Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: First Nmap SOC release! Nmap 4.22SOC1

First Nmap SOC release! Nmap 4.22SOC1

From: Fyodor <fyodor_at_insecure.org>
Date: Sun, 8 Jul 2007 16:37:55 -0700

Hi Everyone! I'm happy to put out the first test release with all of
the SoC changes we've seen over the past couple of months! There are
some huge changes, so I'm sure this release will have some gotchas.
But it has worked in my testing on Linux and Windows this morning. So
please give it a try and report any problems to nmap-dev! If any
serious issues crop up, we'll try to fix them for a new release this
coming week. For now this release is in the Nmap dist directory but
not listed on the download page. I'll give you guys a day or two to
chew on it first.

The changes are immense (described in detail below). We're talking
integration of the UMIT frontend in the tarball (this is the most
experimental part), an overhauled port selection mechanism by which
lets you scan just the statistically most common ports, tons of new
Nmap Scripting Engine (NSE) scripts (31 now), the --reason option,
tons of new OS and version detection signatures, the NSE Library which
lets you write common routines in C or LUA and make them available to
all NSE scripts, and much more!

Here are the goods in the usual formats:

http://download.insecure.org/nmap/dist/nmap-4.22SOC1.tar.bz2
http://download.insecure.org/nmap/dist/nmap-4.22SOC1-setup.exe
http://download.insecure.org/nmap/dist/nmap-4.22SOC1-win32.zip
http://download.insecure.org/nmap/dist/nmap-4.22SOC1-1.src.rpm
http://download.insecure.org/nmap/dist/nmap-4.22SOC1-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.22SOC1-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-4.22SOC1-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.22SOC1-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-4.22SOC1.tgz

I hope this works well for you! And if not, we're looking forward to
your detailed description of the problem so we can fix it!

Here is a detailed list of the most important changes since 4.22SOC1:

o The UMIT graphical Nmap frontend is now included (as an ALPHA TEST
  release) with the Nmap tarball distribution. It isn't yet in the
  RPMs or the Windows distributions. UMIT is written with Python/GTK
  and has many huge advantages over NmapFE. It installs from the Nmap
  source tarballs as part of the "make install" process unless you
  specify --without-umit to configure. Please give UMIT a try (the
  executable is named umit) and let us know the results! We hope to
  include UMIT in the Windows Nmap distributions soon.

o The port selection mechanism was overhauled. Nmap now knows
  (roughly) how common various services are, so you can specify
  options such as --top-ports 50 to scan the 50 most popular ports.
  You can also use the new --port-ratio option to scan ports above a
  given popularity level. You can also now give the -p option service
  names (such as 'http') and wildcards (such as http* to include
  services such as https and http-mgmt). There is also a bracket ([])
  operator for scanning all known ports within a given range. All
  these changes, by Doug Hoyte, are described at
  http://seclists.org/nmap-dev/2007/q2/0224.html .

o Added more Nmap Scripting Engine scripts, bringing the total to 31.
  The new ones are bruteTelnet (Eddie Bell), SMTPcommands (Jason
  DePriest), iax2Detect (Jason), nbstat (Brandon Enright),
  SNMPsysdescr (Thomas Buchanan), HTTPAuth (Thomas), finger (Eddie),
  ircServerInfo (Doug Hoyte), and MSSQLm (Thomas Buchanan).

o Added the --reason option which explains WHY Nmap assigned a port
  status. For example, a port could be listed as "filtered" because
  no response was received, or because an ICMP network unreachable
  message was received. [ Eddie ]

o Integrated all of your 2nd generation OS detection submissions,
  increasing the database size by 68% since 4.21ALPHA4 to 699
  fingerprints. The 2nd generation database is now nearly half (42%)
  the size of the original. Please keep those submissions coming so
  that we can do another integration round before the SoC program ends
  on August 20! Thanks to David Fifield for doing most of the
  integration work!

o Integrated version detection submissions. The database has grown by
  more than 350 signatures since 4.21ALPHA4. Nmap now has 4,236
  signatures for 432 service protocols. As usual, Doug Hoyte deserves
  credit for the integration marathon, which he describes at
  http://hcsw.org/blog.pl .

o Added the NSE library (nselib) which is a library of useful
  functions (which can be implemented in LUA or as loadable C/C++
  modules) for use by NSE scripts. We already have libraries for bit
  operations (bit), list operations (listop), URL fetching and
  manipulation (url), activation rules (shortport), and miscelaneous
  commonly useful functions (stdnse). Stoiko added the underlying
  functionality, though numerous people contributed to the library
  routines.

o Added --servicedb and --versiondb command-line options which allow
  you to specify a custom Nmap services (port to port number translation
  and port frequency) file or version detection database. [ David
  Fifield ]

o The build dependencies were dramatically reduced by removing
  unneccessary header includes and moving header includes from .h
  files to .cc as well as adding some forward declarations. This
  reduced the number of makefile.dep dependencies from 1469 to 605.
  This should make Nmap compilation faster and prevent some
  portability problems. [David Fifield]

o Upgraded from WinPcap 3.1 to WinPcap 4.01 and fixed a pcap installer
  error. [Eddie]

o In verbose mode, Nmap now reports where it obtains data files (such as
  nmap-services) from. [David Fifield]

o Canonicalized a bunch of OS classes, device types, etc. in the OS
  detection and version scanning databases so they are named
  consistently. [Doug]

o If we get a ICMP Protocol Unreachable from a host other than our
  target during a port scan, we set the state to 'filtered' rather than
  'closed'. This is consistent with how port unreachable errors work for
  udp scan. [Kris]

o Relocated OSScan warning message (could not find 1 closed and 1 open
  port). Now output.cc prints the warning along with a targets OSScan
  results. [Eddie]

o Fixed a bug which caused port 0 to be improperly used for gen1 OS
  detection in some cases when your scan includes port 0 (it isn't
  included by default). Thanks to Sebastian Wolfgarten for the report
  and Kris Katterjohn for the fix.

o The --iflist table now provides Winpcap device names on
  Windows. [Eddie]

o The Nmap reference guide (man page) Docbook XML source is now in the
  SVN repository at svn://svn.insecure.org/nmap/docs/refguide.xml .

o NSE now has garbage collection so that if you forget to close a
  socket before exiting a script, it is closed for you. [Stoiko]

o The <portused> tag in XML output now provides the open TCP port used
  for OS detection as well as the closed TCP and UDP ports which were
  reported previously. [Kris]

o XML output now has a <times> tag for reporting final time
  information which was already printed in normal output in verbose
  mode (round trip time, rtt variance, timeout, etc.) [Kris]

o Changed the XML output format so that the <extrareasons> tag (part
  of Eddie's --reason patch) falls within the <extraports> tag. [Kris]

o Nmap now provides more consise OS fingerprints for submission thanks
  to better merging. [David Fifield]

o A number of changes were made to the Windows build system to handle
  version numbers, publisher field, add/remove program support,
  etc. [Eddie]

o The Nmap -A optionm now enables the traceroute option too [Eddie]

o Improved how the Gen1 OS Detection system selects which UDP ports to
  send probes to. [Kris]

o Updated nmap-mac-prefixes to latest IEEE data as of 5/18/07. Also
  removed some high (greater than 0x80) characters from some company
  names because they were causing this error on Windows when Nmap is
  compiled in Debug mode:
  isctype.c Line 56: Expression: (unsigned)(c + 1) <= 256".
  Thanks to Sina Bahram for the initial report and Thomas Buchanan for
  tracking down the problem.

o Added a SIP (IP phone) probe from Matt Selsky to nmap-service-probes.

o Fixed a bug which prevented the NSE scripts directory from appearing
  in the Win32 .zip version of Nmap.

o Fixed a bug in Traceroute's output. It occured when a traced host could
  be fully consolidated, but only the first hop number was outputted. [Kris]

o The new "rnd" option to -D allows you to ask Nmap to generate random
  decoy IPs rather having to specify them all yourself. [Kris]

o Fixed a Traceroute bug relating to scanning through the localhost
  interface on Windows (which previously caused a crash). Thanks to
  Alan Jones for the report and Eddie Bell for the fix.

o Fixed a traceroute bug related to tracing between interfaces of a
  multi-homed host. Thanks to David Fifield for reporting the problem
  and Eddie Bell for the fix.

o Service detection (-sV) and OS detection (-O) are now (rightfully)
  disabled when used with the IPProto Scan (-sO). Using the Service
  Scan like this led to premature exiting, and the OS Scan led to gross
  inaccuracies. [Kris]

o Updated IANA assignment IP list for random IP (-iR) generation. [Kris]

Enjoy!
-Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Jul 08 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]