pkgsrc/net/nmap/Makefile

65 lines
2.1 KiB
Makefile
Raw Normal View History

2014-10-20 00:27:43 +02:00
# $NetBSD: Makefile,v 1.123 2014/10/19 22:27:47 alnsn Exp $
1999-01-15 01:08:53 +01:00
Changes 6.47: o Integrated all of your IPv4 OS fingerprint submissions since June 2013 (2700+ of them). Added 366 fingerprints, bringing the new total to 4485. Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2, OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved. Highlights: http://seclists.org/nmap-dev/2014/q3/325 o (Windows) Upgraded the included OpenSSL to version 1.0.1i. o (Windows) Upgraded the included Python to version 2.7.8. o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This was added in 6.45, and resulted in trouble for Nmap XML parsers without network access, as well as increased traffic to Nmap's servers. The doctype is now: <!DOCTYPE nmaprun> o [Ndiff] Fixed the installation process on Windows, which was missing the actual Ndiff Python module since we separated it from the driver script. o [Ndiff] Fixed the ndiff.bat wrapper in the zipfile Windows distribution, which was giving the error, "\Microsoft was unexpected at this time." See https://support.microsoft.com/kb/2524009 o [Zenmap] Fixed the Zenmap .dmg installer for OS X. Zenmap failed to launch, producing this error: Could not import the zenmapGUI.App module: 'dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so, 2): Library not loaded: /Users/david/macports-10.5/lib/libffi.5.dylib\n Referenced from: /Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so\n Reason: image not found'. o [Ncat] Fixed SOCKS5 username/password authentication. The password length was being written in the wrong place, so authentication could not succeed. o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts this to the string "(null)", but it caused segfault on Solaris. o [Zenmap][Ndiff] Avoid crashing when users have the antiquated PyXML package installed. Python tries to be nice and loads it when we import xml, but it isn't compatible. Instead, we force Python to use the standard library xml module. o Handle ICMP admin-prohibited messages when doing service version detection. Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ callback. Error code: 101 (Network is unreachable) o [NSE] Fix a bug causing http.head to not honor redirects. o [Zenmap] Fix a bug in DiffViewer causing this crash: TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only buffer, not NmapParserSAX Crash happened when trying to compare two scans within Zenmap.
2014-09-05 13:51:41 +02:00
DISTNAME= nmap-6.47
2014-10-20 00:27:43 +02:00
PKGREVISION= 1
CATEGORIES= net security
Update to 5.00 Fix for PR#41506 Fix missing @dirrm entries from PLIST* Before we go into the detailed changes, here are the top 5 improvements in Nmap 5: 1. The new Ncat tool aims to be your Swiss Army Knife for data transfer, redirection, and debugging. We released a whole users' guide detailing security testing and network administration tasks made easy with Ncat. 2. The addition of the Ndiff scan comparison tool completes Nmap's growth into a whole suite of applications which work together to serve network administrators and security practitioners. Ndiff makes it easy to automatically scan your network daily and report on any changes (systems coming up or going down or changes to the software services they are running). The other two tools now packaged with Nmap itself are Ncat and the much improved Zenmap GUI and results viewer. 3. Nmap performance has improved dramatically. We spent last summer scanning much of the Internet and merging that data with internal enterprise scan logs to determine the most commonly open ports. This allows Nmap to scan fewer ports by default while finding more open ports. We also added a fixed-rate scan engine so you can bypass Nmap's congestion control algorithms and scan at exactly the rate (packets per second) you specify. 4. We released Nmap Network Scanning, the official Nmap guide to network discovery and security scanning. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. More than half the book is available in the free online edition. 5. The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. All existing scripts have been improved, and 32 new ones added. New scripts include a whole bunch of MSRPC/NetBIOS attacks, queries, and vulnerability probes; open proxy detection; whois and AS number lookup queries; brute force attack scripts against the SNMP and POP3 protocols; and many more. All NSE scripts and modules are described in the new NSE documentation portal. Details are here: http://nmap.org/changelog.html
2009-07-20 21:40:08 +02:00
MASTER_SITES= http://nmap.org/dist/
Updated to version 3.25. Based on a patch sent by Simon Hitzemann via PR pkg/21245. Changes: - fetch .tar.bz2 files - UDP-based "ping" scanning (-PU) has been added. Works like -PS and -PA - "Assertion `pt->down_this_block > 0' failed" seems to be fixed now. - GCC dependency reported by Ayamura Kikuchi has been fixed. - "assertion failure" after --max_rtt_timeout < 3000 has been fixed. - Packet receive times are now taken from libpcap which improves performance a bit. - Fixed a bug that ignored RST responses while using -PS or -PA - Ping scan performance improved when many instances of Nmap are executed concurrently. - Fixed a problem that caused BSD Make to bail out (never noticed that on NetBSD). - Fixed a divide by zero error when nonroot users requested ICMP pings. Now it prints a warning and uses TCP connect() ping. - Nmap is now a bit more tolerant of corrupt nmap-services and nmap-protocols. - Some portnumbers have been added. - --packet_trace support for Windows added. - Removed superfluous "addport" line in XML output. - wintcpip.cc and tcpip.cc have been merged into tcpip.cc - Fixed assertion failure crashes related to combining port 0 scans and OS scan. - Compilation problems on systems without IPv6 support have been fixed. - Applied patch from Jochen Erwied which fixes the format strings used for printing certain timestamps. - Upgraded to autoconf 2.57 - Renamed configure.ac to configure.in - Changed the wording of NmapFE Gnome entries to better-comply with Gnome's Human Interface Guidelines.
2003-04-22 12:32:24 +02:00
EXTRACT_SUFX= .tar.bz2
1999-02-18 17:40:50 +01:00
Nmap 5.35DC1 [2010-07-16] Some of the highlights are: o [NSE] Added more scripts, bringing the total to 131! o Performed a major OS detection integration run. o Performed a large version detection integration run. o [Zenmap] Added the ability to print Nmap output to a printer. o [Nmap, Ncat, Nping] The default unit for time specifications is now seconds, not milliseconds, and times may have a decimal point. o Ports are now considered open during a SYN scan if a SYN packet (without the ACK flag) is received in response. o [Ncat] In listen mode, the --exec and --sh-exec options now accept a single connection and then exit, just like in normal listen mode. o UDP payloads are now stored in an external data file, nmap-payloads, instead of being hard-coded in the executable. o Added a new library, libnetutil, which contains about 2,700 lines of networking related code which is now shared between Nmap and Nping o Improved service detection match lines. o Improved our brute force password guessing list by mixing in some data sent in by Solar Designer of John the Ripper fame. o [Zenmap] IP addresses are now sorted by octet rather than their string representation. o [Ncat] When receiving a connection/datagram in listen mode, Ncat now prints the connecting source port along with the IP address. o Added EPROTO to the list of known error codes in service scan. o Updated IANA IP address space assignment list for random IP (-iR) generation. o Zenmap's "slow comprehensive scan profile" has been modified to use the best 7-probe host discovery combination we were able to find in extensive empirical testing o Zenmap now lets you save scan results in normal Nmap text output format or (as before) as XML. o [NSE] Raw packet sending at the IP layer is now supported, in addition to the existing Ethernet sending functionality. o Nmap now honors routing table entries that override interface addresses and netmasks. o [Ncat] The HTTP proxy server now accepts client connections over SSL, and added support for HTTP digest authentication of proxies, as both client and server. o Improved the MIT Kerberos version detection signatures. Plus many bugfixes and improvements. For full changelog, see http://nmap.org/changelog.html
2010-07-22 22:46:29 +02:00
MAINTAINER= pettai@NetBSD.org
HOMEPAGE= http://insecure.org/nmap/
COMMENT= Network/port scanner with OS detection
LICENSE= gnu-gpl-v2
1999-01-15 01:08:53 +01:00
2012-02-24 16:05:34 +01:00
BUILDLINK_API_DEPENDS.libpcap+= libpcap>=1.0.0
BUILDLINK_API_DEPENDS.libpcre+= libpcre>=7.6
BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.8
Update to version 4.20 Changes: 4.20 o Integrated the latest OS fingerprint submissions. The 2nd generation DB size has grown to 231 fingerprints. Please keep them coming! New fingerprints include Mac OS X Server 10.5 pre-release, NetBSD 4.99.4, Windows NT, and much more. o Fixed a segmentation fault in the new OS detection system which was reported by Craig Humphrey and Sebastian Garcia. o Fixed a TCP sequence prediction difficulty indicator bug. The index is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD). But some systems generated ISNs so insecurely that Nmap went berserk and reported a negative difficulty index. This generally only affects some printers, crappy cable modems, and Microsoft Windows (old versions). Thanks to Sebastian Garcia for helping me track down the problem. 4.20RC2 o Integrated all of your OS detection submissions since RC1. The DB has increased 13% to 214 fingerprints. Please keep them coming! New fingerprints include versions of z/OS, OpenBSD, Linux, AIX, FreeBSD, Cisco CatOS, IPSO firewall, and a slew of printers and misc. devices. We also got our first Windows 95 fingerprint, submitted anonymously of course :). o Fixed (I hope) the "getinterfaces: intf_loop() failed" error which was seen on Windows Vista. The problem was apparently in intf-win32.c of libdnet (need to define MIB_IF_TYPE_MAX to MAX_IF_TYPE rather than 32). Thanks to Dan Griffin (dan(a)jwsecure.com) for tracking this down! o Applied a couple minor bug fixes for IP options support and packet tracing. Thanks to Michal Luczaj (regenrecht(a)o2.pl) for reporting them. o Incorporated SLNP (Simple Library Network Protocol) version detection support. Thanks to Tibor Csogor (tibi(a)tiborius.net) for the patch. 4.20RC1 o Fixed (I hope) a bug related to Pcap capture on Mac OS X. Thanks to Christophe Thil for reporting the problem and to Kurt Grutzmacher and Diman Todorov for helping to track it down. o Integrated all of your OS detection submissions since ALPHA11. The DB has increased 27% to 189 signatures. Notable additions include the Apple Airport Express, Windows Vista RC1, OpenBSD 4.0, a Sony TiVo device, and tons of broadband routers, printers, switches, and Linux kernels. Keep those submissions coming! o Upgraded the included LibPCRE from version 6.4 to 6.7. Thanks to Jochen Voss (voss(a)seehuhn.de) for the suggestion (he found some bugs in 6.4) 4.20ALPHA11 o Integrated all of your OS detection submissions, bringing the database up to 149 fingerprints. This is an increase of 28% from ALPHA10. Notable additions include FreeBSD 6.1, a bunch of HP LaserJet printers, and HP-UX 11.11. We also got a bunch of more obscure submissions like Minix 3.1.2a and "Ember InSight Adapter for programming EM2XX-family embedded devices". Who doesn't have a few of those laying around? I'm hoping that all the obscure submissions mean that more of the mainstream systems are being detected out of the box! Please keep those submissions (obscure or otherwise) coming! 4.20ALPHA10 o Integrated tons of new OS fingerprints. The DB now contains 116 fingerprints, which is up 63% since the previous version. Please keep the submissions coming! 4.20ALPHA9 o Integrated the newly submitted OS fingerprints. The DB now contains 71 fingerprints, up 27% from 56 in ALPHA8. Please keep them coming! We still only have 4.2% as many fingerprints as the gen1 database. o Added the --open option, which causes Nmap to show only open ports. Ports in the states "open|closed" and "unfiltered" might be open, so those are shown unless the host has an overwhelming number of them. o Nmap gen2 OS detection used to always do 2 retries if it fails to find a match. Now it normally does just 1 retry, but does 4 retries if conditions are good enough to warrant fingerprint submission. This should speed things up on average. A new --max-os-tries option lets you specify a higher lower maximum number of tries. o Added --unprivileged option, which is the opposite of --privileged. It tells Nmap to treat the user as lacking network raw socket and sniffing privileges. This is useful for testing, debugging, or when the raw network functionality of your operating system is somehow broken. o Fixed a confusing error message which occured when you specified a ping scan or list scan, but also specified -p (which is only used for port scans). Thanks to Thomas Buchanan for the patch. o Applied some small cleanup patches from Kris Katterjohn 4.20ALPHA8 o Integrated the newly submitted OS fingerprints. The DB now contains 56, up 33% from 42 in ALPHA7. Please keep them coming! We still only have 3.33% as many signatures as the gen1 database. o Nmap 2nd generation OS detection now has a more sophisticated mechanism for guessing a target OS when there is no exact match in the database (see http://insecure.org/nmap/osdetect/osdetect-guess.html ) o Rewrote mswin32/nmap.rc to remove cruft and hopefully reduce some MFC-related compilation problems we've seen. Thanks to KX (kxmail(a)gmail.com) for doing this. o NmapFE now uses a spin button for verbosity and debugging options so that you can specify whatever verbosity (-v) or debugging (-d) level you desire. The --randomize-hosts option was also added to NmapFE. Thanks to Kris Katterjohn for the patches. o A dozen or so small patches to Nmap and NmapFE by Kris Katterjohn. o Removed libpcap/Win32 and libpcap/msdos as Nmap doesn't use them. This reduces the Nmap tar.bz2 by about 50K. Thanks to Kris Katterjohn for the suggestion. 4.20ALPHA7 o Did a bunch of Nmap 2nd generation fingerprint integration work. Thanks to everyone who sent some in, though we still need a lot more. Also thanks to Zhao for a bunch of help with the integration tools. 4.20ALPHA6 had 12 fingerprints, this new version has 42. The old DB (still included) has 1,684. o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE (http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006. Also added the unregistered PearPC virtual NIC prefix, as suggested by Robert Millan (rmh(a)aybabtu.com). o Applied some small internal cleanup patches by Kris Katterjohn. 4.20ALPHA6 o Fixed a bug in 2nd generation OS detection which would (usually) prevent fingerprints from being printed when systems don't respond to the 1st ICMP echo probe (the one with bogus code value of 9). Thanks to Brandon Enright for reporting and helping me debug the problem. o Fixed some problematic Nmap version detection signatures which could cause warning messages. Thanks to Brandon Enright for the initial patch. 4.20ALPHA5 o Worked with Zhao to improve the new OS detection system with better algorithms, probe changes, and bug fixes. We're now ready to start growing the new database! If Nmap gives you fingerprints, please submit them at the given URL. The DB is still extremely small. The new system is extensively documented at http://insecure.org/nmap/osdetect/ . o Nmap now supports IP options with the new --ip-options flag. You can specify any options in hex, or use "R" (record route), "T" (record timestamp), "U") (record route & timestamp), "S [route]" (strict source route), or "L [route]" (loose source route). Specify --packet-trace to display IP options of responses. For further information and examples, see http://insecure.org/nmap/man/ and http://seclists.org/nmap-dev/2006/q3/0052.html . Thanks to Marek Majkowski for writing and sending the patch. o Integrated all 2nd quarter service detection fingerprint submissions. Please keep them coming! We now have 3,671 signatures representing 415 protocols. Thanks to version detection czar Doug Hoyte for doing this. o Nmap now uses the (relatively) new libpcap pcap_get_selectable_fd API on systems which support it. This means that we no longer need to hack the included Pcap to better support Linux. So Nmap will now link with an existing system libpcap by default on that platform if one is detected. Thanks to Doug Hoyte for the patch. o Updated the included libpcap from 0.9.3 to 0.9.4. The changes I made are in libpcap/NMAP_MODIFICATIONS . By default, Nmap will now use the included libpcap unless version 0.9.4 or greater is already installed on the system. o Applied some nsock bugfixes from Diman Todorov. These don't affect the current version of Nmap, but are important for his Nmap Scripting Engine, which I hope to integrate into mainline Nmap in September. o Fixed a bug which would occasionally cause Nmap to crash with the message "log_vwrite: write buffer not large enough". I thought I conquered it in a previous release -- thanks to Doug Hoyte for finding a corner case which proved me wrong. o Fixed a bug in the rDNS system which prevented us from querying certain authoritative DNS servers which have recursion explicitly disabled. Thanks to Doug Hoyte for the patch. o --packet-trace now reports TCP options (thanks to Zhao Lei for the patch). Thanks to the --ip-options addition also found in this release, IP options are printed too. o Cleaned up Nmap DNS reporting to be a little more useful and concise. Thanks to Doug Hoyte for the patch. o Applied a bunch of small internal cleanup patches by Kris Katterjohn (kjak(a)ispwest.com). o Fixed the 'distclean' make target to be more comprehensive. Thanks to Thomas Buchanan (Thomas.Buchanan(a)thecompassgrp.net) for the patch. Nmap 4.20ALPHA4 o Nmap now provides progress statistics in the XML output in verbose mode. Here are some examples of the format (etc is "estimated time until completion) and times are in UNIX time_t (seconds since 1970) format. Angle braces have been replaced by square braces: [taskbegin task="SYN Stealth Scan" time="1151384685" /] [taskprogress task="SYN Stealth Scan" time="1151384715" percent="13.85" remaining="187" etc="1151384902" /] [taskend task="SYN Stealth Scan" time="1151384776" /] [taskbegin task="Service scan" time="1151384776" /] [taskend task="Service scan" time="1151384788" /] Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch. o Updated the Windows installer to give an option checkbox for performing the Nmap performance registry changes. The default is to do so. Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch. o Applied several code cleanup patches from Marek Majkowski. o Added --release-memory option, which causes Nmap to release all accessible memory buffers before quitting (rather than let the OS do it). This is only useful for debugging memory leaks. o Fixed a bug related to bogus completion time estimates when you request an estimate (through runtime interaction) right when Nmap is starting.a subsystem (such as a port scan or version detection). Thanks to Diman Todorov for reporting the problem and Doug Hoyte for writing a fix. o Nmap no longer gets random numbers from OpenSSL when it is available because that turned out to be slower than Nmap's other methods (e.g. /dev/urandom on Linux, /dev/arandom on OpenBSD, etc.). Thanks to Marek Majkowski for reporting the problem. o Updated the Windows binary distributions (self-installer and .zip) to include the new 2nd generation OS detection DB (nmap-os-db). Thanks to Sina Bahram for reporting the problem. o Fixed the --max-retries option, which wasn't being honored. Thanks to Jon Passki (jon.passki(a)hursk.com) for the patch. Nmap 4.20ALPHA3 o Added back Win32 support thanks to a patch by kx o Fixed the English translation of TCP sequence difficulty reported by Brandon Enright, and also removed fingerprint printing for 1st generation fingerprints (I don't really want to deal with those anymore). Thanks to Zhao Lei for writing this patch. o Fix a problem which caused OS detection to be done in some cases even if the user didn't request it. Thanks to Diman Todorov for the fix. Nmap 4.20ALPHA2 o Included nmap-os-db (the new OS detection DB) within the release. Oops! Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for catching this problem with 4.20ALPHA1. o Added a fix for the crash in the new OS detection which would come with the message "Probe doesn't exist! Probe type: 1. Probe subid: 1" Nmap 4.20ALPHA1 o Integrated initial 2nd generation OS detection patch! The system is documented at http://insecure.org/nmap/osdetect/ . Thanks to Zhao Lei for helping with the coding and design. o portlist.cc was refactored to remove some code duplication. Thanks to Diman Todorov for the patch.
2006-12-17 18:55:49 +01:00
Changes 3.77: o Fixed a memory leak that would generally consume several hundred bytes per down host scanned. While the effect for most scans is negligible, it was overwhelming when Scott Carlson (Scott.Carlson(a)schwab.com) tried to scan 24 million IPs (10.0.0.0/8). Thanks to him for reporting the problem. o Fixed a bug in ACK scan that could cause Nmap to crash with the message "Unexpected port state: 6" in some cases. Thanks to Glyn Geoghegan (glyng(a)corsaire.com) for reporting the problem. o Change IP protocol scan (-sO) so that a response from the target host in any protocol at all will prove that protocol is open. As before, no response means "open|filtered", an ICMP protocol unreachable means "closed", and most other ICMP error messages mean "filered". o Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and UDP headers when scanning protocols 1, 6, and 17, respectively. An emtpy IP header is still sent for all other protocols. This should prevent the error messages such as "sendto in send_ip_packet: sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not permitted" that Linux (and perhaps other systems) would give when they try to interpret the raw packet. This also makes it more likely that these protocols will elicit a response, proving that the protocol is "open". o Null, FIN, Maimon, and Xmas scans now mark ports as "open|filtered" instead of "open" when they fail to receive any response from the target port. After all, it could just as easily be filtered as open. This is the same change that was made to UDP scan in 3.70. Also as with UDP scan, adding version detection (-sV) will change the state from open|filtered to open if it confirms that they really are open. o Fixed a crash on Windows systems that don't include the iphlpapi DLL. This affects Win95 and perhaps other variants. Thanks to Ganga Bhavani (GBhavani(a)everdreamcorp.com) for reporting the problem and sending the patch. o Ensured that the device type, os vendor, and os family OS fingerprinting classification values are scrubbed for XML compliance in the XML output. Thanks to Matthieu Verbert (mve(a)zurich.ibm.com) for reporting the problem and sending a patch. o Changed to Nmap XML DTD to use the same xmloutputversion (1.01) as newer versions of Nmap. Thanks to Laurent Estieux (laurent.estieux(a)free.fr) for reporting the problem.
2004-11-26 10:24:20 +01:00
USE_LANGUAGES= c c++
Update to version 3.93 Changes: 3.93: ===== o Modified Libpcap's configure.ac to compile with the --fno-strict-aliasing option if gcc 4.X is used. This prevents when said compiler is used. This was done for Nmap in 3.90, but is apparently needed for pcap too. Thanks to Craig Humphrey (Craig.Humphrey(a)chapmantripp.com) for the discovery. o Patched libdnet to include sys/uio.h in src/tun-linux.c. This is apparently necessary on some Glibc 2.1 systems. Thanks to Rob Foehl (rwf(a)loonybin.net) for the patch. o Fixed a crash which could occur when a ridiculously short --host_timeout was specified on Windows (or on UNIX if --send_eth was specified). Nmap now also prints a warning if you specify a host_timeout of less than 1 second. Thanks to Ole Morten Grodaas (grodaas(a)gmail.com) for discovering the problem. 3.91: ===== o Fixed a crash on Windows when you -P0 scan an unused IP on a local network (or a range that contains unused IPs). This could also happen on UNIX if you specified the new --send_eth option. Thanks to Jim Carras (JFCECL(a)engr.psu.edu) for reporting the problem. o Fixed compilation on OpenBSD by applying a patch from Okan Demirmen (okan(a)demirmen.com), who maintains Nmap in the OpenBSD Ports collection. o Updated nmap-mac-prefixes to include OUIs assigned by the IEEE since April. o Updated the included libpcre (used for version detection) from version 4.3 to 6.3. A libpcre securty issue was fixed in 6.3, but that issue never affected Nmap. o Updated the included libpcap from 0.8.3 to 0.9.3. I also changed the directory name in the Nmap tarball from libpcap-possiblymodified to just libpcap. As usual, the modifications are described in the NMAP_MODIFICATIONS in that directory. 3.90: ===== o Added the ability for Nmap to send and properly route raw ethernet packets cointaining IP datagrams rather than always sending the packets via raw sockets. This is particularly useful for Windows, since Microsoft has disabled raw socket support in XP for no good reason. Nmap tries to choose the best method at runtime based on platform, though you can override it with the new --send_eth and --send_ip options. o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to determine whether hosts on a LAN are up, rather than relying on higher-level IP packets (which can only be sent after a successful ARP request and reply anyway). This is much faster and more reliable (not subject to IP-level firewalling) than IP-based probes. The downside is that it only works when the target machine is on the same LAN as the scanning machine. It is now used automatically for any hosts that are detected to be on a local ethernet network, unless --send_ip was specified. Example usage: nmap -sP -PR 192.168.0.0/16 . o Added the --spoof_mac option, which asks Nmap to use the given MAC address for all of the raw ethernet frames it sends. The MAC given can take several formats. If it is simply the string "0", Nmap chooses a completely random MAC for the session. If the given string is an even number of hex digits (with the pairs optionally separated by a colon), Nmap will use those as the MAC. If less than 12 hex digits are provided, Nmap fills in the remainder of the 6 bytes with random values. If the argument isn't a 0 or hex string, Nmap looks through the nmap-mac-prefixes to find a vendor name containing the given string (it is case insensitive). If a match is found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the remaining 3 bytes randomly. Valid --spoof_mac argument examples are "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and "Cisco". o Applied an enormous nmap-service-probes (version detection) update from SoC student Doug Hoyte (doug(a)hcsw.org). Version 3.81 had 1064 match lines covering 195 service protocols. Now we have 2865 match lines covering 359 protocols! So the database size has nearly tripled! This should make your -sV scans quicker and more accurate. Thanks also go to the (literally) thousands of you who submitted service fingerprints. Keep them coming! o Applied a massive OS fingerprint update from Zhao Lei (zhaolei(a)gmail.com). About 350 fingerprints were added, and many more were updated. Notable additions include Mac OS X 10.4 (Tiger), OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along with a new "robotic pet" device type category), the latest Linux 2.6 kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64 UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO 3.8.X, and Solaris 10. Of course there are also tons of new broadband routers, printers, WAPs and pretty much any other device you can coax an ethernet cable (or wireless card) into! o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think the ASCII art sucks, feel free to send me alternatives. Note that only people compiling the UNIX source code get this. (ASCII artist unknown). o Added OS, device type, and hostname detection using the service detection framework. Many services print a hostname, which may be different than DNS. The services often give more away as well. If Nmap detects IIS, it reports an OS family of "Windows". If it sees HP JetDirect telnetd, it reports a device type of "printer". Rather than try to combine TCP/IP stack fingerprinting and service OS fingerprinting, they are both printed. After all, they could legitimately be different. An IP that gives a stack fingerprint match of "Linksys WRT54G broadband router" and a service fingerprint of Windows based on Kazaa running is likely a common NAT setup rather than an Nmap mistake. o Nmap on Windows now compiles/links with the new WinPcap 3.1 header/lib files. So please upgrade to 3.1 from http://www.winpcap.org before installing this version of Nmap. While older versions may still work, they aren't supported with Nmap. o The official Nmap RPM files are now compiled statically for better compatability with other systems. X86_64 (AMD Athlon64/Opteron) binaries are now available in addition to the standard i386. NmapFE RPMs are no longer distributed by Insecure.Org. o Nmap distribution signing has changed. Release files are now signed with a new Nmap Project GPG key (KeyID 6B9355D0). Fyodor has also generated a new key for himself (KeyID 33599B5F). The Nmap key has been signed by Fyodor's new key, which has been signed by Fyodor's old key so that you know they are legit. The new keys are available at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public keyserver network. Here are the fingerprints: pub 1024D/33599B5F 2005-04-24 Key fingerprint = BB61 D057 C0D7 DCEF E730 996C 1AF6 EC50 3359 9B5F uid Fyodor <fyodor@insecure.org> sub 2048g/D3C2241C 2005-04-24 pub 1024D/6B9355D0 2005-04-24 Key fingerprint = 436D 66AB 9A79 8425 FDA0 E3F8 01AF 9F03 6B93 55D0 uid Nmap Project Signing Key (http://www.insecure.org/) sub 2048g/A50A6A94 2005-04-24 o Fixed a crash problem related to non-portable varargs (vsnprintf) usage. Reports of this crash came from Alan William Somers (somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de). This patch was prevalent on Linux boxes running an Opteron/Athlon64 CPU in 64-bit mode. o Fixed crash when Nmap is compiled using gcc 4.X by adding the --fno-strict-aliasing option when that compiler is detected. Thanks to Greg Darke (starstuff(a)optusnet.com.au) for discovering that this option fixes (hides) the problem and to Duilio J. Protti (dprotti(a)flowgate.net) for writing the configure patch to detect gcc 4 and add the option. A better fix is to identify and rewrite lines that violate C99 alias rules, and we are looking into that. o Added "rarity" feature to Nmap version detection. This causes obscure probes to be skipped when they are unlikely to help. Each probe now has a "rarity" value. Probes that detect dozens of services such as GenericLines and GetRequest have rarity values of 1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9. When interrogating a port, Nmap always tries probes registered to that port number. So even WWWOFFLEctrlstat will be tried against port 8081 and mydoom will be tried against open ports between 3127 and 3198. If none of the registered ports find a match, Nmap tries probes that have a rarity less than or equal to its current intensity level. The intensity level defaults to 7 (so that most of the probes are done). You can set the intensity level with the new --version_intensity option. Alternatively, you can just use --version_light or --version_all which set the intensity to 2 (only try the most important probes and ones registered to the port number) and 9 (try all probes), respectively. --version_light is much faster than default version detection, but also a bit less likely to find a match. This feature was designed and implemented by Doug Hoyte (doug(a)hcsw.org). o Added a "fallback" feature to the nmap-service-probes database. This allows a probe to "inherit" match lines from other probes. It is currently only used for the HTTPOptions, RTSPRequest, and SSLSessionReq probes to inherit all of the match lines from GetRequest. Some servers don't respond to the Nmap GetRequest (for example because it doesn't include a Host: line) but they do respond to some of those other 3 probes in ways that GetRequest match lines are general enough to match. The fallback construct allows us to benefit from these matches without repeating hundreds of signatures in the file. This is another feature designed and implemented by Doug Hoyte (doug(a)hcsw.org). o Fixed crash with certain --excludefile or --exclude arguments. Thanks to Kurt Grutzmacher (grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for reporting the problem, and to Duilio J. Protti (dprotti(a)flowgate.net) for debugging the issue and sending the patch. o Updated random scan (ip_is_reserved()) to reflect the latest IANA assignments. This patch was sent in by Felix Groebert (felix(a)groebert.org). o Included new Russian man page translation by locco_bozi(a)Safe-mail.net o Applied pach from Steve Martin (smartin(a)stillsecure.com) which standardizes many OS names and corrects typos in nmap-os-fingerprints. o Fixed a crash found during certain UDP version scans. The crash was discovered and reported by Ron (iago(a)valhallalegends.com) and fixed by Doug Hoyte (doug(a)hcsw.com). o Added --iflist argument which prints a list of system interfaces and routes detected by Nmap. o Fixed a protocol scan (-sO) problem which led to the error message: "Error compiling our pcap filter: syntax error". Thanks to Michel Arboi (michel(a)arboi.fr.eu.org) for reporting the problem. o Fixed an Nmap version detection crash on Windows which led to the error message "Unexpected error in NSE_TYPE_READ callback. Error code: 10053 (Unknown error)". Thanks to Srivatsan (srivatsanp(a)adventnet.com) for reporting the problem. o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers (TSellers(a)trustmark.com). o Applied some changes from Gisle Vanem (giva(a)bgnett.no) to make Nmap compile with Cygwin. o XML "osmatch" element now has a "line" attribute giving the reference fingerprint line number in nmap-os-fingerprints. o Added a distcc probes and a bunch of smtp matches from Dirk Mueller (mueller(a)kde.org) to nmap-service-probes. Also added AFS version probe and matches from Lionel Cons (lionel.cons(a)cern.ch). And even more probes and matches from Martin Macok (martin.macok(a)underground.cz) o Fixed a problem where Nmap compilation would use header files from the libpcap included with Nmap even when it was linking to a system libpcap. Thanks to Solar Designer (solar(a)openwall.com) and Okan Demirmen (okan(a)demirmen.com) for reporting the problem. o Added configure option --with-libpcap=included to tell Nmap to use the version of libpcap it ships with rather than any that may already be installed on the system. You can still use --with-libpcap=[dir] to specify that a system libpcap be installed rather than the shipped one. By default, Nmap looks at both and decides which one is likely to work best. If you are having problems on Solaris, try --with-libpcap=included . o Changed the --no-stylesheet option to --no_stylesheet to be consistant with all of the other Nmap options. Though I'm starting to like hyphens a bit better than underscores and may change all of the options to use hyphens instad at some point. o Added "Exclude" directive to nmap-service-probes grammar which causes version detection to skip listed ports. This is helpful for ports such as 9100. Some printers simply print any data sent to that port, leading to pages of HTTP requests, SMB queries, X Windows probes, etc. If you really want to scan all ports, specify --allports. This patch came from Doug Hoyte (doug(a)hcsw.org). o Added a stripped-down and heavily modified version of Dug Song's libdnet networking library (v. 1.10). This helps with the new raw ethernet features. My (extensive) changes are described in libdnet-stripped/NMAP_MODIFICATIONS o Removed WinIP library (and all Windows raw sockets code) since MS has gone and broken raw sockets. Maybe packet receipt via raw sockets will come back at some point. As part of this removal, the Windows-specific --win_help, --win_list_interfaces, --win_norawsock, --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi, and --win_trace options have been removed. o Chagned the interesting ports array from a 65K-member array of pointers into an STL list. This noticeable reduces memory usage in some cases, and should also give a slight runtime performance boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com). o Removed the BSDFIX/BSDUFIX macros. The underlying bug in FreeBSD/NetBSD is still there though. When an IP packet is sent through a raw socket, these platforms require the total length and fragmentation offset fields of an IP packet to be in host byte order rather than network byte order, even though all the other fields must be in NBO. I believe that OpenBSD fixed this a while back. Other platforms, such as Linux, Solaris, Mac OS X, and Windows take all of the fields in network byte order. While I removed the macro, I still do the munging where required so that Nmap still works on FreeBSD. o Integrated many nmap-service-probes changes from Bo Jiang (jiangbo(a)brandeis.edu) o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri (eilon(a)aristo.tau.ac.il) o Added some new RPC services to nmap-rpc thanks to a patch from vlad902 (vlad902(a)gmail.com). o Fixed a bug where Nmap would quit on Windows whenever it encountered a raw scan of localhost (including the local ethernet interface address), even when that was just one address out of a whole network being scanned. Now Nmap just warns that it is skipping raw scans when it encounters the local IP, but continues on to scan the rest of the network. Raw scans do not currently work against local IP addresses because Winpcap doesn't support reading/writing localhost interfaces due to limitations of Windows. o The OS fingerprint is now provided in XML output if debugging is enabled (-d) or verbosity is at least 2 (-v -v). This patch was sent by Okan Demirmen (okan(a)demirmen.com) o Fixed the way tcp connect scan (-sT) respons to ICMP network unreachable responses (patch by Richard Moore (rich(a)westpoint.ltd.uk). o Update random host scan (-iR) to support the latest IANA-allocated ranges, thanks to patch by Chad Loder (cloder(a)loder.us). o Updated GNU shtool (a helper program used during 'make install' to version 2.0.2, which fixes a predictable temporary filename weakness discovered by Eric Raymond. o Removed addport element from XML DTD, since it is no longer used (sugested by Lionel Cons (lionel.cons(a)cern.ch) o Added new --privileged command-line option and NMAP_PRIVILEGED environmental variable. Either of these tell Nmap to assume that the user has full privileges to execute raw packet scans, OS detection and the like. This can be useful when Linux kernel capabilities or other systems are used that allow non-root users to perform raw packet or ethernet frame manipulation. Without this flag or variable set, Nmap bails on UNIX if geteuid() is nonzero. o Changed the RPM spec file so that if you define "static" to 1 (by passing --define "static 1" to rpmbuild), static binaries are built. o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon Burr (simes(a)bpfh.net). o ultra_scan() now sets pseudo-random ACK values (rather than 0) for any TCP scans in which the initial probe packet has the ACK flag set. This would be the ACK, Xmas, Maimon, and Window scans. o Updated the Nmap version number, description, and similar fields that MS Visual Studio places in the binary. This was done by editing mswin32/nmap.rc as suggested by Chris Paget (chrisp@ngssoftware.com) o Fixed Nmap compilation on DragonFly BSD (and perhaps some other systems) by applying a short patch by Joerg Sonnenberger which omits the declaration of errno if it is a #define. o Fixed an integer overflow that prevented Nmap from scanning 2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1). Problem noted by Justin Cranford (jcranford(a)n-able.com). While /1 scans are now possible, don't expect them to finish during your bathroom break. No matter how constipated you are. o Increased the buffer size allocated for fingerprints to prevent Nmap from running out and quitting (error message: "Assertion `servicefpalloc - servicefplen > 8' failed". Thanks to Mike Hatz (mhatz(a)blackcat.com) for the report. [ Actually this was done in a previous version, but I forgot which one ] o Changed from CVS to Subversion source control system (which rocks!). Neither repository is public (I'm paranoid because both CVS and SVN have had remotely exploitable security holes), so the main change users will see is that "Id" tags in file headers use the SVN format for version numbering and such.
2005-09-15 16:12:18 +02:00
USE_LIBTOOL= yes
USE_TOOLS+= gmake
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --with-libpcap=${BUILDLINK_PREFIX.libpcap}
CONFIGURE_ARGS+= --with-libpcre=${BUILDLINK_PREFIX.pcre}
CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl}
CONFIGURE_ARGS+= --without-subversion
BUILD_DEFS+= IPV6_READY
.include "options.mk"
Update to version 3.93 Changes: 3.93: ===== o Modified Libpcap's configure.ac to compile with the --fno-strict-aliasing option if gcc 4.X is used. This prevents when said compiler is used. This was done for Nmap in 3.90, but is apparently needed for pcap too. Thanks to Craig Humphrey (Craig.Humphrey(a)chapmantripp.com) for the discovery. o Patched libdnet to include sys/uio.h in src/tun-linux.c. This is apparently necessary on some Glibc 2.1 systems. Thanks to Rob Foehl (rwf(a)loonybin.net) for the patch. o Fixed a crash which could occur when a ridiculously short --host_timeout was specified on Windows (or on UNIX if --send_eth was specified). Nmap now also prints a warning if you specify a host_timeout of less than 1 second. Thanks to Ole Morten Grodaas (grodaas(a)gmail.com) for discovering the problem. 3.91: ===== o Fixed a crash on Windows when you -P0 scan an unused IP on a local network (or a range that contains unused IPs). This could also happen on UNIX if you specified the new --send_eth option. Thanks to Jim Carras (JFCECL(a)engr.psu.edu) for reporting the problem. o Fixed compilation on OpenBSD by applying a patch from Okan Demirmen (okan(a)demirmen.com), who maintains Nmap in the OpenBSD Ports collection. o Updated nmap-mac-prefixes to include OUIs assigned by the IEEE since April. o Updated the included libpcre (used for version detection) from version 4.3 to 6.3. A libpcre securty issue was fixed in 6.3, but that issue never affected Nmap. o Updated the included libpcap from 0.8.3 to 0.9.3. I also changed the directory name in the Nmap tarball from libpcap-possiblymodified to just libpcap. As usual, the modifications are described in the NMAP_MODIFICATIONS in that directory. 3.90: ===== o Added the ability for Nmap to send and properly route raw ethernet packets cointaining IP datagrams rather than always sending the packets via raw sockets. This is particularly useful for Windows, since Microsoft has disabled raw socket support in XP for no good reason. Nmap tries to choose the best method at runtime based on platform, though you can override it with the new --send_eth and --send_ip options. o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to determine whether hosts on a LAN are up, rather than relying on higher-level IP packets (which can only be sent after a successful ARP request and reply anyway). This is much faster and more reliable (not subject to IP-level firewalling) than IP-based probes. The downside is that it only works when the target machine is on the same LAN as the scanning machine. It is now used automatically for any hosts that are detected to be on a local ethernet network, unless --send_ip was specified. Example usage: nmap -sP -PR 192.168.0.0/16 . o Added the --spoof_mac option, which asks Nmap to use the given MAC address for all of the raw ethernet frames it sends. The MAC given can take several formats. If it is simply the string "0", Nmap chooses a completely random MAC for the session. If the given string is an even number of hex digits (with the pairs optionally separated by a colon), Nmap will use those as the MAC. If less than 12 hex digits are provided, Nmap fills in the remainder of the 6 bytes with random values. If the argument isn't a 0 or hex string, Nmap looks through the nmap-mac-prefixes to find a vendor name containing the given string (it is case insensitive). If a match is found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the remaining 3 bytes randomly. Valid --spoof_mac argument examples are "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and "Cisco". o Applied an enormous nmap-service-probes (version detection) update from SoC student Doug Hoyte (doug(a)hcsw.org). Version 3.81 had 1064 match lines covering 195 service protocols. Now we have 2865 match lines covering 359 protocols! So the database size has nearly tripled! This should make your -sV scans quicker and more accurate. Thanks also go to the (literally) thousands of you who submitted service fingerprints. Keep them coming! o Applied a massive OS fingerprint update from Zhao Lei (zhaolei(a)gmail.com). About 350 fingerprints were added, and many more were updated. Notable additions include Mac OS X 10.4 (Tiger), OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along with a new "robotic pet" device type category), the latest Linux 2.6 kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64 UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO 3.8.X, and Solaris 10. Of course there are also tons of new broadband routers, printers, WAPs and pretty much any other device you can coax an ethernet cable (or wireless card) into! o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think the ASCII art sucks, feel free to send me alternatives. Note that only people compiling the UNIX source code get this. (ASCII artist unknown). o Added OS, device type, and hostname detection using the service detection framework. Many services print a hostname, which may be different than DNS. The services often give more away as well. If Nmap detects IIS, it reports an OS family of "Windows". If it sees HP JetDirect telnetd, it reports a device type of "printer". Rather than try to combine TCP/IP stack fingerprinting and service OS fingerprinting, they are both printed. After all, they could legitimately be different. An IP that gives a stack fingerprint match of "Linksys WRT54G broadband router" and a service fingerprint of Windows based on Kazaa running is likely a common NAT setup rather than an Nmap mistake. o Nmap on Windows now compiles/links with the new WinPcap 3.1 header/lib files. So please upgrade to 3.1 from http://www.winpcap.org before installing this version of Nmap. While older versions may still work, they aren't supported with Nmap. o The official Nmap RPM files are now compiled statically for better compatability with other systems. X86_64 (AMD Athlon64/Opteron) binaries are now available in addition to the standard i386. NmapFE RPMs are no longer distributed by Insecure.Org. o Nmap distribution signing has changed. Release files are now signed with a new Nmap Project GPG key (KeyID 6B9355D0). Fyodor has also generated a new key for himself (KeyID 33599B5F). The Nmap key has been signed by Fyodor's new key, which has been signed by Fyodor's old key so that you know they are legit. The new keys are available at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public keyserver network. Here are the fingerprints: pub 1024D/33599B5F 2005-04-24 Key fingerprint = BB61 D057 C0D7 DCEF E730 996C 1AF6 EC50 3359 9B5F uid Fyodor <fyodor@insecure.org> sub 2048g/D3C2241C 2005-04-24 pub 1024D/6B9355D0 2005-04-24 Key fingerprint = 436D 66AB 9A79 8425 FDA0 E3F8 01AF 9F03 6B93 55D0 uid Nmap Project Signing Key (http://www.insecure.org/) sub 2048g/A50A6A94 2005-04-24 o Fixed a crash problem related to non-portable varargs (vsnprintf) usage. Reports of this crash came from Alan William Somers (somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de). This patch was prevalent on Linux boxes running an Opteron/Athlon64 CPU in 64-bit mode. o Fixed crash when Nmap is compiled using gcc 4.X by adding the --fno-strict-aliasing option when that compiler is detected. Thanks to Greg Darke (starstuff(a)optusnet.com.au) for discovering that this option fixes (hides) the problem and to Duilio J. Protti (dprotti(a)flowgate.net) for writing the configure patch to detect gcc 4 and add the option. A better fix is to identify and rewrite lines that violate C99 alias rules, and we are looking into that. o Added "rarity" feature to Nmap version detection. This causes obscure probes to be skipped when they are unlikely to help. Each probe now has a "rarity" value. Probes that detect dozens of services such as GenericLines and GetRequest have rarity values of 1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9. When interrogating a port, Nmap always tries probes registered to that port number. So even WWWOFFLEctrlstat will be tried against port 8081 and mydoom will be tried against open ports between 3127 and 3198. If none of the registered ports find a match, Nmap tries probes that have a rarity less than or equal to its current intensity level. The intensity level defaults to 7 (so that most of the probes are done). You can set the intensity level with the new --version_intensity option. Alternatively, you can just use --version_light or --version_all which set the intensity to 2 (only try the most important probes and ones registered to the port number) and 9 (try all probes), respectively. --version_light is much faster than default version detection, but also a bit less likely to find a match. This feature was designed and implemented by Doug Hoyte (doug(a)hcsw.org). o Added a "fallback" feature to the nmap-service-probes database. This allows a probe to "inherit" match lines from other probes. It is currently only used for the HTTPOptions, RTSPRequest, and SSLSessionReq probes to inherit all of the match lines from GetRequest. Some servers don't respond to the Nmap GetRequest (for example because it doesn't include a Host: line) but they do respond to some of those other 3 probes in ways that GetRequest match lines are general enough to match. The fallback construct allows us to benefit from these matches without repeating hundreds of signatures in the file. This is another feature designed and implemented by Doug Hoyte (doug(a)hcsw.org). o Fixed crash with certain --excludefile or --exclude arguments. Thanks to Kurt Grutzmacher (grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for reporting the problem, and to Duilio J. Protti (dprotti(a)flowgate.net) for debugging the issue and sending the patch. o Updated random scan (ip_is_reserved()) to reflect the latest IANA assignments. This patch was sent in by Felix Groebert (felix(a)groebert.org). o Included new Russian man page translation by locco_bozi(a)Safe-mail.net o Applied pach from Steve Martin (smartin(a)stillsecure.com) which standardizes many OS names and corrects typos in nmap-os-fingerprints. o Fixed a crash found during certain UDP version scans. The crash was discovered and reported by Ron (iago(a)valhallalegends.com) and fixed by Doug Hoyte (doug(a)hcsw.com). o Added --iflist argument which prints a list of system interfaces and routes detected by Nmap. o Fixed a protocol scan (-sO) problem which led to the error message: "Error compiling our pcap filter: syntax error". Thanks to Michel Arboi (michel(a)arboi.fr.eu.org) for reporting the problem. o Fixed an Nmap version detection crash on Windows which led to the error message "Unexpected error in NSE_TYPE_READ callback. Error code: 10053 (Unknown error)". Thanks to Srivatsan (srivatsanp(a)adventnet.com) for reporting the problem. o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers (TSellers(a)trustmark.com). o Applied some changes from Gisle Vanem (giva(a)bgnett.no) to make Nmap compile with Cygwin. o XML "osmatch" element now has a "line" attribute giving the reference fingerprint line number in nmap-os-fingerprints. o Added a distcc probes and a bunch of smtp matches from Dirk Mueller (mueller(a)kde.org) to nmap-service-probes. Also added AFS version probe and matches from Lionel Cons (lionel.cons(a)cern.ch). And even more probes and matches from Martin Macok (martin.macok(a)underground.cz) o Fixed a problem where Nmap compilation would use header files from the libpcap included with Nmap even when it was linking to a system libpcap. Thanks to Solar Designer (solar(a)openwall.com) and Okan Demirmen (okan(a)demirmen.com) for reporting the problem. o Added configure option --with-libpcap=included to tell Nmap to use the version of libpcap it ships with rather than any that may already be installed on the system. You can still use --with-libpcap=[dir] to specify that a system libpcap be installed rather than the shipped one. By default, Nmap looks at both and decides which one is likely to work best. If you are having problems on Solaris, try --with-libpcap=included . o Changed the --no-stylesheet option to --no_stylesheet to be consistant with all of the other Nmap options. Though I'm starting to like hyphens a bit better than underscores and may change all of the options to use hyphens instad at some point. o Added "Exclude" directive to nmap-service-probes grammar which causes version detection to skip listed ports. This is helpful for ports such as 9100. Some printers simply print any data sent to that port, leading to pages of HTTP requests, SMB queries, X Windows probes, etc. If you really want to scan all ports, specify --allports. This patch came from Doug Hoyte (doug(a)hcsw.org). o Added a stripped-down and heavily modified version of Dug Song's libdnet networking library (v. 1.10). This helps with the new raw ethernet features. My (extensive) changes are described in libdnet-stripped/NMAP_MODIFICATIONS o Removed WinIP library (and all Windows raw sockets code) since MS has gone and broken raw sockets. Maybe packet receipt via raw sockets will come back at some point. As part of this removal, the Windows-specific --win_help, --win_list_interfaces, --win_norawsock, --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi, and --win_trace options have been removed. o Chagned the interesting ports array from a 65K-member array of pointers into an STL list. This noticeable reduces memory usage in some cases, and should also give a slight runtime performance boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com). o Removed the BSDFIX/BSDUFIX macros. The underlying bug in FreeBSD/NetBSD is still there though. When an IP packet is sent through a raw socket, these platforms require the total length and fragmentation offset fields of an IP packet to be in host byte order rather than network byte order, even though all the other fields must be in NBO. I believe that OpenBSD fixed this a while back. Other platforms, such as Linux, Solaris, Mac OS X, and Windows take all of the fields in network byte order. While I removed the macro, I still do the munging where required so that Nmap still works on FreeBSD. o Integrated many nmap-service-probes changes from Bo Jiang (jiangbo(a)brandeis.edu) o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri (eilon(a)aristo.tau.ac.il) o Added some new RPC services to nmap-rpc thanks to a patch from vlad902 (vlad902(a)gmail.com). o Fixed a bug where Nmap would quit on Windows whenever it encountered a raw scan of localhost (including the local ethernet interface address), even when that was just one address out of a whole network being scanned. Now Nmap just warns that it is skipping raw scans when it encounters the local IP, but continues on to scan the rest of the network. Raw scans do not currently work against local IP addresses because Winpcap doesn't support reading/writing localhost interfaces due to limitations of Windows. o The OS fingerprint is now provided in XML output if debugging is enabled (-d) or verbosity is at least 2 (-v -v). This patch was sent by Okan Demirmen (okan(a)demirmen.com) o Fixed the way tcp connect scan (-sT) respons to ICMP network unreachable responses (patch by Richard Moore (rich(a)westpoint.ltd.uk). o Update random host scan (-iR) to support the latest IANA-allocated ranges, thanks to patch by Chad Loder (cloder(a)loder.us). o Updated GNU shtool (a helper program used during 'make install' to version 2.0.2, which fixes a predictable temporary filename weakness discovered by Eric Raymond. o Removed addport element from XML DTD, since it is no longer used (sugested by Lionel Cons (lionel.cons(a)cern.ch) o Added new --privileged command-line option and NMAP_PRIVILEGED environmental variable. Either of these tell Nmap to assume that the user has full privileges to execute raw packet scans, OS detection and the like. This can be useful when Linux kernel capabilities or other systems are used that allow non-root users to perform raw packet or ethernet frame manipulation. Without this flag or variable set, Nmap bails on UNIX if geteuid() is nonzero. o Changed the RPM spec file so that if you define "static" to 1 (by passing --define "static 1" to rpmbuild), static binaries are built. o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon Burr (simes(a)bpfh.net). o ultra_scan() now sets pseudo-random ACK values (rather than 0) for any TCP scans in which the initial probe packet has the ACK flag set. This would be the ACK, Xmas, Maimon, and Window scans. o Updated the Nmap version number, description, and similar fields that MS Visual Studio places in the binary. This was done by editing mswin32/nmap.rc as suggested by Chris Paget (chrisp@ngssoftware.com) o Fixed Nmap compilation on DragonFly BSD (and perhaps some other systems) by applying a short patch by Joerg Sonnenberger which omits the declaration of errno if it is a #define. o Fixed an integer overflow that prevented Nmap from scanning 2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1). Problem noted by Justin Cranford (jcranford(a)n-able.com). While /1 scans are now possible, don't expect them to finish during your bathroom break. No matter how constipated you are. o Increased the buffer size allocated for fingerprints to prevent Nmap from running out and quitting (error message: "Assertion `servicefpalloc - servicefplen > 8' failed". Thanks to Mike Hatz (mhatz(a)blackcat.com) for the report. [ Actually this was done in a previous version, but I forgot which one ] o Changed from CVS to Subversion source control system (which rocks!). Neither repository is public (I'm paranoid because both CVS and SVN have had remotely exploitable security holes), so the main change users will see is that "Id" tags in file headers use the SVN format for version numbering and such.
2005-09-15 16:12:18 +02:00
CHECK_INTERPRETER_SKIP= bin/uninstall_zenmap
CHECK_INTERPRETER_SKIP+= share/zenmap/su-to-zenmap.sh
From the release announcement on http://nmap.org: "The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade." Here is a condensed Changelog: Nmap 6.01 [2012-06-13] o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7. o [Zenmap] Fixed a crash that happened when activating the host filter. o Fixed a bug that caused Nmap to fail to find any network interface when at least one of them is in the monitor mode. http://seclists.org/nmap-dev/2012/q2/449 http://seclists.org/nmap-dev/2012/q2/478 o Fixed the greppable output of hosts that time-out. Nmap 6.00 [2012-05-21] o Most important release since Nmap 5.00 in July 2009! For a list of the most significant improvements and new features, see the announcement at: http://nmap.org/6 o Some XML output improvements... o Lots of NSE scripts added and updated... o Fixed the routing table loop on OS X so that on-link routes appear. o Upgraded included libpcap to version 1.2.1. o Fixed a compilation problem on Solaris 9 caused by a missing definition of IPV6_V6ONLY. o Setting --min-parallelism by itself no longer forces the maximum parallelism to the same value. o [Zenmap] Fixed a crash that would happen in the profile editor when the script.db file doesn't exist. o [Zenmap] It is now possible to compare scans having the same name or command line parameters. o Fixed an error that could occur with ICMPv6 probes and -d4 debugging: "Unexpected probespec2ascii type encountered" o Applied a workaround to make pcap captures work better on Solaris 10. o Fixed a bug that could cause Nsock timers to fire too early. o Changed the way timeout calculations are made in the IPv6 OS engine. Nmap 5.61TEST5 [2012-03-09] o Integrated all of your IPv4 OS fingerprint submissions since June 2011 (about 1,900 of them). Added about 256 new fingerprints (and deleted some bogus ones), bringing the new total to 3,572. Additions include Apple iOS 5.01, OpenBSD 4.9 and 5.0, FreeBSD 7.0 through 9.0-PRERELEASE, and a ton of new WAPs, routers, and other devices. Many existing fingerprints were improved. For more details, see http://seclists.org/nmap-dev/2012/q1/431 o Integrated all of your service/version detection fingerprints submitted since November 2010--more than 2,500 of them! Our signature count increased more than 10% to 7,423 covering 862 protocols. Some amusing and bizarre new services are described at http://seclists.org/nmap-dev/2012/q1/359 o Integrated your latest IPv6 OS submissions and corrections. We're still low on IPv6 fingerprints, so please scan any IPv6 systems you own or administer and submit them to http://nmap.org/submit/. Both new fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap guesses wrong) are useful. o IPv6 OS detection now includes a novelty detection system which avoids printing a match when an observed fingerprint is too different from fingerprints seen before. As the OS database is still small, this helps to avoid making (essentially) wild guesses when seeing a new operating system. o Refactored the nsock library to add the nsock-engines system. o [NSE] Added 43(!) NSE scripts, bringing the total up to 340. o CPE (Common Platform Enumeration) OS classification is now supported for IPv6 OS detection. [...] Nmap 5.61TEST4 [2012-01-02] -> Nmap 5.61TEST1 [...] Lots of Bugfixes! Thanks to jschauma@ for analysing a NetBSD related problem, and to David Fifield for providing the (upstream) patch.
2012-09-16 22:29:06 +02:00
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/oracle-default-accounts.lst
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/oracle-sids
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/passwords.lst
From the release announcement on http://nmap.org: "The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade." Here is a condensed Changelog: Nmap 6.01 [2012-06-13] o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7. o [Zenmap] Fixed a crash that happened when activating the host filter. o Fixed a bug that caused Nmap to fail to find any network interface when at least one of them is in the monitor mode. http://seclists.org/nmap-dev/2012/q2/449 http://seclists.org/nmap-dev/2012/q2/478 o Fixed the greppable output of hosts that time-out. Nmap 6.00 [2012-05-21] o Most important release since Nmap 5.00 in July 2009! For a list of the most significant improvements and new features, see the announcement at: http://nmap.org/6 o Some XML output improvements... o Lots of NSE scripts added and updated... o Fixed the routing table loop on OS X so that on-link routes appear. o Upgraded included libpcap to version 1.2.1. o Fixed a compilation problem on Solaris 9 caused by a missing definition of IPV6_V6ONLY. o Setting --min-parallelism by itself no longer forces the maximum parallelism to the same value. o [Zenmap] Fixed a crash that would happen in the profile editor when the script.db file doesn't exist. o [Zenmap] It is now possible to compare scans having the same name or command line parameters. o Fixed an error that could occur with ICMPv6 probes and -d4 debugging: "Unexpected probespec2ascii type encountered" o Applied a workaround to make pcap captures work better on Solaris 10. o Fixed a bug that could cause Nsock timers to fire too early. o Changed the way timeout calculations are made in the IPv6 OS engine. Nmap 5.61TEST5 [2012-03-09] o Integrated all of your IPv4 OS fingerprint submissions since June 2011 (about 1,900 of them). Added about 256 new fingerprints (and deleted some bogus ones), bringing the new total to 3,572. Additions include Apple iOS 5.01, OpenBSD 4.9 and 5.0, FreeBSD 7.0 through 9.0-PRERELEASE, and a ton of new WAPs, routers, and other devices. Many existing fingerprints were improved. For more details, see http://seclists.org/nmap-dev/2012/q1/431 o Integrated all of your service/version detection fingerprints submitted since November 2010--more than 2,500 of them! Our signature count increased more than 10% to 7,423 covering 862 protocols. Some amusing and bizarre new services are described at http://seclists.org/nmap-dev/2012/q1/359 o Integrated your latest IPv6 OS submissions and corrections. We're still low on IPv6 fingerprints, so please scan any IPv6 systems you own or administer and submit them to http://nmap.org/submit/. Both new fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap guesses wrong) are useful. o IPv6 OS detection now includes a novelty detection system which avoids printing a match when an observed fingerprint is too different from fingerprints seen before. As the OS database is still small, this helps to avoid making (essentially) wild guesses when seeing a new operating system. o Refactored the nsock library to add the nsock-engines system. o [NSE] Added 43(!) NSE scripts, bringing the total up to 340. o CPE (Common Platform Enumeration) OS classification is now supported for IPv6 OS detection. [...] Nmap 5.61TEST4 [2012-01-02] -> Nmap 5.61TEST1 [...] Lots of Bugfixes! Thanks to jschauma@ for analysing a NetBSD related problem, and to David Fifield for providing the (upstream) patch.
2012-09-16 22:29:06 +02:00
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/rtsp-urls.txt
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/snmpcommunities.lst
.include "../../mk/bsd.prefs.mk"
.if ${OPSYS} == "SunOS" || ${OPSYS} == "Linux"
MAKE_ENV+= CPPFLAGS=""
.endif
# The SunPro C++ compiler does not understand __FUNCTION__, as well as
# __func__. So __FILE__ is the nearest replacement.
.include "../../mk/compiler.mk"
.if !empty(PKGSRC_COMPILER:Msunpro)
CFLAGS.SunOS+= -D__FUNCTION__=__FILE__
.endif
.if empty(PKGSRC_COMPILER:Mgcc)
# The Makefile uses a hard-coded option -MM to get the dependencies, which
# is only understood by the GNU compiler. For a normal build the dependen-
# cies are not needed anyway, only when patching files and fixing bugs.
pre-build:
Update to version 4.20 Changes: 4.20 o Integrated the latest OS fingerprint submissions. The 2nd generation DB size has grown to 231 fingerprints. Please keep them coming! New fingerprints include Mac OS X Server 10.5 pre-release, NetBSD 4.99.4, Windows NT, and much more. o Fixed a segmentation fault in the new OS detection system which was reported by Craig Humphrey and Sebastian Garcia. o Fixed a TCP sequence prediction difficulty indicator bug. The index is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD). But some systems generated ISNs so insecurely that Nmap went berserk and reported a negative difficulty index. This generally only affects some printers, crappy cable modems, and Microsoft Windows (old versions). Thanks to Sebastian Garcia for helping me track down the problem. 4.20RC2 o Integrated all of your OS detection submissions since RC1. The DB has increased 13% to 214 fingerprints. Please keep them coming! New fingerprints include versions of z/OS, OpenBSD, Linux, AIX, FreeBSD, Cisco CatOS, IPSO firewall, and a slew of printers and misc. devices. We also got our first Windows 95 fingerprint, submitted anonymously of course :). o Fixed (I hope) the "getinterfaces: intf_loop() failed" error which was seen on Windows Vista. The problem was apparently in intf-win32.c of libdnet (need to define MIB_IF_TYPE_MAX to MAX_IF_TYPE rather than 32). Thanks to Dan Griffin (dan(a)jwsecure.com) for tracking this down! o Applied a couple minor bug fixes for IP options support and packet tracing. Thanks to Michal Luczaj (regenrecht(a)o2.pl) for reporting them. o Incorporated SLNP (Simple Library Network Protocol) version detection support. Thanks to Tibor Csogor (tibi(a)tiborius.net) for the patch. 4.20RC1 o Fixed (I hope) a bug related to Pcap capture on Mac OS X. Thanks to Christophe Thil for reporting the problem and to Kurt Grutzmacher and Diman Todorov for helping to track it down. o Integrated all of your OS detection submissions since ALPHA11. The DB has increased 27% to 189 signatures. Notable additions include the Apple Airport Express, Windows Vista RC1, OpenBSD 4.0, a Sony TiVo device, and tons of broadband routers, printers, switches, and Linux kernels. Keep those submissions coming! o Upgraded the included LibPCRE from version 6.4 to 6.7. Thanks to Jochen Voss (voss(a)seehuhn.de) for the suggestion (he found some bugs in 6.4) 4.20ALPHA11 o Integrated all of your OS detection submissions, bringing the database up to 149 fingerprints. This is an increase of 28% from ALPHA10. Notable additions include FreeBSD 6.1, a bunch of HP LaserJet printers, and HP-UX 11.11. We also got a bunch of more obscure submissions like Minix 3.1.2a and "Ember InSight Adapter for programming EM2XX-family embedded devices". Who doesn't have a few of those laying around? I'm hoping that all the obscure submissions mean that more of the mainstream systems are being detected out of the box! Please keep those submissions (obscure or otherwise) coming! 4.20ALPHA10 o Integrated tons of new OS fingerprints. The DB now contains 116 fingerprints, which is up 63% since the previous version. Please keep the submissions coming! 4.20ALPHA9 o Integrated the newly submitted OS fingerprints. The DB now contains 71 fingerprints, up 27% from 56 in ALPHA8. Please keep them coming! We still only have 4.2% as many fingerprints as the gen1 database. o Added the --open option, which causes Nmap to show only open ports. Ports in the states "open|closed" and "unfiltered" might be open, so those are shown unless the host has an overwhelming number of them. o Nmap gen2 OS detection used to always do 2 retries if it fails to find a match. Now it normally does just 1 retry, but does 4 retries if conditions are good enough to warrant fingerprint submission. This should speed things up on average. A new --max-os-tries option lets you specify a higher lower maximum number of tries. o Added --unprivileged option, which is the opposite of --privileged. It tells Nmap to treat the user as lacking network raw socket and sniffing privileges. This is useful for testing, debugging, or when the raw network functionality of your operating system is somehow broken. o Fixed a confusing error message which occured when you specified a ping scan or list scan, but also specified -p (which is only used for port scans). Thanks to Thomas Buchanan for the patch. o Applied some small cleanup patches from Kris Katterjohn 4.20ALPHA8 o Integrated the newly submitted OS fingerprints. The DB now contains 56, up 33% from 42 in ALPHA7. Please keep them coming! We still only have 3.33% as many signatures as the gen1 database. o Nmap 2nd generation OS detection now has a more sophisticated mechanism for guessing a target OS when there is no exact match in the database (see http://insecure.org/nmap/osdetect/osdetect-guess.html ) o Rewrote mswin32/nmap.rc to remove cruft and hopefully reduce some MFC-related compilation problems we've seen. Thanks to KX (kxmail(a)gmail.com) for doing this. o NmapFE now uses a spin button for verbosity and debugging options so that you can specify whatever verbosity (-v) or debugging (-d) level you desire. The --randomize-hosts option was also added to NmapFE. Thanks to Kris Katterjohn for the patches. o A dozen or so small patches to Nmap and NmapFE by Kris Katterjohn. o Removed libpcap/Win32 and libpcap/msdos as Nmap doesn't use them. This reduces the Nmap tar.bz2 by about 50K. Thanks to Kris Katterjohn for the suggestion. 4.20ALPHA7 o Did a bunch of Nmap 2nd generation fingerprint integration work. Thanks to everyone who sent some in, though we still need a lot more. Also thanks to Zhao for a bunch of help with the integration tools. 4.20ALPHA6 had 12 fingerprints, this new version has 42. The old DB (still included) has 1,684. o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE (http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006. Also added the unregistered PearPC virtual NIC prefix, as suggested by Robert Millan (rmh(a)aybabtu.com). o Applied some small internal cleanup patches by Kris Katterjohn. 4.20ALPHA6 o Fixed a bug in 2nd generation OS detection which would (usually) prevent fingerprints from being printed when systems don't respond to the 1st ICMP echo probe (the one with bogus code value of 9). Thanks to Brandon Enright for reporting and helping me debug the problem. o Fixed some problematic Nmap version detection signatures which could cause warning messages. Thanks to Brandon Enright for the initial patch. 4.20ALPHA5 o Worked with Zhao to improve the new OS detection system with better algorithms, probe changes, and bug fixes. We're now ready to start growing the new database! If Nmap gives you fingerprints, please submit them at the given URL. The DB is still extremely small. The new system is extensively documented at http://insecure.org/nmap/osdetect/ . o Nmap now supports IP options with the new --ip-options flag. You can specify any options in hex, or use "R" (record route), "T" (record timestamp), "U") (record route & timestamp), "S [route]" (strict source route), or "L [route]" (loose source route). Specify --packet-trace to display IP options of responses. For further information and examples, see http://insecure.org/nmap/man/ and http://seclists.org/nmap-dev/2006/q3/0052.html . Thanks to Marek Majkowski for writing and sending the patch. o Integrated all 2nd quarter service detection fingerprint submissions. Please keep them coming! We now have 3,671 signatures representing 415 protocols. Thanks to version detection czar Doug Hoyte for doing this. o Nmap now uses the (relatively) new libpcap pcap_get_selectable_fd API on systems which support it. This means that we no longer need to hack the included Pcap to better support Linux. So Nmap will now link with an existing system libpcap by default on that platform if one is detected. Thanks to Doug Hoyte for the patch. o Updated the included libpcap from 0.9.3 to 0.9.4. The changes I made are in libpcap/NMAP_MODIFICATIONS . By default, Nmap will now use the included libpcap unless version 0.9.4 or greater is already installed on the system. o Applied some nsock bugfixes from Diman Todorov. These don't affect the current version of Nmap, but are important for his Nmap Scripting Engine, which I hope to integrate into mainline Nmap in September. o Fixed a bug which would occasionally cause Nmap to crash with the message "log_vwrite: write buffer not large enough". I thought I conquered it in a previous release -- thanks to Doug Hoyte for finding a corner case which proved me wrong. o Fixed a bug in the rDNS system which prevented us from querying certain authoritative DNS servers which have recursion explicitly disabled. Thanks to Doug Hoyte for the patch. o --packet-trace now reports TCP options (thanks to Zhao Lei for the patch). Thanks to the --ip-options addition also found in this release, IP options are printed too. o Cleaned up Nmap DNS reporting to be a little more useful and concise. Thanks to Doug Hoyte for the patch. o Applied a bunch of small internal cleanup patches by Kris Katterjohn (kjak(a)ispwest.com). o Fixed the 'distclean' make target to be more comprehensive. Thanks to Thomas Buchanan (Thomas.Buchanan(a)thecompassgrp.net) for the patch. Nmap 4.20ALPHA4 o Nmap now provides progress statistics in the XML output in verbose mode. Here are some examples of the format (etc is "estimated time until completion) and times are in UNIX time_t (seconds since 1970) format. Angle braces have been replaced by square braces: [taskbegin task="SYN Stealth Scan" time="1151384685" /] [taskprogress task="SYN Stealth Scan" time="1151384715" percent="13.85" remaining="187" etc="1151384902" /] [taskend task="SYN Stealth Scan" time="1151384776" /] [taskbegin task="Service scan" time="1151384776" /] [taskend task="Service scan" time="1151384788" /] Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch. o Updated the Windows installer to give an option checkbox for performing the Nmap performance registry changes. The default is to do so. Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch. o Applied several code cleanup patches from Marek Majkowski. o Added --release-memory option, which causes Nmap to release all accessible memory buffers before quitting (rather than let the OS do it). This is only useful for debugging memory leaks. o Fixed a bug related to bogus completion time estimates when you request an estimate (through runtime interaction) right when Nmap is starting.a subsystem (such as a port scan or version detection). Thanks to Diman Todorov for reporting the problem and Doug Hoyte for writing a fix. o Nmap no longer gets random numbers from OpenSSL when it is available because that turned out to be slower than Nmap's other methods (e.g. /dev/urandom on Linux, /dev/arandom on OpenBSD, etc.). Thanks to Marek Majkowski for reporting the problem. o Updated the Windows binary distributions (self-installer and .zip) to include the new 2nd generation OS detection DB (nmap-os-db). Thanks to Sina Bahram for reporting the problem. o Fixed the --max-retries option, which wasn't being honored. Thanks to Jon Passki (jon.passki(a)hursk.com) for the patch. Nmap 4.20ALPHA3 o Added back Win32 support thanks to a patch by kx o Fixed the English translation of TCP sequence difficulty reported by Brandon Enright, and also removed fingerprint printing for 1st generation fingerprints (I don't really want to deal with those anymore). Thanks to Zhao Lei for writing this patch. o Fix a problem which caused OS detection to be done in some cases even if the user didn't request it. Thanks to Diman Todorov for the fix. Nmap 4.20ALPHA2 o Included nmap-os-db (the new OS detection DB) within the release. Oops! Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for catching this problem with 4.20ALPHA1. o Added a fix for the crash in the new OS detection which would come with the message "Probe doesn't exist! Probe type: 1. Probe subid: 1" Nmap 4.20ALPHA1 o Integrated initial 2nd generation OS detection patch! The system is documented at http://insecure.org/nmap/osdetect/ . Thanks to Zhao Lei for helping with the coding and design. o portlist.cc was refactored to remove some code duplication. Thanks to Diman Todorov for the patch.
2006-12-17 18:55:49 +01:00
${ECHO} "# ignored" > ${WRKSRC}/makefile.dep
.endif
.include "../../devel/pcre/buildlink3.mk"
.include "../../net/libpcap/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
#.include "../../devel/subversion-base/buildlink3.mk"
1999-01-15 01:08:53 +01:00
.include "../../mk/bsd.pkg.mk"