Home page logo

nmap-dev logo Nmap Development mailing list archives

Ncrack 0.4ALPHA Release
From: ithilgore - <ithilgore.ryu.l () gmail com>
Date: Thu, 28 Apr 2011 14:32:51 +0300

Hello nmap-dev.

I am pleased to announce the 0.4ALPHA release of the high-speed
network authentication cracking tool Ncrack. This release brings you the VNC
module - a fine contribution by rhh of rycon.hu, the Ncrack
Developer's Guide (which
has also been announced on a separate mail previously) and some additional
(mostly debugging) extensions and important bug fixes.

Ncrack started as an Nmap Google Summer of Code project in 2009 and
was further developed
during Google Summer of Code 2010. As this release shows, Ncrack can
turn into an
even better tool with your own contributions, whether they are modules
for additional protocols
or bug fixes/reports. The Ncrack Developer's Guide was written to help
and guide you on the
process of building modules and to show you how easily this can be
done. Therefore, this is
also a call for developers to start contributing even more actively.

As always, a source code tarball, Windows setup executable, and Mac OS X dmg
installer are all available from the website:


You can also find an online version of the man page at:


In addition, you can always download the latest svn source code like this:
svn co --username guest --password "" svn://svn.insecure.org/ncrack

Please send all feedback to the nmap-dev mailing list

Here goes the full list of major changes since the previous release:

o Added the VNC module to Ncrack's arsenal. Thanks to rhh of rycon.hu for
  implementing the module and discussing about it for further improvement.

o Wrote the Ncrack Developer's Guide, which is meant to give an overall
  insight into Ncrack's architecture and help programmers develop their own
  modules (http://nmap.org/ncrack/devguide.html)

o Fixed critical bug in RDP module, which caused Ncrack to fail cracking
  some Windows 2003 server versions.

o Added a mechanism (MODULE_ERR), which modules can use to report to the
  Ncrack engine that the authentication wasn't completed due to an
  application error. For instance, the VNC server often notifies the client
  that there are "too many authentication failures" and Ncrack can then
  close the running connections and wait some time until the above wears

o Ncrack can now print the nsock EID (unique connection ID) in debugging
  messages. This will greatly help us track problems, since error messages
  will be matched to certain connections.


Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]