Changelog:
==========
Nmap 6.00
o Most important release since Nmap 5.00 in July 2009! For a list of
the most significant improvements and new features, see the
announcement at: http://nmap.org/6
o In XML output, <osclass> elements are now child elements of the
<osmatch> they belong to. Old output was thus:
<os><osclass/><osclass/>...<osmatch/><osmatch/>...</os>
New output is:
<os><osmatch><osclass/><osclass/>...</osmatch>...</os>
The option --deprecated-xml-osclass restores the old output, in case
you use an Nmap XML parser that doesn't understand the new
structure. The xmloutputversion has been increased to 1.04.
o Added a new <target> element to XML output that indicates when a
target specification was ignored, perhaps because of a syntax error
or DNS failure. It looks like this:
<target specification="1.2.3.4.5" status="skipped" reason="invalid"/>
[David Fifield]
o [NSE] Added the script samba-vuln-cve-2012-1182 which detects the
SAMBA pre-auth remote root vulnerability (CVE-2012-1182).
[Aleksandar Nikolic]
o [NSE] Added http-vuln-cve2012-1823.nse, which checks for PHP CGI
installations with a remote code execution vulnerability. [Paulino
Calderon]
o [NSE] Added script targets-ipv6-mld that sends a malformed ICMP6 MLD Query
to discover IPv6 enabled hosts on the LAN. [Niteesh Kumar]
o [NSE] Added rdp-vuln-ms12-020.nse by Aleksandar Nikolic. This tests
for two Remote Desktop vulnerabilities, including one allowing
remote code execution, that were fixed in the MS12-020 advisory.
o [NSE] Added a stun library and the scripts stun-version and stun-info, which
extract version information and the external NAT:ed address.
[Patrik Karlsson]
o [NSE] Added the script duplicates which attempts to determine duplicate
hosts by analyzing information collected by other scripts. [Patrik Karlsson]
o Fixed the routing table loop on OS X so that on-link routes appear.
Previously, they were ignored so that things like ARP scan didn't
work. [Patrik Karlsson, David Fifield]
o Upgraded included libpcap to version 1.2.1.
o [NSE] Added ciphers from RFC 5932 and Fortezza-based ciphers to
ssl-enum-ciphers.nse. The patch was submitted by Darren McDonald.
o [NSE] Renamed hostmap.nse to hostmap-bfk.nse.
o Fixed a compilation problem on Solaris 9 caused by a missing
definition of IPV6_V6ONLY. Reported by Dagobert Michelsen.
o Setting --min-parallelism by itself no longer forces the maximum
parallelism to the same value. [Chris Woodbury, David Fifield]
o Changed XML output to show the "service" element whenever a tunnel
is discovered for a port, even if the service behind it was unknown.
[Matt Foster]
o [Zenmap] Fixed a crash that would happen in the profile editor when
the script.db file doesn't exist. The bug was reported by Daniel
Miller.
o [Zenmap] It is now possible to compare scans having the same name or
command line parameters. [Jah, David Fifield]
o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
"Unexpected probespec2ascii type encountered" [David Fifield]
o [NSE] Added new script http-chrono, which measures min, max and average
response times of web servers. [Ange Gutek]
o Applied a workaround to make pcap captures work better on Solaris
10. This involves peeking at the pcap buffer to ensure that captures
are not being lost. A symptom of the previous behavior was that,
when doing ARP host discovery against two targets, only one would be
reported as up. [David Fifield]
o Fixed a bug that could cause Nsock timers to fire too early. This
could happen for the timed probes in IPv6 OS detection, causing an
incorrect measurement of the TCP_ISR feature. [David Fifield]
o [Zenmap] We now build on Windows with a newer version of PyGTK, so
copy and paste should work again.
o Changed the way timeout calculations are made in the IPv6 OS engine.
In rare cases a certain interleaving of probes and responses would
result in an assertion failure.
small snippet from changelog:
http://nmap.org/changelog.html
o Integrated all of your IPv4 OS fingerprint submissions since June 2011 (about 1,900 of them)
Added about 256 new fingerprints (total 3,572)
o Integrated all of your service/version detection fingerprints submitted since November 2010
(signature count increased to 7,423)
o Integrated your latest IPv6 OS submissions and corrections
o [NSE] Added 43(!) NSE scripts, bringing the total up to 340
o [NSE] Added 14 new protocol libraries
o [CPE] (Common Platform Enumeration) OS classification is now supported for IPv6 OS detection
o Added a new --script-args-file option
o [NSE] Added support for decoding EIGRP broadcasts from Cisco routers to broadcast-listener
o [NSE] Added redirect support to the http library
o Update to the latest MAC address prefix assignments from IEEE as of March 8, 2012
Test builds sponsored by redports.org
Feature safe: yes
For detailed Changes see http://nmap.org/changelog.html
(List is simply to long ...)
Some highlights
* [NSE] Added a new httpspider library which is used for recursively
crawling web sites for information. New scripts using this
functionality include http-backup-finder, http-email-harvest,
http-grep, http-open-redirect, and http-unsafe-output-escaping. See
http://nmap.org/nsedoc/ or the list later in this file for details
on these.
* [NSE] Added a vulnerability management library (vulns.lua) to store and to
report discovered vulnerabilities.
* [NSE] Added a new script force feature. You can force scripts to
run against target ports (even if the "wrong" service is detected)
by placing a plus in front of the script name passed to --script.
See http://nmap.org/book/nse-usage.html#nse-script-selection.
* [NSE] Added 51(!) NSE scripts, bringing the total up to 297.
Build tests sponsored by redports.org
- add workaround for system build with WITHOUT_INET6 [1]
Thanks to Kim Scarborough for sharing the libpcap workaround
PR: ports/159376 [1]
Submitted by: Alexander Panyushkin [1]
Here is the (partial) CHANGELOG since 5.59BETA1:
Nmap 5.61TEST1 [2011-09-19]
o The changelog entries below for this test release are not yet
finished or comprehensive. We'll update them soon.
o [Ncat] Updated ca-bundle.crt (primarily to remove DigiNotar).
o Fixed compilation on OS X 10.7 Lion. Thanks to Patrik Karlsson and
Babak Farroki for researching fixes.
o [NSE] Fixed SSL compressor names in ssl-enum-ciphers.nse, and
removed redundant multiple listings of the NULL compressor.
[Matt Selsky]
o [NSE] Added cipher strength ratings to ssl-enum-ciphers.nse.
[Gabriel Lawrence]
o Added Common Platform Enumeration (CPE, http://cpe.mitre.org/)
output for OS and service versions. These show up in normal output
with the headings "OS CPE:" and "Service Info:":
OS CPE: cpe:/o:linux:kernel:2.6.39
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
These also appear in XML output, which additionally has CPE entries
for service versions. [David, Henri]
o [NSE] Added new default credential list for Oracle and modified the
oracle-brute script to make use of it. [Patrik]
o [NSE] Added xmpp-info.nse as a replacement for xmpp.nse. This updated version
brings new features and fixes. [Vasiliy Kulikov]
o Fixed RPC scan for 64-bit architectures by using fixed-size data
types. [David]
o Relaxed the XML DTD to allow validation of files where the verbosity
level changed during the scan. [Daniel Miller]
o Made a service confidence of 8 (used when tcpwrapped) and indeed any
number between 0 and 10 be legal in XML output according to the DTD.
[Daniel Miller]
o [NSE] Added three scripts that do host discovery on local IPv6
subnets. Each of them uses a different multicast technique, meaning
that even very large networks have host discovery done without
needing to probe every address individually.
+ targets-multicast-ipv6-echo: Sends a multicast echo request, like
broadcast-ping does for IPv4.
+ targets-multicast-ipv6-invalid-dst: Sends an invalid packet that
can elicit an ICMPv6 Parameter Problem response.
+ targets-multicast-ipv6-slaac: Sends a phony router advertisement,
which causes hosts to allocate a temporary address and then send a
packet to discover if anyone else is using the address.
[Weilin, David]
o [NSE] Added functions to packet.lua to make it easier to build IPv6
packets. [Weilin]
o [NSE] Added new script http-vuln-cve2011-3192 which checks whether an instance
of Apache is vulnerable to a DoS attack exploiting the byterange filter.
[Duarte Silva].
o [NSE] Fixed authentication problems in the TNS library that would prevent
authentication from working against Oracle 11.2.0.2.0 XE [Chris Woodbury]
o Removed some restrictions on probe matching that, for example,
prevented a RST/ACK reply from being recognized in a NULL scan. This
was found and fixed by Matthew Stickney and Joe McEachern.
o Rearranged some characters classes in service matches to avoid any
that look like POSIX collating symbols ("[.xyz.]"). John Hutchison
discovered this error caused by one of the match lines:
InitMatch: illegal regexp: POSIX collating elements are not supported
[Daniel Miller]
o [NSE] Added the address-info.nse script, which shows extra information about IP addresses.
o [NSE] Added scripts http-joomla-brute, http-wordpress-brute, http-wp-enum and
http-awstatstotal-exec. [Paulino]
o [Zenmap] Fixed zenmap deleting ports based on newer scans which did
not actually scan the port in question. Additionally ncat now only
updates ports with new information if the new information is the same
protocol. Not just the same port. [Colin Rice]
o [Ncat] Fixed ncat crashing with --ssl-verify -vvv on windows. [Colin Rice]
o [NSE] Added script http-waf-detect. This script tries to determine
if an IDS/IPS/WAF is protecting a web server. [Paulino]
o [NSE] Added the bittorrent library and bittorrent-discovery script which
enables us to discover peers and nodes for a particular torrent file or
magnet link.
o [NSE] Added basic query support to the Oracle TNS library making it possible
for scripts to query the database server using SQL. [Patrik]
o [Ncat] Added --append-output option, that when used along with -o and/or -x
prevents clobbering(truncating) an existing file. [Shinnok]
o [NSE] Added script broadcast-listener that attempts to discover hosts by
passively listening to the network. It does so by decoding ethernet and IP
broadcast and multicast messages. [Patrik]
o Fixed a bug that would make Nmap segfault if it failed to open an interface
using pcap. The bug details and patch are posted here:
http://seclists.org/nmap-dev/2011/q3/365 [Patrik]
o Ncat SCTP mode supports connection brokering now(--sctp --broker). [Shinnok]
o Nmap now defers options parsing until it has read through all the command line
arguments. You can now use options like -S with an IPv6 address before
specifying -6 at the command line, which previously got you an error.
[Shinnok]
o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs
brute force password auditing against XMPP (Jabber) servers. [Patrik]
o [NSE] Fixed a bug in the ssh2-enum-algos script that would prevent it from
displaying any output unless run in debug mode. [Patrik]
o [NSE] Fixed the nsedebug print_hex() function so it does not print an
empty line if there are no remaining characters, and improved its NSEDoc.
[Chris Woodbury].
o [NSE] Added the scripts http-axis2-dir-traversal and
http-litespeed-sourcecode-download that exploits a directory traversal and
null byte poisoning vulnerabilities in Apache Axis2 and LiteSpeed Web Server
respectively. [Paulino]
o [Ncat] Ncat now no longer blocks while an ssl handshake is taking place or
waiting to complete. [Shinnok]
o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover
message to the broadcast address and collects and reports the network
information received from the DHCP server. [Patrik]
o [NSE] Added the script smtp-brute that performs brute force password
auditing against SMTP servers. [Patrik]
o [NSE] Updated SMTP library to support authentication using both plain-text
and the SASL library. [Patrik]
o [NSE] Added the script imap-brute that performs brute force password
auditing against IMAP servers. [Patrik]
o [NSE] Updated IMAP library to support authentication using both plain-text
and the SASL library. [Patrik]
o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson
providing common code for "Simple Authentication and Security Layer" to
services supporting it. The algorithms supported by the library are:
PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]
o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs
library. The cvs-brute-repository script allows for guessing possible
repository names needed in order to perform password guessing using the
cvs-brute.nse script. [Patrik]
o [Zenmap] The Zenmap crash handler now instructs you to mail in crash
information to nmap-dev. [Colin Rice]
o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4
ARP scan. It is the default ping type for local IPv6 networks.
[Weilin]
o [NSE] Added smtp-vuln-cve2011-1764 script, which checks if the Exim
SMTP server is vulnerable to the DKIM Format String vulnerability
(CVE-2011-1764). [Djalal]
o Added the broadcast-ping script which sends icmp packets to broadcast
addresses on the selected network interface, or all ethernet interfaces if
none is selected. It has the option to add the discovered hosts as targets.
o [NSE] Applied patch from Chris Woodbury that adds the following additional
information to the output of smb-os-discovery:
+ Forest name
+ FQDN
+ NetBIOS computer name
+ NetBIOS domain name
o [Ncat] Ncat now supports IPV6 addresses by default without the -6 flag.
Additionally ncat listens on both :: and localhost when passed
-l, or any other listening mode unless a specific listening address is
supplied.
o [NSE] Split script db2-discover into two scripts, adding a new
broadcast-db2-discover script. This script attempts to discover DB2
database servers through broadcast requests. [Patrik Karlsson]
o Fixed broken XML output in the case of timed-out hosts; the
enclosing host element was missing. The fix was suggested by Rémi
Mollon.
o [NSE] Added ftp-vuln-cve2010-4221 script, which checks if the ProFTPD
server is vulnerable to the Telnet IAC stack overflow vulnerability
(CVE-2010-4221). [Djalal]
o [NSE] Added ftp-vsftpd-backdoor, which detects a backdoor that was introduced
into vsftpd-2.3.4 source code distributions. [Daniel Miller]
o [NSE] ldap-brute.nse - Multiple changes:
+ Added support for 2008 R2 functional level Active Directory instances
to ldap-brute.
+ Added detection for valid credentials where the target account was
expired or limited by time or login host constraints.
+ Added support for specifying a UPN suffix to be appended to usernames
when brute forcing Microsoft Active Directory accounts.
+ Added support for saving discovered credentials to a CSV file.
+ Now reports valid credentials as they are discovered when the script
is run with -vv or higher.
[Tom Sellers]
o [NSE] ldap-search.nse - Added support for saving search results to
CSV. This is done by using the ldap.savesearch script argument to
specify an output filename prefix. [Tom Sellers]
o [NSE] Updated smb-brute to add detection for valid credentials where the
target account was expired or limited by time or login host constraints.
[Tom Sellers]
o [NSE] Updated account status text in brute force password discovery
scripts in an effort to make the reporting more consistent across
all scripts. This will have an impact on any code that parses these
values. [Tom Sellers]
This version includes:
o 40 new NSE scripts (plus improvements to many others)
o even more IPv6 goodness than our informal World IPv6 Day release
o 7 new NSE protocol libraries
o hundreds of bug fixes
o and much more see http://seclists.org/nmap-hackers/2011/3
- always enable bpf in libdnet-stripped to support build in Jail [1]
Announcement and Changelog are very long and covered by last updates.
Announcement: http://seclists.org/nmap-hackers/2011/0
Changelog: http://nmap.org/changelog.html
PR: ports/154353 [1]
Submitted by: Mars G Miro <spry _at_ anarchy.in.the.ph> [1]
Feature safe: yes
- remove dead mirror servers
Changelog: http://nmap.org/changelog.html
Mayjor changes are NSE script related, some highlihts:
o [NSE] Added stuxnet-detect.nse
o [NSE] Added the ftp-proftpd-backdoor.nse
and many more interesting NSE scripts.
- remove MD2 code from nse_openssl.cc (already removed in nmap svn)
- remove naming conflict if openssl-1.x is build with SCTP support
Approved by: glarkin (mentor)
getaddrinfo(3) (7.1 and earlier, and -CURRENT before the end of March
2009).
PR: ports/133779
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
- Remove USE_XLIB/USE_X_PREFIX/USE_XPM in favor of USE_XORG
- Remove X11BASE support in favor of LOCALBASE or PREFIX
- Use USE_LDCONFIG instead of INSTALLS_SHLIB
- Remove unneeded USE_GCC 3.4+
Thanks to all Helpers:
Dmitry Marakasov, Chess Griffin, beech@, dinoex, rafan, gahr,
ehaupt, nox, itetcu, flz, pav
PR: 116263
Tested on: pointyhat
Approved by: portmgr (pav)
---snip---
The security/nmap port (currently at 3.48, but previous versions also
had this problem) triggers a bug in GCC 3.3.1 on FreeBSD/sparc64 which
causes the compilation of the port to fail.
The GCC bug itself is know and AFAIK Thomas Moestl (tmm@freebsd.org)
tried to get a fix for it in upstream GCC. However, I didn't see an
entry in the release notes of GCC 3.3.2 that would suggest that it has
been fixed there.
Another port that has a workaround for this particular GCC bug is e.g.
x11/XFree86-4-libraries (files/patch-XRes.c).
---snip---
PR: 58698
Submitted by: Marius Strobl <marius@alchemy.franken.de>
Approved by: maintainer
- improved version detection
- integrates most FreeBSD fixes, thanks to
Marius Strobl <marius@alchemy.franken.de>
- install localized man pages
PR: ports/57646
Submitted by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Submitted by: maintainer
Reviewed by:
Approved by:
Obtained from:
MFC after:
1. Upgrade Nmap to 3.30, which released at Jun 29, 2003. Major enchancement is
OS fingerprints update. The fingerprint DB now contains almost 1000
fingerprints.
See ChangeLog at this link:
http://lists.insecure.org/lists/nmap-hackers/2003/Apr-Jun/0016.html
2. Renamed the patch files to be more descriptive.
The nmap port is not building correctly where libgnugetopt is
installed. This patch fixes the problem, please add it to the
files directory.
PR: ports/50894
Submitted by: marius@alchemy.franken.de
Approved by: Dominic Marks <dom@cus.org.uk>
a separate port for nmapfe. Even though the attempt in the nmap port
mostly fails since no nmapfe executable would have been built, files
not appearing in the pkg-plist were being added to the system.
PR: ports/35207
Approved by: obrien
