Nmap Announce mailing list archives

By Date By Thread Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more! From: Fyodor <fyodor () nmap org>

Date: Tue, 3 Nov 2015 13:52:40 -0800

Hi folks! I'm happy to announce the release of Nmap 6.49BETA6 with many great improvements! This includes a lot of work from our Summer of Code students as well as our regular crew of developers. The release has 10 new NSE scripts, hundreds of new IPv4 and IPv6 OS detection signatures, and a bunch of new version detection sigs bringing our total above 10,000! There are dozens of other improvements as well. As usual, Nmap 6.49BETA5 source code and binary packages for Linux, Windows, and Mac are available for free download from: https://nmap.org/download.html If you find any bugs in this release, please let us know on the Nmap Dev list as described at https://nmap.org/book/man-bugs.html. Now back to the good stuff! Here are the most important changes since BETA5: o Integrated all of your IPv4 OS fingerprint submissions from February to October (1065 of them). Added 219 fingerprints, bringing the new total to 4985. Additions include Linux 4.1, Windows 10, OS X 10.11, iOS 9, FreeBSD 11.0, Android 5.1, and more. Highlights: http://seclists.org/nmap-dev/2015/q4/60 [Daniel Miller] o Integrated all of your IPv6 OS fingerprint submissions from April to October (only 9 of them!). We are steadily improving the IPv6 database, but we need your submissions. The classifier added 3 new groups, bringing the new total to 93. Highlights: http://seclists.org/nmap-dev/2015/q4/61 [Daniel Miller] o Integrated all of your service/version detection fingerprints submitted from February to October (800+ of them). The signature count went up 2.5% to 10293. We now detect 1089 protocols, from afp, bitcoin, and caldav to xml-rpc, yiff, and zebra. Highlights: http://seclists.org/nmap-dev/2015/q4/62 [Daniel Miller] o [NSE] Added 10 NSE scripts from 5 authors, bringing the total up to 509! They are all listed at http://nmap.org/nsedoc/, and the summaries are below (authors are listed in brackets): + knx-gateway-discover and knx-gateway-info scripts gather information from multicast and unicast KNX gateways, which connect home automation systems to IP networks. [Niklaus Schiess, Dominik Schneider] + http-ls parses web server directory index pages with optional recursion. [Pierre Lalet] + xmlrpc-methods perfoms introspection of xmlrpc services and lists methods and their descriptions. [Gyanendra Mishra] + http-fetch can be used like wget or curl to fetch all files, specific filenames, or files that match a given pattern. [Gyanendra Mishra] + http-svn-enum enumerates users of a Subversion repository by examining commit logs. [Gyanendra Mishra] + http-svn-info requests information from a Subversion repository, similar to the "svn info" command. [Gyanendra Mishra] + hnap-info detects and outputs info for Home Network Administration Protocol devices. [Gyanendra Mishra] + http-webdav-scan detects WebDAV servers and reports allowed methods and directory listing. [Gyanendra Mishra] + tor-consensus-checker checks the target's address with the Tor directory authorities to determine if a target is a known Tor node. [Jiayi Ye] o [NSE] Several scripts have been split, combined, or renamed: + [GH#171] smb-check-vulns has been split into: * smb-vuln-conficker * smb-vuln-cve2009-3103 * smb-vuln-ms06-025 * smb-vuln-ms07-029 * smb-vuln-regsvc-dos * smb-vuln-ms08-067 The scripts now use the vulns library, and the "unsafe" script-arg has been replaced by putting the scripts into the "dos" category. [Paulino Calderon] + http-email-harvest was removed, as the new http-grep does email address scraping by default. [Gyanendra Mishra] + http-drupal-modules was renamed to http-drupal-enum. Extended to enumerate both themes and modules of Drupal installaions. [Gyanendra Mishra] o [Ncat] [GH#193] Fix Ncat listen mode over Unix sockets (named pipes) on OS X. This was crashing with the error: Ncat: getnameinfo failed: Undefined error: 0 QUITTING. Fixed by forcing the name to "localhost" [Michael Wallner] o [Zenmap] Fix a crash in Zenmap when using Compare Results: AttributeError: 'NoneType' object has no attribute 'get_nmap_output' [Daniel Miller] o [NSE] [GH#194] Add support for reading fragmented TLS messages to ssl-enum-ciphers. [Jacob Gajek] o [GH#51] Added IPv6 support to nmap_mass_rdns, improved reverse DNS cache, and refactored DNS code to improve readability and extensibility. All in all, this makes the rDNS portion of IPv6 scans much faster. [Gioacchino Mazzurco] o [NSE] Added NTLM brute support to http-brute. [Gyanendra Mishra] o [NSE] Added NTLM authentication support to http.lua and a related function to create an ntlm v2 session response in smbauth.lua. [Gyanendra Mishra] o [NSE] [GH#106] Added a new NSE module, ls.lua, for accumulating and outputting file and directory listings. The afp-ls, nfs-ls, and smb-ls scripts have been converted to use this module. [Pierre Lalet] o [NSE] bacnet-info.nse and s7-info.nse were added to the version category. [Paulino Calderon] o [NSE] Added 124 new identifiers to bacnet-info.nse vendor database. [Paulino Calderon] o [NSE] Fixed bacnet-info.nse to bind to the service port detected during scan instead of fixed port. [Paulino Calderon] o [NSE] Enhanced reporting of elliptic curve names and strengths in ssl-enum-ciphers. The name of the curve is now reported instead of just "ec" [Brandon Paulsen] o [GH#75] Normalize Makefile targets to use the same verb-project format, e.g. build-ncat, check-zenmap, install-nping, clean-nsock [Gioacchino Mazzurco] o [NSE] Added builtin pattern and multiple pattern search to http-grep. [Gyanendra Mishra] o [NSE] http-crossdomainxml is now http-cross-domain-policy and supports client access policies and uses the new SLAXML parser. [Gyanendra Mishra] o [NSE] Added a patch for vulns lib that allows list of tables to be submitted to fields in the vulns report. [Jacob Gajek] o [NSE] Added additional checks for successful PUT request in http-put. [Oleg Mitrofanov] o [NSE] Added an update for http-methods that checks all possible methods not in Allow or Public header of OPTIONS response. [Gyanendra Mishra] o [NSE] Added SLAXML, an XML parser in Lua originally written by Gavin Kistner (a.k.a. Phrogz). [Gyanendra Mishra] o [NSE] [GH#122] Update the snmp-brute and other snmp-* scripts to use the creds library to store brute-forced snmp community strings. This allows Nmap to use the correct brute-forced string for each host. [Gioacchino Mazzurco] o Several improvements to TLS/SSL detection in nmap-service-probes. A new probe, TLSSessionReq, and improvements to default SSL ports should help speed up -sV scans. http://seclists.org/nmap-dev/2015/q2/17 [Daniel Miller] o [Nsock] Clean up the API so that nsp_* calls are now nsock_pool_* and nsi_* are nsock_iod_*. Simplify Nsock SSL init API, and make logging global to the library instead of associated with a nspool. [Henri Doreau] o [GH#181] The configure script now prints a summary of configured options. Most importantly, it warns if OpenSSL was not found, since most users will want this library compiled in. [Gioacchino Mazzurco] o Define TCP Options for SYN scan in nmap.h instead of literally throughout. This string is used by p0f and other IDS to detect Nmap scans, so having it a compile-time option is a step towards better evasion. [Daniel Miller] o [GH#51] Nmap's parallel reverse-DNS resolver now handles IPv6 addresses. This should result in faster -6 scans. The old behavior is available with --system-dns. [Gioacchino Mazzurco] o [NSE] Fix a couple odd bugs in NSE command-line parsing. Most notably, --script broadcast-* will now work (generally, wildcards with scripts whose name begins with a category name were not working properly). [Daniel Miller] o [NSE] [GH#113] http-form-fuzzer will now stop increasing the size of a request when an HTTP 413 or 414 error indicates the web server will not accept a larger request. [Gioacchino Mazzurco] o [NSE] [GH#159] Add the ability to tag credentials in the creds library with freeform text for easy retrieval. This gives necessary granularity to track credentials to multiple web apps on a single host+port. [Gioacchino Mazzurco] Enjoy the new release! -Fyodor _______________________________________________ Sent through the announce mailing list https://nmap.org/mailman/listinfo/announce Archived at http://seclists.org/nmap-hackers/ By Date By Thread Current thread: Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more! Fyodor (Nov 03)