2014-10-20 00:27:43 +02:00
|
|
|
# $NetBSD: Makefile,v 1.123 2014/10/19 22:27:47 alnsn Exp $
|
1999-01-15 01:08:53 +01:00
|
|
|
|
Changes 6.47:
o Integrated all of your IPv4 OS fingerprint submissions since June 2013
(2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
Highlights: http://seclists.org/nmap-dev/2014/q3/325
o (Windows) Upgraded the included OpenSSL to version 1.0.1i.
o (Windows) Upgraded the included Python to version 2.7.8.
o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
was added in 6.45, and resulted in trouble for Nmap XML parsers without
network access, as well as increased traffic to Nmap's servers. The doctype
is now:
<!DOCTYPE nmaprun>
o [Ndiff] Fixed the installation process on Windows, which was missing the
actual Ndiff Python module since we separated it from the driver script.
o [Ndiff] Fixed the ndiff.bat wrapper in the zipfile Windows distribution,
which was giving the error, "\Microsoft was unexpected at this time." See
https://support.microsoft.com/kb/2524009
o [Zenmap] Fixed the Zenmap .dmg installer for OS X. Zenmap failed to launch,
producing this error:
Could not import the zenmapGUI.App module:
'dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so, 2):
Library not loaded: /Users/david/macports-10.5/lib/libffi.5.dylib\n
Referenced from:
/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so\n
Reason: image not found'.
o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
being written in the wrong place, so authentication could not succeed.
o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
this to the string "(null)", but it caused segfault on Solaris.
o [Zenmap][Ndiff] Avoid crashing when users have the antiquated PyXML package
installed. Python tries to be nice and loads it when we import xml, but it
isn't compatible. Instead, we force Python to use the standard library xml
module.
o Handle ICMP admin-prohibited messages when doing service version detection.
Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
callback. Error code: 101 (Network is unreachable)
o [NSE] Fix a bug causing http.head to not honor redirects.
o [Zenmap] Fix a bug in DiffViewer causing this crash:
TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only
buffer, not NmapParserSAX
Crash happened when trying to compare two scans within Zenmap.
2014-09-05 13:51:41 +02:00
|
|
|
DISTNAME= nmap-6.47
|
2014-10-20 00:27:43 +02:00
|
|
|
PKGREVISION= 1
|
2000-04-29 19:32:19 +02:00
|
|
|
CATEGORIES= net security
|
2009-07-20 21:40:08 +02:00
|
|
|
MASTER_SITES= http://nmap.org/dist/
|
2003-04-22 12:32:24 +02:00
|
|
|
EXTRACT_SUFX= .tar.bz2
|
1999-02-18 17:40:50 +01:00
|
|
|
|
Nmap 5.35DC1 [2010-07-16]
Some of the highlights are:
o [NSE] Added more scripts, bringing the total to 131!
o Performed a major OS detection integration run.
o Performed a large version detection integration run.
o [Zenmap] Added the ability to print Nmap output to a printer.
o [Nmap, Ncat, Nping] The default unit for time specifications is now
seconds, not milliseconds, and times may have a decimal point.
o Ports are now considered open during a SYN scan if a SYN packet
(without the ACK flag) is received in response.
o [Ncat] In listen mode, the --exec and --sh-exec options now accept a
single connection and then exit, just like in normal listen mode.
o UDP payloads are now stored in an external data file, nmap-payloads,
instead of being hard-coded in the executable.
o Added a new library, libnetutil, which contains about 2,700 lines of
networking related code which is now shared between Nmap and Nping
o Improved service detection match lines.
o Improved our brute force password guessing list by mixing in some
data sent in by Solar Designer of John the Ripper fame.
o [Zenmap] IP addresses are now sorted by octet rather than their
string representation.
o [Ncat] When receiving a connection/datagram in listen mode, Ncat now
prints the connecting source port along with the IP address.
o Added EPROTO to the list of known error codes in service scan.
o Updated IANA IP address space assignment list for random IP (-iR)
generation.
o Zenmap's "slow comprehensive scan profile" has been modified to use
the best 7-probe host discovery combination we were able to find in
extensive empirical testing
o Zenmap now lets you save scan results in normal Nmap text output
format or (as before) as XML.
o [NSE] Raw packet sending at the IP layer is now supported, in
addition to the existing Ethernet sending functionality.
o Nmap now honors routing table entries that override interface
addresses and netmasks.
o [Ncat] The HTTP proxy server now accepts client connections over
SSL, and added support for HTTP digest authentication of proxies, as
both client and server.
o Improved the MIT Kerberos version detection signatures.
Plus many bugfixes and improvements.
For full changelog, see http://nmap.org/changelog.html
2010-07-22 22:46:29 +02:00
|
|
|
MAINTAINER= pettai@NetBSD.org
|
2006-10-04 23:53:15 +02:00
|
|
|
HOMEPAGE= http://insecure.org/nmap/
|
2001-02-17 18:52:59 +01:00
|
|
|
COMMENT= Network/port scanner with OS detection
|
2010-03-21 22:58:23 +01:00
|
|
|
LICENSE= gnu-gpl-v2
|
1999-01-15 01:08:53 +01:00
|
|
|
|
2012-02-24 16:05:34 +01:00
|
|
|
BUILDLINK_API_DEPENDS.libpcap+= libpcap>=1.0.0
|
|
|
|
BUILDLINK_API_DEPENDS.libpcre+= libpcre>=7.6
|
|
|
|
BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.8
|
Update to version 4.20
Changes:
4.20
o Integrated the latest OS fingerprint submissions. The 2nd
generation DB size has grown to 231 fingerprints. Please keep them
coming! New fingerprints include Mac OS X Server 10.5 pre-release,
NetBSD 4.99.4, Windows NT, and much more.
o Fixed a segmentation fault in the new OS detection system
which was reported by Craig Humphrey and Sebastian Garcia.
o Fixed a TCP sequence prediction difficulty indicator bug. The index
is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD).
But some systems generated ISNs so insecurely that Nmap went
berserk and reported a negative difficulty index. This generally
only affects some printers, crappy cable modems, and Microsoft
Windows (old versions). Thanks to Sebastian Garcia for helping me
track down the problem.
4.20RC2
o Integrated all of your OS detection submissions since RC1. The DB
has increased 13% to 214 fingerprints. Please keep them coming!
New fingerprints include versions of z/OS, OpenBSD, Linux, AIX,
FreeBSD, Cisco CatOS, IPSO firewall, and a slew of printers and
misc. devices. We also got our first Windows 95 fingerprint,
submitted anonymously of course :).
o Fixed (I hope) the "getinterfaces: intf_loop() failed" error which
was seen on Windows Vista. The problem was apparently in
intf-win32.c of libdnet (need to define MIB_IF_TYPE_MAX to
MAX_IF_TYPE rather than 32). Thanks to Dan Griffin
(dan(a)jwsecure.com) for tracking this down!
o Applied a couple minor bug fixes for IP options
support and packet tracing. Thanks to Michal Luczaj
(regenrecht(a)o2.pl) for reporting them.
o Incorporated SLNP (Simple Library Network Protocol) version
detection support. Thanks to Tibor Csogor (tibi(a)tiborius.net) for
the patch.
4.20RC1
o Fixed (I hope) a bug related to Pcap capture on Mac OS X. Thanks to
Christophe Thil for reporting the problem and to Kurt Grutzmacher
and Diman Todorov for helping to track it down.
o Integrated all of your OS detection submissions since ALPHA11. The
DB has increased 27% to 189 signatures. Notable additions include
the Apple Airport Express, Windows Vista RC1, OpenBSD 4.0, a Sony
TiVo device, and tons of broadband routers, printers, switches, and
Linux kernels. Keep those submissions coming!
o Upgraded the included LibPCRE from version 6.4 to 6.7. Thanks to
Jochen Voss (voss(a)seehuhn.de) for the suggestion (he found some bugs
in 6.4)
4.20ALPHA11
o Integrated all of your OS detection submissions, bringing the
database up to 149 fingerprints. This is an increase of 28% from
ALPHA10. Notable additions include FreeBSD 6.1, a bunch of HP
LaserJet printers, and HP-UX 11.11. We also got a bunch of more
obscure submissions like Minix 3.1.2a and "Ember InSight Adapter for
programming EM2XX-family embedded devices". Who doesn't have a few
of those laying around? I'm hoping that all the obscure submissions
mean that more of the mainstream systems are being detected out of
the box! Please keep those submissions (obscure or otherwise)
coming!
4.20ALPHA10
o Integrated tons of new OS fingerprints. The DB now contains 116
fingerprints, which is up 63% since the previous version. Please keep
the submissions coming!
4.20ALPHA9
o Integrated the newly submitted OS fingerprints. The DB now contains
71 fingerprints, up 27% from 56 in ALPHA8. Please keep them coming!
We still only have 4.2% as many fingerprints as the gen1 database.
o Added the --open option, which causes Nmap to show only open ports.
Ports in the states "open|closed" and "unfiltered" might be open, so
those are shown unless the host has an overwhelming number of them.
o Nmap gen2 OS detection used to always do 2 retries if it fails to
find a match. Now it normally does just 1 retry, but does 4 retries
if conditions are good enough to warrant fingerprint submission.
This should speed things up on average. A new --max-os-tries option
lets you specify a higher lower maximum number of tries.
o Added --unprivileged option, which is the opposite of --privileged.
It tells Nmap to treat the user as lacking network raw socket and
sniffing privileges. This is useful for testing, debugging, or when
the raw network functionality of your operating system is somehow
broken.
o Fixed a confusing error message which occured when you specified a
ping scan or list scan, but also specified -p (which is only used for
port scans). Thanks to Thomas Buchanan for the patch.
o Applied some small cleanup patches from Kris Katterjohn
4.20ALPHA8
o Integrated the newly submitted OS fingerprints. The DB now contains
56, up 33% from 42 in ALPHA7. Please keep them coming! We still only
have 3.33% as many signatures as the gen1 database.
o Nmap 2nd generation OS detection now has a more sophisticated
mechanism for guessing a target OS when there is no exact match in the
database (see http://insecure.org/nmap/osdetect/osdetect-guess.html )
o Rewrote mswin32/nmap.rc to remove cruft and hopefully reduce some
MFC-related compilation problems we've seen. Thanks to KX
(kxmail(a)gmail.com) for doing this.
o NmapFE now uses a spin button for verbosity and debugging options so
that you can specify whatever verbosity (-v) or debugging (-d) level
you desire. The --randomize-hosts option was also added to NmapFE.
Thanks to Kris Katterjohn for the patches.
o A dozen or so small patches to Nmap and NmapFE by Kris Katterjohn.
o Removed libpcap/Win32 and libpcap/msdos as Nmap doesn't use them.
This reduces the Nmap tar.bz2 by about 50K. Thanks to Kris Katterjohn
for the suggestion.
4.20ALPHA7
o Did a bunch of Nmap 2nd generation fingerprint integration work.
Thanks to everyone who sent some in, though we still need a lot more.
Also thanks to Zhao for a bunch of help with the integration tools.
4.20ALPHA6 had 12 fingerprints, this new version has 42. The old DB
(still included) has 1,684.
o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
(http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006.
Also added the unregistered PearPC virtual NIC prefix, as suggested
by Robert Millan (rmh(a)aybabtu.com).
o Applied some small internal cleanup patches by Kris Katterjohn.
4.20ALPHA6
o Fixed a bug in 2nd generation OS detection which would (usually) prevent
fingerprints from being printed when systems don't respond to the 1st
ICMP echo probe (the one with bogus code value of 9). Thanks to
Brandon Enright for reporting and helping me debug the problem.
o Fixed some problematic Nmap version detection signatures which could
cause warning messages. Thanks to Brandon Enright for the initial patch.
4.20ALPHA5
o Worked with Zhao to improve the new OS detection system with
better algorithms, probe changes, and bug fixes. We're
now ready to start growing the new database! If Nmap gives you
fingerprints, please submit them at the given URL. The DB is still
extremely small. The new system is extensively documented at
http://insecure.org/nmap/osdetect/ .
o Nmap now supports IP options with the new --ip-options flag. You
can specify any options in hex, or use "R" (record route), "T"
(record timestamp), "U") (record route & timestamp), "S [route]"
(strict source route), or "L [route]" (loose source route). Specify
--packet-trace to display IP options of responses. For further
information and examples, see http://insecure.org/nmap/man/ and
http://seclists.org/nmap-dev/2006/q3/0052.html . Thanks to Marek
Majkowski for writing and sending the patch.
o Integrated all 2nd quarter service detection fingerprint
submissions. Please keep them coming! We now have 3,671 signatures
representing 415 protocols. Thanks to version detection czar Doug
Hoyte for doing this.
o Nmap now uses the (relatively) new libpcap pcap_get_selectable_fd
API on systems which support it. This means that we no longer need
to hack the included Pcap to better support Linux. So Nmap will now
link with an existing system libpcap by default on that platform if
one is detected. Thanks to Doug Hoyte for the patch.
o Updated the included libpcap from 0.9.3 to 0.9.4. The changes I
made are in libpcap/NMAP_MODIFICATIONS . By default, Nmap will now
use the included libpcap unless version 0.9.4 or greater is already
installed on the system.
o Applied some nsock bugfixes from Diman Todorov. These don't affect
the current version of Nmap, but are important for his Nmap
Scripting Engine, which I hope to integrate into mainline Nmap in
September.
o Fixed a bug which would occasionally cause Nmap to crash with the
message "log_vwrite: write buffer not large enough". I thought I
conquered it in a previous release -- thanks to Doug Hoyte for finding a
corner case which proved me wrong.
o Fixed a bug in the rDNS system which prevented us from querying
certain authoritative DNS servers which have recursion explicitly
disabled. Thanks to Doug Hoyte for the patch.
o --packet-trace now reports TCP options (thanks to Zhao Lei for the
patch). Thanks to the --ip-options addition also found in this
release, IP options are printed too.
o Cleaned up Nmap DNS reporting to be a little more useful and
concise. Thanks to Doug Hoyte for the patch.
o Applied a bunch of small internal cleanup patches by Kris Katterjohn
(kjak(a)ispwest.com).
o Fixed the 'distclean' make target to be more comprehensive. Thanks
to Thomas Buchanan (Thomas.Buchanan(a)thecompassgrp.net) for the
patch.
Nmap 4.20ALPHA4
o Nmap now provides progress statistics in the XML output in verbose
mode. Here are some examples of the format (etc is "estimated time
until completion) and times are in UNIX time_t (seconds since 1970)
format. Angle braces have been replaced by square braces:
[taskbegin task="SYN Stealth Scan" time="1151384685" /]
[taskprogress task="SYN Stealth Scan" time="1151384715"
percent="13.85" remaining="187" etc="1151384902" /]
[taskend task="SYN Stealth Scan" time="1151384776" /]
[taskbegin task="Service scan" time="1151384776" /]
[taskend task="Service scan" time="1151384788" /]
Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.
o Updated the Windows installer to give an option checkbox for
performing the Nmap performance registry changes. The default is to
do so. Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.
o Applied several code cleanup patches from Marek Majkowski.
o Added --release-memory option, which causes Nmap to release all
accessible memory buffers before quitting (rather than let the OS do
it). This is only useful for debugging memory leaks.
o Fixed a bug related to bogus completion time estimates when you
request an estimate (through runtime interaction) right when Nmap is
starting.a subsystem (such as a port scan or version detection).
Thanks to Diman Todorov for reporting the problem and Doug Hoyte for
writing a fix.
o Nmap no longer gets random numbers from OpenSSL when it is available
because that turned out to be slower than Nmap's other methods
(e.g. /dev/urandom on Linux, /dev/arandom on OpenBSD, etc.). Thanks
to Marek Majkowski for reporting the problem.
o Updated the Windows binary distributions (self-installer and .zip)
to include the new 2nd generation OS detection DB (nmap-os-db).
Thanks to Sina Bahram for reporting the problem.
o Fixed the --max-retries option, which wasn't being honored. Thanks
to Jon Passki (jon.passki(a)hursk.com) for the patch.
Nmap 4.20ALPHA3
o Added back Win32 support thanks to a patch by kx
o Fixed the English translation of TCP sequence difficulty reported by
Brandon Enright, and also removed fingerprint printing for 1st
generation fingerprints (I don't really want to deal with those
anymore). Thanks to Zhao Lei for writing this patch.
o Fix a problem which caused OS detection to be done in some cases
even if the user didn't request it. Thanks to Diman Todorov for the
fix.
Nmap 4.20ALPHA2
o Included nmap-os-db (the new OS detection DB) within the release.
Oops! Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for catching
this problem with 4.20ALPHA1.
o Added a fix for the crash in the new OS detection which would come
with the message "Probe doesn't exist! Probe type: 1. Probe subid: 1"
Nmap 4.20ALPHA1
o Integrated initial 2nd generation OS detection patch! The system is
documented at http://insecure.org/nmap/osdetect/ . Thanks to Zhao Lei
for helping with the coding and design.
o portlist.cc was refactored to remove some code duplication. Thanks
to Diman Todorov for the patch.
2006-12-17 18:55:49 +01:00
|
|
|
|
Changes 3.77:
o Fixed a memory leak that would generally consume several hundred
bytes per down host scanned. While the effect for most scans is
negligible, it was overwhelming when Scott Carlson
(Scott.Carlson(a)schwab.com) tried to scan 24 million IPs
(10.0.0.0/8). Thanks to him for reporting the problem.
o Fixed a bug in ACK scan that could cause Nmap to crash with the
message "Unexpected port state: 6" in some cases. Thanks to Glyn
Geoghegan (glyng(a)corsaire.com) for reporting the problem.
o Change IP protocol scan (-sO) so that a response from the target
host in any protocol at all will prove that protocol is open. As
before, no response means "open|filtered", an ICMP protocol
unreachable means "closed", and most other ICMP error messages mean
"filered".
o Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and
UDP headers when scanning protocols 1, 6, and 17, respectively. An
emtpy IP header is still sent for all other protocols. This should
prevent the error messages such as "sendto in send_ip_packet:
sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not
permitted" that Linux (and perhaps other systems) would give when
they try to interpret the raw packet. This also makes it more
likely that these protocols will elicit a response, proving that the
protocol is "open".
o Null, FIN, Maimon, and Xmas scans now mark ports as "open|filtered"
instead of "open" when they fail to receive any response from the
target port. After all, it could just as easily be filtered as open.
This is the same change that was made to UDP scan in 3.70. Also as
with UDP scan, adding version detection (-sV) will change the state
from open|filtered to open if it confirms that they really are open.
o Fixed a crash on Windows systems that don't include the iphlpapi
DLL. This affects Win95 and perhaps other variants. Thanks to Ganga
Bhavani (GBhavani(a)everdreamcorp.com) for reporting the problem and
sending the patch.
o Ensured that the device type, os vendor, and os family OS
fingerprinting classification values are scrubbed for XML compliance
in the XML output. Thanks to Matthieu Verbert
(mve(a)zurich.ibm.com) for reporting the problem and sending a patch.
o Changed to Nmap XML DTD to use the same xmloutputversion (1.01) as
newer versions of Nmap. Thanks to Laurent Estieux
(laurent.estieux(a)free.fr) for reporting the problem.
2004-11-26 10:24:20 +01:00
|
|
|
USE_LANGUAGES= c c++
|
Update to version 3.93
Changes:
3.93:
=====
o Modified Libpcap's configure.ac to compile with the
--fno-strict-aliasing option if gcc 4.X is used. This prevents when
said compiler is used. This was done for Nmap in 3.90, but is
apparently needed for pcap too. Thanks to Craig Humphrey
(Craig.Humphrey(a)chapmantripp.com) for the discovery.
o Patched libdnet to include sys/uio.h in src/tun-linux.c. This is
apparently necessary on some Glibc 2.1 systems. Thanks to Rob Foehl
(rwf(a)loonybin.net) for the patch.
o Fixed a crash which could occur when a ridiculously short
--host_timeout was specified on Windows (or on UNIX if --send_eth was
specified). Nmap now also prints a warning if you specify a
host_timeout of less than 1 second. Thanks to Ole Morten Grodaas
(grodaas(a)gmail.com) for discovering the problem.
3.91:
=====
o Fixed a crash on Windows when you -P0 scan an unused IP on a local
network (or a range that contains unused IPs). This could also
happen on UNIX if you specified the new --send_eth option. Thanks
to Jim Carras (JFCECL(a)engr.psu.edu) for reporting the problem.
o Fixed compilation on OpenBSD by applying a patch from Okan Demirmen
(okan(a)demirmen.com), who maintains Nmap in the OpenBSD Ports
collection.
o Updated nmap-mac-prefixes to include OUIs assigned by the IEEE since
April.
o Updated the included libpcre (used for version detection) from
version 4.3 to 6.3. A libpcre securty issue was fixed in 6.3, but
that issue never affected Nmap.
o Updated the included libpcap from 0.8.3 to 0.9.3. I also changed
the directory name in the Nmap tarball from libpcap-possiblymodified
to just libpcap. As usual, the modifications are described in the
NMAP_MODIFICATIONS in that directory.
3.90:
=====
o Added the ability for Nmap to send and properly route raw ethernet
packets cointaining IP datagrams rather than always sending the
packets via raw sockets. This is particularly useful for Windows,
since Microsoft has disabled raw socket support in XP for no good
reason. Nmap tries to choose the best method at runtime based on
platform, though you can override it with the new --send_eth and
--send_ip options.
o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to
determine whether hosts on a LAN are up, rather than relying on
higher-level IP packets (which can only be sent after a successful
ARP request and reply anyway). This is much faster and more
reliable (not subject to IP-level firewalling) than IP-based probes.
The downside is that it only works when the target machine is on the
same LAN as the scanning machine. It is now used automatically for
any hosts that are detected to be on a local ethernet network,
unless --send_ip was specified. Example usage: nmap -sP -PR
192.168.0.0/16 .
o Added the --spoof_mac option, which asks Nmap to use the given MAC
address for all of the raw ethernet frames it sends. The MAC given
can take several formats. If it is simply the string "0", Nmap
chooses a completely random MAC for the session. If the given
string is an even number of hex digits (with the pairs optionally
separated by a colon), Nmap will use those as the MAC. If less than
12 hex digits are provided, Nmap fills in the remainder of the 6
bytes with random values. If the argument isn't a 0 or hex string,
Nmap looks through the nmap-mac-prefixes to find a vendor name
containing the given string (it is case insensitive). If a match is
found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the
remaining 3 bytes randomly. Valid --spoof_mac argument examples are
"Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and
"Cisco".
o Applied an enormous nmap-service-probes (version detection) update
from SoC student Doug Hoyte (doug(a)hcsw.org). Version 3.81 had
1064 match lines covering 195 service protocols. Now we have 2865
match lines covering 359 protocols! So the database size has nearly
tripled! This should make your -sV scans quicker and more
accurate. Thanks also go to the (literally) thousands of you who
submitted service fingerprints. Keep them coming!
o Applied a massive OS fingerprint update from Zhao Lei
(zhaolei(a)gmail.com). About 350 fingerprints were added, and many
more were updated. Notable additions include Mac OS X 10.4 (Tiger),
OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along
with a new "robotic pet" device type category), the latest Linux 2.6
kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64
UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO
3.8.X, and Solaris 10. Of course there are also tons of new
broadband routers, printers, WAPs and pretty much any other device
you can coax an ethernet cable (or wireless card) into!
o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think
the ASCII art sucks, feel free to send me alternatives. Note that
only people compiling the UNIX source code get this. (ASCII artist
unknown).
o Added OS, device type, and hostname detection using the service
detection framework. Many services print a hostname, which may be
different than DNS. The services often give more away as well. If
Nmap detects IIS, it reports an OS family of "Windows". If it sees
HP JetDirect telnetd, it reports a device type of "printer". Rather
than try to combine TCP/IP stack fingerprinting and service OS
fingerprinting, they are both printed. After all, they could
legitimately be different. An IP that gives a stack fingerprint
match of "Linksys WRT54G broadband router" and a service fingerprint
of Windows based on Kazaa running is likely a common NAT setup rather
than an Nmap mistake.
o Nmap on Windows now compiles/links with the new WinPcap 3.1
header/lib files. So please upgrade to 3.1 from
http://www.winpcap.org before installing this version of Nmap.
While older versions may still work, they aren't supported with Nmap.
o The official Nmap RPM files are now compiled statically for better
compatability with other systems. X86_64 (AMD Athlon64/Opteron)
binaries are now available in addition to the standard i386. NmapFE
RPMs are no longer distributed by Insecure.Org.
o Nmap distribution signing has changed. Release files are now signed
with a new Nmap Project GPG key (KeyID 6B9355D0). Fyodor has also
generated a new key for himself (KeyID 33599B5F). The Nmap key has
been signed by Fyodor's new key, which has been signed by Fyodor's
old key so that you know they are legit. The new keys are available
at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as
docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public
keyserver network. Here are the fingerprints:
pub 1024D/33599B5F 2005-04-24
Key fingerprint = BB61 D057 C0D7 DCEF E730 996C 1AF6 EC50 3359 9B5F
uid Fyodor <fyodor@insecure.org>
sub 2048g/D3C2241C 2005-04-24
pub 1024D/6B9355D0 2005-04-24
Key fingerprint = 436D 66AB 9A79 8425 FDA0 E3F8 01AF 9F03 6B93 55D0
uid Nmap Project Signing Key (http://www.insecure.org/)
sub 2048g/A50A6A94 2005-04-24
o Fixed a crash problem related to non-portable varargs (vsnprintf)
usage. Reports of this crash came from Alan William Somers
(somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de).
This patch was prevalent on Linux boxes running an Opteron/Athlon64
CPU in 64-bit mode.
o Fixed crash when Nmap is compiled using gcc 4.X by adding the
--fno-strict-aliasing option when that compiler is detected. Thanks
to Greg Darke (starstuff(a)optusnet.com.au) for discovering that
this option fixes (hides) the problem and to Duilio J. Protti
(dprotti(a)flowgate.net) for writing the configure patch to detect
gcc 4 and add the option. A better fix is to identify and rewrite
lines that violate C99 alias rules, and we are looking into that.
o Added "rarity" feature to Nmap version detection. This causes
obscure probes to be skipped when they are unlikely to help. Each
probe now has a "rarity" value. Probes that detect dozens of
services such as GenericLines and GetRequest have rarity values of
1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9.
When interrogating a port, Nmap always tries probes registered to
that port number. So even WWWOFFLEctrlstat will be tried against
port 8081 and mydoom will be tried against open ports between 3127
and 3198. If none of the registered ports find a match, Nmap tries
probes that have a rarity less than or equal to its current
intensity level. The intensity level defaults to 7 (so that most of
the probes are done). You can set the intensity level with the new
--version_intensity option. Alternatively, you can just use
--version_light or --version_all which set the intensity to 2 (only
try the most important probes and ones registered to the port
number) and 9 (try all probes), respectively. --version_light is
much faster than default version detection, but also a bit less
likely to find a match. This feature was designed and implemented
by Doug Hoyte (doug(a)hcsw.org).
o Added a "fallback" feature to the nmap-service-probes database.
This allows a probe to "inherit" match lines from other probes. It
is currently only used for the HTTPOptions, RTSPRequest, and
SSLSessionReq probes to inherit all of the match lines from
GetRequest. Some servers don't respond to the Nmap GetRequest (for
example because it doesn't include a Host: line) but they do respond
to some of those other 3 probes in ways that GetRequest match lines
are general enough to match. The fallback construct allows us to
benefit from these matches without repeating hundreds of signatures
in the file. This is another feature designed and implemented
by Doug Hoyte (doug(a)hcsw.org).
o Fixed crash with certain --excludefile or
--exclude arguments. Thanks to Kurt Grutzmacher
(grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for
reporting the problem, and to Duilio J. Protti
(dprotti(a)flowgate.net) for debugging the issue and sending the
patch.
o Updated random scan (ip_is_reserved()) to reflect the latest IANA
assignments. This patch was sent in by Felix Groebert
(felix(a)groebert.org).
o Included new Russian man page translation by
locco_bozi(a)Safe-mail.net
o Applied pach from Steve Martin (smartin(a)stillsecure.com) which
standardizes many OS names and corrects typos in nmap-os-fingerprints.
o Fixed a crash found during certain UDP version scans. The crash was
discovered and reported by Ron (iago(a)valhallalegends.com) and fixed
by Doug Hoyte (doug(a)hcsw.com).
o Added --iflist argument which prints a list of system interfaces and
routes detected by Nmap.
o Fixed a protocol scan (-sO) problem which led to the error message:
"Error compiling our pcap filter: syntax error". Thanks to Michel
Arboi (michel(a)arboi.fr.eu.org) for reporting the problem.
o Fixed an Nmap version detection crash on Windows which led to the
error message "Unexpected error in NSE_TYPE_READ callback. Error
code: 10053 (Unknown error)". Thanks to Srivatsan
(srivatsanp(a)adventnet.com) for reporting the problem.
o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers
(TSellers(a)trustmark.com).
o Applied some changes from Gisle Vanem (giva(a)bgnett.no) to make
Nmap compile with Cygwin.
o XML "osmatch" element now has a "line" attribute giving the
reference fingerprint line number in nmap-os-fingerprints.
o Added a distcc probes and a bunch of smtp matches from Dirk Mueller
(mueller(a)kde.org) to nmap-service-probes. Also added AFS version
probe and matches from Lionel Cons (lionel.cons(a)cern.ch). And
even more probes and matches from Martin Macok
(martin.macok(a)underground.cz)
o Fixed a problem where Nmap compilation would use header files from
the libpcap included with Nmap even when it was linking to a system
libpcap. Thanks to Solar Designer (solar(a)openwall.com) and Okan
Demirmen (okan(a)demirmen.com) for reporting the problem.
o Added configure option --with-libpcap=included to tell Nmap to use
the version of libpcap it ships with rather than any that may already be
installed on the system. You can still use --with-libpcap=[dir] to
specify that a system libpcap be installed rather than the shipped
one. By default, Nmap looks at both and decides which one is likely
to work best. If you are having problems on Solaris, try
--with-libpcap=included .
o Changed the --no-stylesheet option to --no_stylesheet to be
consistant with all of the other Nmap options. Though I'm starting to
like hyphens a bit better than underscores and may change all of the
options to use hyphens instad at some point.
o Added "Exclude" directive to nmap-service-probes grammar which
causes version detection to skip listed ports. This is helpful for
ports such as 9100. Some printers simply print any data sent to
that port, leading to pages of HTTP requests, SMB queries, X Windows
probes, etc. If you really want to scan all ports, specify
--allports. This patch came from Doug Hoyte (doug(a)hcsw.org).
o Added a stripped-down and heavily modified version of Dug Song's
libdnet networking library (v. 1.10). This helps with the new raw
ethernet features. My (extensive) changes are described in
libdnet-stripped/NMAP_MODIFICATIONS
o Removed WinIP library (and all Windows raw sockets code) since MS
has gone and broken raw sockets. Maybe packet receipt via raw
sockets will come back at some point. As part of this removal, the
Windows-specific --win_help, --win_list_interfaces, --win_norawsock,
--win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi,
and --win_trace options have been removed.
o Chagned the interesting ports array from a 65K-member array of
pointers into an STL list. This noticeable reduces memory usage in
some cases, and should also give a slight runtime performance
boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com).
o Removed the BSDFIX/BSDUFIX macros. The underlying bug in
FreeBSD/NetBSD is still there though. When an IP packet is sent
through a raw socket, these platforms require the total length and
fragmentation offset fields of an IP packet to be in host byte order
rather than network byte order, even though all the other fields
must be in NBO. I believe that OpenBSD fixed this a while back.
Other platforms, such as Linux, Solaris, Mac OS X, and Windows take
all of the fields in network byte order. While I removed the macro,
I still do the munging where required so that Nmap still works on
FreeBSD.
o Integrated many nmap-service-probes changes from Bo Jiang
(jiangbo(a)brandeis.edu)
o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri
(eilon(a)aristo.tau.ac.il)
o Added some new RPC services to nmap-rpc thanks to a patch from
vlad902 (vlad902(a)gmail.com).
o Fixed a bug where Nmap would quit on Windows whenever it encountered
a raw scan of localhost (including the local ethernet interface
address), even when that was just one address out of a whole network
being scanned. Now Nmap just warns that it is skipping raw scans when
it encounters the local IP, but continues on to scan the rest of the
network. Raw scans do not currently work against local IP addresses
because Winpcap doesn't support reading/writing localhost interfaces
due to limitations of Windows.
o The OS fingerprint is now provided in XML output if debugging is
enabled (-d) or verbosity is at least 2 (-v -v). This patch was
sent by Okan Demirmen (okan(a)demirmen.com)
o Fixed the way tcp connect scan (-sT) respons to ICMP network
unreachable responses (patch by Richard Moore
(rich(a)westpoint.ltd.uk).
o Update random host scan (-iR) to support the latest IANA-allocated
ranges, thanks to patch by Chad Loder (cloder(a)loder.us).
o Updated GNU shtool (a helper program used during 'make install' to
version 2.0.2, which fixes a predictable temporary filename
weakness discovered by Eric Raymond.
o Removed addport element from XML DTD, since it is no longer used
(sugested by Lionel Cons (lionel.cons(a)cern.ch)
o Added new --privileged command-line option and NMAP_PRIVILEGED
environmental variable. Either of these tell Nmap to assume that
the user has full privileges to execute raw packet scans, OS
detection and the like. This can be useful when Linux kernel
capabilities or other systems are used that allow non-root users to
perform raw packet or ethernet frame manipulation. Without this
flag or variable set, Nmap bails on UNIX if geteuid() is
nonzero.
o Changed the RPM spec file so that if you define "static" to 1 (by
passing --define "static 1" to rpmbuild), static binaries are built.
o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon
Burr (simes(a)bpfh.net).
o ultra_scan() now sets pseudo-random ACK values (rather than 0) for
any TCP scans in which the initial probe packet has the ACK flag set.
This would be the ACK, Xmas, Maimon, and Window scans.
o Updated the Nmap version number, description, and similar fields
that MS Visual Studio places in the binary. This was done by editing
mswin32/nmap.rc as suggested by Chris Paget (chrisp@ngssoftware.com)
o Fixed Nmap compilation on DragonFly BSD (and perhaps some other
systems) by applying a short patch by Joerg Sonnenberger which omits
the declaration of errno if it is a #define.
o Fixed an integer overflow that prevented Nmap from scanning
2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1). Problem
noted by Justin Cranford (jcranford(a)n-able.com). While /1 scans
are now possible, don't expect them to finish during your bathroom
break. No matter how constipated you are.
o Increased the buffer size allocated for fingerprints to prevent Nmap
from running out and quitting (error message: "Assertion
`servicefpalloc - servicefplen > 8' failed". Thanks to Mike Hatz
(mhatz(a)blackcat.com) for the report. [ Actually this was done in a
previous version, but I forgot which one ]
o Changed from CVS to Subversion source control system (which
rocks!). Neither repository is public (I'm paranoid because both CVS
and SVN have had remotely exploitable security holes), so the main
change users will see is that "Id" tags in file headers use the SVN
format for version numbering and such.
2005-09-15 16:12:18 +02:00
|
|
|
USE_LIBTOOL= yes
|
2006-06-25 16:29:14 +02:00
|
|
|
USE_TOOLS+= gmake
|
2013-05-20 08:21:22 +02:00
|
|
|
GNU_CONFIGURE= yes
|
|
|
|
CONFIGURE_ARGS+= --with-libpcap=${BUILDLINK_PREFIX.libpcap}
|
|
|
|
CONFIGURE_ARGS+= --with-libpcre=${BUILDLINK_PREFIX.pcre}
|
|
|
|
CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl}
|
|
|
|
CONFIGURE_ARGS+= --without-subversion
|
2008-06-09 21:35:31 +02:00
|
|
|
|
2010-03-21 22:58:23 +01:00
|
|
|
BUILD_DEFS+= IPV6_READY
|
|
|
|
|
2008-06-09 21:35:31 +02:00
|
|
|
.include "options.mk"
|
Update to version 3.93
Changes:
3.93:
=====
o Modified Libpcap's configure.ac to compile with the
--fno-strict-aliasing option if gcc 4.X is used. This prevents when
said compiler is used. This was done for Nmap in 3.90, but is
apparently needed for pcap too. Thanks to Craig Humphrey
(Craig.Humphrey(a)chapmantripp.com) for the discovery.
o Patched libdnet to include sys/uio.h in src/tun-linux.c. This is
apparently necessary on some Glibc 2.1 systems. Thanks to Rob Foehl
(rwf(a)loonybin.net) for the patch.
o Fixed a crash which could occur when a ridiculously short
--host_timeout was specified on Windows (or on UNIX if --send_eth was
specified). Nmap now also prints a warning if you specify a
host_timeout of less than 1 second. Thanks to Ole Morten Grodaas
(grodaas(a)gmail.com) for discovering the problem.
3.91:
=====
o Fixed a crash on Windows when you -P0 scan an unused IP on a local
network (or a range that contains unused IPs). This could also
happen on UNIX if you specified the new --send_eth option. Thanks
to Jim Carras (JFCECL(a)engr.psu.edu) for reporting the problem.
o Fixed compilation on OpenBSD by applying a patch from Okan Demirmen
(okan(a)demirmen.com), who maintains Nmap in the OpenBSD Ports
collection.
o Updated nmap-mac-prefixes to include OUIs assigned by the IEEE since
April.
o Updated the included libpcre (used for version detection) from
version 4.3 to 6.3. A libpcre securty issue was fixed in 6.3, but
that issue never affected Nmap.
o Updated the included libpcap from 0.8.3 to 0.9.3. I also changed
the directory name in the Nmap tarball from libpcap-possiblymodified
to just libpcap. As usual, the modifications are described in the
NMAP_MODIFICATIONS in that directory.
3.90:
=====
o Added the ability for Nmap to send and properly route raw ethernet
packets cointaining IP datagrams rather than always sending the
packets via raw sockets. This is particularly useful for Windows,
since Microsoft has disabled raw socket support in XP for no good
reason. Nmap tries to choose the best method at runtime based on
platform, though you can override it with the new --send_eth and
--send_ip options.
o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to
determine whether hosts on a LAN are up, rather than relying on
higher-level IP packets (which can only be sent after a successful
ARP request and reply anyway). This is much faster and more
reliable (not subject to IP-level firewalling) than IP-based probes.
The downside is that it only works when the target machine is on the
same LAN as the scanning machine. It is now used automatically for
any hosts that are detected to be on a local ethernet network,
unless --send_ip was specified. Example usage: nmap -sP -PR
192.168.0.0/16 .
o Added the --spoof_mac option, which asks Nmap to use the given MAC
address for all of the raw ethernet frames it sends. The MAC given
can take several formats. If it is simply the string "0", Nmap
chooses a completely random MAC for the session. If the given
string is an even number of hex digits (with the pairs optionally
separated by a colon), Nmap will use those as the MAC. If less than
12 hex digits are provided, Nmap fills in the remainder of the 6
bytes with random values. If the argument isn't a 0 or hex string,
Nmap looks through the nmap-mac-prefixes to find a vendor name
containing the given string (it is case insensitive). If a match is
found, Nmap uses the vendor's OUI (3-byte prefix) and fills out the
remaining 3 bytes randomly. Valid --spoof_mac argument examples are
"Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and
"Cisco".
o Applied an enormous nmap-service-probes (version detection) update
from SoC student Doug Hoyte (doug(a)hcsw.org). Version 3.81 had
1064 match lines covering 195 service protocols. Now we have 2865
match lines covering 359 protocols! So the database size has nearly
tripled! This should make your -sV scans quicker and more
accurate. Thanks also go to the (literally) thousands of you who
submitted service fingerprints. Keep them coming!
o Applied a massive OS fingerprint update from Zhao Lei
(zhaolei(a)gmail.com). About 350 fingerprints were added, and many
more were updated. Notable additions include Mac OS X 10.4 (Tiger),
OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along
with a new "robotic pet" device type category), the latest Linux 2.6
kernels Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64
UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO
3.8.X, and Solaris 10. Of course there are also tons of new
broadband routers, printers, WAPs and pretty much any other device
you can coax an ethernet cable (or wireless card) into!
o Added 'leet ASCII art to the confugrator! ARTIST NOTE: If you think
the ASCII art sucks, feel free to send me alternatives. Note that
only people compiling the UNIX source code get this. (ASCII artist
unknown).
o Added OS, device type, and hostname detection using the service
detection framework. Many services print a hostname, which may be
different than DNS. The services often give more away as well. If
Nmap detects IIS, it reports an OS family of "Windows". If it sees
HP JetDirect telnetd, it reports a device type of "printer". Rather
than try to combine TCP/IP stack fingerprinting and service OS
fingerprinting, they are both printed. After all, they could
legitimately be different. An IP that gives a stack fingerprint
match of "Linksys WRT54G broadband router" and a service fingerprint
of Windows based on Kazaa running is likely a common NAT setup rather
than an Nmap mistake.
o Nmap on Windows now compiles/links with the new WinPcap 3.1
header/lib files. So please upgrade to 3.1 from
http://www.winpcap.org before installing this version of Nmap.
While older versions may still work, they aren't supported with Nmap.
o The official Nmap RPM files are now compiled statically for better
compatability with other systems. X86_64 (AMD Athlon64/Opteron)
binaries are now available in addition to the standard i386. NmapFE
RPMs are no longer distributed by Insecure.Org.
o Nmap distribution signing has changed. Release files are now signed
with a new Nmap Project GPG key (KeyID 6B9355D0). Fyodor has also
generated a new key for himself (KeyID 33599B5F). The Nmap key has
been signed by Fyodor's new key, which has been signed by Fyodor's
old key so that you know they are legit. The new keys are available
at http://www.insecure.org/nmap/data/nmap_gpgkeys.txt , as
docs/nmap_gpgkeys.txt in the Nmap source tarball, and on the public
keyserver network. Here are the fingerprints:
pub 1024D/33599B5F 2005-04-24
Key fingerprint = BB61 D057 C0D7 DCEF E730 996C 1AF6 EC50 3359 9B5F
uid Fyodor <fyodor@insecure.org>
sub 2048g/D3C2241C 2005-04-24
pub 1024D/6B9355D0 2005-04-24
Key fingerprint = 436D 66AB 9A79 8425 FDA0 E3F8 01AF 9F03 6B93 55D0
uid Nmap Project Signing Key (http://www.insecure.org/)
sub 2048g/A50A6A94 2005-04-24
o Fixed a crash problem related to non-portable varargs (vsnprintf)
usage. Reports of this crash came from Alan William Somers
(somers(a)its.caltech.edu) and Christophe (chris.branch(a)gmx.de).
This patch was prevalent on Linux boxes running an Opteron/Athlon64
CPU in 64-bit mode.
o Fixed crash when Nmap is compiled using gcc 4.X by adding the
--fno-strict-aliasing option when that compiler is detected. Thanks
to Greg Darke (starstuff(a)optusnet.com.au) for discovering that
this option fixes (hides) the problem and to Duilio J. Protti
(dprotti(a)flowgate.net) for writing the configure patch to detect
gcc 4 and add the option. A better fix is to identify and rewrite
lines that violate C99 alias rules, and we are looking into that.
o Added "rarity" feature to Nmap version detection. This causes
obscure probes to be skipped when they are unlikely to help. Each
probe now has a "rarity" value. Probes that detect dozens of
services such as GenericLines and GetRequest have rarity values of
1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9.
When interrogating a port, Nmap always tries probes registered to
that port number. So even WWWOFFLEctrlstat will be tried against
port 8081 and mydoom will be tried against open ports between 3127
and 3198. If none of the registered ports find a match, Nmap tries
probes that have a rarity less than or equal to its current
intensity level. The intensity level defaults to 7 (so that most of
the probes are done). You can set the intensity level with the new
--version_intensity option. Alternatively, you can just use
--version_light or --version_all which set the intensity to 2 (only
try the most important probes and ones registered to the port
number) and 9 (try all probes), respectively. --version_light is
much faster than default version detection, but also a bit less
likely to find a match. This feature was designed and implemented
by Doug Hoyte (doug(a)hcsw.org).
o Added a "fallback" feature to the nmap-service-probes database.
This allows a probe to "inherit" match lines from other probes. It
is currently only used for the HTTPOptions, RTSPRequest, and
SSLSessionReq probes to inherit all of the match lines from
GetRequest. Some servers don't respond to the Nmap GetRequest (for
example because it doesn't include a Host: line) but they do respond
to some of those other 3 probes in ways that GetRequest match lines
are general enough to match. The fallback construct allows us to
benefit from these matches without repeating hundreds of signatures
in the file. This is another feature designed and implemented
by Doug Hoyte (doug(a)hcsw.org).
o Fixed crash with certain --excludefile or
--exclude arguments. Thanks to Kurt Grutzmacher
(grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for
reporting the problem, and to Duilio J. Protti
(dprotti(a)flowgate.net) for debugging the issue and sending the
patch.
o Updated random scan (ip_is_reserved()) to reflect the latest IANA
assignments. This patch was sent in by Felix Groebert
(felix(a)groebert.org).
o Included new Russian man page translation by
locco_bozi(a)Safe-mail.net
o Applied pach from Steve Martin (smartin(a)stillsecure.com) which
standardizes many OS names and corrects typos in nmap-os-fingerprints.
o Fixed a crash found during certain UDP version scans. The crash was
discovered and reported by Ron (iago(a)valhallalegends.com) and fixed
by Doug Hoyte (doug(a)hcsw.com).
o Added --iflist argument which prints a list of system interfaces and
routes detected by Nmap.
o Fixed a protocol scan (-sO) problem which led to the error message:
"Error compiling our pcap filter: syntax error". Thanks to Michel
Arboi (michel(a)arboi.fr.eu.org) for reporting the problem.
o Fixed an Nmap version detection crash on Windows which led to the
error message "Unexpected error in NSE_TYPE_READ callback. Error
code: 10053 (Unknown error)". Thanks to Srivatsan
(srivatsanp(a)adventnet.com) for reporting the problem.
o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers
(TSellers(a)trustmark.com).
o Applied some changes from Gisle Vanem (giva(a)bgnett.no) to make
Nmap compile with Cygwin.
o XML "osmatch" element now has a "line" attribute giving the
reference fingerprint line number in nmap-os-fingerprints.
o Added a distcc probes and a bunch of smtp matches from Dirk Mueller
(mueller(a)kde.org) to nmap-service-probes. Also added AFS version
probe and matches from Lionel Cons (lionel.cons(a)cern.ch). And
even more probes and matches from Martin Macok
(martin.macok(a)underground.cz)
o Fixed a problem where Nmap compilation would use header files from
the libpcap included with Nmap even when it was linking to a system
libpcap. Thanks to Solar Designer (solar(a)openwall.com) and Okan
Demirmen (okan(a)demirmen.com) for reporting the problem.
o Added configure option --with-libpcap=included to tell Nmap to use
the version of libpcap it ships with rather than any that may already be
installed on the system. You can still use --with-libpcap=[dir] to
specify that a system libpcap be installed rather than the shipped
one. By default, Nmap looks at both and decides which one is likely
to work best. If you are having problems on Solaris, try
--with-libpcap=included .
o Changed the --no-stylesheet option to --no_stylesheet to be
consistant with all of the other Nmap options. Though I'm starting to
like hyphens a bit better than underscores and may change all of the
options to use hyphens instad at some point.
o Added "Exclude" directive to nmap-service-probes grammar which
causes version detection to skip listed ports. This is helpful for
ports such as 9100. Some printers simply print any data sent to
that port, leading to pages of HTTP requests, SMB queries, X Windows
probes, etc. If you really want to scan all ports, specify
--allports. This patch came from Doug Hoyte (doug(a)hcsw.org).
o Added a stripped-down and heavily modified version of Dug Song's
libdnet networking library (v. 1.10). This helps with the new raw
ethernet features. My (extensive) changes are described in
libdnet-stripped/NMAP_MODIFICATIONS
o Removed WinIP library (and all Windows raw sockets code) since MS
has gone and broken raw sockets. Maybe packet receipt via raw
sockets will come back at some point. As part of this removal, the
Windows-specific --win_help, --win_list_interfaces, --win_norawsock,
--win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi,
and --win_trace options have been removed.
o Chagned the interesting ports array from a 65K-member array of
pointers into an STL list. This noticeable reduces memory usage in
some cases, and should also give a slight runtime performance
boost. This patch was written by Paul Tarjan (ptarjan(a)gmail.com).
o Removed the BSDFIX/BSDUFIX macros. The underlying bug in
FreeBSD/NetBSD is still there though. When an IP packet is sent
through a raw socket, these platforms require the total length and
fragmentation offset fields of an IP packet to be in host byte order
rather than network byte order, even though all the other fields
must be in NBO. I believe that OpenBSD fixed this a while back.
Other platforms, such as Linux, Solaris, Mac OS X, and Windows take
all of the fields in network byte order. While I removed the macro,
I still do the munging where required so that Nmap still works on
FreeBSD.
o Integrated many nmap-service-probes changes from Bo Jiang
(jiangbo(a)brandeis.edu)
o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri
(eilon(a)aristo.tau.ac.il)
o Added some new RPC services to nmap-rpc thanks to a patch from
vlad902 (vlad902(a)gmail.com).
o Fixed a bug where Nmap would quit on Windows whenever it encountered
a raw scan of localhost (including the local ethernet interface
address), even when that was just one address out of a whole network
being scanned. Now Nmap just warns that it is skipping raw scans when
it encounters the local IP, but continues on to scan the rest of the
network. Raw scans do not currently work against local IP addresses
because Winpcap doesn't support reading/writing localhost interfaces
due to limitations of Windows.
o The OS fingerprint is now provided in XML output if debugging is
enabled (-d) or verbosity is at least 2 (-v -v). This patch was
sent by Okan Demirmen (okan(a)demirmen.com)
o Fixed the way tcp connect scan (-sT) respons to ICMP network
unreachable responses (patch by Richard Moore
(rich(a)westpoint.ltd.uk).
o Update random host scan (-iR) to support the latest IANA-allocated
ranges, thanks to patch by Chad Loder (cloder(a)loder.us).
o Updated GNU shtool (a helper program used during 'make install' to
version 2.0.2, which fixes a predictable temporary filename
weakness discovered by Eric Raymond.
o Removed addport element from XML DTD, since it is no longer used
(sugested by Lionel Cons (lionel.cons(a)cern.ch)
o Added new --privileged command-line option and NMAP_PRIVILEGED
environmental variable. Either of these tell Nmap to assume that
the user has full privileges to execute raw packet scans, OS
detection and the like. This can be useful when Linux kernel
capabilities or other systems are used that allow non-root users to
perform raw packet or ethernet frame manipulation. Without this
flag or variable set, Nmap bails on UNIX if geteuid() is
nonzero.
o Changed the RPM spec file so that if you define "static" to 1 (by
passing --define "static 1" to rpmbuild), static binaries are built.
o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon
Burr (simes(a)bpfh.net).
o ultra_scan() now sets pseudo-random ACK values (rather than 0) for
any TCP scans in which the initial probe packet has the ACK flag set.
This would be the ACK, Xmas, Maimon, and Window scans.
o Updated the Nmap version number, description, and similar fields
that MS Visual Studio places in the binary. This was done by editing
mswin32/nmap.rc as suggested by Chris Paget (chrisp@ngssoftware.com)
o Fixed Nmap compilation on DragonFly BSD (and perhaps some other
systems) by applying a short patch by Joerg Sonnenberger which omits
the declaration of errno if it is a #define.
o Fixed an integer overflow that prevented Nmap from scanning
2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1). Problem
noted by Justin Cranford (jcranford(a)n-able.com). While /1 scans
are now possible, don't expect them to finish during your bathroom
break. No matter how constipated you are.
o Increased the buffer size allocated for fingerprints to prevent Nmap
from running out and quitting (error message: "Assertion
`servicefpalloc - servicefplen > 8' failed". Thanks to Mike Hatz
(mhatz(a)blackcat.com) for the report. [ Actually this was done in a
previous version, but I forgot which one ]
o Changed from CVS to Subversion source control system (which
rocks!). Neither repository is public (I'm paranoid because both CVS
and SVN have had remotely exploitable security holes), so the main
change users will see is that "Id" tags in file headers use the SVN
format for version numbering and such.
2005-09-15 16:12:18 +02:00
|
|
|
|
2013-05-20 08:21:22 +02:00
|
|
|
CHECK_INTERPRETER_SKIP= bin/uninstall_zenmap
|
2011-11-22 13:18:07 +01:00
|
|
|
CHECK_INTERPRETER_SKIP+= share/zenmap/su-to-zenmap.sh
|
From the release announcement on http://nmap.org:
"The Nmap Project is pleased to announce the immediate, free availability
of the Nmap Security Scanner version 6.00 from http://nmap.org/.
It is the product of almost three years of work, 3,924 code commits,
and more than a dozen point releases since the big Nmap 5 release in July
2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts,
better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade."
Here is a condensed Changelog:
Nmap 6.01 [2012-06-13]
o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7.
o [Zenmap] Fixed a crash that happened when activating the host filter.
o Fixed a bug that caused Nmap to fail to find any network interface when
at least one of them is in the monitor mode.
http://seclists.org/nmap-dev/2012/q2/449
http://seclists.org/nmap-dev/2012/q2/478
o Fixed the greppable output of hosts that time-out.
Nmap 6.00 [2012-05-21]
o Most important release since Nmap 5.00 in July 2009! For a list of
the most significant improvements and new features, see the
announcement at: http://nmap.org/6
o Some XML output improvements...
o Lots of NSE scripts added and updated...
o Fixed the routing table loop on OS X so that on-link routes appear.
o Upgraded included libpcap to version 1.2.1.
o Fixed a compilation problem on Solaris 9 caused by a missing
definition of IPV6_V6ONLY.
o Setting --min-parallelism by itself no longer forces the maximum
parallelism to the same value.
o [Zenmap] Fixed a crash that would happen in the profile editor when
the script.db file doesn't exist.
o [Zenmap] It is now possible to compare scans having the same name or
command line parameters.
o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
"Unexpected probespec2ascii type encountered"
o Applied a workaround to make pcap captures work better on Solaris 10.
o Fixed a bug that could cause Nsock timers to fire too early.
o Changed the way timeout calculations are made in the IPv6 OS engine.
Nmap 5.61TEST5 [2012-03-09]
o Integrated all of your IPv4 OS fingerprint submissions since June
2011 (about 1,900 of them). Added about 256 new fingerprints (and
deleted some bogus ones), bringing the new total to 3,572.
Additions include Apple iOS 5.01, OpenBSD 4.9 and 5.0, FreeBSD 7.0
through 9.0-PRERELEASE, and a ton of new WAPs, routers, and other
devices. Many existing fingerprints were improved. For more details,
see http://seclists.org/nmap-dev/2012/q1/431
o Integrated all of your service/version detection fingerprints
submitted since November 2010--more than 2,500 of them! Our
signature count increased more than 10% to 7,423 covering 862
protocols. Some amusing and bizarre new services are described at
http://seclists.org/nmap-dev/2012/q1/359
o Integrated your latest IPv6 OS submissions and corrections. We're
still low on IPv6 fingerprints, so please scan any IPv6 systems you
own or administer and submit them to http://nmap.org/submit/. Both
new fingerprints (if Nmap doesn't find a good match) and corrections
(if Nmap guesses wrong) are useful.
o IPv6 OS detection now includes a novelty detection system which
avoids printing a match when an observed fingerprint is too
different from fingerprints seen before. As the OS database is still
small, this helps to avoid making (essentially) wild guesses when
seeing a new operating system.
o Refactored the nsock library to add the nsock-engines system.
o [NSE] Added 43(!) NSE scripts, bringing the total up to 340.
o CPE (Common Platform Enumeration) OS classification is now supported
for IPv6 OS detection.
[...]
Nmap 5.61TEST4 [2012-01-02] -> Nmap 5.61TEST1
[...]
Lots of Bugfixes!
Thanks to jschauma@ for analysing a NetBSD related problem,
and to David Fifield for providing the (upstream) patch.
2012-09-16 22:29:06 +02:00
|
|
|
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/oracle-default-accounts.lst
|
2011-11-22 13:18:07 +01:00
|
|
|
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/oracle-sids
|
|
|
|
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/passwords.lst
|
From the release announcement on http://nmap.org:
"The Nmap Project is pleased to announce the immediate, free availability
of the Nmap Security Scanner version 6.00 from http://nmap.org/.
It is the product of almost three years of work, 3,924 code commits,
and more than a dozen point releases since the big Nmap 5 release in July
2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts,
better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade."
Here is a condensed Changelog:
Nmap 6.01 [2012-06-13]
o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7.
o [Zenmap] Fixed a crash that happened when activating the host filter.
o Fixed a bug that caused Nmap to fail to find any network interface when
at least one of them is in the monitor mode.
http://seclists.org/nmap-dev/2012/q2/449
http://seclists.org/nmap-dev/2012/q2/478
o Fixed the greppable output of hosts that time-out.
Nmap 6.00 [2012-05-21]
o Most important release since Nmap 5.00 in July 2009! For a list of
the most significant improvements and new features, see the
announcement at: http://nmap.org/6
o Some XML output improvements...
o Lots of NSE scripts added and updated...
o Fixed the routing table loop on OS X so that on-link routes appear.
o Upgraded included libpcap to version 1.2.1.
o Fixed a compilation problem on Solaris 9 caused by a missing
definition of IPV6_V6ONLY.
o Setting --min-parallelism by itself no longer forces the maximum
parallelism to the same value.
o [Zenmap] Fixed a crash that would happen in the profile editor when
the script.db file doesn't exist.
o [Zenmap] It is now possible to compare scans having the same name or
command line parameters.
o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
"Unexpected probespec2ascii type encountered"
o Applied a workaround to make pcap captures work better on Solaris 10.
o Fixed a bug that could cause Nsock timers to fire too early.
o Changed the way timeout calculations are made in the IPv6 OS engine.
Nmap 5.61TEST5 [2012-03-09]
o Integrated all of your IPv4 OS fingerprint submissions since June
2011 (about 1,900 of them). Added about 256 new fingerprints (and
deleted some bogus ones), bringing the new total to 3,572.
Additions include Apple iOS 5.01, OpenBSD 4.9 and 5.0, FreeBSD 7.0
through 9.0-PRERELEASE, and a ton of new WAPs, routers, and other
devices. Many existing fingerprints were improved. For more details,
see http://seclists.org/nmap-dev/2012/q1/431
o Integrated all of your service/version detection fingerprints
submitted since November 2010--more than 2,500 of them! Our
signature count increased more than 10% to 7,423 covering 862
protocols. Some amusing and bizarre new services are described at
http://seclists.org/nmap-dev/2012/q1/359
o Integrated your latest IPv6 OS submissions and corrections. We're
still low on IPv6 fingerprints, so please scan any IPv6 systems you
own or administer and submit them to http://nmap.org/submit/. Both
new fingerprints (if Nmap doesn't find a good match) and corrections
(if Nmap guesses wrong) are useful.
o IPv6 OS detection now includes a novelty detection system which
avoids printing a match when an observed fingerprint is too
different from fingerprints seen before. As the OS database is still
small, this helps to avoid making (essentially) wild guesses when
seeing a new operating system.
o Refactored the nsock library to add the nsock-engines system.
o [NSE] Added 43(!) NSE scripts, bringing the total up to 340.
o CPE (Common Platform Enumeration) OS classification is now supported
for IPv6 OS detection.
[...]
Nmap 5.61TEST4 [2012-01-02] -> Nmap 5.61TEST1
[...]
Lots of Bugfixes!
Thanks to jschauma@ for analysing a NetBSD related problem,
and to David Fifield for providing the (upstream) patch.
2012-09-16 22:29:06 +02:00
|
|
|
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/rtsp-urls.txt
|
|
|
|
CHECK_INTERPRETER_SKIP+= share/nmap/nselib/data/snmpcommunities.lst
|
2009-01-10 21:22:15 +01:00
|
|
|
|
2000-01-28 15:36:37 +01:00
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
|
2001-08-24 13:23:16 +02:00
|
|
|
.if ${OPSYS} == "SunOS" || ${OPSYS} == "Linux"
|
2000-01-28 15:36:37 +01:00
|
|
|
MAKE_ENV+= CPPFLAGS=""
|
|
|
|
.endif
|
|
|
|
|
2006-01-23 16:19:24 +01:00
|
|
|
# The SunPro C++ compiler does not understand __FUNCTION__, as well as
|
|
|
|
# __func__. So __FILE__ is the nearest replacement.
|
|
|
|
.include "../../mk/compiler.mk"
|
|
|
|
.if !empty(PKGSRC_COMPILER:Msunpro)
|
|
|
|
CFLAGS.SunOS+= -D__FUNCTION__=__FILE__
|
|
|
|
.endif
|
|
|
|
|
2006-07-02 21:17:26 +02:00
|
|
|
.if empty(PKGSRC_COMPILER:Mgcc)
|
|
|
|
# The Makefile uses a hard-coded option -MM to get the dependencies, which
|
|
|
|
# is only understood by the GNU compiler. For a normal build the dependen-
|
|
|
|
# cies are not needed anyway, only when patching files and fixing bugs.
|
|
|
|
pre-build:
|
Update to version 4.20
Changes:
4.20
o Integrated the latest OS fingerprint submissions. The 2nd
generation DB size has grown to 231 fingerprints. Please keep them
coming! New fingerprints include Mac OS X Server 10.5 pre-release,
NetBSD 4.99.4, Windows NT, and much more.
o Fixed a segmentation fault in the new OS detection system
which was reported by Craig Humphrey and Sebastian Garcia.
o Fixed a TCP sequence prediction difficulty indicator bug. The index
is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD).
But some systems generated ISNs so insecurely that Nmap went
berserk and reported a negative difficulty index. This generally
only affects some printers, crappy cable modems, and Microsoft
Windows (old versions). Thanks to Sebastian Garcia for helping me
track down the problem.
4.20RC2
o Integrated all of your OS detection submissions since RC1. The DB
has increased 13% to 214 fingerprints. Please keep them coming!
New fingerprints include versions of z/OS, OpenBSD, Linux, AIX,
FreeBSD, Cisco CatOS, IPSO firewall, and a slew of printers and
misc. devices. We also got our first Windows 95 fingerprint,
submitted anonymously of course :).
o Fixed (I hope) the "getinterfaces: intf_loop() failed" error which
was seen on Windows Vista. The problem was apparently in
intf-win32.c of libdnet (need to define MIB_IF_TYPE_MAX to
MAX_IF_TYPE rather than 32). Thanks to Dan Griffin
(dan(a)jwsecure.com) for tracking this down!
o Applied a couple minor bug fixes for IP options
support and packet tracing. Thanks to Michal Luczaj
(regenrecht(a)o2.pl) for reporting them.
o Incorporated SLNP (Simple Library Network Protocol) version
detection support. Thanks to Tibor Csogor (tibi(a)tiborius.net) for
the patch.
4.20RC1
o Fixed (I hope) a bug related to Pcap capture on Mac OS X. Thanks to
Christophe Thil for reporting the problem and to Kurt Grutzmacher
and Diman Todorov for helping to track it down.
o Integrated all of your OS detection submissions since ALPHA11. The
DB has increased 27% to 189 signatures. Notable additions include
the Apple Airport Express, Windows Vista RC1, OpenBSD 4.0, a Sony
TiVo device, and tons of broadband routers, printers, switches, and
Linux kernels. Keep those submissions coming!
o Upgraded the included LibPCRE from version 6.4 to 6.7. Thanks to
Jochen Voss (voss(a)seehuhn.de) for the suggestion (he found some bugs
in 6.4)
4.20ALPHA11
o Integrated all of your OS detection submissions, bringing the
database up to 149 fingerprints. This is an increase of 28% from
ALPHA10. Notable additions include FreeBSD 6.1, a bunch of HP
LaserJet printers, and HP-UX 11.11. We also got a bunch of more
obscure submissions like Minix 3.1.2a and "Ember InSight Adapter for
programming EM2XX-family embedded devices". Who doesn't have a few
of those laying around? I'm hoping that all the obscure submissions
mean that more of the mainstream systems are being detected out of
the box! Please keep those submissions (obscure or otherwise)
coming!
4.20ALPHA10
o Integrated tons of new OS fingerprints. The DB now contains 116
fingerprints, which is up 63% since the previous version. Please keep
the submissions coming!
4.20ALPHA9
o Integrated the newly submitted OS fingerprints. The DB now contains
71 fingerprints, up 27% from 56 in ALPHA8. Please keep them coming!
We still only have 4.2% as many fingerprints as the gen1 database.
o Added the --open option, which causes Nmap to show only open ports.
Ports in the states "open|closed" and "unfiltered" might be open, so
those are shown unless the host has an overwhelming number of them.
o Nmap gen2 OS detection used to always do 2 retries if it fails to
find a match. Now it normally does just 1 retry, but does 4 retries
if conditions are good enough to warrant fingerprint submission.
This should speed things up on average. A new --max-os-tries option
lets you specify a higher lower maximum number of tries.
o Added --unprivileged option, which is the opposite of --privileged.
It tells Nmap to treat the user as lacking network raw socket and
sniffing privileges. This is useful for testing, debugging, or when
the raw network functionality of your operating system is somehow
broken.
o Fixed a confusing error message which occured when you specified a
ping scan or list scan, but also specified -p (which is only used for
port scans). Thanks to Thomas Buchanan for the patch.
o Applied some small cleanup patches from Kris Katterjohn
4.20ALPHA8
o Integrated the newly submitted OS fingerprints. The DB now contains
56, up 33% from 42 in ALPHA7. Please keep them coming! We still only
have 3.33% as many signatures as the gen1 database.
o Nmap 2nd generation OS detection now has a more sophisticated
mechanism for guessing a target OS when there is no exact match in the
database (see http://insecure.org/nmap/osdetect/osdetect-guess.html )
o Rewrote mswin32/nmap.rc to remove cruft and hopefully reduce some
MFC-related compilation problems we've seen. Thanks to KX
(kxmail(a)gmail.com) for doing this.
o NmapFE now uses a spin button for verbosity and debugging options so
that you can specify whatever verbosity (-v) or debugging (-d) level
you desire. The --randomize-hosts option was also added to NmapFE.
Thanks to Kris Katterjohn for the patches.
o A dozen or so small patches to Nmap and NmapFE by Kris Katterjohn.
o Removed libpcap/Win32 and libpcap/msdos as Nmap doesn't use them.
This reduces the Nmap tar.bz2 by about 50K. Thanks to Kris Katterjohn
for the suggestion.
4.20ALPHA7
o Did a bunch of Nmap 2nd generation fingerprint integration work.
Thanks to everyone who sent some in, though we still need a lot more.
Also thanks to Zhao for a bunch of help with the integration tools.
4.20ALPHA6 had 12 fingerprints, this new version has 42. The old DB
(still included) has 1,684.
o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
(http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006.
Also added the unregistered PearPC virtual NIC prefix, as suggested
by Robert Millan (rmh(a)aybabtu.com).
o Applied some small internal cleanup patches by Kris Katterjohn.
4.20ALPHA6
o Fixed a bug in 2nd generation OS detection which would (usually) prevent
fingerprints from being printed when systems don't respond to the 1st
ICMP echo probe (the one with bogus code value of 9). Thanks to
Brandon Enright for reporting and helping me debug the problem.
o Fixed some problematic Nmap version detection signatures which could
cause warning messages. Thanks to Brandon Enright for the initial patch.
4.20ALPHA5
o Worked with Zhao to improve the new OS detection system with
better algorithms, probe changes, and bug fixes. We're
now ready to start growing the new database! If Nmap gives you
fingerprints, please submit them at the given URL. The DB is still
extremely small. The new system is extensively documented at
http://insecure.org/nmap/osdetect/ .
o Nmap now supports IP options with the new --ip-options flag. You
can specify any options in hex, or use "R" (record route), "T"
(record timestamp), "U") (record route & timestamp), "S [route]"
(strict source route), or "L [route]" (loose source route). Specify
--packet-trace to display IP options of responses. For further
information and examples, see http://insecure.org/nmap/man/ and
http://seclists.org/nmap-dev/2006/q3/0052.html . Thanks to Marek
Majkowski for writing and sending the patch.
o Integrated all 2nd quarter service detection fingerprint
submissions. Please keep them coming! We now have 3,671 signatures
representing 415 protocols. Thanks to version detection czar Doug
Hoyte for doing this.
o Nmap now uses the (relatively) new libpcap pcap_get_selectable_fd
API on systems which support it. This means that we no longer need
to hack the included Pcap to better support Linux. So Nmap will now
link with an existing system libpcap by default on that platform if
one is detected. Thanks to Doug Hoyte for the patch.
o Updated the included libpcap from 0.9.3 to 0.9.4. The changes I
made are in libpcap/NMAP_MODIFICATIONS . By default, Nmap will now
use the included libpcap unless version 0.9.4 or greater is already
installed on the system.
o Applied some nsock bugfixes from Diman Todorov. These don't affect
the current version of Nmap, but are important for his Nmap
Scripting Engine, which I hope to integrate into mainline Nmap in
September.
o Fixed a bug which would occasionally cause Nmap to crash with the
message "log_vwrite: write buffer not large enough". I thought I
conquered it in a previous release -- thanks to Doug Hoyte for finding a
corner case which proved me wrong.
o Fixed a bug in the rDNS system which prevented us from querying
certain authoritative DNS servers which have recursion explicitly
disabled. Thanks to Doug Hoyte for the patch.
o --packet-trace now reports TCP options (thanks to Zhao Lei for the
patch). Thanks to the --ip-options addition also found in this
release, IP options are printed too.
o Cleaned up Nmap DNS reporting to be a little more useful and
concise. Thanks to Doug Hoyte for the patch.
o Applied a bunch of small internal cleanup patches by Kris Katterjohn
(kjak(a)ispwest.com).
o Fixed the 'distclean' make target to be more comprehensive. Thanks
to Thomas Buchanan (Thomas.Buchanan(a)thecompassgrp.net) for the
patch.
Nmap 4.20ALPHA4
o Nmap now provides progress statistics in the XML output in verbose
mode. Here are some examples of the format (etc is "estimated time
until completion) and times are in UNIX time_t (seconds since 1970)
format. Angle braces have been replaced by square braces:
[taskbegin task="SYN Stealth Scan" time="1151384685" /]
[taskprogress task="SYN Stealth Scan" time="1151384715"
percent="13.85" remaining="187" etc="1151384902" /]
[taskend task="SYN Stealth Scan" time="1151384776" /]
[taskbegin task="Service scan" time="1151384776" /]
[taskend task="Service scan" time="1151384788" /]
Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.
o Updated the Windows installer to give an option checkbox for
performing the Nmap performance registry changes. The default is to
do so. Thanks to Adam Vartanian (flooey(a)gmail.com) for the patch.
o Applied several code cleanup patches from Marek Majkowski.
o Added --release-memory option, which causes Nmap to release all
accessible memory buffers before quitting (rather than let the OS do
it). This is only useful for debugging memory leaks.
o Fixed a bug related to bogus completion time estimates when you
request an estimate (through runtime interaction) right when Nmap is
starting.a subsystem (such as a port scan or version detection).
Thanks to Diman Todorov for reporting the problem and Doug Hoyte for
writing a fix.
o Nmap no longer gets random numbers from OpenSSL when it is available
because that turned out to be slower than Nmap's other methods
(e.g. /dev/urandom on Linux, /dev/arandom on OpenBSD, etc.). Thanks
to Marek Majkowski for reporting the problem.
o Updated the Windows binary distributions (self-installer and .zip)
to include the new 2nd generation OS detection DB (nmap-os-db).
Thanks to Sina Bahram for reporting the problem.
o Fixed the --max-retries option, which wasn't being honored. Thanks
to Jon Passki (jon.passki(a)hursk.com) for the patch.
Nmap 4.20ALPHA3
o Added back Win32 support thanks to a patch by kx
o Fixed the English translation of TCP sequence difficulty reported by
Brandon Enright, and also removed fingerprint printing for 1st
generation fingerprints (I don't really want to deal with those
anymore). Thanks to Zhao Lei for writing this patch.
o Fix a problem which caused OS detection to be done in some cases
even if the user didn't request it. Thanks to Diman Todorov for the
fix.
Nmap 4.20ALPHA2
o Included nmap-os-db (the new OS detection DB) within the release.
Oops! Thanks to Brandon Enright (bmenrigh(a)ucsd.edu) for catching
this problem with 4.20ALPHA1.
o Added a fix for the crash in the new OS detection which would come
with the message "Probe doesn't exist! Probe type: 1. Probe subid: 1"
Nmap 4.20ALPHA1
o Integrated initial 2nd generation OS detection patch! The system is
documented at http://insecure.org/nmap/osdetect/ . Thanks to Zhao Lei
for helping with the coding and design.
o portlist.cc was refactored to remove some code duplication. Thanks
to Diman Todorov for the patch.
2006-12-17 18:55:49 +01:00
|
|
|
${ECHO} "# ignored" > ${WRKSRC}/makefile.dep
|
2006-07-02 21:17:26 +02:00
|
|
|
.endif
|
|
|
|
|
2004-01-23 12:43:06 +01:00
|
|
|
.include "../../devel/pcre/buildlink3.mk"
|
|
|
|
.include "../../net/libpcap/buildlink3.mk"
|
|
|
|
.include "../../security/openssl/buildlink3.mk"
|
2012-10-31 00:34:38 +01:00
|
|
|
#.include "../../devel/subversion-base/buildlink3.mk"
|
1999-01-15 01:08:53 +01:00
|
|
|
.include "../../mk/bsd.pkg.mk"
|