Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.

List Archives

Latest Posts

Nmap 5.10BETA1 released Fyodor (Nov 23)
Hi folks. I'm happy to announce our first post-5.00 release! It
contains the results of a full five months of work, since the 5.00
release candidate was branched off in June. Good work, everybody!

Changes include:
o 14 new NSE scripts, bringing the total to 72!

o A brand new (much faster and more efficient) --traceroute system

o The Zenmap host filter (Ctrl-L) for drilling down to the exact
systems you want to see in a big scan based...

Re: SIP version detection script Matt Selsky (Nov 22)
Any reason not to run this script on 5060/tcp as well?

SIP version detection script Patrik Karlsson (Nov 22)
It's always nice to make a first impression as the "Teletubby that forgets the attachment" ... Well here it is :)

Patrik Karlsson
http://www.cqure.net

SIP version detection script Patrik Karlsson (Nov 22)
Hi all,

I just finished my first nmap script with some great help from Ron Bowes.
Like the e-mail subject states it does version detection for the SIP protocol.
I've done some basic testing and it looks as if it does what it't intended to.

Here's some sample output:

Interesting ports on 192.168.56.3:
PORT STATE SERVICE VERSION
5060/udp open|filtered sip Asterisk PBX

Interesting ports on 192.168.56.4:
PORT STATE...

Re: Pushed in my changes Fyodor (Nov 22)
Thanks Ron! BTW, my proposal actually had two spaces of indention per
level rather than just one, so I changed it to that.

Cheers,
-F

Re: nmap 5 memory usage David Fifield (Nov 20)
I tried this command with the Massif memory profiler. For me it grows to
about 70 MB too. It turns out that almost all of this (over 80%) is from
parsing the nmap-os-db file.

http://www.bamsoftware.com/wiki/Nmap/Memory#a20091120

The OS database has been growing, but the bigger cause is probably the
increase in the size of each test value, which was increased from 128 to
256 in r11074 in November 2008. All test values are allocated the same...

Re: [nmap-svn] r16159 - nmap/nselib Ron (Nov 20)
Sorry, I committed some extra code in this one that I didn't mean to
(should have 'svn diff'ed.. oops).

The code is simply functions that aren't called from anywhere (yet), so,
unless somebody minds, I'm just going to leave it.

commit-mailer () insecure org wrote:

Pushed in my changes Ron (Nov 20)
Nobody had any issues with smb-enum-groups or my updated output, so I
committed the changes into the main trunk. This'll be the last of my
changes for a little while, since I'm sort of out of ideas. I didn't
want to leave stuff sitting my branch, though.

I added smb-enum-groups.nse to the CHANGELOG, but not the updated output
(I didn't want to mess with it too much while Fyodor was updating it).

As for the updated output, I went with...

Re: Removing email addresses from NSE script author field Ron (Nov 20)
Fyodor wrote:

Someone should stop that guy!

Ultimately, I don't care. Whenever I put my email address somewhere, I'm
always aware of the spam risk, so I wasn't too worried. But it's
probably a good idea to get rid of it.

Ron

Re: Removing email addresses from NSE script author field DePriest, Jason R. (Nov 19)
I never thought about them being used to fuel SPAM.

Keeping the names and removing the email addresses should be okay
since anyone who is actively maintaining a script will likely be
reading the nmap-dev list.

Perhaps put information about subscribing to or contacting nmap-dev
instead of individual email addresses?

-Jason

Removing email addresses from NSE script author field Fyodor (Nov 19)
Hi folks. I've noticed NSE author fields in several formats,
including:

p2p-conficker.nse: author = "Ron Bowes (with research from Symantec Security Response)"

http-enum.nse: author = "Ron Bowes <ron () skullsecurity net>, Andrew Orr
<andrew () andreworr ca>, Rob Nicholls
<robert () everythingeverything co uk>"

smb-enum-sessions.nse: author = "Ron...

Nmap's memory use David Fifield (Nov 19)
Hi,

We've had some report recently about Nmap using a lot of memory.

"Port memory bloat"
http://seclists.org/nmap-dev/2009/q3/926
"nmap 5 memory usage"
http://seclists.org/nmap-dev/2009/q4/300

I started looking at ways to improve this. This note is to let you know
what I've found so far and to ask if anyone has tips on memory
profiling.

In the first link above, Pavel Kankovsky observed that it is the Port
class that is...

Re: Bug/Enhancement (ncat/nsock) - Recognize Winsock error codes David Fifield (Nov 19)
Hi Paul, thanks for your suggestion. The next release of Ncat will have
this. When Ncat has a connection error, it will print the error even
without -v, and it will interpret the Windows error codes.

The Nsock messages don't interpret the Windows codes, because as I
recall those strings can be long and contain newlines. Nsock tracing is
a low-level option; we wanted to make the information from common
connection errors visible without excessive...

Re: Scanning 255.255.255.255 from Windows Jon Kibler (Nov 19)
David Fifield wrote:

Although I cannot test right now to verify it, I seem to recall that (at least
for Linux) packets sent to 255.255.255.255/32 usually (always?) have a
destination MAC address of FF:FF:FF:FF:FF:FF. Maybe nmap should simply set the
MAC associated with 255.255.255.255/32 to FF:FF:FF:FF:FF:FF?

Jon

Bug/Enhancement (ncat/nsock) - Recognize Winsock error codes Paul Milliken (Nov 19)
Hi,

I've noticed that ncat doesn't interpret Windows Socket errors,
instead displaying them as "Unknown error". Contrast the following
outputs from Windows and Linux respectively:

C:\tools\nmap-5.00>ncat -v -v -v 10.10.130.140 8888
Ncat version 5.00 ( http://nmap.org/ncat )
NSOCK (0.0620s) TCP connection requested to 10.10.130.140:8888 (IOD #1) EID 8
NSOCK (1.0160s) Callback: CONNECT ERROR [Unknown error (10061)] for
EID 8...

More Lists

Dozens of other network security lists are archived at SecLists.Org.