Re: Nmap 5.61TEST1 released

["DePriest, Jason R." <jrdepriest () gmail com>]

Every time I read a changelog I get excited.  After all these years,
you guys are still developing nmap, improving it, creating brand new
features that weren't even possible when you released the first public
version via Phrack in 1997.

Thanks to everyone to works on it, who tests for bugs, who contributes
signatures, who writes code or scripts.

Nmap is awesome... and it's free!

On Mon, Sep 19, 2011 at 8:33 PM, Fyodor <> wrote:
> Hi Folks!  I just made an informal test release with all of the latest
> features from svn.  It is particularly great for those on Windows or
> Mac (or anyone else not using the svn release) who want to submit IPv6
> OS detection fingerprints per David's call for submissions:
> http://seclists.org/nmap-dev/2011/q3/816.
>
> Of course this version has many other improvements as well, as you can
> see in the partial changelog below.  To make things extra easy, I've
> posted this version to the Nmap download page:
>
> http://nmap.org/download.html
>
> Give it a try, and let us know on nmap-dev if you find any problems.
> We're anxious for things to stabalize so we can put out our first
> stable release since February.  Of course we keep blowing it by adding
> new features, but sometimes that is just too hard to resist :).
>
> Here is the (partial) CHANGELOG since 5.59BETA1:
>
> Nmap 5.61TEST1 [2011-09-19]
>
> o The changelog entries below for this test release are not yet
>  finished or comprehensive.  We'll update them soon.
>
> o [Ncat] Updated ca-bundle.crt (primarily to remove DigiNotar).
>
> o Fixed compilation on OS X 10.7 Lion. Thanks to Patrik Karlsson and
>  Babak Farroki for researching fixes.
>
> o [NSE] Fixed SSL compressor names in ssl-enum-ciphers.nse, and
>  removed redundant multiple listings of the NULL compressor.
>  [Matt Selsky]
>
> o [NSE] Added cipher strength ratings to ssl-enum-ciphers.nse.
>  [Gabriel Lawrence]
>
> o Added Common Platform Enumeration (CPE, http://cpe.mitre.org/)
>  output for OS and service versions. These show up in normal output
>  with the headings "OS CPE:" and "Service Info:":
>    OS CPE: cpe:/o:linux:kernel:2.6.39
>    Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
>  These also appear in XML output, which additionally has CPE entries
>  for service versions. [David, Henri]
>
> o [NSE] Added new default credential list for Oracle and modified the
>  oracle-brute script to make use of it. [Patrik]
>
> o [NSE] Added xmpp-info.nse as a replacement for xmpp.nse. This updated version
>  brings new features and fixes. [Vasiliy Kulikov]
>
> o Fixed RPC scan for 64-bit architectures by using fixed-size data
>  types. [David]
>
> o Relaxed the XML DTD to allow validation of files where the verbosity
>  level changed during the scan. [Daniel Miller]
>
> o Made a service confidence of 8 (used when tcpwrapped) and indeed any
>  number between 0 and 10 be legal in XML output according to the DTD.
>  [Daniel Miller]
>
> o [NSE] Added three scripts that do host discovery on local IPv6
>  subnets. Each of them uses a different multicast technique, meaning
>  that even very large networks have host discovery done without
>  needing to probe every address individually.
>  + targets-multicast-ipv6-echo: Sends a multicast echo request, like
>    broadcast-ping does for IPv4.
>  + targets-multicast-ipv6-invalid-dst: Sends an invalid packet that
>    can elicit an ICMPv6 Parameter Problem response.
>  + targets-multicast-ipv6-slaac: Sends a phony router advertisement,
>    which causes hosts to allocate a temporary address and then send a
>    packet to discover if anyone else is using the address.
>  [Weilin, David]
>
> o [NSE] Added functions to packet.lua to make it easier to build IPv6
>  packets. [Weilin]
>
> o [NSE] Added new script http-vuln-cve2011-3192 which checks whether an instance
>  of Apache is vulnerable to a DoS attack exploiting the byterange filter.
>  [Duarte Silva].
>
> o [NSE] Fixed authentication problems in the TNS library that would prevent
>  authentication from working against Oracle 11.2.0.2.0 XE [Chris Woodbury]
>
> o Removed some restrictions on probe matching that, for example,
>  prevented a RST/ACK reply from being recognized in a NULL scan. This
>  was found and fixed by Matthew Stickney and Joe McEachern.
>
> o Rearranged some characters classes in service matches to avoid any
>  that look like POSIX collating symbols ("[.xyz.]"). John Hutchison
>  discovered this error caused by one of the match lines:
>    InitMatch: illegal regexp: POSIX collating elements are not supported
>  [Daniel Miller]
>
> o [NSE] Added the address-info.nse script, which shows extra information about IP addresses.
>
> o [NSE] Added scripts http-joomla-brute, http-wordpress-brute, http-wp-enum and
>  http-awstatstotal-exec. [Paulino]
>
> o [Zenmap] Fixed zenmap deleting ports based on newer scans which did
>  not actually scan the port in question. Additionally ncat now only
>  updates ports with new information if the new information is the same
>  protocol. Not just the same port. [Colin Rice]
>
> o [Ncat] Fixed ncat crashing with --ssl-verify -vvv on windows. [Colin Rice]
>
> o [NSE] Added script http-waf-detect. This script tries to determine
>  if an IDS/IPS/WAF is protecting a web server. [Paulino]
>
> o [NSE] Added the bittorrent library and bittorrent-discovery script which
>  enables us to discover peers and nodes for a particular torrent file or
>  magnet link.
>
> o [NSE] Added basic query support to the Oracle TNS library making it possible
>  for scripts to query the database server using SQL. [Patrik]
>
> o [Ncat] Added --append-output option, that when used along with -o and/or -x
>  prevents clobbering(truncating) an existing file. [Shinnok]
>
> o [NSE] Added script broadcast-listener that attempts to discover hosts by
>  passively listening to the network. It does so by decoding ethernet and IP
>  broadcast and multicast messages. [Patrik]
>
> o Fixed a bug that would make Nmap segfault if it failed to open an interface
>  using pcap. The bug details and patch are posted here:
>  http://seclists.org/nmap-dev/2011/q3/365 [Patrik]
>
> o Ncat SCTP mode supports connection brokering now(--sctp --broker). [Shinnok]
>
> o Nmap now defers options parsing until it has read through all the command line
>  arguments. You can now use options like -S with an IPv6 address before
>  specifying -6 at the command line, which previously got you an error.
>  [Shinnok]
>
> o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs
>  brute force password auditing against XMPP (Jabber) servers. [Patrik]
>
> o [NSE] Fixed a bug in the ssh2-enum-algos script that would prevent it from
>  displaying any output unless run in debug mode. [Patrik]
>
> o [NSE] Fixed the nsedebug print_hex() function so it does not print an
>  empty line if there are no remaining characters, and improved its NSEDoc.
>  [Chris Woodbury].
>
> o [NSE] Added the scripts http-axis2-dir-traversal and
>  http-litespeed-sourcecode-download that exploits a directory traversal and
>  null byte poisoning vulnerabilities in Apache Axis2 and LiteSpeed Web Server
>  respectively. [Paulino]
>
> o [Ncat] Ncat now no longer blocks while an ssl handshake is taking place or
>  waiting to complete. [Shinnok]
>
> o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover
>  message to the broadcast address and collects and reports the network
>  information received from the DHCP server. [Patrik]
>
> o [NSE] Added the script smtp-brute that performs brute force password
>  auditing against SMTP servers. [Patrik]
>
> o [NSE] Updated SMTP library to support authentication using both plain-text
>  and the SASL library. [Patrik]
>
> o [NSE] Added the script imap-brute that performs brute force password
>  auditing against IMAP servers. [Patrik]
>
> o [NSE] Updated IMAP library to support authentication using both plain-text
>  and the SASL library. [Patrik]
>
> o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson
>  providing common code for "Simple Authentication and Security Layer" to
>  services supporting it. The algorithms supported by the library are:
>  PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]
>
> o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs
>  library. The cvs-brute-repository script allows for guessing possible
>  repository names needed in order to perform password guessing using the
>  cvs-brute.nse script. [Patrik]
>
> o [Zenmap] The Zenmap crash handler now instructs you to mail in crash
>  information to nmap-dev. [Colin Rice]
>
> o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4
>  ARP scan. It is the default ping type for local IPv6 networks.
>  [Weilin]
>
> o [NSE] Added smtp-vuln-cve2011-1764 script, which checks if the Exim
>  SMTP server is vulnerable to the DKIM Format String vulnerability
>  (CVE-2011-1764). [Djalal]
>
> o Added the broadcast-ping script which sends icmp packets to broadcast
>  addresses on the selected network interface, or all ethernet interfaces if
>  none is selected. It has the option to add the discovered hosts as targets.
>
> o [NSE] Applied patch from Chris Woodbury that adds the following additional
>  information to the output of smb-os-discovery:
>  + Forest name
>  + FQDN
>  + NetBIOS computer name
>  + NetBIOS domain name
>
> o [Ncat] Ncat now supports IPV6 addresses by default without the -6 flag.
>  Additionally ncat listens on both :: and localhost when passed
>  -l, or any other listening mode unless a specific listening address is
>  supplied.
>
> o [NSE] Split script db2-discover into two scripts, adding a new
>  broadcast-db2-discover script. This script attempts to discover DB2
>  database servers through broadcast requests. [Patrik Karlsson]
>
> o Fixed broken XML output in the case of timed-out hosts; the
>  enclosing host element was missing. The fix was suggested by Rémi
>  Mollon.
>
> o [NSE] Added ftp-vuln-cve2010-4221 script, which checks if the ProFTPD
>  server is vulnerable to the Telnet IAC stack overflow vulnerability
>  (CVE-2010-4221). [Djalal]
>
> o [NSE] Added ftp-vsftpd-backdoor, which detects a backdoor that was introduced
>  into vsftpd-2.3.4 source code distributions. [Daniel Miller]
>
> o [NSE] ldap-brute.nse - Multiple changes:
>  + Added support for 2008 R2 functional level Active Directory instances
>    to ldap-brute.
>  + Added detection for valid credentials where the target account was
>    expired or limited by time or login host constraints.
>  + Added support for specifying a UPN suffix to be appended to usernames
>    when brute forcing Microsoft Active Directory accounts.
>  + Added support for saving discovered credentials to a CSV file.
>  + Now reports valid credentials as they are discovered when the script
>    is run with -vv or higher.
>        [Tom Sellers]
>
> o [NSE] ldap-search.nse - Added support for saving search results to
>  CSV.  This is done by using the ldap.savesearch script argument to
>  specify an output filename prefix.  [Tom Sellers]
>
> o [NSE] Updated smb-brute to add detection for valid credentials where the
>  target account was expired or limited by time or login host constraints.
>  [Tom Sellers]
>
> o [NSE] Updated account status text in brute force password discovery
>  scripts in an effort to make the reporting more consistent across
>  all scripts.  This will have an impact on any code that parses these
>  values.  [Tom Sellers]
>
>
> Cheers,
> Fyodor
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/