kpriv/pkgsrc - Disroot Forgejo: Brace yourself, merge conflicts ahead.

kpriv/pkgsrc

13 lines

307 B

Text

Raw Normal View History

Updated to version 3.80 Changes: - Nmap now ships with and installs (in the same directory as other data files such as nmap-os-fingerprints) an XSL stylesheet for rendering the XML output as HTML. This stylesheet was written by Benjamin Erb ( see http://www.benjamin-erb.de/nmap/ for examples). It supports tables, version detection, color-coded port states, and more. The XML output has been augmented to include an xml-stylesheet directive pointing to nmap.xsl on the local filesystem. You can point to a different XSL file by providing the filename or URL to the new --stylesheet argument. Omit the xml-stylesheet directive entirely by specifying --no-stylesheet. The XML to HTML conversion can be done with an XSLT processor such as Saxon, Sablot, or Xalan, but modern browsers can do this on the fly -- simply load the XML output file in IE or Firefox. Some features don't currently work with Firefox's on-the-fly rendering. Perhaps some Mozilla wizard can fix that in either the XSL or the browser itself. I hate having things work better in IE :). It is often more convenient to have the stylesheet loaded from a URL rather than the local filesystem, allowing the XML to be rendered on any machine regardless of whether/where the XSL is installed. For privacy reasons (avoid loading of an external URL when you view results), Nmap uses the local filesystem by default. If you would like the latest version of the stylesheet load from the web when rendering, specify --stylesheet http://www.insecure.org/nmap/data/nmap.xsl . - Fixed fragmentation option (-f). One -f now sets sends fragments with just 8 bytes after the IP header, while -ff sends 16 bytes to reduce the number of fragments needed. You can specify your own fragmentation offset (must be a multiple of 8) with the new --mtu flag. Don't also specify -f if you use --mtu. Remember that some systems (such as Linux with connection tracking) will defragment in the kernel anyway -- so test first while sniffing with ethereal. These changes are from a patch by Martin Macok (martin.macok(a)underground.cz). - Nmap now prints the number (and total bytes) of raw IP packets sent and received when it completes, if verbose mode (-v) is enabled. The report looks like: Nmap finished: 256 IP addresses (3 hosts up) scanned in 30.632 seconds Raw packets sent: 7727 (303KB) \| Rcvd: 6944 (304KB) - Fixed (I hope) an error which would cause the Windows version of Nmap to abort under some circumstances with the error message "Unexpected error in NSE_TYPE_READ callback. Error code: 10053 (Unknown error)". Problem reported by "Tony Golding" (biz(a)tonygolding.com). - Added new "closed\|filtered" state. This is used for Idlescan, since that scan method can't distinguish between those two states. Nmap previously just used "closed", but this is more accurate. - Null, FIN, Maimon, and Xmas scans now mark ports as "open\|filtered" instead of "open" when they fail to receive any response from the target port. After all, it could just as easily be filtered as open. This is the same change that was made to UDP scan in 3.70. Also as with UDP scan, adding version detection (-sV) will change the state from open\|filtered to open if it confirms that they really are open. - Fixed a bug in ACK scan that could cause Nmap to crash with the message "Unexpected port state: 6" in some cases. Thanks to Glyn Geoghegan (glyng(a)corsaire.com) for reporting the problem. - Change IP protocol scan (-sO) so that a response from the target host in any protocol at all will prove that protocol is open. As before, no response means "open\|filtered", an ICMP protocol unreachable means "closed", and most other ICMP error messages mean "filtered". - Patched a Winpcap issue that prevented read timeouts from being honored on Solaris (thus slowing down Nmap substantially). The problem report and patch were sent in by Ben Harris (bjh21(a)cam.ac.uk). - Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and UDP headers when scanning protocols 1, 6, and 17, respectively. An empty IP header is still sent for all other protocols. This should prevent the error messages such as "sendto in send_ip_packet: sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not permitted" that Linux (and perhaps other systems) would give when they try to interpret the raw packet. This also makes it more likely that these protocols will elicit a response, proving that the protocol is "open". - The windows build now uses header and static library files from Winpcap 3.1Beta4. It also now prints out the DLL version you are using when run with -d. I would recommend upgrading to 3.1Beta4 if you have an older Winpcap installed. - Added an NTP probe and matches to the version detection database (nmap-service-probes) thanks to a submission from Martin Macok (martin.macok@underground.cz). - Applied several Nmap service detection database updates sent in by Martin Macok (martin.macok(a)underground.cz). 2005-02-06 22:56:11 +01:00			`@comment $NetBSD: PLIST,v 1.5 2005/02/06 21:56:11 salo Exp $`
Network/port scanner with OS detection 1999-01-15 01:08:53 +01:00			`bin/nmap`
Update nmap to 3.00. Changes: * Added protocol scan (-sO), which determines what IP protocols (TCP, IGMP, GRE, UDP, ICMP, etc) are supported by a given host. This uses a clever technique designed and implemented by Gerhard Rieger . * Nmap now recognizes more than 700 operating system versions and network devices (printers, webcams, routers, etc) thanks to thousands of contributions from the user community! Many operating systems were even recognized by Nmap prior to their official release. Nmap3 also recognizes 2148 port assignments, 451 SunRPC services, and 144 IP protocols. * Added Idlescan (-sI), which bounces the scan off a "zombie" machine. This can be used to bypass certain (poorly configured) firewalls and packet filters. In addition, this is the most stealthy Nmap scan mode, as no packets are sent to the target from your true IP address. * The base Nmap package now builds and functions under Windows! It is distributed in three forms: build-it-yourself source code, a simple command-line package, or along with a nice GUI interface (NmapWin) and a fancy installer. This is due to the hard work of Ryan Permeh (from eEye), Andy Lutomirski, and Jens Vogt. * Mac OS X is now supported, as well as the latest versions of Linux, OpenBSD, Solaris, FreeBSD, and most other UNIX platforms. Nmap has also been ported to several handheld devices -- see the Related Projects page for further information. * XML output (-oX) is now available for smooth interoperability between Nmap and other tools. * Added ICMP Timestamp and Netmask ping types (-PP and -PM). These (especially timestamp) can be useful against some hosts that do not respond to normal ping (-PI) packets. Nmap still allows TCP "ping" as well. * Nmap can now detect the uptime of many hosts when the OS Scan option (-O) is used. * Several new tests have been added to make OS detection more accurate and provide more granular version information. * Removed 128.210.. addresses from Nmap man page examples due to complaints from Purdue security staff. * The --data_length option was added, allowing for longer probe packets. Among other uses, this defeats certain simplistic IDS signatures. * You can now specify distinct port UDP and TCP port numbers in a single scan command using a command like 'nmap -sSU -p U:53,111,137,T:21-25,80,139,515,6000,8080 target.com'. See the man page for more usage info. * Added mysterious, undocumented --scanflags and --fuzzy options. * Nmap now provides IPID as well as TCP ISN sequence predictability reports if you use -v and -O. * SYN scan is now the default scan type for privileged (root) users. This is usually offers greater performance while reducing network traffic. * Capitalized all references to God in error messages. * Added List scan (-sL) which enumerates targets without scanning them. * The Nmap "random IP" scanning mode is now smart enough to skip many unallocated netblocks. * Tons of more minor features, bugfixes, and portability enhancements. 2002-08-03 14:23:57 +02:00			`man/man1/nmap.1`
Updated to version 3.55. Changes: ======== - Added MAC address printing. If Nmap receives packet from a target machine which is on an Ethernet segment directly connected to the scanning machine, Nmap will print out the target MAC address. Nmap also now contains a database (derived from the official IEEE version) which it uses to determine the vendor name of the target ethernet interface. The Windows version of Nmap does not yet have this capability. If any Windows developer types are interesting in adding it, you just need to implement IPisDirectlyConnected() in tcpip.cc and then please send me the patch. Here are examples from normal and XML output (angle brackets replaced with [] for HTML changelog compatability): MAC Address: 08:00:20:8F:6B:2F (SUN Microsystems) [address addr="00:A0:CC:63:85:4B" vendor="Lite-on Communications" addrtype="mac" /] - Updated the XML DTD to support the newly printed MAC addresses. Thanks to Thorsten Holz (thorsten.holz(a)mmweg.rwth-aachen.de) for sending this patch. - Added a bunch of new and fixed service fingerprints for version detection. These are from Martin Macok (martin.macok(a)underground.cz). - Normalized many of the OS names in nmap-os-fingerprints (fixed capitalization, typos, etc.). Thanks to Royce Williams (royce(a)alaska.net) and Ping Huang (pshuang(a)alum.mit.edu) for sending patches. - Modified the mswine32/nmap_performance.reg Windows registry file to use an older and more compatable version. It also now includes the value "StrictTimeWaitSeqCheck"=dword:00000001 , as suggested by Jim Harrison (jmharr(a)microsoft.com). Without that latter value, the TcpTimedWaitDelay value apparently isn't checked. Windows users should apply the new registry changes by clicking on the .reg file. Or do it manually as described in README-WIN32. This file is also now available in the data directory at http://www.insecure.org/nmap/data/nmap_performance.reg - Applied patch from Gisle Vanem (giva(a)bgnett.no) which allows the Windows version of Nmap to work with WinPCAP 3.1BETA (and probably future releases). The Winpcap folks apparently changed the encoding of adaptor names in this release. - Fixed a ping scanning bug that would cause this error message: "nmap: targets.cc:196: int hostupdate (Target *, Target , int, int, int, timeout_info , timeval , timeval , pingtune , tcpqueryinfo *, pingstyle): Assertion `pt->down_this_block > 0' failed." Thanks to Beirne Konarski (beirne(a)neo.rr.com) for reporting the problem. - If a user attempts -PO (the letter O), print an error suggesting that they probably mean -P0 (Zero) to disable ping scanning. - Applied a couple patches (with minor changes) from Oliver Eikemeier (eikemeier(a)fillmore-labs.com) which fix an edge case relating to decoy scanning IP ranges that must be sent through different interfaces, and improves the Nmap response to certain error codes returned by the FreeBSD firewall system. The patches are from http://cvsweb.freebsd.org/ports/security/nmap/files/ . - Many people have reported this error: "checking for type of 6th argument to recvfrom()... configure: error: Cannot find type for 6th argument to recvfrom()". In most cases, the cause was a missing or broken C++ compiler. That should now be detected earlier with a clearer message. - Fixed the FTP bounce scan to better detect filered ports on the target network. - Fixed some minor bugs related to the new MAC address printing feature. - Fixed a problem with UDP-scanning port 0, which was reported by Sebastian Wolfgarten (sebastian(a)wolfgarten.com). - Applied patch from Ruediger Rissmann (RRI(a)zurich.ibm.com), which helps Nmap understand an EACCESS error, which can happen at least during IPv6 scans from certain platforms to some firewalled targets. - Renamed ACK ping scan option from -PT to -PA in the documentation. Nmap has accepted both names for years and will continue to do so. - Removed the notice that Nmap is reading target specifications from a file or stdin when you specify the -iL option. It was sometimes printed to stdout even when you wanted to redirect XML or grepable output there, because it was printed during options processing before output files were handled. This change was suggested by Anders Thulin (ath(a)algonet.se). - Added --source_port as a longer, but hopefully easier to remember, alias for -g. In other words, it tries to use the constant source port number you specify for probes. This can help against poorly configured firewalls that trust source port 20, 53, and the like. - Removed undocumented (and useless) -N option. - Fixed a version detection crash reported in excellent detail by Jedi/Sector One (j(a)pureftpd.org). - Applied patch from Matt Selsky (selsky(a)columbia.edu) which helps Nmap build with OpenSSL. - Modified the configure/build system to fix library ordering problems that prevented Nmap from building on certain platforms. Thanks to Greg A. Woods (woods(a)weird.com) and Saravanan (saravanan_kovai(a)HotPop.com) for the suggestions. - Applied a patch to Makefile.in from Scott Mansfield (thephantom(a)mac.com) which enables the use of a DESTDIR variable to install the whole Nmap directory structure under a different root directory. The configure --prefix option would do the same thing in this case, but DESTDIR is apparently a standard that package maintainers like Scott are used to. An example usage is "make DESTDIR=/tmp/packageroot". - Removed unnecessary banner printing in the non-root connect() ping scan. Thanks to Tom Rune Flo (tom(a)x86.no) for the suggestion and a patch. - Updated the headers at the top of each source file (mostly to advance the copyright year to 2004 and note that Nmap is a registered trademark). 2004-07-07 22:54:34 +02:00			`share/nmap/nmap-mac-prefixes`
Update nmap to 2.50, based on pkg/10005 by Mipam <reinoud@ibbnet.org>. Important changes since 2.12: Remote OS identification by fingerprint, recognition of RPC programs listening on the respective ports, scan timing controls, ACK/window scanning, stop/restart scans, output readability improved, and lots of bug fixes. 2000-04-29 19:32:19 +02:00			`share/nmap/nmap-os-fingerprints`
Update nmap to 3.00. Changes: * Added protocol scan (-sO), which determines what IP protocols (TCP, IGMP, GRE, UDP, ICMP, etc) are supported by a given host. This uses a clever technique designed and implemented by Gerhard Rieger . * Nmap now recognizes more than 700 operating system versions and network devices (printers, webcams, routers, etc) thanks to thousands of contributions from the user community! Many operating systems were even recognized by Nmap prior to their official release. Nmap3 also recognizes 2148 port assignments, 451 SunRPC services, and 144 IP protocols. * Added Idlescan (-sI), which bounces the scan off a "zombie" machine. This can be used to bypass certain (poorly configured) firewalls and packet filters. In addition, this is the most stealthy Nmap scan mode, as no packets are sent to the target from your true IP address. * The base Nmap package now builds and functions under Windows! It is distributed in three forms: build-it-yourself source code, a simple command-line package, or along with a nice GUI interface (NmapWin) and a fancy installer. This is due to the hard work of Ryan Permeh (from eEye), Andy Lutomirski, and Jens Vogt. * Mac OS X is now supported, as well as the latest versions of Linux, OpenBSD, Solaris, FreeBSD, and most other UNIX platforms. Nmap has also been ported to several handheld devices -- see the Related Projects page for further information. * XML output (-oX) is now available for smooth interoperability between Nmap and other tools. * Added ICMP Timestamp and Netmask ping types (-PP and -PM). These (especially timestamp) can be useful against some hosts that do not respond to normal ping (-PI) packets. Nmap still allows TCP "ping" as well. * Nmap can now detect the uptime of many hosts when the OS Scan option (-O) is used. * Several new tests have been added to make OS detection more accurate and provide more granular version information. * Removed 128.210.. addresses from Nmap man page examples due to complaints from Purdue security staff. * The --data_length option was added, allowing for longer probe packets. Among other uses, this defeats certain simplistic IDS signatures. * You can now specify distinct port UDP and TCP port numbers in a single scan command using a command like 'nmap -sSU -p U:53,111,137,T:21-25,80,139,515,6000,8080 target.com'. See the man page for more usage info. * Added mysterious, undocumented --scanflags and --fuzzy options. * Nmap now provides IPID as well as TCP ISN sequence predictability reports if you use -v and -O. * SYN scan is now the default scan type for privileged (root) users. This is usually offers greater performance while reducing network traffic. * Capitalized all references to God in error messages. * Added List scan (-sL) which enumerates targets without scanning them. * The Nmap "random IP" scanning mode is now smart enough to skip many unallocated netblocks. * Tons of more minor features, bugfixes, and portability enhancements. 2002-08-03 14:23:57 +02:00			`share/nmap/nmap-protocols`
Update nmap to 2.50, based on pkg/10005 by Mipam <reinoud@ibbnet.org>. Important changes since 2.12: Remote OS identification by fingerprint, recognition of RPC programs listening on the respective ports, scan timing controls, ACK/window scanning, stop/restart scans, output readability improved, and lots of bug fixes. 2000-04-29 19:32:19 +02:00			`share/nmap/nmap-rpc`
Update to version 3.45. Also closes PR pkg/22845 by Adrian Portelli. Changes: 3.45: ===== - Added new HTTPOptions and RTSPRequest probes suggested by MadHat (madhat(a)unspecific.com) - Integrated more service signatures from MadHat (madhat(a)unspecific.com), Brian Hatch (bri(a)ifokr.org), Niels Heinen (zillion(a)safemode.org), Solar Designer (solar(a)openwall.com), Seth Master (smaster(a)stanford.edu), and Curt Wilson (netw3_security(a)hushmail.com), - Applied a patch from Solar Eclipse (solareclipse(a)phreedom.org) which increases the allowed size of the 'extrainfo' version field from 80 characters to 128. The main benefit is to allow longer apache module version strings. - Fixed Windows compilation. - Applied some updates to README-WIN32 sent in by Kirby Kuehl (kkuehl(a)cisco.com). He improved the list of suggested registry changes and also fixed a typo or two. He also attached a .reg file automate the Nmap connect() scan performance enhancing registry changes. I am now including that with the Nmap Windows binary .zip distribution (and in mswin32/ of the source distro). - Applied a one-line patch from Dmitry V. Levin (ldv@altlinux.org) which fixes a test Nmap does during compilation to see if an existing libpcap installation is recent enough. 3.40PVT17: ========== - Wrote and posted a new paper on version scanning to http://www.insecure.org/nmap/versionscan.html . Updated nmap-service-probes and the Nmap man page to simply refer to this URL. - Integrated more service signatures from my own scanning as well as contributions from Brian Hatch (bri(a)ifokr.org), MadHat (madhat(a)unspecific.com), Max Vision (vision(a)whitehats.com), HD Moore (hdm(a)digitaloffense.net), Seth Master (smaster(a)stanford.edu), and Niels Heinen (zillion(a)safemode.org). MadHat also contributed a new probe for Windows Media Service. Many people set a LOT of signatures, which has allowed nmap-service-probes to grow from 295 to 356 signatures representing 85 service protocols! - Applied a patch (with slight changes) from Brian Hatch (bri(a)ifokr.org) which enables caching of SSL sessions so that negotiation doesn't have to be repeated when Nmap reconnects to the same between probes. - Applied a patch from Brian Hatch (bri@ifokr.org) which optimizes the requested SSL ciphers for speed rather than security. The list was based on empirical evidence from substantial benchmarking he did with tests that resemble nmap-service-scanning. - Updated the Nmap man page to discuss the new version scanning options (-sV, -A). - I now include nmap-version/aclocal.m4 in the distribution as this is required to rebuild the configure script ( thanks to Dmitry V. Levin (ldv(a)altlinux.org) for notifying me of the problem. - Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which detects whether the PCRE include file is <pcre.h> or <pcre - Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which fixes typos in some error messages. The patch apparently came from the highly-secure and stable Owl and Alt Linux distributions. Check them out at http://www.openwall.com/Owl/ and http://www.altlinux.com/ - Fixed compilation on Mac OS X - thanks to Brian Hatch (bri(a)ifokr.org> and Ryan Lowe (rlowe(a)pablowe.net) for giving me access to Mac OS X boxes. - Stripped down libpcre build system to remove libtool dependency and other cruft that Nmap doesn't need. (this was mostly a response to libtool-related issues on Mac OS X). - Added a new --version_trace option which causes Nmap to print out extensive debugging info about what version scanning is doing (this is a subset of what you would get with --packet_trace). You should usually use this in combination with at least one -d option. - Fixed a port number printing bug that would cause Nmap service fingerprints to give a negative port number when the actual port was above 32K. Thanks to Seth Master (smaster@stanford.edu) for finding this. - Updated all the header text again to clarify our interpretation of "derived works" after some suggestions from Brian Hatch (bri(a)ifokr.org) - Updated the Nsock config.sub/config.guess to the same newer versions that Nmap uses (for Mac OS X compilation). 3.40PVT16: ========== - Fixed a compilation problem on systems w/o OpenSSL that was discovered by Solar Designer. I also fixed some compilation problems on non-IPv6 systems. It now compiles and runs on my Solaris and ancient OpenBSD systems. - Integrated more services thanks to submissions from Niels Heinen (zillion(a)safemode.org). - Canonicalized the headers at the top of each Nmap/Nsock header src file. This included clarifying our interpretation of derived works, updating the copyright date to 2003, making the header a bit wider, and a few other light changes. I've been putting this off for a while, because it required editing about a hundred !#$# files! 3.40PVT15: ========== - Fixed a major bug in the Nsock time caching system. This could cause service detection to inexplicably fail against certain ports in the second or later machines scanned. Thanks to Solar Designer and HD Moore for helping me track this down. - Fixed some BSD compilation bugs found by Zillion (zillion(a)safemode.org). - Integrated more services thanks to submissions from Fyodor Yarochkin (fygrave(a)tigerteam.net), and Niels Heinen (zillion(a)safemode.org), and some of my own exploring. There are now 295 signatures. - Fixed a compilation bug found by Solar Designer on machines that don't have struct sockaddr_storage. Nsock now just uses "struct sockaddr " like connect() does. - Fixed a bug found by Solar Designer which would cause the Nmap portscan table to be truncated in -oN output files if the results are very long. - Changed a bunch of large stack arrays (e.g. int portlookup[65536]) into dynamically allocated heap pointers. The large stack variables apparently caused problems on some architectures. This issue was reported by osamah abuoun (osamah_abuoun(a)hotmail.com). 3.40PVT14: ========== - Added IPv6 support for service scan. - Added an 'sslports' directive to nmap-service-probes. This tells Nmap which service checks to try first for SSL-wrapped ports. The syntax is the same as the normal 'ports' directive for non-ssl ports. For example, the HTTP probe has an 'sslports 443' line and SMTP-detecting probes have and 'sslports 465' line. - Integrated more services thanks to submissions from MadHat (madhat(a)unspecific.com), Solar Designer (solar(a)openwall.com), Dug Song (dugsong(a)monkey.org), pope(a)undersec.com, and Brian Hatch (bri(a)ifokr.org). There are now 288 signatures, matching these 65 service protocols: chargen cvspserver daytime domain echo exec finger font-service ftp ftp-proxy http http-proxy hylafax ident ident imap imaps ipp ircbot ircd irc-proxy issrealsecure landesk-rc ldap meetingmaker microsoft-ds msrpc mud mysql ncacn_http ncp netbios-ns netbios-ssn netsaint netwareip nntp nsclient oracle-tns pcanywheredata pop3 pop3s postgres printer qotd redcarpet rlogind rpc rsync rtsp shell smtp snpp spamd ssc-agent ssh ssl telnet time upnp uucp vnc vnc-http webster whois winshell X11 - Added a Lotus Notes probe from Fyodor Yarochkin (fygrave(a)tigerteam.net). - Dug Song wins the "award" for most obscure service fingerprint submission. Nmap now detects Dave Curry's Webster dictionary server from 1986 :). - Service fingerprints now include a 'T=SSL' attribute when SSL tunneling was used. - More portability enhancements thanks to Solar Designer and his Linux 2.0 libc5 boxes. - Applied a patch from Gisle Vanem (giva(a)bgnett.no) which improves Windows emulation of the UNIX mmap() and munmap() memory mapping calls. 3.40PVT13: ========== - Added SSL-scan-through support. If service detection finds a port to be SSL, it will transparently connect to the port using OpenSSL and use version detection to determine what service lies beneath. This feature is only enabled if OpenSSL is available at build time. A new --with-openssl=DIR configure option is available if OpenSSL is not in your default compiler paths. You can use --without-openssl to disable this functionality. Thanks to Brian Hatch (bri(a)ifokr.org) for sample code and other assistance. Make sure you use a version without known exploitable overflows. In particular, versions up to and including OpenSSL 0.9.6d and 0.9.7-beta2 contained serious vulnerabilities described at http://www.openssl.org/news/secadv_20020730.txt . Note that these vulnerabilities are well over a year old at the time of this writing. - Integrated many more services thanks to submissions from Brian Hatch, HellNBack ( hellnbak(a)nmrc.org ), MadHat, Solar Designer, Simple Nomad, and Shawn Wallis (swallis(a)ku.edu). The number of signatures has grown from 242 to 271. Thanks! - Integrated Novell Netware NCP and MS Terminal Server probes from Simple Nomad (thegnome(a)nmrc.org). - Fixed a segfault found by Solar Designer that could occur when scanning certain "evil" services. - Fixed a problem reported by Solar Designer and MadHat ( madhat(a)unspecific.com ) where Nmap would bail when certain Apache version/info responses were particularly long. It could happen in other cases as well. Now Nmap just prints a warning. - Fixed some portability issues reported by Solar Designer ( solar(a)openwall.com ) 3.40PVT12: ========== - I added probes for SSL (session startup request) and microsoft-ds (SMB Negotiate Protocol request). - I changed the default read timeout for a service probe from 7.5s to 5s. - Fixed a one-character bug that broke many scans when -sV was NOT given. Thanks to Blue Boar (BlueBoar(a)thievco.com) for the report. 3.40PVT11: ========== - Integrated many more services thanks to submissions from Simple Nomad, Solar Designer, jerickson(a)inphonic.com, Curt Wilson, and Marco Ivaldi. Thanks! The match line count has risen from 201 to 242. - Implemented a service classification scheme to separate the vendor/product name from the version number and any extra info that is provided. Instead of v/[big version string]/, the new match lines include v/[vendor/productname]/[version]/[extrainfo]/ . See the docs at the top of nmap-service-probes for more info. This doesn't change the normal output (which lumps them together anyway), but they are separate in the XML so that higher-level programs can easily match against just a product name. Here are a few examples of the improved service element: <service name="ssh" product="OpenSSH" version="3.1p1" extrainfo="protocol 1.99" method="probed" conf="10" /> <service name="domain" product="ISC Bind" version="9.2.1" method="probed" conf="10" /> <state state="open" /><service name="rpcbind" version="2" extrainfo="rpc #100000" method="probed" conf="10" /> <service name="rndc" method="table" conf="3" /> - I went through nmap-service-probes and added the vendor name to more entries. I also added the service name where the product name itself didn't make that completely obvious. - SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken to an extortion campaign of demanding license fees from Linux users for code that they themselves knowingly distributed under the terms of the GNU GPL. They have also refused to accept the GPL, claiming that some preposterous theory of theirs makes it invalid. Meanwhile they have distributed GPL-licensed Nmap in (at least) their "Supplemental Open Source CD". In response to these blatant violations, and in accordance with section 4 of the GPL, we hereby terminate SCO's rights to redistribute any versions of Nmap in any of their products, including (without limitation) OpenLinux, Skunkware, OpenServer, and UNIXWare. 3.40PVT10: ========== - Added "soft matches". These are similar to normal match lines in that they provide a regex for recognizing a service (but no version). But instead of stopping at softmatch service recognition, the scan continues looking for more info. It only launches probes that are known-capable of matching the softmatched service. If no version number is found, at least the determined service is printed. A service print for submission is also provided in that case. So this provides more informative results and improves efficiency. - Cleaned up the Windows support a bit and did more testing and fixing. Windows service detection seems to be working fine for me now, although my testing is still pretty limited. This release includes a Windows binary distribution and the README-WIN32 has been updated to reflect new compilation instructions. - More service fingerprints! Thanks to Solar Designer, Max Vision, Frank Denis (Jedi/Sector One) for the submissions. I also added a bunch from my own testing. The number of match lines went from 179 to 201. - Updated XML output to handle new version and service detection information. Here are a few examples of the new output: <port protocol="tcp" portid="22"><state state="open" /><service name="ssh" version="OpenSSH 3.1p1 (protocol 1.99)" method="probed" conf="10" /></port> <port protocol="tcp" portid="111"><state state="open" /><service name="rpcbind" version="2 (rpc #100000)" method="probed" conf="10" /></port> <port protocol="tcp" portid="953"><state state="open" /><service name="rndc" method="table" conf="3" /></port> - Fixed issue where Nmap would quit when ECONNREFUSED was returned when we try to read from an already-connected TCP socket. FreeBSD does this for some reason instead of giving ECONNRESET. Thanks to Will Saxon (WillS(a)housing.ufl.edu) for the report. - Removed the SERVICEMATCH_STATIC match type from nmap-service-probes. There wasn't much benefit of this over regular expressions, so it isn't worth maintaining the extra code. 3.40PVT9: ========= - Added/fixed numerous service fingerprints thanks to submissions from Max Vision, MadHat, Seth Master. Match lines went from 164 to 179. - The Winpcap libraries used in the Windows build process have been upgraded to version 3.0. - Most of the Windows port is complete. It compiles and service scan works (I didn't test very deeply) on my WinXP box with VS.Net 2003. I try to work out remaining kinks and do some cleanup for the next version. The Windows code was restructured and improved quite a bit, but much more work remains to be done in that area. I'll probably do a Windows binary .zip release of the next version. - Various minor fixes 3.40PVT8: ========= - Service scan is now OFF by default. You can activate it with -sV. Or use the snazzy new -A (for "All recommended features" or "Aggressive") option which turns on both OS detection and service detection. - Fixed compilation on my ancient OpenBSD 2.3 machine (a Pentium 60 :) - Added/fixed numerous service fingerprints thanks to submissions from Brian Hatch, HD Moore, Anand R., and some of my own testing. The number of match lines in this version grows from 137 to 164! Please keep 'em coming! - Various important and not-so-important fixes for bugs I encountered while test scanning. - The RPC grinder no longer prints a startup message if it has no RPC-detected ports to scan. - Some of the service fingerprint length limitations are relaxed a bit if you enable debugging (-d). 3.40PVT7: ========= - Added a whole bunch of services submitted by Brian Hatch (bri(a)ifokr.org). I also added a few Windows-related probes. Nmap-service-probes has gone from 101 match strings to 137. Please keep the submissions coming. - The question mark now only appears for ports in the OPEN state and when service detection was requested. - I now print a separator bar between service fingerprints when Nmap prints more than one for a given host so that users understand to submit them individually (suggested by Brian Hatch (bri(a)ifokr.org)) - Fixed a bug that would cause Nmap to print "empty" service fingerprints consisting of just a semi-colon. Thanks to Brian Hatch (bri(a)ifokr.org) for reporting this. 3.40PVT6: ========= - Banner-scanned hundreds of thousands of machines for ports 21,23,25,110,3306 to collect default banners. Where the banner made the service name/version obvious, I integrated them into nmap-service-probes. This increased the number of 'match' lines from 27 to more than 100. - Created the service fingerprint submission page at http://www.insecure.org/cgi-bin/servicefp-submit.cgi - Changed the service fingerprint format slightly for easier processing by scripts. - Applied a large portability patch from Albert Chin-A-Young (china(a)thewrittenword.com). This cleans up a number of things, particularly for IRIX, Tru64, and Solaris. - Applied NmapFE patch from Peter Marschall (peter(a)adpm.de) which "makes sure changes in the relay host and scanned port entry fields are displayed immediately, and also keeps the fields editable after de- and reactivating them." 3.40PVT4: ========= - Limited the size of service fingerprints to roughly 1024 bytes. This was suggested by Niels Heinen (niels(a)heinen.ws), because the previous limit was excessive. The number of fingerprints printed is also now limited to 10. - Fixed a segmentation fault that could occur when ping-scanning large networks. - Fixed service scan to gracefully handle host_timeout occurrences when they happen during a service scan. - Fixed a service_scan bug that would cause an error when hosts send data and then close() during the NULL probe (when we haven't sent anything). - Applied a patch from Solar Designer (solar(a)openwall.com) which corrects some errors in the Russian man page translation and also a couple typos in the regular man page. Then I spell-checked the man page to reduce future instances of foreigners sending in diffs to correct my English :). 3.40PVT3: ========= - Nmap now prints a "service fingerprint" for services that it is unable to match despite returning data. The web submission page it references is not yet available. - Service detection now does RPC grinding on ports it detects to be running RPC. - Fixed a bug that would cause Nmap to quit with an Nsock error when --host_timeout was used (or when -T5 was used, which sets it implicitly). - Fixed a bug that would cause Nmap to fail to print the OS fingerprint in certain cases. Thanks to Ste Jones (root(a)networkpenetration.com) for the problem report. 3.40PVT2: ========= - Nmap now has a simple VERSION detection scheme. The 'match' lines in nmap-service-probes can specify a template version string (referencing subexpression matches from the regex in a perl-like manner) so that the version is determined at the same time as the service. This handles many common services in a highly efficient manner. A more complex form of version detection (that initiates further communication w/the target service) may be necessary eventually to handle services that aren't as forthcoming with version details. - The Nmap port state table now wastes less whitespace due to using a new and stingy NmapOutputTable class. This makes it easier to read, and also leaves more room for version info and possibly other enhancements. - Added 's' option to match lines in nmap-service-probes. Just as with the perl 's' option, this one causes '.' in the regular expression to match any character INCLUDING newline. - The WinPcap header timestamp is no longer used on Windows as it sometimes can be a couple seconds different than gettimeofday() (which is really _ftime() on Windows) for some reason. Thanks to Scott Egbert (scott.egbert(a)citigroup.com) for the report. - Applied a patch by Matt Selsky (selsky(a)columbia.edu) which fixes configure.in in such a way that the annoying header file "present but cannot be compiled" warning for Solaris. - Applied another patch from Matt that (we hope) fixes the "present but cannot be compiled" warning -- this time for Mac OS X. - Port table header names are now capitalized ("SERVICE", "PORT", etc) 3.40PVT1: ========= - Initial implementation of service detection. Nmap will now probe ports to determine what is listening, rather than guessing based on the nmap-services table lookup. This can be very useful for services on unidentified ports and for UDP services where it is not always clear (without these probes) whether the port is really open or just firewalled. It is also handy for when services are run on the well-known-port of another protocol -- this is happening more and more as users try to circumvent increasingly strict firewall policies. - Nmap now uses the excellent libpcre (Perl Compatible Regular Expressions) library from http://www.pcre.org/ . Many systems already have this, otherwise Nmap will use the copy it now includes. If your libpcre is hidden away in some nonstandard place, give ./configure the new --with-libpcre=DIR directive. - Nmap now uses the C++ Standard Template Library (STL). This makes programming easier, but if it causes major portability or bloat problems, I'll reluctantly remove it. - Applied a patch from Javier Kohen (jkohen(a)coresecurity.com) which normalizes the names of many Microsoft entries in the nmap-os-fingerprints file. - Applied a patch by Florin Andrei (florin(a)sgi.com) to the Nmap RPM spec file. This uses the 'Epoch' flag to prevent the Redhat Network tool from marking my RPMs as "obsolete" and "upgrading" to earlier Redhat-built versions. A compilation flag problem is also fixed. 2003-09-20 16:15:27 +02:00			`share/nmap/nmap-service-probes`
Update nmap to 3.00. Changes: * Added protocol scan (-sO), which determines what IP protocols (TCP, IGMP, GRE, UDP, ICMP, etc) are supported by a given host. This uses a clever technique designed and implemented by Gerhard Rieger . * Nmap now recognizes more than 700 operating system versions and network devices (printers, webcams, routers, etc) thanks to thousands of contributions from the user community! Many operating systems were even recognized by Nmap prior to their official release. Nmap3 also recognizes 2148 port assignments, 451 SunRPC services, and 144 IP protocols. * Added Idlescan (-sI), which bounces the scan off a "zombie" machine. This can be used to bypass certain (poorly configured) firewalls and packet filters. In addition, this is the most stealthy Nmap scan mode, as no packets are sent to the target from your true IP address. * The base Nmap package now builds and functions under Windows! It is distributed in three forms: build-it-yourself source code, a simple command-line package, or along with a nice GUI interface (NmapWin) and a fancy installer. This is due to the hard work of Ryan Permeh (from eEye), Andy Lutomirski, and Jens Vogt. * Mac OS X is now supported, as well as the latest versions of Linux, OpenBSD, Solaris, FreeBSD, and most other UNIX platforms. Nmap has also been ported to several handheld devices -- see the Related Projects page for further information. * XML output (-oX) is now available for smooth interoperability between Nmap and other tools. * Added ICMP Timestamp and Netmask ping types (-PP and -PM). These (especially timestamp) can be useful against some hosts that do not respond to normal ping (-PI) packets. Nmap still allows TCP "ping" as well. * Nmap can now detect the uptime of many hosts when the OS Scan option (-O) is used. * Several new tests have been added to make OS detection more accurate and provide more granular version information. * Removed 128.210.. addresses from Nmap man page examples due to complaints from Purdue security staff. * The --data_length option was added, allowing for longer probe packets. Among other uses, this defeats certain simplistic IDS signatures. * You can now specify distinct port UDP and TCP port numbers in a single scan command using a command like 'nmap -sSU -p U:53,111,137,T:21-25,80,139,515,6000,8080 target.com'. See the man page for more usage info. * Added mysterious, undocumented --scanflags and --fuzzy options. * Nmap now provides IPID as well as TCP ISN sequence predictability reports if you use -v and -O. * SYN scan is now the default scan type for privileged (root) users. This is usually offers greater performance while reducing network traffic. * Capitalized all references to God in error messages. * Added List scan (-sL) which enumerates targets without scanning them. * The Nmap "random IP" scanning mode is now smart enough to skip many unallocated netblocks. * Tons of more minor features, bugfixes, and portability enhancements. 2002-08-03 14:23:57 +02:00			`share/nmap/nmap-services`
Updated to version 3.80 Changes: - Nmap now ships with and installs (in the same directory as other data files such as nmap-os-fingerprints) an XSL stylesheet for rendering the XML output as HTML. This stylesheet was written by Benjamin Erb ( see http://www.benjamin-erb.de/nmap/ for examples). It supports tables, version detection, color-coded port states, and more. The XML output has been augmented to include an xml-stylesheet directive pointing to nmap.xsl on the local filesystem. You can point to a different XSL file by providing the filename or URL to the new --stylesheet argument. Omit the xml-stylesheet directive entirely by specifying --no-stylesheet. The XML to HTML conversion can be done with an XSLT processor such as Saxon, Sablot, or Xalan, but modern browsers can do this on the fly -- simply load the XML output file in IE or Firefox. Some features don't currently work with Firefox's on-the-fly rendering. Perhaps some Mozilla wizard can fix that in either the XSL or the browser itself. I hate having things work better in IE :). It is often more convenient to have the stylesheet loaded from a URL rather than the local filesystem, allowing the XML to be rendered on any machine regardless of whether/where the XSL is installed. For privacy reasons (avoid loading of an external URL when you view results), Nmap uses the local filesystem by default. If you would like the latest version of the stylesheet load from the web when rendering, specify --stylesheet http://www.insecure.org/nmap/data/nmap.xsl . - Fixed fragmentation option (-f). One -f now sets sends fragments with just 8 bytes after the IP header, while -ff sends 16 bytes to reduce the number of fragments needed. You can specify your own fragmentation offset (must be a multiple of 8) with the new --mtu flag. Don't also specify -f if you use --mtu. Remember that some systems (such as Linux with connection tracking) will defragment in the kernel anyway -- so test first while sniffing with ethereal. These changes are from a patch by Martin Macok (martin.macok(a)underground.cz). - Nmap now prints the number (and total bytes) of raw IP packets sent and received when it completes, if verbose mode (-v) is enabled. The report looks like: Nmap finished: 256 IP addresses (3 hosts up) scanned in 30.632 seconds Raw packets sent: 7727 (303KB) \| Rcvd: 6944 (304KB) - Fixed (I hope) an error which would cause the Windows version of Nmap to abort under some circumstances with the error message "Unexpected error in NSE_TYPE_READ callback. Error code: 10053 (Unknown error)". Problem reported by "Tony Golding" (biz(a)tonygolding.com). - Added new "closed\|filtered" state. This is used for Idlescan, since that scan method can't distinguish between those two states. Nmap previously just used "closed", but this is more accurate. - Null, FIN, Maimon, and Xmas scans now mark ports as "open\|filtered" instead of "open" when they fail to receive any response from the target port. After all, it could just as easily be filtered as open. This is the same change that was made to UDP scan in 3.70. Also as with UDP scan, adding version detection (-sV) will change the state from open\|filtered to open if it confirms that they really are open. - Fixed a bug in ACK scan that could cause Nmap to crash with the message "Unexpected port state: 6" in some cases. Thanks to Glyn Geoghegan (glyng(a)corsaire.com) for reporting the problem. - Change IP protocol scan (-sO) so that a response from the target host in any protocol at all will prove that protocol is open. As before, no response means "open\|filtered", an ICMP protocol unreachable means "closed", and most other ICMP error messages mean "filtered". - Patched a Winpcap issue that prevented read timeouts from being honored on Solaris (thus slowing down Nmap substantially). The problem report and patch were sent in by Ben Harris (bjh21(a)cam.ac.uk). - Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and UDP headers when scanning protocols 1, 6, and 17, respectively. An empty IP header is still sent for all other protocols. This should prevent the error messages such as "sendto in send_ip_packet: sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not permitted" that Linux (and perhaps other systems) would give when they try to interpret the raw packet. This also makes it more likely that these protocols will elicit a response, proving that the protocol is "open". - The windows build now uses header and static library files from Winpcap 3.1Beta4. It also now prints out the DLL version you are using when run with -d. I would recommend upgrading to 3.1Beta4 if you have an older Winpcap installed. - Added an NTP probe and matches to the version detection database (nmap-service-probes) thanks to a submission from Martin Macok (martin.macok@underground.cz). - Applied several Nmap service detection database updates sent in by Martin Macok (martin.macok(a)underground.cz). 2005-02-06 22:56:11 +01:00			`share/nmap/nmap.dtd`
			`share/nmap/nmap.xsl`
Update nmap to 2.50, based on pkg/10005 by Mipam <reinoud@ibbnet.org>. Important changes since 2.12: Remote OS identification by fingerprint, recognition of RPC programs listening on the respective ports, scan timing controls, ACK/window scanning, stop/restart scans, output readability improved, and lots of bug fixes. 2000-04-29 19:32:19 +02:00			`@dirrm share/nmap`