Home page logo
nmap-dev logo
Nmap Development Mailing List

Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

List Archives


Latest Posts

Jay's Status Report #9 of 13 Jay Bosamiya (Jul 22)
Hi All!

This is the report for week 9.


* Completed implementing and testing intensity for version ports
scripts patch. Posted on list. Thread at [1]. Committed as revision
33290, 33291.
* Completed implementing and testing the show TTL patch. Posted on
list. A lot of discussion happened on the possible followups for
this. Thread at [2].
* Discussed a lot on the --ignore-after option (previously known as...

Claudiu's GSOC status report #9 of 13 Claudiu Perta (Jul 21)
Hi everybody,

This is my GSOC weekly report.

* Worked on porting some of the IPMI modules from Metasploit to nmap:
* ipmi.lua - the protocol specification
* ipmi-version.nse - for basic IPMI host information discovery
* ipmi-cipher-zero.nse - identifies the cipher-zero vulnerability
(need to finish addressing Daniel's suggestions - thanks again for
the feedback)

* Spent some time testing/debugging the ipmi scripts...

Devin's Status Report #9 of 13 devin bjelland (Jul 21)
Hi everyone,

This is my status report for week 9 of my Google Summer of Code project.
This week I worked on finishing up my libssh2 branch as well as some other
small projects I have been working on. I didn't get as much done as I would
like, as I have had limited internet access the last few days.

- Modified user-auth and ssh-brute to respect that allowed authentication
methods is not a user specific setting
- Added...

Jacek's Status Report #9 of 13 Jacek Wielemborek (Jul 21)

This is my report for week 9 of "Nsock-based port scanning"
Google Summer of Code project.


* Cleaned up and comitted some of my unpushed changes to various
branches of my SVN directory:

-> Integrated the new plotting code to the script that generates daily
regression testing reports,
-> Added more ideas for use cases for the regression testing script,
-> (more?)

* Analyzed and fixed a bug...

Re: Zenmap crashes on nmap -sL <range>/13, succeeds with <range/14>.... Daniel Miller (Jul 21)

Thanks for this bug report. We have recently implemented a handler for this
exception that will discard Nmap's regular output to save memory and allow
the scan to continue. This will be included in the next release.

Unfortunately, your case seems to be the smallest that we've seen trigger a
MemoryError. Can you give more information about the resources in the VM
you are using? How much memory is available?

It is expected that...

Re: Zenmap crash Daniel Miller (Jul 21)

Thank you for the bug report. This is a known issue on systems that have
the antiquated PyXML package installed. See the discussion and workaround
at [1]. The workaround will be built into the next release.


[1] http://seclists.org/nmap-dev/2014/q2/320

On Fri, Jul 18, 2014 at 9:18 AM, Sergey Mosin <serge () theblacklistnyc com>

Re: New Snowden leak: British spy agency has secret program to enhance Nmap for stealthier scanning through Tor Daniel Miller (Jul 21)

Unfortunately, the --proxy option does not cover host discovery or the
portscan phase yet. It affects the TCP Nsock-based portions of Nmap only,
which for now consists of service version detection, NSE scripts. IPv6
support is not included. The best candidates for moving to Nsock (and thus
improving --proxy support) seem to be:

* forward DNS lookups (requires SOCKS4a or SOCKS5)
* TCP connect (-sT) scan (Jacek is working on this for...

New VA Modules: OpenVAS: 2 New VA Module Alert Service (Jul 21)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== OpenVAS plugins (2) ==

r578 702981 2014/deb_2981.nasl
Debian Security Advisory DSA 2981-1 (polarssl - security update

r578 702982 2014/deb_2982.nasl...

New VA Modules: MSF: 2, Nessus: 6 New VA Module Alert Service (Jul 20)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Metasploit modules (2) ==

Multi manage Dbvis add remote admin

17b2169b https://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/manage/dbvis_query.rb
Multi Manage...

Re: New Snowden leak: British spy agency has secret program to enhance Nmap for stealthier scanning through Tor Darren M (Jul 19)
Hello list,

This is already pretty much implemented as part of nmap at this stage.

nmap --proxy socks4:// -sC -iL targets.txt

That does the trick for me, although if they have some way of
parallelizing it or something to make it "go faster" (I guess a set of
scripts that do this over a few tor instances and send NEWNYM signals
frequently to change the next connections source IP address?) it would
be nice to figure out....

Zenmap crashes on nmap -sL <range>/13, succeeds with <range/14>.... steven macfarlane (Jul 19)
nmap -sL - finishes successfully
nmap -sL - crashes with error below:

Version: 6.46
Traceback (most recent call last):
File "zenmapGUI\ScanInterface.pyo", line 597, in verify_execution
File "zenmapGUI\ScanInterface.pyo", line 652, in load_from_command
File "zenmapCore\NmapCommand.pyo", line 352, in get_output
File "codecs.pyo", line 471, in read

This is...

Zenmap crash Sergey Mosin (Jul 19)
It might be my python version though....

Version: 6.46
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/zenmapGUI/ScanInterface.py",
line 597, in verify_execution
File "/usr/lib/python2.7/site-packages/zenmapGUI/ScanInterface.py",
line 613, in load_from_command

Broken version of shortport.lua in 6.46 tarball Paulino Calderon Pale (Jul 19)

I got a report about a possibly broken shortport.lua in the tarball http://nmap.org/dist/nmap-6.46.tar.bz2 but it
seems to be fixed in the repository already. If anyone else is having similar problems, just update your working copy.


Begin forwarded message:

oracle-brute-stealth script hash but no salt Milliron, Brian (Jul 19)
I'm using the oracle-brute-stealth script against an Oracle server my vuln scanners have identified as vulnerable to
this exploit. I get the expected hashes in response, but without the salt. Is it possible there is no salt? Some
information is missing maybe? Am I missing some support library? Is the TNS session getting mangled? Hopefully
someone here can shed some light on the situation.

nmap -p 1521 --script oracle-brute-stealth...

Zenmap not opening Patrick Dalesio (Jul 19)
After double clicking the Zenmap Icon it prompts me for my password after entering it in nothing happens and the app
does not open… Any help? I would really like to use this program!

PS: I do have X11 installed


More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]