./net/nmap, Network/port scanner with OS detection

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.70nb1, Package name: nmap-7.70nb1, Maintainer: pettai

Nmap ("Network Mapper") is a free open source utility for network exploration
or security auditing. It was designed to rapidly scan large networks,
although it works fine against single hosts. Nmap uses raw IP packets in
novel ways to determine what hosts are available on the network, what services
(application name and version) they are offering, what operating system (and
OS version) they are running, what type of packet filters/firewalls are in
use, and dozens of other characteristics.

Required to run:
[devel/pcre] [math/liblinear]

Required to build:

Package options: inet6

Master sites:

SHA1: 71057361a0953bba5967dc0385de77f3eed792de
RMD160: 39b176e3b515bb5bf95503e3cb431a0dcd9e97ed
Filesize: 10222.042 KB

Version history: (Expand)

CVS history: (Expand)

   2018-04-14 15:04:34 by Adam Ciarcinski | Files touched by this commit (7)
Log message:
nmap: ndiff and zenmap are now separate packages (incl. build fixes for zenmap)
   2018-04-03 16:34:00 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
nmap: updated to 7.70

We're excited to make our first Nmap release of 2018--version 7.70!  It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate.
   2018-03-12 12:18:01 by Thomas Klausner | Files touched by this commit (2155)
Log message:
Recursive bumps for fontconfig and libzip dependency changes.
   2017-10-19 23:43:25 by Leonardo Taccari | Files touched by this commit (2) | Package updated
Log message:
nmap: set LUA_VERSIONS_ACCEPTED to avoid using internal Lua provided by nmap

Without that change the nmap configure script checks for `lua_isyield'
symbol (appeared on Lua 5.3), and for LUA_VERSION_DEFAULT != 53
(pkgsrc by default set LUA_VERSION_DEFAULT to 52) it will just
silently use its internal version.

Set LUA_VERSIONS_ACCEPTED to 53 to avoid that.

Fix PR pkg/52624 reported by Patrick Mackey.

   2017-08-03 15:52:00 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
Nmap 7.60

o Updated the bundled Npcap from 0.91 to 0.93, fixing several issues
  with installation and compatibility with the Windows 10 Creators Update.

o NSE scripts now have complete SSH support via libssh2,
  including password brute-forcing and running remote commands, thanks to the
  combined efforts of three Summer of Code students.

o Added 14 NSE scripts from 6 authors, bringing the total up to 579!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

  + ftp-syst sends SYST and STAT commands to FTP servers to get system version
    and connection information.

  + http-vuln-cve2017-8917 checks for an SQL injection vulnerability affecting
    Joomla! 3.7.x before 3.7.1.

  + iec-identify probes for the IEC 60870-5-104 SCADA protocol.

  + openwebnet-discovery retrieves device identifying information and
    number of connected devices running on openwebnet protocol.

  + puppet-naivesigning checks for a misconfiguration in the Puppet CA where
    naive signing is enabled, allowing for any CSR to be automatically signed.

  + smb-protocols discovers if a server supports dialects NT LM 0.12
    (SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11. This replaces the old
    smbv2-enabled script.

  + smb2-capabilities lists the supported capabilities of SMB2/SMB3

  + smb2-time determines the current date and boot date of SMB2

  + smb2-security-mode determines the message signing configuration of
    SMB2/SMB3 servers.

  + smb2-vuln-uptime attempts to discover missing critical patches in
    Microsoft Windows systems based on the SMB2 server uptime.

  + ssh-auth-methods lists the authentication methods offered by an SSH server.

  + ssh-brute performs brute-forcing of SSH password credentials.

  + ssh-publickey-acceptance checks public or private keys to see if they could
    be used to log in to a target. A list of known-compromised key pairs is
    included and checked by default.

  + ssh-run uses user-provided credentials to run commands on targets via SSH.

o Removed smbv2-enabled, which was incompatible with the new SMBv2/3
  improvements. It was fully replaced by the smb-protocols script.

o Added Datagram TLS (DTLS) support to Ncat in connect (client)
  mode with --udp --ssl. Also added Application Layer Protocol Negotiation
  (ALPN) support with the --ssl-alpn option.

o Updated the default ciphers list for Ncat and the secure ciphers list for
  Nsock to use "!aNULL:!eNULL" instead of "!ADH". With the \ 
addition of ECDH
  ciphersuites, anonymous ECDH suites were being allowed.

o Fix ndmp-version and ndmp-fs-info when scanning Veritas Backup
  Exec Agent 15 or 16.

o Added wildcard detection to dns-brute. Only hostnames that
  resolve to unique addresses will be listed.

o FTP scripts like ftp-anon and ftp-brute now correctly handle
  TLS-protected FTP services and use STARTTLS when necessary.

o Function url.escape no longer encodes so-called "unreserved"
  characters, including hyphen, period, underscore, and tilde, as per RFC 3986.

o Function http.pipeline_go no longer assumes that persistent
  connections are supported on HTTP 1.0 target (unless the target explicitly
  declares otherwise), as per RFC 7230.

o The HTTP response object has a new member, version, which
  contains the HTTP protocol version string returned by the server, e.g. \ 

o Fix handling of the objectSID Active Directory attribute
  by ldap.lua.

o Fix line endings in the list of Oracle SIDs used by oracle-sid-brute.
  Carriage Return characters were being sent in the connection packets, likely
  resulting in failure of the script.

o http-useragent-checker now checks for changes in HTTP status
  (usually 403 Forbidden) in addition to redirects to indicate forbidden User
   2017-06-14 11:26:29 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
Nmap 7.50

o [Windows] Updated the bundled Npcap from 0.78 to 0.91, with several bugfixes
  for WiFi connectivity problems and stability issues. [Daniel Miller, Yang Luo]

o Integrated all of your service/version detection fingerprints submitted from
  September to March (855 of them). The signature count went up 2.9% to 11,418.
  We now detect 1193 protocols from apachemq, bro, and clickhouse to jmon,
  slmp, and zookeeper. Highlights: http://seclists.org/nmap-dev/2017/q2/140

o [NSE] Added 14 NSE scripts from 12 authors, bringing the total up to 566!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

o [Ncat] A series of changes and fixes based on feedback from the Red Hat community:

o [NSE][GH-266][GH-704][GH-238][GH-883] NSE libraries smb and msrpc now use
  fully qualified paths. SMB scripts now work against all modern versions
  of Microsoft Windows. [Paulino Calderon]

o [NSE] smb library's share_get_list now properly uses anonymous connections
  first before falling back authenticating as a known user.

o New service probes and matches for Apache HBase and Hadoop MapReduce.
  [Paulino Calderon]

o Extended Memcached service probe and added match for Apache ZooKeeper.
  [Paulino Calderon]

o [NSE] New script argument "vulns.short" will reduce vulns library script
  output to a single line containing the target name or IP, the vulnerability
  state, and the CVE ID or title of the vulnerability. [Daniel Miller]

o [NSE][GH-862] SNMP scripts will now take a community string provided like
  `--script-args creds.snmp=private`, which previously did not work because it
  was interpreted as a username. [Daniel Miller]

o [NSE] Resolved several issues in the default HTTP redirect rules:
    - [GH-826] A redirect is now cancelled if the original URL contains
      embedded credentials
    - [GH-829] A redirect test is now more careful in determining whether
      a redirect destination is related to the original host
    - [GH-830] A redirect is now more strict in avoiding possible redirect

o [NSE][GH-766] The HTTP Host header will now include the port unless it is
  the default one for a given scheme. [nnposter]

o [NSE] The HTTP response object has a new member, fragment, which contains
  a partially received body (if any) when the overall request fails to
  complete. [nnposter]

o [NSE][GH-866] NSE now allows cookies to have arbitrary attributes, which
  are silently ignored (in accordance with RFC 6265). Unrecognized attributes
  were previously causing HTTP requests with such cookies to fail. [nnposter]

o [NSE][GH-844] NSE now correctly parses a Set-Cookie header that has unquoted
  whitespace in the cookie value (which is allowed per RFC 6265). [nnposter]

o [NSE][GH-731] NSE is now able to process HTTP responses with a Set-Cookie
  header that has an extraneous trailing semicolon. [nnposter]

o [NSE][GH-708] TLS SNI now works correctly for NSE HTTP requests initiated
  with option any_af. As an added benefit, option any_af is now available for
  all connections via comm.lua, not just HTTP requests. [nnposter]

o [NSE][GH-781] There is a new common function, url.get_default_port(),
  to obtain the default port number for a given scheme. [nnposter]

o [NSE][GH-833] Function url.parse() now returns the port part as a number,
  not a string. [nnposter]

o No longer allow ICMP Time Exceeded messages to mark a host as down during
  host discovery. Running traceroute at the same time as Nmap was causing
  interference. [David Fifield]

o [NSE][GH-807] Fixed a JSON library issue that was causing long integers
  to be expressed in the scientific/exponent notation. [nnposter]

o [NSE] Fixed several potential hangs in NSE scripts that used
  receive_buf(pattern), which will not return if the service continues to send
  data that does not match pattern. A new function in match.lua, pattern_limit,
  is introduced to limit the number of bytes consumed while searching for the
  pattern. [Daniel Miller, Jacek Wielemborek]

o [Nsock] Handle any and all socket connect errors the same: raise as an Nsock
  error instead of fatal. This prevents Nmap and Ncat from quitting with
  "Strange error from connect:" [Daniel Miller]

o [NSE] Added several commands to redis-info to extract listening addresses,
  connected clients, active channels, and cluster nodes. [Vasiliy Kulikov]

o [NSE][GH-679][GH-681] Refreshed script http-robtex-reverse-ip, reflecting
  changes at the source site (www.robtex.com). [aDoN]

o [NSE][GH-620][GH-715] Added 8 new http-enum fingerprints for Hadoop
  infrastructure components. [Thomas Debize, Varunram Ganesh]

o [NSE][GH-629] Added two new fingerprints to http-default-accounts
  (APC Management Card, older NetScreen ScreenOS) [Steve Benson, nnposter]

o [NSE][GH-716] Fix for oracle-tns-version which was sending an invalid TNS
  probe due to a string escaping mixup. [Alexandr Savca]

o [NSE][GH-694] ike-version now outputs information about supported attributes
  and unknown vendor ids. Also, a new fingerprint for FortiGate VPNs was
  submitted by Alexis La Goutte. [Daniel Miller]

o [GH-700] Enabled support for TLS SNI on the Windows platform. [nnposter]

o [GH-649] New service probe and match lines for the JMON and RSE services of
  IBM Explorer for z/OS. [Soldier of Fortran]

o Removed a duplicate service probe for Memcached added in 2011 (the original
  probe was added in 2008) and reported as duplicate in 2013 by Pavel Kankovsky.

o New service probe and match line for NoMachine NX Server remote desktop.
  [Justin Cacak]

o [Zenmap] Fixed a recurring installation problem on OS X/macOS where Zenmap
  was installed to /Applications/Applications/Zenmap.app instead of

o [Zenmap][GH-639] Zenmap will no longer crash when no suitable temporary
  directory is found. Patches contributed by [Varunram Ganesh] and [Sai Sundhar]

o [Zenmap][GH-626] Zenmap now properly handles the -v0 (no output) option,
  which was added in Nmap 7.10. Previously, this was treated the same as not
  specifying -v at all. [lymanZerga11]

o [GH-630] Updated or removed some OpenSSL library calls that were deprecated
  in OpenSSL 1.1. [eroen]

o [NSE] Script ssh-hostkey now recognizes and reports Ed25519 keys [nnposter]

o [NSE][GH-627] Fixed script hang in several brute scripts due to the \ 
  script-arg not being converted to a number. Error message was
  "nselib/brute.lua:1188: attempt to compare number with string" [Arne \ 
   2017-03-05 10:06:46 by Leonardo Taccari | Files touched by this commit (1)
Log message:
Fix installation for "lua" option (new scripts added and \ 

According the Changelog (only relevant entries for "lua" added/removed \ 

 o [NSE] Added 12 NSE scripts from 4 authors, bringing the total up to 552!
   They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
   + cics-enum enumerates CICS transaction IDs, mapping to screens in TN3270
     services. [Soldier of Fortran]
   + cics-user-enum brute-forces usernames for CICS users on TN3270 services.
     [Soldier of Fortran]
   + fingerprint-strings will print the ASCII strings it finds in the service
     fingerprints that Nmap shows for unidentified services. [Daniel Miller]
   + [GH#606] ip-geolocation-map-bing renders IP geolocation data as an image
     via Bing Maps API. [Mak Kolybabi]
   + [GH#606] ip-geolocation-map-google renders IP geolocation data as an image
     via Google Maps API. [Mak Kolybabi]
   + [GH#606] ip-geolocation-map-kml records IP geolocation data in a KML file
     for import into other mapping software [Mak Kolybabi]
   + nje-pass-brute brute-forces the password to a NJE node, given a valid RHOST
     and OHOST. Helpfully, nje-node-brute can now brute force both of those
     values. [Soldier of Fortran]
   + [GH#557] ssl-cert-intaddr will search for private IP addresses in TLS
     certificate fields and extensions. [Steve Benson]
   + tn3270-screen shows the login screen from mainframe TN3270 Telnet services,
     including any hidden fields. The script is accompanied by the new tn3270
     library. [Soldier of Fortran]
   + tso-enum enumerates usernames for TN3270 Telnet services. [Soldier of Fortran]
   + tso-brute brute-forces passwords for TN3270 Telnet services. [Soldier of \ 
   + vtam-enum brute-forces VTAM application IDs for TN3270 services.
     [Soldier of Fortran]
 o [NSE][GH#533] Removed ssl-google-cert-catalog, since Google shut off that
   service at some point. Reported by Brian Morin.
 o [NSE][GH#606] New NSE library, geoip.lua, provides a common framework for
   storing and retrieving IP geolocation results. [Mak Kolybabi]
   2017-03-03 00:20:12 by John Klos | Files touched by this commit (2) | Package updated
Log message:
Update to nmap 7.40: