Anzeigen der neuesten Beiträge
0 Mitglieder und 1 Gast betrachten dieses Thema.
Nmap 5.10BETA2 [2009-12-24]o Added 7 new NSE scripts for a grand total of 79! You can learn about them all at http://nmap.org/nsedoc/. Here are the new ones: * nfs-showmount displays NFS exports like "showmount -e" does. See http://nmap.org/nsedoc/scripts/nfs-showmount.html. [Patrik Karlsson] * ntp-info prints the time and configuration variables provided by an NTP service. It may get such interesting information as the operating system, server build date, and upstream time server IP address. See http://nmap.org/nsedoc/scripts/ntp-info.html. [Richard Sammet] * citrix-brute-xml uses the unpwdb library to guess credentials for the Citrix PN Web Agent Service. See http://nmap.org/nsedoc/scripts/citrix-brute-xml.html. [Patrik Karlsson] * citrix-enum-apps and citrix-enum-apps-xml print a list of published applications from the Citrix ICA Browser or XML service, respectively. See http://nmap.org/nsedoc/scripts/citrix-enum-apps.html and http://nmap.org/nsedoc/scripts/citrix-enum-apps-xml.html. [Patrik Karlsson] * citrix-enum-servers and citrix-enum-servers-xml.nse print a list of Citrix servers from the Citrix ICA Browser or XML service, respectively. See http://nmap.org/nsedoc/scripts/citrix-enum-servers.html and http://nmap.org/nsedoc/scripts/citrix-enum-servers-xml.html. [Patrik Karlsson]o We performed a memory consumption audit and made changes to dramatically reduce Nmap's footprint. This improves performance on all systems, but is particularly important when running Nmap on small embedded devices such as phones. Our intensive UDP scan benchmark saw peak memory usage decrease from 34MB to 6MB, while OS detection consumption was reduced from 67MB to 3MB. Read about the changes at http://seclists.org/nmap-dev/2009/q4/663. Here are the highlights: * The size of the internal representation of nmap-os-db was reduced more than 90%. Peak memory consumption in our OS detection benchmark was reduced from 67MB to 3MB. [David] * The size of individual Port structures without service scan results was reduced about 70%. [Pavel Kankovsky] * When a port receives no response, Nmap now avoids allocating a Port structure at all, so scans against filtered hosts can be light on memory. [David]o David started a major service detection submission integration run. So far he has processed submissions since February for the following services: imap, pop3, afp, sip, printer, transmission, svnserve, vmware, domain, backdoor, finger, freeciv, hp, imaps, irc, landesk, netbios-ssn, netsupport, nntp, oracle, radmin, routersetup, rtorrent, serv-u, shoutcast, ssh, tcpmux, torrent, utorrent, vnc and ipp. The rest will come in the next release, along with full stats on the additions.o Added service detection probe for Kerberos (udp/88) and IBM DB2 DAS (523/UDP). [Patrik Karlsson]o Added a UDP payload and service detection probe for Citrix MetaFrame, which typically runs on 1604/udp. [Thomas Buchanan]o Added a UDP SIPOptions service detection probe corresponding to the TCP one. [Patrik Karlsson, Matt Selsky, David Fifield]o Updated service detection signatures for Microsoft SQL Server 2005 to detect recent Microsoft security update (MS09-062), and also updated ms-sql-info.nse to support MS SQL Server 2008 detection. [Tom]o Nmap now provides Christmas greetings and a reminder of Xmas scan (-sX) when run in verbose mode on December 25. [Fyodor]o Removed a limitation of snmp.lua which only allowed it to properly encode OID component values up to 127. The bug was reported by Victor Rudnev. [David]o Nmap script output now uses two spaces of indention rather than three for the first level. This better aligns with the standard set by the stdnse.format_output function added in the last release. Output now looks like: 8082/tcp open http Apache httpd 2.2.13 ((Fedora)) |_http-favicon: Apache Web Server (seen on SuSE, Linux Tux favicon) |_html-title: Nmap - Free Security Scanner For Network Exploration & Securit... ... Host script results: | smb-os-discovery: | OS: Unix (Samba 3.4.2-0.42.fc11) | Name: Unknown\Unknown |_ System time: 2009-11-24 17:19:21 UTC-8 |_smbv2-enabled: Server doesn't support SMBv2 protocol [Fyodor]o [NSE] Fixed (we hope) a deadlock we were seeing when doing a favicon.nse survey against millions of hosts. We now restore all threads that are waiting on a socket lock when a thread relinquishes its lock. We expect only one of them to be able to grab the newly freed lock, and the rest to go back to waiting. [David, Patrick]o [Zenmap] Fixed a crash when filtering with inroute: in scans without traceroute data. (KeyError: 'hops') [David]o [NSE] Use a looser match pattern in auth-owners.nse for retrieving the owner out of an identd response. See http://seclists.org/nmap-dev/2009/q4/549. [Richard Sammet]o Improved some Cyrus pop3 and Polycom SoundStation sip match lines. [Matt Selsky]o [Ncat] In the Windows version of netrun, we weren't noticing when a command fails to be executed (when CreateProcess fails). We now see the return value and close the socket to disconnect the client. [David]o [NSE] Updated http-iis-webdav-vuln to run against SSL-enabled servers [Ron]o [NSE] Improved db2-info to set port product and state (rather than just port.version.name and confidence) when a DB2 service is positively identified. Error reporting was improved as well. [Tom]
Nmap 5.21 [2010-01-27]o [Zenmap] Added a workaround for a Ubuntu Python packaging idiosyncrasy. As of version python2.6-2.6.4-0ubuntu3, Ubuntu's distutils modifies self.prefix, a variable we use in the setup.py script. This would cause Zenmap to look in the wrong place for its configuration files, and show the dialog "Error creating the per-user configuration directory" with the specific error "[Errno 2] No such file or directory: '/usr/share/zenmap/config'". This problem was reported by Chris Clements, who also helped debug. [David]o Fixed an error that occurred when UDP scan was combined with version scan. UDP ports would appear in the state "unknown" at the end of the scan, and in some cases an assertion failure would be raised. This was an unintended side effect of the memory use reduction changes in 5.20. The bug was reported by Jon Kibler. [David]o [NSE] Did some simple bit-flipping on the nmap_service.exe program used by the smb-psexec script, to avoid its being falsely detected as malware. [Ron]o [NSE] Fixed a bug in http.lua that could lead to an assertion failure. It happened when there was an error getting the a response at the beginning of a batch in http.pipeline. The symptoms of the bug were: NSE: Received only 0 of 1 expected reponses. Decreasing max pipelined requests to 0. NSOCK (0.1870s) Write request for 0 bytes... nmap: nsock_core.c:516: handle_write_result: Assertion `bytesleft > 0' failed. The error was reported by Brandon Enright and pyllyukko.o [NSE] Restored the ability of http.head to return a body if the server returns one. This was lost in the http.lua overhaul from 5.20. [David]o [NSE] Fixed the use of our strict.lua library on distributions that install their own strict.lua. The error message was nse_main.lua:97: attempt to call a boolean value It was reported by Onur K. [Patrick]o Fixed handing of nameserver entries in /etc/resolv.conf so it could handle entries containing more than 16 bytes, which can occur with IPv6 addresses. Gunnar Lindberg reported the problem and contributed an initial patch, then Brandon and Kris refined and implemented it.o [NSE] Corrected a behavior change in http.request that was accidentally made in 5.20: it could return nil instead of a table indicating failure. [David]o [NSE] Fixed the use of an undefined variable in smb-enum-sessions, reported by Brandon. [Ron]o Fixed a compiler error when --without-liblua is used. [Brandon]o [NSE] Fixed an error with running http-enum.nse along with the --datadir option. The script would report the error http-enum.nse:198: bad argument #1 to 'lines' (nselib/data/http-fingerprints: No such file or directory) The error was reported by Ron Meldau and Brandon. [Kris]o Added a function that was missing from http-favicon.nse. Its absence would cause the error http-favicon.nse:141: variable 'dirname' is not declared when a web page specified an relative icon URL through the link element. This bug was reported by Ron Meldau. [David]o Fixed a bug with the decoding of NMAP OID component values greater than 127. [Patrik Karlsson, David]
# Nmap Changelog ($Id: CHANGELOG 18882 2010-07-16 18:23:36Z david $); -*-text-*-Nmap 5.35DC1 [2010-07-16]o [NSE] Added 17 scripts, bringing the total to 131! They are described individually in the CHANGELOG, but here is the list of new ones: afp-serverinfo, db2-brute, dns-cache-snoop, dns-fuzz, ftp-libopie http-php-version, irc-unrealircd-backdoor, ms-sql-brute, ms-sql-config, ms-sql-empty-password, ms-sql-hasdbaccess, ms-sql-query, ms-sql-tables, ms-sql-xp-cmdshell, nfs-ls, ntp-monlist Learn more about any of these at: http://nmap.org/nsedoc/o Performed a major OS detection integration run. The database has grown to 2,608 fingerprints (an increase of 262) and many of the existing fingerprints were improved. These include the Apple iPad and Cisco IOS 15.X devices. We also received many fingerprints for ancient Microsoft systems including MS-DOS with MS Networking Client 3.0, Windows 3.1, and Windows NT 3.1. David posted highlights of his integration work at http://seclists.org/nmap-dev/2010/q2/283.o Performed a large version detection integration run. The number of signatures has grown to 6,622 (an increase of 279). New signatures include a remote administrative backdoor that a school famously used to spy on its students, an open source digital currency scheme named Bitcoin, and game servers for EVE Online, l2emurt Lineage II, and Frozen Bubble. You can read David's highlights at http://seclists.org/nmap-dev/2010/q2/385.o [NSE] Added nfs-ls.nse, which lists NFS exported files and their attributes. The nfs-acls and nfs-dirlist scripts were deleted because all their features are supported by this script. [Djalal]o [NSE] Add new DB2 library and two scripts - db2-brute.nse uses the unpwdb library to guess credentials for DB2 - db2-info.nse re-write of Tom Sellers script to use the new library [Patrik]o [NSE] Added a library for Microsoft SQL Server and 7 new scripts. The new scripts are: - ms-sql-brute.nse uses the unpwdb library to guess credentials for MSSQL - ms-sql-config retrieves various configuration details from the server - ms-sql-empty-password checks if the sa account has an empty password - ms-sql-hasdbaccess lists database access per user - ms-sql-query add support for running custom queries against the database - ms-sql-tables lists databases, tables, columns and datatypes with optional keyword filtering - ms-sql-xp-cmdshell adds support for OS command execution to privileged users [Patrik]o [NSE] Added the afp-serverinfo script that gets a hostname, IP addresses, and other configuration information from an AFP server. The script, and a patch to the afp library, were contributed by Andrew Orr and subsequently enhanced by Patrik and David.o [NSE] Added additional vulnerability checks to smb-check-vulns.nse: The Windows RAS RPC service vulnerability MS06-025 (http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx) and the Windows DNS Server RPC vuln MS07-029 (http://www.microsoft.com/technet/security/bulletin/ms07-029.mspx). Note that these are only run if you specify the "unsafe" script arg because the implemented test crashes vulnerable services. [Drazen]o [NSE] Added dns-cache-snoop.nse by Eugene Alexeev. This script performs cache snooping by either sending non-recursive queries or by measuring response times.o [Zenmap] Added the ability to print Nmap output to a printer. [David]o [Nmap, Ncat, Nping] The default unit for time specifications is now seconds, not milliseconds, and times may have a decimal point. 1000 now means 1000 seconds, or about 17 minutes, not 1000 milliseconds. Floating point values such as 1.5 are now allowed. This affects the following options: Nmap: --host-timeout --max-rtt-timeout --min-rtt-timeout --initial-rtt-timeout --scan-delay --max-scan-delay --stats-every Ncat: -d --delay -i --idle-timeout -w --wait Nping: --delay --host-timeout --icmp-orig-time --icmp-recv-time --icmp-trans-time Some sanity checks have been added to catch what looks like an attempt to use the old millisecond defaults. For example, --host-timeout 10000 yields Since April 2010, the default unit for --host-timeout is seconds, so your time of "10000" is 2.8 hours. If this is what you want, use "10000s". QUITTING! You can always disable the warning by giving an explicit unit.o [NSE] Scripts which take an argument for a time duration can now have the duration be a number followed by a unit, like elsewhere in Nmap. An example is "10m" for 10 minutes. The units understood are "ms" for milliseconds, "s" for seconds, "m" for minutes, and "h" for hours. Seconds are the default if no unit is specified. The new function stdnse.parse_timespec does the parsing of these formats. The qscan.delay script argument, which formerly interpreted its argument as being in milliseconds, now defaults to seconds; append "ms" to continue using the same numbers. [David]o [NSE] Added irc-unrealircd-backdoor.nse, which detects a backdoor that was in UnrealIRCd source code distributions between November 2009 and June 2010. See http://seclists.org/nmap-dev/2010/q2/826. [Vlatko Kosturjak, Ron, David]o Ports are now considered open during a SYN scan if a SYN packet (without the ACK flag) is received in response. This can be due to an extremely rare TCP feature known as a simultaneous open or split handshake connection. see http://bit.ly/tcp-sh and http://seclists.org/nmap-dev/2010/q2/723. [Jah]o [Ncat] In listen mode, the --exec and --sh-exec options now accept a single connection and then exit, just like in normal listen mode. Use the --keep-open option to get the old default inetd-like behavior. This was suggested by David Millis. [David]o [NSE] Added ftp-libopie.nse by Gutek. This script checks for an off-by-one stack overflow vulnerability in libopie by giving the FTP service an overly long name. See http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc for details.o [NSE] Added ntp-monlist.nse which discovers NTP server, peer and client hosts associated with a scanned target by sending NTPv2 Private Mode 'monitor' and 'peers' commands to the target. [Jah]o [NSE] Added http-php-version.nse from Gutek. This script retrieves version-specific pages through a couple of magic PHP queries, which can identify the PHP version even when a server doesn't advertise it.o [NSE] New script dns-fuzz launches a fuzzing attack against DNS servers. Added a new category - fuzzer - for scripts like this. [Michael Pattrick]o David made many improvements to the NSEDoc for individual scripts, including adding @output sections to scripts which didn't have them. He also improved the generated HTML with features like auto-generating usage strings if the scripts don't include their own and allowing the giant sidebar lists of scripts/libraries to expand and contract. See http://nmap.org/nsedoc/.o UDP payloads are now stored in an external data file, nmap-payloads, instead of being hard-coded in the executable. This makes it easier to add your own payloads or disable those you find problematic. [Jay Fink, David]o The Windows executable installer now uses LZMA compression instead of zlib, making it about 15% smaller. See http://seclists.org/nmap-dev/2010/q2/1011 for test results. [David]o Open XML elements are now closed in case of a fatal error, so the output should at least be well-formed. There are new attributes "exit" and "errormsg" in the finished element. "exit" is "success" or "error". When it is "error", the "errormsg" attribute contains the error message. Thanks to Grant Bartlett, who found a typo in the new output. [David]o Fixed name resolution in environments where gethostbyname can return IPv6 (or other non-IPv4 addresses). In such an environment, Nmap would wrongly use the first four bytes of the IPv6 address as an IPv4 address. You could force this, at least on Debian, by adding the line "options inet6" to /etc/resolv.conf or by running with RES_OPTIONS=inet6 in the environment. This was reported by Mats Erik Andersson, who also suggested the fix. [David]o Fixed the assignment of interface aliases to directly connected routes on Linux, which was broken in 5.30BETA1 (it always assigned the base interface instead of the alias). This was visible in the host.interface variable passed to NSE scripts. The bug was reported Victor Rudnev. [David]o When Nmap is passed a hostname such as google.com which resolves to several IP addresses, Nmap now prints each IP address. It still only scans the first one in the returned list. [David]o Nmap now works if you specify several target host names which resolve to the same IP address. This can be useful when you are scanning virtual-hosted web servers and want to see NSE results specific to each site name even though they reside on the same machine. [David]o Made a list of current Nmap SVN committers: http://nmap.org/svn/docs/committers.txto Added a new library, libnetutil, which contains about 2,700 lines of networking related code which is now shared between Nmap and Nping (it was previously duplicated by each tool). [Luis, David]o [NSE] http-passwd.nse now also checks for boot.ini to support Windows targets. [Gutek]o Removed --interactive mode, a miniature shell whose primary purpose was to hide command line arguments from the process list. It had been broken (would segfault during the second scan) for at least 9 months and was rarely used. The fact that it was broken was reported by Juan Carlos Castro. [David]o Added a version probe, match line, and UDP payload for the serialnumberd service of Mac OS X Server. This service overrides firewall settings to make itself visible, so it's useful for host discovery. [Patrik]o Improved service detection match lines for: o Oracle Enterprise Manager Agent and mupdate by Matt Selsky o Twisted web server, Apple Filing Protocol, Apple Mac OS X Password Server, XAVi XG6546p Wireless Gateway, Sun GlassFish Communications Server, and Comdasys, SIParator and Glassfish SIP by Patrik o PostgreSQL, Cisco Site Selector ftpd, and LanSafe UPS monitoring HTTPd by Tom Sellerso Improved our brute force password guessing list by mixing in some data sent in by Solar Designer of John the Ripper fame.o [Zenmap] IP addresses are now sorted by octet rather than their string representation. For example, 10.1.1.2 is now sorted before 10.1.1.10. This problem was reported by Norris Carden. [David]o [NSE] Added UDP header parsing support to packet.lua. [jah]o Fixed a bug in Libpcap which lead to Nmap hanging forever in some cases on 64-bit Mac OS X 10.6, 10.6.1, and 10.6.3. The fix was actually already available in upstream Libpcap, just not released. We also had to make Nmap build with its own Libpcap on 64-bit OS X if an already-installed system Libpcap has this bug. [David]o Updated our WinPcap to the new 4.1.2 release. [Rob Nicholls]o [NSE] Fixed a bug in qscan.nse which gave an error if a confidence level of 0.9995 was used. Thanks to Marcin Hoffmann for noticing the problem. [Kris]o [libpcap] Added a --disable-packet-ring option to force the use of an older, slower packet capture mechanism on Linux. Before Linux 2.6.27, the packet ring mechanism uses different-sized kernel structures on 32- and 64-bit architectures, so a 32-bit program will not run correctly on a 64-bit kernel. The older mechanism does not have this flaw.o Fixed some errors in nmap-os-db, probably caused by incorrect string replacement during integration. This patch is from James Cook.o [Nsock, Ncat] Nsock has a new function, nsp_setbroadcast, that allows setting the SO_BROADCAST option on sockets. Ncat now sets this option unconditionally in connect mode to allow connections to broadcast addresses (useful in UDP mode). [Daniel Miller]o Nmap now works with "teamed" network interfaces on Windows. In order to distinguish the interfaces, their textual descriptions are now compared in addition to their MAC addresses. Without this, Nmap would send on the wrong interface and not receive any replies. A symptom of this problem was all scans failing except when --unprivileged was used. Norris Carden reported this bug. [David]o [Ncat] When receiving a connection/datagram in listen mode, Ncat now prints the connecting source port along with the IP address (when verbosity is enabled). [Rebellis]o Fixed a problem where the time variable used in some port scanning algorithms (for probe timeouts, etc) could vary based on the debugging level. [Kris]o Moved the parse_long function from ncat to nbase for better reuse, and used it to simplify netmask parsing code. [William Pursell]o Added EPROTO to the list of known error codes in service scan. Daniel Miller reported that an EPROTO was causing Nmap to exit after sending the Sqlping probe during service scan. The error message was "Unexpected error in NSE_TYPE_READ callback. Error code: 71 (Protocol error)". We suspect this was caused by a forged ICMP packet sent by an active firewall. [David]o [NSE] Improved smtp-commands.nse to work against more mail servers, made it take an smtp-commands.domain script argument, and rewrote it in the style of other smtp scripts. [Jason DePriest]o [NSE] Made smtp-commands run for the services smtp, smtps, submission rather than just smtp. The other smtp scripts already do this. [David]o [NSE] The dns-recursion script now marks the port as open when it gets a response. [Olivier M]o [Nping] A big correctness and code cleanliness audit was performed which resulted in many bugs being fixed and much more code being shared with Nmap rather than duplicated. A structured testing script system was also created. [Luis, David]o [Nping] A big correctness and code cleanliness audit was performed which resulted in many bugs being fixed and much more code being shared with Nmap rather than duplicated. A structured testing script system was also created. [Luis, David]o [Nping] Now allows a --count value of zero to run almost indefinitely (2^32 rounds). Suggested by Andreas Hubert. [Luis]o [Nping] Fixed --data argument parsing. The value passed was not actually making it into outgoing packets. Reported by Tim Poth. [Luis]o [Nping] When a RST packet is received in response to a connection attempt in TCP-Connect mode, Nping now properly prints "Connection refused" rather than "Operation now in progress". [Luis]o [Nping] Fixed a bug which caused failure when the first supplied target was not resolvable (e.g.: nping bogushost.fkz scanme.insecure.com tcpdump.com). [Luis]o [Nping] Fixed some bugs in the BPF filter creation to avoid capture and printing of packets Nping sent or which are destined for another process. [Luis]o [Nping] Fixed a bug which prevented ARP replies from being displayed properly. [Luis]o [Nping] Fixed a bug that caused ICMP Router Advertisement entries to be set in host byte order rather than proper network byte order. [Luis]o [Nping] Fixed a segfault caused by bad --data values. [Greg Skoczek]o The Mac OS X installer is now built with MacPorts 1.9.1 rather than 1.8.2. Among other changes, this fixes a segmentation fault reported by some OS X 10.6.3 users.o Nsock now supports an option to remove its Pcap support. This allows the same Nsock to be shared with Nmap (which needs that support) and Ncrack (which doesn't.) Pcap support can be disabled by specifying --disable-pcap at configure time on UNIX, or by selecting the DebugNoPcap or ReleaseNoPcap configurations in Visual C++ on Windows.o Sped up compilation by not building both shared and static libdnet libraries--we only use the static one. [David]o [NSE] Improved error handling and reporting and re-designed communication class in RPC library with patch from Djalal Harouni. [Patrik]o Upgraded the included libpcap to version 1.1.1. [David]o [NSE] Add some special-use IPv4 addresses to isPrivate which are described in RFC 5736 and RFC 5737, published in Jan 2010. Improve performance of isPrivate for IPv4 addresses by using ip_in_range less frequently. Add an extra return value to isPrivate - when the first return value is true, the second return value will now be a string representing the special use assignment in which the supplied address is located. [jah]o Fix compilation on OpenSolaris. We had to make the libdnet autoconf check for PF_PACKET Linux-specific. Recent versions of OpenSolaris support PF_PACKET, but not in a way which is entirely compatible with the Linux approach. This problem was reported by Darren Reed. A few other minor compatibility changes were made as well. [David]o [NSE] Added script arguments "username" and "password" to ftp-bounce to override the default anonymous:IEUser@ login combination. [Kris]o [NSE] Added port number sorting to dns-service-discovery.nse. [Patrik]o [NSE] Added an snmpWalk() function to the SNMP library and updated scripts to use it. [Patrik]o [NSE] Fixed this dns.lua error reported by Eugene Alexeev: nselib/dns.lua:110: attempt to get length of field 'dtype' (a number value) [Jah]o Updated nmap-mac-prefixes to the latest IEEE data as of 2010-07-13.o Updated IANA IP address space assignment list for random IP (-iR) generation. [Kris]o Created a new directory for storing todo lists for Nmap and related projects. You can see what we're working on and planning by visiting http://nmap.org/svn/todo/.o [NSE] Removed explicit time limit checking from ms-sql-brute, pgsql-brute, mysql-brute, ldap-brute, and afp-brute. The unpwdb library does this automatically now. [David]o [NSE] Correct global access errors in afp.lua reported by Patrick Donnelly [Patrik]o [NSE] Correct misspelled "Capabilities.IgnoreSpaceBeforeParanthesis" name in the MySQL library. [Kris]o Cleaned up our Winpcap header file directory, and also updated to the latest files from the official developer pack (WpdPack_4_1_1.zip). [Fyodor]o [NSE] Fixed a bug which would prevent rpcinfo.nse from returning any results for RPC programs which could not be matched to a name. [Patrik]o [NSE] The ftp-anon script is now much smarter about parsing server responses and detecting successful (or not) logins. It now knows how to send the ACCT command where appropriate as well. [Rob Nicholls]o Normalized a bunch of version detection entries with "webserver" in the description. In most cases this was changed to "httpd".o [Ncat] Fixed the --crlf option not to insert an extra \r byte in the case that one system read ends with \r and the next begins with \n (should be rare). [David]o [NSE] Fixed bug in rpc.lua library that incorrectly required file handles to be 32 octets when calling the ReadDir function. The bug was reported by Djalal Harouni. [Patrik]
Autor
Thema: Nmap ... (Gelesen 11905 mal)
