Log message:
nmap ndiff zenmap: updated to 7.94
Nmap 7.94 [2023-05-19]
o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
this effort possible:
+ [Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík]
+ [Ndiff] Updated Ndiff to Python 3. [Brian Quigley]
+ Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
to those who opened Python 3-related issues and pull requests: Eli
Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
Hasan Aliyev, and others.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.71 to the latest version 1.75. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M
(28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC
prefix used previously for lookups.
o Added partial silent-install support to the Nmap Windows
installer. It previously didn't offer silent mode (/S) because the
free/demo version of Npcap Windoes packet capturing driver that it
needs and ships with doesn't include a silent installer. Now with
the /S option, Nmap checks whether Npcap is already installed
(either the free version or OEM) and will silently install itself if
so. This is similar to how the Wireshark installer works and is
particularly helpful for organizations that want to fully automate
their Nmap (and Npcap) deployments. See
https://nmap.org/nmap-silent-install for more details.
o Lots of profile-guided memory and processing improvements for Nmap, including
OS fingerprint matching, probe matching and retransmission lookups for large
hostgroups, and service name lookups. Overhauled Nmap's string interning and
several other startup-related procedures to speed up start times, especially
for scans using OS detection. [Daniel Miller]
o Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints,
bringing the new total to 5700!
o [NSE] Added the tftp-version script which requests a
nonexistent file from a TFTP server and matches the error message
to a database of known software. [Mak Kolybabi]
o [Ncat] Ncat can now accept "connections" from multiple UDP hosts in
listen mode with the --keep-open option. This also enables --broker and
--chat via UDP. [Daniel Miller]
o Upgraded OpenSSL binaries (for the Windows builds and for
RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602;
CVE-2022-3786) which don't impact Nmap proper since it doesn't do
certificate validation, but could possibly impact Ncat when the
--ssl-verify option is used.
o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
o Removed the bogus OpenSSL message from the Windows Nmap
executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL
legacy provider failed to load." We actually already have the legacy
provider built-in to our OpenSSL builds, and that's why loading the
external one fails.
o UDP port scan (-sU) and version scan (-sV) now both use the same
data source, nmap-service-probes, for data payloads. Previously, the
nmap-payloads file was used for port scan. Port scan responses will be used
to kick-start the version matching process. [Daniel Miller]
o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption. The
DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent
sooner in the scan. [Daniel Miller]
o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming
connections. [Daniel Miller]
o Handle Internationalized Domain Names (IDN) like Яндекс.рф on
platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
o [Ncat] Addressed an issue from the Debian bug tracker
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
received immediately after a SOCKS CONNECT response. Ncat can now be
correctly used in the ProxyCommand option of OpenSSH.
o Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted DNS
server responses, reported by Philippe Antoine.
o [NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]
o Updates to the Japanese manpage translation by Taichi Kotake.
o [Ncat] Dramatically speed up Ncat transfers on
Windows by avoiding a 125ms wait for every read from
STDIN. [scriptjunkie]
o [Windows] Periodically reset the system idle timer to keep the
system from going to sleep while scans are in process. This only affects port
scans and OS detection scans, since NSE and version scan do not rely on
timing data to adjust speed.
o Updated the Nmap Public Source License (NPSL) to Version 0.95. This
just clarifies that the derivative works definition and all other
license clauses only apply to parties who choose to accept the
license in return for the special rights granted (such as Nmap
redistribution rights). If a party can do everything they need to
using copyright provisions outside of this license such as fair use,
we support that and aren't trying to claim any control over their
work. Versions of Nmap released under previous versions of the NPSL
may also be used under the NPSL 0.95 terms.
o Avoid storing many small strings from IPv4 OS detection results in the global
string_pool. These were effectively leaked after a host is done being
scanned, since string_pool allocations are not freed until Nmap quits.
|
Log message:
nmap ndiff zenmap: updated to 7.93
Nmap 7.93 [2022-09-01]
o This release commemorates Nmap's 25th anniversary! It all started with this
September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.50 to the latest version 1.71. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions.
Binaries for this release include OpenSSL 3.0.5.
o Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
o Fix a bug that prevented Nmap from discovering interfaces on Linux
when no IPv4 addresses were configured. [Daniel Miller, nnposter]
o [NSE] NSE "exception handling" with nmap.new_try() will no longer
result in a stack traceback in debug output nor a "ERROR: script execution
failed" message in script output, since the intended behavior has always been
to end the script immediately without output. [Daniel Miller]
o Update the Nmap output DTD to match actual output since the
`<hosthint>` element was added in Nmap 7.90.
o [NSE] Fix newtargets support: since Nmap 7.92, scripts could not add
targets in script pre-scanning phase. [Daniel Miller]
o Scripts dhcp-discover and broadcast-dhcp-discover now support
setting a client identifier. [nnposter]
o Script oracle-tns-version was not reporting the version
correctly for Oracle 19c or newer [linholmes]
o Script redis-info was crashing or producing inaccurate
information about client connections and/or cluster nodes. [nnposter]
o Nmap and Nping were unable to obtain system routes on FreeBSD
[benpratt, nnposter]
o Script ipidseq was broken due to calling an unreachable library
function. [nnposter]
o Support for EC crypto was not properly enabled if Nmap
was compiled with OpenSSL in a custom location. [nnposter]
o [NSE] Improvements to event handling and pcap socket garbage collection,
fixing potential hangs and crashes. [Daniel Miller]
o We ceased creating the Nmap win32 binary zipfile. It was useful back when
you could just unzip it and run Nmap from there, but that hasn't worked well
for many years. The win32 self-installer handles Npcap installation and many
other dependencies and complexities. Anyone who needs the binaries for some
reason can still install Nmap on any system and retrieve them from there.
For now we're keeping the Win32 zipfile in the Nmap OEM Edition
(https://nmap.org/oem) for companies building Nmap into their own
products. But even in that case we believe that running the Nmap OEM
self-installer in silent mode is a better approach.
o Fix TDS7 password encoding for mssql.lua, which had been assuming
ASCII input even though other parts of the library had been passing it Unicode.
o Replace deprecated CPEs for IIS with their updated identifier,
cpe:/a:microsoft:internet_information_services [Esa Jokinen]
o [NSE] Fix script-terminating error when unknown BSON data types are
encountered. Added parsers for most standard data types. [Daniel Miller]
o [Ncat] Fix hostname/certificate comparison and matching to handle ASN.1
strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
o [Ncat] Added support for SOCKS5 proxies that return bind addresses
as hostnames, instead of IPv4/IPv6 addresses. [pomu0325]
|
Log message:
nmap ndiff zenmap: updated to 7.91
Nmap 7.91 [2020-10-09]
o [Zenmap] Fix a crash in the profile editor due to a missing import.
o [Nsock][Windows] Demote the IOCP Nsock engine because of some known
issues that will take longer to resolve. The previous default "poll" \
engine
will be used instead.
o [Nsock][Windows] Fix a crash in service scan due to a previously-unknown
error being returned from the IOCP Nsock engine. [Daniel Miller]
o [NSE] Fix several places where Lua's os.time was being used
to represent dates prior to January 1, 1970, which fails on Windows. Notably,
NSE refused to run in UTC+X timezones with the error "time result cannot be
represented in this installation" [Clément Notin, nnposter, Daniel Miller]
o [NSE] MySQL library was not properly parsing server responses,
resulting in script crashes. [nnposter]
o Silence the irrelevant warning, "Your ports include 'T:' but you
haven't specified any TCP scan type" when running nmap -sUV
Nmap 7.90 [2020-10-02]
o [Windows] Upgraded Npcap, our Windows packet capturing (and sending)
library to the milestone 1.00 release! It's the culmination of 7 years of
development with 170 public pre-releases. This includes dozens of
performance improvements, bug fixes, and feature enhancements described
at https://npcap.org/changelog.
o Integrated over 800 service/version detection fingerprints submitted since
August 2017. The signature count went up 1.8% to 11,878, including 17 new
softmatches. We now detect 1237 protocols from airmedia-audio, banner-ivu,
and control-m to insteon-plm, pi-hole-stats, and ums-webviewer. A
significant number of submissions remain to be integrated in the next
release.
o Integrated over 330 of the most-frequently-submitted IPv4 OS fingerprints
since August 2017. Added 26 fingerprints, bringing the new total to 5,678.
Additions include iOS 12 & 13, macOS Catalina & Mojave, Linux 5.4, FreeBSD
13, and more.
o Integrated all 67 of your IPv6 OS fingerprint submissions from August 2017 to
September 2020. Added new groups for FreeBSD 12, Linux 5.4, and Windows 10,
and consolidated several weak groups to improve classification accuracy.
o [NSE] Added 3 NSE scripts, from 2 authors, bringing the total up to 601!
They are all listed at https://nmap.org/nsedoc/, and the summaries are
below:
+ dicom-brute attempts to brute force the called Application Entity Title
of DICOM servers. [Paulino Calderon]
+ dicom-ping discovers DICOM servers and determines if any Application
Entity Title is allowed to connect. [Paulino Calderon]
+ uptime-agent-info collects system information from an Idera Uptime
Infrastructure Monitor agent. [Daniel Miller]
o Addressed over 250 code quality issues identified by LGTM.com,
improving our code quality score from "C" to "A+"
o Released Npcap OEM Edition. For more than 20 years, the Nmap Project has
been funded by selling licenses for companies to distribute Nmap with
their products, along with commercial support. Hundreds of commercial
products now use Nmap for network discovery tasks like port scanning,
host discovery, OS detection, service/version detection, and of course
the Nmap Scripting Engine (NSE). Until now they have just used standard
Nmap, but this new OEM Edition is customized for use within other Windows
software. Nmap OEM contains the OEM version of our Npcap driver, which
allows for silent installation. It also removes the Zenmap GUI, which
cuts the installer size by more than half. And it reports itself as Nmap
OEM so customers know it's a properly licensed Nmap. See
https://nmap.org/oem for more details. We will be reaching out to all
existing licensees with Nmap OEM access credentials, but any licensees
who wants it quicker should see https://nmap.org/oem.
o Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a
cleaner and better organized version (still based on GPLv2) now called the
Nmap Public Source License to avoid confusion. See https://nmap.org/npsl/
for more details and annotated license text. This NPSL project was started
in 2006 (community discussion here:
https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for 7
years until it was restarted in 2013
(https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted by
development again. We still have some ideas for improving the NPSL, but
it's already much better than the current license, so we're applying NPSL
Version 0.92 to the code now and can make improvements later if
needed. This does not change the license of previous Nmap releases.
o Removed nmap-update. This program was intended to provide a way to update
data files and NSE scripts, but the infrastructure was never fielded. It
depended on Subversion version control and would have required maintaining
separate versions of NSE scripts for compatibility.
o Removed the silent-install command-line option (/S) from the Windows
installer. It causes several problems and there were no objections when we
proposed removing it in 2016 (https://seclists.org/nmap-dev/2016/q4/168).
It will remain in Nmap OEM since its main use was for customers who
redistribute Nmap with other software. If anyone else has a strong need
for an Nmap silent installer, please contact sales@nmap.com and we'll see
what we can do.
o 23 new UDP payloads and dozens more default ports for existing
payloads developed for Rapid7's InsightVM scan engine. These speed up and
ensure detection of open UDP services. [Paul Miseiko, Rapid7]
o Added a UDP payload for STUN (Session Traversal Utilities for NAT).
[David Fifield]
o [NSE] Fixed an off-by-one bug in the stun.lua library that prevented
parsing a server response. [David Fifield]
o Restrict Nmap's search path for scripts and data files.
NMAPDATADIR, defined on Unix and Linux as ${prefix}/share/nmap, will not be
searched on Windows, where it was previously defined as C:\Nmap .
Additionally, the --script option will not interpret names as directory names
unless they are followed by a '/'. [Daniel Miller]
o Fix an assertion failure when unsolicited ARP response is received:
nmap: Target.cc:503: void Target::stopTimeOutClock(const timeval*): \
Assertion `htn.toclock_running == true' failed.
o [NSE] New outlib library consolidates functions related to NSE output,
both string formatting conventions and structured output. [Daniel Miller]
o [NSE] New dicom library implements the DICOM protocol used for
storing and transfering medical images. [Paulino Calderon]
o Fix a regression in ARP host discovery left over from the move from
massping to ultra_scan in Nmap 4.22SOC8 (2007) that sometimes resulted in
missing ARP responses from targets near the end of a scan. Accuracy and speed
are both improved. [Daniel Miller]
o Restrict Nmap's search path for scripts and data files.
NMAPDATADIR, defined on Unix and Linux as ${prefix}/share/nmap, will not be
searched on Windows, where it was previously defined as C:\Nmap .
Additionally, the --script option will not interpret names as directory names
unless they are followed by a '/'. [Daniel Miller]
o Fix the "iocp" Nsock engine for Windows to be able to correctly
handle PCAP read events. This engine is now the default for Windows, which
should greatly improve performance over the previous default, the "poll"
engine. [Daniel Miller]
o Reduced CPU usage of OS scan by 50% by avoiding string copy
operations and removing undocumented fingerprint syntax unused in nmap-os-db
('&' and '+' in expressions). [Daniel Miller]
o Allow multiple UDP payloads to be specified for a port in
nmap-payloads. If the first payload does not get a response, the remaining
payloads are tried round-robin. [Paul Miseiko, Rapid7]
o New option --discovery-ignore-rst tells Nmap to ignore TCP RST
responses when determining if a target is up. Useful when firewalls are
spoofing RST packets. [Tom Sellers, Rapid7]
o [Ncat] It is now possible to override
the value of TLS SNI via --ssl-servername [Hank Leininger, nnposter]
o Fixed parsing of TCP options which would hang (infinite loop) if an
option had an explicit length of 0. Affects Nmap 7.80 only.
[Daniel Miller, Imed Mnif]
o [NSE] Script ssh2-enum-algos would fail if the server initiated
the key exchange before completing the protocol version exchange
[Scott Ellis, nnposter]
o [NSE] Fetching of SSH2 keys might fail because of key exchange
confusion [nnposter]
o [NSE] Performance of script afp-ls has been dramatically improved
[nnposter]
o [NSE] Parsing of AFP FPGetFileDirParms and
FPEnumerateExt2FPEnumerateExt2 responses was not working correctly [nnposter]
o [NSE] Eliminated false positives in script http-shellshock caused by
simple reflection of HTTP request data [Anders Kaseorg]
o [NSE] SNMP scripts are now enabled on non-standard ports where SNMP
has been detected [usd-markus, nnposter]
o [NSE] MQTT library was using incorrect position when parsing
received responses [tatulea]
o [NSE] IPMI library was using incorrect position when parsing
received responses [Star Salzman]
o [NSE] Scripts ipmi-brute and deluge-rpc-brute were not capturing
successfully brute-forced credentials [Star Salzman]
o Allow resuming IPv6 scans with --resume. The address parsing was assuming IPv4
addresses, leading to "Unable to parse ip" error. In a related fix, \
MAC addresses
will not be parsed as IP addresses when resuming from XML. [Daniel Miller]
o Fix reverse-DNS handling of PTR records that are not lowercase.
Nmap was failing to identify reverse-DNS names when the DNS server delivered
them like ".IN-ADDR.ARPA". [Lucas Nussbaum, Richard Schütz, Daniel \
Miller]
o [NSE] IKE library was not properly populating the protocol
number in aggressive mode requests. [luc-x41]
o Added service fingerprinting for MySQL 8.x, Microsoft SQL
Server 2019, MariaDB, and Crate.io CrateDB. Updated PostreSQL coverage and
added specific detection of recent versions running in Docker. [Tom Sellers]
o New XML output "hosthint" tag emitted during host discovery when a \
target is
found to be up. This gives earlier notification than waiting for the
hostgroup to finish all scan phases. [Paul Miseiko]
o New UDP payloads for GPRS Tunneling Protocol (GTP) on ports 2123,
2152, and 3386. [Guillaume Teissier]
o [NSE] SSH scripts now run on several ports likely to be SSH based on
empirical data from Shodan.io, as well as the netconf-ssh service.
[Lim Shi Min Jonathan, Daniel Miller]
o [Zenmap] Stop creating a debugging output file 'tmp.txt' on the
desktop in macOS. [Roland Linder]
o [Nping] Address build failure under libc++ due to "using namespace \
std;" in
several headers, resulting in conflicting definitions of bind(). Reported by
StormBytePP and Rosen Penev. [Daniel Miller]
o [Ncat] Fix a fatal error when connecting to a Linux VM socket with
verbose output enabled. [Stefano Garzarella]
o [Ncat] Proxy credentials can be alternatively passed onto Ncat by
setting environment variable NCAT_PROXY_AUTH, which reduces the risk of the
credentials getting captured in process logs. [nnposter]
o [NSE] Fixed a crash on Windows when processing a GZIP-encoded HTTP
body. [Daniel Miller]
o Upgrade libpcap to 1.9.1, which addresses several CVE vulnerabilities.
o Upgrade libssh2 to 1.9.0, fixing compilation with OpenSSL 1.1.0 API.
o Processing of IP address CIDR blocks was not working
correctly on ppc64, ppc64le, and s390x architectures. [rfrohl, nnposter]
o [Windows] Add support for the new loopback behavior in Npcap 0.9983 and
later. This enables Nmap to scan localhost on Windows without needing the
Npcap Loopback Adapter to be installed, which was a source of problems for
some users. [Daniel Miller]
o [NSE] MS SQL library has improved version resolution, from service pack level
to individual cumulative updates [nnposter]
o [NSE] With increased verbosity, script http-default-accounts now
reports matched target fingerprints even if no default credentials were found
[nnposter]
o [NSE] IPP request object conversion to string was not working
correctly [nnposter]
o [NSE] IPP response parser was not correctly processing
end-of-attributes-tag [nnposter]
o [NSE] Script cups-info was failing due to erroneous double-decoding
of the IPP printer status [nnposter]
o [NSE] Oracle TNS parser was incorrectly unmarshalling DALC byte
arrays [nnposter]
o [NSE] The password hashing function for Oracle 10g was not working correctly
for non-alphanumeric characters [nnposter]
o [NSE] Virtual host probing list, vhosts-full.lst, was missing numerous
entries present in vhosts-default.lst [nnposter]
o [NSE] Script http-grep was not correctly calculating Luhn
checksum [Colleen Li, nnposter]
o [NSE] Scripts dhcp-discover and broadcast-dhcp-discover now support
new argument "mac" to force a specific client MAC address [nnposter]
o [NSE] Code improvements in RPC Dump, benefitting NFS-related scripts
[nnposter]
o [NSE] RPC code was using incorrect port range, which was causing some calls,
such as NFS mountd, to fail intermittently [nnposter]
o [NSE] XML output from script ssl-cert now includes RSA key modulus
and exponent [nnposter]
o [NSE] Nmap no longer crashes when SMB scripts, such as smb-ls, call
smb.find_files [nnposter]
o [NSE] The MongoDB library was causing errors when assembling protocol
payloads. [nnposter]
o [NSE] The RTSP library was not correctly generating request
strings. [nnposter]
o [NSE] VNC handshakes were failing with insert position out of bounds
error. [nnposter]
o [NSE] Function marshall_dom_sid2 in library msrpctypes was not
correctly populating ID Authority. [nnposter]
o [NSE] Unmarshalling functions in library msrpctypes were attempting
arithmetic on a nil argument. [Ivan Ivanov, nnposter]
o [NSE] Functions lsa_lookupnames2 and lsa_lookupsids2 in library
msrpc were incorrectly referencing function strjoin when called with debug
level 2 or higher. [Ivan Ivanov]
o [NSE] Added HTTP default account fingerprints for Tomcat
Host Manager and Dell iDRAC9. [Clément Notin]
o [NSE] A MS-SMB spec non-compliance in Samba was causing
protocol negotiation to fail with data string too short error.
[Clément Notin, nnposter]
o [NSE] A bug in SMB library was causing scripts to
fail with bad format argument error. [Ivan Ivanov]
o [NSE] The HTTP library no longer crashes when code requests digest
authentication but the server does not provide the necessary authentication
header. [nnposter]
o [NSE] Fixed a bug in http-wordpress-users.nse that could cause
extraneous output to be captured as part of a username. [Duarte Silva]
|