notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.
New feature planned: get notified when the package is available. Now is the time to contribute ideas/suggestions.
non port: security/nmap/distinfo

Number of commits found: 87

Sunday, 21 May 2023
22:13 Cy Schubert (cy) search for other commits by this committer
security/nmap: Update 7.93 --> 7.94
commit hash: 226aacabf562752b5d105856a9842279528d4505 commit hash: 226aacabf562752b5d105856a9842279528d4505 commit hash: 226aacabf562752b5d105856a9842279528d4505 commit hash: 226aacabf562752b5d105856a9842279528d4505 226aaca
Wednesday, 28 Sep 2022
15:54 Cy Schubert (cy) search for other commits by this committer
security/nmap: Update to 7.93

PR:		266623
Reported by:	takefu@airport.fm
commit hash: e5274f9c60037a3649382753b2370e6fea2e2b94 commit hash: e5274f9c60037a3649382753b2370e6fea2e2b94 commit hash: e5274f9c60037a3649382753b2370e6fea2e2b94 commit hash: e5274f9c60037a3649382753b2370e6fea2e2b94 e5274f9
Sunday, 11 Oct 2020
11:45 ohauer search for other commits by this committer
- update to 7.91
Original commitRevision:552053 
Monday, 5 Oct 2020
11:04 ohauer search for other commits by this committer
- update to 7.90

Relnotes:	https://nmap.org/changelog#7.90
Original commitRevision:551485 
Monday, 30 Dec 2019
12:38 woodsb02 search for other commits by this committer
security/nmap: Update to 7.80

- Remove local patches incorporated upstream.
- Add patches to add missing libibverbs dependency when linking
  libpcap statically (required to allow build on FreeBSD >= 12.0).
  (See similar fix applied to port net-mgmt/dhcdrop in r499639).

Changes this release:
  https://seclists.org/nmap-announce/2019/0

Approved by:	ohauer (maintainer timeout)
Differential Revision:	https://reviews.freebsd.org/D22730
Original commitRevision:521487 
Saturday, 31 Mar 2018
22:22 ohauer search for other commits by this committer
- update to 7.70
- add option for bundled libssh2
- add option for bundled libpcap
- add upstream patch for arp-ioctl.c
- change URL's from http to https

PR:		221522
Submitted by:	lightside
Original commitRevision:466083 
Tuesday, 30 Jan 2018
21:02 ohauer search for other commits by this committer
- update to 7.60
- regenerate patches with makepatch

PR:		ports/221522
Original commitRevision:460437 
Wednesday, 21 Dec 2016
12:32 ohauer search for other commits by this committer
- update to 7.40

 - 12 new NSE scripts
 - Hundreds of updated OS and version detection detection signatures
 - Faster brute force authentication cracking and other NSE library improvements

Full Changelog:
 https://nmap.org/changelog.html
Original commitRevision:429075 
Friday, 21 Oct 2016
18:08 ohauer search for other commits by this committer
- update to 7.31

Nmap 7.31 [2016-10-20]

o Fixed the way Nmap handles scanning names that resolve to the same IP. Due to
  changes in 7.30, the IP was only being scanned once, with bogus results
  displayed for the other names. The previous behavior is now restored.
  [Tudor Emil Coman]

o [GH#350] Fix an assertion failure due to floating point error in equality
  comparison, which triggered mainly on OpenBSD:
    assertion "diff <= interval" failed: file "timing.cc", line 440
  This was reported earlier as [GH#472] but the assertion fixed there was a
  different one. [David Carlier]

o [Zenmap] Fix a crash in the About page in the Spanish translation due to a
  missing format specifier:
    File "zenmapGUI\About.pyo", line 217, in __init__
    TypeError: not all arguments converted during string formatting
  [Daniel Miller]

o [Zenmap][GH#556] Better visual indication that display of hostname is tied to
  address in the Topology page. You can show numeric addresses with hostnames
  or without, but you can't show hostnames without numeric addresses when they
  are not available. [Daniel Miller]

o To increase the number of IPv6 fingerprint submissions, a prompt for
  submission will be shown with some random chance for successful matches of OS
  classes that are based on only a few submissions. Previously, only
  unsuccessful matches produced such a prompt. [Daniel Miller]

MFH:		2016Q4
Original commitRevision:424433 
Thursday, 29 Sep 2016
22:21 ohauer search for other commits by this committer
- update to 7.30

Changelog:
https://nmap.org/changelog.html
Original commitRevision:422952 
Friday, 2 Sep 2016
16:06 ohauer search for other commits by this committer
- update nmap to 7.25BETA2

Full Changelog: https://nmap.org/changelog.html

Changelog (very shortened):
Nmap 7.25BETA2 [2016-09-01]
 - [NSE] Upgraded NSE to Lua 5.3
 - [NSE] Added 2 NSE scripts, bringing the total up to 534!
 - Add 587 new fingerprints
 - [NSE] Fix a crash when parsing TLS certificates
 - [NSE][GH#531] Fix two issues in sslcert.lua
 - [NSE][GH#234] Added a --script-timeout option for limiting run time
 - [Ncat][GH#444] Added a -z option to Ncat
 - [NSE] ssl-enum-ciphers now warn about 64-bit block ciphers in CBC mode
 - [NSE][GH#117] Improve tftp-enum
 - [GH#472] Avoid an unnecessary assert failure in timing.cc
 - [NSE][GH#519] Removed the obsolete script ip-geolocation-geobytes
 - [NSE] refresh of almost all fingerprints for script http-default-accounts
 - [GH#98] Added support for decoys in IPv6
 - Various performance improvements for large-scale high-rate scanning
 - [GH#439] Nmap now supports OpenSSL 1.1.0-pre5 and previous versions
 - [Ncat] Fix a crash when --exec was used with --ssl and --max-conns
 - Improve FTP Bounce scan
 - [GH#140] Allow target DNS names up to 254 bytes
 - [NSE] Allow bigger hard limit on number of concurrently running scripts
 - [NSE] Added the datetime library
 - [GH#103][GH#364] Made Nmap's parallel reverse DNS resolver more robust
Original commitRevision:421269 
Sunday, 17 Jul 2016
09:16 ohauer search for other commits by this committer
- update to 7.25BETA1
- s/USE=OPENSSL/USES=ssl/

Some highlighs from the Changelog:

Nmap 7.25BETA1 [2016-07-13]
o [NSE] Added 6 NSE scripts, from 5 authors, bringing the total up to 533!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below
  (authors are listed in brackets):

  + clamav-exec detects ClamAV servers vulnerable to unauthorized clamav
    command execution. [Paulino Calderon]

  + http-aspnet-debug detects ASP.NET applications with debugging enabled.
    [Josh Amishav-Zlatin]

  + http-internal-ip-disclosure determines if the web server leaks its internal
    IP address when sending an HTTP/1.0 request without a Host header. [Josh
    Amishav-Zlatin]

  + [GH#304] http-mcmp detects mod_cluster Management Protocol (MCMP) and dumps
    its configuration. [Frank Spierings]

  + [GH#365] sslv2-drown detects vulnerability to the DROWN attack, including
    CVE-2016-0703 and CVE-2016-0704 that enable fast attacks on OpenSSL.
    [Bertrand Bonnefoy-Claudet]

  + vnc-title logs in to VNC servers and grabs the desktop title, geometry, and
    color depth. [Daniel Miller]

o Integrated all of your IPv4 OS fingerprint submissions from January
  to April (539 of them). Added 98 fingerprints, bringing the new total
  to 5187. Additions include Linux 4.4, Android 6.0, Windows Server
  2016, and more. [Dan Miller]

o Integrated all 31 of your IPv6 OS fingerprint submissions from January to
  June. The classifier added 2 groups and expanded several others. Several
  Apple OS X groups were consolidated, reducing the total number of groups to
  93. [Daniel Miller]
Original commitRevision:418661 
Wednesday, 30 Mar 2016
04:18 ohauer search for other commits by this committer
Nmap 7.12 [2016-03-29]
o [NSE] VNC updates including vnc-brute support for TLS security type and
  negotiating a lower RFB version if the server sends an unknown higher
  version.  [Daniel Miller]

o [NSE] Added STARTTLS support for VNC, NNTP, and LMTP [Daniel Miller]

o Added new service probes and match lines for OpenVPN on UDP and TCP.
Original commitRevision:412154 
Tuesday, 22 Mar 2016
20:02 ohauer search for other commits by this committer
- update to 7.11

Changes:
  o [NSE][GH#341] Added support for diffie-hellman-group-exchange-* SSH key
    exchange methods to ssh2.lua, allowing ssh-hostkey to run on servers that
    only support custom Diffie-Hellman groups. [Sergey Khegay]

  o [NSE] Added support in sslcert.lua for Microsoft SQL Server's TDS protocol,
    so you can now grab certs with ssl-cert or check ciphers with
    ssl-enum-ciphers.  [Daniel Miller]
Original commitRevision:411673 
Thursday, 17 Mar 2016
21:29 ohauer search for other commits by this committer
- upate to version 7.10
- remove support for custom IPv4 only kernel [1]

Short summary:
- 12 new NSE scripts
- hundreds of new OS/version fingerprints
- dozens if smaller improvements and bug fixes

Full Changelog:
 https://nmap.org/changelog.html

[1] nmap does no longer build agains custom kernel without IPv6!
Original commitRevision:411320 
Sunday, 13 Dec 2015
15:49 ohauer search for other commits by this committer
- update to 7.01

FreeBSD related changes:
========================
Nmap 7.01 [2015-12-09]

o [NSE] [GH#254] Update the TLSSessionRequest probe in ssl-enum-ciphers to
  match the one in nmap-service-probes, which was fixed previously to correct a
  length calculation error. [Daniel Miller]

o [NSE] [GH#251] Correct false positives and unexpected behavior in http-*
  scripts which used http.identify_404 to determine when a file was not found
  on the target. The function was following redirects, which could be an
  indication of a soft-404 response. [Tom Sellers]

o [NSE] [GH#241] Fix a false-positive in hnap-info when the target responds
  with 200 OK to any request. [Tom Sellers]

o [NSE] [GH#244] Fix an error response in xmlrpc-methods when run against a
  non-HTTP service. The expected behavior is no output. [Niklaus Schiess]

o [NSE] Fix SSN validation function in http-grep, reported by Bruce Barnett.
Original commitRevision:403675 
Friday, 20 Nov 2015
06:32 ohauer search for other commits by this committer
- update to version 7.00

Changelog:
Nmap 7.00 [2015-11-19]

o This is the most important release since Nmap 6.00 back in May 2012!
  For a list of the most significant improvements and new features,
  see the announcement at: https://nmap.org/7

o [NSE] Added 6 NSE scripts from 6 authors, bringing the total up to 515!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below
  (authors are listed in brackets):

  + targets-xml extracts target addresses from previous Nmap XML results files.
    [Daniel Miller]

  + [GH#232] ssl-dh-params checks for problems with weak, non-safe, and
    export-grade Diffie-Hellman parameters in TLS handshakes. This includes the
    LOGJAM vulnerability (CVE-2015-4000). [Jacob Gajek]

  + nje-node-brute does brute-forcing of z/OS JES Network Job Entry node names.
    [Soldier of Fortran]

  + ip-https-discover detectings support for Microsoft's IP over HTTPS
    tunneling protocol. [Niklaus Schiess]

  + [GH#165] broadcast-sonicwall-discover detects and extracts information from
    SonicWall firewalls. [Raphael Hoegger]

  + [GH#38] http-vuln-cve2014-8877 checks for and optionally exploits a
    vulnerability in CM Download Manager plugin for Wordpress. [Mariusz Ziulek]

o [Ncat] [GH#151] [GH#142] New option --no-shutdown prevents Ncat from shutting
  down when it reads EOF on stdin. This is the same as traditional netcat's
  "-d" option. [Adam Saponara]

o [NSE] [GH#229] Improve parsing in http.lua for multiple Set-Cookie headers in
  a single response.  [nnposter]
Original commitRevision:401988 
Wednesday, 4 Nov 2015
17:30 ohauer search for other commits by this committer
- update to 6.49BETA6
- use new OPTIONS targes

Parts from Changelog [1]
==========================
Nmap 6.49BETA6
o Integrated all of your IPv6 OS fingerprint submissions from April to October
  (only 9 of them!). We are steadily improving the IPv6 database, but we need
  your submissions. The classifier added 3 new groups, bringing the new total
  to 93. Highlights: http://seclists.org/nmap-dev/2015/q4/61 [Daniel Miller]

o Integrated all of your IPv4 OS fingerprint submissions from February to
  October (1065 of them). Added 219 fingerprints, bringing the new total to
  4985. Additions include Linux 4.1, Windows 10, OS X 10.11, iOS 9, FreeBSD
  11.0, Android 5.1, and more. Highlights:
  http://seclists.org/nmap-dev/2015/q4/60 [Daniel Miller]

o Integrated all of your service/version detection fingerprints submitted from
  February to October (800+ of them). The signature count went up 2.5% to
  10293. We now detect 1089 protocols, from afp, bitcoin, and caldav to
  xml-rpc, yiff, and zebra. Highlights: http://seclists.org/nmap-dev/2015/q4/62
  [Daniel Miller]

o [NSE] Added 10 NSE scripts from 5 authors, bringing the total up to 509!
  They are all listed at http://nmap.org/nsedoc/, and the summaries are below
  (authors are listed in brackets):

...

[1] https://nmap.org/changelog.html
Original commitRevision:400749 
Sunday, 27 Sep 2015
10:32 ohauer search for other commits by this committer
- update to 6.49BETA5
- use DOCS instead PORTDOCS
- remove gcc workaround [1]
- (hopefully) use the correct __FreeBSD_version for SOCK_RAW

Changelog:
https://nmap.org/changelog.html

PR:		196065 [1]
PR:		200558 [2]
PR:		202139 [3]

Submitted by:	sbruno@ , mikael.urankar@gmail.com [1]
Submitted by:	truckman@ [2]
Submitted by:	trasz@ [3]
Original commitRevision:398033 
Saturday, 23 Aug 2014
12:29 ohauer search for other commits by this committer
- update to 6.4.7
- add CPE entry
- sort pkg-plist

Changelog (entries related to the command line tools)

Nmap 6.47 [2014-08-20]

o Integrated all of your IPv4 OS fingerprint submissions since June 2013
  (2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
  Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
  OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
  Highlights: http://seclists.org/nmap-dev/2014/q3/325 [Daniel Miller]

o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
  was added in 6.45, and resulted in trouble for Nmap XML parsers without
  network access, as well as increased traffic to Nmap's servers. The doctype
  is now:
  <!DOCTYPE nmaprun>

o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
  being written in the wrong place, so authentication could not succeed.
  Reported with patch by Pierluigi Vittori.

o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
  this to the string "(null)", but it caused segfault on Solaris. [Daniel
Miller]

o Handle ICMP admin-prohibited messages when doing service version detection.
  Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
  callback.  Error code: 101 (Network is unreachable) [David Fifield]

o [NSE] Fix a bug causing http.head to not honor redirects. [Patrik Karlsson]

MFH:		2014Q3
Original commitRevision:365724 
Friday, 18 Apr 2014
08:05 ohauer search for other commits by this committer
Nmap 6.46 [2014-04-18]

o [NSE] Made numerous improvements to ssl-heartbleed to provide
  more reliable detection of the vulnerability.

o [Zenmap] Fixed a bug which caused this crash message:
     IOError: [Errno socket error] [Errno 10060] A connection attempt failed
     because the connected party did not properly respond after a period of
     time, or established connection failed because connected host has
     failed to
     respond
  The bug was caused by us adding a DOCTYPE definition to Nmap's XML
  output which caused Python's XML parser to try and fetch the DTD
  every time it parses an XML file.  We now override that DTD-fetching
  behavior. [Daniel Miller]

o [NSE] Fix some bugs which could cause snmp-ios-config and
  snmp-sysdescr scripts to crash
  (http://seclists.org/nmap-dev/2014/q2/120) [Patrik Karlsson]

o [NSE] Improved performance of citrixlua library when handling large XML
  responses containing application lists. [Tom Sellers]
Original commitRevision:351520 
Tuesday, 15 Apr 2014
12:12 ohauer search for other commits by this committer
- update to nmap-6.45

Changelog:
http://nmap.org/changelog.html

Most of the changes of version 6.45 where already
adopted in the last port version
Original commitRevision:351324 
Friday, 11 Apr 2014
04:52 ohauer search for other commits by this committer
- update nmap nselib and scripts to upstream revision r32810

  The update includes a working script to detect whether a server
  is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160)

  http://nmap.org/nsedoc/scripts/ssl-heartbleed.html

MFH: 2014Q2
Original commitRevision:350889 
Wednesday, 21 Aug 2013
04:57 ohauer search for other commits by this committer
- update to 6.4.0
- remove patches for EOL FreeBSD releases
- convert to OPTIONS

Changelog:
http://nmap.org/changelog.html
Original commitRevision:325091 
Sunday, 6 Jan 2013
18:42 ohauer search for other commits by this committer
- update nmap to version 6.25
- fix build with clang and stdlib=libc++ [1]

Nmap 6.25 [2012-11-29]
o [NSE]	Added CPE to smb-os-discovery output.

o [Ncat] Fixed the printing of warning messages	for large arguments to
  the -i and -w	options. [Michal Hlavinka]

o [Ncat] Shut down the write part of connected sockets in listen mode
  when stdin hits EOF, just as was already done	in connect mode.
  [Michal Hlavinka]

o [NSE]	Added new fingerprints for http-enum: Sitecore,	Moodle,	typo3,
  SquirrelMail,	RoundCube. [Jesper Kuckelhahn]

o Added	some new checks	for failed library calls. [Bill	Parker]

PR:		172358
		174817

Submitted by:	arrowdodger <6yearold@gmail.com> [1]
		Anders N. <wicked@baot.se> (general update request)
Original commitRevision:310010 
Sunday, 24 Jun 2012
15:54 ohauer search for other commits by this committer
- update nmap to version 6.0.1

Announcement: http://seclists.org/nmap-hackers/2012/3
Changelog:    http://nmap.org/changelog.html

Some relevant changes in 6.01:

o Fixed a bug that caused Nmap to fail to find any network interface when
  at least one of them is in the monitor mode. The fix was to define the
  ARP_HRD_IEEE80211_RADIOTAP 802.11 radiotap header identifier in the
  libdnet-stripped code. Network interfaces that are in this mode are used
  by radiotap for 802.11 frame injection and reception. The bug was
  reported by Tom Eichstaedt and Henri Doreau.
  http://seclists.org/nmap-dev/2012/q2/449
  http://seclists.org/nmap-dev/2012/q2/478
  [Djalal Harouni, Henri Doreau]

o Fixed the greppable output of hosts that time-out (when --host-timeout was
  used and the host timed-out after something was received from that host).
  This issue was reported by Matthew Morgan. [jah]
Original commit
Thursday, 24 May 2012
16:30 ohauer search for other commits by this committer
- update to version 6.00

Changelog:
==========
Nmap 6.00

o Most important release since Nmap 5.00 in July 2009! For a list of
  the most significant improvements and new features, see the
  announcement at: http://nmap.org/6

o In XML output, <osclass> elements are now child elements of the
  <osmatch> they belong to. Old output was thus:
    <os><osclass/><osclass/>...<osmatch/><osmatch/>...</os>
  New output is:
    <os><osmatch><osclass/><osclass/>...</osmatch>...</os>
  The option --deprecated-xml-osclass restores the old output, in case
  you use an Nmap XML parser that doesn't understand the new
  structure. The xmloutputversion has been increased to 1.04.

o Added a new <target> element to XML output that indicates when a
  target specification was ignored, perhaps because of a syntax error
  or DNS failure. It looks like this:
    <target specification="1.2.3.4.5" status="skipped" reason="invalid"/>
  [David Fifield]

o [NSE] Added the script samba-vuln-cve-2012-1182 which detects the
  SAMBA pre-auth remote root vulnerability (CVE-2012-1182).
  [Aleksandar Nikolic]

o [NSE] Added http-vuln-cve2012-1823.nse, which checks for PHP CGI
  installations with a remote code execution vulnerability. [Paulino
  Calderon]

o [NSE] Added script targets-ipv6-mld that sends a malformed ICMP6 MLD Query
  to discover IPv6 enabled hosts on the LAN. [Niteesh Kumar]

o [NSE] Added rdp-vuln-ms12-020.nse by Aleksandar Nikolic. This tests
  for two Remote Desktop vulnerabilities, including one allowing
  remote code execution, that were fixed in the MS12-020 advisory.

o [NSE] Added a stun library and the scripts stun-version and stun-info, which
  extract version information and the external NAT:ed address.
  [Patrik Karlsson]

o [NSE] Added the script duplicates which attempts to determine duplicate
  hosts by analyzing information collected by other scripts. [Patrik Karlsson]

o Fixed the routing table loop on OS X so that on-link routes appear.
  Previously, they were ignored so that things like ARP scan didn't
  work. [Patrik Karlsson, David Fifield]

o Upgraded included libpcap to version 1.2.1.

o [NSE] Added ciphers from RFC 5932 and Fortezza-based ciphers to
  ssl-enum-ciphers.nse. The patch was submitted by Darren McDonald.

o [NSE] Renamed hostmap.nse to hostmap-bfk.nse.

o Fixed a compilation problem on Solaris 9 caused by a missing
  definition of IPV6_V6ONLY. Reported by Dagobert Michelsen.

o Setting --min-parallelism by itself no longer forces the maximum
  parallelism to the same value. [Chris Woodbury, David Fifield]

o Changed XML output to show the "service" element whenever a tunnel
  is discovered for a port, even if the service behind it was unknown.
  [Matt Foster]

o [Zenmap] Fixed a crash that would happen in the profile editor when
  the script.db file doesn't exist. The bug was reported by Daniel
  Miller.

o [Zenmap] It is now possible to compare scans having the same name or
  command line parameters. [Jah, David Fifield]

o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
  "Unexpected probespec2ascii type encountered" [David Fifield]

o [NSE] Added new script http-chrono, which measures min, max and average
  response times of web servers. [Ange Gutek]

o Applied a workaround to make pcap captures work better on Solaris
  10. This involves peeking at the pcap buffer to ensure that captures
  are not being lost. A symptom of the previous behavior was that,
  when doing ARP host discovery against two targets, only one would be
  reported as up. [David Fifield]

o Fixed a bug that could cause Nsock timers to fire too early. This
  could happen for the timed probes in IPv6 OS detection, causing an
  incorrect measurement of the TCP_ISR feature. [David Fifield]

o [Zenmap] We now build on Windows with a newer version of PyGTK, so
  copy and paste should work again.

o Changed the way timeout calculations are made in the IPv6 OS engine.
  In rare cases a certain interleaving of probes and responses would
  result in an assertion failure.
Original commit
Saturday, 10 Mar 2012
12:31 ohauer search for other commits by this committer
- update to version 5.61TEST5

small snippet from changelog:
 http://nmap.org/changelog.html

 o Integrated all of your IPv4 OS fingerprint submissions since June 2011 (about
1,900 of them)
   Added about 256 new fingerprints (total 3,572)
 o Integrated all of your service/version detection fingerprints submitted since
November 2010
   (signature count increased to 7,423)
 o Integrated your latest IPv6 OS submissions and corrections
 o [NSE] Added 43(!) NSE scripts, bringing the total up to 340
 o [NSE] Added 14 new protocol libraries
 o [CPE] (Common Platform Enumeration) OS classification is now supported for
IPv6 OS detection
 o Added a new --script-args-file option
 o [NSE] Added support for decoding EIGRP broadcasts from Cisco routers to
broadcast-listener
 o [NSE] Added redirect support to the http library
 o Update to the latest MAC address prefix assignments from IEEE as of March 8,
2012

Test builds sponsored by redports.org

Feature safe: yes
Original commit
Wednesday, 4 Jan 2012
16:47 ohauer search for other commits by this committer
- update to 5.61TEST4

For detailed Changes see http://nmap.org/changelog.html
(List is simply to long ...)

Some highlights
* [NSE] Added a new httpspider library which is used for recursively
  crawling web sites for information.  New scripts using this
  functionality include http-backup-finder, http-email-harvest,
  http-grep, http-open-redirect, and http-unsafe-output-escaping. See
  http://nmap.org/nsedoc/ or the list later in this file for details
  on these.

* [NSE] Added a vulnerability management library (vulns.lua) to store and to
  report discovered vulnerabilities.

* [NSE] Added a new script force feature.  You can force scripts to
  run against target ports (even if the "wrong" service is detected)
  by placing a plus in front of the script name passed to --script.
  See http://nmap.org/book/nse-usage.html#nse-script-selection.

* [NSE] Added 51(!) NSE scripts, bringing the total up to 297.

Build tests sponsored by redports.org
Original commit
Tuesday, 4 Oct 2011
17:17 ohauer search for other commits by this committer
- update to version 5.61TEST2
- add workaround for system build with WITHOUT_INET6 [1]

 Thanks to Kim Scarborough for sharing the libpcap workaround

PR:             ports/159376 [1]
Submitted by:   Alexander Panyushkin [1]
Original commit
Friday, 23 Sep 2011
20:29 ohauer search for other commits by this committer
 - update to 5.61TEST1

Here is the (partial) CHANGELOG since 5.59BETA1:

Nmap 5.61TEST1 [2011-09-19]

o The changelog entries below for this test release are not yet
  finished or comprehensive.  We'll update them soon.

o [Ncat] Updated ca-bundle.crt (primarily to remove DigiNotar).

o Fixed compilation on OS X 10.7 Lion. Thanks to Patrik Karlsson and
  Babak Farroki for researching fixes.

o [NSE] Fixed SSL compressor names in ssl-enum-ciphers.nse, and
  removed redundant multiple listings of the NULL compressor.
  [Matt Selsky]

o [NSE] Added cipher strength ratings to ssl-enum-ciphers.nse.
  [Gabriel Lawrence]

o Added Common Platform Enumeration (CPE, http://cpe.mitre.org/)
  output for OS and service versions. These show up in normal output
  with the headings "OS CPE:" and "Service Info:":
    OS CPE: cpe:/o:linux:kernel:2.6.39
    Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
  These also appear in XML output, which additionally has CPE entries
  for service versions. [David, Henri]

o [NSE] Added new default credential list for Oracle and modified the
  oracle-brute script to make use of it. [Patrik]

o [NSE] Added xmpp-info.nse as a replacement for xmpp.nse. This updated version
  brings new features and fixes. [Vasiliy Kulikov]

o Fixed RPC scan for 64-bit architectures by using fixed-size data
  types. [David]

o Relaxed the XML DTD to allow validation of files where the verbosity
  level changed during the scan. [Daniel Miller]

o Made a service confidence of 8 (used when tcpwrapped) and indeed any
  number between 0 and 10 be legal in XML output according to the DTD.
  [Daniel Miller]

o [NSE] Added three scripts that do host discovery on local IPv6
  subnets. Each of them uses a different multicast technique, meaning
  that even very large networks have host discovery done without
  needing to probe every address individually.
  + targets-multicast-ipv6-echo: Sends a multicast echo request, like
    broadcast-ping does for IPv4.
  + targets-multicast-ipv6-invalid-dst: Sends an invalid packet that
    can elicit an ICMPv6 Parameter Problem response.
  + targets-multicast-ipv6-slaac: Sends a phony router advertisement,
    which causes hosts to allocate a temporary address and then send a
    packet to discover if anyone else is using the address.
  [Weilin, David]

o [NSE] Added functions to packet.lua to make it easier to build IPv6
  packets. [Weilin]

o [NSE] Added new script http-vuln-cve2011-3192 which checks whether an instance
  of Apache is vulnerable to a DoS attack exploiting the byterange filter.
  [Duarte Silva].

o [NSE] Fixed authentication problems in the TNS library that would prevent
  authentication from working against Oracle 11.2.0.2.0 XE [Chris Woodbury]

o Removed some restrictions on probe matching that, for example,
  prevented a RST/ACK reply from being recognized in a NULL scan. This
  was found and fixed by Matthew Stickney and Joe McEachern.

o Rearranged some characters classes in service matches to avoid any
  that look like POSIX collating symbols ("[.xyz.]"). John Hutchison
  discovered this error caused by one of the match lines:
    InitMatch: illegal regexp: POSIX collating elements are not supported
  [Daniel Miller]

o [NSE] Added the address-info.nse script, which shows extra information about
IP addresses.

o [NSE] Added scripts http-joomla-brute, http-wordpress-brute, http-wp-enum and
  http-awstatstotal-exec. [Paulino]

o [Zenmap] Fixed zenmap deleting ports based on newer scans which did
  not actually scan the port in question. Additionally ncat now only
  updates ports with new information if the new information is the same
  protocol. Not just the same port. [Colin Rice]

o [Ncat] Fixed ncat crashing with --ssl-verify -vvv on windows. [Colin Rice]

o [NSE] Added script http-waf-detect. This script tries to determine
  if an IDS/IPS/WAF is protecting a web server. [Paulino]

o [NSE] Added the bittorrent library and bittorrent-discovery script which
  enables us to discover peers and nodes for a particular torrent file or
  magnet link.

o [NSE] Added basic query support to the Oracle TNS library making it possible
  for scripts to query the database server using SQL. [Patrik]

o [Ncat] Added --append-output option, that when used along with -o and/or -x
  prevents clobbering(truncating) an existing file. [Shinnok]

o [NSE] Added script broadcast-listener that attempts to discover hosts by
  passively listening to the network. It does so by decoding ethernet and IP
  broadcast and multicast messages. [Patrik]

o Fixed a bug that would make Nmap segfault if it failed to open an interface
  using pcap. The bug details and patch are posted here:
  http://seclists.org/nmap-dev/2011/q3/365 [Patrik]

o Ncat SCTP mode supports connection brokering now(--sctp --broker). [Shinnok]

o Nmap now defers options parsing until it has read through all the command line
  arguments. You can now use options like -S with an IPv6 address before
  specifying -6 at the command line, which previously got you an error.
  [Shinnok]

o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs
  brute force password auditing against XMPP (Jabber) servers. [Patrik]

o [NSE] Fixed a bug in the ssh2-enum-algos script that would prevent it from
  displaying any output unless run in debug mode. [Patrik]

o [NSE] Fixed the nsedebug print_hex() function so it does not print an
  empty line if there are no remaining characters, and improved its NSEDoc.
  [Chris Woodbury].

o [NSE] Added the scripts http-axis2-dir-traversal and
  http-litespeed-sourcecode-download that exploits a directory traversal and
  null byte poisoning vulnerabilities in Apache Axis2 and LiteSpeed Web Server
  respectively. [Paulino]

o [Ncat] Ncat now no longer blocks while an ssl handshake is taking place or
  waiting to complete. [Shinnok]

o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover
  message to the broadcast address and collects and reports the network
  information received from the DHCP server. [Patrik]

o [NSE] Added the script smtp-brute that performs brute force password
  auditing against SMTP servers. [Patrik]

o [NSE] Updated SMTP library to support authentication using both plain-text
  and the SASL library. [Patrik]

o [NSE] Added the script imap-brute that performs brute force password
  auditing against IMAP servers. [Patrik]

o [NSE] Updated IMAP library to support authentication using both plain-text
  and the SASL library. [Patrik]

o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson
  providing common code for "Simple Authentication and Security Layer" to
  services supporting it. The algorithms supported by the library are:
  PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]

o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs
  library. The cvs-brute-repository script allows for guessing possible
  repository names needed in order to perform password guessing using the
  cvs-brute.nse script. [Patrik]

o [Zenmap] The Zenmap crash handler now instructs you to mail in crash
  information to nmap-dev. [Colin Rice]

o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4
  ARP scan. It is the default ping type for local IPv6 networks.
  [Weilin]

o [NSE] Added smtp-vuln-cve2011-1764 script, which checks if the Exim
  SMTP server is vulnerable to the DKIM Format String vulnerability
  (CVE-2011-1764). [Djalal]

o Added the broadcast-ping script which sends icmp packets to broadcast
  addresses on the selected network interface, or all ethernet interfaces if
  none is selected. It has the option to add the discovered hosts as targets.

o [NSE] Applied patch from Chris Woodbury that adds the following additional
  information to the output of smb-os-discovery:
  + Forest name
  + FQDN
  + NetBIOS computer name
  + NetBIOS domain name

o [Ncat] Ncat now supports IPV6 addresses by default without the -6 flag.
  Additionally ncat listens on both :: and localhost when passed
  -l, or any other listening mode unless a specific listening address is
  supplied.

o [NSE] Split script db2-discover into two scripts, adding a new
  broadcast-db2-discover script. This script attempts to discover DB2
  database servers through broadcast requests. [Patrik Karlsson]

o Fixed broken XML output in the case of timed-out hosts; the
  enclosing host element was missing. The fix was suggested by RĂ©mi
  Mollon.

o [NSE] Added ftp-vuln-cve2010-4221 script, which checks if the ProFTPD
  server is vulnerable to the Telnet IAC stack overflow vulnerability
  (CVE-2010-4221). [Djalal]

o [NSE] Added ftp-vsftpd-backdoor, which detects a backdoor that was introduced
  into vsftpd-2.3.4 source code distributions. [Daniel Miller]

o [NSE] ldap-brute.nse - Multiple changes:
  + Added support for 2008 R2 functional level Active Directory instances
    to ldap-brute.
  + Added detection for valid credentials where the target account was
    expired or limited by time or login host constraints.
  + Added support for specifying a UPN suffix to be appended to usernames
    when brute forcing Microsoft Active Directory accounts.
  + Added support for saving discovered credentials to a CSV file.
  + Now reports valid credentials as they are discovered when the script
    is run with -vv or higher.
        [Tom Sellers]

o [NSE] ldap-search.nse - Added support for saving search results to
  CSV.  This is done by using the ldap.savesearch script argument to
  specify an output filename prefix.  [Tom Sellers]

o [NSE] Updated smb-brute to add detection for valid credentials where the
  target account was expired or limited by time or login host constraints.
  [Tom Sellers]

o [NSE] Updated account status text in brute force password discovery
  scripts in an effort to make the reporting more consistent across
  all scripts.  This will have an impact on any code that parses these
  values.  [Tom Sellers]
Original commit
Friday, 1 Jul 2011
13:23 ohauer search for other commits by this committer
- update to version 5.59BETA1

This version includes:
 o 40 new NSE scripts (plus improvements to many others)
 o even more IPv6 goodness than our informal World IPv6 Day release
 o 7 new NSE protocol libraries
 o hundreds of bug fixes
 o and much more see http://seclists.org/nmap-hackers/2011/3
Original commit
Sunday, 13 Feb 2011
19:36 ohauer search for other commits by this committer
 - update to version 5.51

Nmap 5.51 [2011-02-11]

o [Ndiff] Added support for prerule and postrule scripts. [David]

o [NSE] Fixed a bug which caused some NSE scripts to fail due to the
  absence of the NSE SCRIPT_NAME environment variable when loaded.
  Michael Pattrick reported the problem. [Djalal]

o [Zenmap] Selecting one of the scan targets in the left pane is
  supposed to jump to that host in the Nmap Output in the right pane
  (but it wasn't).  Brian Krebs reported this bug. [David]

o Fixed an obscure bug in Windows interface matching. If the MAC
  address of an interface couldn't be retrieved, it might have been
  used instead of the correct interface. Alexander Khodyrev reported
  the problem.  [David]

o [NSE] Fixed portrules in dns-zone-transfer and ftp-proftpd-backdoor
  that used shortport functions incorrectly and always returned
  true. [Jost Krieger]

o [Ndiff] Fixed ndiff.dtd to include two elements that can be diffed:
  status and address. [Daniel Miller]

o [Ndiff] Fixed the ordering of hostscript-related elements in XML
  output. [Daniel Miller]

o [NSE] Fixed a bug in the nrpe-enum script that would make it run for
  every port (when it was selected--it isn't by default).  Daniel
  Miller reported the bug. [Patrick]

o [NSE] When an NSE script sets a negative socket timeout, it now
  causes a controlled Lua stack trace instead of a fatal error.
  Vlatko Kosturjak reported the bug. [David]

o [Zenmap] Worked around an error that caused the py2app bootstrap
  executable to be non-universal even when the rest of the application
  was universal. This prevented the binary .dmg from working on
  PowerPC. Yxynaxen reported the problem. [David]

o [Ndiff] Fixed an output line that wasn't being redirected to a file
  when all other output was. [Daniel Miller]
Original commit
Sunday, 30 Jan 2011
17:15 ohauer search for other commits by this committer
- update to version 5.50
- always enable bpf in libdnet-stripped to support build in Jail [1]

Announcement and Changelog are very long and covered by last updates.

Announcement: http://seclists.org/nmap-hackers/2011/0
Changelog: http://nmap.org/changelog.html

PR:             ports/154353 [1]
Submitted by:   Mars G Miro <spry _at_ anarchy.in.the.ph> [1]
Feature safe:   yes
Original commit
Saturday, 22 Jan 2011
16:43 ohauer search for other commits by this committer
 - update nmap to version 5.36TEST4

   Changelog: http://nmap.org/changelog.html

Feature safe:   yes
Original commit
Friday, 7 Jan 2011
20:51 ohauer search for other commits by this committer
 - update nmap to version 5.36TEST3
 - remove dead mirror servers

 Changelog: http://nmap.org/changelog.html

 Mayjor changes are NSE script related, some highlihts:
  o [NSE] Added stuxnet-detect.nse
  o [NSE] Added the ftp-proftpd-backdoor.nse

  and many more interesting NSE scripts.
Original commit
Friday, 3 Sep 2010
21:16 ohauer search for other commits by this committer
 - update nmap to version 5.35DC1
 - remove MD2 code from nse_openssl.cc (already removed in nmap svn)
 - remove naming conflict if openssl-1.x is build with SCTP support

Approved by:    glarkin (mentor)
Original commit
Sunday, 31 Jan 2010
00:50 miwi search for other commits by this committer
- Update to 5.21

PR:             143331
Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Original commit
Thursday, 16 Jul 2009
22:17 miwi search for other commits by this committer
- Update to 5.00

Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Original commit
Sunday, 5 Jul 2009
22:24 miwi search for other commits by this committer
- Update to 4.90RC1

PR:             136295
Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Original commit
Monday, 13 Apr 2009
09:53 dhn search for other commits by this committer
- Update to 4.85.b7

PR:             ports/133547
Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Approved by:    miwi (mentor)
Original commit
Wednesday, 24 Sep 2008
14:47 miwi search for other commits by this committer
- Update to 4.76

PR:             127379
Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Original commit
Sunday, 3 Aug 2008
16:09 miwi search for other commits by this committer
- Update to 4.68

PR:             126211
Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Original commit
Tuesday, 6 May 2008
13:26 miwi search for other commits by this committer
- Update to 4.62

PR:             123401
Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Original commit
Monday, 14 Apr 2008
00:53 clsung search for other commits by this committer
- Update nmap to 4.60 and fix moved MASTER_SITES.
  Also fixed portlint warnings about Makefile structure.

PR:             ports/122728
Submitted by:   maintainer (Daniel Roethlisberge)
Original commit
Friday, 14 Mar 2008
21:30 miwi search for other commits by this committer
- Update to 4.52

PR:             119673
Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Original commit
Tuesday, 12 Dec 2006
20:32 miwi search for other commits by this committer
- Update to 4.20

PR:             ports/106567
Submitted by:   Jose Fernandes<jose@diasfernandes.pt>
Approved by:    maintainer
Original commit
Saturday, 8 Jul 2006
05:32 clsung search for other commits by this committer
- update to 4.11

PR:             ports/99833
Submitted by:   tjs <tjs_AT_cdpa dot nsysu dot edu dot tw>
Approved by:    maintainer (Daniel Roethlisberger)
Original commit
Sunday, 25 Jun 2006
19:04 erwin search for other commits by this committer
Update to 4.10

PR:             99461
Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Original commit
Friday, 10 Feb 2006
23:42 krion search for other commits by this committer
Update to 4.01

PR:             ports/93153
Submitted by:   krion
Approved by:    maintainer
Original commit
Thursday, 2 Feb 2006
08:13 krion search for other commits by this committer
Update to 4.00

PR:             ports/92684
Submitted by:   krion
Approved by:    maintainer
Original commit
Wednesday, 14 Dec 2005
08:46 barner search for other commits by this committer
Update nmap and nmapfe to 3.95.
Notable upstream changes:

 * new help/usage screen and man page
 * new man page currently only available in en, pt_PT and pt_BR
 * nmapfe is now a shiny GTK2 application

Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
PR:             ports/90371
Original commit
Wednesday, 7 Dec 2005
09:52 tdb search for other commits by this committer
- Add SHA256 checksum

PR:             90054
Submitted by:   Daniel Roethlisberger <daniel@roe.ch> (maintainer)
Approved by:    clement (mentor)
Original commit
Friday, 16 Sep 2005
11:05 garga search for other commits by this committer
- Update to 3.93

PR:             ports/86113
Submitted by:   maintainer
Original commit
Thursday, 8 Sep 2005
13:18 krion search for other commits by this committer
Update to version 3.90
Original commit
Saturday, 26 Feb 2005
15:39 krion search for other commits by this committer
Update to version 3.81

PR:             ports/77425
Submitted by:   krion
Approved by:    maintainer timeout
Original commit
Tuesday, 30 Nov 2004
18:10 eik search for other commits by this committer
update to version 3.77
Original commit
Tuesday, 19 Oct 2004
16:04 eik search for other commits by this committer
- update to version 3.75
  + updated OS fingerprint database
Original commit
Wednesday, 13 Oct 2004
13:52 eik search for other commits by this committer
- update to version 3.71-PRE1
Original commit
Tuesday, 31 Aug 2004
20:41 eik search for other commits by this committer
- update to version 3.70 (birthday edition, try the verbose mode)
Original commit
Thursday, 26 Aug 2004
10:28 eik search for other commits by this committer
support building nmap-3.59a5 WITH_PRERELEASE=yes
Original commit
Wednesday, 7 Jul 2004
09:22 eik search for other commits by this committer
- update to 3.55
  /usr/local/share/doc/nmap/CHANGELOG
Original commit
Monday, 5 Jul 2004
00:06 eik search for other commits by this committer
update to 3.51-TEST4
Original commit
Thursday, 17 Jun 2004
11:56 eik search for other commits by this committer
- update to 3.51-TEST3
- fix bug when ranges cross interface boundaries [1]

Notified by:    Alex Povolotsky <tarkhil@webmail.sub.ru>, Mike Benjamin
<mikeb@mikeb.org> [1]
Original commit
Thursday, 18 Mar 2004
01:04 eik search for other commits by this committer
SIZEify

Prompted by:    trevor
Original commit
Monday, 19 Jan 2004
22:31 eik search for other commits by this committer
- update to version 3.50

Approved by:    marcus (mentor)
Original commit
Tuesday, 7 Oct 2003
22:31 edwin search for other commits by this committer
[MAINTAINER] port security/nmap: update to version 3.48

        - improved version detection
        - integrates most FreeBSD fixes, thanks to
          Marius Strobl <marius@alchemy.franken.de>
        - install localized man pages

PR:             ports/57646
Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>
Original commit
Thursday, 25 Sep 2003
16:19 leeym search for other commits by this committer
update to nmap/nmapfe version 3.46

PR:             57196
Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>
Original commit
Tuesday, 1 Jul 2003
03:38 foxfair search for other commits by this committer
PR:             53933
Submitted by:   maintainer
1. Upgrade Nmap to 3.30, which released at Jun 29, 2003. Major enchancement is
   OS fingerprints update. The fingerprint DB now contains almost 1000
   fingerprints.

   See ChangeLog at this link:

        http://lists.insecure.org/lists/nmap-hackers/2003/Apr-Jun/0016.html

2. Renamed the patch files to be more descriptive.
Original commit
Monday, 16 Jun 2003
04:43 leeym search for other commits by this committer
nmap 3.27 -> 3.28

PR:             53351
Submitted by:   Dominic Marks <dom@cus.org.uk>
Original commit
Tuesday, 29 Apr 2003
22:04 adamw search for other commits by this committer
Update to 3.27.

Submitted by:   Marius Strobl <marius@alchemy.franken.de>
Reviewed by:    Dominic Marks <dom@cus.org.uk> (maintainer)
Original commit
Monday, 28 Apr 2003
18:28 adamw search for other commits by this committer
Update to 3.26.

PR:             51459
Submitted by:   Miguel Mendez <flynn@energyhq.es.eu.org>
Approved by:    d.marks@student.umist.ac.uk (maintainer)
Original commit
Tuesday, 22 Apr 2003
00:06 adamw search for other commits by this committer
Update to 3.25.

PR:             51257
Submitted by:   Dominic Marks <dom@cus.org.uk> (maintainer)
Original commit
Friday, 11 Apr 2003
10:00 sumikawa search for other commits by this committer
Upgrade to 3.20

PR:             ports/49987
Submitted by:   Dominic Marks <dom@cus.org.uk>
                marius@alchemy.franken.de
Original commit
Monday, 5 Aug 2002
20:57 pat search for other commits by this committer
Update to 3.00

PR:             ports/41330
Submitted by:   maintainer
Original commit
Tuesday, 21 May 2002
16:26 dwcjr search for other commits by this committer
Update to the latest

PR:             38305
Submitted by:   maintainer
Original commit
Monday, 29 Apr 2002
06:33 obrien search for other commits by this committer
Update to version 2.54 Beta 33.
Original commit
Tuesday, 2 Apr 2002
19:49 obrien search for other commits by this committer
Update to version 2.54 Beta 32.
Original commit
Thursday, 21 Mar 2002
01:39 obrien search for other commits by this committer
Update to version 2.54 Beta 31.
Original commit
Wednesday, 7 Nov 2001
15:41 obrien search for other commits by this committer
Update to version 2.54 Beta 30.    
Original commit
Friday, 10 Aug 2001
16:15 obrien search for other commits by this committer
Update to version 2.54 Beta 29.    
Original commit
Sunday, 29 Jul 2001
05:37 obrien search for other commits by this committer
Update to version 2.54 Beta 28.    
Original commit
Friday, 20 Jul 2001
19:27 obrien search for other commits by this committer
Update to version 2.54 Beta 27.    
Original commit
Monday, 9 Jul 2001
13:22 obrien search for other commits by this committer
Update to version 2.54 Beta 26.    
Original commit
Monday, 4 Jun 2001
16:27 obrien search for other commits by this committer
Update to version 2.54 Beta 25.    
Original commit
Saturday, 2 Jun 2001
20:06 obrien search for other commits by this committer
Upgrade to 2.54BETA24.    
Original commit
Tuesday, 20 Mar 2001
16:39 obrien search for other commits by this committer
Update to version 2.54 Beta 22.    
Original commit

Number of commits found: 87