Update to version 4.00

Changes:

4.00:
=====
- Added the '?' command to the runtime interaction system.  It prints
  a list of accepted commands.  Thanks to Andrew Lutomirski
  (luto(a)myrealbox.com) for the patch.

3.9999:
=======
- Generated a new libpcre/configure to cope with changes in LibPCRE
  6.4

- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
  (http://standards.ieee.org/regauth/oui/oui.txt)

- Updated nmap-protocols with the latest IEEE internet protocols
  assignments (http://www.iana.org/assignments/protocol-numbers).

- Updated the Nmap version number and related fields that MS Visual
  Studio places in the binary.  This was done by editing
  mswin32/nmap.rc.

3.999:
======
- Added runtime interaction support to Windows, thanks to patches from
  Andrew Lutomirski (luto(a)myrealbox.com) and Gisle Vanem
  (giva(a)bgnett.no).

- Changed a couple lines of tcpip.cc (put certain IP header fields in
  host byte order rather than NBO) to (hopefully) support Mac OS X on
  Intel.  Thanks to Kurt Grutzmacher (grutz(a)jingojango.net) for the
  patch.

- Upgraded the included LibPCRE from version 6.3 to 6.4.  There was a
  report of version detection crashes on the new Intel-based MACs with
  6.3.

- Fixed an issue in which the installer would malfunction in rare
  issues when installing to a directory with spaces in it.  Thanks to
  Thierry Zoller (Thierry(a)Zoller.lu) for the report.

3.99:
=====
- Integrated all remaining 2005 service submissions.  The DB now has
  surpassed 3,000 signatures for the first time.  There now are 3,153
  signatures for 381 service protocols.  Those protocols span the
  gamut from abc, acap, afp, and afs to zebedee, zebra, and
  zenimaging.  It even covers obscure protocols such as http, ftp,
  smtp, and ssh :).  Thanks to Version Detection Czar Doug Hoyte for
  his excellent work on this.

- Created a Windows executable installer using the open source NSIS
  (Nullsoft Scriptable Install System).  It handles Pcap installation,
  registry performance changes, and adding Nmap to your cmd.exe
  executable path.  The installer source files are in mswin32/nsis/ .
  Thanks to Google SoC student Bo Jiang (jiangbo(a)brandeis.edu) for
  creating the initial version.

- Fixed a backward compatibility bug in which Nmap didn't recognize
  the --min_rtt_timeout option (it only recognized the newly
  hyphenated --min-rtt-timeout).  Thanks to Joshua D. Abraham
  (jabra(a)ccs.neu.edu) for the bug report.

- Fixed compilation to again work with gcc-derivatives such as
  MingW. Thanks to Gisle Vanem (giva(a)bgnett.no) for sending the
  patches

3.98BETA1:
==========
- Added run time interaction as documented at
  http://www.insecure.org/nmap/man/man-runtime-interaction.html .
  While Nmap is running, you can now press 'v' to increase verbosity,
  'd' to increase the debugging level, 'p' to enable packet tracing,
  or the capital versions (V,D,P) to do the opposite.  Any other key
  (such as enter) will print out a status message giving the estimated
  time until scan completion.  This only works on UNIX for now.  Do we
  have any volunteers to add Windows support?  You would need to
  change a handful of UNIX-specific termio calls with the Windows
  equivalents.  This feature was created by Paul Tarjan
  (ptarjan(a)stanford.edu) as part of the Google Summer of Code.

- Reverse DNS resolution is now done in parallel rather than one at a
  time.  All scans of large networks (particularly list, ping and
  just-a-few-ports scans) should benefit substantially from this
  change.  If you encounter any problems, please let us know.  The new
  --system_dns option was added so you can use the (slow) system
  resolver if you prefer that for some reason.  You can specify a
  comma separated list of DNS server IP addresses for Nmap to use with
  the new --dns_servers option.  Otherwise, Nmap looks in
  /etc/resolve.conf (UNIX) or the system registry (Windows) to obtain
  the nameservers already configured for your system.  This excellent
  patch was written by Doug Hoyte (doug(a)hcsw.org).

- Added the --badsum option, which causes Nmap to use invalid TCP or
  UDP checksums for packets sent to target hosts. Since virtually all
  host IP stacks properly drop these packets, any responses received
  are likely coming from a firewall or IDS that didn't bother to
  verify the checksum. For more details on this technique, see
  http://www.phrack.org/phrack/60/p60-0x0c.txt .  The author of that
  paper, Ed3f (ed3f(a)antifork.org), is also the author of this patch
  (which I changed it a bit).

- The 26 Nmap commands that previously included an underscore
  (--max_rtt_timeout, --send_eth, --host_timeout, etc.) have been
  renamed to use a hyphen in the preferred format
  (i.e. --max-rtt-timeout).  Underscores are still supported for
  backward compatibility.

- More excellent NmapFE patches from Priit Laes (amd(a)store20.com)
  were applied to remove all deprecated GTK API calls.  This also
  eliminates the annoying Gtk-Critical and Gtk-WARNING runtime messages.

- Changed the way the __attribute__ compiler extension is detected so
  that it works with the latest Fedora Core 4 updates (and perhaps other
  systems).  Thanks to Duilio Protti (dprotti(a)fceia.unr.edu.ar) for
  writing the patch.  The compilation error message this fixes was
  usually something like: "nmap.o(.rodata+0x17c): undefined reference
  to `__gthrw_pthread_cancel(unsigned long)"

- Added some exception handling code to mswin32/winfix.cc to prevent
  Nmap from crashing mysteriously when you have WinPcap 3.0 or earlier
  (instead of the required 3.1).  It now prints an error message instead
  asking you to upgrade, then reduces functionality to connect()-only
  mode.  I couldn't get it working with the C++ standard try/catch()
  blocks, but as soon as I used the nonstandard MS conventions
  (__try/__except(), everything worked fine. Shrug.

- Stripped the firewall API out of the libdnet included with Nmap
  because Nmap doesn't use it anyway.  This saves space and reduces the
  likelihood of compilation errors and warnings.

- Modified the previously useless --noninteractive option so that it
  deactivates runtime interaction.

3.96BETA1:
==========
- Added --max_retries option for capping the maximum number of
  retransmissions the port scan engine will do. The value may be as low
  as 0 (no retransmits).  A low value can increase speed, though at the
  risk of losing accuracy.  The -T4 option now allows up to 6 retries,
  and -T5 allows 2.  Thanks to Martin Macok
  (martin.macok(a)underground.cz) for writing the initial patch, which I
  changed quite a bit.  I also updated the docs to reflect this neat
  new option.

- Many of the Nmap low-level timing options take a value in
  milliseconds.  You can now append an 's', 'm', or 'h' to the value
  to give it in seconds, minutes, or hours instead.  So you can specify
  a 45 minute host timeout with --host_timeout 45m rather than specifying
  --host_timeout 2700000 and hoping you did the math right and have the
  correct number of zeros.  This also now works for the
  --min_rtt_timeout, --max_rtt_timeout, --initial_rtt_timeout,
  --scan_delay, and --max_scan_delay options.

- Improved the NmapFE port to GTK2 so it better-conforms to the new
  API and you don't get as many annoying messages in your terminal
  window.  GTK2 is prettier and more functional too.  Thanks to Priit
  Laes (amd(a)store20.com) for writing these
  excellent patches.

- Fixed a problem which led to the error message "Failed to determine
  dst MAC address for target" when you try to run Nmap using a
  dialup/PPP adapter on Windows rather than a real ethernet card.  Due
  to Microsoft breaking raw sockets, Nmap no longer supports dialup
  adapters, but it should now give you a clearer error message than
  the "dst MAC address" nonsense.

- Debian GNU/kFreeBSD is now supported thanks to a patch to libdnet's
  configure.in by Petr Salinger (Petr.Salinger(a)t-systems.cz).

- Tried to update to the latest autoconf only to find that there
  hasn't been a new version in more than two years :(.  I was able to
  find new config.sub and config.guess files at
  http://cvs.savannah.gnu.org/viewcvs/config/config/ , so I updated to
  those.

- Fixed a problem with the -e option when run on Windows (or UNIX with
  --send_eth) when run on an ethernet network against an external
  (routed) host.  You would get the message "NmapArpCache() can only
  take IPv4 addresses.  Sorry".  Thanks to KX (kxmail(a)gmail.com) for
  helping to track down the problem.

- Made some changes to allow source port zero scans (-g0).  Nmap used
  to refuse to do this, but now it just gives a warning that it may not
  work on all systems.  It seems to work fine on my Linux box.  Thanks
  to Bill Dale (bill_dale(a)bellsouth.net) for suggesting this feature.

- Made a change to libdnet so that Windows interfaces are listed as
  down if they are disconnected, unplugged, or otherwise unavailable.

- Ceased including foreign translations in the Nmap tarball as they
  take up too much space.  HTML versions can be found at
  http://www.insecure.org/nmap/docs.html , while XML and NROFF versions
  are available from http://www.insecure.org/nmap/data/man-xlate/ .

- Changed INSTALL and README-WIN32 files to mostly just reference the
  new Nmap Install Guide at http://www.insecure.org/nmap/install/ .

- Included docs/nmap-man.xml in the tarball distribution, which is the
  DocBook XML source for the Nmap man page.  Patches to Nmap that are
  user-visible should include patches to the man page XML source rather
  than to the generated Nroff.

- Fixed Nmap so it doesn't crash when you ask it to resume a previous
  scan, but pass in a bogus file rather than actual Nmap output.  Thanks
  to Piotr Sobolewski (piotr_sobolewski(a)o2.pl) for the fix.
This commit is contained in:
salo 2006-01-31 22:21:23 +00:00
parent 933e533963
commit 7fda5739e5
3 changed files with 17 additions and 17 deletions

View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.47 2006/01/23 15:19:24 rillig Exp $
# $NetBSD: Makefile,v 1.48 2006/01/31 22:21:23 salo Exp $
#
DISTNAME= nmap-3.95
DISTNAME= nmap-4.00
CATEGORIES= net security
MASTER_SITES= http://www.insecure.org/nmap/dist/
EXTRACT_SUFX= .tar.bz2

View file

@ -1,9 +1,9 @@
$NetBSD: distinfo,v 1.27 2005/12/08 21:59:17 salo Exp $
$NetBSD: distinfo,v 1.28 2006/01/31 22:21:23 salo Exp $
SHA1 (nmap-3.95.tar.bz2) = 1d8a10ffb29580e3ea0406d52a3886c8de8bf21b
RMD160 (nmap-3.95.tar.bz2) = ba572025274318a68cb3215d7e67511a92a5dc20
Size (nmap-3.95.tar.bz2) = 1923771 bytes
SHA1 (patch-aa) = 8b393b91ae21d9235d1083cefc026829bcf14d17
SHA1 (nmap-4.00.tar.bz2) = f4de47d454c6c6e49e20086294701e4a09159638
RMD160 (nmap-4.00.tar.bz2) = 42ba5d40dfe523a1265d741b2e42658a88f07b01
Size (nmap-4.00.tar.bz2) = 1896480 bytes
SHA1 (patch-aa) = 80598e757ea710d707d4b8f247f22a1460b2688a
SHA1 (patch-ab) = 7ac228ff6016b1893b0bdd38134fe46f6ee71b67
SHA1 (patch-ad) = 697142c3eed5c8771c9421e241a06b9c35588b9d
SHA1 (patch-ae) = 9ef870f3961c38c85c558304595df31f2b9d92fd

View file

@ -1,10 +1,10 @@
$NetBSD: patch-aa,v 1.14 2005/12/08 21:59:17 salo Exp $
$NetBSD: patch-aa,v 1.15 2006/01/31 22:21:24 salo Exp $
--- Makefile.in.orig 2005-12-08 09:14:08.000000000 +0100
+++ Makefile.in 2005-12-08 22:30:47.000000000 +0100
--- Makefile.in.orig 2006-01-30 08:10:31.000000000 +0100
+++ Makefile.in 2006-01-31 21:08:31.000000000 +0100
@@ -1,4 +1,4 @@
-export NMAP_VERSION = 3.95
+NMAP_VERSION = 3.95
-export NMAP_VERSION = 4.00
+NMAP_VERSION = 4.00
NMAP_NAME= Nmap
NMAP_URL= http://www.insecure.org/nmap/
NMAP_PLATFORM=@host@
@ -41,13 +41,13 @@ $NetBSD: patch-aa,v 1.14 2005/12/08 21:59:17 salo Exp $
TARGETNMAPFE=@TARGETNMAPFE@
INSTALLNMAPFE=@INSTALLNMAPFE@
-export SRCS = main.cc nmap.cc targets.cc tcpip.cc nmap_error.cc utils.cc idle_scan.cc osscan.cc output.cc scan_engine.cc timing.cc charpool.cc services.cc protocols.cc nmap_rpc.cc portlist.cc NmapOps.cc TargetGroup.cc Target.cc FingerPrintResults.cc service_scan.cc NmapOutputTable.cc MACLookup.cc @COMPAT_SRCS@
+SRCS = main.cc nmap.cc targets.cc tcpip.cc nmap_error.cc utils.cc idle_scan.cc osscan.cc output.cc scan_engine.cc timing.cc charpool.cc services.cc protocols.cc nmap_rpc.cc portlist.cc NmapOps.cc TargetGroup.cc Target.cc FingerPrintResults.cc service_scan.cc NmapOutputTable.cc MACLookup.cc @COMPAT_SRCS@
-export SRCS = main.cc nmap.cc targets.cc tcpip.cc nmap_error.cc utils.cc idle_scan.cc osscan.cc output.cc scan_engine.cc timing.cc charpool.cc services.cc protocols.cc nmap_rpc.cc portlist.cc NmapOps.cc TargetGroup.cc Target.cc FingerPrintResults.cc service_scan.cc NmapOutputTable.cc MACLookup.cc tty.cc nmap_dns.cc @COMPAT_SRCS@
+SRCS = main.cc nmap.cc targets.cc tcpip.cc nmap_error.cc utils.cc idle_scan.cc osscan.cc output.cc scan_engine.cc timing.cc charpool.cc services.cc protocols.cc nmap_rpc.cc portlist.cc NmapOps.cc TargetGroup.cc Target.cc FingerPrintResults.cc service_scan.cc NmapOutputTable.cc MACLookup.cc tty.cc nmap_dns.cc @COMPAT_SRCS@
OBJS = main.o nmap.o targets.o tcpip.o nmap_error.o utils.o idle_scan.o osscan.o output.o scan_engine.o timing.o charpool.o services.o protocols.o nmap_rpc.o portlist.o NmapOps.o TargetGroup.o Target.o FingerPrintResults.o service_scan.o NmapOutputTable.o MACLookup.o @COMPAT_OBJS@
OBJS = main.o nmap.o targets.o tcpip.o nmap_error.o utils.o idle_scan.o osscan.o output.o scan_engine.o timing.o charpool.o services.o protocols.o nmap_rpc.o portlist.o NmapOps.o TargetGroup.o Target.o FingerPrintResults.o service_scan.o NmapOutputTable.o MACLookup.o tty.o nmap_dns.o @COMPAT_OBJS@
-export DEPS = nmap.h nmap_amigaos.h nmap_error.h targets.h idle_scan.h osscan.h output.h scan_engine.h timing.h tcpip.h utils.h global_structures.h charpool.h services.h protocols.h nmap_rpc.h portlist.h NmapOps.h TargetGroup.h Target.h FingerPrintResults.h service_scan.h NmapOutputTable.h MACLookup.h
+DEPS = nmap.h nmap_amigaos.h nmap_error.h targets.h idle_scan.h osscan.h output.h scan_engine.h timing.h tcpip.h utils.h global_structures.h charpool.h services.h protocols.h nmap_rpc.h portlist.h NmapOps.h TargetGroup.h Target.h FingerPrintResults.h service_scan.h NmapOutputTable.h MACLookup.h
-export DEPS = nmap.h nmap_amigaos.h nmap_error.h targets.h idle_scan.h osscan.h output.h scan_engine.h timing.h tcpip.h utils.h global_structures.h charpool.h services.h protocols.h nmap_rpc.h portlist.h NmapOps.h TargetGroup.h Target.h FingerPrintResults.h service_scan.h NmapOutputTable.h MACLookup.h tty.h nmap_dns.h
+DEPS = nmap.h nmap_amigaos.h nmap_error.h targets.h idle_scan.h osscan.h output.h scan_engine.h timing.h tcpip.h utils.h global_structures.h charpool.h services.h protocols.h nmap_rpc.h portlist.h NmapOps.h TargetGroup.h Target.h FingerPrintResults.h service_scan.h NmapOutputTable.h MACLookup.h tty.h nmap_dns.h
# %.o : %.cc -- nope this is a GNU extension