The NetBSD Project

CVS log for pkgsrc/net/nmap/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / nmap

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.89: download - view: text, markup, annotated - select for diffs
Thu Apr 25 07:15:03 2024 UTC (7 months, 1 week ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, HEAD
Diff to: previous 1.88: preferred, colored
Changes since revision 1.88: +4 -4 lines
ndiff nmap zenmap: updated to 7.95

Nmap 7.95 [2024-04-19]

o [Windows] Upgraded Npcap (our Windows raw packet capturing and
  transmission driver) from version 1.75 to the latest version 1.79. It
  includes many performance improvements, bug fixes and feature
  enhancements described at https://npcap.com/changelog.

o Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added
  336 fingerprints, bringing the new total to 6036.  Additions include iOS 15 &
  16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2

o Integrated over 2500 service/version detection fingerprints submitted since
  June 2020. The signature count went up 1.4% to 12089, including 9 new
  softmatches.  We now detect 1246 protocols, including new additions of grpc,
  mysqlx, essnet, remotemouse, and tuya.

o [NSE] Four new scripts from the DINA community (https://github.com/DINA-community)
  for querying industrial control systems:

  + hartip-info reads device information from devices using the Highway
    Addressable Remote Transducer protocol

  + iec61850-mms queries devices using Manufacturing Message Specification
    requests. [Dennis Rösch, Max Helbig]

  + multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All
    message and prints the responses. [Stefan Eiwanger, DINA-community]

  + profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the
    PNIO-CM service.

o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1,
  libssh2 1.11.0, liblinear 2.47

o Upgraded OpenSSL binaries (for the Windows builds and for
  RPMs) to version 3.0.13. CVEs resolved in this update include only 2
  moderate-severity issues which we do not believe affect Nmap:
  CVE-2023-5363 and CVE-2023-2650

o [Zenmap][Ndiff] Zenmap and Ndiff now use setuptools, not distutils for packaging.

o [Ncat] Fixed Ncat UDP server mode to not quit after EOF on stdin. Reported
  as Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613

o Fixed an issue where TCP Connect scan (-sT) on Windows would fail to open any
  sockets, leading to scans that never finish. [Daniel Miller]

o [NSE] ssh-auth-methods will now print the pre-authentication banner text when
  available. Requires libssh2 1.11.0 or later. [Daniel Miller]

o [Zenmap] Fix a crash in Zenmap when changing a host comment.

o [NSE] Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]

o [Zenmap] RPM spec files now correctly require the python3 package, not python>=3

o Improvements to OS detection fingerprint matching, including a syntax change
  for nmap-os-db that allows ranges within the TCP Options string. This leads
  to more concise and maintainable fingerprints. [Daniel Miller]

o Improved the OS detection engine by using a new source port for each retry.
  Scans from systems such as Windows that do not send RST for unsolicited
  SYN|ACK responses were previously unable to get a response in subsequent
  tries. [Daniel Miller]

o Several profile-guided optimizations of the port scan engine. [Daniel Miller]

o Fix an out-of-bounds read which led to out-of-memory errors when
  duplicate addresses were used with --exclude

o Fixed a memory leak in Nsock: compiled pcap filters were not freed.

o Fixed a crash when using service name wildcards with -p, as in -p "http*"

o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap
  7.80 and later. [David Fifield, Mike Pattrick]

o [NSE] Fixed packet size testing in KNX scripts [f0rw4rd]

Revision 1.88: download - view: text, markup, annotated - select for diffs
Fri Jul 14 11:50:38 2023 UTC (16 months, 3 weeks ago) by nia
Branches: MAIN
CVS tags: pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3
Diff to: previous 1.87: preferred, colored
Changes since revision 1.87: +2 -1 lines
nmap: Add missing climits header inclusion. Spotted in SunOS bulk build.

Revision 1.87: download - view: text, markup, annotated - select for diffs
Fri Jun 9 12:53:14 2023 UTC (17 months, 3 weeks ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2
Diff to: previous 1.86: preferred, colored
Changes since revision 1.86: +2 -1 lines
nmap: fix build

Revision 1.86: download - view: text, markup, annotated - select for diffs
Tue Jun 6 10:45:10 2023 UTC (17 months, 4 weeks ago) by adam
Branches: MAIN
Diff to: previous 1.85: preferred, colored
Changes since revision 1.85: +4 -5 lines
nmap ndiff zenmap: updated to 7.94

Nmap 7.94 [2023-05-19]

o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
  this effort possible:
  + [Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík]

  + [Ndiff] Updated Ndiff to Python 3. [Brian Quigley]

  + Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
    to those who opened Python 3-related issues and pull requests: Eli
    Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
    Hasan Aliyev, and others.

o [Windows] Upgraded Npcap (our Windows raw packet capturing and
  transmission driver) from version 1.71 to the latest version 1.75. It
  includes dozens of performance improvements, bug fixes and feature
  enhancements described at https://npcap.com/changelog.

o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M
  (28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC
  prefix used previously for lookups.

o Added partial silent-install support to the Nmap Windows
  installer. It previously didn't offer silent mode (/S) because the
  free/demo version of Npcap Windoes packet capturing driver that it
  needs and ships with doesn't include a silent installer. Now with
  the /S option, Nmap checks whether Npcap is already installed
  (either the free version or OEM) and will silently install itself if
  so. This is similar to how the Wireshark installer works and is
  particularly helpful for organizations that want to fully automate
  their Nmap (and Npcap) deployments. See
  https://nmap.org/nmap-silent-install for more details.

o Lots of profile-guided memory and processing improvements for Nmap, including
  OS fingerprint matching, probe matching and retransmission lookups for large
  hostgroups, and service name lookups. Overhauled Nmap's string interning and
  several other startup-related procedures to speed up start times, especially
  for scans using OS detection. [Daniel Miller]

o Integrated many of the most-submitted IPv4 OS fingerprints for recent
  versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints,
  bringing the new total to 5700!

o [NSE] Added the tftp-version script which requests a
  nonexistent file from a TFTP server and matches the error message
  to a database of known software. [Mak Kolybabi]

o [Ncat] Ncat can now accept "connections" from multiple UDP hosts in
  listen mode with the --keep-open option. This also enables --broker and
  --chat via UDP. [Daniel Miller]

o Upgraded OpenSSL binaries (for the Windows builds and for
  RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602;
  CVE-2022-3786) which don't impact Nmap proper since it doesn't do
  certificate validation, but could possibly impact Ncat when the
  --ssl-verify option is used.

o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4

o Removed the bogus OpenSSL message from the Windows Nmap
  executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL
  legacy provider failed to load." We actually already have the legacy
  provider built-in to our OpenSSL builds, and that's why loading the
  external one fails.

o UDP port scan (-sU) and version scan (-sV) now both use the same
  data source, nmap-service-probes, for data payloads. Previously, the
  nmap-payloads file was used for port scan. Port scan responses will be used
  to kick-start the version matching process. [Daniel Miller]

o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
  the same as it already does for TCP services with SSL/TLS encryption. The
  DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent
  sooner in the scan. [Daniel Miller]

o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming
  connections. [Daniel Miller]

o Handle Internationalized Domain Names (IDN) like Яндекс.рф on
  platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller]

o [Ncat] Addressed an issue from the Debian bug tracker
  (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
  received immediately after a SOCKS CONNECT response. Ncat can now be
  correctly used in the ProxyCommand option of OpenSSH.

o Improved DNS domain name parsing to avoid recursion and enforce name length
  limits, avoiding a theoretical stack overflow issue with certain crafted DNS
  server responses, reported by Philippe Antoine.

o [NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
  errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]

o Updates to the Japanese manpage translation by Taichi Kotake.

o [Ncat] Dramatically speed up Ncat transfers on
  Windows by avoiding a 125ms wait for every read from
  STDIN. [scriptjunkie]

o [Windows] Periodically reset the system idle timer to keep the
  system from going to sleep while scans are in process. This only affects port
  scans and OS detection scans, since NSE and version scan do not rely on
  timing data to adjust speed.

o Updated the Nmap Public Source License (NPSL) to Version 0.95. This
  just clarifies that the derivative works definition and all other
  license clauses only apply to parties who choose to accept the
  license in return for the special rights granted (such as Nmap
  redistribution rights). If a party can do everything they need to
  using copyright provisions outside of this license such as fair use,
  we support that and aren't trying to claim any control over their
  work. Versions of Nmap released under previous versions of the NPSL
  may also be used under the NPSL 0.95 terms.

o Avoid storing many small strings from IPv4 OS detection results in the global
  string_pool. These were effectively leaked after a host is done being
  scanned, since string_pool allocations are not freed until Nmap quits.

Revision 1.85: download - view: text, markup, annotated - select for diffs
Mon May 15 09:43:16 2023 UTC (18 months, 2 weeks ago) by jperkin
Branches: MAIN
Diff to: previous 1.84: preferred, colored
Changes since revision 1.84: +2 -1 lines
nmap: INT_MAX needs climits.

Revision 1.84: download - view: text, markup, annotated - select for diffs
Tue Sep 6 18:47:27 2022 UTC (2 years, 2 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3
Diff to: previous 1.83: preferred, colored
Changes since revision 1.83: +5 -4 lines
nmap ndiff zenmap: updated to 7.93

Nmap 7.93 [2022-09-01]

o This release commemorates Nmap's 25th anniversary! It all started with this
  September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.

o [Windows] Upgraded Npcap (our Windows raw packet capturing and
  transmission driver) from version 1.50 to the latest version 1.71. It
  includes dozens of performance improvements, bug fixes and feature
  enhancements described at https://npcap.com/changelog.

o Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions.
  Binaries for this release include OpenSSL 3.0.5.

o Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1

o Fix a bug that prevented Nmap from discovering interfaces on Linux
  when no IPv4 addresses were configured. [Daniel Miller, nnposter]

o [NSE] NSE "exception handling" with nmap.new_try() will no longer
  result in a stack traceback in debug output nor a "ERROR: script execution
  failed" message in script output, since the intended behavior has always been
  to end the script immediately without output. [Daniel Miller]

o Update the Nmap output DTD to match actual output since the
  `<hosthint>` element was added in Nmap 7.90.

o [NSE] Fix newtargets support: since Nmap 7.92, scripts could not add
  targets in script pre-scanning phase. [Daniel Miller]

o Scripts dhcp-discover and broadcast-dhcp-discover now support
  setting a client identifier. [nnposter]

o Script oracle-tns-version was not reporting the version
  correctly for Oracle 19c or newer [linholmes]

o Script redis-info was crashing or producing inaccurate
  information about client connections and/or cluster nodes. [nnposter]

o Nmap and Nping were unable to obtain system routes on FreeBSD
  [benpratt, nnposter]

o Script ipidseq was broken due to calling an unreachable library
  function. [nnposter]

o Support for EC crypto was not properly enabled if Nmap
  was compiled with OpenSSL in a custom location. [nnposter]

o [NSE] Improvements to event handling and pcap socket garbage collection,
  fixing potential hangs and crashes. [Daniel Miller]

o We ceased creating the Nmap win32 binary zipfile. It was useful back when
  you could just unzip it and run Nmap from there, but that hasn't worked well
  for many years. The win32 self-installer handles Npcap installation and many
  other dependencies and complexities. Anyone who needs the binaries for some
  reason can still install Nmap on any system and retrieve them from there.
  For now we're keeping the Win32 zipfile in the Nmap OEM Edition
  (https://nmap.org/oem) for companies building Nmap into their own
  products. But even in that case we believe that running the Nmap OEM
  self-installer in silent mode is a better approach.

o Fix TDS7 password encoding for mssql.lua, which had been assuming
  ASCII input even though other parts of the library had been passing it Unicode.

o Replace deprecated CPEs for IIS with their updated identifier,
  cpe:/a:microsoft:internet_information_services [Esa Jokinen]

o [NSE] Fix script-terminating error when unknown BSON data types are
  encountered. Added parsers for most standard data types. [Daniel Miller]

o [Ncat] Fix hostname/certificate comparison and matching to handle ASN.1
  strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.

o [Ncat] Added support for SOCKS5 proxies that return bind addresses
  as hostnames, instead of IPv4/IPv6 addresses. [pomu0325]

Revision 1.83: download - view: text, markup, annotated - select for diffs
Tue Oct 26 11:06:08 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
CVS tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Diff to: previous 1.82: preferred, colored
Changes since revision 1.82: +2 -2 lines

net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch

Revision 1.82: download - view: text, markup, annotated - select for diffs
Thu Oct 7 14:41:59 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
Diff to: previous 1.81: preferred, colored
Changes since revision 1.81: +1 -2 lines
net: Remove SHA1 hashes for distfiles

Revision 1.81: download - view: text, markup, annotated - select for diffs
Thu Aug 26 08:24:48 2021 UTC (3 years, 3 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Diff to: previous 1.80: preferred, colored
Changes since revision 1.80: +5 -5 lines
nmap: updated to 7.92

Nmap 7.92 [2021-08-08]

o [Windows] Upgraded Npcap to version 1.50, the fastest and most stable release
  yet. Among the many exciting changes listed at https://npcap.org/changelog is
  support for Windows on ARM, which means Nmap can now run on lightweight
  Windows tablets like the Surface Pro X.

o  Updated Nmap's NPSL license to rewrite a poorly-worded
  clause which many folks interpreted as a "field of endeavor
  restriction" related to "proprietary software companies".  We are
  retroactively offering Nmap versions 7.90 and 7.91 under this new
  Version 0.93 of the NPSL so that users and distributors may choose
  either version of the license.

o [Windows] Updated our Windows builds to Visual Studio 2019, Windows 10 SDK,
  and the UCRT, removing support for Windows Vista and earlier. Npcap is
  required for packet injection and capture, not WinPcap.

o New Nmap option --unique will prevent Nmap from scanning the same IP address
  twice, which can happen when different names resolve to the same address. [Daniel Miller]

o [NSE] Added 3 NSE scripts, from 4 authors, bringing the total up to 604!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are
  below:

  +  nbns-interfaces queries NetBIOS name service (NBNS) to gather IP
    addresses of the target's network interfaces [Andrey Zhukov]

  +  openflow-info gathers preferred and supported protocol versions
    from OpenFlow devices [Jay Smith, Mak Kolybabi]

  + port-states prints a list of ports that were found in each state, including
    states that were summarized as "Not shown: X closed ports" [Daniel Miller]

o Several changes to UDP payloads to improve accuracy:

  +  Fix an issue with -sU where payload data went out-of-scope before
    it was used, causing corrupted payloads to be sent. [Mariusz Ziulek]

  + Nmap's retransmission limits were preventing some UDP payloads from being
    tried with -sU and -PU. Now, Nmap sends each payload for a particular port
    at the same time without delay. [Daniel Miller]

  + New UDP payloads:
    -  TS3INIT1 for UDP 3389 [colcrunch]
    -  DTLS for UDP 3391 (RD Gateway) [Arnim Rupp]


o [NSE] TLS 1.3 now supported by most scripts for which it is
  relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel
  connections and certificate parsing will require OpenSSL 1.1.1 or later to
  fully support TLS 1.3. [Daniel Miller]

o Changes to Nmap's XML output:

  + If a host times out, the XML <host> element will have the attribute
    timedout="true" and the host's timing info (srtt etc.) will still be printed.

  + The "extrareasons" element now includes a list of port numbers for each
    "ignored" state. The "All X ports" and "Not shown:" lines in normal output
    have been changed slightly to provide more detail. [Daniel Miller]

o  Fix an issue in addrset matching that was causing all targets to be
  excluded if the --excludefile listed a CIDR range that contains an earlier,
  smaller CIDR range. [Daniel Miller]

o Setting --host-timeout=0 will disable the host timeout, which is set by -T5
  to 15 minutes. Earlier versions of Nmap require the user to specify a very
  long timeout instead.

o [NSE] Prevent the ssl-* NSE scripts from probing ports that were
  excluded from version scan, usually 9100-9107, since JetDirect will print
  anything sent to these ports. [Daniel Miller]

o  Nmap no longer produces cryptic message "Failed to convert
  source address to presentation format" when unable to find useable route
  to the target. [nnposter]

o [Ncat] Use safety-checked versions of FD_* macros to abort early if
  number of connections exceeds FD_SETSIZE. [Pavel Zhukov]

o [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping
  server data sent right after the connection got established, such as port
  banners. [Sami Pönkänen]

o [Ncat] Fixed a bug in proxy connect mode which would close the
  connection as soon as it was opened in Nmap 7.90 and 7.91.

o [NSE] Fixed NSE so it will not consolidate all port script output
  for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller]

o [Zenmap] Fixed an issue where a failure to execute Nmap would result
  in a Zenmap crash with "TypeError: coercing to Unicode" exception.

o Nmap no longer considers an ICMP Host Unreachable as confirmation that a
  target is down, in accordance with RFC 1122 which says these errors may be
  transient. Instead, the probe will be destroyed and other probes used to
  determine aliveness. [Daniel Miller]

o [Ncat] Ncat no longer crashes when used with Unix domain sockets.

o [Ncat] Ncat is now again generating certificates
  with the duration of one year. Due to a bug, recent versions of Ncat were
  using only one minute. [Tobias Girstmair]

o [NSE] URL/percent-encoding is now using uppercase hex digits
  to align with RFC 3986, section 2.1, and to improve compatibility with some
  real-world web servers. [nnposter]

o [NSE] Script hostmap-crtsh got improved in several ways. The most
  visible are that certificate SANs are properly split apart and that
  identities that are syntactically incorrect to be hostnames are now ignored.
  [Michel Le Bihan, nnposter]

o [NSE] Loading of a Nikto database failed if the file was referenced
  relative to the Nmap directory [nnposter]

o [NSE] SMB2 dialect handling has been redesigned. Visible
  changes include:
  * Notable improvement in speed of script smb-protocols and others
  * Some SMB scripts are no longer using a hardcoded dialect, improving
    target interoperability
  * Dialect names are aligned with Microsoft, such as 3.0.2, instead of 3.02
  [nnposter]

o [NSE] Script smb2-vuln-uptime no longer reports false positives when
  the target does not provide its boot time. [nnposter]

o [NSE] Client packets composed by the DHCP library will now contain
  option 51 (IP address lease time) only when requested. [nnposter]

o [NSE] XML decoding in library citrixxml no longer crashes when
  encountering a character reference with codepoint greater than 255. (These
  references are now left unmodified.) [nnposter]

o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for
  the audit rule base. [nnposter]

o [NSE] It is now possible to control whether the SNMP library uses
  v1 (default) or v2c by setting script argument snmp.version. [nnposter]

Revision 1.80: download - view: text, markup, annotated - select for diffs
Fri Apr 16 06:55:33 2021 UTC (3 years, 7 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2
Diff to: previous 1.79: preferred, colored
Changes since revision 1.79: +5 -5 lines
nmap ndiff zenmap: updated to 7.91

Nmap 7.91 [2020-10-09]

o [Zenmap] Fix a crash in the profile editor due to a missing import.

o [Nsock][Windows] Demote the IOCP Nsock engine because of some known
  issues that will take longer to resolve. The previous default "poll" engine
  will be used instead.

o [Nsock][Windows] Fix a crash in service scan due to a previously-unknown
  error being returned from the IOCP Nsock engine. [Daniel Miller]

o [NSE] Fix several places where Lua's os.time was being used
  to represent dates prior to January 1, 1970, which fails on Windows. Notably,
  NSE refused to run in UTC+X timezones with the error "time result cannot be
  represented in this installation" [Clément Notin, nnposter, Daniel Miller]

o [NSE] MySQL library was not properly parsing server responses,
  resulting in script crashes. [nnposter]

o Silence the irrelevant warning, "Your ports include 'T:' but you
  haven't specified any TCP scan type" when running nmap -sUV

Nmap 7.90 [2020-10-02]

o [Windows] Upgraded Npcap, our Windows packet capturing (and sending)
  library to the milestone 1.00 release! It's the culmination of 7 years of
  development with 170 public pre-releases. This includes dozens of
  performance improvements, bug fixes, and feature enhancements described
  at https://npcap.org/changelog.

o Integrated over 800 service/version detection fingerprints submitted since
  August 2017. The signature count went up 1.8% to 11,878, including 17 new
  softmatches.  We now detect 1237 protocols from airmedia-audio, banner-ivu,
  and control-m to insteon-plm, pi-hole-stats, and ums-webviewer.  A
  significant number of submissions remain to be integrated in the next
  release.

o Integrated over 330 of the most-frequently-submitted IPv4 OS fingerprints
  since August 2017. Added 26 fingerprints, bringing the new total to 5,678.
  Additions include iOS 12 & 13, macOS Catalina & Mojave, Linux 5.4, FreeBSD
  13, and more.

o Integrated all 67 of your IPv6 OS fingerprint submissions from August 2017 to
  September 2020. Added new groups for FreeBSD 12, Linux 5.4, and Windows 10,
  and consolidated several weak groups to improve classification accuracy.

o [NSE] Added 3 NSE scripts, from 2 authors, bringing the total up to 601!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are
  below:

  + dicom-brute attempts to brute force the called Application Entity Title
    of DICOM servers. [Paulino Calderon]

  + dicom-ping discovers DICOM servers and determines if any Application
    Entity Title is allowed to connect. [Paulino Calderon]

  + uptime-agent-info collects system information from an Idera Uptime
    Infrastructure Monitor agent. [Daniel Miller]

o Addressed over 250 code quality issues identified by LGTM.com,
  improving our code quality score from "C" to "A+"

o Released Npcap OEM Edition. For more than 20 years, the Nmap Project has
  been funded by selling licenses for companies to distribute Nmap with
  their products, along with commercial support. Hundreds of commercial
  products now use Nmap for network discovery tasks like port scanning,
  host discovery, OS detection, service/version detection, and of course
  the Nmap Scripting Engine (NSE). Until now they have just used standard
  Nmap, but this new OEM Edition is customized for use within other Windows
  software. Nmap OEM contains the OEM version of our Npcap driver, which
  allows for silent installation. It also removes the Zenmap GUI, which
  cuts the installer size by more than half. And it reports itself as Nmap
  OEM so customers know it's a properly licensed Nmap. See
  https://nmap.org/oem for more details. We will be reaching out to all
  existing licensees with Nmap OEM access credentials, but any licensees
  who wants it quicker should see https://nmap.org/oem.

o Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a
  cleaner and better organized version (still based on GPLv2) now called the
  Nmap Public Source License to avoid confusion. See https://nmap.org/npsl/
  for more details and annotated license text. This NPSL project was started
  in 2006 (community discussion here:
  https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for 7
  years until it was restarted in 2013
  (https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted by
  development again. We still have some ideas for improving the NPSL, but
  it's already much better than the current license, so we're applying NPSL
  Version 0.92 to the code now and can make improvements later if
  needed. This does not change the license of previous Nmap releases.

o Removed nmap-update. This program was intended to provide a way to update
  data files and NSE scripts, but the infrastructure was never fielded. It
  depended on Subversion version control and would have required maintaining
  separate versions of NSE scripts for compatibility.

o Removed the silent-install command-line option (/S) from the Windows
  installer. It causes several problems and there were no objections when we
  proposed removing it in 2016 (https://seclists.org/nmap-dev/2016/q4/168).
  It will remain in Nmap OEM since its main use was for customers who
  redistribute Nmap with other software. If anyone else has a strong need
  for an Nmap silent installer, please contact sales@nmap.com and we'll see
  what we can do.

o 23 new UDP payloads and dozens more default ports for existing
  payloads developed for Rapid7's InsightVM scan engine. These speed up and
  ensure detection of open UDP services. [Paul Miseiko, Rapid7]

o Added a UDP payload for STUN (Session Traversal Utilities for NAT).
  [David Fifield]

o [NSE] Fixed an off-by-one bug in the stun.lua library that prevented
  parsing a server response. [David Fifield]

o Restrict Nmap's search path for scripts and data files.
  NMAPDATADIR, defined on Unix and Linux as ${prefix}/share/nmap, will not be
  searched on Windows, where it was previously defined as C:\Nmap .
  Additionally, the --script option will not interpret names as directory names
  unless they are followed by a '/'. [Daniel Miller]

o Fix an assertion failure when unsolicited ARP response is received:
    nmap: Target.cc:503: void Target::stopTimeOutClock(const timeval*): Assertion `htn.toclock_running == true' failed.

o [NSE] New outlib library consolidates functions related to NSE output,
  both string formatting conventions and structured output. [Daniel Miller]

o [NSE] New dicom library implements the DICOM protocol used for
  storing and transfering medical images. [Paulino Calderon]

o Fix a regression in ARP host discovery left over from the move from
  massping to ultra_scan in Nmap 4.22SOC8 (2007) that sometimes resulted in
  missing ARP responses from targets near the end of a scan. Accuracy and speed
  are both improved. [Daniel Miller]

o Restrict Nmap's search path for scripts and data files.
  NMAPDATADIR, defined on Unix and Linux as ${prefix}/share/nmap, will not be
  searched on Windows, where it was previously defined as C:\Nmap .
  Additionally, the --script option will not interpret names as directory names
  unless they are followed by a '/'. [Daniel Miller]

o Fix the "iocp" Nsock engine for Windows to be able to correctly
  handle PCAP read events. This engine is now the default for Windows, which
  should greatly improve performance over the previous default, the "poll"
  engine. [Daniel Miller]

o Reduced CPU usage of OS scan by 50% by avoiding string copy
  operations and removing undocumented fingerprint syntax unused in nmap-os-db
  ('&' and '+' in expressions). [Daniel Miller]

o Allow multiple UDP payloads to be specified for a port in
  nmap-payloads. If the first payload does not get a response, the remaining
  payloads are tried round-robin. [Paul Miseiko, Rapid7]

o New option --discovery-ignore-rst tells Nmap to ignore TCP RST
  responses when determining if a target is up. Useful when firewalls are
  spoofing RST packets. [Tom Sellers, Rapid7]

o [Ncat] It is now possible to override
  the value of TLS SNI via --ssl-servername [Hank Leininger, nnposter]

o Fixed parsing of TCP options which would hang (infinite loop) if an
  option had an explicit length of 0. Affects Nmap 7.80 only.
  [Daniel Miller, Imed Mnif]

o [NSE] Script ssh2-enum-algos would fail if the server initiated
  the key exchange before completing the protocol version exchange
  [Scott Ellis, nnposter]

o [NSE] Fetching of SSH2 keys might fail because of key exchange
  confusion [nnposter]

o [NSE] Performance of script afp-ls has been dramatically improved
  [nnposter]

o [NSE] Parsing of AFP FPGetFileDirParms and
  FPEnumerateExt2FPEnumerateExt2 responses was not working correctly [nnposter]

o [NSE] Eliminated false positives in script http-shellshock caused by
  simple reflection of HTTP request data [Anders Kaseorg]

o [NSE] SNMP scripts are now enabled on non-standard ports where SNMP
  has been detected [usd-markus, nnposter]

o [NSE] MQTT library was using incorrect position when parsing
  received responses [tatulea]

o [NSE] IPMI library was using incorrect position when parsing
  received responses [Star Salzman]

o [NSE] Scripts ipmi-brute and deluge-rpc-brute were not capturing
  successfully brute-forced credentials [Star Salzman]

o Allow resuming IPv6 scans with --resume. The address parsing was assuming IPv4
  addresses, leading to "Unable to parse ip" error. In a related fix, MAC addresses
  will not be parsed as IP addresses when resuming from XML. [Daniel Miller]

o Fix reverse-DNS handling of PTR records that are not lowercase.
  Nmap was failing to identify reverse-DNS names when the DNS server delivered
  them like ".IN-ADDR.ARPA". [Lucas Nussbaum, Richard Schütz, Daniel Miller]

o [NSE] IKE library was not properly populating the protocol
  number in aggressive mode requests. [luc-x41]

o Added service fingerprinting for MySQL 8.x, Microsoft SQL
  Server 2019, MariaDB, and Crate.io CrateDB. Updated PostreSQL coverage and
  added specific detection of recent versions running in Docker. [Tom Sellers]

o New XML output "hosthint" tag emitted during host discovery when a target is
  found to be up. This gives earlier notification than waiting for the
  hostgroup to finish all scan phases. [Paul Miseiko]

o New UDP payloads for GPRS Tunneling Protocol (GTP) on ports 2123,
  2152, and 3386. [Guillaume Teissier]

o [NSE] SSH scripts now run on several ports likely to be SSH based on
  empirical data from Shodan.io, as well as the netconf-ssh service.
  [Lim Shi Min Jonathan, Daniel Miller]

o [Zenmap] Stop creating a debugging output file 'tmp.txt' on the
  desktop in macOS. [Roland Linder]

o [Nping] Address build failure under libc++ due to "using namespace std;" in
  several headers, resulting in conflicting definitions of bind(). Reported by
  StormBytePP and Rosen Penev. [Daniel Miller]

o [Ncat] Fix a fatal error when connecting to a Linux VM socket with
  verbose output enabled. [Stefano Garzarella]

o [Ncat] Proxy credentials can be alternatively passed onto Ncat by
  setting environment variable NCAT_PROXY_AUTH, which reduces the risk of the
  credentials getting captured in process logs. [nnposter]

o [NSE] Fixed a crash on Windows when processing a GZIP-encoded HTTP
  body. [Daniel Miller]

o Upgrade libpcap to 1.9.1, which addresses several CVE vulnerabilities.

o Upgrade libssh2 to 1.9.0, fixing compilation with OpenSSL 1.1.0 API.

o Processing of IP address CIDR blocks was not working
  correctly on ppc64, ppc64le, and s390x architectures. [rfrohl, nnposter]

o [Windows] Add support for the new loopback behavior in Npcap 0.9983 and
  later. This enables Nmap to scan localhost on Windows without needing the
  Npcap Loopback Adapter to be installed, which was a source of problems for
  some users.  [Daniel Miller]

o [NSE] MS SQL library has improved version resolution, from service pack level
  to individual cumulative updates [nnposter]

o [NSE] With increased verbosity, script http-default-accounts now
  reports matched target fingerprints even if no default credentials were found
  [nnposter]

o [NSE] IPP request object conversion to string was not working
  correctly [nnposter]

o [NSE] IPP response parser was not correctly processing
  end-of-attributes-tag [nnposter]

o [NSE] Script cups-info was failing due to erroneous double-decoding
  of the IPP printer status [nnposter]

o [NSE] Oracle TNS parser was incorrectly unmarshalling DALC byte
  arrays [nnposter]

o [NSE] The password hashing function for Oracle 10g was not working correctly
  for non-alphanumeric characters [nnposter]

o [NSE] Virtual host probing list, vhosts-full.lst, was missing numerous
  entries present in vhosts-default.lst [nnposter]

o [NSE] Script http-grep was not correctly calculating Luhn
  checksum [Colleen Li, nnposter]

o [NSE] Scripts dhcp-discover and broadcast-dhcp-discover now support
  new argument "mac" to force a specific client MAC address [nnposter]

o [NSE] Code improvements in RPC Dump, benefitting NFS-related scripts
  [nnposter]

o [NSE] RPC code was using incorrect port range, which was causing some calls,
  such as NFS mountd, to fail intermittently [nnposter]

o [NSE] XML output from script ssl-cert now includes RSA key modulus
  and exponent [nnposter]

o [NSE] Nmap no longer crashes when SMB scripts, such as smb-ls, call
  smb.find_files [nnposter]

o [NSE] The MongoDB library was causing errors when assembling protocol
  payloads. [nnposter]

o [NSE] The RTSP library was not correctly generating request
  strings. [nnposter]

o [NSE] VNC handshakes were failing with insert position out of bounds
  error. [nnposter]

o [NSE] Function marshall_dom_sid2 in library msrpctypes was not
  correctly populating ID Authority. [nnposter]

o [NSE] Unmarshalling functions in library msrpctypes were attempting
  arithmetic on a nil argument. [Ivan Ivanov, nnposter]

o [NSE] Functions lsa_lookupnames2 and lsa_lookupsids2 in library
  msrpc were incorrectly referencing function strjoin when called with debug
  level 2 or higher. [Ivan Ivanov]

o [NSE] Added HTTP default account fingerprints for Tomcat
  Host Manager and Dell iDRAC9. [Clément Notin]

o [NSE] A MS-SMB spec non-compliance in Samba was causing
  protocol negotiation to fail with data string too short error.
  [Clément Notin, nnposter]

o [NSE] A bug in SMB library was causing scripts to
  fail with bad format argument error. [Ivan Ivanov]

o [NSE] The HTTP library no longer crashes when code requests digest
  authentication but the server does not provide the necessary authentication
  header. [nnposter]

o [NSE] Fixed a bug in http-wordpress-users.nse that could cause
  extraneous output to be captured as part of a username. [Duarte Silva]

Revision 1.79: download - view: text, markup, annotated - select for diffs
Wed Mar 18 17:58:43 2020 UTC (4 years, 8 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Diff to: previous 1.78: preferred, colored
Changes since revision 1.78: +2 -1 lines
Help the compiler find the right bind

Revision 1.78: download - view: text, markup, annotated - select for diffs
Wed Aug 28 13:55:44 2019 UTC (5 years, 3 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Diff to: previous 1.77: preferred, colored
Changes since revision 1.77: +5 -5 lines
nmap: updated to 7.80

7.80:
Here is the full list of significant changes:

o [Windows] The Npcap Windows packet capturing library (https://npcap.org/)
  is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap
  from version 0.99-r2 to 0.9982, including all of these changes from the
  last 15 Npcap releases: https://nmap.org/npcap/changelog

o [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are
  below:

  +  broadcast-hid-discoveryd discovers HID devices on a LAN by
    sending a discoveryd network broadcast probe.

  +  broadcast-jenkins-discover discovers Jenkins servers on a LAN
    by sending a discovery broadcast probe.

  +  http-hp-ilo-info extracts information from HP
    Integrated Lights-Out (iLO) servers.

  +  http-sap-netweaver-leak detects SAP Netweaver Portal with the
    Knowledge Management Unit enabled with anonymous access.

  + https-redirect detects HTTP servers that redirect to the same port, but
    with HTTPS. Some nginx servers do this, which made ssl-* scripts not run
    properly.

  +  lu-enum enumerates Logical Units (LU) of TN3270E servers.


  +  rdp-ntlm-info extracts Windows domain information from RDP
    services.

  + smb-vuln-webexec checks whether the WebExService is installed and allows
    code execution.

  + smb-webexec-exploit exploits the WebExService to run arbitrary commands
    with SYSTEM privileges.

  +  ubiquiti-discovery extracts information from the Ubiquiti
    Discovery service and assists version detection.

  +  vulners queries the Vulners CVE database API using CPE
    information from Nmap's service and application version detection.


o Use pcap_create instead of pcap_live_open in
  Nmap, and set immediate mode on the pcap descriptor. This solves packet
  loss problems on Linux and may improve performance on other platforms.


o [NSE] Collected utility functions for string processing into a new
  library, stringaux.lua.

o [NSE] New rand.lua library uses the best sources of random available on
  the system to generate random strings.

o [NSE] New library, oops.lua, makes reporting errors easy, with plenty of
  debugging detail when needed, and no clutter when not.

o [NSE] Collected utility functions for manipulating and searching tables
  into a new library, tableaux.lua.

o [NSE] New knx.lua library holds common functions and definitions for
  communicating with KNX/Konnex devices.

o [NSE] The HTTP library now provides transparent support for gzip-
  encoded response body. (See https://github.com/nmap/nmap/pull/1571 for an
  overview.)

o [Nsock][Ncat] Add AF_VSOCK (Linux VM sockets) functionality to
  Nsock and Ncat. VM sockets are used for communication between virtual
  machines and the hypervisor.

o [Security][Windows] Address CVE-2019-1552 in OpenSSL by building with the
  prefix "C:\Program Files (x86)\Nmap\OpenSSL". This should prevent
  unauthorized users from modifying OpenSSL defaults by writing
  configuration to this directory.

o [Security] Reduced LibPCRE resource limits so that
  version detection can't use as much of the stack. Previously Nmap could
  crash when run on low-memory systems against target services which are
  intentionally or accidentally difficult to match. Someone assigned
  CVE-2018-15173 for this issue.

o Deprecate and disable the -PR (ARP ping) host discovery
  option. ARP ping is already used whenever possible, and the -PR option
  would not force it to be used in any other case.

o [NSE] bin.lua is officially deprecated. Lua 5.3, added 2 years ago in Nmap
  7.25BETA2, has native support for binary data packing via string.pack and
  string.unpack. All existing scripts and libraries have been updated.


o [NSE] Completely removed the bit.lua NSE library. All of its functions are
  replaced by native Lua bitwise operations, except for `arshift`
  (arithmetic shift) which has been moved to the bits.lua library. [Daniel
  Miller]

o [NSE] The HTTP library is now enforcing a size limit on the
  received response body. The default limit can be adjusted with a script
  argument, which applies to all scripts, and can be overridden case-by-case
  with an HTTP request option. (See https://github.com/nmap/nmap/pull/1571
  for details.)

o [NSE] CR characters are no longer treated as illegal in script
  XML output.

o Allow resuming nmap scan with lengthy command line [Clément
  Notin]

o [NSE] Add TLS support to rdp-enum-encryption. Enables determining
  protocol version against servers that require TLS and lays ground work for
  some NLA/CredSSP information collection.

o [NSE] Address two protocol parsing issues in rdp-enum-encryption
  and the RDP nse library which broke scanning of Windows XP. Clarify
  protocol types

o [NSE] Script http-fileupload-exploiter failed to locate its
  resource file unless executed from a specific working
  directory.

o [NSE] Avoid clobbering the "severity" and "ignore_404" values of
  fingerprints in http-enum. None of the standard fingerprints uses these
  fields.

o [NSE] Fix a crash caused by a double-free of libssh2 session data
  when running SSH NSE scripts against non-SSH services.

o [NSE] Updates the execution rule of the mongodb scripts to be
  able to run on alternate ports.

o [Ncat] Allow Ncat to connect to servers on port 0, provided that
  the socket implementation allows this.

o Update the included libpcap to 1.9.0.

o [NSE] Fix a logic error that resulted in scripts not honoring the
  smbdomain script-arg when the target provided a domain in the NTLM
  challenge.

o [Nsock] Avoid a crash (Protocol not supported) caused by trying
  to reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel
  Miller]

o [NSE] Removed OSVDB references from scripts and replaced them
  with BID references where possible.

o [NSE] Updates TN3270.lua and adds argument to disable TN3270E


o RMI parser could crash when encountering invalid input [Clément
  Notin]

o Avoid reporting negative latencies due to matching an ARP or ND
  response to a probe sent after it was recieved.

o [Ncat] To avoid confusion and to support non-default proxy ports,
  option --proxy now requires a literal IPv6 address to be specified using
  square-bracket notation, such as --proxy

o [Ncat] New ncat option provides control over
  whether proxy destinations are resolved by the remote proxy server or
  locally, by Ncat itself. See option --proxy-dns.

o [NSE] Updated script ftp-syst to prevent potential endless
  looping.

o New service probes and match lines for v1 and v2 of the Ubiquiti
  Discovery protocol. Devices often leave the related service open and it
  exposes significant amounts of information as well as the risk of being
  used as part of a DDoS. New nmap-payload entry for v1 of the
  protocol.

o [NSE] Removed hostmap-ip2hosts.nse as the API has been broken for a while
  and the service was completely shutdown on Feb 17th, 2019. [Paulino
  Calderon]

o [NSE] Adds TN3270E support and additional improvements to
  tn3270.lua and updates tn3270-screen.nse to display the new
  setting.

o [NSE] Updates product codes and adds a check for response length
  in enip-info.nse. The script now uses string.unpack.

o [Ncat] Temporary RSA keys are now 2048-bit to resolve a
  compatibility issue with OpenSSL library configured with security level 2,
  as seen on current Debian or Kali.

o [NSE] Fix a crash (double-free) when using SSH scripts against
  non-SSH services.

o [Zenmap] Fix a crash when Nmap executable cannot be found and the system
  PATH contains non-UTF-8 bytes, such as on Windows.

o [Zenmap] Fix a crash in results search when using the dir: operator:
    AttributeError: 'SearchDB' object has no attribute 'match_dir' [Daniel
    Miller]

o [Ncat] Fixed an issue with Ncat -e on Windows that caused early
  termination of connections.

o [NSE] Fix a false-positive in http-phpmyadmin-dir-traversal when
  the server responds with 200 status to a POST request to any
  URI.

o [NSE] New vulnerability state in vulns.lua, UNKNOWN, is used to indicate
  that testing could not rule out vulnerability.

o When searching for Lua header files, actually use them where
  they are found instead of forcing /usr/include. [Fabrice Fontaine, Daniel
  Miller]

o [NSE] Script traceroute-geolocation no longer crashes when
  www.GeoPlugin.net returns null coordinates

o Limit verbose -v and debugging -d levels to a maximum of 10. Nmap does not
  use higher levels internally.

o [NSE] tls.lua when creating a client_hello message will now only use a
  SSLv3 record layer if the protocol version is SSLv3. Some TLS
  implementations will not handshake with a client offering less than
  TLSv1.0. Scripts will have to manually fall back to SSLv3 to talk to
  SSLv3-only servers.

o [NSE] Fix a few false-positive conditions in
  ssl-ccs-injection. TLS implementations that responded with fatal alerts
  other than "unexpected message" had been falsely marked as
  vulnerable.

o Emergency fix to Nmap's birthday announcement so Nmap wishes itself a
  "Happy 21st Birthday" rather than "Happy 21th" in verbose mode (-v) on
  September 1, 2018.

o Start host timeout clocks when the first probe is sent to a
  host, not when the hostgroup is started. Sometimes a host doesn't get
  probes until late in the hostgroup, increasing the chance it will time
  out.

o [NSE] Support for edns-client-subnet (ECS) in dns.lua has been improved
by:
  -
  - Properly trimming ECS address, as mandated by RFC 7871
  - Fixing a bug that prevented using the same ECS option table more than
    once

o [Ncat] Fixed communication with commands launched with -e or -c
  on Windows, especially when --ssl is used.

o [NSE] Script http-default-accounts can now select more than one
  fingerprint category. It now also possible to select fingerprints by name
  to support very specific scanning.

o [NSE] Script http-default-accounts was not able to run against more than
  one target host/port.

o [NSE] New script-arg `http.host` allows users to force a
  particular value for the Host header in all HTTP requests.

o [NSE] Use smtp.domain script arg or target's domain name instead
  of "example.com" in EHLO command used for STARTTLS.

o [NSE] Fix brute.lua's BruteSocket wrapper, which was crashing
  Nmap with an assertion failure due to socket mixup [Daniel Miller]: nmap:
  nse_nsock.cc:672: int receive_buf(lua_State*, int, lua_KContext):
  Assertion `lua_gettop(L) == 7' failed.

o [NSE] Handle an error condition in smb-vuln-ms17-010 caused by
  IPS closing the connection.

o [Ncat] Fixed literal IPv6 URL format for connecting through HTTP
  proxies.

o [NSE] Updates vendors from ODVA list for enip-info.
[NothinRandom]

o [NSE] Add two common error strings that improve MySQL detection
  by the script http-sql-injection.

o [NSE] Fix bug in http-vuln-cve2006-3392 that prevented the script
  to generate the vulnerability report correctly.

o [NSE] Fix bug related to screen rendering in NSE library
  tn3270. This patch also improves the brute force script
  tso-brute.

o [NSE] Fix SIP, SASL, and HTTP Digest authentication when the
  algorithm contains lowercase characters.

o Nmap could be fooled into ignoring TCP response packets if they
  used an unknown TCP Option, which would misalign the validation, causing
  it to fail.

o [NSE]The HTTP response parser now tolerates status lines without a reason
  phrase, which improves compatibility with some HTTP servers.

o [NSE]] Parser for HTTP Set-Cookie header
  is now more compliant with RFC 6265:
  - empty attributes are tolerated
  - double quotes in cookie and/or attribute values are treated literally
  - attributes with empty values and value-less attributes are parsed
equally
  - attributes named "name" or "value" are ignored

o [NSE] Fix parsing http-grep.match script-arg. [Hans van den
  Bogert]

o [Zenmap] Avoid a crash when recent_scans.txt cannot be written
  to.

o Fixed --resume when the path to Nmap contains spaces.

o New service probe and match lines for adb, the Android Debug Bridge, which
  allows remote code execution and is left enabled by default on many
  devices.

Revision 1.77: download - view: text, markup, annotated - select for diffs
Sat Apr 14 13:04:33 2018 UTC (6 years, 7 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2
Diff to: previous 1.76: preferred, colored
Changes since revision 1.76: +1 -3 lines
nmap: ndiff and zenmap are now separate packages (incl. build fixes for zenmap)

Revision 1.76: download - view: text, markup, annotated - select for diffs
Tue Apr 3 14:34:00 2018 UTC (6 years, 8 months ago) by adam
Branches: MAIN
Diff to: previous 1.75: preferred, colored
Changes since revision 1.75: +6 -6 lines
nmap: updated to 7.70

7.70:
We're excited to make our first Nmap release of 2018--version 7.70!  It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate.

Revision 1.75: download - view: text, markup, annotated - select for diffs
Thu Aug 3 13:52:00 2017 UTC (7 years, 4 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Diff to: previous 1.74: preferred, colored
Changes since revision 1.74: +5 -5 lines
Nmap 7.60

o Updated the bundled Npcap from 0.91 to 0.93, fixing several issues
  with installation and compatibility with the Windows 10 Creators Update.

o NSE scripts now have complete SSH support via libssh2,
  including password brute-forcing and running remote commands, thanks to the
  combined efforts of three Summer of Code students.

o Added 14 NSE scripts from 6 authors, bringing the total up to 579!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

  + ftp-syst sends SYST and STAT commands to FTP servers to get system version
    and connection information.

  + http-vuln-cve2017-8917 checks for an SQL injection vulnerability affecting
    Joomla! 3.7.x before 3.7.1.

  + iec-identify probes for the IEC 60870-5-104 SCADA protocol.

  + openwebnet-discovery retrieves device identifying information and
    number of connected devices running on openwebnet protocol.

  + puppet-naivesigning checks for a misconfiguration in the Puppet CA where
    naive signing is enabled, allowing for any CSR to be automatically signed.

  + smb-protocols discovers if a server supports dialects NT LM 0.12
    (SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11. This replaces the old
    smbv2-enabled script.

  + smb2-capabilities lists the supported capabilities of SMB2/SMB3
    servers.

  + smb2-time determines the current date and boot date of SMB2
    servers.

  + smb2-security-mode determines the message signing configuration of
    SMB2/SMB3 servers.

  + smb2-vuln-uptime attempts to discover missing critical patches in
    Microsoft Windows systems based on the SMB2 server uptime.

  + ssh-auth-methods lists the authentication methods offered by an SSH server.

  + ssh-brute performs brute-forcing of SSH password credentials.

  + ssh-publickey-acceptance checks public or private keys to see if they could
    be used to log in to a target. A list of known-compromised key pairs is
    included and checked by default.

  + ssh-run uses user-provided credentials to run commands on targets via SSH.

o Removed smbv2-enabled, which was incompatible with the new SMBv2/3
  improvements. It was fully replaced by the smb-protocols script.

o Added Datagram TLS (DTLS) support to Ncat in connect (client)
  mode with --udp --ssl. Also added Application Layer Protocol Negotiation
  (ALPN) support with the --ssl-alpn option.

o Updated the default ciphers list for Ncat and the secure ciphers list for
  Nsock to use "!aNULL:!eNULL" instead of "!ADH". With the addition of ECDH
  ciphersuites, anonymous ECDH suites were being allowed.

o Fix ndmp-version and ndmp-fs-info when scanning Veritas Backup
  Exec Agent 15 or 16.

o Added wildcard detection to dns-brute. Only hostnames that
  resolve to unique addresses will be listed.

o FTP scripts like ftp-anon and ftp-brute now correctly handle
  TLS-protected FTP services and use STARTTLS when necessary.

o Function url.escape no longer encodes so-called "unreserved"
  characters, including hyphen, period, underscore, and tilde, as per RFC 3986.

o Function http.pipeline_go no longer assumes that persistent
  connections are supported on HTTP 1.0 target (unless the target explicitly
  declares otherwise), as per RFC 7230.

o The HTTP response object has a new member, version, which
  contains the HTTP protocol version string returned by the server, e.g. "1.0".

o Fix handling of the objectSID Active Directory attribute
  by ldap.lua.

o Fix line endings in the list of Oracle SIDs used by oracle-sid-brute.
  Carriage Return characters were being sent in the connection packets, likely
  resulting in failure of the script.

o http-useragent-checker now checks for changes in HTTP status
  (usually 403 Forbidden) in addition to redirects to indicate forbidden User
  Agents.

Revision 1.74: download - view: text, markup, annotated - select for diffs
Wed Jun 14 09:26:29 2017 UTC (7 years, 5 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Diff to: previous 1.73: preferred, colored
Changes since revision 1.73: +5 -5 lines
Nmap 7.50

o [Windows] Updated the bundled Npcap from 0.78 to 0.91, with several bugfixes
  for WiFi connectivity problems and stability issues. [Daniel Miller, Yang Luo]

o Integrated all of your service/version detection fingerprints submitted from
  September to March (855 of them). The signature count went up 2.9% to 11,418.
  We now detect 1193 protocols from apachemq, bro, and clickhouse to jmon,
  slmp, and zookeeper. Highlights: http://seclists.org/nmap-dev/2017/q2/140

o [NSE] Added 14 NSE scripts from 12 authors, bringing the total up to 566!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

o [Ncat] A series of changes and fixes based on feedback from the Red Hat community:

o [NSE][GH-266][GH-704][GH-238][GH-883] NSE libraries smb and msrpc now use
  fully qualified paths. SMB scripts now work against all modern versions
  of Microsoft Windows. [Paulino Calderon]

o [NSE] smb library's share_get_list now properly uses anonymous connections
  first before falling back authenticating as a known user.

o New service probes and matches for Apache HBase and Hadoop MapReduce.
  [Paulino Calderon]

o Extended Memcached service probe and added match for Apache ZooKeeper.
  [Paulino Calderon]

o [NSE] New script argument "vulns.short" will reduce vulns library script
  output to a single line containing the target name or IP, the vulnerability
  state, and the CVE ID or title of the vulnerability. [Daniel Miller]

o [NSE][GH-862] SNMP scripts will now take a community string provided like
  `--script-args creds.snmp=private`, which previously did not work because it
  was interpreted as a username. [Daniel Miller]

o [NSE] Resolved several issues in the default HTTP redirect rules:
    - [GH-826] A redirect is now cancelled if the original URL contains
      embedded credentials
    - [GH-829] A redirect test is now more careful in determining whether
      a redirect destination is related to the original host
    - [GH-830] A redirect is now more strict in avoiding possible redirect
      loops
  [nnposter]

o [NSE][GH-766] The HTTP Host header will now include the port unless it is
  the default one for a given scheme. [nnposter]

o [NSE] The HTTP response object has a new member, fragment, which contains
  a partially received body (if any) when the overall request fails to
  complete. [nnposter]

o [NSE][GH-866] NSE now allows cookies to have arbitrary attributes, which
  are silently ignored (in accordance with RFC 6265). Unrecognized attributes
  were previously causing HTTP requests with such cookies to fail. [nnposter]

o [NSE][GH-844] NSE now correctly parses a Set-Cookie header that has unquoted
  whitespace in the cookie value (which is allowed per RFC 6265). [nnposter]

o [NSE][GH-731] NSE is now able to process HTTP responses with a Set-Cookie
  header that has an extraneous trailing semicolon. [nnposter]

o [NSE][GH-708] TLS SNI now works correctly for NSE HTTP requests initiated
  with option any_af. As an added benefit, option any_af is now available for
  all connections via comm.lua, not just HTTP requests. [nnposter]

o [NSE][GH-781] There is a new common function, url.get_default_port(),
  to obtain the default port number for a given scheme. [nnposter]

o [NSE][GH-833] Function url.parse() now returns the port part as a number,
  not a string. [nnposter]

o No longer allow ICMP Time Exceeded messages to mark a host as down during
  host discovery. Running traceroute at the same time as Nmap was causing
  interference. [David Fifield]

o [NSE][GH-807] Fixed a JSON library issue that was causing long integers
  to be expressed in the scientific/exponent notation. [nnposter]

o [NSE] Fixed several potential hangs in NSE scripts that used
  receive_buf(pattern), which will not return if the service continues to send
  data that does not match pattern. A new function in match.lua, pattern_limit,
  is introduced to limit the number of bytes consumed while searching for the
  pattern. [Daniel Miller, Jacek Wielemborek]

o [Nsock] Handle any and all socket connect errors the same: raise as an Nsock
  error instead of fatal. This prevents Nmap and Ncat from quitting with
  "Strange error from connect:" [Daniel Miller]

o [NSE] Added several commands to redis-info to extract listening addresses,
  connected clients, active channels, and cluster nodes. [Vasiliy Kulikov]

o [NSE][GH-679][GH-681] Refreshed script http-robtex-reverse-ip, reflecting
  changes at the source site (www.robtex.com). [aDoN]

o [NSE][GH-620][GH-715] Added 8 new http-enum fingerprints for Hadoop
  infrastructure components. [Thomas Debize, Varunram Ganesh]

o [NSE][GH-629] Added two new fingerprints to http-default-accounts
  (APC Management Card, older NetScreen ScreenOS) [Steve Benson, nnposter]

o [NSE][GH-716] Fix for oracle-tns-version which was sending an invalid TNS
  probe due to a string escaping mixup. [Alexandr Savca]

o [NSE][GH-694] ike-version now outputs information about supported attributes
  and unknown vendor ids. Also, a new fingerprint for FortiGate VPNs was
  submitted by Alexis La Goutte. [Daniel Miller]

o [GH-700] Enabled support for TLS SNI on the Windows platform. [nnposter]

o [GH-649] New service probe and match lines for the JMON and RSE services of
  IBM Explorer for z/OS. [Soldier of Fortran]

o Removed a duplicate service probe for Memcached added in 2011 (the original
  probe was added in 2008) and reported as duplicate in 2013 by Pavel Kankovsky.

o New service probe and match line for NoMachine NX Server remote desktop.
  [Justin Cacak]

o [Zenmap] Fixed a recurring installation problem on OS X/macOS where Zenmap
  was installed to /Applications/Applications/Zenmap.app instead of
  /Applications/Zenmap.app.

o [Zenmap][GH-639] Zenmap will no longer crash when no suitable temporary
  directory is found. Patches contributed by [Varunram Ganesh] and [Sai Sundhar]

o [Zenmap][GH-626] Zenmap now properly handles the -v0 (no output) option,
  which was added in Nmap 7.10. Previously, this was treated the same as not
  specifying -v at all. [lymanZerga11]

o [GH-630] Updated or removed some OpenSSL library calls that were deprecated
  in OpenSSL 1.1. [eroen]

o [NSE] Script ssh-hostkey now recognizes and reports Ed25519 keys [nnposter]

o [NSE][GH-627] Fixed script hang in several brute scripts due to the "threads"
  script-arg not being converted to a number. Error message was
  "nselib/brute.lua:1188: attempt to compare number with string" [Arne Beer]

Revision 1.73: download - view: text, markup, annotated - select for diffs
Thu Mar 2 23:20:12 2017 UTC (7 years, 9 months ago) by jklos
Branches: MAIN
CVS tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Diff to: previous 1.72: preferred, colored
Changes since revision 1.72: +5 -5 lines
Update to nmap 7.40:
https://nmap.org/changelog.html#7.40

Revision 1.72: download - view: text, markup, annotated - select for diffs
Fri Oct 14 15:11:16 2016 UTC (8 years, 1 month ago) by maya
Branches: MAIN
CVS tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Diff to: previous 1.71: preferred, colored
Changes since revision 1.71: +6 -6 lines
nmap: update to 7.30

ok pettai@

Changes:
Nmap 7.30 [2016-09-29]

    Integrated all 12 of your IPv6 OS fingerprint submissions from June to September. No new groups, but several classifications were strengthened, especially Windows localhost and OS X. [Daniel Miller]
    [NSE] Added 7 NSE scripts, from 3 authors, bringing the total up to 541! They are all listed at https://nmap.org/nsedoc/, and the summaries are below (authors are listed in brackets):
        [GH#369] coap-resources grabs the list of available resources from CoAP endpoints. [Mak Kolybabi]
        fox-info retrieves detailed version and configuration info from Tridium Niagara Fox services. [Stephen Hilt]
        ipmi-brute performs authentication brute-forcing on IPMI services. [Claudiu Perta]
        ipmi-cipher-zero checks IPMI services for Cipher Zero support, which allows connection without a password. [Claudiu Perta]
        ipmi-version retrieves protocol version and authentication options from ASF-RMCP (IPMI) services. [Claudiu Perta]
        [GH#352] mqtt-subscribe connects to a MQTT broker, subscribes to topics, and lists the messages received. [Mak Kolybabi]
        pcworx-info retrieves PLC model, firmware version, and date from Phoenix Contact PLCs. [Stephen Hilt]
    Upgraded Npcap, our new Windows packet capturing driver/library, from version to 0.09 to 0.10r2. This includes many bug fixes, with a particular on emphasis on concurrency issues discovered by running hundreds of Nmap instances at a time. More details are available from https://github.com/nmap/npcap/releases. [Yang Luo, Daniel Miller, Fyodor]
    New service probes and match lines for DTLS, IPMI-RMCP, MQTT, PCWorx, ProConOS, and Tridium Fox, [Stephen Hilt, Mak Kolybabi, Daniel Miller]
    Improved some output filtering to remove or escape carriage returns ('\r') that could allow output spoofing by overwriting portions of the screen. Issue reported by Adam Rutherford. [Daniel Miller]
    [NSE] Fixed a few bad Lua patterns that could result in denial of service due to excessive backtracking. [Adam Rutherford, Daniel Miller]
    Fixed a discrepancy between the number of targets selected with -iR and the number of hosts scanned, resulting in output like "Nmap done: 1033 IP addresses" when the user specified -iR 1000. [Daniel Miller]
    Fixed a bug in port specification parsing that could cause extraneous 'T', 'U', 'S', and 'P' characters to be ignored when they should have caused an error. [David Fifield]
    [GH#543] Restored compatibility with LibreSSL, which was lost in adding library version checks for OpenSSL 1.1. [Wonko7]
    [Zenmap] Fixed a bug in the Compare Scans window of Zenmap on OS X resulting in this message instead of Ndiff output:

        ImportError: dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so, 2): no suitable image found.  Did find:
        /Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so: mach-o, but wrong architecture

    Reported by Kyle Gustafson. [Daniel Miller]
    [NSE] Fixed a bug in ssl-enum-ciphers and ssl-dh-params which caused them to not output TLSv1.2 info with DHE ciphersuites or others involving ServerKeyExchange messages. [Daniel Miller]
    [NSE] Added X509v3 extension parsing to NSE's sslcert code. ssl-cert now shows the Subject Alternative Name extension; all extensions are shown in the XML output. [Daniel Miller]

Nmap 7.25BETA2 [2016-09-01]

    [GH#376] Windows binaries are now code-signed with our "Insecure.Com LLC" SHA256 certificate. This should give our users extra peace-of-mind and avoid triggering Microsoft's ever-increasing security warnings.
    [NSE] Upgraded NSE to Lua 5.3, adding bitwise operators, integer data type, a utf8 library, and native binary packing and unpacking functions. Removed bit library, added bits.lua, replaced base32, base64, and bin libraries. [Patrick Donnelly]
    [NSE] Added 2 NSE scripts, bringing the total up to 534! They are both listed at https://nmap.org/nsedoc/, and the summaries are below:
        oracle-tns-version decodes the version number from Oracle Database Server's TNS listener. [Daniel Miller]
        clock-skew analyzes and reports clock skew between Nmap and services that report timestamps, grouping hosts with similar skews. [Daniel Miller]
    Integrated all of your service/version detection fingerprints submitted from January to April (578 of them). The signature count went up 2.2% to 10760. We now detect 1122 protocols, from elasticsearch, fhem, and goldengate to ptcp, resin-watchdog, and siemens-logo. [Daniel Miller]
    Upgraded Npcap, our new Windows packet capturing driver/library, from version 0.07-r17 to 0.09. This includes many improvements you can read about at https://github.com/nmap/npcap/releases.
    [Nsock][GH#148] Added the new IOCP Nsock engine which uses the Windows Overlapped I/O API to improve performance of version scan and NSE against many targets on Windows. [Tudor Emil Coman]
    [GH#376] Windows binaries are now code-signed with our "Insecure.Com LLC" SHA256 certificate. This should give our users extra peace-of-mind and avoid triggering Microsoft's ever-increasing security warnings.
    Various performance improvements for large-scale high-rate scanning, including increased ping host groups, faster probe matching, and ensuring data types can handle an Internet's-worth of targets. [Tudor Emil Coman]
    [NSE] Added the oracle-tns-version NSE script which decodes the version number from Oracle Database Server's TNS listener. https://nmap.org/nsedoc/scripts/oracle-tns-version.html [Daniel Miller]
    [NSE] Added the clock-skew NSE script which analyzes and reports clock skew between Nmap and services that report timestamps, grouping hosts with similar skews. https://nmap.org/nsedoc/scripts/clock-skew.html [Daniel Miller]
    [Zenmap] Long-overdue Spanish language translation has been added! Muy bien! [Vincent Dumont, Marta Garcia De La Paz, Paulino Calderon, Patricio Castagnaro]
    [Zenmap][GH#449] Fix a crash when closing Zenmap due to a read-only zenmap.conf. User will be warned that config cannot be saved and that they should fix the file permissions. [Daniel Miller]
    [NSE] Fix a crash when parsing TLS certificates that OpenSSL doesn't support, like DH certificates or corrupted certs. When this happens, ssl-enum-ciphers will label the ciphersuite strength as "unknown." Reported by Bertrand Bonnefoy-Claudet. [Daniel Miller]
    [NSE][GH#531] Fix two issues in sslcert.lua that prevented correct operations against LDAP services when version detection or STARTTLS were used. [Tom Sellers]
    [Zenmap] Long-overdue Spanish language translation has been added! Muy bien! [Vincent Dumont, Marta Garcia De La Paz, Paulino Calderon, Patricio Castagnaro]
    [GH#426] Remove a workaround for lack of selectable pcap file descriptors on Windows, which required including pcap-int.h and locking us to a single version of libpcap. The new method, using WaitForSingleObject should work with all versions of both WinPcap and Npcap. [Daniel Miller]
    [NSE][GH#234] Added a --script-timeout option for limiting run time for every individual NSE script. [Abhishek Singh]
    [Ncat][GH#444] Added a -z option to Ncat. Just like the -z option in traditional netcat, it can be used to quickly check the status of a port. Port ranges are not supported since we recommend a certain other tool for port scanning. [Abhishek Singh]
    Fix checking of Npcap/WinPcap presence on Windows so that "nmap -A" and "nmap" with no options result in the same behaviors as on Linux (and no crashes) [Daniel Miller]
    [NSE] ssl-enum-ciphers will now warn about 64-bit block ciphers in CBC mode, which are vulnerable to the SWEET32 attack.
    [NSE][GH#117] tftp-enum now only brute-forces IP-address-based Cisco filenames when the wordlist contains "{cisco}". Previously, custom wordlists would still end up sending these extra 256 requests. [Sriram Raghunathan]
    [GH#472] Avoid an unnecessary assert failure in timing.cc when printing estimated completion time. Instead, we'll output a diagnostic error message:

        Timing error: localtime(n) is NULL

    where "n" is some number that is causing problems. [Jean-Guilhem Nousse]
    [NSE][GH#519] Removed the obsolete script ip-geolocation-geobytes. [Paulino Calderon]
    [NSE] Added 9 new fingerprints for script http-default-accounts. (Motorola AP, Lantronix print server, Dell iDRAC6, HP StorageWorks, Zabbix, Schneider controller, Xerox printer, Citrix NetScaler, ESXi hypervisor) [nnposter]
    [NSE] Completed a refresh and validation of almost all fingerprints for script http-default-accounts. Also improved the script speed. [nnposter]
    [GH#98] Added support for decoys in IPv6. Earlier we supported decoys only in IPv4. [Abhishek Singh]
    Various performance improvements for large-scale high-rate scanning, including increased ping host groups, faster probe matching, and ensuring data types can handle an Internet's-worth of targets. [Tudor Emil Coman]
    [GH#484] Allow Nmap to compile on some older Red Hat distros that disable EC crypto support in OpenSSL. [Jeroen Roovers, Vincent Dumont]
    [GH#439] Nmap now supports OpenSSL 1.1.0-pre5 and previous versions. [Vincent Dumont]
    [Ncat] Fix a crash ("add_fdinfo() failed.") when --exec was used with --ssl and --max-conns, due to improper accounting of file descriptors. [Daniel Miller]
    FTP Bounce scan: improved some edge cases like anonymous login without password, 500 errors used to indicate port closed, and timeouts for LIST command. Also fixed a 1-byte array overrun (read) when checking for privileged ports. [Daniel Miller]
    [GH#140] Allow target DNS names up to 254 bytes. We previously imposed an incorrect limit of 64 bytes in several parts of Nmap. [Vincent Dumont]
    [NSE] The hard limit on number of concurrently running scripts can now increase above 1000 to match a high user-set --min-parallelism value. [Tudor Emil Coman]
    [NSE] Solved a memory corruption issue that would happen if a socket connect operation produced an error immediately, such as Network Unreachable. The event handler was throwing a Lua error, preventing Nsock from cleaning up properly, leaking events. [Abhishek Singh, Daniel Miller]
    [NSE] Added the datetime library for performing date and time calculations, and as a helper to the clock-skew script.
    [GH#103][GH#364] Made Nmap's parallel reverse DNS resolver more robust, fully handling truncated replies. If a response is too long, we now fall back to using the system resolver to answer it. [Abhishek Singh]
    [Zenmap][GH#279] Added a legend for the Topography window. [Suraj Hande]

Nmap 7.25BETA1 [2016-07-15]

    Nmap now ships with and uses Npcap, our new packet sniffing library for Windows. It's based on WinPcap (unmaintained for years), but uses modern Windows APIs for better performance. It also includes security improvements and many bug fixes. See http://npcap.org. And it enables Nmap to perform SYN scans and OS detection against localhost, which we haven't been able to do on Windows since Microsoft removed the raw sockets API in 2003. [Yang Luo, Daniel Miller, Fyodor]
    [NSE] Added 6 NSE scripts, from 5 authors, bringing the total up to 533! They are all listed at https://nmap.org/nsedoc/, and the summaries are below (authors are listed in brackets):
        clamav-exec detects ClamAV servers vulnerable to unauthorized clamav command execution. [Paulino Calderon]
        http-aspnet-debug detects ASP.NET applications with debugging enabled. [Josh Amishav-Zlatin]
        http-internal-ip-disclosure determines if the web server leaks its internal IP address when sending an HTTP/1.0 request without a Host header. [Josh Amishav-Zlatin]
        [GH#304] http-mcmp detects mod_cluster Management Protocol (MCMP) and dumps its configuration. [Frank Spierings]
        [GH#365] sslv2-drown detects vulnerability to the DROWN attack, including CVE-2016-0703 and CVE-2016-0704 that enable fast attacks on OpenSSL. [Bertrand Bonnefoy-Claudet]
        vnc-title logs in to VNC servers and grabs the desktop title, geometry, and color depth. [Daniel Miller]
    Integrated all of your IPv4 OS fingerprint submissions from January to April (539 of them). Added 98 fingerprints, bringing the new total to 5187. Additions include Linux 4.4, Android 6.0, Windows Server 2016, and more. [Daniel Miller]
    Integrated all 31 of your IPv6 OS fingerprint submissions from January to June. The classifier added 2 groups and expanded several others. Several Apple OS X groups were consolidated, reducing the total number of groups to 93. [Daniel Miller]
    Update oldest supported Windows version to Vista (Windows 6.0). This enables the use of the poll Nsock engine, which has significant performance and accuracy advantages. Windows XP users can still use Nmap 7.12, available from https://nmap.org/dist/?C=M&O=D [Daniel Miller]
    [NSE] Fix a crash that happened when trying to print the percent done of 0 NSE script threads:

        timing.cc:710 bool ScanProgressMeter::printStats(double, const timeval*): Assertion 'ltime' failed.

    This would happen if no scripts were scheduled in a scan phase and the user pressed a key or specified a short --stats-every interval. Reported by Richard Petrie. [Daniel Miller]
    [GH#283][Nsock] Avoid "unknown protocol:0" debug messages and an "Unknown address family 0" crash on Windows and other platforms that do not set the src_addr argument to recvfrom for TCP sockets. [Daniel Miller]
    Retrieve the correct network prefix length for an adapter on Windows. If more than one address was configured on an adapter, the same prefix length would be used for both. This incorrect behavior is still used on Windows XP and earlier. Reported by Niels Bohr. [Daniel Miller]
    Changed libdnet-stripped to avoid bailing completely when an interface is encountered with an unsupported hardware address type. Caused "INTERFACES: NONE FOUND!" bugs in Nmap whenever Linux kernel added new hardware address types. [Daniel Miller]
    Improved service detection of Docker and fixed a bug in the output of docker-version script. [Tom Sellers]
    Fix detection of Microsoft Terminal Services (RDP). Our improved TLS service probes were matching on port 3389 before our specific Terminal Services probe, causing the port to be labeled as "ssl/unknown". Reported by Josh Amishav-Zlatin.
    [NSE] Update to enable smb-os-discovery to augment version detection for certain SMB related services using data that the script discovers. [Tom Sellers]
    Improved version detection and descriptions for Microsoft and Samba SMB services. Also addresses certain issues with OS identification. [Tom Sellers]
    [NSE] ssl-enum-ciphers will give a failing score to any server with an RSA certificate whose public key uses an exponent of 1. It will also cap the score of an RC4-ciphersuite handshake at C and output a warning referencing RFC 7465. [Daniel Miller]
    [NSE] Refactored some SSLv2 functionality into a new library, sslv2.lua . [Daniel Miller]
    [GH#399] Zenmap's authorization wrapper now uses an AppleScript method for privilege escalation on OS X, avoiding the deprecated AuthorizationExecuteWithPrivileges method previously used. [Vincent Dumont]
    [GH#454] The OS X binary package is distributed in a .dmg disk image that now features an instructive background image. [Vincent Dumont]
    [GH#420] Our OS X build system now uses gtk-mac-bundler and jhbuild to provide all dependencies. We no longer use Macports for this purpose. [Vincent Dumont]
    [GH#345][Zenmap] On Windows, save Zenmap's stderr output to a writeable location (%LOCALAPPDATA%\zenmap.exe.log or %TEMP%\zenmap.exe.log) instead of next to the zenmap.exe executable. This avoids a warning message when closing Zenmap if it produced any stderr output. [Daniel Miller]
    [GH#379][NSE] Fix http-iis-short-name-brute to report non vulnerable hosts. Reported by alias1. [Paulino Calderon]
    [NSE][GH#371] Fix mysql-audit by adding needed library requires to the mysql-cis.audit file. The script would fail with "Failed to load rulebase" message. [Paolo Perego]
    [NSE][GH#362] Added support for LDAP over udp to ldap-rootdse.nse. Also added version detection and information extraction to match the new LDAP LDAPSearchReq and LDAPSearchReqUDP probes. [Tom Sellers]
    [GH#354] Added new version detection Probes for LDAP services, LDAPSearchReq and LDAPSearchReqUDP. The second is Microsoft Active Directory specific. The Probes will elicit responses from target services that allow better finger -printing and information extraction. Also added nmap-payload entry for detecting LDAP on udp. [Tom Sellers]
    [NSE] More VNC updates: Support for VeNCrypt and Tight auth types, output of authentication sub-types in vnc-info, and all zero-authentication types are recognized and reported. [Daniel Miller]

Revision 1.71: download - view: text, markup, annotated - select for diffs
Sat Apr 9 06:38:05 2016 UTC (8 years, 7 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2
Diff to: previous 1.70: preferred, colored
Changes since revision 1.70: +6 -6 lines
Nmap 7.12

o [Zenmap] Avoid file corruption in zenmap.conf, reported as files containing
  many null ("\x00") characters. Example exception:
    ValueError: unable to parse colour specification

o [NSE] VNC updates including vnc-brute support for TLS security type and
  negotiating a lower RFB version if the server sends an unknown higher
  version.

o [NSE] Added STARTTLS support for VNC, NNTP, and LMTP

o Added new service probes and match lines for OpenVPN on UDP and TCP.

Revision 1.70: download - view: text, markup, annotated - select for diffs
Thu Feb 11 06:10:02 2016 UTC (8 years, 9 months ago) by jklos
Branches: MAIN
CVS tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1
Diff to: previous 1.69: preferred, colored
Changes since revision 1.69: +2 -2 lines
Made a mistake with patch checksums.

Revision 1.69: download - view: text, markup, annotated - select for diffs
Thu Feb 11 06:08:39 2016 UTC (8 years, 9 months ago) by jklos
Branches: MAIN
Diff to: previous 1.68: preferred, colored
Changes since revision 1.68: +3 -2 lines
Change syntax to allow compiling on Leopard machines.

Revision 1.68: download - view: text, markup, annotated - select for diffs
Tue Jan 26 10:31:39 2016 UTC (8 years, 10 months ago) by jklos
Branches: MAIN
Diff to: previous 1.67: preferred, colored
Changes since revision 1.67: +2 -2 lines
distinfo was missing checksum for patch-zenmap_test_run__tests.py.

Revision 1.67: download - view: text, markup, annotated - select for diffs
Sun Jan 24 13:46:49 2016 UTC (8 years, 10 months ago) by richard
Branches: MAIN
Diff to: previous 1.66: preferred, colored
Changes since revision 1.66: +3 -1 lines
update nmap options ndiff and zenmap and corresponding PLIST entries,
as well as getting the test facility to run.  okay'd pettai@
No PKGREVISION for now as default installation remains unchanged.

Revision 1.66: download - view: text, markup, annotated - select for diffs
Thu Dec 31 12:06:34 2015 UTC (8 years, 11 months ago) by adam
Branches: MAIN
Diff to: previous 1.65: preferred, colored
Changes since revision 1.65: +5 -5 lines
Nmap 7.01 [2015-12-09]

o Switch to using gtk-mac-bundler and jhbuild for building the OS X installer.
  This promises to reduce a lot of the problems we've had with local paths and
  dependencies using the py2app and macports build system. [Daniel Miller]

o The Windows installer is now built with NSIS 2.47 which features LoadLibrary
  security hardening to prevent DLL hijacking and other unsafe use of temporary
  directories. Thanks to Stefan Kanthak for reporting the issue to NSIS and to
  us and the many other projects that use it.

o Updated the OpenSSL shipped with our binary builds (Windows, OS X, and RPM)
  to 1.0.2e.

o [Zenmap] [GH-235] Fix several failures to launch Zenmap on OS X. The new
  build process eliminates these errors:
    IOError: [Errno 2] No such file or directory: '/Applications/Zenmap.app/Contents/Resources/etc/pango/pangorc.in'
    LSOpenURLsWithRole() failed for the application /Applications/Zenmap.app with error -10810.

o [NSE] [GH-254] Update the TLSSessionRequest probe in ssl-enum-ciphers to
  match the one in nmap-service-probes, which was fixed previously to correct a
  length calculation error. [Daniel Miller]

o [NSE] [GH-251] Correct false positives and unexpected behavior in http-*
  scripts which used http.identify_404 to determine when a file was not found
  on the target. The function was following redirects, which could be an
  indication of a soft-404 response. [Tom Sellers]

o [NSE] [GH-241] Fix a false-positive in hnap-info when the target responds
  with 200 OK to any request. [Tom Sellers]

o [NSE] [GH-244] Fix an error response in xmlrpc-methods when run against a
  non-HTTP service. The expected behavior is no output. [Niklaus Schiess]

o [NSE] Fix SSN validation function in http-grep, reported by Bruce Barnett.

Revision 1.65: download - view: text, markup, annotated - select for diffs
Fri Nov 20 15:37:40 2015 UTC (9 years ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Diff to: previous 1.64: preferred, colored
Changes since revision 1.64: +7 -7 lines
Changes 7.00:
* Major Nmap Scripting Engine (NSE) Expansion
* Mature IPv6 support
* Infrastructure Upgrades
* Faster Scans
* SSL/TLS scanning solution of choice
* Ncat Enhanced
* Extreme Portability

Revision 1.64: download - view: text, markup, annotated - select for diffs
Wed Nov 4 00:35:16 2015 UTC (9 years, 1 month ago) by agc
Branches: MAIN
Diff to: previous 1.63: preferred, colored
Changes since revision 1.63: +2 -1 lines
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.63: download - view: text, markup, annotated - select for diffs
Fri Sep 5 11:51:41 2014 UTC (10 years, 3 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3
Diff to: previous 1.62: preferred, colored
Changes since revision 1.62: +5 -6 lines
Changes 6.47:

o Integrated all of your IPv4 OS fingerprint submissions since June 2013
  (2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
  Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
  OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
  Highlights: http://seclists.org/nmap-dev/2014/q3/325

o (Windows) Upgraded the included OpenSSL to version 1.0.1i.

o (Windows) Upgraded the included Python to version 2.7.8.

o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
  was added in 6.45, and resulted in trouble for Nmap XML parsers without
  network access, as well as increased traffic to Nmap's servers. The doctype
  is now:
  <!DOCTYPE nmaprun>

o [Ndiff] Fixed the installation process on Windows, which was missing the
  actual Ndiff Python module since we separated it from the driver script.

o [Ndiff] Fixed the ndiff.bat wrapper in the zipfile Windows distribution,
  which was giving the error, "\Microsoft was unexpected at this time." See
  https://support.microsoft.com/kb/2524009

o [Zenmap] Fixed the Zenmap .dmg installer for OS X. Zenmap failed to launch,
  producing this error:
    Could not import the zenmapGUI.App module:
    'dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so, 2):
    Library not loaded: /Users/david/macports-10.5/lib/libffi.5.dylib\n
    Referenced from:
    /Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so\n
    Reason: image not found'.

o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
  being written in the wrong place, so authentication could not succeed.

o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
  this to the string "(null)", but it caused segfault on Solaris.

o [Zenmap][Ndiff] Avoid crashing when users have the antiquated PyXML package
  installed. Python tries to be nice and loads it when we import xml, but it
  isn't compatible. Instead, we force Python to use the standard library xml
  module.

o Handle ICMP admin-prohibited messages when doing service version detection.
  Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
  callback.  Error code: 101 (Network is unreachable)

o [NSE] Fix a bug causing http.head to not honor redirects.

o [Zenmap] Fix a bug in DiffViewer causing this crash:
     TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only
     buffer, not NmapParserSAX
  Crash happened when trying to compare two scans within Zenmap.

Revision 1.62: download - view: text, markup, annotated - select for diffs
Sat Jun 7 23:12:16 2014 UTC (10 years, 5 months ago) by rodent
Branches: MAIN
CVS tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Diff to: previous 1.61: preferred, colored
Changes since revision 1.61: +4 -3 lines
Fix build on OpenBSD. Defuzz patches. Problem reported to nmap-dev.

Revision 1.61: download - view: text, markup, annotated - select for diffs
Tue Sep 24 21:29:20 2013 UTC (11 years, 2 months ago) by drochner
Branches: MAIN
CVS tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3
Diff to: previous 1.60: preferred, colored
Changes since revision 1.60: +2 -1 lines
fix build on systems without builtin lua (with lua option disabled,
so that no pkgsrc lua is pulled in)
tested by John Klos

Revision 1.60: download - view: text, markup, annotated - select for diffs
Sat Sep 14 14:11:25 2013 UTC (11 years, 2 months ago) by drochner
Branches: MAIN
Diff to: previous 1.59: preferred, colored
Changes since revision 1.59: +4 -4 lines
update to 6.40
changes:
-scripting improvements
-added lua scripting support to ncat
-hundreds of new OS and service detection signatures
-version scanning through a chain of proxies
-improved target specification
-performance enhancements and bug fixes
pkgsrc note: added "lua" option
approved by The Maintainer

Revision 1.59: download - view: text, markup, annotated - select for diffs
Mon May 20 06:21:22 2013 UTC (11 years, 6 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Diff to: previous 1.58: preferred, colored
Changes since revision 1.58: +5 -6 lines
Nmap 6.25:
o [NSE] Added CPE to smb-os-discovery output.
o [Ncat] Fixed the printing of warning messages for large arguments to
  the -i and -w options.
o [Ncat] Shut down the write part of connected sockets in listen mode
  when stdin hits EOF, just as was already done in connect mode.
o [Zenmap] Removed a crashing error that could happen when canceling a
  "Print to File" on Windows:
  Traceback (most recent call last):
    File "zenmapGUI\MainWindow.pyo", line 831, in _print_cb
    File "zenmapGUI\Print.pyo", line 156, in run_print_operation
  GError: Error from StartDoc
o [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
  SquirrelMail, RoundCube.
o Added some new checks for failed library calls.

Revision 1.58: download - view: text, markup, annotated - select for diffs
Sat Oct 20 22:59:30 2012 UTC (12 years, 1 month ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Diff to: previous 1.57: preferred, colored
Changes since revision 1.57: +2 -2 lines
Added build fix for Solaris 10, as suggested by PR pkg/47033

Revision 1.57: download - view: text, markup, annotated - select for diffs
Mon Sep 17 06:15:50 2012 UTC (12 years, 2 months ago) by dholland
Branches: MAIN
CVS tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3
Diff to: previous 1.56: preferred, colored
Changes since revision 1.56: +2 -2 lines
Regen patch-an sum to include the patch comment.

Revision 1.56: download - view: text, markup, annotated - select for diffs
Sun Sep 16 20:29:06 2012 UTC (12 years, 2 months ago) by pettai
Branches: MAIN
Diff to: previous 1.55: preferred, colored
Changes since revision 1.55: +6 -7 lines
From the release announcement on http://nmap.org:

"The Nmap Project is pleased to announce the immediate, free availability
 of the Nmap Security Scanner version 6.00 from http://nmap.org/.
 It is the product of almost three years of work, 3,924 code commits,
 and more than a dozen point releases since the big Nmap 5 release in July
 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts,
 better web scanning, full IPv6 support, the Nping packet prober, faster scans,  and much more! We recommend that all current users upgrade."

Here is a condensed Changelog:

Nmap 6.01 [2012-06-13]

o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7.

o [Zenmap] Fixed a crash that happened when activating the host filter.

o Fixed a bug that caused Nmap to fail to find any network interface when
  at least one of them is in the monitor mode.
  http://seclists.org/nmap-dev/2012/q2/449
  http://seclists.org/nmap-dev/2012/q2/478

o Fixed the greppable output of hosts that time-out.

Nmap 6.00 [2012-05-21]

o Most important release since Nmap 5.00 in July 2009! For a list of
  the most significant improvements and new features, see the
  announcement at: http://nmap.org/6

o Some XML output improvements...

o Lots of NSE scripts added and updated...

o Fixed the routing table loop on OS X so that on-link routes appear.

o Upgraded included libpcap to version 1.2.1.

o Fixed a compilation problem on Solaris 9 caused by a missing
  definition of IPV6_V6ONLY.

o Setting --min-parallelism by itself no longer forces the maximum
  parallelism to the same value.

o [Zenmap] Fixed a crash that would happen in the profile editor when
  the script.db file doesn't exist.

o [Zenmap] It is now possible to compare scans having the same name or
  command line parameters.

o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
  "Unexpected probespec2ascii type encountered"

o Applied a workaround to make pcap captures work better on Solaris 10.

o Fixed a bug that could cause Nsock timers to fire too early.

o Changed the way timeout calculations are made in the IPv6 OS engine.

Nmap 5.61TEST5 [2012-03-09]

o Integrated all of your IPv4 OS fingerprint submissions since June
  2011 (about 1,900 of them).  Added about 256 new fingerprints (and
  deleted some bogus ones), bringing the new total to 3,572.
  Additions include Apple iOS 5.01, OpenBSD 4.9 and 5.0, FreeBSD 7.0
  through 9.0-PRERELEASE, and a ton of new WAPs, routers, and other
  devices. Many existing fingerprints were improved. For more details,
  see http://seclists.org/nmap-dev/2012/q1/431

o Integrated all of your service/version detection fingerprints
  submitted since November 2010--more than 2,500 of them!  Our
  signature count increased more than 10% to 7,423 covering 862
  protocols. Some amusing and bizarre new services are described at
  http://seclists.org/nmap-dev/2012/q1/359

o Integrated your latest IPv6 OS submissions and corrections. We're
  still low on IPv6 fingerprints, so please scan any IPv6 systems you
  own or administer and submit them to http://nmap.org/submit/.  Both
  new fingerprints (if Nmap doesn't find a good match) and corrections
  (if Nmap guesses wrong) are useful.

o IPv6 OS detection now includes a novelty detection system which
  avoids printing a match when an observed fingerprint is too
  different from fingerprints seen before. As the OS database is still
  small, this helps to avoid making (essentially) wild guesses when
  seeing a new operating system.

o Refactored the nsock library to add the nsock-engines system.

o [NSE] Added 43(!) NSE scripts, bringing the total up to 340.

o CPE (Common Platform Enumeration) OS classification is now supported
  for IPv6 OS detection.

[...]

Nmap 5.61TEST4 [2012-01-02] -> Nmap 5.61TEST1

[...]

Lots of Bugfixes!

Thanks to jschauma@ for analysing a NetBSD related problem,
and to David Fifield for providing the (upstream) patch.

Revision 1.55: download - view: text, markup, annotated - select for diffs
Thu Mar 8 11:43:47 2012 UTC (12 years, 8 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1
Diff to: previous 1.54: preferred, colored
Changes since revision 1.54: +2 -2 lines
Recognize python2.7. Bump PKGREVISION.

Revision 1.54: download - view: text, markup, annotated - select for diffs
Fri Feb 24 15:05:34 2012 UTC (12 years, 9 months ago) by adam
Branches: MAIN
Diff to: previous 1.53: preferred, colored
Changes since revision 1.53: +4 -4 lines
Changes 5.51.6:
Minor bug fixes.

Revision 1.53: download - view: text, markup, annotated - select for diffs
Tue Nov 22 12:18:07 2011 UTC (13 years ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Diff to: previous 1.52: preferred, colored
Changes since revision 1.52: +4 -6 lines
Bugfix release/patch

o Added checks that the argument to freeaddrinfo is not NULL, avoiding
  a segmentation fault on Android and possibly other platforms.

Revision 1.52: download - view: text, markup, annotated - select for diffs
Sat Nov 19 22:11:00 2011 UTC (13 years ago) by pettai
Branches: MAIN
Diff to: previous 1.51: preferred, colored
Changes since revision 1.51: +2 -1 lines
Fixes PR pkg/45438

Revision 1.51: download - view: text, markup, annotated - select for diffs
Fri Jul 8 09:24:48 2011 UTC (13 years, 5 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3
Diff to: previous 1.50: preferred, colored
Changes since revision 1.50: +2 -1 lines
Fix configuring with Clang.

Revision 1.50: download - view: text, markup, annotated - select for diffs
Sun Jun 5 23:10:12 2011 UTC (13 years, 6 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2011Q2-base, pkgsrc-2011Q2
Diff to: previous 1.49: preferred, colored
Changes since revision 1.49: +2 -1 lines
Fixes PR pkg/44996

Revision 1.49: download - view: text, markup, annotated - select for diffs
Wed Feb 16 21:52:01 2011 UTC (13 years, 9 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1
Diff to: previous 1.48: preferred, colored
Changes since revision 1.48: +4 -4 lines
Nmap 5.51 [2011-02-11]

o [Ndiff] Added support for prerule and postrule scripts.
o [NSE] Fixed a bug which caused some NSE scripts to fail due to the
  absence of the NSE SCRIPT_NAME environment variable when loaded.
o [Zenmap] Selecting one of the scan targets in the left pane is
  supposed to jump to that host in the Nmap Output in the right pane
  (but it wasn't).
o Fixed an obscure bug in Windows interface matching. If the MAC
  address of an interface couldn't be retrieved, it might have been
  used instead of the correct interface.
o [NSE] Fixed portrules in dns-zone-transfer and ftp-proftpd-backdoor
  that used shortport functions incorrectly and always returned
  true.
o [Ndiff] Fixed ndiff.dtd to include two elements that can be diffed:
  status and address.
o [Ndiff] Fixed the ordering of hostscript-related elements in XML
  output.
o [NSE] Fixed a bug in the nrpe-enum script that would make it run for
  every port (when it was selected--it isn't by default).
o [NSE] When an NSE script sets a negative socket timeout, it now
  causes a controlled Lua stack trace instead of a fatal error.
o [Zenmap] Worked around an error that caused the py2app bootstrap
  executable to be non-universal even when the rest of the application
  was universal. This prevented the binary .dmg from working on
  PowerPC.
o [Ndiff] Fixed an output line that wasn't being redirected to a file
  when all other output was.

Revision 1.48: download - view: text, markup, annotated - select for diffs
Tue Feb 1 09:51:58 2011 UTC (13 years, 10 months ago) by adam
Branches: MAIN
Diff to: previous 1.47: preferred, colored
Changes since revision 1.47: +1 -2 lines
64-bit Mac OS X needs nmap's internal libpcap: remove patch-aa

Revision 1.47: download - view: text, markup, annotated - select for diffs
Mon Jan 31 23:22:47 2011 UTC (13 years, 10 months ago) by pettai
Branches: MAIN
Diff to: previous 1.46: preferred, colored
Changes since revision 1.46: +6 -8 lines
Nmap 5.50 [2011-01-28]

Some of the highlights are:

o [Zenmap] Added a new script selection interface, allowing you to
  choose scripts and arguments from a list.
o [Nping] Added echo mode, learn more about echo mode at
  http://nmap.org/book/nping-man-echo-mode.html.
o [NSE] Added an amazing 46 scripts, bringing the total to 177!
  You can learn more about any of them at http://nmap.org/nsedoc/
o [NSE] Added 12 new protocol libraries.
o [NSE] Added a new brute library that provides a basic framework and logic
  for brute force password auditing scripts.
o [Zenmap] Greatly improved performance for large scans by
  benchmarking intensively and then recoding dozens of slow parts.
o Performed a major OS detection integration run. The database has
  grown more than 14% to 2,982 fingerprints and many of the existing
  fingerprints were improved. David posted highlights of his integration work at
  http://seclists.org/nmap-dev/2010/q4/651
o Performed a huge version detection integration run. The number of
  signatures has grown by more than 11% to 7,355. David posted highlights at
  http://seclists.org/nmap-dev/2010/q4/761
o [NSE] Nmap has two new NSE script scanning phases. See
  http://nmap.org/book/nse-usage.html#nse-script-types
o Dramatically improved nmap.xsl (used for converting Nmap XML output
  to HTML).
o Integrated cracked passwords from the Gawker.com compromise
  (http://seclists.org/nmap-dev/2010/q4/674) into Nmap's top-5000
  password database.
o Merged port names in the nmap-services file with allocated names
  from the IANA (http://www.iana.org/assignments/port-numbers).
o [Zenmap] Made the topology node radiuses grow logarithmically
  instead of linearly, so that hosts with thousands of open ports
  don't overwhelm the diagram.
o Improved IPv6 host output in that we now remember and report the
  forward DNS name (given by the user) and any non-scanned addresses
  (usually because of round robin DNS).
o [Zenmap] Upgraded to the newer gtk.Tooltip API to avoid deprecation
  messages about gtk.Tooltip.
o [NSE] Enhance ssl-cert to also report the type and bit size of SSL
  certificate public keys.
o [Nping] Nping now limits concurrent open file descriptors properly
  based on the resources available on the host.
o Ncat now logs Nsock debug output to stderr instead of stdout for
  consistency with its other debug messages.
o Changed the name of libdnet's sctp_chunkhdr to avoid a conflict with
  a struct of the same name in <netinet/sctp.h>.
o [NSE] Host tables now have a host.traceroute member available when
  --traceroute is used.
o Nmap now prints the MTU for interfaces in --iflist output.
o [Ncat,NSE] Server Name Indication (SNI) is now supported by Ncat and
  Nmap NSE, allowing them to connect to servers which run multiple SSL
  websites on one IP address.
o [Nsock] Added a new function, nsi_set_hostname, to set the intended
  hostname of the target.
o [NSE] Made sslv2.nse give special output when SSLv2 is supported,
  but no SSLv2 ciphers are offered.
o Fixed the fragmentation options (-f in Nmap, --mtu in Nmap & Nping),
  which were improperly sending whole packets in version 5.35DC1.
o [NSE] When receiving raw packets from Pcap, the packet capture time
  is now available to scripts as an additional return value from
  pcap_receive().
o Updated IANA IP address space assignment list for random IP (-iR)
  generation.
o [Ncat] Ncat now uses case-insensitive string comparison when
  checking authentication schemes and parameters.
o [NSE] There is now a limit of 1,000 concurrent running scripts,
  instituted to keep memory under control when there are many open
  ports.

Plus many bugfixes and improvements.

For full changelog, see http://nmap.org/changelog.html

Revision 1.46: download - view: text, markup, annotated - select for diffs
Sun Jan 30 09:24:40 2011 UTC (13 years, 10 months ago) by markd
Branches: MAIN
Diff to: previous 1.45: preferred, colored
Changes since revision 1.45: +3 -3 lines
use _BSD_SOURCE rather than __USE_BSD. Noted by joerg@

Revision 1.45: download - view: text, markup, annotated - select for diffs
Sun Jan 30 01:25:09 2011 UTC (13 years, 10 months ago) by markd
Branches: MAIN
Diff to: previous 1.44: preferred, colored
Changes since revision 1.44: +3 -2 lines
define __USE_BSD to get u_char etal to successfully detect libpcap on linux

Revision 1.44: download - view: text, markup, annotated - select for diffs
Tue Nov 30 11:04:58 2010 UTC (14 years ago) by obache
Branches: MAIN
CVS tags: pkgsrc-2010Q4-base, pkgsrc-2010Q4
Diff to: previous 1.43: preferred, colored
Changes since revision 1.43: +2 -1 lines
Add an patch for OpenSSL without MD2 support.
PR#43975.

Revision 1.43: download - view: text, markup, annotated - select for diffs
Thu Jul 22 20:46:29 2010 UTC (14 years, 4 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2010Q3-base, pkgsrc-2010Q3
Diff to: previous 1.42: preferred, colored
Changes since revision 1.42: +4 -5 lines
Nmap 5.35DC1 [2010-07-16]

Some of the highlights are:

o [NSE] Added more scripts, bringing the total to 131!
o Performed a major OS detection integration run.
o Performed a large version detection integration run.
o [Zenmap] Added the ability to print Nmap output to a printer.
o [Nmap, Ncat, Nping] The default unit for time specifications is now
  seconds, not milliseconds, and times may have a decimal point.
o Ports are now considered open during a SYN scan if a SYN packet
  (without the ACK flag) is received in response.
o [Ncat] In listen mode, the --exec and --sh-exec options now accept a
  single connection and then exit, just like in normal listen mode.
o UDP payloads are now stored in an external data file, nmap-payloads,
  instead of being hard-coded in the executable.
o Added a new library, libnetutil, which contains about 2,700 lines of
  networking related code which is now shared between Nmap and Nping
o Improved service detection match lines.
o Improved our brute force password guessing list by mixing in some
  data sent in by Solar Designer of John the Ripper fame.
o [Zenmap] IP addresses are now sorted by octet rather than their
  string representation.
o [Ncat] When receiving a connection/datagram in listen mode, Ncat now
  prints the connecting source port along with the IP address.
o Added EPROTO to the list of known error codes in service scan.
o Updated IANA IP address space assignment list for random IP (-iR)
  generation.
o Zenmap's "slow comprehensive scan profile" has been modified to use
  the best 7-probe host discovery combination we were able to find in
  extensive empirical testing
o Zenmap now lets you save scan results in normal Nmap text output
  format or (as before) as XML.
o [NSE] Raw packet sending at the IP layer is now supported, in
  addition to the existing Ethernet sending functionality.
o Nmap now honors routing table entries that override interface
  addresses and netmasks.
o [Ncat] The HTTP proxy server now accepts client connections over
  SSL, and added support for HTTP digest authentication of proxies, as
  both client and server.
o Improved the MIT Kerberos version detection signatures.

Plus many bugfixes and improvements.

For full changelog, see http://nmap.org/changelog.html

Revision 1.42: download - view: text, markup, annotated - select for diffs
Sat Mar 27 13:37:33 2010 UTC (14 years, 8 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Diff to: previous 1.41: preferred, colored
Changes since revision 1.41: +2 -2 lines
Fixed brokenness of patch-ad

Ok'ed during freeze by wiz@

Revision 1.41: download - view: text, markup, annotated - select for diffs
Sun Mar 21 21:58:23 2010 UTC (14 years, 8 months ago) by pettai
Branches: MAIN
Diff to: previous 1.40: preferred, colored
Changes since revision 1.40: +6 -6 lines
Nmap 5.21 [2010-01-27] (-> Nmap 5.00)

Some of highlights are:

o Dramatically improved the version detection database, integrating
  2,596 submissions that users contributed since February 3, 2009!
o Added 7 new NSE scripts for a grand total of 79!
o Performed a memory consumption audit and made changes to
  dramatically reduce Nmap's footprint.
o A major service detection submission integration.
o Added some new service detection probes
o Added 14 new NSE scripts for a grand total of 72! You can learn
  about them all at http://nmap.org/nsedoc/. Here are the new ones:
o Nmap's --traceroute has been rewritten for better performance.
o Integrated 1,349 fingerprints (and 81 corrections).
o [NSE] Default socket parallelism has been doubled from 10 to 20.
o [NSE] Now supports worker threads
o Zenmap now includes ports in the services view whenever Nmap found
  them "interesting," whatever their state.
o [Ncat, Ndiff] The exit codes of these programs now reflect whether
  they succeeded.
o Optimize MAC address prefix lookup by using an std::map
o Canonicalized the list of OS detection device types to a smaller set.
o Zenmap's UI performance has improved significantly.
o [NSE] socket garbage collection was rewritten for better performance.

Many many bugfixes!

For full changelog, see http://nmap.org/changelog.html

Ok'ed during freeze by wiz@

Revision 1.40: download - view: text, markup, annotated - select for diffs
Mon Jul 20 19:40:08 2009 UTC (15 years, 4 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3
Diff to: previous 1.39: preferred, colored
Changes since revision 1.39: +7 -6 lines
Update to 5.00
Fix for PR#41506
Fix missing @dirrm entries from PLIST*

Before we go into the detailed changes, here are the top 5 improvements in Nmap 5:
1. The new Ncat tool aims to be your Swiss Army Knife for data transfer, redirection, and debugging. We released a whole users' guide detailing security testing and network administration tasks made easy with Ncat.
2. The addition of the Ndiff scan comparison tool completes Nmap's growth into a whole suite of applications which work together to serve network administrators and security practitioners. Ndiff makes it easy to automatically scan your network daily and report on any changes (systems coming up or going down or changes to the software services they are running). The other two tools now packaged with Nmap itself are Ncat and the much improved Zenmap GUI and results viewer.
3. Nmap performance has improved dramatically. We spent last summer scanning much of the Internet and merging that data with internal enterprise scan logs to determine the most commonly open ports. This allows Nmap to scan fewer ports by default while finding more open ports. We also added a fixed-rate scan engine so you can bypass Nmap's congestion control algorithms and scan at exactly the rate (packets per second) you specify.
4. We released Nmap Network Scanning, the official Nmap guide to network discovery and security scanning. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. More than half the book is available in the free online edition.
5. The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. All existing scripts have been improved, and 32 new ones added. New scripts include a whole bunch of MSRPC/NetBIOS attacks, queries, and vulnerability probes; open proxy detection; whois and AS number lookup queries; brute force attack scripts against the SNMP and POP3 protocols; and many more. All NSE scripts and modules are described in the new NSE documentation portal.

Details are here: http://nmap.org/changelog.html

Revision 1.39: download - view: text, markup, annotated - select for diffs
Wed Apr 1 07:56:18 2009 UTC (15 years, 8 months ago) by apb
Branches: MAIN
CVS tags: pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1
Diff to: previous 1.38: preferred, colored
Changes since revision 1.38: +2 -1 lines
Correct handling of the length of data returned by SIOCGIFCONF.  The
actual length of each item is never less than sizeof(struct ifreq), but
may be more than that.  If the platform's struct sockaddr has an sa_len
field, and if the length in sa_len is larger then the space available in
ifr_ifru, then the data extends beyond the end of the ifr_ifru field by
the difference in sizes.

Revision 1.38: download - view: text, markup, annotated - select for diffs
Sun Jan 4 15:16:11 2009 UTC (15 years, 11 months ago) by adrianp
Branches: MAIN
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +6 -6 lines
Update to 4.76

Fixed the --script-updatedb command
Fixed several byte-order bugs in Traceroute
Service fingerprints in XML output are no longer be truncated
Added a UDP SNMPv3 probe to version detection
Zenmap no longer leaves any temporary files lying around.
*Lots* of Zenmap fixes

See CHANGELOG for all the details

Revision 1.37: download - view: text, markup, annotated - select for diffs
Sun Jun 8 18:12:52 2008 UTC (16 years, 5 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +5 -7 lines
Update to 4.65
Take MAINTAINER (agreed with salo@)

o Updated to include the latest MAC Address prefixes from the IEEE in
  nmap-mac-prefixes [Fyodor]
o NSE engine was cleaned up significantly.
o Nmap now understands the RFC 4007 percent syntax for IPv6 Zone IDs.
o Updated IANA assignment IP list for random IP (-iR)
  generation. [Kris]
o NmapFE is now gone. (zenmap is the replacement)
o Added the NSE library (NSELib) which is a library of useful
  functions (which can be implemented in LUA or as loadable C/C++
  modules) for use by NSE scripts.
o Integrated the Nmap Scripting Engine (NSE) into mainline Nmap.

Revision 1.36: download - view: text, markup, annotated - select for diffs
Tue Jan 9 15:25:47 2007 UTC (17 years, 10 months ago) by rillig
Branches: MAIN
CVS tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +2 -1 lines
Fixed building with SunPro on Solaris.

Revision 1.35: download - view: text, markup, annotated - select for diffs
Sun Dec 17 17:55:49 2006 UTC (17 years, 11 months ago) by salo
Branches: MAIN
CVS tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +6 -6 lines
Update to version 4.20

Changes:

4.20

o Integrated the latest OS fingerprint submissions.  The 2nd
  generation DB size has grown to 231 fingerprints.  Please keep them
  coming!  New fingerprints include Mac OS X Server 10.5 pre-release,
  NetBSD 4.99.4, Windows NT, and much more.

o Fixed a segmentation fault in the new OS detection system
  which was reported by Craig Humphrey and Sebastian Garcia.

o Fixed a TCP sequence prediction difficulty indicator bug. The index
  is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD).
  But some systems generated ISNs so insecurely that Nmap went
  berserk and reported a negative difficulty index.  This generally
  only affects some printers, crappy cable modems, and Microsoft
  Windows (old versions).  Thanks to Sebastian Garcia for helping me
  track down the problem.

4.20RC2

o Integrated all of your OS detection submissions since RC1.  The DB
  has increased 13% to 214 fingerprints.  Please keep them coming!
  New fingerprints include versions of z/OS, OpenBSD, Linux, AIX,
  FreeBSD, Cisco CatOS, IPSO firewall, and a slew of printers and
  misc. devices.  We also got our first Windows 95 fingerprint,
  submitted anonymously of course :).

o Fixed (I hope) the "getinterfaces: intf_loop() failed" error which
  was seen on Windows Vista.  The problem was apparently in
  intf-win32.c of libdnet (need to define MIB_IF_TYPE_MAX to
  MAX_IF_TYPE rather than 32).  Thanks to Dan Griffin
  (dan(a)jwsecure.com) for tracking this down!

o Applied a couple minor bug fixes for IP options
  support and packet tracing.  Thanks to Michal Luczaj
  (regenrecht(a)o2.pl) for reporting them.

o Incorporated SLNP (Simple Library Network Protocol) version
  detection support.  Thanks to Tibor Csogor (tibi(a)tiborius.net) for
  the patch.

4.20RC1

o Fixed (I hope) a bug related to Pcap capture on Mac OS X.  Thanks to
  Christophe Thil for reporting the problem and to Kurt Grutzmacher
  and Diman Todorov for helping to track it down.

o Integrated all of your OS detection submissions since ALPHA11.  The
  DB has increased 27% to 189 signatures.  Notable additions include
  the Apple Airport Express, Windows Vista RC1, OpenBSD 4.0, a Sony
  TiVo device, and tons of broadband routers, printers, switches, and
  Linux kernels.  Keep those submissions coming!

o Upgraded the included LibPCRE from version 6.4 to 6.7.  Thanks to
  Jochen Voss (voss(a)seehuhn.de) for the suggestion (he found some bugs
  in 6.4)

4.20ALPHA11

o Integrated all of your OS detection submissions, bringing the
  database up to 149 fingerprints.  This is an increase of 28% from
  ALPHA10.  Notable additions include FreeBSD 6.1, a bunch of HP
  LaserJet printers, and HP-UX 11.11.  We also got a bunch of more
  obscure submissions like Minix 3.1.2a and "Ember InSight Adapter for
  programming EM2XX-family embedded devices".  Who doesn't have a few
  of those laying around?  I'm hoping that all the obscure submissions
  mean that more of the mainstream systems are being detected out of
  the box!  Please keep those submissions (obscure or otherwise)
  coming!

4.20ALPHA10

o Integrated tons of new OS fingerprints.  The DB now contains 116
  fingerprints, which is up 63% since the previous version.  Please keep
  the submissions coming!

4.20ALPHA9

o Integrated the newly submitted OS fingerprints. The DB now contains
  71 fingerprints, up 27% from 56 in ALPHA8.  Please keep them coming!
  We still only have 4.2% as many fingerprints as the gen1 database.

o Added the --open option, which causes Nmap to show only open ports.
  Ports in the states "open|closed" and "unfiltered" might be open, so
  those are shown unless the host has an overwhelming number of them.

o Nmap gen2 OS detection used to always do 2 retries if it fails to
  find a match.  Now it normally does just 1 retry, but does 4 retries
  if conditions are good enough to warrant fingerprint submission.
  This should speed things up on average.  A new --max-os-tries option
  lets you specify a higher lower maximum number of tries.

o Added --unprivileged option, which is the opposite of --privileged.
  It tells Nmap to treat the user as lacking network raw socket and
  sniffing privileges.  This is useful for testing, debugging, or when
  the raw network functionality of your operating system is somehow
  broken.

o Fixed a confusing error message which occured when you specified a
  ping scan or list scan, but also specified -p (which is only used for
  port scans).  Thanks to Thomas Buchanan for the patch.

o Applied some small cleanup patches from Kris Katterjohn

4.20ALPHA8

o Integrated the newly submitted OS fingerprints.  The DB now contains
  56, up 33% from 42 in ALPHA7.  Please keep them coming!  We still only
  have 3.33% as many signatures as the gen1 database.

o Nmap 2nd generation OS detection now has a more sophisticated
  mechanism for guessing a target OS when there is no exact match in the
  database (see http://insecure.org/nmap/osdetect/osdetect-guess.html )

o Rewrote mswin32/nmap.rc to remove cruft and hopefully reduce some
  MFC-related compilation problems we've seen.  Thanks to KX
  (kxmail(a)gmail.com) for doing this.

o NmapFE now uses a spin button for verbosity and debugging options so
  that you can specify whatever verbosity (-v) or debugging (-d) level
  you desire.  The --randomize-hosts option was also added to NmapFE.
  Thanks to Kris Katterjohn for the patches.

o A dozen or so small patches to Nmap and NmapFE by Kris Katterjohn.

o Removed libpcap/Win32 and libpcap/msdos as Nmap doesn't use them.
  This reduces the Nmap tar.bz2 by about 50K.  Thanks to Kris Katterjohn
  for the suggestion.

4.20ALPHA7

o Did a bunch of Nmap 2nd generation fingerprint integration work.
  Thanks to everyone who sent some in, though we still need a lot more.
  Also thanks to Zhao for a bunch of help with the integration tools.
  4.20ALPHA6 had 12 fingerprints, this new version has 42.  The old DB
  (still included) has 1,684.

o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
  (http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006.
  Also added the unregistered PearPC virtual NIC prefix, as suggested
  by Robert Millan (rmh(a)aybabtu.com).

o Applied some small internal cleanup patches by Kris Katterjohn.

4.20ALPHA6

o Fixed a bug in 2nd generation OS detection which would (usually) prevent
  fingerprints from being printed when systems don't respond to the 1st
  ICMP echo probe (the one with bogus code value of 9).  Thanks to
  Brandon Enright for reporting and helping me debug the problem.

o Fixed some problematic Nmap version detection signatures which could
  cause warning messages. Thanks to Brandon Enright for the initial patch.

4.20ALPHA5

o Worked with Zhao to improve the new OS detection system with
  better algorithms, probe changes, and bug fixes.  We're
  now ready to start growing the new database!  If Nmap gives you
  fingerprints, please submit them at the given URL.  The DB is still
  extremely small.  The new system is extensively documented at
  http://insecure.org/nmap/osdetect/ .

o Nmap now supports IP options with the new --ip-options flag.  You
  can specify any options in hex, or use "R" (record route), "T"
  (record timestamp), "U") (record route & timestamp), "S [route]"
  (strict source route), or "L [route]" (loose source route).  Specify
  --packet-trace to display IP options of responses.  For further
  information and examples, see http://insecure.org/nmap/man/ and
  http://seclists.org/nmap-dev/2006/q3/0052.html .  Thanks to Marek
  Majkowski for writing and sending the patch.

o Integrated all 2nd quarter service detection fingerprint
  submissions.  Please keep them coming!  We now have 3,671 signatures
  representing 415 protocols.   Thanks to version detection czar Doug
  Hoyte for doing this.

o Nmap now uses the (relatively) new libpcap pcap_get_selectable_fd
  API on systems which support it.  This means that we no longer need
  to hack the included Pcap to better support Linux.  So Nmap will now
  link with an existing system libpcap by default on that platform if
  one is detected.  Thanks to Doug Hoyte for the patch.

o Updated the included libpcap from 0.9.3 to 0.9.4.  The changes I
  made are in libpcap/NMAP_MODIFICATIONS .  By default, Nmap will now
  use the included libpcap unless version 0.9.4 or greater is already
  installed on the system.

o Applied some nsock bugfixes from Diman Todorov.  These don't affect
  the current version of Nmap, but are important for his Nmap
  Scripting Engine, which I hope to integrate into mainline Nmap in
  September.

o Fixed a bug which would occasionally cause Nmap to crash with the
  message "log_vwrite: write buffer not large enough".  I thought I
  conquered it in a previous release -- thanks to Doug Hoyte for finding a
  corner case which proved me wrong.

o Fixed a bug in the rDNS system which prevented us from querying
  certain authoritative DNS servers which have recursion explicitly
  disabled.  Thanks to Doug Hoyte for the patch.

o --packet-trace now reports TCP options (thanks to Zhao Lei for the
  patch).  Thanks to the --ip-options addition also found in this
  release, IP options are printed too.

o Cleaned up Nmap DNS reporting to be a little more useful and
  concise.  Thanks to Doug Hoyte for the patch.

o Applied a bunch of small internal cleanup patches by Kris Katterjohn
  (kjak(a)ispwest.com).

o Fixed the 'distclean' make target to be more comprehensive.  Thanks
  to Thomas Buchanan (Thomas.Buchanan(a)thecompassgrp.net) for the
  patch.

Nmap 4.20ALPHA4

o Nmap now provides progress statistics in the XML output in verbose
  mode.  Here are some examples of the format (etc is "estimated time
  until completion) and times are in UNIX time_t (seconds since 1970)
  format. Angle braces have been replaced by square braces:
  [taskbegin task="SYN Stealth Scan" time="1151384685" /]
  [taskprogress task="SYN Stealth Scan" time="1151384715"
                percent="13.85" remaining="187" etc="1151384902" /]
  [taskend task="SYN Stealth Scan" time="1151384776" /]
  [taskbegin task="Service scan" time="1151384776" /]
  [taskend task="Service scan" time="1151384788" /]
  Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.

o Updated the Windows installer to give an option checkbox for
  performing the Nmap performance registry changes.  The default is to
  do so.  Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.

o Applied several code cleanup patches from Marek Majkowski.

o Added --release-memory option, which causes Nmap to release all
  accessible memory buffers before quitting (rather than let the OS do
  it).  This is only useful for debugging memory leaks.

o Fixed a bug related to bogus completion time estimates when you
  request an estimate (through runtime interaction) right when Nmap is
  starting.a subsystem (such as a port scan or version detection).
  Thanks to Diman Todorov for reporting the problem and Doug Hoyte for
  writing a fix.

o Nmap no longer gets random numbers from OpenSSL when it is available
  because that turned out to be slower than Nmap's other methods
  (e.g. /dev/urandom on Linux, /dev/arandom on OpenBSD, etc.).  Thanks
  to Marek Majkowski for reporting the problem.

o Updated the Windows binary distributions (self-installer and .zip)
  to include the new 2nd generation OS detection DB (nmap-os-db).
  Thanks to Sina Bahram for reporting the problem.

o Fixed the --max-retries option, which wasn't being honored.  Thanks
  to Jon Passki (jon.passki(a)hursk.com) for the patch.

Nmap 4.20ALPHA3

o Added back Win32 support thanks to a patch by kx

o Fixed the English translation of TCP sequence difficulty reported by
  Brandon Enright, and also removed fingerprint printing for 1st
  generation fingerprints (I don't really want to deal with those
  anymore).  Thanks to Zhao Lei for writing this patch.

o Fix a problem which caused OS detection to be done in some cases
  even if the user didn't request it.  Thanks to Diman Todorov for the
  fix.

Nmap 4.20ALPHA2

o Included nmap-os-db (the new OS detection DB) within the release.
  Oops!  Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for catching
  this problem with 4.20ALPHA1.

o Added a fix for the crash in the new OS detection which would come
  with the message "Probe doesn't exist! Probe type: 1. Probe subid: 1"

Nmap 4.20ALPHA1

o Integrated initial 2nd generation OS detection patch!  The system is
  documented at http://insecure.org/nmap/osdetect/ .  Thanks to Zhao Lei
  for helping with the coding and design.

o portlist.cc was refactored to remove some code duplication.  Thanks
  to Diman Todorov for the patch.

Revision 1.34: download - view: text, markup, annotated - select for diffs
Wed Oct 11 19:23:53 2006 UTC (18 years, 1 month ago) by rillig
Branches: MAIN
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +2 -1 lines
Fixed "test ==".

Revision 1.33: download - view: text, markup, annotated - select for diffs
Sun Jun 25 14:29:14 2006 UTC (18 years, 5 months ago) by salo
Branches: MAIN
CVS tags: pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +5 -8 lines
Update to version 4.11

- bite the bullet and use GNU make, it's increasingly annoying to try
  avoiding it

Changes:

- Added a dozens of more detailed SSH version detection signatures,
  thanks to a SSH huge survey and integration effort by Doug Hoyte.
  The results of his large-scale SSH scan are posted at
   http://seclists.org/nmap-dev/2006/Apr-Jun/0393.html .

- Fixed the Nmap Makefile (actually Makefile.in) to correctly handle
  include file dependencies.  So if a .h file is changed, all of the
  .cc files which depend on it will be recompiled.  Thanks to Diman
  Todorov (diman(a)xover.mud.at) for the patch.

- Fixed a compilation problem on solaris and possibly other platforms.
  The error message looked like "No rule to make target `inet_aton.o',
  needed by `libnbase.a'".  Thanks to Matt Selsky
  (selsky(a)columbia.edu) for the patch.

  Fixes PR pkg/33806 from Gilles Dauphin.

- Applied a patch which helps with HP-UX compilation by linking in the
  nm library (-lnm).  Thanks to Zakharov Mikhail (zmey20000(a)yahoo.com)
  for the patch.

- Added version detection probes for detecting the Nessus daemon.
  Thanks to Adam Vartanian (flooey(a)gmail.com) for sending the patch.

Revision 1.32: download - view: text, markup, annotated - select for diffs
Thu Jun 15 15:24:23 2006 UTC (18 years, 5 months ago) by salo
Branches: MAIN
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +5 -5 lines
Update to version 4.10

Changes:

4.10:
=====
- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
  (http://standards.ieee.org/regauth/oui/oui.txt) as of May 31, 2006.
  Also added a couple unregistered OUI's (for QEMU and Bochs)
  suggested by Robert Millan (rmh(a)aybabtu.com).

- Fixed a bug which could cause false öpen" ports when doing a UDP
  scan of localhost. This usually only happened when you scan tens of
  thousands of ports (e.g. -p- option).

- Fixed a bug in service detection which could lead to a crash when
  "--version-intensity 0" was used with a UDP scan.  Thanks to Makoto
  Shiotsuki (shio(a)st.rim.or.jp) for reporting the problem and Doug
  Hoyte for producing a patch.

- Made some AIX and HP-UX portability fixes to Libdnet and NmapFE.
  These were sent in by Peter O'Gorman
  (nmap-dev(a)mlists.thewrittenword.com).

- When you do a UDP«CP scan, the TCP ports are now shown first (in
  numerical order), followed by the UDP ports (also in order).  This
  contrasts with the old format which showed all ports together in
  numerical order, regardless of protocol.  This was at first a "bug",
  but then I started thinking this behavior may be better.  If you
  have a preference for one format or the other, please post your
  reasons to nmap-dev.

- Changed mass_dns system to print a warning if it can't find any
  available DNS servers, but not quit like it used to.  Thanks to Doug
  Hoyte for the patch.

4.04BETA1:
==========
- Integrated all of your submissions (about a thousand) from the first
  quarter of this year!  Please keep 'em coming!  The DB has increased
  from 3,153 signatures representing 381 protocols in 4.03 to 3,441
  signatures representing 401 protocols.  No other tool comes close!
  Many of the already existing match lines were improved too.  Thanks
  to Version Detection Czar Doug Hoyte for doing this.

- Nmap now allows multiple ingored port states.  If a 65K-port scan
  had, 64K filtered ports, 1K closed ports, and a few dozen open
  ports, Nmap used to list the dozen open ones among a thousand lines
  of closed ports.  Now Nmap will give reports like "Not shown: 64330
  filtered ports, 1000 closed ports" or "All 2051 scanned ports on
  192.168.0.69 are closed (1051) or filtered (1000)", and omit all of
  those ports from the table.  Open ports are never ignored.  XML
  output can now have multiple <extraports> directive (one for each
  ignored state).  The number of ports in a single state before it is
  consolidated defaults to 26 or more, though that number increases as
  you add -v or -d options.  With -d3 or higher, no ports will be
  consolidated.  The XML output should probably be augmented to give
  the extraports directive 'ip', 'tcp', and 'udp' attributes which
  specify the corresponding port numbers in the given state in the
  same listing format as the nmaprun.scaninfo.services attribute, but
  that part hasn't yet been implemented.  If you absoultely need the
  exact port numbers for each state in the XML, use -d3 for now.

- Nmap now ignores certain ICMP error message rate limiting (rather
  than slowing down to accomidate it) in cases such as SYN scan where
  an ICMP message and no response mean the same thing (port filtered).
  This is currently only done at timing level Aggressive (-T4) or
  higher, though we may make it the default if we don't hear problems
  with it.  In addition, the --defeat-rst-ratelimit option has been
  added, which causes Nmap not to slow down to accomidate RST rate
  limits when encountered.  For a SYN scan, this may cause closed
  ports to be labeled 'filtered' becuase Nmap refused to slow down
  enough to correspond to the rate limiting.  Learn more about this
  new option at http://www.insecure.org/nmap/man/ .  Thanks to Martin
  Macok (martin.macok(a)underground.cz) for writing the patch that
  these changes were based on.

- Moved my Nmap development environment to Visual C++ 2005 Express
  edition.  In typical "MS Upgrade Treadmill" fashion, Visual Studio
  2003 users will no longer be able to compile Nmap using the new
  solution files.  The compilation, installation, and execution
  instructions at
  http://www.insecure.org/nmap/install/inst-windows.html have been
  upgraded.

- Automated my Windows build system so that I just have to type a
  single make command in the mswin32 directory.  Thanks to Scott
  Worley (smw(a)pobox.com>, Shane & Jenny Walters
  (yfisaqt(a)waltersinamerica.com), and Alex Prinsier
  (aphexer(a)mailhaven.com) for reading my appeal in the 4.03
  CHANGELOG and assisting.

- Changed the PortList class to use much more efficient data
  structures and algorithms which take advantage of Nmap-specific
  behavior patterns.  Thanks to Marek Majkowski
  (majek(a)forest.one.pl) for the patch.

- Fixed a bug which prevented certain TCPÙDP scan commands, such as
  "nmap -sSU -p1-65535 localhost" from scanning both TCP and UDP.
  Instead they gave the error message "WARNING: UDP scan was requested,
  but no udp ports were specified.  Skipping this scan type".  Thanks to
  Doug Hoyte for the patch.

- Nmap has traditionally required you to specify -T* timing options
  before any more granular options like --max-rtt-timeout, otherwise the
  general timing option would overwrite the value from your more
  specific request.  This has now been fixed so that the more specific
  options always have precendence.  Thanks to Doug Hoyte for this patch.

- Fixed a couple possible memory leaks reported by Ted Kremenek
 (kremenek(a)cs.stanford.edu) from the Stanford University sofware
 static analysis lab ("Checker" project).

- Nmap now prints a warning when you specify a target name which
  resolves to multiple IP addresses.  Nmap proceeds to scan only the
  first of those addresses (as it always has done).  Thanks to Doug
  Hoyte for the patch.  The warning looks like this:
  Warning: Hostname google.com resolves to 3 IPs. Using 66.102.7.99.

- Disallow --host-timeout values of less than 1500ms, print a warning
  for values less than 15s.

- Changed all instances of inet_aton() into calls to inet_pton()
  instead.  This allowed us to remove inet_aton.c from nbase.  Thanks to
  KX (kxmail(a)gmail.com) for the patch.

- When debugging (-d) is specified, Nmap now prints a report on the
  timing variables in use.  Thanks to Doug Hoyte for the patch.  The
  report loos like this:
  ---------- Timing report ----------
    hostgroups: min 1, max 100000
    rtt-timeouts: init 250, min 50, max 300
    scan-delay: TCP 5, UDP 1000
    parallelism: min 0, max 0
    max-retries: 2, host-timeout 900000
  -----------------------------------

- Modified the WinPcap installer file to explicitly uninstall an
  existing WinPcap (if you select that you wish to replace it) rather
  than just overwriting the old version.  Thanks to Doug Hoyte for
  making this change.

- Added some P2P application ports to the nmap-services file.  Thanks
  to Martin Macok for the patch.

- The write buffer length increased in 4.03 was increased even further
  when the debugging or verbosity levels are more than 2 (e.g. -d3).
  Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for the patch.  The
  goal is to prevent you from ever seeing the fatal error:
  "log_vwrite: write buffer not large enough -- need to increase"

- Added a note to the Nmap configure dragon that people sick of him
  can submit their own ASCII art to nmap-dev@insecure.org .  If you
  are wondering WTF I am talking about, it is probably because only
  most elite Nmap users -- the ones who compile from source on UNIX --
  get to see the 'l33t ASCII Art.

Revision 1.31: download - view: text, markup, annotated - select for diffs
Tue Apr 25 13:43:09 2006 UTC (18 years, 7 months ago) by salo
Branches: MAIN
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +5 -5 lines
Update to version 4.03

Changes:

- Updated the LibPCRE build system to add the -fno-thread-jumps option
  to gcc when compiling on the new Intel-based Apple Mac OS X systems.
  Hopefully this resolves the version detection crashes that several
  people have reported on such systems.  Thanks to Kurt Grutzmacher
  (grutz(a)jingojango.net) for sending the configure.ac patch.

- Increased a write buffer length to avoid Nmap from quitting with the
  message "log_vwrite: write buffer not large enough -- need to
  increase".  Thanks to Dave (dmarcher(a)pobox.com) for reporting the
  issue.

- Made some portability fixes to keep Nmap compiling with the newest
  Visual Studio 2005.  Thanks to KX (kxmail(a)gmail.com) for
  suggesting them.

- Service fingerprints are now provided in the XML output whenever
  they would appear in the interactive output (i.e. when a service
  respons with data but is unrecognized).  They are shown in a new
  'servicefp' attribute to the 'service' tag.  Thanks to Brandon Enright
  (bmenrigh(a)ucsd.edu) for sending the patch.

- Improved the Windows build system -- mswin32/Makefile now takes care
  of packaging Nmap and creating the installers once Visual Studio (GUI)
  is done building the Release version of mswin32/nmap.sln.  If someone
  knows how to do this (build) step on the command line (using the
  Makefile), please let me know.  Or if you know how to at least make
  'Release' (rather than Debug) the default configuration, that would be
  valuable.

- WinPcap 3.1 binaries are now shipped in the Nmap tarball, along with
  a customized (for Nmap) installer written by Doug Hoyte.  That new
  WinPcap installer is now used in the Nmap self-installer.

- Fixed (I hope) a problem where aggresive --min-parallelization
  option values could cause Nmap to quit with the message "box(300, 100,
  15) called (min,max,num)".  Thanks to  Richard van den Berg
  (richard.vandenberg(a)ins.com) for reporting the problem.

- Fixed a rare crash bug thanks to a report and patch from Ganga
  Bhavani (GBhavani(a)everdreamcorp.com)

Revision 1.30: download - view: text, markup, annotated - select for diffs
Sun Feb 12 17:24:23 2006 UTC (18 years, 9 months ago) by salo
Branches: MAIN
CVS tags: pkgsrc-2006Q1-base, pkgsrc-2006Q1
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +8 -9 lines
Updated to version 4.01:

Changes:

- Fixed a bug that would cause bogus reverse-DNS resolution on
  big-endian machines.  Thanks to Doug Hoyte, Seth Miller, Tony Doan,
  and Andrew Lutomirsky for helping to debug and patch the problem.

- Fixed an important memory leak in the raw ethernet sending system.
  Thanks to Ganga Bhavani (GBhavani(a)everdreamcorp.com) for
  identifying the bug and sending a patch.

- Fixed --system-dns option so that --system_dns works too.  Error
  messages were changed to reflect the former (preferred) name.
  Thanks to Sean Swift (sean.swift(a)bradford.gov.uk) and Peter
  VanEeckhoutte (Peter.VanEeckhoutte(a)saraleefoodseurope.com) for
  reporting the problem.

- Fixed a crash which would report this message:
  "NmapOutputTable.cc:143: void NmapOutputTable::addItem(unsigned int,
  unsigned int, bool, const char*, int): Assertion `row < numRows'
  failed."  Thanks to Jake Schneider (Jake.Schneider(a)dynetics.com)
  for reporting and helping to debug the problem.

- Whenever Nmap sends packets with the SYN bit set (except for OS
  detection), it now includes the maximum segment size (MSS) tcp
  option with a value of 1460.  This makes it stand out less as almost
  all hosts set at least this option.  Thanks to Juergen Schmidt
  (ju(a)heisec.de) for the suggestion.

- Applied a patch for a Windows interface reading bug in the aDNS
  subsystem from Doug Hoyte.

- Minor changes to recognize DragonFly BSD in configure
  scripts. Thanks to Joerg Sonnenberger (joerg(a)britannica.bec.de)
  for sending the patch.

- Fixed a minor bug in an error message starting with "eth_send of ARP
  packet returned".  Thanks to J.W. Hoogervorst
  (J.W.Hoogervorst(a)uva.nl) for finding this.

Revision 1.29: download - view: text, markup, annotated - select for diffs
Wed Feb 1 20:39:11 2006 UTC (18 years, 10 months ago) by joerg
Branches: MAIN
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +6 -4 lines
Add DragonFly support. Also recognize DragonFly and NetBSD as OS name.

Revision 1.28: download - view: text, markup, annotated - select for diffs
Tue Jan 31 22:21:23 2006 UTC (18 years, 10 months ago) by salo
Branches: MAIN
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +5 -5 lines
Update to version 4.00

Changes:

4.00:
=====
- Added the '?' command to the runtime interaction system.  It prints
  a list of accepted commands.  Thanks to Andrew Lutomirski
  (luto(a)myrealbox.com) for the patch.

3.9999:
=======
- Generated a new libpcre/configure to cope with changes in LibPCRE
  6.4

- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
  (http://standards.ieee.org/regauth/oui/oui.txt)

- Updated nmap-protocols with the latest IEEE internet protocols
  assignments (http://www.iana.org/assignments/protocol-numbers).

- Updated the Nmap version number and related fields that MS Visual
  Studio places in the binary.  This was done by editing
  mswin32/nmap.rc.

3.999:
======
- Added runtime interaction support to Windows, thanks to patches from
  Andrew Lutomirski (luto(a)myrealbox.com) and Gisle Vanem
  (giva(a)bgnett.no).

- Changed a couple lines of tcpip.cc (put certain IP header fields in
  host byte order rather than NBO) to (hopefully) support Mac OS X on
  Intel.  Thanks to Kurt Grutzmacher (grutz(a)jingojango.net) for the
  patch.

- Upgraded the included LibPCRE from version 6.3 to 6.4.  There was a
  report of version detection crashes on the new Intel-based MACs with
  6.3.

- Fixed an issue in which the installer would malfunction in rare
  issues when installing to a directory with spaces in it.  Thanks to
  Thierry Zoller (Thierry(a)Zoller.lu) for the report.

3.99:
=====
- Integrated all remaining 2005 service submissions.  The DB now has
  surpassed 3,000 signatures for the first time.  There now are 3,153
  signatures for 381 service protocols.  Those protocols span the
  gamut from abc, acap, afp, and afs to zebedee, zebra, and
  zenimaging.  It even covers obscure protocols such as http, ftp,
  smtp, and ssh :).  Thanks to Version Detection Czar Doug Hoyte for
  his excellent work on this.

- Created a Windows executable installer using the open source NSIS
  (Nullsoft Scriptable Install System).  It handles Pcap installation,
  registry performance changes, and adding Nmap to your cmd.exe
  executable path.  The installer source files are in mswin32/nsis/ .
  Thanks to Google SoC student Bo Jiang (jiangbo(a)brandeis.edu) for
  creating the initial version.

- Fixed a backward compatibility bug in which Nmap didn't recognize
  the --min_rtt_timeout option (it only recognized the newly
  hyphenated --min-rtt-timeout).  Thanks to Joshua D. Abraham
  (jabra(a)ccs.neu.edu) for the bug report.

- Fixed compilation to again work with gcc-derivatives such as
  MingW. Thanks to Gisle Vanem (giva(a)bgnett.no) for sending the
  patches

3.98BETA1:
==========
- Added run time interaction as documented at
  http://www.insecure.org/nmap/man/man-runtime-interaction.html .
  While Nmap is running, you can now press 'v' to increase verbosity,
  'd' to increase the debugging level, 'p' to enable packet tracing,
  or the capital versions (V,D,P) to do the opposite.  Any other key
  (such as enter) will print out a status message giving the estimated
  time until scan completion.  This only works on UNIX for now.  Do we
  have any volunteers to add Windows support?  You would need to
  change a handful of UNIX-specific termio calls with the Windows
  equivalents.  This feature was created by Paul Tarjan
  (ptarjan(a)stanford.edu) as part of the Google Summer of Code.

- Reverse DNS resolution is now done in parallel rather than one at a
  time.  All scans of large networks (particularly list, ping and
  just-a-few-ports scans) should benefit substantially from this
  change.  If you encounter any problems, please let us know.  The new
  --system_dns option was added so you can use the (slow) system
  resolver if you prefer that for some reason.  You can specify a
  comma separated list of DNS server IP addresses for Nmap to use with
  the new --dns_servers option.  Otherwise, Nmap looks in
  /etc/resolve.conf (UNIX) or the system registry (Windows) to obtain
  the nameservers already configured for your system.  This excellent
  patch was written by Doug Hoyte (doug(a)hcsw.org).

- Added the --badsum option, which causes Nmap to use invalid TCP or
  UDP checksums for packets sent to target hosts. Since virtually all
  host IP stacks properly drop these packets, any responses received
  are likely coming from a firewall or IDS that didn't bother to
  verify the checksum. For more details on this technique, see
  http://www.phrack.org/phrack/60/p60-0x0c.txt .  The author of that
  paper, Ed3f (ed3f(a)antifork.org), is also the author of this patch
  (which I changed it a bit).

- The 26 Nmap commands that previously included an underscore
  (--max_rtt_timeout, --send_eth, --host_timeout, etc.) have been
  renamed to use a hyphen in the preferred format
  (i.e. --max-rtt-timeout).  Underscores are still supported for
  backward compatibility.

- More excellent NmapFE patches from Priit Laes (amd(a)store20.com)
  were applied to remove all deprecated GTK API calls.  This also
  eliminates the annoying Gtk-Critical and Gtk-WARNING runtime messages.

- Changed the way the __attribute__ compiler extension is detected so
  that it works with the latest Fedora Core 4 updates (and perhaps other
  systems).  Thanks to Duilio Protti (dprotti(a)fceia.unr.edu.ar) for
  writing the patch.  The compilation error message this fixes was
  usually something like: "nmap.o(.rodata+0x17c): undefined reference
  to `__gthrw_pthread_cancel(unsigned long)"

- Added some exception handling code to mswin32/winfix.cc to prevent
  Nmap from crashing mysteriously when you have WinPcap 3.0 or earlier
  (instead of the required 3.1).  It now prints an error message instead
  asking you to upgrade, then reduces functionality to connect()-only
  mode.  I couldn't get it working with the C++ standard try/catch()
  blocks, but as soon as I used the nonstandard MS conventions
  (__try/__except(), everything worked fine. Shrug.

- Stripped the firewall API out of the libdnet included with Nmap
  because Nmap doesn't use it anyway.  This saves space and reduces the
  likelihood of compilation errors and warnings.

- Modified the previously useless --noninteractive option so that it
  deactivates runtime interaction.

3.96BETA1:
==========
- Added --max_retries option for capping the maximum number of
  retransmissions the port scan engine will do. The value may be as low
  as 0 (no retransmits).  A low value can increase speed, though at the
  risk of losing accuracy.  The -T4 option now allows up to 6 retries,
  and -T5 allows 2.  Thanks to Martin Macok
  (martin.macok(a)underground.cz) for writing the initial patch, which I
  changed quite a bit.  I also updated the docs to reflect this neat
  new option.

- Many of the Nmap low-level timing options take a value in
  milliseconds.  You can now append an 's', 'm', or 'h' to the value
  to give it in seconds, minutes, or hours instead.  So you can specify
  a 45 minute host timeout with --host_timeout 45m rather than specifying
  --host_timeout 2700000 and hoping you did the math right and have the
  correct number of zeros.  This also now works for the
  --min_rtt_timeout, --max_rtt_timeout, --initial_rtt_timeout,
  --scan_delay, and --max_scan_delay options.

- Improved the NmapFE port to GTK2 so it better-conforms to the new
  API and you don't get as many annoying messages in your terminal
  window.  GTK2 is prettier and more functional too.  Thanks to Priit
  Laes (amd(a)store20.com) for writing these
  excellent patches.

- Fixed a problem which led to the error message "Failed to determine
  dst MAC address for target" when you try to run Nmap using a
  dialup/PPP adapter on Windows rather than a real ethernet card.  Due
  to Microsoft breaking raw sockets, Nmap no longer supports dialup
  adapters, but it should now give you a clearer error message than
  the "dst MAC address" nonsense.

- Debian GNU/kFreeBSD is now supported thanks to a patch to libdnet's
  configure.in by Petr Salinger (Petr.Salinger(a)t-systems.cz).

- Tried to update to the latest autoconf only to find that there
  hasn't been a new version in more than two years :(.  I was able to
  find new config.sub and config.guess files at
  http://cvs.savannah.gnu.org/viewcvs/config/config/ , so I updated to
  those.

- Fixed a problem with the -e option when run on Windows (or UNIX with
  --send_eth) when run on an ethernet network against an external
  (routed) host.  You would get the message "NmapArpCache() can only
  take IPv4 addresses.  Sorry".  Thanks to KX (kxmail(a)gmail.com) for
  helping to track down the problem.

- Made some changes to allow source port zero scans (-g0).  Nmap used
  to refuse to do this, but now it just gives a warning that it may not
  work on all systems.  It seems to work fine on my Linux box.  Thanks
  to Bill Dale (bill_dale(a)bellsouth.net) for suggesting this feature.

- Made a change to libdnet so that Windows interfaces are listed as
  down if they are disconnected, unplugged, or otherwise unavailable.

- Ceased including foreign translations in the Nmap tarball as they
  take up too much space.  HTML versions can be found at
  http://www.insecure.org/nmap/docs.html , while XML and NROFF versions
  are available from http://www.insecure.org/nmap/data/man-xlate/ .

- Changed INSTALL and README-WIN32 files to mostly just reference the
  new Nmap Install Guide at http://www.insecure.org/nmap/install/ .

- Included docs/nmap-man.xml in the tarball distribution, which is the
  DocBook XML source for the Nmap man page.  Patches to Nmap that are
  user-visible should include patches to the man page XML source rather
  than to the generated Nroff.

- Fixed Nmap so it doesn't crash when you ask it to resume a previous
  scan, but pass in a bogus file rather than actual Nmap output.  Thanks
  to Piotr Sobolewski (piotr_sobolewski(a)o2.pl) for the fix.

Revision 1.27: download - view: text, markup, annotated - select for diffs
Thu Dec 8 21:59:17 2005 UTC (18 years, 11 months ago) by salo
Branches: MAIN
CVS tags: pkgsrc-2005Q4-base, pkgsrc-2005Q4
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +5 -5 lines
Update to version 3.95

Changes:

- Put Nmap on a diet, with changes to the core port scanning routine
  (ultra_scan) to substantially reduce memory consumption, particularly
  when tens of thousands of ports are scanned.

- Wrote a new man page from scratch.  It is much more comprehensive
  (more than twice as long) and (IMHO) better organized than the
  previous one.  Read it online at http://www.insecure.org/nmap/man/
  or docs/nmap.1 from the Nmap distribution.  Let me know if you have
  any ideas for improving it.

- Wrote a new "help screen", which you get when running Nmap without
  arguments.  It is also reproduced in the man page and at
  http://www.insecure.org/nmap/data/nmap.usage.txt .  I gave up trying
  to fit it within a 25-line, 80-column terminal window.  It is now 78
  lines and summarizes all but the most obscure Nmap options.

- Removed foreign translations of the old man page from the
  distribution.  Included the following contributed translations
  (nroff format) of the new man page:
    Brazilian Portuguese by Lucien Raven (lucienraven(a)yahoo.com.br)
    Portuguese (Portugal) by José Domingos (jd_pt(a)yahoo.com) and
    Andreia Gaita (shana.ufie(a)gmail.com).

- Fixed a crash in IPID Idle scan.  Thanks to Ron
  (iago(a)valhallalegends.com>, Bakeman (bakeman(a)physics.unr.edu),
  and others for reporting the problem.

- Applied some small fixes so that Nmap compiles with Visual C++
  2005 Express, which is free from Microsoft at
  http://msdn.microsoft.com/vstudio/express/visualc/ .  Thanks to KX
  (kxmail(a)gmail.com) and Sina Bahram (sbahram(a)nc.rr.com)

- Version detection softmatches (when Nmap determines the service
  protocol such as smtp but isn't able to determine the app name such as
  Postfix) can now parse out the normal match line fields such as
  hostname, device type, and extra info.  For example, we may not know
  what vendor created an sshd, but we can still parse out the protocol
  number.  This was a patch from  Doug Hoyte (doug(a)hcsw.org).

- Fixed a problem which caused UDP version scanning to fail to print
  the matched service.  Thanks to Martin Macok
  (martin.macok(a)underground.cz) for reporting the problem and Doug
  Hoyte (doug(a)hcsw.org) for fixing it.

- Made the version detection "ports" directive (in
  nmap-service-probes) more comprehensive.  This should speed up scans a
  bit.  The patch was done by Doug Hoyte (doug(a)hcsw.org).

- Integrated all of the September version detection fingerprint
  submissions.  This was done by Version Detection Czar Doug Hoyte
  (doug(a)hcsw.org) and resulted in 86 new match lines.  Please keep
  those submissions coming!

- Fixed a bunch of typos and misspellings throughout the Nmap source
  code (mostly in comments).  This was a 625-line patch by Saint Xavier
  (skyxav(a)skynet.be).

- Added the --webxml option, which does the same thing as
  --stylesheet http://www.insecure.org/nmap/data/nmap.xsl , without
  requiring you to remember the exact URL or type that whole thing.

- Fixed a possible aliasing problem in tcpip.cc by applying a patch sent in by
  Gwenole Beauchesne (gbeauchesne(a)mandriva.com).  This problem
  shouldn't have had any effect on users since we already include the
  -fno-strict-aliasing option whenever gcc 4 is detected, but it
  brings us closer to being able to remove that option.

- Fixed a problem with the -S and -e options (spoof/set
  source address, and set interface by name, respectively).  The problem
  report and a partial patch were sent by Richard Birkett
  (richard(a)musicbox.net).

- Fixed a problem with the -S and option on Windows reporting "Failed
  to resolve/decode supposed IPv4 source address".  The -D (decoy)
  option was probably broken on that platform too.  Thanks to KX
  (kxmail(a)gmail.com) for reporting the problem and tracking down a
  potential solution.

- Added --thc option (undocumented)

- Modified libdnet-stripped/src/eth-bsd.c to allow for up to 128 bpf
  devices rather than 32.  This prevents errors like "Failed to open
  ethernet interface (fxp0)" when there are more than 32 interface
  aliases.  Thanks to Krok (krok(a)void.ru) for reporting the problem
  and even sending a patch.

- Fixed a minor syntax error in tcpip.h that was causing problems with
  GCC 4.1.  Thanks to Dirk Mueller (dmuell(a)gmx.net) for reporting
  the problem and sending a fix.

- Define INET_ADDRSTRLEN in tcpip.h if the system doesn't define it
  for us.  This apparently aids compilation on Solaris 2.6 and 7.
  Thanks to Albert Chin (nmap-hackers(a)mlists.thewrittenword.com) for
  sending the patch..

- Fixed an inefficiency in RPC scan that could slow things down and
  also sometimes resulted in the spurious warning message: Ünable to
  find listening socket in get_rpc_results"

- Fixed a compilation problem on Mac OS X and perhaps other platforms
  with a one-line fix to scan_engine.cc.  Thanks to Felix Gröbert
  (felix(a)groebert.org) for notifying me of the problem.

- Nmap now accepts target list files in Windows end-of-line format (\r\n)
  as well as standard UNIX format (\n) on all platforms.  Passing a
  Windows style file to Nmap on UNIX didn't work before unless you ran
  dos2unix first.

- Fixed a problem that prevented the command "nmap -sT -PT <targets>"
  from working from a non-privileged user account.  The -PT option
  doesn't change default behavior in this case, but Nmap should (and now
  does) allow it.

- Better handle ICMP type 3, code 0 (network unreachable) responses to
  port scan packets.  These are rarely seen when scanning hosts that
  are actually online, but are still worth handling.

- Fixed a crash occured when the --exclude option was used with
  netmasks on certain platforms.  Thanks to Adam
  (nmapuser(a)globalmegahost.com) for reporting the problem and to
  Greg Darke (starstuff(a)optusnet.com.au) for sending a patch (I
  modified the patch a bit to make it more efficient).

- Removed Identd scan support from NmapFE since Nmap no longer
  supports it.  Thanks to Jonathan Dieter (jdieter99(a)gmx.net) for the
  patch.

- Fixed a bug that caused Nmap to crash if an nmap-service-probes file
  was used which didn't contain the Exclude directive.

- Fixed a divide-by-zero crash when you specify rather bogus
  command-line arguments (a TCP scan with zero tcp ports).  Thanks to
  Bart Dopheide (dopheide(a)fmf.nl) for identifying the problem and
  sending a patch.

Revision 1.26: download - view: text, markup, annotated - select for diffs
Thu Sep 15 14:12:18 2005 UTC (19 years, 2 months ago) by salo
Branches: MAIN
CVS tags: pkgsrc-2005Q3-base, pkgsrc-2005Q3
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +5 -6 lines
Update to version 3.93

Changes:

3.93:
=====

o Modified Libpcap's configure.ac to compile with the
  --fno-strict-aliasing option if gcc 4.X is used.  This prevents when
  said compiler is used.  This was done for Nmap in 3.90, but is
  apparently needed for pcap too.  Thanks to Craig Humphrey
  (Craig.Humphrey(a)chapmantripp.com) for the discovery.

o Patched libdnet to include sys/uio.h in src/tun-linux.c.  This is
  apparently necessary on some Glibc 2.1 systems.  Thanks to Rob Foehl
  (rwf(a)loonybin.net) for the patch.

o Fixed a crash which could occur when a ridiculously short
  --host_timeout was specified on Windows (or on UNIX if --send_eth was
  specified).  Nmap now also prints a warning if you specify a
  host_timeout of less than 1 second.  Thanks to Ole Morten Grodaas
  (grodaas(a)gmail.com) for discovering the problem.

3.91:
=====

o Fixed a crash on Windows when you -P0 scan an unused IP on a local
  network (or a range that contains unused IPs).  This could also
  happen on UNIX if you specified the new --send_eth option.  Thanks
  to Jim Carras (JFCECL(a)engr.psu.edu) for reporting the problem.

o Fixed compilation on OpenBSD by applying a patch from Okan Demirmen
  (okan(a)demirmen.com), who maintains Nmap in the OpenBSD Ports
  collection.

o Updated nmap-mac-prefixes to include OUIs assigned by the IEEE since
  April.

o Updated the included libpcre (used for version detection) from
  version 4.3 to 6.3.  A libpcre securty issue was fixed in 6.3, but
  that issue never affected Nmap.

o Updated the included libpcap from 0.8.3 to 0.9.3.  I also changed
  the directory name in the Nmap tarball from libpcap-possiblymodified
  to just libpcap.  As usual, the modifications are described in the
  NMAP_MODIFICATIONS in that directory.

3.90:
=====

o Added the ability for Nmap to send and properly route raw ethernet
  packets cointaining IP datagrams rather than always sending the
  packets via raw sockets. This is particularly useful for Windows,
  since Microsoft has disabled raw socket support in XP for no good
  reason.  Nmap tries to choose the best method at runtime based on
  platform, though you can override it with the new --send_eth and
  --send_ip options.

o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to
  determine whether hosts on a LAN are up, rather than relying on
  higher-level IP packets (which can only be sent after a successful
  ARP request and reply anyway).  This is much faster and more
  reliable (not subject to IP-level firewalling) than IP-based probes.
  The downside is that it only works when the target machine is on the
  same LAN as the scanning machine.  It is now used automatically for
  any hosts that are detected to be on a local ethernet network,
  unless --send_ip was specified.  Example usage: nmap -sP -PR
  192.168.0.0/16 .

o Added the --spoof_mac option, which asks Nmap to use the given MAC
  address for all of the raw ethernet frames it sends.  The MAC given
  can take several formats.  If it is simply the string "0", Nmap
  chooses a completely random MAC for the session.  If the given
  string is an even number of hex digits (with the pairs optionally
  separated by a colon), Nmap will use those as the MAC.  If less than
  12 hex digits are provided, Nmap fills in the remainder of the 6
  bytes with random values.  If the argument isn't a 0 or hex string,
  Nmap looks through the nmap-mac-prefixes to find a vendor name
  containing the given string (it is case insensitive).  If a match is
  found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the
  remaining 3 bytes randomly.  Valid --spoof_mac argument examples are
  "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and
  "Cisco".

o Applied an enormous nmap-service-probes (version detection) update
  from SoC student Doug Hoyte (doug(a)hcsw.org).  Version 3.81 had
  1064 match lines covering 195 service protocols.  Now we have 2865
  match lines covering 359 protocols!  So the database size has nearly
  tripled!  This should make your -sV scans quicker and more
  accurate.  Thanks also go to the (literally) thousands of you who
  submitted service fingerprints.  Keep them coming!

o Applied a massive OS fingerprint update from Zhao Lei
  (zhaolei(a)gmail.com).  About 350 fingerprints were added, and many
  more were updated.  Notable additions include Mac OS X 10.4 (Tiger),
  OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along
  with a new "robotic pet" device type category), the latest Linux 2.6
  kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64
  UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO
  3.8.X, and Solaris 10.  Of course there are also tons of new
  broadband routers, printers, WAPs and pretty much any other device
  you can coax an ethernet cable (or wireless card) into!

o Added 'leet ASCII art to the confugrator!  ARTIST NOTE: If you think
  the ASCII art sucks, feel free to send me alternatives.  Note that
  only people compiling the UNIX source code get this. (ASCII artist
  unknown).

o Added OS, device type, and hostname detection using the service
  detection framework.  Many services print a hostname, which may be
  different than DNS.  The services often give more away as well.  If
  Nmap detects IIS, it reports an OS family of "Windows".  If it sees
  HP JetDirect telnetd, it reports a device type of "printer".  Rather
  than try to combine TCP/IP stack fingerprinting and service OS
  fingerprinting, they are both printed.  After all, they could
  legitimately be different.  An IP that gives a stack fingerprint
  match of "Linksys WRT54G broadband router" and a service fingerprint
  of Windows based on Kazaa running is likely a common NAT setup rather
  than an Nmap mistake.

o Nmap on Windows now compiles/links with the new WinPcap 3.1
  header/lib files. So please upgrade to 3.1 from
  http://www.winpcap.org before installing this version of Nmap.
  While older versions may still work, they aren't supported with Nmap.

o The official Nmap RPM files are now compiled statically for better
  compatability with other systems.  X86_64 (AMD Athlon64/Opteron)
  binaries are now available in addition to the standard i386.  NmapFE
  RPMs are no longer distributed by Insecure.Org.

o Nmap distribution signing has changed. Release files are now signed
  with a new Nmap Project GPG key (KeyID 6B9355D0).  Fyodor has also
  generated a new key for himself (KeyID 33599B5F).  The Nmap key has
  been signed by Fyodor's new key, which has been signed by Fyodor's
  old key so that you know they are legit.  The new keys are available
  at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as
  docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public
  keyserver network.  Here are the fingerprints:
    pub  1024D/33599B5F 2005-04-24
         Key fingerprint = BB61 D057 C0D7 DCEF E730  996C 1AF6 EC50 3359 9B5F
    uid  Fyodor <fyodor@insecure.org>
    sub  2048g/D3C2241C 2005-04-24

    pub  1024D/6B9355D0 2005-04-24
         Key fingerprint = 436D 66AB 9A79 8425 FDA0  E3F8 01AF 9F03 6B93 55D0
    uid  Nmap Project Signing Key (http://www.insecure.org/)
    sub  2048g/A50A6A94 2005-04-24

o Fixed a crash problem related to non-portable varargs (vsnprintf)
  usage. Reports of this crash came from Alan William Somers
  (somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de).
  This patch was prevalent on Linux boxes running an Opteron/Athlon64
  CPU in 64-bit mode.

o Fixed crash when Nmap is compiled using gcc 4.X by adding the
  --fno-strict-aliasing option when that compiler is detected.  Thanks
  to Greg Darke (starstuff(a)optusnet.com.au) for discovering that
  this option fixes (hides) the problem and to Duilio J. Protti
  (dprotti(a)flowgate.net) for writing the configure patch to detect
  gcc 4 and add the option.  A better fix is to identify and rewrite
  lines that violate C99 alias rules, and we are looking into that.

o Added "rarity" feature to Nmap version detection.  This causes
  obscure probes to be skipped when they are unlikely to help.  Each
  probe now has a "rarity" value.  Probes that detect dozens of
  services such as GenericLines and GetRequest have rarity values of
  1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9.
  When interrogating a port, Nmap always tries probes registered to
  that port number.  So even WWWOFFLEctrlstat will be tried against
  port 8081 and mydoom will be tried against open ports between 3127
  and 3198.  If none of the registered ports find a match, Nmap tries
  probes that have a rarity less than or equal to its current
  intensity level.  The intensity level defaults to 7 (so that most of
  the probes are done).  You can set the intensity level with the new
  --version_intensity option.  Alternatively, you can just use
  --version_light or --version_all which set the intensity to 2 (only
  try the most important probes and ones registered to the port
  number) and 9 (try all probes), respectively.  --version_light is
  much faster than default version detection, but also a bit less
  likely to find a match.  This feature was designed and implemented
  by Doug Hoyte (doug(a)hcsw.org).

o Added a "fallback" feature to the nmap-service-probes database.
  This allows a probe to "inherit" match lines from other probes.  It
  is currently only used for the HTTPOptions, RTSPRequest, and
  SSLSessionReq probes to inherit all of the match lines from
  GetRequest.  Some servers don't respond to the Nmap GetRequest (for
  example because it doesn't include a Host: line) but they do respond
  to some of those other 3 probes in ways that GetRequest match lines
  are general enough to match.  The fallback construct allows us to
  benefit from these matches without repeating hundreds of signatures
  in the file.  This is another feature designed and implemented
  by Doug Hoyte (doug(a)hcsw.org).

o Fixed crash with certain --excludefile or
  --exclude arguments.  Thanks to Kurt Grutzmacher
  (grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for
  reporting the problem, and to Duilio J. Protti
  (dprotti(a)flowgate.net) for debugging the issue and sending the
  patch.

o Updated random scan (ip_is_reserved()) to reflect the latest IANA
  assignments.  This patch was sent in by Felix Groebert
  (felix(a)groebert.org).

o Included new Russian man page translation by
  locco_bozi(a)Safe-mail.net

o Applied pach from Steve Martin (smartin(a)stillsecure.com) which
  standardizes many OS names and corrects typos in nmap-os-fingerprints.

o Fixed a crash found during certain UDP version scans.  The crash was
  discovered and reported by Ron (iago(a)valhallalegends.com) and fixed
  by Doug Hoyte (doug(a)hcsw.com).

o Added --iflist argument which prints a list of system interfaces and
  routes detected by Nmap.

o Fixed a protocol scan (-sO) problem which led to the error message:
  "Error compiling our pcap filter: syntax error".  Thanks to Michel
  Arboi (michel(a)arboi.fr.eu.org) for reporting the problem.

o Fixed an Nmap version detection crash on Windows which led to the
  error message "Unexpected error in NSE_TYPE_READ callback.  Error
  code: 10053 (Unknown error)".  Thanks to Srivatsan
  (srivatsanp(a)adventnet.com) for reporting the problem.

o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers
  (TSellers(a)trustmark.com).

o Applied some changes from  Gisle Vanem (giva(a)bgnett.no) to make
  Nmap compile with Cygwin.

o XML "osmatch" element now has a "line" attribute giving the
  reference fingerprint line number in nmap-os-fingerprints.

o Added a distcc probes and a bunch of smtp matches from Dirk Mueller
  (mueller(a)kde.org) to nmap-service-probes.  Also added AFS version
  probe and matches from Lionel Cons (lionel.cons(a)cern.ch).  And
  even more probes and matches from Martin Macok
  (martin.macok(a)underground.cz)

o Fixed a problem where Nmap compilation would use header files from
  the libpcap included with Nmap even when it was linking to a system
  libpcap.  Thanks to Solar Designer (solar(a)openwall.com) and Okan
  Demirmen (okan(a)demirmen.com) for reporting the problem.

o Added configure option --with-libpcap=included to tell Nmap to use
  the version of libpcap it ships with rather than any that may already be
  installed on the system.  You can still use --with-libpcap=[dir] to
  specify that a system libpcap be installed rather than the shipped
  one.  By default, Nmap looks at both and decides which one is likely
  to work best.  If you are having problems on Solaris, try
  --with-libpcap=included .

o Changed the --no-stylesheet option to --no_stylesheet to be
  consistant with all of the other Nmap options.  Though I'm starting to
  like hyphens a bit better than underscores and may change all of the
  options to use hyphens instad at some point.

o Added "Exclude" directive to nmap-service-probes grammar which
  causes version detection to skip listed ports.  This is helpful for
  ports such as 9100.  Some printers simply print any data sent to
  that port, leading to pages of HTTP requests, SMB queries, X Windows
  probes, etc.  If you really want to scan all ports, specify
  --allports.  This patch came from Doug Hoyte (doug(a)hcsw.org).

o Added a stripped-down and heavily modified version of Dug Song's
  libdnet networking library (v. 1.10).  This helps with the new raw
  ethernet features.  My (extensive) changes are described in
  libdnet-stripped/NMAP_MODIFICATIONS

o Removed WinIP library (and all Windows raw sockets code) since MS
  has gone and broken raw sockets.  Maybe packet receipt via raw
  sockets will come back at some point.  As part of this removal, the
  Windows-specific --win_help, --win_list_interfaces, --win_norawsock,
  --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi,
  and --win_trace options have been removed.

o Chagned the interesting ports array from a 65K-member array of
  pointers into an STL list.  This noticeable reduces memory usage in
  some cases, and should also give a slight runtime performance
  boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com).

o Removed the BSDFIX/BSDUFIX macros.  The underlying bug in
  FreeBSD/NetBSD is still there though.  When an IP packet is sent
  through a raw socket, these platforms require the total length and
  fragmentation offset fields of an IP packet to be in host byte order
  rather than network byte order, even though all the other fields
  must be in NBO.  I believe that OpenBSD fixed this a while back.
  Other platforms, such as Linux, Solaris, Mac OS X, and Windows take
  all of the fields in network byte order.  While I removed the macro,
  I still do the munging where required so that Nmap still works on
  FreeBSD.

o Integrated many nmap-service-probes changes from Bo Jiang
  (jiangbo(a)brandeis.edu)

o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri
  (eilon(a)aristo.tau.ac.il)

o Added some new RPC services to nmap-rpc thanks to a patch from
  vlad902 (vlad902(a)gmail.com).

o Fixed a bug where Nmap would quit on Windows whenever it encountered
  a raw scan of localhost (including the local ethernet interface
  address), even when that was just one address out of a whole network
  being scanned.  Now Nmap just warns that it is skipping raw scans when
  it encounters the local IP, but continues on to scan the rest of the
  network.  Raw scans do not currently work against local IP addresses
  because Winpcap doesn't support reading/writing localhost interfaces
  due to limitations of Windows.

o The OS fingerprint is now provided in XML output if debugging is
  enabled (-d) or verbosity is at least 2 (-v -v).  This patch was
  sent by Okan Demirmen (okan(a)demirmen.com)

o Fixed the way tcp connect scan (-sT) respons to ICMP network
  unreachable responses (patch by Richard Moore
  (rich(a)westpoint.ltd.uk).

o Update random host scan (-iR) to support the latest IANA-allocated
  ranges, thanks to patch by Chad Loder (cloder(a)loder.us).

o Updated GNU shtool (a helper program used during 'make install' to
  version 2.0.2, which fixes a predictable temporary filename
  weakness discovered by Eric Raymond.

o Removed addport element from XML DTD, since it is no longer used
  (sugested by Lionel Cons (lionel.cons(a)cern.ch)

o Added new --privileged command-line option and NMAP_PRIVILEGED
  environmental variable.  Either of these tell Nmap to assume that
  the user has full privileges to execute raw packet scans, OS
  detection and the like.  This can be useful when Linux kernel
  capabilities or other systems are used that allow non-root users to
  perform raw packet or ethernet frame manipulation.  Without this
  flag or variable set, Nmap bails on UNIX if geteuid() is
  nonzero.

o Changed the RPM spec file so that if you define "static" to 1 (by
  passing --define "static 1" to rpmbuild), static binaries are built.

o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon
  Burr (simes(a)bpfh.net).

o ultra_scan() now sets pseudo-random ACK values (rather than 0) for
  any TCP scans in which the initial probe packet has the ACK flag set.
  This would be the ACK, Xmas, Maimon, and Window scans.

o Updated the Nmap version number, description, and similar fields
  that MS Visual Studio places in the binary.  This was done by editing
  mswin32/nmap.rc as suggested by Chris Paget (chrisp@ngssoftware.com)

o Fixed Nmap compilation on DragonFly BSD (and perhaps some other
  systems) by applying a short patch by Joerg Sonnenberger which omits
  the declaration of errno if it is a #define.

o Fixed an integer overflow that prevented Nmap from scanning
  2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1).  Problem
  noted by Justin Cranford (jcranford(a)n-able.com).  While /1 scans
  are now possible, don't expect them to finish during your bathroom
  break.  No matter how constipated you are.

o Increased the buffer size allocated for fingerprints to prevent Nmap
  from running out and quitting (error message: "Assertion
  `servicefpalloc - servicefplen > 8' failed".  Thanks to Mike Hatz
  (mhatz(a)blackcat.com) for the report. [ Actually this was done in a
  previous version, but I forgot which one ]

o Changed from CVS to Subversion source control system (which
  rocks!). Neither repository is public (I'm paranoid because both CVS
  and SVN have had remotely exploitable security holes), so the main
  change users will see is that "Id" tags in file headers use the SVN
  format for version numbering and such.

Revision 1.25: download - view: text, markup, annotated - select for diffs
Tue May 31 09:13:19 2005 UTC (19 years, 6 months ago) by salo
Branches: MAIN
CVS tags: pkgsrc-2005Q2-base, pkgsrc-2005Q2
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +2 -1 lines
Build on DragonFly BSD.
Patch from Joerg Sonnenberger via private mail.

Revision 1.24: download - view: text, markup, annotated - select for diffs
Thu Feb 24 12:13:55 2005 UTC (19 years, 9 months ago) by agc
Branches: MAIN
CVS tags: pkgsrc-2005Q1-base, pkgsrc-2005Q1
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +2 -1 lines
Add RMD160 digests.

Revision 1.23: download - view: text, markup, annotated - select for diffs
Wed Feb 9 13:58:41 2005 UTC (19 years, 9 months ago) by salo
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +3 -3 lines
Update to version 3.81

Changes:

- Nmap now prints a warning message on Windows if Winpcap is not found
  (it then reverts to raw sockets mode if available, as usual).
- documentation fixes and updates.

Revision 1.22: download - view: text, markup, annotated - select for diffs
Sun Feb 6 21:56:11 2005 UTC (19 years, 10 months ago) by salo
Branches: MAIN
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +3 -3 lines
Updated to version 3.80

Changes:

- Nmap now ships with and installs (in the same directory as other
  data files such as nmap-os-fingerprints) an XSL stylesheet for
  rendering the XML output as HTML.  This stylesheet was written by
  Benjamin Erb ( see http://www.benjamin-erb.de/nmap/ for examples).
  It supports tables, version detection, color-coded port states, and
  more.  The XML output has been augmented to include an
  xml-stylesheet directive pointing to nmap.xsl on the local
  filesystem.  You can point to a different XSL file by providing the
  filename or URL to the new --stylesheet argument.  Omit the
  xml-stylesheet directive entirely by specifying --no-stylesheet.
  The XML to HTML conversion can be done with an XSLT processor such
  as Saxon, Sablot, or Xalan, but modern browsers can do this on the
  fly -- simply load the XML output file in IE or Firefox.  Some
  features don't currently work with Firefox's on-the-fly rendering.
  Perhaps some Mozilla wizard can fix that in either the XSL or the
  browser itself.  I hate having things work better in IE :).  It is
  often more convenient to have the stylesheet loaded from a URL
  rather than the local filesystem, allowing the XML to be rendered on
  any machine regardless of whether/where the XSL is installed.  For
  privacy reasons (avoid loading of an external URL when you view
  results), Nmap uses the local filesystem by default.  If you would
  like the latest version of the stylesheet load from the web when
  rendering, specify
  --stylesheet http://www.insecure.org/nmap/data/nmap.xsl .

- Fixed fragmentation option (-f).  One -f now sets sends fragments
  with just 8 bytes after the IP header, while -ff sends 16 bytes to
  reduce the number of fragments needed.  You can specify your own
  fragmentation offset (must be a multiple of 8) with the new --mtu
  flag.  Don't also specify -f if you use --mtu.  Remember that some
  systems (such as Linux with connection tracking) will defragment in
  the kernel anyway -- so test first while sniffing with ethereal.
  These changes are from a patch by Martin Macok
  (martin.macok(a)underground.cz).

- Nmap now prints the number (and total bytes) of raw IP packets sent
  and received when it completes, if verbose mode (-v) is enabled.  The
  report looks like:
  Nmap finished: 256 IP addresses (3 hosts up) scanned in 30.632 seconds
                 Raw packets sent: 7727 (303KB) | Rcvd: 6944 (304KB)

- Fixed (I hope) an error which would cause the Windows version of
  Nmap to abort under some circumstances with the error message
  "Unexpected error in NSE_TYPE_READ callback.  Error code: 10053
  (Unknown error)".  Problem reported by "Tony Golding"
  (biz(a)tonygolding.com).

- Added new "closed|filtered" state.  This is used for Idlescan, since
  that scan method can't distinguish between those two states.  Nmap
  previously just used "closed", but this is more accurate.

- Null, FIN, Maimon, and Xmas scans now mark ports as "open|filtered"
  instead of "open" when they fail to receive any response from the
  target port.  After all, it could just as easily be filtered as open.
  This is the same change that was made to UDP scan in 3.70.  Also as
  with UDP scan, adding version detection (-sV) will change the state
  from open|filtered to open if it confirms that they really are open.

- Fixed a bug in ACK scan that could cause Nmap to crash with the
  message "Unexpected port state: 6" in some cases.  Thanks to Glyn
  Geoghegan (glyng(a)corsaire.com) for reporting the problem.

- Change IP protocol scan (-sO) so that a response from the target
  host in any protocol at all will prove that protocol is open.  As
  before, no response means "open|filtered", an ICMP protocol
  unreachable means "closed", and most other ICMP error messages mean
  "filtered".

- Patched a Winpcap issue that prevented read timeouts from being
  honored on Solaris (thus slowing down Nmap substantially).  The
  problem report and patch were sent in by Ben Harris
  (bjh21(a)cam.ac.uk).

- Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and
  UDP headers when scanning protocols 1, 6, and 17, respectively.  An
  empty IP header is still sent for all other protocols.  This should
  prevent the error messages such as "sendto in send_ip_packet:
  sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not
  permitted" that Linux (and perhaps other systems) would give when
  they try to interpret the raw packet.  This also makes it more
  likely that these protocols will elicit a response, proving that the
  protocol is "open".

- The windows build now uses header and static library files from
  Winpcap 3.1Beta4.  It also now prints out the DLL version you are
  using when run with -d.  I would recommend upgrading to 3.1Beta4 if
  you have an older Winpcap installed.

- Added an NTP probe and matches to the version detection database
  (nmap-service-probes) thanks to a submission from Martin
  Macok (martin.macok@underground.cz).

- Applied several Nmap service detection database updates sent in by
  Martin Macok (martin.macok(a)underground.cz).

Revision 1.21: download - view: text, markup, annotated - select for diffs
Thu Jan 20 12:03:36 2005 UTC (19 years, 10 months ago) by salo
Branches: MAIN
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +3 -3 lines
Update to version 3.78

Changes:

- The XML nmaprun element now has a startstr attribute which gives the
  human readable calendar time format that a scan started.  Similarly
  the finished element now has a timestr attribute describing when the
  scan finished.  These are in addition to the existing nmaprun/start
  and finished/time attributes that provided the start and finish time
  in UNIX time_t notation.  This should help in development of better
  XSLT stylesheets for Nmap XML output.

- Added new "closed|filtered" state.  This is used for Idlescan, since
  that scan method can't distinguish between those two staes.  Nmap
  previously just used "closed", but this is more accurate.

- Rewrote the host IP (target specification) parser for easier
  maintenance and to fix a bug found by Netris (netris(a)ok.kz)

- Fixed compilation on soem HP-UX 11 boxes thanks to a patch by Petter
  Reinholdtsen (pere(a)hungry.com).

- Fixed a portability problem on some OpenBSD and FreeBSD machines
  thanks to a patch by Okan Demirmen (okan(a)demirmen.com).

- Added an NTP probe and matches to the version detection database
  (nmap-service-probes) thanks to a submission from Martin Macok
  (martin.macok@underground.cz).

Revision 1.20: download - view: text, markup, annotated - select for diffs
Fri Nov 26 09:24:20 2004 UTC (20 years ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2004Q4-base, pkgsrc-2004Q4
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +7 -7 lines
Changes 3.77:
o Fixed a memory leak that would generally consume several hundred
  bytes per down host scanned.  While the effect for most scans is
  negligible, it was overwhelming when Scott Carlson
  (Scott.Carlson(a)schwab.com) tried to scan 24 million IPs
  (10.0.0.0/8).  Thanks to him for reporting the problem.

o Fixed a bug in ACK scan that could cause Nmap to crash with the
  message "Unexpected port state: 6" in some cases.  Thanks to Glyn
  Geoghegan (glyng(a)corsaire.com) for reporting the problem.

o Change IP protocol scan (-sO) so that a response from the target
  host in any protocol at all will prove that protocol is open.  As
  before, no response means "open|filtered", an ICMP protocol
  unreachable means "closed", and most other ICMP error messages mean
  "filered".

o Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and
  UDP headers when scanning protocols 1, 6, and 17, respectively.  An
  emtpy IP header is still sent for all other protocols.  This should
  prevent the error messages such as "sendto in send_ip_packet:
  sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not
  permitted" that Linux (and perhaps other systems) would give when
  they try to interpret the raw packet.  This also makes it more
  likely that these protocols will elicit a response, proving that the
  protocol is "open".

o Null, FIN, Maimon, and Xmas scans now mark ports as "open|filtered"
  instead of "open" when they fail to receive any response from the
  target port.  After all, it could just as easily be filtered as open.
  This is the same change that was made to UDP scan in 3.70.  Also as
  with UDP scan, adding version detection (-sV) will change the state
  from open|filtered to open if it confirms that they really are open.

o Fixed a crash on Windows systems that don't include the iphlpapi
  DLL.  This affects Win95 and perhaps other variants.  Thanks to Ganga
  Bhavani (GBhavani(a)everdreamcorp.com) for reporting the problem and
  sending the patch.

o Ensured that the device type, os vendor, and os family OS
  fingerprinting classification values are scrubbed for XML compliance
  in the XML output.  Thanks to Matthieu Verbert
  (mve(a)zurich.ibm.com) for reporting the problem and sending a patch.

o Changed to Nmap XML DTD to use the same xmloutputversion (1.01) as
  newer versions of Nmap.  Thanks to Laurent Estieux
  (laurent.estieux(a)free.fr) for reporting the problem.

Revision 1.19: download - view: text, markup, annotated - select for diffs
Tue Oct 19 07:03:10 2004 UTC (20 years, 1 month ago) by salo
Branches: MAIN
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +4 -4 lines
Updated to version 3.75

Changes:

- Implemented a huge OS fingerprint database update.  The number of
  signatures have increased more than 20% to 1,353 and many of the
  existing ones are much improved.  Notable updates include the fourth
  edition of Bell Lab's Plan9, Grandstream's BugeTone 101 IP Phone,
  and Bart's Network Boot Disk 2.7 (which runs MS-DOS).  Oh, and Linux
  kernels up to 2.6.8, dozens of new Windows fingerprints including XP
  SP2, the latest Longhorn warez, and many modified Xboxes, OpenBSD
  3.6, NetBSD up to 2.0RC4, Apple's AirPort Express WAP and OS X 10.3.3
  (Panther) release, Novell Netware 6.5, FreeBSD 5.3-BETA, a bunch of
  Linksys and D-Link consumer junk, the latest Cisco IOS 12.2
  releases, a ton of miscellaneous broadband routers and printers, and
  much more.

- Updated nmap-mac-prefixes with the latest OUIs from the IEEE.
  [ http://standards.ieee.org/regauth/oui/oui.txt ]

- Updated nmap-protocols with the latest IP protocols from IANA
  [ http://www.iana.org/assignments/protocol-numbers ]

- Added a few new Nmap version detection signatures thanks to a patch
  from Martin Maèok (martin.macok(a)underground.cz).

- Fixed a crash problem in the Windows version of Nmap, thanks to a
  patch from Ganga Bhavani GBhavani(a)everdreamcorp.com).

- Fixed Windows service scan crashes that occur with the error message
  "Unexpected nsock_loop error. Error code 10022 (Unknown error)".  It
  turns out that Windows does not allow select() calls with all three
  FD sets empty.  Lame.  The Linux select() man page even suggests
  calling "select with all three sets empty, n zero, and a non-null
  timeout as a fairly portable way to sleep with subsecond precision."
  Thanks to Gisle Vanem (giva(a)bgnett.no) for debugging help.

- Added --max_scan_delay parameter.  Nmap will sometimes increase the
  delay itself when it detects many dropped packets.  For example,
  Solaris systems tend to respond with only one ICMP port unreachable
  packet per second during a UDP scan.  So Nmap will try to detect
  this and lower its rate of UDP probes to one per second.  This can
  provide more accurate results while reducing network congestion, but
  it can slow the scans down substantially.  By default (with no -T
  options specified), Nmap allows this delay to grow to one second per
  probe.  This option allows you to set a lower or higher maximum.
  The -T4 and -T5 scan modes now limit the maximum scan delay for TCP
  scans to 10 and 5 ms, respectively.

- Fixed a bug that prevented RPC scan (-sR) from working for UDP ports
  unless service detection (-sV) was used.  -sV is still usually a
  better approach than -sR, as the latter ONLY handles RPC.  Thanks to
  Stephen Bishop (sbishop(a)idsec.co.uk) for reporting the problem and
  sending a patch.

- Fixed nmap_fetchfile() to better find custom versions of data files
  such as nmap-services.  Note that the implicitly read directory
  should be ~/.nmap rather than ~/nmap .  So you may have to move any
  customized files you now have in ~/nmap .  Thanks to nnposter
  (nnposter(a)users.sourceforge.net) for reporting the problem and
  sending a patch.

- Changed XML output so that the MAC address [address] element comes
  right after the IPv4/IPv6 [address] element.  Apparently this is
  needed to comply with the DTD (
  http://www.insecure.org/nmap/data/nmap.dtd ).  Thanks to Adam Morgan
  (adam.morgan(a)Q1Labs.com) and Florian Ebner
  (Florian.Ebner(a)e-bros.de) for the problem reports.

- Fixed an error in the Nmap RPM spec file reported by Pascal Trouvin
  (pascal.trouvin(a)wanadoo.fr)

- Fixed a timing problem in which a specified large --send_delay would
  sometimes be reduced to 1 second during a scan.  Thanks to Martin
  Macok (martin.macok(a)underground.cz) for reporting the problem.

- Fixed a timing problem with sneaky and paranoid modes (-T1 and -T0)
  which would cause Nmap to continually scan the same port and never
  hit other ports when scanning certain firewalled hosts.  Thanks to
  Curtis Doty (Curtis(a)GreenKey.net) for reporting the problem.

- Fixed a bug in the build system that caused most Nmap subdirectories
  to be configured twice.  Changing the variable holding the name of
  subdirs from $subdirs to $nmap_cfg_subdirs resolved the problem --
  configure must have been using that variable name for its own internal
  operations.  Anyway, this should reduce compile time significantly.

- Made a trivial change to nsock/src/nsock_event.c to work around a "a
  bug in GCC 3.3.1 on FreeBSD/sparc64".  I found the patch by digging
  around the FreeBSD ports tree repository.  It would be nice if the
  FreeBSD Nmap port maintainers would report such things to me, rather
  than fixing it in their own Nmap tree and then applying the patch to
  every future version.  On the other hand, they deserve some sort of
  "most up-to-date" award.  I stuck Nmap 3.71-PRE1 in the dist
  directory for a few people to test, and made no announcement or
  direct link.  The FreeBSD crew found it and upgraded anyway :).  The
  gcc-workaround patch was apparently submitted to the FreeBSD folks
  by Marius Strobl (marius(a)alchemy.franken.de).

- Fixed (I hope) an OS detection timing issue which would in some
  cases lead to the warning that "insufficient responses for TCP
  sequencing (3), OS detection may be less accurate."  Thanks to Adam
  Kerrison (adam(a)tideway.com) for reporting the problem.

- Modified the warning given when files such as nmap-services exist in
  both the compiled in NMAPDATADIR and the current working directory.
  That message should now only appear once and is more clear.

- Fixed ping scan subsystem to work a little bit better when
  --scan_delay (or some of the slower -T templates which include a scan
  delay) is specified.  Thanks to Shahid Khan (khan(a)asia.apple.com)
  for suggestions.

- Taught connect() scan to properly interpret ICMP protocol
  unreachable messages.  Thanks to Alan Bishoff
  (abishoff(a)arc.nasa.gov) for the report.

- Improved the nmapfe.desktop file to better comply with standards.
  Thanks to Stephane Loeuillet (stephane.loeuillet(a)tiscali.fr) for
  sending the patch.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Wed Sep 1 01:20:51 2004 UTC (20 years, 3 months ago) by salo
Branches: MAIN
CVS tags: pkgsrc-2004Q3-base, pkgsrc-2004Q3
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +3 -3 lines
Update to version 3.70.

Significant changes:

- Rewrote core port scanning engine, which is now named ultra_scan().
  Improved algorithms make this faster (often dramatically so) in
  almost all cases.  Not only is it superior against single hosts, but
  ultra_scan() can scan many hosts (sometimes hundreds) in parallel.
  This offers many efficiency/speed advantages.  For example, hosts
  often limit the ICMP port unreachable packets used by UDP scans to
  1/second.  That made those scans extraordinarily slow in previous
  versions of Nmap.  But if you are scanning 100 hosts at once,
  suddenly you can receive 100 responses per second.  Spreading the
  scan amongst hosts is also gentler toward the target hosts.  Nmap
  can still scan many ports at the same time, as well.  If you find
  cases where ultra_scan is slower or less accurate, please send a
  report (including exact command-lines, versions used, and output, if
  possible) to Fyodor.

- Added --max_hostgroup option which specifies the maximum number of
  hosts that Nmap is allowed to scan in parallel.

- Added --min_hostgroup option which specifies the minimum number of
  hosts that Nmap should scan in parallel (there are some exceptions
  where Nmap will still scan smaller groups -- see man page).  Of
  course, Nmap will try to choose efficient values even if you don't
  specify hostgroup restrictions explicitly.

- Rewrote TCP SYN, ACK, Window, and Connect() scans to use
  ultra_scan() framework, rather than the old pos_scan().

- Rewrote FIN, Xmas, NULL, Maimon, UDP, and IP Protocol scans to use
  ultra_scan(), rather than the old super_scan().

- Overhauled UDP scan.  Ports that don't respond are now classified as
  "open|filtered" (open or filtered) rather than "open".  The (somewhat
  rare) ports that actually respond with a UDP packet to the empty
  probe are considered open.  If version detection is requested, it
  will be performed on open|filtered ports.  Any that respond to any of
  the UDP probes will have their status changed to open.  This avoids a
  the false-positive problem where filtered UDP ports appear to be
  open, leading to terrified newbies thinking their machine is
  infected by back orifice.

- Nmap now estimates completion times for almost all port scan types
  (any that use ultra_scan()) as well as service scan (version
  detection).  These are only shown in verbose mode (-v).  On scans
  that take more than a minute or two, you will see occasional updates
  like:
  SYN Stealth Scan Timing: About 30.01% done; ETC: 16:04 (0:01:09 remaining)
  New updates are given if the estimates change significantly.

- Added --exclude option, which lets you specify a comma-separated
  list of targets (hosts, ranges, netblocks) that should be excluded
  from the scan.  This is useful to keep from scannig yourself, your
  ISP, particularly sensitive hosts, etc.  The new --excludefile reads
  the list (newline-delimited) from a given file.  All the work was
  done by Mark-David McLaughlin (mdmcl(a)cisco.com> and William McVey
  ( wam(a)cisco.com ), who sent me a well-designed and well-tested
  patch.

- Nmap now has a "port scan ping" system.  If it has received at least
  one response from any port on the host, but has not received
  responses lately (usually due to filtering), Nmap will "ping" that
  known-good port occasionally to detect latency, packet drop rate,
  etc.

- Service/version detection now handles multiple hosts at once for
  more efficient and less-intrusive operation.

- Nmap now wishes itself a happy birthday when run on September 1 in
  verbose mode!  The first public release was on that date in 1997.

- The port randomizer now has a bias toward putting
  commonly-accessible ports (80, 22, etc.) near the beginning of the
  list.  Getting a response early helps Nmap calculate response times and
  detect packet loss, so the scan goes faster.

- Host timeout system (--host_timeout) overhauled to support host
  parallelization.  Hosts times are tracked separately, so a host that
  finishes a SYN scan quickly is not penalized for an exceptionally
  slow host being scanned at the same time.

- When Nmap has not received any responses from a host, it can now
  use certain timing values from other hosts from the same scan
  group.  This way Nmap doesn't have to use absolute-worst-case
  (300bps SLIP link to Uzbekistan) round trip timeouts and such.

- Enabled MAC address reporting when using the Windows version
  of Nmap.  Thanks to Andy Lutomirski (luto(a)stanford.edu) for
  writing and sending the patch.

- Workaround crippled raw sockets on Microsoft Windows XP SP2 scans.
  I applied a patch by Andy Lutomirski (luto(a)stanford.edu) which
  causes Nmap to default to winpcap sends instead.  The winpcap send
  functionality was already there for versions of Windows such as NT and
  Win98 that never supported Raw Sockets in the first place.

- Changed how Nmap sends Arp requests on Windows to use the iphlpapi
  SendARP() function rather than creating it raw and reading the
  response from the Windows ARP cache.  This works around a
  (reasonable) feature of Windows Firewall which ignored such
  unsolicited responses.  The firewall is turned on by default as of
  Windows XP SP2.  This change was implemented by Dana Epp
  (dana(a)vulscan.com).

- Fixed some Windows portability issues discovered by Gisle Vanem
  (giva(a)bgnett.no).

- Upgraded libpcap from version 0.7.2 to 0.8.3.  This was an attempt
  to fix an annoying bug, which I then found was actually in my code
  rather than libpcap :).

- Removed Ident scan (-I).  It was rarely useful, and the
  implementation would have to be rewritten for the new ultra_scan()
  system.  If there is significant demand, perhaps I'll put it back in
  sometime.

- Documented the --osscan_limit option, which saves time by skipping
  OS detection if at least one open and one closed port are not found on
  the remote hosts.  OS detection is much less reliable against such
  hosts anyway, and skipping it can save some time.

- Updated nmapfe.desktop file to provide better NmapFE desktop support
  under Fedora Core and other systems.  Thanks to Mephisto
  (mephisto(a)mephisto.ma.cx) for sending the patch.

- Further nmapfe.desktop changes to better fit the freedesktop
  standard.  The patch came from Murphy (m3rf(a)swimmingnoodle.com).

- Fixed capitalization (with a perl script) of many over-capitalized
  vendor names in nmap-mac-prefixes.

- Ensured that MAC address vendor names are always escaped in XML
  output if they contain illegal characters (particularly '&').  Thanks
  to Matthieu Verbert (mve(a)zurich.ibm.com) for the report and a patch.

- Changed xmloutputversion in XML output from 1.0 to 1.01 to note that
  there was a slight change (which was actually the MAC stuff in 3.55).
  Thanks to Lionel CONS (lionel.cons(a)cern.ch) for the suggestion.

- Many Windows portability fix and bug fixes, thanks to patch from
  Gisle Vanem (giva(a)bgnett.no).  With these changes, he was able to
  compile Nmap on Windows using MingW + gcc 3.4 C++ rather than MS
  Visual Studio.

- Removed (addport) tags from XML output.  They used to provide open
  ports as they were discovered, but don't work now that the port
  scanners scan many hosts at once.  They did not specify an IP
  address.  Of course the appropriate (port) tags are still printed
  once scanning of a target is complete.

- Configure script now detects GNU/k*BSD systems (whatever those are),
  thanks to patch from Robert Millan (rmh@debian.org)

- Fixed various crashes and assertion failures related to the new
  ultra_scan() system, that were found by Arturo "Buanzo" Busleiman
  (buanzo(a)buanzo.com.ar), Eric (catastrophe.net), and Bill Petersen
  (bill.petersen(a)alcatel.com).

- Fixed some minor memory leaks relating to ping and list scanning as
  well as the Nmap output table.  These were found with valgrind (
  http://valgrind.kde.org/ ).

- Provide limited --packet_trace support for TCP connect() (-sT)
  scans.

- Fixed compilation on certain Solaris machines thanks to a patch by
  Tom Duffy (tduffy(a)sun.com)

- Fixed some warnings that crop up when compiling nbase C files with a
  C++ compiler.  Thanks to Gisle Vanem (giva(a)bgnett.no) for sending
  the patch.

- Tweaked the License blurb on source files and in the man page.  It
  clarifies some issues and includes a new GPL exception that
  explicitly allows linking with the OpenSSL library.  Some people
  believe that the GPL and OpenSSL licenses are incompatable without
  this special exception.

- Fixed some serious runtime portability issues on *BSD systems.
  Thanks to Eric (catastrophe.net) for reporting the problem.

- Changed the argument parser to better detect bogus arguments to the
  -iR option.

- Removed a spurious warning message relating to the Windows ARP cache
  being empty.  Patch by Gisle Vanem (giva(a)bgnett.no).

- Removed some C++-style line comments (//) from nbase, because some C
  compilers (particularly on Solaris) barf on those.  Problem reported
  by Raju Alluri <Raju.Alluri(a)Sun.COM>

Revision 1.17: download - view: text, markup, annotated - select for diffs
Wed Jul 7 20:54:35 2004 UTC (20 years, 5 months ago) by salo
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +3 -3 lines
Updated to version 3.55.

Changes:
========
- Added MAC address printing.  If Nmap receives packet from a target
  machine which is on an Ethernet segment directly connected to the
  scanning machine, Nmap will print out the target MAC address.  Nmap
  also now contains a database (derived from the official IEEE
  version) which it uses to determine the vendor name of the target
  ethernet interface.  The Windows version of Nmap does not yet have
  this capability.  If any Windows developer types are interesting in
  adding it, you just need to implement IPisDirectlyConnected() in
  tcpip.cc and then please send me the patch.  Here are examples from
  normal and XML output (angle brackets replaced with [] for HTML
  changelog compatability):
  MAC Address: 08:00:20:8F:6B:2F (SUN Microsystems)
  [address addr="00:A0:CC:63:85:4B" vendor="Lite-on Communications"
   addrtype="mac" /]

- Updated the XML DTD to support the newly printed MAC addresses.
  Thanks to Thorsten Holz (thorsten.holz(a)mmweg.rwth-aachen.de) for
  sending this patch.

- Added a bunch of new and fixed service fingerprints for version
  detection.  These are from Martin Macok
  (martin.macok(a)underground.cz).

- Normalized many of the OS names in nmap-os-fingerprints (fixed
  capitalization, typos, etc.).  Thanks to Royce Williams
  (royce(a)alaska.net) and Ping Huang (pshuang(a)alum.mit.edu) for
  sending patches.

- Modified the mswine32/nmap_performance.reg Windows registry file to
  use an older and more compatable version.  It also now includes the
  value "StrictTimeWaitSeqCheck"=dword:00000001 , as suggested by Jim
  Harrison (jmharr(a)microsoft.com).  Without that latter value, the
  TcpTimedWaitDelay value apparently isn't checked.  Windows users
  should apply the new registry changes by clicking on the .reg file.
  Or do it manually as described in README-WIN32.  This file is also
  now available in the data directory at
  http://www.insecure.org/nmap/data/nmap_performance.reg

- Applied patch from Gisle Vanem (giva(a)bgnett.no) which allows the
  Windows version of Nmap to work with WinPCAP 3.1BETA (and probably
  future releases).  The Winpcap folks apparently changed the encoding
  of adaptor names in this release.

- Fixed a ping scanning bug that would cause this error message: "nmap:
  targets.cc:196: int hostupdate (Target **, Target *, int, int, int,
  timeout_info *, timeval *, timeval *, pingtune *, tcpqueryinfo *,
  pingstyle): Assertion `pt->down_this_block > 0' failed."  Thanks to
  Beirne Konarski (beirne(a)neo.rr.com) for reporting the problem.

- If a user attempts -PO (the letter O), print an error suggesting
  that they probably mean -P0 (Zero) to disable ping scanning.

- Applied a couple patches (with minor changes) from Oliver Eikemeier
  (eikemeier(a)fillmore-labs.com) which fix an edge case relating to
  decoy scanning IP ranges that must be sent through different
  interfaces, and improves the Nmap response to certain error codes
  returned by the FreeBSD firewall system.  The patches are from
  http://cvsweb.freebsd.org/ports/security/nmap/files/ .

- Many people have reported this error: "checking for type of 6th
  argument to recvfrom()... configure: error: Cannot find type for 6th
  argument to recvfrom()".  In most cases, the cause was a missing or
  broken C++ compiler.  That should now be detected earlier with a
  clearer message.

- Fixed the FTP bounce scan to better detect filered ports on the
  target network.

- Fixed some minor bugs related to the new MAC address printing
  feature.

- Fixed a problem with UDP-scanning port 0, which was reported by
  Sebastian Wolfgarten (sebastian(a)wolfgarten.com).

- Applied patch from Ruediger Rissmann (RRI(a)zurich.ibm.com), which
  helps Nmap understand an EACCESS error, which can happen at least
  during IPv6 scans from certain platforms to some firewalled targets.

- Renamed ACK ping scan option from -PT to -PA in the documentation.
  Nmap has accepted both names for years and will continue to do
  so.

- Removed the notice that Nmap is reading target specifications from a
  file or stdin when you specify the -iL option.  It was sometimes
  printed to stdout even when you wanted to redirect XML or grepable
  output there, because it was printed during options processing before
  output files were handled.  This change was suggested by Anders Thulin
  (ath(a)algonet.se).

- Added --source_port as a longer, but hopefully easier to remember,
  alias for -g.  In other words, it tries to use the constant source
  port number you specify for probes.  This can help against poorly
  configured firewalls that trust source port 20, 53, and the like.

- Removed undocumented (and useless) -N option.

- Fixed a version detection crash reported in excellent detail by
  Jedi/Sector One (j(a)pureftpd.org).

- Applied patch from Matt Selsky (selsky(a)columbia.edu) which helps
  Nmap build with OpenSSL.

- Modified the configure/build system to fix library ordering problems
  that prevented Nmap from building on certain platforms.  Thanks to
  Greg A. Woods (woods(a)weird.com) and Saravanan
  (saravanan_kovai(a)HotPop.com) for the suggestions.

- Applied a patch to Makefile.in from Scott Mansfield
  (thephantom(a)mac.com) which enables the use of a DESTDIR variable
  to install the whole Nmap directory structure under a different root
  directory.  The configure --prefix option would do the same thing in
  this case, but DESTDIR is apparently a standard that package
  maintainers like Scott are used to.  An example usage is
  "make DESTDIR=/tmp/packageroot".

- Removed unnecessary banner printing in the non-root connect() ping
  scan.  Thanks to Tom Rune Flo (tom(a)x86.no) for the suggestion and
  a patch.

- Updated the headers at the top of each source file (mostly to
  advance the copyright year to 2004 and note that Nmap is a registered
  trademark).

Revision 1.16: download - view: text, markup, annotated - select for diffs
Thu Jan 22 11:20:04 2004 UTC (20 years, 10 months ago) by salo
Branches: MAIN
CVS tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2, pkgsrc-2004Q1-base, pkgsrc-2004Q1
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +4 -4 lines
Updated to version 3.50.

- update DESCR

Notable changes:

- Integrated a ton of service fingerprints, increasing the number of
  signatures more than 50%.  It has now exceeded 1,000 for the first
  time, and represents 180 unique service protocols from acap, afp,
  and aim to xml-rpc, zebedee, and zebra.

- Implemented a huge OS fingerprint update.  The number of
  fingerprints has increased more than 13% to 1,121.  This is the first
  time it has exceeded 1000.  Notable updates include Linux 2.6.0, Mac
  OS X up to 10.3.2 (Panther), OpenBSD 3.4 (normal and pf "scrub all"),
  FreeBSD 5.2, the latest Windows Longhorn warez, and Cisco PIX 6.3.3.
  As usual, there are a ton of new consumer devices from ubiquitous
  D-Link, Linksys, and Netgear broadband routers to a number of new IP
  phones including the Cisco devices commonly used by Vonage.  Linksys
  has apparently gone special-purpose with some of their devices, such
  as their WGA54G "Wireless Game Adapter" and WPS54GU2 wireless print
  server.  A cute little MP3 player called the Rio Karma was submitted
  multiple times and I also received and integrated fingerprints for the
  Handspring Treo 600 (PalmOS).

- Applied some man page fixes from Eric S. Raymond
  (esr(a)snark.thyrsus.com).

- Added version scan information to grepable output between the last
  two '/' delimiters (that space was previously unused).  So the format
  is now "portnum/state/protocol/owner/servicename/rpcinfo/versioninfo"
  as in "53/open/tcp//domain//ISC Bind 9.2.1/" and
  "22/open/tcp//ssh//OpenSSH 3.5p1 (protocol 1.99)/".  Thanks to
  MadHat (madhat(a)unspecific.com) for sending a patch (although I did
  it differently).  Note that any '/' characters in the
  version (or owner) field are replaced with '|' to keep awk/cut
  parsing simple.  The service name field has been updated so that it
  is the same as in normal output (except for the same sort of
  escaping discussed above).

- Integrated an Oracle TNS service probe and match lines contributed
  by Frank Berger (fm.berger(a)gmx.de).  New probe contributions are
  always appreciated!

- Fixed a crash that could happen during SSL version detection due to
  SSL session ID cache reference counting issues.

- Applied patch to nmap XML dtd (nmap.dtd) from Mario Manno
  (mm(a)koeln.ccc.de).  This accounts for the new version scanning
  functionality.

- Upgraded to Autoconf 2.59 (from 2.57).  This should help HP-UX
  compilation problems reported by Petter Reinholdtsen
  (pere(a)hungry.com) and may have other benefits as well.

- Made Ident-scan (-I) limits on the length and type of responses
  stricter so that rogue servers can't flood your screen with 1024
  characters.  The new length limit is 32.  Thanks to Tom Rune Flo
  (tom(a)x86.no) for the suggestion and a patch.

- Fingerprints for unrecognized services can now be a bit longer to
  avoid truncating as much useful response information.  While the
  fingerprints can be longer now, I hope they will be less frequent
  because of all the newly recognized services in this version.

- The nmap-service-probes "match" directive can now take a service
  name like "ssl/vmware-auth".  The service will then be reported as
  vmware-auth (or whatever follows "ssl/") tunneled by SSL, yet Nmap
  won't actually bother initiating an SSL connection.  This is useful
  for SSL services which can be fully recognized without the overhead
  of making an SSL connection.

- Version scan now chops commas and whitespace from the end of
  vendorproductname, version, and info fields.  This makes it easier to
  write templates incorporating lists.  For example, the tcpmux service
  (TCP port 1) gives a list of supported services separated by CRLF.
  Nmap uses this new feature to print them comma separated without
  having an annoying trailing comma as so (linewrapped):
  match tcpmux m|^(sgi_[-.\w]+\r\n([-.\w]+\r\n)*)$|
        v/SGI IRIX tcpmux//Available services: $SUBST(1, "\r\n", ",")/

Revision 1.15: download - view: text, markup, annotated - select for diffs
Mon Oct 13 15:02:15 2003 UTC (21 years, 1 month ago) by salo
Branches: MAIN
CVS tags: pkgsrc-2003Q4-base, pkgsrc-2003Q4
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +5 -5 lines
Update to version 3.48.

Changes since 3.45:
===================

o Integrated an enormous number of version detection service
  submissions.  The database has almost doubled in size to 663
  signatures representing the following 130 services:
    3dm-http afp apcnisd arkstats bittorent chargen citrix-ica
    cvspserver cvsup dantzretrospect daytime dict directconnect domain
    echo eggdrop exec finger flexlm font-service ftp ftp-proxy gnats
    gnutella-http hddtemp hp-gsg http http-proxy hylafax icecast ident
    imap imaps imsp ipp irc ircbot irc-proxy issrealsecure jabber
    kazaa-http kerberos-sec landesk-rc ldap linuxconf lmtp lotusnotes
    lpd lucent-fwadm meetingmaker melange microsoft-ds microsoft-rdp
    mldonkey msactivesync msdtc msrpc ms-sql-m mstask mud mysql
    napster ncacn_http ncp netbios-ns netbios-ssn netrek netsaint
    netstat netwareip networkaudio nntp nsclient nsunicast ntop-http
    omniback oracle-mts oracle-tns pcanywheredata pksd pmud pop2 pop3
    pop3s poppass postgresql powerchute printer qotd redcarpet
    rendezvous rlogind rpc rsync rtsp sdmsvc sftp shell shivahose
    sieve slimp3 smtp smux snpp sourceoffice spamd ssc-agent ssh ssl
    svrloc symantec-av symantec-esm systat telnet time tinyfw upnp
    uucp veritasnetbackup vnc vnc-http vtun webster whois wins
    winshell wms X11 xfce zebra

o Added the ability to execute "helper functions" in version
  templates, to help clean up/manipulate data captured from a server
  response.  The first defined function is P() which includes only
  printable characters in a captured string.  The main impetus for
  this is to deal with unicode strings like
  "W\0O\0R\0K\0G\0R\0O\0U\0P\0" that many MS protocols send.  Nmap can
  now decode that into "WORKGROUP".

o Added SUBST() helper function, which replaces strings in matched
  appname/version/extrainfo strings with something else.  For example,
  VanDyke Vshell gives a banner that includes
  "SSH-2\.0-VShell_2_2_0_528".  A substring match is used to pick out
  the string "2_2_0_528", and then SUBST(1,"_",".") is called on that
  match to form the version number 2.2.0.528.

o If responses to a probe fail to match any of the registered match
  strings for that probe, Nmap will now try against the registered "null
  probe" match strings.  This helps in the case that the NULL probe
  initially times out (perhaps because of initial DNS lookup) but the
  banner appears in later responses.

o Applied some portability fixes (particularly for OpenBSD) from Chad
  Loder (cloder(a)loder.us), who is also now the OpenBSD Nmap port
  maintainer.

o Applied some portability fixes from Marius Strobl
  (marius(a)alchemy.franken.de).

o The tarball distribution of Nmap now strips the binary at install
  time thanks to a patch from Marius Strobl
  (marius(a)alchemy.franken.de).

o Fixed a problem related to building Nmap on systems that lack PCRE
  libs (and thus have to use the ones included by Nmap).  Thanks to Remi
  Denis-Courmont (deniscr6(a)cti.ecp.fr) for the repot and patch.

o Alphebetized the service names in each Probe section in
  nmap-service-probes (makes them easier to find and add to).

o Fixed the problem several people reported where Nmap would quit with
  a "broken pipe" error during service scanning.  Thanks to Jari Ruusu
  (jari.ruusu(a)pp.inet.fi) for sending a patch.  The actual error
  message was "Unexpected error in NSE_TYPE_READ callback.  Error
  code: 32 (Broken pipe)"

o Fixed protocol scan (-sO), which I had broken when adding the new
  output table format.  It would complain "NmapOutputTable.cc:128:
  failed assertion `row < numRows'".  Thanks to Matt Burnett
  (marukka(a)mac.com) for notifying me of the problem.

o Upgraded Libpcap to the latest tcpdump.org version (0.7.2) from
  0.7.1

o Applied a patch from Peter Marschall (peter(a)adpm.de) which adds
  version detection support to nmapfe.

o Fixed a problem with XML output being invalid when service detection
  was done on SSL-tunneled ports.  Thanks to the several people who
  reported this - it means that folks are actually using the XML
  output :).

o Fixed (I hope) some Solaris Sune ONE compiler compilation problems
  reported (w/patches) by Mikael Mannstrom (candyman(a)penti.org)

o Fixed the --with-openssl configure option for people who have
  OpenSSL installed in a path not automatically found by their
  compilers.  Thanks to  Marius Strobl (marius(a)alchemy.franken.de) for
  the patch.

o Made some portability changes for HP-UX and possibly other types of
  machines, thanks to a patch from Petter Reinholdtsen (pere(a)hungry.com)

o Applied a patch from Matt Selsky (selsky@columbia.edu) which fixes
  compilation on some Solaris boxes, and maybe others.  The error said
  "cannot compute sizeof (char)"

o Applied some patches from the NetBSD ports tree that Hubert Feyrer
  (hubert.feyrer(a)informatik.fh-regensburg.de) sent me.  The NetBSD
  Nmap ports page is at http://www.NetBSD.org/packages/net/nmap/ .

o Applied some Makefile patches from the FreeBSD ports tree that I
  found at http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/nmap/files/

Revision 1.14: download - view: text, markup, annotated - select for diffs
Tue Oct 7 17:50:37 2003 UTC (21 years, 2 months ago) by reed
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +2 -2 lines
Make this configure correctly under Linux.  The configure script
assumed incorrectly that if you are using Linux, that you want to
use the nmap-provided libpcap code; but the libpcap package works
fine.  (Okay'd by salo.)

Revision 1.13: download - view: text, markup, annotated - select for diffs
Sat Sep 20 14:15:27 2003 UTC (21 years, 2 months ago) by salo
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +7 -6 lines
Update to version 3.45.

Also closes PR pkg/22845 by Adrian Portelli.

Changes:

3.45:
=====
- Added new HTTPOptions and RTSPRequest probes suggested by MadHat
  (madhat(a)unspecific.com)

- Integrated more service signatures from MadHat
  (madhat(a)unspecific.com), Brian Hatch (bri(a)ifokr.org), Niels
  Heinen (zillion(a)safemode.org), Solar Designer
  (solar(a)openwall.com), Seth Master
  (smaster(a)stanford.edu), and Curt Wilson
  (netw3_security(a)hushmail.com),

- Applied a patch from Solar Eclipse (solareclipse(a)phreedom.org)
  which increases the allowed size of the 'extrainfo' version field from
  80 characters to 128.  The main benefit is to allow longer apache module
  version strings.

- Fixed Windows compilation.

- Applied some updates to README-WIN32 sent in by Kirby Kuehl
  (kkuehl(a)cisco.com).  He improved the list of suggested registry
  changes and also fixed a typo or two.  He also attached a .reg file
  automate the Nmap connect() scan performance enhancing registry
  changes.  I am now including that with the Nmap Windows binary .zip
  distribution (and in mswin32/ of the source distro).

- Applied a one-line patch from Dmitry V. Levin (ldv@altlinux.org)
  which fixes a test Nmap does during compilation to see if an existing
  libpcap installation is recent enough.

3.40PVT17:
==========
- Wrote and posted a new paper on version scanning to
  http://www.insecure.org/nmap/versionscan.html .  Updated
  nmap-service-probes and the Nmap man page to simply refer to this
  URL.

- Integrated more service signatures from my own scanning as well as
  contributions from Brian Hatch (bri(a)ifokr.org), MadHat
  (madhat(a)unspecific.com), Max Vision (vision(a)whitehats.com), HD
  Moore (hdm(a)digitaloffense.net), Seth Master
  (smaster(a)stanford.edu), and Niels Heinen (zillion(a)safemode.org).
  MadHat also contributed a new probe for Windows Media Service.  Many
  people set a LOT of signatures, which has allowed
  nmap-service-probes to grow from 295 to 356 signatures representing
  85 service protocols!

- Applied a patch (with slight changes) from Brian Hatch
  (bri(a)ifokr.org) which enables caching of SSL sessions so that
  negotiation doesn't have to be repeated when Nmap reconnects to the same
  between probes.

- Applied a patch from Brian Hatch (bri@ifokr.org) which optimizes the
  requested SSL ciphers for speed rather than security.  The list was
  based on empirical evidence from substantial benchmarking he did with
  tests that resemble nmap-service-scanning.

- Updated the Nmap man page to discuss the new version scanning
  options (-sV, -A).

- I now include nmap-version/aclocal.m4 in the distribution as this is
  required to rebuild the configure script ( thanks to Dmitry V. Levin
  (ldv(a)altlinux.org) for notifying me of the problem.

- Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
  detects whether the PCRE include file is <pcre.h> or <pcre

- Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
  fixes typos in some error messages.  The patch apparently came from
  the highly-secure and stable Owl and Alt Linux distributions.  Check
  them out at http://www.openwall.com/Owl/ and
  http://www.altlinux.com/

- Fixed compilation on Mac OS X - thanks to Brian Hatch
  (bri(a)ifokr.org> and Ryan Lowe (rlowe(a)pablowe.net) for giving me
  access to Mac OS X boxes.

- Stripped down libpcre build system to remove libtool dependency and
  other cruft that Nmap doesn't need. (this was mostly a response to
  libtool-related issues on Mac OS X).

- Added a new --version_trace option which causes Nmap to print out extensive
  debugging info about what version scanning is doing (this is a subset
  of what you would get with --packet_trace).  You should usually use
  this in combination with at least one -d option.

- Fixed a port number printing bug that would cause Nmap service
  fingerprints to give a negative port number when the actual port was
  above 32K.  Thanks to Seth Master (smaster@stanford.edu) for finding
  this.

- Updated all the header text again to clarify our interpretation of
  "derived works" after some suggestions from Brian Hatch
  (bri(a)ifokr.org)

- Updated the Nsock config.sub/config.guess to the same newer versions
  that Nmap uses (for Mac OS X compilation).

3.40PVT16:
==========
- Fixed a compilation problem on systems w/o OpenSSL that was
  discovered by Solar Designer.  I also fixed some compilation
  problems on non-IPv6 systems.  It now compiles and runs on my
  Solaris and ancient OpenBSD systems.

- Integrated more services thanks to submissions from Niels Heinen
  (zillion(a)safemode.org).

- Canonicalized the headers at the top of each Nmap/Nsock header src
  file.  This included clarifying our interpretation of derived works,
  updating the copyright date to 2003, making the header a bit wider,
  and a few other light changes.  I've been putting this off for a
  while, because it required editing about a hundred !#$# files!

3.40PVT15:
==========
- Fixed a major bug in the Nsock time caching system.  This could
  cause service detection to inexplicably fail against certain ports in
  the second or later machines scanned.  Thanks to Solar Designer and HD
  Moore for helping me track this down.

- Fixed some *BSD compilation bugs found by
  Zillion (zillion(a)safemode.org).

- Integrated more services thanks to submissions from Fyodor Yarochkin
  (fygrave(a)tigerteam.net), and Niels Heinen
  (zillion(a)safemode.org), and some of my own exploring.  There are
  now 295 signatures.

- Fixed a compilation bug found by Solar Designer on machines that
  don't have struct sockaddr_storage.  Nsock now just uses "struct
  sockaddr *" like connect() does.

- Fixed a bug found by Solar Designer which would cause the Nmap
  portscan table to be truncated in -oN output files if the results are
  very long.

- Changed a bunch of large stack arrays (e.g. int portlookup[65536])
  into dynamically allocated heap pointers.  The large stack variables
  apparently caused problems on some architectures.  This issue was
  reported by osamah abuoun (osamah_abuoun(a)hotmail.com).

3.40PVT14:
==========
- Added IPv6 support for service scan.

- Added an 'sslports' directive to nmap-service-probes.  This tells
  Nmap which service checks to try first for SSL-wrapped ports.  The
  syntax is the same as the normal 'ports' directive for non-ssl ports.
  For example, the HTTP probe has an 'sslports 443' line and
  SMTP-detecting probes have and 'sslports 465' line.

- Integrated more services thanks to submissions from MadHat
  (madhat(a)unspecific.com), Solar Designer (solar(a)openwall.com), Dug
  Song (dugsong(a)monkey.org), pope(a)undersec.com, and Brian Hatch
  (bri(a)ifokr.org).  There are now 288 signatures, matching these 65
  service protocols:
    chargen cvspserver daytime domain echo exec finger font-service
    ftp ftp-proxy http http-proxy hylafax ident ident imap imaps ipp
    ircbot ircd irc-proxy issrealsecure landesk-rc ldap meetingmaker
    microsoft-ds msrpc mud mysql ncacn_http ncp netbios-ns netbios-ssn
    netsaint netwareip nntp nsclient oracle-tns pcanywheredata pop3
    pop3s postgres printer qotd redcarpet rlogind rpc rsync rtsp shell
    smtp snpp spamd ssc-agent ssh ssl telnet time upnp uucp vnc
    vnc-http webster whois winshell X11

- Added a Lotus Notes probe from Fyodor Yarochkin
  (fygrave(a)tigerteam.net).

- Dug Song wins the "award" for most obscure service fingerprint
  submission.  Nmap now detects Dave Curry's Webster dictionary server
  from 1986 :).

- Service fingerprints now include a 'T=SSL' attribute when SSL
  tunneling was used.

- More portability enhancements thanks to Solar Designer and his Linux
  2.0 libc5 boxes.

- Applied a patch from Gisle Vanem (giva(a)bgnett.no) which improves
  Windows emulation of the UNIX mmap() and munmap() memory mapping calls.

3.40PVT13:
==========
- Added SSL-scan-through support.  If service detection finds a port to be
  SSL, it will transparently connect to the port using OpenSSL and use
  version detection to determine what service lies beneath.  This
  feature is only enabled if OpenSSL is available at build time.  A
  new --with-openssl=DIR configure option is available if OpenSSL is
  not in your default compiler paths.  You can use --without-openssl
  to disable this functionality.  Thanks to Brian Hatch
  (bri(a)ifokr.org) for sample code and other assistance.  Make sure
  you use a version without known exploitable overflows.  In
  particular, versions up to and including OpenSSL 0.9.6d and
  0.9.7-beta2 contained serious vulnerabilities described at
  http://www.openssl.org/news/secadv_20020730.txt .  Note that these
  vulnerabilities are well over a year old at the time of this
  writing.

- Integrated many more services thanks to submissions from Brian
  Hatch, HellNBack ( hellnbak(a)nmrc.org ), MadHat, Solar Designer,
  Simple Nomad, and Shawn Wallis (swallis(a)ku.edu).  The number of
  signatures has grown from 242 to 271.  Thanks!

- Integrated Novell Netware NCP and MS Terminal Server probes from
  Simple Nomad (thegnome(a)nmrc.org).

- Fixed a segfault found by Solar Designer that could occur when
  scanning certain "evil" services.

- Fixed a problem reported by Solar Designer and MadHat (
  madhat(a)unspecific.com ) where Nmap would bail when certain Apache
  version/info responses were particularly long.  It could happen in
  other cases as well.  Now Nmap just prints a warning.

- Fixed some portability issues reported by Solar Designer
  ( solar(a)openwall.com )

3.40PVT12:
==========
- I added probes for SSL (session startup request) and microsoft-ds
  (SMB Negotiate Protocol request).

- I changed the default read timeout for a service probe from 7.5s to 5s.

- Fixed a one-character bug that broke many scans when -sV was NOT
  given.  Thanks to Blue Boar (BlueBoar(a)thievco.com) for the report.

3.40PVT11:
==========
- Integrated many more services thanks to submissions from Simple
  Nomad, Solar Designer, jerickson(a)inphonic.com, Curt Wilson, and
  Marco Ivaldi.  Thanks!  The match line count has risen from 201 to 242.

- Implemented a service classification scheme to separate the
  vendor/product name from the version number and any extra info that
  is provided.  Instead of v/[big version string]/, the new match
  lines include v/[vendor/productname]/[version]/[extrainfo]/ .  See
  the docs at the top of nmap-service-probes for more info.  This
  doesn't change the normal output (which lumps them together anyway),
  but they are separate in the XML so that higher-level programs can
  easily match against just a product name.  Here are a few examples
  of the improved service element:
  <service name="ssh" product="OpenSSH" version="3.1p1"
     extrainfo="protocol 1.99" method="probed" conf="10" />
  <service name="domain" product="ISC Bind" version="9.2.1"
     method="probed" conf="10" />
  <state state="open" /><service name="rpcbind" version="2"
     extrainfo="rpc #100000" method="probed" conf="10" />
  <service name="rndc" method="table" conf="3" />

- I went through nmap-service-probes and added the vendor name to more
  entries.  I also added the service name where the product name
  itself didn't make that completely obvious.

- SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken
  to an extortion campaign of demanding license fees from Linux users
  for code that they themselves knowingly distributed under the terms
  of the GNU GPL.  They have also refused to accept the GPL, claiming
  that some preposterous theory of theirs makes it invalid.  Meanwhile
  they have distributed GPL-licensed Nmap in (at least) their
  "Supplemental Open Source CD".  In response to these blatant
  violations, and in accordance with section 4 of the GPL, we hereby
  terminate SCO's rights to redistribute any versions of Nmap in any
  of their products, including (without limitation) OpenLinux,
  Skunkware, OpenServer, and UNIXWare.

3.40PVT10:
==========
- Added "soft matches".  These are similar to normal match lines in
  that they provide a regex for recognizing a service (but no version).
  But instead of stopping at softmatch service recognition, the scan
  continues looking for more info.  It only launches probes that are
  known-capable of matching the softmatched service.  If no version
  number is found, at least the determined service is printed.  A
  service print for submission is also provided in that case.  So this
  provides more informative results and improves efficiency.

- Cleaned up the Windows support a bit and did more testing and
  fixing.  Windows service detection seems to be working fine for me
  now, although my testing is still pretty limited.  This release
  includes a Windows binary distribution and the README-WIN32 has been
  updated to reflect new compilation instructions.

- More service fingerprints!  Thanks to Solar Designer, Max Vision,
  Frank Denis (Jedi/Sector One) for the submissions.  I also added a
  bunch from my own testing. The number of match lines went from 179
  to 201.

- Updated XML output to handle new version and service detection
  information.  Here are a few examples of the new output:
  <port protocol="tcp" portid="22"><state state="open" /><service
    name="ssh" version="OpenSSH 3.1p1 (protocol 1.99)" method="probed"
    conf="10" /></port>
  <port protocol="tcp" portid="111"><state state="open" /><service
    name="rpcbind" version="2 (rpc #100000)" method="probed" conf="10" /></port>
  <port protocol="tcp" portid="953"><state state="open" /><service
    name="rndc" method="table" conf="3" /></port>

- Fixed issue where Nmap would quit when ECONNREFUSED was returned
  when we try to read from an already-connected TCP socket.  FreeBSD
  does this for some reason instead of giving ECONNRESET.  Thanks to
  Will Saxon (WillS(a)housing.ufl.edu) for the report.

- Removed the SERVICEMATCH_STATIC match type from
  nmap-service-probes.  There wasn't much benefit of this over regular
  expressions, so it isn't worth maintaining the extra code.

3.40PVT9:
=========
- Added/fixed numerous service fingerprints thanks to submissions from
  Max Vision, MadHat, Seth Master.  Match lines went
  from 164 to 179.

- The Winpcap libraries used in the Windows build process have been
  upgraded to version 3.0.

- Most of the Windows port is complete.  It compiles and service scan
  works (I didn't test very deeply) on my WinXP box with VS.Net 2003.
  I try to work out remaining kinks and do some cleanup for the next
  version.  The Windows code was restructured and improved quite a bit,
  but much more work remains to be done in that area.  I'll probably
  do a Windows binary .zip release of the next version.

- Various minor fixes

3.40PVT8:
=========
- Service scan is now OFF by default.  You can activate it with -sV.
  Or use the snazzy new -A (for "All recommended features" or
  "Aggressive") option which turns on both OS detection and service
  detection.

- Fixed compilation on my ancient OpenBSD 2.3 machine (a Pentium 60 :)

- Added/fixed numerous service fingerprints thanks to submissions from
  Brian Hatch, HD Moore, Anand R., and some of my own testing.  The
  number of match lines in this version grows from 137 to 164!  Please
  keep 'em coming!

- Various important and not-so-important fixes for bugs I encountered
  while test scanning.

- The RPC grinder no longer prints a startup message if it has no
  RPC-detected ports to scan.

- Some of the service fingerprint length limitations are relaxed a bit
  if you enable debugging (-d).

3.40PVT7:
=========
- Added a whole bunch of services submitted by Brian Hatch
  (bri(a)ifokr.org).  I also added a few Windows-related probes.
  Nmap-service-probes has gone from 101 match strings to 137.  Please
  keep the submissions coming.

- The question mark now only appears for ports in the OPEN state and
  when service detection was requested.

- I now print a separator bar between service fingerprints when Nmap
  prints more than one for a given host so that users understand to
  submit them individually (suggested by Brian Hatch (bri(a)ifokr.org))

- Fixed a bug that would cause Nmap to print "empty" service
  fingerprints consisting of just a semi-colon.  Thanks to Brian Hatch
  (bri(a)ifokr.org) for reporting this.

3.40PVT6:
=========
- Banner-scanned hundreds of thousands of machines for ports
  21,23,25,110,3306 to collect default banners.  Where the banner made
  the service name/version obvious, I integrated them into
  nmap-service-probes.  This increased the number of 'match' lines from
  27 to more than 100.

- Created the service fingerprint submission page at
  http://www.insecure.org/cgi-bin/servicefp-submit.cgi

- Changed the service fingerprint format slightly for easier
  processing by scripts.

- Applied a large portability patch from Albert Chin-A-Young
  (china(a)thewrittenword.com).  This cleans up a number of things,
  particularly for IRIX, Tru64, and Solaris.

- Applied NmapFE patch from Peter Marschall (peter(a)adpm.de) which
  "makes sure changes in the relay host and scanned port entry fields
  are displayed immediately, and also keeps the fields editable after
  de- and reactivating them."

3.40PVT4:
=========
- Limited the size of service fingerprints to roughly 1024 bytes.
  This was suggested by Niels Heinen (niels(a)heinen.ws), because the previous
  limit was excessive.  The number of fingerprints printed is also now
  limited to 10.

- Fixed a segmentation fault that could occur when ping-scanning large
  networks.

- Fixed service scan to gracefully handle host_timeout occurrences when
  they happen during a service scan.

- Fixed a service_scan bug that would cause an error when hosts send
  data and then close() during the NULL probe (when we haven't sent
  anything).

- Applied a patch from Solar Designer (solar(a)openwall.com) which
  corrects some errors in the Russian man page translation and also a
  couple typos in the regular man page.  Then I spell-checked the man
  page to reduce future instances of foreigners sending in diffs to
  correct my English :).

3.40PVT3:
=========
- Nmap now prints a "service fingerprint" for services that it is
  unable to match despite returning data.  The web submission page it
  references is not yet available.

- Service detection now does RPC grinding on ports it detects to be
  running RPC.

- Fixed a bug that would cause Nmap to quit with an Nsock error when
  --host_timeout was used (or when -T5 was used, which sets it
  implicitly).

- Fixed a bug that would cause Nmap to fail to print the OS
  fingerprint in certain cases.  Thanks to Ste Jones
  (root(a)networkpenetration.com) for the problem report.

3.40PVT2:
=========
- Nmap now has a simple VERSION detection scheme.  The 'match' lines in
  nmap-service-probes can specify a template version string
  (referencing subexpression matches from the regex in a perl-like
  manner) so that the version is determined at the same time as the
  service.  This handles many common services in a highly efficient
  manner.  A more complex form of version detection (that initiates
  further communication w/the target service) may be necessary
  eventually to handle services that aren't as forthcoming with
  version details.

- The Nmap port state table now wastes less whitespace due to using a new
  and stingy NmapOutputTable class.  This makes it easier to read, and
  also leaves more room for version info and possibly other enhancements.

- Added 's' option to match lines in nmap-service-probes.  Just as
  with the perl 's' option, this one causes '.' in the regular
  expression to match any character INCLUDING newline.

- The WinPcap header timestamp is no longer used on Windows as it
  sometimes can be a couple seconds different than gettimeofday() (which
  is really _ftime() on Windows) for some reason.  Thanks to Scott
  Egbert (scott.egbert(a)citigroup.com) for the report.

- Applied a patch by Matt Selsky (selsky(a)columbia.edu) which fixes
  configure.in in such a way that the annoying header file "present but
  cannot be compiled" warning for Solaris.

- Applied another patch from Matt that (we hope) fixes the "present
  but cannot be compiled" warning -- this time for Mac OS X.

- Port table header names are now capitalized ("SERVICE", "PORT", etc)

3.40PVT1:
=========
- Initial implementation of service detection.  Nmap will now probe
  ports to determine what is listening, rather than guessing based on
  the nmap-services table lookup.  This can be very useful for
  services on unidentified ports and for UDP services where it is not
  always clear (without these probes) whether the port is really open
  or just firewalled.  It is also handy for when services are run on
  the well-known-port of another protocol -- this is happening more
  and more as users try to circumvent increasingly strict firewall
  policies.

- Nmap now uses the excellent libpcre (Perl Compatible Regular
  Expressions) library from http://www.pcre.org/ .  Many systems
  already have this, otherwise Nmap will use the copy it now includes.
  If your libpcre is hidden away in some nonstandard place, give
  ./configure the new --with-libpcre=DIR directive.

- Nmap now uses the C++ Standard Template Library (STL).  This makes
  programming easier, but if it causes major portability or bloat
  problems, I'll reluctantly remove it.

- Applied a patch from Javier Kohen (jkohen(a)coresecurity.com) which
  normalizes the names of many Microsoft entries in the
  nmap-os-fingerprints file.

- Applied a patch by Florin Andrei (florin(a)sgi.com) to the Nmap RPM
  spec file.  This uses the 'Epoch' flag to prevent the Redhat Network
  tool from marking my RPMs as "obsolete" and "upgrading" to earlier
  Redhat-built versions.  A compilation flag problem is also fixed.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Fri Jul 4 23:49:42 2003 UTC (21 years, 5 months ago) by salo
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +3 -3 lines
Updated to version 3.30.

Changes:

- Implemented the largest-ever OS fingerprint update!  Roughtly 300
  fingerprints were added/modified.  These massive changes span the
  gamut from AIX 5.1 to the ZyXEL Prestige broadband router line.
  Notable updates include OpenBSD 3.3, FreeBSD 5.1, Mac OS X 10.2.6,
  Windows 2003 server, and more WAPs and broadband routers than you
  can shake a stick at.  Someone even submitted a fingerprint for
  Debian Linux running on the Microsoft Xbox.  You have to love that
  irony :).  Thanks to everyone who submitted fingerprints using the
  URL Nmap gives you when it gets a clean reading but is stumped.
  The fingerprint DB now contains almost 1000 fingerprints.

- Went through every one of the fingerprints to normalize the
  descriptions a bit.  I also looked up what all of the devices are
  (thanks E*Bay and Google!).  Results like "Nexland ISB Pro800 Turbo"
  and "Siemens 300E Release 6.5" are much more useful when you add the
  words "cable modem" and "business phone system"

- Added a new classification system to nmap-os-fingerprints.  In
  addition to the standard text description, each entry is now
  classified by vendor name (e.g. Sun), underlying OS (e.g. Solaris),
  OS generation (e.g. 7), and device type ("general purpose", router,
  switch, game console, etc).  This can be useful if you want to (say)
  locate and eliminate the SCO systems on a network, or find the
  wireless access points (WAPs) by scanning from the wired side.

- Classification system described above is now used to print out a
  "device type" line and OS categories for matches.  The free-form
  English details are still printed as well.  Nmap can sometimes
  provide classifications even where it used to provide nothing
  because of "too many matches".  These have been added to XML output
  as well.  They are not printed for the "grepable output", as I
  consider that format deprecated.

- Nmap will now sometimes guess in the "no exact matches" case, even
  if you don't use the secret --osscan_guess or -fuzzy options.

- Applied another huge NmapFE patch from Peter Marschall
  (peter(a)adpm.de).  This revamps the interface to use a tabbed
  format that allows for many more Nmap options to be used.  It also
  cleans up some crufty parts of the code.  Let Fyodor and Peter know
  what you think (and if you encounter any problems).

- Windows and Amiga ports now use packet receive times from libpcap.
  Let Fyodor know if you get any "time computation problem" errors.

- Updated version of the Russian man page translation from Alex Volkov
  (alex(a)cherepovets-city.ru).

Revision 1.11: download - view: text, markup, annotated - select for diffs
Tue Jun 17 14:48:04 2003 UTC (21 years, 5 months ago) by salo
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +3 -3 lines
Updated to version 3.28.

Changes:

- Fixed (i hope) an issue that would cause Nmap to print "Serious time
  computation problem in adjust_timeout ..." and quit.  The ultimate
  cause was demonstrated by this --packet_trace snippet that Russel
  Miller (rmiller(a)duskglow.com) sent me:
  SENT (0.0500s) ICMP 0.0.0.0 > 127.0.0.1 Echo request (type=8/code=0) ...
  RCVD (0.0450s) ICMP 127.0.0.1 > 127.0.0.1 Echo reply (type=0/code=0) ...
  As you can see, the ping reply appears to come BEFORE the request
  was sent(!).  This sort of thing happens on at least Linux and
  Windows.  The send time is obtained from gettimeofday(NULL), while
  receive time libpcap packet header.

- For years, Nmap has added -I/usr/local/include and -L/usr/local/lib
  to the compiler line to grab local libraries.  I have removed this
  behavior by default, and added a '--with_localdirs' configure option
  that adds it back.  If Nmap fails to compile now without the above
  option, please let me know.  I can change the default back if this
  change causes more problems than it solves.  People (such as certain
  ports tree packagers) who know they don't want /usr/local should
  specify --without_localdirs rather than relying on that always being
  the default.

- Fixed (I hope) a problem that led to the error message "Assertion
  `tqi->sockets[probe_port_num][seq] == -1' failed".

- Fixed a problem that would cause Nmap on Windows to send ICMP ping
  packets from 0.0.0.0 instead of the appropriate source IP.  Thanks
  to Yeti (boxed(a)blueyonder.co.uk) for the report.

- Applied some changes from Solar Designer (solar(a)openwall.com)
  which fix some typos and also suggest safer /tmp/ behavior in the
  HACKING file and Lithuanian man page.  These changes are for the
  Nmap package of his Openwall GNU/*/Linux (Owl) distribution.
  [ http://www.openwall.com/Owl/ ]

- For Solaris, I now define NET_SIZE_T to size_t rather than socklen_t
  in nmap.h.  Isn't that exciting?!!!  Hopefully this will help
  compilation on Solaris 2.6 (and perhaps earlier).  If any Solaris
  users notice new compilation problems, please let me know.  Thanks to
  Al Smith (Al.Smith(a)aeschi.ch.eu.org) for reporting the issue.

- Removed an errant getopt() prototype in nbase/getopt.h which should
  hopefully improve compilation on certain Solaris boxes and BSD
  variants.

- SCO operating systems are no longer supported due to their recent
  (and absurd) attacks against Linux and IBM.  Bug reports relating to
  UnixWare will be ignored, or possibly even laughed at derisively.
  Note that I have no reason to believe anyone has ever used Nmap on
  SCO systems.  Unixware sucks.

- Fixed a problem with small --max_parallism values when non-root ping
  scanning that would cause Nmap to say "sendconnecttcpquery: Could
  not scavenge a free socket!" and quit.  Problem was reported by
  Justin A (justin(a)bouncybouncy.net) as Debian Bug #195463.

- Changed many single-quotes (') into double quotes (") in the man
  page due to a disagreement over whether to represent them as (') or
  (\') in nroff.

- Included --packet_trace support for Explicit Congestion Notification
  (rfc 2481/3168) flags thanks to a patch sent in by Maik Pfeil
  (root(a)bundesspionageministerium.de)

- Included --packet_trace support for a few (unusual) ICMP types in
  case Nmap receives them.  The patch was also sent by Maik Pfeil.

- Fixed a problem with redirecting XML/Grep/Machine output to stdout
  on Windows (e.g. -oX - ).  Problem was reported by Wei Jiang
  (Wei.Jiang(a)bindview.com)

- Made "-g -Wall" compiler flags dependent on availability of gcc/g++
  sine some other compilers do not support them.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Mon Apr 28 20:49:23 2003 UTC (21 years, 7 months ago) by salo
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +3 -3 lines
Update to version 2.37.

Changes:

- Nmap now compiles under Amiga thanks to patches sent by Diego
  Casorran (dcr8520@amiga.org).

- Fixed a backwards WIN32 ifdef that broke UDP and small-fragment
  scans for some operating systems other than Linux and Windows.
  Thanks to Guido van Rooij (guido@gvr.org) for reporting the problem
  and sending a patch.

- Applied patch from Marius Strobl (marius@alchemy.franken.de) which
  improves the definition of NET_SIZE_T on FreeBSD so that it compiles
  on 64-bit platforms.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sun Apr 27 11:42:14 2003 UTC (21 years, 7 months ago) by salo
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +3 -3 lines
Updated to version 3.26.

Addresses PR pkg/21338 by Simon Hitzemann.

Changes:

- Fixed Mac OS X Compilation (at least on most of the machines
  tested).  You will probably need to type
  "./configure CPP=/usr/bin/cpp" instead of simply "./configure".
  If you still have trouble, drop me an email.  Thanks to everyone
  who provided or offered shell accounts!

- Fixed a segmentation fault several people reported that was
  introduced in 3.25.  This problem manifests itself intermittently
  in many normal situations involving large-network scanning.  So
  all 3.25 users are urged to upgrade.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Tue Apr 22 10:32:24 2003 UTC (21 years, 7 months ago) by salo
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +3 -3 lines
Updated to version 3.25.

Based on a patch sent by Simon Hitzemann via PR pkg/21245.

Changes:

- fetch .tar.bz2 files

- UDP-based "ping" scanning (-PU) has been added. Works like -PS and -PA
- "Assertion `pt->down_this_block > 0' failed" seems to be fixed now.
- GCC dependency reported by Ayamura Kikuchi has been fixed.
- "assertion failure" after --max_rtt_timeout < 3000 has been fixed.
- Packet receive times are now taken from libpcap which improves performance
  a bit.
- Fixed a bug that ignored RST responses while using -PS or -PA
- Ping scan performance improved when many instances of Nmap are executed
  concurrently.
- Fixed a problem that caused BSD Make to bail out (never noticed that on
  NetBSD).
- Fixed a divide by zero error when nonroot users requested ICMP pings. Now
  it prints a warning and uses TCP connect() ping.
- Nmap is now a bit more tolerant of corrupt nmap-services and nmap-protocols.
- Some portnumbers have been added.
- --packet_trace support for Windows added.
- Removed superfluous "addport" line in XML output.
- wintcpip.cc and tcpip.cc have been merged into tcpip.cc
- Fixed assertion failure crashes related to combining port 0 scans and OS
  scan.
- Compilation problems on systems without IPv6 support have been fixed.
- Applied patch from Jochen Erwied which fixes the format strings used for
  printing certain timestamps.
- Upgraded to autoconf 2.57
- Renamed configure.ac to configure.in
- Changed the wording of NmapFE Gnome entries to better-comply with Gnome's
  Human Interface Guidelines.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sat Mar 22 04:07:10 2003 UTC (21 years, 8 months ago) by salo
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +6 -6 lines
Updated to version 3.20.

Based on patch sent by Juan RP via PR pkg/20839.

Changes:

Nmap 3.20:
==========
o The random IP input option (-iR) now takes an argument specifying
  how many IPs you want to scan (e.g. -iR 1000).  Specify 0 for the old
  neverending scan behavior.

o Fixed a tricky memory leak discovered by Mugz (mugz@x-mafia.com).

o Fixed output truncation problem noted by Lionel CONS (lionel.cons@cern.ch)

o Fixed a bug that would cause certain incoming ICMP error messages to
  be improperly ignored.

Nmap 3.15BETA3:
===============
o Made numerous improvements to the timing behavior of "-T Aggressive"
  (same as -T4) scans.  It is now recommended for regular use by
  impatient people with a fast connection.  "-T Insane" mode has also
  been updated, but we only recommend that for, well, insane people.

o Made substantial changes to the SYN/connect()/Window scanning
  algorithms for improved speeds, especially against heavily filtered
  hosts.  If you notice any timing problems (misidentified ports,
  etc.), please send me the details (including full Nmap output and a
  description of what is wrong).  Reports of any timing problems with
  -T4 would be helpful as well.

o Changed Nmap such that ALL syn scan packets are sent from the port
  you specify with -g.  Retransmissions used to utilize successively
  higher ports.  This change has a downside in that some operating
  systems (such as Linux) often won't reply to the retransmissions
  because they reuse the same connection specifier quad
  (srcip:srcport:dstip:dstport).  Overall I think this is a win.

o Added timestamps to "Starting nmap" line and each host port scan in
  verbose (-v) mode.  These are in ISO 8601 standard format because
  unlike President Bush, we actually care about International
  consensus :).

o Nmap now comes by default in .tar.bz2 format, which compresses about
  20% further.  You can still find .tgz in the dist directory at
  http://download.insecure.org/nmap/dist/?M=D .

o Various other minor bugfixes, new services, fingerprints, etc.

Nmap 3.15BETA2:
===============
o I added support for a brand new "port" that many of you may have
  never scanned before!  UDP & TCP "port 0" (and IP protocol 0) are now
  permitted if you specify 0 explicitly.  An argument like "-p -40"
  would still scan ports 1-40.  Unlike ports, protocol 0 IS now scanned
  by default.  This now works for ping probes too (e.g., -PS, -PA).

o Applied patch by Martin Kluge (martin@elxsi.info) which adds --ttl
  option, which sets the outgoing IPv4 TTL field in packets sent via
  all raw scan types (including ping scans and OS detection).  The
  patch "should work" on Windows, but hasn't been tested.  A TTL of 0
  is supported, and even tends to work on a LAN:
    14:17:19.474293 192.168.0.42.60214 > 192.168.0.40.135: S 3265375623:3265375623(0) win 1024 [ttl 0] (id 35919, len 40)
    14:17:19.474456 192.168.0.40.135 > 192.168.0.42.60214: S 2805154856:2805154856(0) ack 3265375624 win 64240 <mss 1460> (DF) (ttl 128, id 49889, len 44)

o Applied patch by Gabriel L. Somlo ( somlo@acns.colostate.edu ) which
  extends the multi-ping-port functionality to nonroot and IPv6
  connect() users.

o I added a new --datadir command line option which allows you to
  specify the highest priority directory for Nmap data files
  nmap-services, nmap-os-fingerprints, and nmap-rpc.  Any files which
  aren't in the given dir, will be searched for in the $NMAPDIR
  environmental variable, ~/nmap/, a compiled in data directory
  (e.g. /usr/share/nmap), and finally the current directory.

o Fixed Windows (VC++ 6) compilation, thanks to patches from Kevin
  Davis (computerguy@cfl.rr.com) and Andy Lutomirski
  (luto@stanford.edu)

o Included new Latvian man page translation by
  "miscelerious options" (misc@inbox.lv)

o Fixed Solaris compilation when Sun make is used rather than GNU
  make.  Thanks to Tom Duffy (tduffy@sun.com) for assistance.

o Applied patch from Stephen Bishop (sbishop@idsec.co.uk) which
  prevends certain false-positive responses when Nmap raw TCP ping scans
  are being run in parallel.

o To emphasize the highly professional nature of Nmap, I changed all
  instances of "fucked up" in error message text into "b0rked".

o Fixed a problem with nmap-frontend RPMs that would cause a bogus
  /bin/xnmap link to be created (it should only create
  /usr/bin/xnmap).  Thanks to Juho Schultz
  (juho.schultz@astro.helsinki.fi) for reporting the problem.

o I made the maximum number of allowed routes and interfaces allowed
  on the scanning machine dynamic rather than hardcoded #defines of 1024
  and 128.  You never know -- some wacko probably has that many :).

Nmap 3.15BETA1:
===============
o Integrated the largest OS fingerprint DB updates ever! Thanks to
  everyone who contributed signatures!  New or substantially modified
  fingerprints included the latest Windows 2K/XP changes, Cisco IOS
  12.2-based routers and PIX 6.3 firewalls, FreeBSD 5.0, AIX 5.1,
  OpenBSD 3.2, Tru64 5.1A, IBM OS/400 V5R1M0, dozens of wireless APs,
  VOIP devices, firewalls, printers, print servers, cable modems,
  webcams, etc.  We've even got some mod-chipped Xbox fingerprints
  now!

o Applied NetBSD portability patch by Darren Reed
  (darrenr@reed.wattle.id.au)

o Updated Makefile to better-detect if it can't make nmapfe and
  provide a clearer error message.  Also fixed a couple compiler
  warnings on some *BSD platforms.

o Applied patch from "Max" (nmap@webwizarddesign.com) which adds the
  port owner to the "addport" XML output lines which are printed (only
  in verbose mode, I think) as each open port is discovered.

o I killed the annoying whitespace that is normally appended after the
  service name.  Now it is only there when an owner was found via -sI
  (in which case there is a fourth column and so "service" must be
  exactly 24 characters).

Nmap 3.10ALPHA9:
================
o Reworked the "ping scan" algorithm (used for any scan except -P0 or
  -sL) to be more robust in the face of low-bandwidth and congested
  connections.  This also improves reliability in the multi-port and
  multi-type ping cases described below.

o "Ping types" are no longer exclusive -- you can now do combinations
  such as "-PS22,53,80 -PT113 -PN -PE" in order to increase your odds of
  passing through strict filters.  The "PB" flag is now deprecated
  since you can achieve the same result via "PE" and "PT" options.

o Applied patch (with modest changes) by Gabriel L. Somlo
  (somlo@acns.colostate.edu), which allows multiple TCP probe ports in
  raw (root) mode.  See the previous item for an example.

o Fixed a libpcap compilation issue noted by Josef 'Jupp' Schugt
  (deusxmachina@webmail.co.za) which relates to the definition (or
  lack thereof) of ARPHRD_HDLC (used for Cisco HDLC frames).

o Tweaked the version number (-V) output slightly.

Nmap 3.10ALPHA7:
================
o Upgraded libpcap from version 0.6.2 to 0.7.1.  Updated the
  libpcap-possiblymodified/NMAP_MODIFICATIONS file to give a much
  more extensive list (including diffs) of the changes included
  in the Nmap bundled version of Libpcap.

o Applied patch to fix a libpcap alignment bug found by Tom Duffy
  (tduffy@sun.com).

o Fixed Windows compilation.

o Applied patch by Chad Loder (cloder@loder.us) of Rapid7 which
  fixes OpenBSD compilation.  I believe Chad is now the official
  OpenBSD Nmap "port" maintainer.  His patch also adjusted
  random-scan (-iR) to include the recently allocated 82.0.0.0/8
  space.

o Fixed (I hope) a few compilation problems on
  non-IPv6-enabled machines which were noted by Josef 'Jupp'
  Schugt (jupp@gmx.de)

o Included some man page translations which were inadvertently
  missed in previous tarballs.

o Applied patch from Matthieu Verbert (mve@zurich.ibm.com) which
  places the Nmap man pages under ${prefix}/share/man rather than
  ${prefix}/man when installed via RPM.  Maybe the tarball
  install should do this too?  Opinions?

o Applied patch from R Anderson (listbox@pole-position.org) which
  improves the way ICMP port unreachables from intermediate hosts
  are handled during UDP scans.

o Added note to man page related to Nmap US export control.  I
  believe Nmap falls under ECCN 5D992, which has no special
  restrictions beyond the standard export denial to a handful of
  rogue nations such as Iraq and North Korea.

o Added a warning that some hosts may be skipped and/or repeated
  when someone tries to --resume a --randomize_hosts scan.  This
  was suggested by Crayden Mantelium (crayden@sensewave.com)

o Fixed a minor memory leak noted by Michael Davis
  (mike@datanerds.net).

Nmap 3.10ALPHA4:
================
o Applied patch by Max Schubert (nmap@webwizarddesign.com) which adds
  an add-port XML tag whenever a new port is found open when Nmap is
  running in verbose mode.  The new tag looks like:
  <addport state="open" portid="22" protocol="tcp"/>
  I also updated docs/nmap.dtd to recognize this new tag.

o Added German translation of Nmap manpage by Marc Ruef
  (marc.ruef@computec.ch).  It is also available at
  http://www.insecure.org/nmap/data/nmap_manpage-de.html

o Includes a brand new French translation of the manpage by Sebastien
  Blanchet.  You could probably guess that it is available at
  http://www.insecure.org/nmap/data/nmap_manpage-fr.html

o Applied some patches from Chad Loder (cloder@loder.us) which update
  the random IP allocation pool and improve OpenBSD support.  Some
  were from the OBSD Nmap patchlist.

o Fixed a compile problem on machines without PF_INET6.  Thanks to
  Josef 'Jupp' Schugt (deusxmachina@webmail.co.za) for noting this.

Nmap 3.10ALPHA3:
================
o Added --min_parallelism option, which makes scans more aggressive
  and MUCH faster in certain situations -- especially against
  firewalled hosts.  It is basically the opposite of --max_parallelism
  (-M).  Note that reliability can be lost if you push it too far.

o Added --packet_trace option, which tells Nmap to display all of the
  packets it sends and receives in a format similar to tcpdump.  I
  mostly added this for debugging purposes, but ppl wishing to learn
  how Nmap works or for experts wanting to ensure Nmap is doing
  exactly what they epect.  If you want this feature supported under
  Windows, please send me a patch :).

o Fixed a segmentation fault in Idlescan (-sI).

o Made Idlescan timing more conservative when -P0 is specified to
  improve accuracy.

o Fixed an infinite-loop condition that could occur during certain
  dropped-packet scenarios in an Idle scan.

o Nmap now reports execution times to millisecond precision (rather
  than rouding to the nearest second).

o Fixed an infinite loop caused by invalid port arguments.  Problem
  noted by fejed (fejed@uddf.net).

Nmap 3.10ALPHA2:
================
o Fixed compilation and IPv6 support on FreeBSD (tested on
  4.6-STABLE).  Thanks to Niels Heinen (niels.heinen@ubizen.com) for
  suggestions.

o Made some portability changes based on suggestions by Josef 'Jupp'
  Schugt (jupp@gmx.de)

o Fixed compilation and IPv6 support on Solaris 9 (haven't tested
  earlier versions).

Nmap 3.10ALPHA1:
================
o IPv6 is now supported for TCP scan (-sT), connect()-style ping
  scan (-sP), and list scan (-sL)!  Just specify the -6 option and the
  IPv6 numbers or DNS names.  Netmask notation is not currently
  supported -- I'm not sure how useful it is for IPv6, where even petty
  end users may be allocated trillions of addresses (/80).  If you
  need one of the scan types that hasn't been ported yet, give
  Sebastien Peterson's patch a try at http://nmap6.sourceforge.net/ .
  If there is demand, I may integrate more of that into Nmap.

o Major code restructing, which included conversion to C++ -- so
  you'll need g++ or another C++ compiler.  I accidently let a C++
  requirement slip in a while back and found that almost everyone has
  such a compiler.  Windows (VC++) users: see the README-WIN32 for new
  compilation instructions.

o Applied patch from Axel Nennker (Axel.Nennker@t-systems.com) which
  adds a --without-nmapfe option to the configure script.  This si
  useful if your system doesn't have the proper libraries (eg GTK) or
  if you think GUIs are for sissies :).

o Removed arbitrary max_parallelism (-M) limitations, as suggested by
  William McVey ( wam@cisco.com ).

o Added DEC OSF to the platforms that require the BSDFIX() macro due
  to taking ip length and offset fields in host rather than network byte
  order.  Suggested by Dean Bennett (deanb@gbtn.net)

o Fixed an debug statement C ambiguity discovered by Kronos
  (kronos@kronoz.cjb.net)

Revision 1.6: download - view: text, markup, annotated - select for diffs
Sat Aug 3 12:23:58 2002 UTC (22 years, 4 months ago) by hubertf
Branches: MAIN
CVS tags: netbsd-1-6-RELEASE-base, netbsd-1-6-1-base, netbsd-1-6-1, netbsd-1-6
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +7 -9 lines
Update nmap to 3.00. Changes:

    * Added protocol scan (-sO), which determines what IP protocols
      (TCP, IGMP, GRE, UDP, ICMP, etc) are supported by a given host.
      This uses a clever technique designed and implemented by Gerhard
      Rieger .
    * Nmap now recognizes more than 700 operating system versions and
      network devices (printers, webcams, routers, etc) thanks to
      thousands of contributions from the user community! Many
      operating systems were even recognized by Nmap prior to their
      official release. Nmap3 also recognizes 2148 port assignments,
      451 SunRPC services, and 144 IP protocols.
    * Added Idlescan (-sI), which bounces the scan off a "zombie"
      machine. This can be used to bypass certain (poorly configured)
      firewalls and packet filters. In addition, this is the most
      stealthy Nmap scan mode, as no packets are sent to the target
      from your true IP address.
    * The base Nmap package now builds and functions under Windows! It
      is distributed in three forms: build-it-yourself source code, a
      simple command-line package, or along with a nice GUI interface
      (NmapWin) and a fancy installer. This is due to the hard work of
      Ryan Permeh (from eEye), Andy Lutomirski, and Jens Vogt.
    * Mac OS X is now supported, as well as the latest versions of
      Linux, OpenBSD, Solaris, FreeBSD, and most other UNIX platforms.
      Nmap has also been ported to several handheld devices -- see the
      Related Projects page for further information.
    * XML output (-oX) is now available for smooth interoperability
      between Nmap and other tools.
    * Added ICMP Timestamp and Netmask ping types (-PP and -PM). These
      (especially timestamp) can be useful against some hosts that do
      not respond to normal ping (-PI) packets. Nmap still allows TCP
      "ping" as well.
    * Nmap can now detect the uptime of many hosts when the OS Scan
      option (-O) is used.
    * Several new tests have been added to make OS detection more
      accurate and provide more granular version information.
    * Removed 128.210.*.* addresses from Nmap man page examples due to
      complaints from Purdue security staff.
    * The --data_length option was added, allowing for longer probe
      packets. Among other uses, this defeats certain simplistic IDS
      signatures.
    * You can now specify distinct port UDP and TCP port numbers in a
      single scan command using a command like 'nmap -sSU -p
      U:53,111,137,T:21-25,80,139,515,6000,8080 target.com'. See the
      man page for more usage info.
    * Added mysterious, undocumented --scanflags and --fuzzy options.
    * Nmap now provides IPID as well as TCP ISN sequence
      predictability reports if you use -v and -O.
    * SYN scan is now the default scan type for privileged (root)
      users. This is usually offers greater performance while reducing
      network traffic.
    * Capitalized all references to God in error messages.
    * Added List scan (-sL) which enumerates targets without scanning
      them.
    * The Nmap "random IP" scanning mode is now smart enough to skip
      many unallocated netblocks.
    * Tons of more minor features, bugfixes, and portability enhancements.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Thu Dec 6 14:51:07 2001 UTC (23 years ago) by rafal
Branches: MAIN
CVS tags: pkgviews-base, pkgviews, netbsd-1-5-PATCH003, buildlink2-base, buildlink2
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -1 lines
Add patch-af (recognize mipseb in config.sub).

Revision 1.4: download - view: text, markup, annotated - select for diffs
Fri Aug 24 11:23:16 2001 UTC (23 years, 3 months ago) by abs
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -2 lines
Fix fo linux a different way - make more like NetBSD configuration and use
net/libpcap. Also fix DEPENDS for Solaris and Linux

Revision 1.3: download - view: text, markup, annotated - select for diffs
Fri Aug 24 11:05:35 2001 UTC (23 years, 3 months ago) by abs
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +6 -6 lines
Rework NetBSD hack to not break Linux build

Revision 1.2: download - view: text, markup, annotated - select for diffs
Sat Apr 21 11:23:25 2001 UTC (23 years, 7 months ago) by wiz
Branches: MAIN
CVS tags: netbsd-1-5-PATCH001
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +3 -2 lines
Move to sha1 checksum, and/or add distfile sizes.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Tue Apr 17 11:52:25 2001 UTC (23 years, 7 months ago) by agc
Branches: MAIN
+ move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>