non port: security/nmap/distinfo |
Number of commits found: 87 |
Sunday, 21 May 2023
|
22:13 Cy Schubert (cy)
security/nmap: Update 7.93 --> 7.94
226aaca |
Wednesday, 28 Sep 2022
|
15:54 Cy Schubert (cy)
security/nmap: Update to 7.93
PR: 266623
Reported by: takefu@airport.fm
e5274f9 |
Sunday, 11 Oct 2020
|
11:45 ohauer
- update to 7.91
|
Monday, 5 Oct 2020
|
11:04 ohauer
- update to 7.90
Relnotes: https://nmap.org/changelog#7.90
|
Monday, 30 Dec 2019
|
12:38 woodsb02
security/nmap: Update to 7.80
- Remove local patches incorporated upstream.
- Add patches to add missing libibverbs dependency when linking
libpcap statically (required to allow build on FreeBSD >= 12.0).
(See similar fix applied to port net-mgmt/dhcdrop in r499639).
Changes this release:
https://seclists.org/nmap-announce/2019/0
Approved by: ohauer (maintainer timeout)
Differential Revision: https://reviews.freebsd.org/D22730
|
Saturday, 31 Mar 2018
|
22:22 ohauer
- update to 7.70
- add option for bundled libssh2
- add option for bundled libpcap
- add upstream patch for arp-ioctl.c
- change URL's from http to https
PR: 221522
Submitted by: lightside
|
Tuesday, 30 Jan 2018
|
21:02 ohauer
- update to 7.60
- regenerate patches with makepatch
PR: ports/221522
|
Wednesday, 21 Dec 2016
|
12:32 ohauer
- update to 7.40
- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library improvements
Full Changelog:
https://nmap.org/changelog.html
|
Friday, 21 Oct 2016
|
18:08 ohauer
- update to 7.31
Nmap 7.31 [2016-10-20]
o Fixed the way Nmap handles scanning names that resolve to the same IP. Due to
changes in 7.30, the IP was only being scanned once, with bogus results
displayed for the other names. The previous behavior is now restored.
[Tudor Emil Coman]
o [GH#350] Fix an assertion failure due to floating point error in equality
comparison, which triggered mainly on OpenBSD:
assertion "diff <= interval" failed: file "timing.cc", line 440
This was reported earlier as [GH#472] but the assertion fixed there was a
different one. [David Carlier]
o [Zenmap] Fix a crash in the About page in the Spanish translation due to a
missing format specifier:
File "zenmapGUI\About.pyo", line 217, in __init__
TypeError: not all arguments converted during string formatting
[Daniel Miller]
o [Zenmap][GH#556] Better visual indication that display of hostname is tied to
address in the Topology page. You can show numeric addresses with hostnames
or without, but you can't show hostnames without numeric addresses when they
are not available. [Daniel Miller]
o To increase the number of IPv6 fingerprint submissions, a prompt for
submission will be shown with some random chance for successful matches of OS
classes that are based on only a few submissions. Previously, only
unsuccessful matches produced such a prompt. [Daniel Miller]
MFH: 2016Q4
|
Thursday, 29 Sep 2016
|
22:21 ohauer
- update to 7.30
Changelog:
https://nmap.org/changelog.html
|
Friday, 2 Sep 2016
|
16:06 ohauer
- update nmap to 7.25BETA2
Full Changelog: https://nmap.org/changelog.html
Changelog (very shortened):
Nmap 7.25BETA2 [2016-09-01]
- [NSE] Upgraded NSE to Lua 5.3
- [NSE] Added 2 NSE scripts, bringing the total up to 534!
- Add 587 new fingerprints
- [NSE] Fix a crash when parsing TLS certificates
- [NSE][GH#531] Fix two issues in sslcert.lua
- [NSE][GH#234] Added a --script-timeout option for limiting run time
- [Ncat][GH#444] Added a -z option to Ncat
- [NSE] ssl-enum-ciphers now warn about 64-bit block ciphers in CBC mode
- [NSE][GH#117] Improve tftp-enum
- [GH#472] Avoid an unnecessary assert failure in timing.cc
- [NSE][GH#519] Removed the obsolete script ip-geolocation-geobytes
- [NSE] refresh of almost all fingerprints for script http-default-accounts
- [GH#98] Added support for decoys in IPv6
- Various performance improvements for large-scale high-rate scanning
- [GH#439] Nmap now supports OpenSSL 1.1.0-pre5 and previous versions
- [Ncat] Fix a crash when --exec was used with --ssl and --max-conns
- Improve FTP Bounce scan
- [GH#140] Allow target DNS names up to 254 bytes
- [NSE] Allow bigger hard limit on number of concurrently running scripts
- [NSE] Added the datetime library
- [GH#103][GH#364] Made Nmap's parallel reverse DNS resolver more robust
|
Sunday, 17 Jul 2016
|
09:16 ohauer
- update to 7.25BETA1
- s/USE=OPENSSL/USES=ssl/
Some highlighs from the Changelog:
Nmap 7.25BETA1 [2016-07-13]
o [NSE] Added 6 NSE scripts, from 5 authors, bringing the total up to 533!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
+ clamav-exec detects ClamAV servers vulnerable to unauthorized clamav
command execution. [Paulino Calderon]
+ http-aspnet-debug detects ASP.NET applications with debugging enabled.
[Josh Amishav-Zlatin]
+ http-internal-ip-disclosure determines if the web server leaks its internal
IP address when sending an HTTP/1.0 request without a Host header. [Josh
Amishav-Zlatin]
+ [GH#304] http-mcmp detects mod_cluster Management Protocol (MCMP) and dumps
its configuration. [Frank Spierings]
+ [GH#365] sslv2-drown detects vulnerability to the DROWN attack, including
CVE-2016-0703 and CVE-2016-0704 that enable fast attacks on OpenSSL.
[Bertrand Bonnefoy-Claudet]
+ vnc-title logs in to VNC servers and grabs the desktop title, geometry, and
color depth. [Daniel Miller]
o Integrated all of your IPv4 OS fingerprint submissions from January
to April (539 of them). Added 98 fingerprints, bringing the new total
to 5187. Additions include Linux 4.4, Android 6.0, Windows Server
2016, and more. [Dan Miller]
o Integrated all 31 of your IPv6 OS fingerprint submissions from January to
June. The classifier added 2 groups and expanded several others. Several
Apple OS X groups were consolidated, reducing the total number of groups to
93. [Daniel Miller]
|
Wednesday, 30 Mar 2016
|
04:18 ohauer
Nmap 7.12 [2016-03-29]
o [NSE] VNC updates including vnc-brute support for TLS security type and
negotiating a lower RFB version if the server sends an unknown higher
version. [Daniel Miller]
o [NSE] Added STARTTLS support for VNC, NNTP, and LMTP [Daniel Miller]
o Added new service probes and match lines for OpenVPN on UDP and TCP.
|
Tuesday, 22 Mar 2016
|
20:02 ohauer
- update to 7.11
Changes:
o [NSE][GH#341] Added support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on servers that
only support custom Diffie-Hellman groups. [Sergey Khegay]
o [NSE] Added support in sslcert.lua for Microsoft SQL Server's TDS protocol,
so you can now grab certs with ssl-cert or check ciphers with
ssl-enum-ciphers. [Daniel Miller]
|
Thursday, 17 Mar 2016
|
21:29 ohauer
- upate to version 7.10
- remove support for custom IPv4 only kernel [1]
Short summary:
- 12 new NSE scripts
- hundreds of new OS/version fingerprints
- dozens if smaller improvements and bug fixes
Full Changelog:
https://nmap.org/changelog.html
[1] nmap does no longer build agains custom kernel without IPv6!
|
Sunday, 13 Dec 2015
|
15:49 ohauer
- update to 7.01
FreeBSD related changes:
========================
Nmap 7.01 [2015-12-09]
o [NSE] [GH#254] Update the TLSSessionRequest probe in ssl-enum-ciphers to
match the one in nmap-service-probes, which was fixed previously to correct a
length calculation error. [Daniel Miller]
o [NSE] [GH#251] Correct false positives and unexpected behavior in http-*
scripts which used http.identify_404 to determine when a file was not found
on the target. The function was following redirects, which could be an
indication of a soft-404 response. [Tom Sellers]
o [NSE] [GH#241] Fix a false-positive in hnap-info when the target responds
with 200 OK to any request. [Tom Sellers]
o [NSE] [GH#244] Fix an error response in xmlrpc-methods when run against a
non-HTTP service. The expected behavior is no output. [Niklaus Schiess]
o [NSE] Fix SSN validation function in http-grep, reported by Bruce Barnett.
|
Friday, 20 Nov 2015
|
06:32 ohauer
- update to version 7.00
Changelog:
Nmap 7.00 [2015-11-19]
o This is the most important release since Nmap 6.00 back in May 2012!
For a list of the most significant improvements and new features,
see the announcement at: https://nmap.org/7
o [NSE] Added 6 NSE scripts from 6 authors, bringing the total up to 515!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
+ targets-xml extracts target addresses from previous Nmap XML results files.
[Daniel Miller]
+ [GH#232] ssl-dh-params checks for problems with weak, non-safe, and
export-grade Diffie-Hellman parameters in TLS handshakes. This includes the
LOGJAM vulnerability (CVE-2015-4000). [Jacob Gajek]
+ nje-node-brute does brute-forcing of z/OS JES Network Job Entry node names.
[Soldier of Fortran]
+ ip-https-discover detectings support for Microsoft's IP over HTTPS
tunneling protocol. [Niklaus Schiess]
+ [GH#165] broadcast-sonicwall-discover detects and extracts information from
SonicWall firewalls. [Raphael Hoegger]
+ [GH#38] http-vuln-cve2014-8877 checks for and optionally exploits a
vulnerability in CM Download Manager plugin for Wordpress. [Mariusz Ziulek]
o [Ncat] [GH#151] [GH#142] New option --no-shutdown prevents Ncat from shutting
down when it reads EOF on stdin. This is the same as traditional netcat's
"-d" option. [Adam Saponara]
o [NSE] [GH#229] Improve parsing in http.lua for multiple Set-Cookie headers in
a single response. [nnposter]
|
Wednesday, 4 Nov 2015
|
17:30 ohauer
- update to 6.49BETA6
- use new OPTIONS targes
Parts from Changelog [1]
==========================
Nmap 6.49BETA6
o Integrated all of your IPv6 OS fingerprint submissions from April to October
(only 9 of them!). We are steadily improving the IPv6 database, but we need
your submissions. The classifier added 3 new groups, bringing the new total
to 93. Highlights: http://seclists.org/nmap-dev/2015/q4/61 [Daniel Miller]
o Integrated all of your IPv4 OS fingerprint submissions from February to
October (1065 of them). Added 219 fingerprints, bringing the new total to
4985. Additions include Linux 4.1, Windows 10, OS X 10.11, iOS 9, FreeBSD
11.0, Android 5.1, and more. Highlights:
http://seclists.org/nmap-dev/2015/q4/60 [Daniel Miller]
o Integrated all of your service/version detection fingerprints submitted from
February to October (800+ of them). The signature count went up 2.5% to
10293. We now detect 1089 protocols, from afp, bitcoin, and caldav to
xml-rpc, yiff, and zebra. Highlights: http://seclists.org/nmap-dev/2015/q4/62
[Daniel Miller]
o [NSE] Added 10 NSE scripts from 5 authors, bringing the total up to 509!
They are all listed at http://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
...
[1] https://nmap.org/changelog.html
|
Sunday, 27 Sep 2015
|
10:32 ohauer
- update to 6.49BETA5
- use DOCS instead PORTDOCS
- remove gcc workaround [1]
- (hopefully) use the correct __FreeBSD_version for SOCK_RAW
Changelog:
https://nmap.org/changelog.html
PR: 196065 [1]
PR: 200558 [2]
PR: 202139 [3]
Submitted by: sbruno@ , mikael.urankar@gmail.com [1]
Submitted by: truckman@ [2]
Submitted by: trasz@ [3]
|
Saturday, 23 Aug 2014
|
12:29 ohauer
- update to 6.4.7
- add CPE entry
- sort pkg-plist
Changelog (entries related to the command line tools)
Nmap 6.47 [2014-08-20]
o Integrated all of your IPv4 OS fingerprint submissions since June 2013
(2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
Highlights: http://seclists.org/nmap-dev/2014/q3/325 [Daniel Miller]
o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
was added in 6.45, and resulted in trouble for Nmap XML parsers without
network access, as well as increased traffic to Nmap's servers. The doctype
is now:
<!DOCTYPE nmaprun>
o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
being written in the wrong place, so authentication could not succeed.
Reported with patch by Pierluigi Vittori.
o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
this to the string "(null)", but it caused segfault on Solaris. [Daniel
Miller]
o Handle ICMP admin-prohibited messages when doing service version detection.
Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
callback. Error code: 101 (Network is unreachable) [David Fifield]
o [NSE] Fix a bug causing http.head to not honor redirects. [Patrik Karlsson]
MFH: 2014Q3
|
Friday, 18 Apr 2014
|
08:05 ohauer
Nmap 6.46 [2014-04-18]
o [NSE] Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability.
o [Zenmap] Fixed a bug which caused this crash message:
IOError: [Errno socket error] [Errno 10060] A connection attempt failed
because the connected party did not properly respond after a period of
time, or established connection failed because connected host has
failed to
respond
The bug was caused by us adding a DOCTYPE definition to Nmap's XML
output which caused Python's XML parser to try and fetch the DTD
every time it parses an XML file. We now override that DTD-fetching
behavior. [Daniel Miller]
o [NSE] Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
(http://seclists.org/nmap-dev/2014/q2/120) [Patrik Karlsson]
o [NSE] Improved performance of citrixlua library when handling large XML
responses containing application lists. [Tom Sellers]
|
Tuesday, 15 Apr 2014
|
12:12 ohauer
- update to nmap-6.45
Changelog:
http://nmap.org/changelog.html
Most of the changes of version 6.45 where already
adopted in the last port version
|
Friday, 11 Apr 2014
|
04:52 ohauer
- update nmap nselib and scripts to upstream revision r32810
The update includes a working script to detect whether a server
is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160)
http://nmap.org/nsedoc/scripts/ssl-heartbleed.html
MFH: 2014Q2
|
Wednesday, 21 Aug 2013
|
04:57 ohauer
- update to 6.4.0
- remove patches for EOL FreeBSD releases
- convert to OPTIONS
Changelog:
http://nmap.org/changelog.html
|
Sunday, 6 Jan 2013
|
18:42 ohauer
- update nmap to version 6.25
- fix build with clang and stdlib=libc++ [1]
Nmap 6.25 [2012-11-29]
o [NSE] Added CPE to smb-os-discovery output.
o [Ncat] Fixed the printing of warning messages for large arguments to
the -i and -w options. [Michal Hlavinka]
o [Ncat] Shut down the write part of connected sockets in listen mode
when stdin hits EOF, just as was already done in connect mode.
[Michal Hlavinka]
o [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube. [Jesper Kuckelhahn]
o Added some new checks for failed library calls. [Bill Parker]
PR: 172358
174817
Submitted by: arrowdodger <6yearold@gmail.com> [1]
Anders N. <wicked@baot.se> (general update request)
|
Sunday, 24 Jun 2012
|
15:54 ohauer
- update nmap to version 6.0.1
Announcement: http://seclists.org/nmap-hackers/2012/3
Changelog: http://nmap.org/changelog.html
Some relevant changes in 6.01:
o Fixed a bug that caused Nmap to fail to find any network interface when
at least one of them is in the monitor mode. The fix was to define the
ARP_HRD_IEEE80211_RADIOTAP 802.11 radiotap header identifier in the
libdnet-stripped code. Network interfaces that are in this mode are used
by radiotap for 802.11 frame injection and reception. The bug was
reported by Tom Eichstaedt and Henri Doreau.
http://seclists.org/nmap-dev/2012/q2/449
http://seclists.org/nmap-dev/2012/q2/478
[Djalal Harouni, Henri Doreau]
o Fixed the greppable output of hosts that time-out (when --host-timeout was
used and the host timed-out after something was received from that host).
This issue was reported by Matthew Morgan. [jah]
|
Thursday, 24 May 2012
|
16:30 ohauer
- update to version 6.00
Changelog:
==========
Nmap 6.00
o Most important release since Nmap 5.00 in July 2009! For a list of
the most significant improvements and new features, see the
announcement at: http://nmap.org/6
o In XML output, <osclass> elements are now child elements of the
<osmatch> they belong to. Old output was thus:
<os><osclass/><osclass/>...<osmatch/><osmatch/>...</os>
New output is:
<os><osmatch><osclass/><osclass/>...</osmatch>...</os>
The option --deprecated-xml-osclass restores the old output, in case
you use an Nmap XML parser that doesn't understand the new
structure. The xmloutputversion has been increased to 1.04.
o Added a new <target> element to XML output that indicates when a
target specification was ignored, perhaps because of a syntax error
or DNS failure. It looks like this:
<target specification="1.2.3.4.5" status="skipped" reason="invalid"/>
[David Fifield]
o [NSE] Added the script samba-vuln-cve-2012-1182 which detects the
SAMBA pre-auth remote root vulnerability (CVE-2012-1182).
[Aleksandar Nikolic]
o [NSE] Added http-vuln-cve2012-1823.nse, which checks for PHP CGI
installations with a remote code execution vulnerability. [Paulino
Calderon]
o [NSE] Added script targets-ipv6-mld that sends a malformed ICMP6 MLD Query
to discover IPv6 enabled hosts on the LAN. [Niteesh Kumar]
o [NSE] Added rdp-vuln-ms12-020.nse by Aleksandar Nikolic. This tests
for two Remote Desktop vulnerabilities, including one allowing
remote code execution, that were fixed in the MS12-020 advisory.
o [NSE] Added a stun library and the scripts stun-version and stun-info, which
extract version information and the external NAT:ed address.
[Patrik Karlsson]
o [NSE] Added the script duplicates which attempts to determine duplicate
hosts by analyzing information collected by other scripts. [Patrik Karlsson]
o Fixed the routing table loop on OS X so that on-link routes appear.
Previously, they were ignored so that things like ARP scan didn't
work. [Patrik Karlsson, David Fifield]
o Upgraded included libpcap to version 1.2.1.
o [NSE] Added ciphers from RFC 5932 and Fortezza-based ciphers to
ssl-enum-ciphers.nse. The patch was submitted by Darren McDonald.
o [NSE] Renamed hostmap.nse to hostmap-bfk.nse.
o Fixed a compilation problem on Solaris 9 caused by a missing
definition of IPV6_V6ONLY. Reported by Dagobert Michelsen.
o Setting --min-parallelism by itself no longer forces the maximum
parallelism to the same value. [Chris Woodbury, David Fifield]
o Changed XML output to show the "service" element whenever a tunnel
is discovered for a port, even if the service behind it was unknown.
[Matt Foster]
o [Zenmap] Fixed a crash that would happen in the profile editor when
the script.db file doesn't exist. The bug was reported by Daniel
Miller.
o [Zenmap] It is now possible to compare scans having the same name or
command line parameters. [Jah, David Fifield]
o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
"Unexpected probespec2ascii type encountered" [David Fifield]
o [NSE] Added new script http-chrono, which measures min, max and average
response times of web servers. [Ange Gutek]
o Applied a workaround to make pcap captures work better on Solaris
10. This involves peeking at the pcap buffer to ensure that captures
are not being lost. A symptom of the previous behavior was that,
when doing ARP host discovery against two targets, only one would be
reported as up. [David Fifield]
o Fixed a bug that could cause Nsock timers to fire too early. This
could happen for the timed probes in IPv6 OS detection, causing an
incorrect measurement of the TCP_ISR feature. [David Fifield]
o [Zenmap] We now build on Windows with a newer version of PyGTK, so
copy and paste should work again.
o Changed the way timeout calculations are made in the IPv6 OS engine.
In rare cases a certain interleaving of probes and responses would
result in an assertion failure.
|
Saturday, 10 Mar 2012
|
12:31 ohauer
- update to version 5.61TEST5
small snippet from changelog:
http://nmap.org/changelog.html
o Integrated all of your IPv4 OS fingerprint submissions since June 2011 (about
1,900 of them)
Added about 256 new fingerprints (total 3,572)
o Integrated all of your service/version detection fingerprints submitted since
November 2010
(signature count increased to 7,423)
o Integrated your latest IPv6 OS submissions and corrections
o [NSE] Added 43(!) NSE scripts, bringing the total up to 340
o [NSE] Added 14 new protocol libraries
o [CPE] (Common Platform Enumeration) OS classification is now supported for
IPv6 OS detection
o Added a new --script-args-file option
o [NSE] Added support for decoding EIGRP broadcasts from Cisco routers to
broadcast-listener
o [NSE] Added redirect support to the http library
o Update to the latest MAC address prefix assignments from IEEE as of March 8,
2012
Test builds sponsored by redports.org
Feature safe: yes
|
Wednesday, 4 Jan 2012
|
16:47 ohauer
- update to 5.61TEST4
For detailed Changes see http://nmap.org/changelog.html
(List is simply to long ...)
Some highlights
* [NSE] Added a new httpspider library which is used for recursively
crawling web sites for information. New scripts using this
functionality include http-backup-finder, http-email-harvest,
http-grep, http-open-redirect, and http-unsafe-output-escaping. See
http://nmap.org/nsedoc/ or the list later in this file for details
on these.
* [NSE] Added a vulnerability management library (vulns.lua) to store and to
report discovered vulnerabilities.
* [NSE] Added a new script force feature. You can force scripts to
run against target ports (even if the "wrong" service is detected)
by placing a plus in front of the script name passed to --script.
See http://nmap.org/book/nse-usage.html#nse-script-selection.
* [NSE] Added 51(!) NSE scripts, bringing the total up to 297.
Build tests sponsored by redports.org
|
Tuesday, 4 Oct 2011
|
17:17 ohauer
- update to version 5.61TEST2
- add workaround for system build with WITHOUT_INET6 [1]
Thanks to Kim Scarborough for sharing the libpcap workaround
PR: ports/159376 [1]
Submitted by: Alexander Panyushkin [1]
|
Friday, 23 Sep 2011
|
20:29 ohauer
- update to 5.61TEST1
Here is the (partial) CHANGELOG since 5.59BETA1:
Nmap 5.61TEST1 [2011-09-19]
o The changelog entries below for this test release are not yet
finished or comprehensive. We'll update them soon.
o [Ncat] Updated ca-bundle.crt (primarily to remove DigiNotar).
o Fixed compilation on OS X 10.7 Lion. Thanks to Patrik Karlsson and
Babak Farroki for researching fixes.
o [NSE] Fixed SSL compressor names in ssl-enum-ciphers.nse, and
removed redundant multiple listings of the NULL compressor.
[Matt Selsky]
o [NSE] Added cipher strength ratings to ssl-enum-ciphers.nse.
[Gabriel Lawrence]
o Added Common Platform Enumeration (CPE, http://cpe.mitre.org/)
output for OS and service versions. These show up in normal output
with the headings "OS CPE:" and "Service Info:":
OS CPE: cpe:/o:linux:kernel:2.6.39
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
These also appear in XML output, which additionally has CPE entries
for service versions. [David, Henri]
o [NSE] Added new default credential list for Oracle and modified the
oracle-brute script to make use of it. [Patrik]
o [NSE] Added xmpp-info.nse as a replacement for xmpp.nse. This updated version
brings new features and fixes. [Vasiliy Kulikov]
o Fixed RPC scan for 64-bit architectures by using fixed-size data
types. [David]
o Relaxed the XML DTD to allow validation of files where the verbosity
level changed during the scan. [Daniel Miller]
o Made a service confidence of 8 (used when tcpwrapped) and indeed any
number between 0 and 10 be legal in XML output according to the DTD.
[Daniel Miller]
o [NSE] Added three scripts that do host discovery on local IPv6
subnets. Each of them uses a different multicast technique, meaning
that even very large networks have host discovery done without
needing to probe every address individually.
+ targets-multicast-ipv6-echo: Sends a multicast echo request, like
broadcast-ping does for IPv4.
+ targets-multicast-ipv6-invalid-dst: Sends an invalid packet that
can elicit an ICMPv6 Parameter Problem response.
+ targets-multicast-ipv6-slaac: Sends a phony router advertisement,
which causes hosts to allocate a temporary address and then send a
packet to discover if anyone else is using the address.
[Weilin, David]
o [NSE] Added functions to packet.lua to make it easier to build IPv6
packets. [Weilin]
o [NSE] Added new script http-vuln-cve2011-3192 which checks whether an instance
of Apache is vulnerable to a DoS attack exploiting the byterange filter.
[Duarte Silva].
o [NSE] Fixed authentication problems in the TNS library that would prevent
authentication from working against Oracle 11.2.0.2.0 XE [Chris Woodbury]
o Removed some restrictions on probe matching that, for example,
prevented a RST/ACK reply from being recognized in a NULL scan. This
was found and fixed by Matthew Stickney and Joe McEachern.
o Rearranged some characters classes in service matches to avoid any
that look like POSIX collating symbols ("[.xyz.]"). John Hutchison
discovered this error caused by one of the match lines:
InitMatch: illegal regexp: POSIX collating elements are not supported
[Daniel Miller]
o [NSE] Added the address-info.nse script, which shows extra information about
IP addresses.
o [NSE] Added scripts http-joomla-brute, http-wordpress-brute, http-wp-enum and
http-awstatstotal-exec. [Paulino]
o [Zenmap] Fixed zenmap deleting ports based on newer scans which did
not actually scan the port in question. Additionally ncat now only
updates ports with new information if the new information is the same
protocol. Not just the same port. [Colin Rice]
o [Ncat] Fixed ncat crashing with --ssl-verify -vvv on windows. [Colin Rice]
o [NSE] Added script http-waf-detect. This script tries to determine
if an IDS/IPS/WAF is protecting a web server. [Paulino]
o [NSE] Added the bittorrent library and bittorrent-discovery script which
enables us to discover peers and nodes for a particular torrent file or
magnet link.
o [NSE] Added basic query support to the Oracle TNS library making it possible
for scripts to query the database server using SQL. [Patrik]
o [Ncat] Added --append-output option, that when used along with -o and/or -x
prevents clobbering(truncating) an existing file. [Shinnok]
o [NSE] Added script broadcast-listener that attempts to discover hosts by
passively listening to the network. It does so by decoding ethernet and IP
broadcast and multicast messages. [Patrik]
o Fixed a bug that would make Nmap segfault if it failed to open an interface
using pcap. The bug details and patch are posted here:
http://seclists.org/nmap-dev/2011/q3/365 [Patrik]
o Ncat SCTP mode supports connection brokering now(--sctp --broker). [Shinnok]
o Nmap now defers options parsing until it has read through all the command line
arguments. You can now use options like -S with an IPv6 address before
specifying -6 at the command line, which previously got you an error.
[Shinnok]
o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs
brute force password auditing against XMPP (Jabber) servers. [Patrik]
o [NSE] Fixed a bug in the ssh2-enum-algos script that would prevent it from
displaying any output unless run in debug mode. [Patrik]
o [NSE] Fixed the nsedebug print_hex() function so it does not print an
empty line if there are no remaining characters, and improved its NSEDoc.
[Chris Woodbury].
o [NSE] Added the scripts http-axis2-dir-traversal and
http-litespeed-sourcecode-download that exploits a directory traversal and
null byte poisoning vulnerabilities in Apache Axis2 and LiteSpeed Web Server
respectively. [Paulino]
o [Ncat] Ncat now no longer blocks while an ssl handshake is taking place or
waiting to complete. [Shinnok]
o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover
message to the broadcast address and collects and reports the network
information received from the DHCP server. [Patrik]
o [NSE] Added the script smtp-brute that performs brute force password
auditing against SMTP servers. [Patrik]
o [NSE] Updated SMTP library to support authentication using both plain-text
and the SASL library. [Patrik]
o [NSE] Added the script imap-brute that performs brute force password
auditing against IMAP servers. [Patrik]
o [NSE] Updated IMAP library to support authentication using both plain-text
and the SASL library. [Patrik]
o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson
providing common code for "Simple Authentication and Security Layer" to
services supporting it. The algorithms supported by the library are:
PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]
o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs
library. The cvs-brute-repository script allows for guessing possible
repository names needed in order to perform password guessing using the
cvs-brute.nse script. [Patrik]
o [Zenmap] The Zenmap crash handler now instructs you to mail in crash
information to nmap-dev. [Colin Rice]
o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4
ARP scan. It is the default ping type for local IPv6 networks.
[Weilin]
o [NSE] Added smtp-vuln-cve2011-1764 script, which checks if the Exim
SMTP server is vulnerable to the DKIM Format String vulnerability
(CVE-2011-1764). [Djalal]
o Added the broadcast-ping script which sends icmp packets to broadcast
addresses on the selected network interface, or all ethernet interfaces if
none is selected. It has the option to add the discovered hosts as targets.
o [NSE] Applied patch from Chris Woodbury that adds the following additional
information to the output of smb-os-discovery:
+ Forest name
+ FQDN
+ NetBIOS computer name
+ NetBIOS domain name
o [Ncat] Ncat now supports IPV6 addresses by default without the -6 flag.
Additionally ncat listens on both :: and localhost when passed
-l, or any other listening mode unless a specific listening address is
supplied.
o [NSE] Split script db2-discover into two scripts, adding a new
broadcast-db2-discover script. This script attempts to discover DB2
database servers through broadcast requests. [Patrik Karlsson]
o Fixed broken XML output in the case of timed-out hosts; the
enclosing host element was missing. The fix was suggested by Rémi
Mollon.
o [NSE] Added ftp-vuln-cve2010-4221 script, which checks if the ProFTPD
server is vulnerable to the Telnet IAC stack overflow vulnerability
(CVE-2010-4221). [Djalal]
o [NSE] Added ftp-vsftpd-backdoor, which detects a backdoor that was introduced
into vsftpd-2.3.4 source code distributions. [Daniel Miller]
o [NSE] ldap-brute.nse - Multiple changes:
+ Added support for 2008 R2 functional level Active Directory instances
to ldap-brute.
+ Added detection for valid credentials where the target account was
expired or limited by time or login host constraints.
+ Added support for specifying a UPN suffix to be appended to usernames
when brute forcing Microsoft Active Directory accounts.
+ Added support for saving discovered credentials to a CSV file.
+ Now reports valid credentials as they are discovered when the script
is run with -vv or higher.
[Tom Sellers]
o [NSE] ldap-search.nse - Added support for saving search results to
CSV. This is done by using the ldap.savesearch script argument to
specify an output filename prefix. [Tom Sellers]
o [NSE] Updated smb-brute to add detection for valid credentials where the
target account was expired or limited by time or login host constraints.
[Tom Sellers]
o [NSE] Updated account status text in brute force password discovery
scripts in an effort to make the reporting more consistent across
all scripts. This will have an impact on any code that parses these
values. [Tom Sellers]
|
Friday, 1 Jul 2011
|
13:23 ohauer
- update to version 5.59BETA1
This version includes:
o 40 new NSE scripts (plus improvements to many others)
o even more IPv6 goodness than our informal World IPv6 Day release
o 7 new NSE protocol libraries
o hundreds of bug fixes
o and much more see http://seclists.org/nmap-hackers/2011/3
|
Sunday, 13 Feb 2011
|
19:36 ohauer
- update to version 5.51
Nmap 5.51 [2011-02-11]
o [Ndiff] Added support for prerule and postrule scripts. [David]
o [NSE] Fixed a bug which caused some NSE scripts to fail due to the
absence of the NSE SCRIPT_NAME environment variable when loaded.
Michael Pattrick reported the problem. [Djalal]
o [Zenmap] Selecting one of the scan targets in the left pane is
supposed to jump to that host in the Nmap Output in the right pane
(but it wasn't). Brian Krebs reported this bug. [David]
o Fixed an obscure bug in Windows interface matching. If the MAC
address of an interface couldn't be retrieved, it might have been
used instead of the correct interface. Alexander Khodyrev reported
the problem. [David]
o [NSE] Fixed portrules in dns-zone-transfer and ftp-proftpd-backdoor
that used shortport functions incorrectly and always returned
true. [Jost Krieger]
o [Ndiff] Fixed ndiff.dtd to include two elements that can be diffed:
status and address. [Daniel Miller]
o [Ndiff] Fixed the ordering of hostscript-related elements in XML
output. [Daniel Miller]
o [NSE] Fixed a bug in the nrpe-enum script that would make it run for
every port (when it was selected--it isn't by default). Daniel
Miller reported the bug. [Patrick]
o [NSE] When an NSE script sets a negative socket timeout, it now
causes a controlled Lua stack trace instead of a fatal error.
Vlatko Kosturjak reported the bug. [David]
o [Zenmap] Worked around an error that caused the py2app bootstrap
executable to be non-universal even when the rest of the application
was universal. This prevented the binary .dmg from working on
PowerPC. Yxynaxen reported the problem. [David]
o [Ndiff] Fixed an output line that wasn't being redirected to a file
when all other output was. [Daniel Miller]
|
Sunday, 30 Jan 2011
|
17:15 ohauer
- update to version 5.50
- always enable bpf in libdnet-stripped to support build in Jail [1]
Announcement and Changelog are very long and covered by last updates.
Announcement: http://seclists.org/nmap-hackers/2011/0
Changelog: http://nmap.org/changelog.html
PR: ports/154353 [1]
Submitted by: Mars G Miro <spry _at_ anarchy.in.the.ph> [1]
Feature safe: yes
|
Saturday, 22 Jan 2011
|
16:43 ohauer
- update nmap to version 5.36TEST4
Changelog: http://nmap.org/changelog.html
Feature safe: yes
|
Friday, 7 Jan 2011
|
20:51 ohauer
- update nmap to version 5.36TEST3
- remove dead mirror servers
Changelog: http://nmap.org/changelog.html
Mayjor changes are NSE script related, some highlihts:
o [NSE] Added stuxnet-detect.nse
o [NSE] Added the ftp-proftpd-backdoor.nse
and many more interesting NSE scripts.
|
Friday, 3 Sep 2010
|
21:16 ohauer
- update nmap to version 5.35DC1
- remove MD2 code from nse_openssl.cc (already removed in nmap svn)
- remove naming conflict if openssl-1.x is build with SCTP support
Approved by: glarkin (mentor)
|
Sunday, 31 Jan 2010
|
00:50 miwi
- Update to 5.21
PR: 143331
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
|
Thursday, 16 Jul 2009
|
22:17 miwi
- Update to 5.00
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
|
Sunday, 5 Jul 2009
|
22:24 miwi
- Update to 4.90RC1
PR: 136295
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
|
Monday, 13 Apr 2009
|
09:53 dhn
- Update to 4.85.b7
PR: ports/133547
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Approved by: miwi (mentor)
|
Wednesday, 24 Sep 2008
|
14:47 miwi
- Update to 4.76
PR: 127379
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
|
Sunday, 3 Aug 2008
|
16:09 miwi
- Update to 4.68
PR: 126211
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
|
Tuesday, 6 May 2008
|
13:26 miwi
- Update to 4.62
PR: 123401
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
|
Monday, 14 Apr 2008
|
00:53 clsung
- Update nmap to 4.60 and fix moved MASTER_SITES.
Also fixed portlint warnings about Makefile structure.
PR: ports/122728
Submitted by: maintainer (Daniel Roethlisberge)
|
Friday, 14 Mar 2008
|
21:30 miwi
- Update to 4.52
PR: 119673
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
|
Tuesday, 12 Dec 2006
|
20:32 miwi
- Update to 4.20
PR: ports/106567
Submitted by: Jose Fernandes<jose@diasfernandes.pt>
Approved by: maintainer
|
Saturday, 8 Jul 2006
|
05:32 clsung
- update to 4.11
PR: ports/99833
Submitted by: tjs <tjs_AT_cdpa dot nsysu dot edu dot tw>
Approved by: maintainer (Daniel Roethlisberger)
|
Sunday, 25 Jun 2006
|
19:04 erwin
Update to 4.10
PR: 99461
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
|
Friday, 10 Feb 2006
|
23:42 krion
Update to 4.01
PR: ports/93153
Submitted by: krion
Approved by: maintainer
|
Thursday, 2 Feb 2006
|
08:13 krion
Update to 4.00
PR: ports/92684
Submitted by: krion
Approved by: maintainer
|
Wednesday, 14 Dec 2005
|
08:46 barner
Update nmap and nmapfe to 3.95.
Notable upstream changes:
* new help/usage screen and man page
* new man page currently only available in en, pt_PT and pt_BR
* nmapfe is now a shiny GTK2 application
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
PR: ports/90371
|
Wednesday, 7 Dec 2005
|
09:52 tdb
- Add SHA256 checksum
PR: 90054
Submitted by: Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Approved by: clement (mentor)
|
Friday, 16 Sep 2005
|
11:05 garga
- Update to 3.93
PR: ports/86113
Submitted by: maintainer
|
Thursday, 8 Sep 2005
|
13:18 krion
Update to version 3.90
|
Saturday, 26 Feb 2005
|
15:39 krion
Update to version 3.81
PR: ports/77425
Submitted by: krion
Approved by: maintainer timeout
|
Tuesday, 30 Nov 2004
|
18:10 eik
update to version 3.77
|
Tuesday, 19 Oct 2004
|
16:04 eik
- update to version 3.75
+ updated OS fingerprint database
|
Wednesday, 13 Oct 2004
|
13:52 eik
- update to version 3.71-PRE1
|
Tuesday, 31 Aug 2004
|
20:41 eik
- update to version 3.70 (birthday edition, try the verbose mode)
|
Thursday, 26 Aug 2004
|
10:28 eik
support building nmap-3.59a5 WITH_PRERELEASE=yes
|
Wednesday, 7 Jul 2004
|
09:22 eik
- update to 3.55
/usr/local/share/doc/nmap/CHANGELOG
|
Monday, 5 Jul 2004
|
00:06 eik
update to 3.51-TEST4
|
Thursday, 17 Jun 2004
|
11:56 eik
- update to 3.51-TEST3
- fix bug when ranges cross interface boundaries [1]
Notified by: Alex Povolotsky <tarkhil@webmail.sub.ru>, Mike Benjamin
<mikeb@mikeb.org> [1]
|
Thursday, 18 Mar 2004
|
01:04 eik
SIZEify
Prompted by: trevor
|
Monday, 19 Jan 2004
|
22:31 eik
- update to version 3.50
Approved by: marcus (mentor)
|
Tuesday, 7 Oct 2003
|
22:31 edwin
[MAINTAINER] port security/nmap: update to version 3.48
- improved version detection
- integrates most FreeBSD fixes, thanks to
Marius Strobl <marius@alchemy.franken.de>
- install localized man pages
PR: ports/57646
Submitted by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
|
Thursday, 25 Sep 2003
|
16:19 leeym
update to nmap/nmapfe version 3.46
PR: 57196
Submitted by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
|
Tuesday, 1 Jul 2003
|
03:38 foxfair
PR: 53933
Submitted by: maintainer
1. Upgrade Nmap to 3.30, which released at Jun 29, 2003. Major enchancement is
OS fingerprints update. The fingerprint DB now contains almost 1000
fingerprints.
See ChangeLog at this link:
http://lists.insecure.org/lists/nmap-hackers/2003/Apr-Jun/0016.html
2. Renamed the patch files to be more descriptive.
|
Monday, 16 Jun 2003
|
04:43 leeym
nmap 3.27 -> 3.28
PR: 53351
Submitted by: Dominic Marks <dom@cus.org.uk>
|
Tuesday, 29 Apr 2003
|
22:04 adamw
Update to 3.27.
Submitted by: Marius Strobl <marius@alchemy.franken.de>
Reviewed by: Dominic Marks <dom@cus.org.uk> (maintainer)
|
Monday, 28 Apr 2003
|
18:28 adamw
Update to 3.26.
PR: 51459
Submitted by: Miguel Mendez <flynn@energyhq.es.eu.org>
Approved by: d.marks@student.umist.ac.uk (maintainer)
|
Tuesday, 22 Apr 2003
|
00:06 adamw
Update to 3.25.
PR: 51257
Submitted by: Dominic Marks <dom@cus.org.uk> (maintainer)
|
Friday, 11 Apr 2003
|
10:00 sumikawa
Upgrade to 3.20
PR: ports/49987
Submitted by: Dominic Marks <dom@cus.org.uk>
marius@alchemy.franken.de
|
Monday, 5 Aug 2002
|
20:57 pat
Update to 3.00
PR: ports/41330
Submitted by: maintainer
|
Tuesday, 21 May 2002
|
16:26 dwcjr
Update to the latest
PR: 38305
Submitted by: maintainer
|
Monday, 29 Apr 2002
|
06:33 obrien
Update to version 2.54 Beta 33.
|
Tuesday, 2 Apr 2002
|
19:49 obrien
Update to version 2.54 Beta 32.
|
Thursday, 21 Mar 2002
|
01:39 obrien
Update to version 2.54 Beta 31.
|
Wednesday, 7 Nov 2001
|
15:41 obrien
Update to version 2.54 Beta 30.
|
Friday, 10 Aug 2001
|
16:15 obrien
Update to version 2.54 Beta 29.
|
Sunday, 29 Jul 2001
|
05:37 obrien
Update to version 2.54 Beta 28.
|
Friday, 20 Jul 2001
|
19:27 obrien
Update to version 2.54 Beta 27.
|
Monday, 9 Jul 2001
|
13:22 obrien
Update to version 2.54 Beta 26.
|
Monday, 4 Jun 2001
|
16:27 obrien
Update to version 2.54 Beta 25.
|
Saturday, 2 Jun 2001
|
20:06 obrien
Upgrade to 2.54BETA24.
|
Tuesday, 20 Mar 2001
|
16:39 obrien
Update to version 2.54 Beta 22.
|
Number of commits found: 87 |