Home page logo
nmap-dev logo
Nmap Development Mailing List

Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

List Archives


Latest Posts

New VA Modules: MSF: 6, Nessus: 14, OpenVAS: 6 New VA Module Alert Service (Aug 27)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Metasploit modules (6) ==



"Idle scan" using fragment cache David Fifield (Aug 27)
I learned of a neat new technique for an idle-like scan (that doesn't
actually require the zombie to be idle). It was in work by Jeffrey
Knockel and Jed Crandall presented at the FOCI workshop this year.

It uses the IP fragment cache, where fragments wait until they can be
reassembled. The scanning host first salts the target with fragments
bearing different IP IDs, spoofed as if they come from the zombie. It
then spoofs large echo requests...

Re: IPv6 OS fingerprinting crashes on Ubuntu/Debian with UFW enabled Daniel Miller (Aug 27)
Yes, Nmap was quitting with pfatal at this point. r33619 should allow it to
continue, but marks the whole fingerprint as "incomplete" which prevents it
from being suggested for submission. The fix was a bit more invasive than I
would have wished (new bool members for FingerPrintResults and FPHost), but
it should work no matter what probe fails to be sent. The error message
regarding the contents of the probe is still presented, just...

Re: [NSE] ntp-info probing logic? nnposter (Aug 26)
Daniel Miller wrote:

The payload looks fine to me. Also, I have run both the original
version (with my proposed modification) and this new version against
a hodgepodge of about 1,700 NTP-enabled targets. With respect to the
timestamp there was no difference. Each target either responded to both
or neither.

There seem to be two issues here:

* Some assignments have zero-length values, such as foo=, bar=blah.
Cisco is one of the culprits. The old...

Re: OSX 10.9 & NMap 6.47 Daniel Miller (Aug 26)
On Tue, Aug 26, 2014 at 2:12 PM, Niel Skousen <nskousen () ecsecurityinc com>


The fix (which has worked for several bug reports in the past) is to
completely delete the Zenmap.app directory (usually
/Applications/Zenmap.app/) before re-installing.


Re: ssh-hostkey assertion Daniel Miller (Aug 26)

Thanks again for this bug report. I fixed it in r33615; you can reproduce
with any OpenSSH server by setting:

KexAlgorithms diffie-hellman-group14-sha1

in your sshd_config. We were assuming (based on the RFC 4253 "MUST be
supported" language) that diffie-hellman-group1-sha1 would always be
supported. I just added the group14 kex method, but this may be solved in
the future by moving to libssh2 for these things instead of doing...

New VA Modules: MSF: 2, Nessus: 16, OpenVAS: 2 New VA Module Alert Service (Aug 26)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Metasploit modules (2) ==

JBoss JMX Console Beanshell Deployer WAR Upload and Deployment


Re: ssh-hostkey assertion Kent Fritz (Aug 26)
I'll send a pcap off-list.

I'm running a recent snapshot, which is probably very close to what will
be released as 5.6 in November. I don't have 5.5 installed anywhere (never
bothered due to OpenSSL bugs). I suspect that some key exchange algorithm
got deprecated.

Re: [nmap-svn] r33611 - in nmap: nselib nselib/lpeg scripts Daniel Miller (Aug 26)
On Mon, Aug 25, 2014 at 9:10 PM, Patrick Donnelly <batrick () batbytes com>

In this case, I believe we could also move http.lua to http/init.lua, but I
don't know that that is a good idea.

I know you're just giving your first thoughts, but I don't see why JSON
should be treated any differently than ASN.1.

Yes! I use nsedebug.tostr quite often when refining scripts.

I'm not opposed to it. There are currently...

Re: [nmap-svn] r33611 - in nmap: nselib nselib/lpeg scripts Patrick Donnelly (Aug 26)
Understandable! =)

A select few (mostly from a cursory look at NSEDoc):

lpeg-utility.lua -> lpeg/utility.lua (obviously)

httpspider -> http/spider.lua

asn1.lua -> enc/asn1.lua
base32.lua -> enc/base32.lua
base64.lua -> enc/base64.lua

json.lua -> xchange/json.lua

General NSE specific stuff:

target -> stdnse/target.lua
nsedebug -> stdnse/debug.lua (do we even use this anymore?)
tab -> stdnse/tab.lua


Re: [nmap-svn] r33611 - in nmap: nselib nselib/lpeg scripts Daniel Miller (Aug 26)

There's no reason it couldn't be fixed, but having just gone through the
rigmarole of building RPMs and installers for OS X and Windows, I didn't
feel like hunting down all the places these files are referenced. This was
the quick fix to allow folks to continue using the trunk without issues.

I'll put an entry into the todo.txt for this idea. Do you have ideas for
other libraries that could be organized together?...

Re: [nmap-svn] r33611 - in nmap: nselib nselib/lpeg scripts Patrick Donnelly (Aug 26)
Any chance these issues can be fixed? I think nselib/ is getting a
little huge and some hierarchical organization would be a step in the
right direction towards alleviating that. :)

Re: ssh-hostkey assertion Daniel Miller (Aug 25)
On Mon, Aug 25, 2014 at 11:17 AM, Kent Fritz <kfritz () wolfman devio us>

previous versions.

The assertion is triggered by a failure to extract the payload and padding
lengths from an SSH2 packet. I can't reproduce this, so could you provide
either the output with --packet-trace or (preferably) a pcap of the

I couldn't reproduce this with OpenSSH 6.6 on OpenBSD 5.5, which is the
latest released version on...

Re: Zenmap GUI doesn't start on Mac OS X 10.9 Maverricks / XQuartz 2.7.4 Daniel Miller (Aug 25)
On Mon, Aug 25, 2014 at 11:52 AM, Gregory Gallagher <ggallagjr () verizon net>

Glad to hear it's working for you. Happy scanning!


Re: Adding non-blocking connect(), pre_loop and post_loop to NSE? Patrick Donnelly (Aug 25)

The way to do this NSE is to spawn worker threads which block normally on

See http://nmap.org/book/nse-parallelism.html

More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]