapper.py.
Report our https URL (https://nmap.org) in more places rather than our non-SSL one.

[close]

http://nmap.org/

[SiLæncer]

Changelog

# Nmap Changelog ($Id: CHANGELOG 34833 2015-07-04 11:38:26Z gyani $); -*-text-*-

o [NSE] Added NTLM brute support to http-brute. [Gyanendra Mishra]

o [NSE] Added NTLM authentication support to http.lua and a related function to create
  an ntlm v2 session response in smbauth.lua. [Gyanendra Mishra]

o [NSE] ssl-enum-ciphers now marks cipher scores as unkown for ciphers requiring
  the use of openssl when openssl is missing. [jrchamp]

o [NSE] Added builtin pattern and multiple pattern search to http-grep. [Gyanendra Mishra]

o [NSE] http-crossdomainxml is now http-cross-domain-policy and supports client access
  policies and uses the new SLAXML parser. [Gyanendra Mishra]

o [NSE] Added a patch for vulns lib that allows list of tables to be submitted
  to fields in the vulns report. [Jacob Gajek]

o [NSE] Added additional checks for successful PUT request in http-put.
  [Oleg Mitrofanov]

o [NSE] Added an update for http-methods that checks all possible methods not in
  Allow or Public header of OPTIONS response. [Gyanendra Mishra]

o [NSE] Added SLAXML, an XML parser in Lua originally written by Gavin Kistner
  (a.k.a. Phrogz). [Gyanendra Mishra]

o [NSE] Added hnap-info, detects and outputs info for Home Network
  Administration Protocol devices. [Gyanendra Mishra]

o [NSE] Allow ssl-enum-ciphers to run on non-typical ports when it is selected
  by name. It will now send a service detection probe if the port is not a
  typical SSL port and version scan (-sV) was not used. [Daniel Miller]

o [NSE] Added http-webdav-scan, which detects WebDAV servers. [Gyanendra Mishra]

[close]

http://nmap.org/

[SiLæncer]

Changelog

# Nmap Changelog ($Id: CHANGELOG 35282 2015-09-23 20:23:00Z dmiller $); -*-text-*-

o Fix a crash in Zenmap when using Compare Results:
  AttributeError: 'NoneType' object has no attribute 'get_nmap_output'
  [Daniel Miller]

o [NSE] Fix http.get_url function when used with https scheme. Previously,
  plaintext http to port 443 was attempted first. [jah]

o Use a mutex on Windows to avoid a hang when accessing WinPCAP driver.
  Reported by multiple users on Windows 8.1 and Windows Server 2012 R2.
  Nmap hangs when the WinPCAP driver is accessed via OpenServiceA by multiple
  processes at once. Users report that this change, which uses a mutex to avoid
  concurrent access, fixes the hang. [Daniel Miller]

o [NSE] Enhanced reporting of elliptic curve names and strengths in
  ssl-enum-ciphers. The name of the curve is now reported instead of just "ec"
  [Brandon Paulsen]

o [NSE] Added knx-gateway-discover and knx-gateway-info scripts for gathering
  information from multicast and unicast KNX gateways, which connect home
  automation systems to IP networks. [Niklaus Schiess, Dominik Schneider]

o Disable TPACKET_V3 in our included libpcap. This version of the Linux kernel
  packet ring API has problems that result in lots of lost packets. This patch
  falls back to TPACKET_V2 or earlier versions if available. [nnposter]

o Output a warning when deprecated options are used, and suggest the preferred
  option. Currently deprecated: -i -o -m -sP -P0 -PN -oM -sR. The warning is
  only visible with -v. [Daniel Miller]

o [NSE] Added script http-ls. Parses web server directory index pages with
  optional recursion. [Pierre Lalet]

o [NSE] [GH#106] Added a new NSE module, ls.lua, for accumulating and
  outputting file and directory listings. The afp-ls, nfs-ls, and smb-ls
  scripts have been converted to use this module. [Pierre Lalet]

o Fix Nmap's DTD, which did not recognize that the script element could contain
  character data when a script returns a number or a boolean.
  [Jonathan Daugherty]

o [GH#75] Normalize check targets to standard format check-*.
  [Gioacchino Mazzurco]

o [GH#75] Normalize clean and distclean targets to standard format clean-* and
  distclean-*. [Gioacchino Mazzurco]

o [GH#75] Normalize build targets to standard format build-*.
  [Gioacchino Mazzurco]

o [NSE] Added script xmlrpc-methods. This script perfoms introspection of
  xmlrpc services and lists methods and their description. [Gyanendra Mishra]

o [NSE] Removed http-email-harvest as the the new http-grep does email address
  scraping by default. [Gyanendra Mishra]

o [NSE] Added script http-fetch. This script can be used to fetch all files
  from the target, specific files from the target or files that match a  given
  pattern. [Gyanendra Mishra]

o [NSE] http-drupal-modules was renamed to http-drupal-enum. Extended to
  enumerate both themesa and modules of drupal installaions. [Gyanendra Mishra]

o [GH#196] Fix raw packet sending on FreeBSD 10.0 and later. FreeBSD changed
  byte order of the IPv4 stack, so SYN scan and other raw packet functions were
  broken. [Edward Napierała] Also reported in [GH#50] by Olli Hauer.

o [NSE] Added script http-svn-enum. Enumerates users of a Subversion
  repostory by examinning commit logs. [Gyanendra Mishra]

o [NSE] Added script http-svn-info. Requests information from a
  Subversion repository.[Gyanendra Mishra]

o [GH#51] Added IPv6 support to nmap_mass_rdns, improved reverse DNS cache,
  and refactored DNS code to improve readability and extensibility.
  [Gioacchino Mazzurco]

o [NSE] Added NTLM brute support to http-brute. [Gyanendra Mishra]

o [NSE] Added NTLM authentication support to http.lua and a related function to create
  an ntlm v2 session response in smbauth.lua. [Gyanendra Mishra]

o [NSE] ssl-enum-ciphers now marks cipher scores as unkown for ciphers requiring
  the use of openssl when openssl is missing. [jrchamp]

o [NSE] Added builtin pattern and multiple pattern search to http-grep. [Gyanendra Mishra]

o [NSE] http-crossdomainxml is now http-cross-domain-policy and supports client access
  policies and uses the new SLAXML parser. [Gyanendra Mishra]

o [NSE] Added a patch for vulns lib that allows list of tables to be submitted
  to fields in the vulns report. [Jacob Gajek]

o [NSE] Added additional checks for successful PUT request in http-put.
  [Oleg Mitrofanov]

o [NSE] Added an update for http-methods that checks all possible methods not in
  Allow or Public header of OPTIONS response. [Gyanendra Mishra]

o [NSE] Added SLAXML, an XML parser in Lua originally written by Gavin Kistner
  (a.k.a. Phrogz). [Gyanendra Mishra]

o [NSE] Added hnap-info, detects and outputs info for Home Network
  Administration Protocol devices. [Gyanendra Mishra]

o [NSE] Added http-webdav-scan, which detects WebDAV servers. [Gyanendra Mishra]

o [NSE] Added tor-consensus-checker, which checks if a target is a
  known Tor node. [Jiayi Ye]

[close]

http://nmap.org/

[SiLæncer]

Changelog

    [NSE] Added ip-https-discover for detecting support for Microsoft's IP over HTTPS tunneling protocol. [Niklaus Schiess]
    [NSE] [GH#229] Improve parsing in http.lua for multiple Set-Cookie headers in a single response. [nnposter]
    [NSE] [GH#194] Add support for reading fragmented TLS messages to ssl-enum-ciphers. [Jacob Gajek]
    [Ncat] [GH#193] Fix Ncat listen mode over Unix sockets (named pipes) on OS X. This was crashing with the error:

        Ncat: getnameinfo failed: Undefined error: 0 QUITTING.

    Fixed by forcing the name to "localhost" [Michael Wallner]
    [NSE] Added knx-gateway-discover and knx-gateway-info scripts for gathering information from multicast and unicast KNX gateways, which connect home automation systems to IP networks. [Niklaus Schiess, Dominik Schneider]
    [NSE] Added script http-ls. Parses web server directory index pages with optional recursion. [Pierre Lalet]
    [NSE] Added script xmlrpc-methods. This script perfoms introspection of xmlrpc services and lists methods and their description. [Gyanendra Mishra]
    [NSE] Added script http-fetch. This script can be used to fetch all files from the target, specific files from the target or files that match a given pattern. [Gyanendra Mishra]
    [NSE] Added script http-svn-enum. Enumerates users of a Subversion repostory by examinning commit logs. [Gyanendra Mishra]
    [NSE] Added script http-svn-info. Requests information from a Subversion repository.[Gyanendra Mishra]
    [NSE] Added hnap-info, detects and outputs info for Home Network Administration Protocol devices. [Gyanendra Mishra]
    [NSE] Added http-webdav-scan, which detects WebDAV servers. [Gyanendra Mishra]
    [NSE] Added tor-consensus-checker, which checks if a target is a known Tor node. [Jiayi Ye]
    [GH#51] Added IPv6 support to nmap_mass_rdns, improved reverse DNS cache, and refactored DNS code to improve readability and extensibility. All in all, this makes the rDNS portion of IPv6 scans much faster. [Gioacchino Mazzurco]
    [NSE] Added NTLM brute support to http-brute. [Gyanendra Mishra]
    [NSE] Added NTLM authentication support to http.lua and a related function to create an ntlm v2 session response in smbauth.lua. [Gyanendra Mishra]
    [NSE] [GH#106] Added a new NSE module, ls.lua, for accumulating and outputting file and directory listings. The afp-ls, nfs-ls, and smb-ls scripts have been converted to use this module. [Pierre Lalet]
    [NSE] [GH#171] Splits smb-check-vulns into smb-vuln-conficker, smb-vuln-cve2009-3103, smb-vuln-ms06-025, smb-vuln-ms07-029, smb-vuln-regsvc-dos and smb-vuln-ms08-067. The scripts now support the library vulns and the script arguments "safe" and and "unsafe" were removed in favor of allowing users to control execution by NSE category. [Paulino Calderon]
    [NSE] bacnet-info.nse and s7-info.nse were added to the version category. [Paulino Calderon]
    [NSE] Added 124 new identifiers to bacnet-info.nse vendor database. [Paulino Calderon]
    [NSE] Fixed bacnet-info.nse to bind to the service port detected during scan instead of fixed port. [Paulino Calderon]
    Fix a crash in Zenmap when using Compare Results: AttributeError: 'NoneType' object has no attribute 'get_nmap_output' [Daniel Miller]
    [NSE] Enhanced reporting of elliptic curve names and strengths in ssl-enum-ciphers. The name of the curve is now reported instead of just "ec" [Brandon Paulsen]
    [GH#75] Normalize Makefile targets to use the same verb-project format, e.g. build-ncat, check-zenmap, install-nping, clean-nsock [Gioacchino Mazzurco]
    [NSE] Removed http-email-harvest as the the new http-grep does email address scraping by default. [Gyanendra Mishra]
    [NSE] http-drupal-modules was renamed to http-drupal-enum. Extended to enumerate both themesa and modules of drupal installaions. [Gyanendra Mishra]
    [NSE] Added builtin pattern and multiple pattern search to http-grep. [Gyanendra Mishra]
    [NSE] http-crossdomainxml is now http-cross-domain-policy and supports client access policies and uses the new SLAXML parser. [Gyanendra Mishra]
    [NSE] Added a patch for vulns lib that allows list of tables to be submitted to fields in the vulns report. [Jacob Gajek]
    [NSE] Added additional checks for successful PUT request in http-put. [Oleg Mitrofanov]
    [NSE] Added an update for http-methods that checks all possible methods not in Allow or Public header of OPTIONS response. [Gyanendra Mishra]
    [NSE] Added SLAXML, an XML parser in Lua originally written by Gavin Kistner (a.k.a. Phrogz). [Gyanendra Mishra]
    [NSE] [GH#122] Update the snmp-brute and other snmp-* scripts to use the creds library to store brute-forced snmp community strings. This allows Nmap to use the correct brute-forced string for each host. [Gioacchino Mazzurco]
    Several improvements to TLS/SSL detection in nmap-service-probes. A new probe, TLSSessionReq, and improvements to default SSL ports should help speed up -sV scans. http://seclists.org/nmap-dev/2015/q2/17 [Daniel Miller]
    [Nsock] Clean up the API so that nsp_* calls are now nsock_pool_* and nsi_* are nsock_iod_*. Simplify Nsock SSL init API, and make logging global to the library instead of associated with a nspool. [Henri Doreau]
    [GH#181] The configure script now prints a summary of configured options. Most importantly, it warns if OpenSSL was not found, since most users will want this library compiled in. [Gioacchino Mazzurco]
    Define TCP Options for SYN scan in nmap.h instead of literally throughout. This string is used by p0f and other IDS to detect Nmap scans, so having it a compile-time option is a step towards better evasion. [Daniel Miller]
    [GH#51] Nmap's parallel reverse-DNS resolver now handles IPv6 addresses. This should result in faster -6 scans. The old behavior is available with --system-dns. [Gioacchino Mazzurco]
    [NSE] Fix a couple odd bugs in NSE command-line parsing. Most notably, --script broadcast-* will now work (generally, wildcards with scripts whose name begins with a category name were not working properly). [Daniel Miller]
    [NSE] [GH#113] http-form-fuzzer will now stop increasing the size of a request when an HTTP 413 or 414 error indicates the web server will not accept a larger request. [Gioacchino Mazzurco]
    [NSE] [GH#159] Add the ability to tag credentials in the creds library with freeform text for easy retrieval. This gives necessary granularity to track credentials to multiple web apps on a single host+port. [Gioacchino Mazzurco]

[close]

http://nmap.org/

[SiLæncer]

Changelog

This is the most important release since Nmap 6.00 back in May 2012! For a list of the most significant improvements and new features, see the announcement at: https://nmap.org/7

[NSE] Added 6 NSE scripts from 6 authors, bringing the total up to 515! They are all listed at https://nmap.org/nsedoc/, and the summaries are below (authors are listed in brackets):

targets-xml extracts target addresses from previous Nmap XML results files. [Daniel Miller]
[GH#232] ssl-dh-params checks for problems with weak, non-safe, and export-grade Diffie-Hellman parameters in TLS handshakes. This includes the LOGJAM vulnerability (CVE-2015-4000). [Jacob Gajek]
nje-node-brute does brute-forcing of z/OS JES Network Job Entry node names. [Soldier of Fortran]
ip-https-discover detectings support for Microsoft's IP over HTTPS tunneling protocol. [Niklaus Schiess]
[GH#165] broadcast-sonicwall-discover detects and extracts information from SonicWall firewalls. [Raphael Hoegger]
[GH#38] http-vuln-cve2014-8877 checks for and optionally exploits a vulnerability in CM Download Manager plugin for Wordpress. [Mariusz Ziulek]
[Ncat] [GH#151] [GH#142] New option --no-shutdown prevents Ncat from shutting down when it reads EOF on stdin. This is the same as traditional netcat's "-d" option. [Adam Saponara]
[NSE] [GH#229] Improve parsing in http.lua for multiple Set-Cookie headers in a single response. [nnposter]

[close]

http://nmap.org/

[SiLæncer]

Changelog

The Windows installer is now built with NSIS 2.47 which features LoadLibrary security hardening to prevent DLL hijacking and other unsafe use of temporary directories. Thanks to Stefan Kanthak for reporting the issue to NSIS and to us and the many other projects that use it.
[NSE] [GH#254] Update the TLSSessionRequest probe in ssl-enum-ciphers to match the one in nmap-service-probes, which was fixed previously to correct a length calculation error.
[NSE] [GH#251] Correct false positives and unexpected behavior in http-* scripts which used http.identify_404 to determine when a file was not found on the target. The function was following redirects, which could be an indication of a soft-404 response.
[NSE] [GH#241] Fix a false-positive in hnap-info when the target responds with 200 OK to any request.
[NSE] [GH#244] Fix an error response in xmlrpc-methods when run against a non-HTTP service. The expected behavior is no output.
[NSE] Fix SSN validation function in http-grep

[close]

http://nmap.org/

[SiLæncer]

Changelog

[NSE] Added 12 NSE scripts from 7 authors, bringing the total up to 527! They are all listed at https://nmap.org/nsedoc/, and the summaries are below (authors are listed in brackets):

    [GH#322] http-apache-server-status parses the server status page of Apache's mod_status. [Eric Gershman]
    http-vuln-cve2013-6786 detects a XSS and URL redirection vulnerability in Allegro RomPager web server. Also added a fingerprint for detecting CVE-2014-4019 to http-fingerprints.lua. [Vlatko Kosturjak]
    [GH#226] http-vuln-cve2014-3704 detects and exploits the "Drupalgeddon" pre-auth SQL Injection vulnerability in Drupal. [Mariusz Ziulek]
    imap-ntlm-info extracts hostname and sometimes OS version from NTLM-auth-enabled IMAP services. [Justin Cacak]
    ipv6-multicast-mld-list discovers IPv6 multicast listeners with MLD probes. The discovery is the same as targets-ipv6-multicast-mld, but the subscribed addresses are decoded and listed. [Alexandru Geana, Daniel Miller]
    ms-sql-ntlm-info extracts OS version and sometimes hostname from MS SQL Server instances via the NTLM challenge message. [Justin Cacak]
    nntp-ntlm-info extracts hostname and sometimes OS version from NTLM-auth-enabled NNTP services. [Justin Cacak]
    pop3-ntlm-info extracts hostname and sometimes OS version from NTLM-auth-enabled POP3 services. [Justin Cacak]
    rusers retrieves information about logged-on users from the rusersd RPC service. [Daniel Miller]
    [GH#333] shodan-api queries the Shodan API (https://www.shodan.io) and retrieves open port and service info from their Internet-wide scan data. [Glenn Wilkinson]
    smtp-ntlm-info extracts hostname and sometimes OS version from NTLM-auth-enabled SMTP and submission services. [Justin Cacak]
    telnet-ntlm-info extracts hostname and sometimes OS version from NTLM-auth-enabled Telnet services. [Justin Cacak]

Updated the OpenSSL shipped with our binary builds (Windows, OS X, and Linux RPM) to 1.0.2g with SSLv2 enabled.
Integrated all of your IPv4 OS fingerprint submissions from October to January (536 of them). Added 104 fingerprints, bringing the new total to 5089. Additions include Linux 4.2, more Windows 10, IBM i 7, and more. Highlights: http://seclists.org/nmap-dev/2016/q1/270 [Daniel Miller]
Integrated all of your service/version detection fingerprints submitted from October to January (508 of them). The signature count went up 2.2% to 10532. We now detect 1108 protocols, from icy, finger, and rtsp to ipfs, basestation, and minecraft-pe. Highlights: http://seclists.org/nmap-dev/2016/q1/271 [Daniel Miller]
Integrated all 12 of your IPv6 OS fingerprint submissions from October to January. The classifier added 3 new groups, including new and expanded groups for OS X, bringing the new total to 96. Highlights: http://seclists.org/nmap-dev/2016/q1/273 [Daniel Miller]
[NSE] Upgrade to http-form-brute allowing correct handling of token-based CSRF protections and cookies. Also, a simple database of common login forms supports Django, Wordpress, MediaWiki, Joomla, and others. [Daniel Miller]
[Zenmap] [GH#247] Remember window geometry (position and size) from the previous time Zenmap was run. [isjing]
New service probe for CORBA GIOP (General Inter-ORB Protocol) detection should elicit a not-found exception from GIOP services that do not respond to non-GIOP probes. [Quentin Hardy]
[GH#284] Fix retrieval of route netmasks on FreeBSD. IPv6 routes were given /32 netmasks regardless of actual netmask configured, resulting in failed routing. Reported by Martin Gysi. [Daniel Miller]
[GH#272][GH#269] Give option parsing errors after the usage statement, or avoid printing the usage statement in some cases. The options summary has grown quite large, requiring users to scroll to the top to see the error message. [Abhishek Singh]
[GH#249][Nsock] Avoid a crash on Windows reported by users using Zenmap's Slow Comprehensive Scan profile. In the case of unknown OpenSSL errors, ERR_reason_error_string would return NULL, which could not be printed with the "%s" format string. Reported by Dan Baxter. [Gisle Vanem, Daniel Miller]
[GH#293][Zenmap] Fix a regression in our build that caused copy-and-paste to not work in Zenmap on Windows.
Changed Nmap's idea of reserved and private IP addresses to include 169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks. This list, in libnetutil's isipprivate function, is used to filter -iR randomly generated targets. The newly-valid address ranges belong to the U.S. Department of Defense, so users wanting to avoid those ranges should use their own exclusion lists with --exclude or --exclude-file. [Bill Parker, Daniel Miller]
Allow the -4 option for Nmap to indicate IPv4 address family. This is the default, and using the option doesn't change anything, but does make it more explicit which address family you want to scan. Using -4 with -6 is an error. [Daniel Miller]
[GH#265] When provided a verbosity of 0 (-v0), Nmap will not output any text to the screen. This happens at the time of argument parsing, so the usual meaning of "verbosity 0" is preserved. [isjing]
[NSE][GH#314] Fix naming of SSL2_RC2_128_CBC_WITH_MD5 and SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 ciphers in sslv2 in order to match the draft specification from Mozilla. [Bertrand Bonnefoy-Claudet]
[NSE][GH#320] Add STARTTLS support to sslv2 to enable SSLv2 detection against services that are not TLS encrypted by default but that support post connection upgrade. This will enable more comprehensive detection of SSLv2 and DROWN (CVE-2016-0800) attack oracles. [Tom Sellers]
[NSE][GH#301] Added default credential checks for RICOH Web Image Monitor and BeEF to http-default-accounts. [nnposter]
Properly display Next-hop MTU value from ICMP Type 3 Code 4 Fragmentation Required messages when tracing packets or in Nping output. Improper offset meant we were printing the total IP length. [Sławomir Demeszko]
[NSE] Added support for DHCP options "TFTP server name" and "Bootfile name" to dhcp.lua and enabled checking for options with a code above 61 by default. [Mike Rykowski]
[NSE] whois-ip: Don't request a remote IANA assignments data file when the local filesystem will not permit the file to cached in a local file. [jah]
[NSE] Updated http-php-version hash database to cover all versions from PHP 4.1.0 to PHP 5.4.45. Based on scans of a few thousand PHP web servers pulled from Shodan API (https://www.shodan.io/) [Daniel Miller]
Use the same ScanProgressMeter for FTP bounce scan (-b) as for the other scan types, allowing periodic status updates with --stats-every or keypress events. [Daniel Miller]
[GH#274] Use a shorter pcap_select timeout on OpenBSD, just as we do for OS X, old FreeBSD, and Solaris, which use BPF for packet capture and do not have properly select-able fds. Fix by OpenBSD port maintainer [David Carlier]
Print service info in grepable output for ports which are not listed in nmap-services when a service tunnel (SSL) is detected. Previously, the service info ("ssl|unknown") was not printed unless the service inside the tunnel was positively identified. http://seclists.org/nmap-dev/2015/q4/260 [Daniel Miller]
[NSE] [GH#242] Fix multiple false-positive sources in http-backup-agent. [Tom Sellers]

[close]

http://nmap.org/

[SiLæncer]

Changelog

[NSE][GH#341] Added support for diffie-hellman-group-exchange-* SSH key exchange methods to ssh2.lua, allowing ssh-hostkey to run on servers that only support custom Diffie-Hellman groups. [Sergey Khegay]

[NSE] Added support in sslcert.lua for Microsoft SQL Server's TDS protocol, so you can now grab certs with ssl-cert or check ciphers with ssl-enum-ciphers. [Daniel Miller]
[Zenmap] Fix a crash when setting default window geometry:

    _{TypeError: argument of type 'int' is not iterable}

[Zenmap] Fix a crash when displaying the date from an Nmap XML file due to an empty or unknown locale:

    _{File "zenmapCore/NmapParser.py", line 627, in get_formatted_date
      locale.getpreferredencoding())
    LookupError: unknown encoding:}

[Zenmap] Fix a crash due to incorrect file paths when installing to /usr/local prefix. Example:

    _{Exception: File '/home/blah/.zenmap/scan_profile.usp' does not exist or could not be found!}

[close]

http://nmap.org/

[SiLæncer]

Changelog

[NSE] VNC updates including vnc-brute support for TLS security type and negotiating a lower RFB version if the server sends an unknown higher version. [Daniel Miller]
[NSE] Added STARTTLS support for VNC, NNTP, and LMTP [Daniel Miller]
Added new service probes and match lines for OpenVPN on UDP and TCP.

[close]

http://nmap.org/

[SiLæncer]

Changelog

[NSE][GH#365] Added sslv2-drown for detecting vulnerability to the DROWN attack, including CVE-2016-0703 and CVE-2016-0704 that enable fast attacks on OpenSSL. [Bertrand Bonnefoy-Claudet]
[NSE] Added http-mcmp for detecting mod_cluster Management Protocol (MCMP) and dumping its configuration. [Frank Spierings]
[Nping] Nping is now fully compatible with Npcap. [Daniel Miller]
[GH#279][Zenmap] Added a legend for the Topography window. [Suraj Hande]
[NSE] Added clamav-exec to detect ClamAV servers vulnerable to unauthorized clamav command execution. [Paulino Calderon]
[NSE] Added http-aspnet-debug to detect ASP.NET applications with debugging enabled. Script submitted by Josh Amishav-Zlatin. [Paulino Calderon]
Nmap can now make full use of Npcap, the Nmap Project's packet sniffing library for Windows. Most notably, this enables SYN scan and OS detection against localhost. [Yang Luo]
[NSE] Fix a crash that happened when trying to print the percent done of 0 NSE script threads:

    timing.cc:710 bool ScanProgressMeter::printStats(double, const timeval*): Assertion 'ltime' failed.

This would happen if no scripts were scheduled in a scan phase and the user pressed a key or specified a short --stats-every interval. Reported by Richard Petrie. [Daniel Miller]
[NSE] ssl-enum-ciphers will give a failing score to any server with an RSA certificate whose public key uses an exponent of 1. [Daniel Miller]
Update oldest supported Windows version to Vista (Windows 6.0). This enables the use of the poll Nsock engine. [Daniel Miller]
[GH#345][Zenmap] On Windows, save Zenmap's stderr output to a writeable location (%LOCALAPPDATA%\zenmap.exe.log or %TEMP%\zenmap.exe.log) instead of next to the zenmap.exe executable. This avoids a warning message when closing Zenmap if it produced any stderr output. [Daniel Miller]
[GH#379][NSE] Fix http-iis-short-name-brute to report non vulnerable hosts. Reported by alias1. [Paulino Calderon]
[GH#283][Nsock] Avoid "unknown protocol:0" debug messages and an "Unknown address family 0" crash on Windows and other platforms that do not set the src_addr argument to recvfrom for TCP sockets. [Daniel Miller]
[NSE][GH#371] Fix mysql-audit by adding needed library requires to the mysql-cis.audit file. The script would fail with "Failed to load rulebase" message. [Paolo Perego]
Retrieve the correct network prefix length for an adapter on Windows. If more than one address was configured on an adapter, the same prefix length would be used for both. This incorrect behavior is still used on Windows XP and earlier. Reported by Niels Bohr. [Daniel Miller]
[NSE] ssl-enum-ciphers will cap the score of an RC4-ciphersuite handshake at C and output a warning referencing RFC 7465.
Changed libdnet-stripped to avoid bailing completely when an interface is encountered with an unsupported hardware address type. Caused "INTERFACES: NONE FOUND!" bugs in Nmap whenever Linux kernel added new hardware address types. [Daniel Miller]
[NSE][GH#362] Added support for LDAP over udp to ldap-rootdse.nse. Also added version detection and information extraction to match the new LDAP LDAPSearchReq and LDAPSearchReqUDP probes. [Tom Sellers]
[GH#354] Added new version detection Probes for LDAP services, LDAPSearchReq and LDAPSearchReqUDP. The second is Microsoft Active Directory specific. The Probes will elicit responses from target services that allow better finger -printing and information extraction. Also added nmap-payload entry for detecting LDAP on udp. [Tom Sellers]
[NSE] Added vnc-title for logging in to VNC servers and grabbing the desktop title, geometry, and color depth. [Daniel Miller]
[NSE] More VNC updates: Support for VeNCrypt and Tight auth types, output of authentication sub-types in vnc-info, and all zero-authentication types are recognized and reported. [Daniel Miller]
[NSE] Update to enable smb-os-discovery to augment version detection for certain SMB related services using data that the script discovers. [Tom Sellers]
Improved version detection and descriptions for Microsoft and Samba SMB services. Also addresses certain issues with OS identification. [Tom Sellers]

[close]

http://nmap.org/

[SiLæncer]

Changelog

[GH#376] Windows binaries are now code-signed with our "Insecure.Com LLC" SHA256 certificate. This should give our users extra peace-of-mind and avoid triggering Microsoft's ever-increasing security warnings.
[NSE] Upgraded NSE to Lua 5.3, adding bitwise operators, integer data type, a utf8 library, and native binary packing and unpacking functions. Removed bit library, added bits.lua, replaced base32, base64, and bin libraries. [Patrick Donnelly]
[NSE] Added 2 NSE scripts, bringing the total up to 534! They are both listed at https://nmap.org/nsedoc/, and the summaries are below:

    oracle-tns-version decodes the version number from Oracle Database Server's TNS listener. [Daniel Miller]
    clock-skew analyzes and reports clock skew between Nmap and services that report timestamps, grouping hosts with similar skews. [Daniel Miller]

Integrated all of your service/version detection fingerprints submitted from January to April (578 of them). The signature count went up 2.2% to 10760. We now detect 1122 protocols, from elasticsearch, fhem, and goldengate to ptcp, resin-watchdog, and siemens-logo. [Daniel Miller]
[Nsock][GH#148] New, very fast IOCP Nsock engine uses "Overlapped I/O" to improve performance of version scan and NSE against many targets on Windows. [Tudor Emil Coman]
[Zenmap][GH#449] Fix a crash when closing Zenmap due to a read-only zenmap.conf. User will be warned that config cannot be saved and that they should fix the file permissions. [Daniel Miller]
[NSE] Fix a crash when parsing TLS certificates that OpenSSL doesn't support, like DH certificates or corrupted certs. When this happens, ssl-enum-ciphers will label the ciphersuite strength as "unknown." Reported by Bertrand Bonnefoy-Claudet. [Daniel Miller]
[NSE] Fixed a bug in ssl-enum-ciphers and ssl-dh-params which caused them to not output TLSv1.2 info with DHE ciphersuites or others involving ServerKeyExchange messages. [Daniel Miller]
[NSE][GH#531] Fix two issues in sslcert.lua that prevented correct operations against LDAP services when version detection or STARTTLS were used. [Tom Sellers]
[Zenmap] Long-overdue Spanish language translation has been added! Muy bien! [Vincent Dumont, Marta Garcia De La Paz, Paulino Calderon, Patricio Castagnaro]
[GH#426] Remove a workaround for lack of selectable pcap file descriptors on Windows, which required including pcap-int.h and locking us to a single version of libpcap. The new method, using WaitForSingleObject should work with all versions of both WinPcap and Npcap. [Daniel Miller]
[NSE][GH#234] Added a --script-timeout option for limiting run time for every individual NSE script. [Abhishek Singh]
[Ncat][GH#444] Added a -z option to Ncat. Just like the -z option in traditional netcat, it can be used to quicky check the status of a port. Port ranges are not supported. [Abhishek Singh]
Fix checking of Npcap/WinPcap presence on Windows so that "nmap -A" and "nmap" with no options result in the same behaviors as on Linux (and no crashes) [Daniel Miller]
[NSE] ssl-enum-ciphers will now warn about 64-bit block ciphers in CBC mode, which are vulnerable to the SWEET32 attack.
[NSE][GH#117] tftp-enum now only brute-forces IP-address-based Cisco filenames when the wordlist contains "{cisco}". Previously, custom wordlists would still end up sending these extra 256 requests. [Sriram Raghunathan]
[GH#472] Avoid an unnecessary assert failure in timing.cc when printing estimated completion time. Instead, we'll output a diagnostic error message:

    Timing error: localtime(n) is NULL

where "n" is some number that is causing problems. [Jean-Guilhem Nousse]
[NSE][GH#519] Removed the obsolete script ip-geolocation-geobytes. [Paulino Calderon]
[NSE] Added 9 new fingerprints for script http-default-accounts. (Motorola AP, Lantronix print server, Dell iDRAC6, HP StorageWorks, Zabbix, Schneider controller, Xerox printer, Citrix NetScaler, ESXi hypervisor) [nnposter]
[NSE] Completed a refresh and validation of almost all fingerprints for script http-default-accounts. Also improved the script speed. [nnposter]
[GH#98] Added support for decoys in IPv6. Earlier we supported decoys only in IPv4. [Abhishek Singh]
Various performance improvements for large-scale high-rate scanning, including increased ping host groups, faster probe matching, and ensuring data types can handle an Internet's-worth of targets. [Tudor Emil Coman]
[GH#484] Allow Nmap to compile on some older Red Hat distros that disable EC crypto support in OpenSSL. [Jeroen Roovers, Vincent Dumont]
[GH#439] Nmap now supports OpenSSL 1.1.0-pre5 and previous versions. [Vincent Dumont]
[Ncat] Fix a crash ("add_fdinfo() failed.") when --exec was used with --ssl and --max-conns, due to improper accounting of file descriptors. [Daniel Miller]
FTP Bounce scan: improved some edge cases like anonymous login without password, 500 errors used to indicate port closed, and timeouts for LIST command. Also fixed a 1-byte array overrun (read) when checking for privileged ports. [Daniel Miller]
[GH#140] Allow target DNS names up to 254 bytes. We previously imposed an incorrect limit of 64 bytes in several parts of Nmap. [Vincent Dumont]
[NSE] The hard limit on number of concurrently running scripts can now increase above 1000 to match a high user-set --min-parallelism value. [Tudor Emil Coman]
[NSE] Solved a memory corruption issue that would happen if a socket connect operation produced an error immediately, such as Network Unreachable. The event handler was throwing a Lua error, preventing Nsock from cleaning up properly, leaking events. [Abhishek Singh, Daniel Miller]
[NSE] Added the datetime library for performing date and time calculations, and as a helper to the clock-skew script.
[GH#103][GH#364] Made Nmap's parallel reverse DNS resolver more robust, fully handling truncated replies. If a response is too long, we now fall back to using the system resolver to answer it. [Abhishek Singh]
[Zenmap][GH#279] Added a legend for the Topography window. [Suraj Hande]

[close]

http://nmap.org/