-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
15340 lines (11870 loc) · 687 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# Nmap Changelog ($Id$); -*-text-*-
o [Ncat] Enable --ssl-ciphers to be used with Ncat in client mode, not only in
server (listen) mode. [Daniel Miller]
o [GH#649] New service probe and match lines for the JMON and RSE services of
IBM Explorer for z/OS. [Soldier of Fortran]
o Removed a duplicate service probe for Memcached added in 2011 (the original
probe was added in 2008) and reported as duplicate in 2013 by Pavel Kankovsky.
o New service probe and match line for NoMachine NX Server remote desktop.
[Justin Cacak]
o [Zenmap] Fixed a recurring installation problem on OS X/macOS where Zenmap
was installed to /Applications/Applications/Zenmap.app instead of
/Applications/Zenmap.app.
o [Zenmap][GH#639] Zenmap will no longer crash when no suitable temporary
directory is found. Patches contributed by [Varunram Ganesh] and [Sai Sundhar]
o [Zenmap][GH#626] Zenmap now properly handles the -v0 (no output) option,
which was added in Nmap 7.10. Previously, this was treated the same as not
specifying -v at all. [lymanZerga11]
o [GH#630] Updated or removed some OpenSSL library calls that were deprecated
in OpenSSL 1.1. [eroen]
o [NSE] New script http-hsts-verify reports whether or not HTTP Strict
Transport Security is configured. [Ícaro Torres]
o [NSE] Script ssh-hostkey now recognizes and reports Ed25519 keys [nnposter]
o [NSE][GH#627] Fixed script hang in several brute scripts due to the "threads"
script-arg not being converted to a number. Error message was
"nselib/brute.lua:1188: attempt to compare number with string" [Arne Beer]
Nmap 7.40 [2016-12-20]
o [Windows] Updated the bundled Npcap from 0.10r9 to 0.78r5, with an
improved installer experience, driver signing updates to work with
Windows 10 build 1607, and bugfixes for WiFi connectivity
problems. [Yang Luo, Daniel Miller]
o Integrated all of your IPv4 OS fingerprint submissions from April to
September (568 of them). Added 149 fingerprints, bringing the new total to
5,336. Additions include Linux 4.6, macOS 10.12 Sierra, NetBSD 7.0, and more.
Highlights: http://seclists.org/nmap-dev/2016/q4/110 [Daniel Miller]
o Integrated all of your service/version detection fingerprints submitted from
April to September (779 of them). The signature count went up 3.1% to 11,095.
We now detect 1161 protocols, from airserv-ng, domaintime, and mep to
nutcracker, rhpp, and usher. Highlights: http://seclists.org/nmap-dev/2016/q4/115
[Daniel Miller]
o Fix reverse DNS on Windows which was failing with the message "mass_dns:
warning: Unable to determine any DNS servers." This was because the interface
GUID comparison needed to be case-insensitive. [Robert Croteau]
o [NSE] Added 12 NSE scripts from 4 authors, bringing the total up to 552!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
+ cics-enum enumerates CICS transaction IDs, mapping to screens in TN3270
services. [Soldier of Fortran]
+ cics-user-enum brute-forces usernames for CICS users on TN3270 services.
[Soldier of Fortran]
+ fingerprint-strings will print the ASCII strings it finds in the service
fingerprints that Nmap shows for unidentified services. [Daniel Miller]
+ [GH#606] ip-geolocation-map-bing renders IP geolocation data as an image
via Bing Maps API. [Mak Kolybabi]
+ [GH#606] ip-geolocation-map-google renders IP geolocation data as an image
via Google Maps API. [Mak Kolybabi]
+ [GH#606] ip-geolocation-map-kml records IP geolocation data in a KML file
for import into other mapping software [Mak Kolybabi]
+ nje-pass-brute brute-forces the password to a NJE node, given a valid RHOST
and OHOST. Helpfully, nje-node-brute can now brute force both of those
values. [Soldier of Fortran]
+ [GH#557] ssl-cert-intaddr will search for private IP addresses in TLS
certificate fields and extensions. [Steve Benson]
+ tn3270-screen shows the login screen from mainframe TN3270 Telnet services,
including any hidden fields. The script is accompanied by the new tn3270
library. [Soldier of Fortran]
+ tso-enum enumerates usernames for TN3270 Telnet services. [Soldier of Fortran]
+ tso-brute brute-forces passwords for TN3270 Telnet services. [Soldier of Fortran]
+ vtam-enum brute-forces VTAM application IDs for TN3270 services.
[Soldier of Fortran]
o [NSE][GH#518] Brute scripts are faster and more accurate. New feedback and
adaptivity mechanisms in brute.lua help brute scripts use resources more
efficiently, dynamically changing number of threads based on protocol
messages like FTP 421 errors, network errors like timeouts, etc.
[Sergey Khegay]
o [GH#353] New option --defeat-icmp-ratelimit dramatically reduces UDP scan
times in exchange for labeling unresponsive (and possibly open) ports as
"closed|filtered". Ports which give a UDP protocol response to one of Nmap's
scanning payloads will be marked "open". [Sergey Khegay]
o [NSE][GH#533] Removed ssl-google-cert-catalog, since Google shut off that
service at some point. Reported by Brian Morin.
o [NSE][GH#606] New NSE library, geoip.lua, provides a common framework for
storing and retrieving IP geolocation results. [Mak Kolybabi]
o [Ncat] Restore the connection success message that Ncat prints with -v. This
was accidentally suppressed when not using -z.
o [GH#316] Added scan resume from Nmap's XML output. Now you can --resume a
canceled scan from all 3 major output formats: -oN, -oG, and -oX.
[Tudor Emil Coman]
o [Ndiff][GH#591] Fix a bug where hosts with the same IP but different
hostnames were shown as changing hostnames between scans. Made sort stable
with regard to hostnames. [Daniel Miller]
o [NSE][GH#540] Add tls.servername script-arg for forcing a name to be used for
TLS Server Name Indication extension. The argument overrides the default use
of the host's targetname. [Bertrand Bonnefoy-Claudet]
o [GH#505] Updated Russian translation of Zenmap by Alexander Kozlov.
o [NSE][GH#588] Fix a crash in smb.lua when using smb-ls due to a
floating-point number being passed to os.time ("bad argument").
[Dallas Winger]
o [NSE][GH#596] Fix a bug in mysql.lua that caused authentication failures in
mysql-brute and other scripts due to including a null terminator in the salt
value. This bug affects Nmap 7.25BETA2 and later releases. [Daniel Miller]
o The --open option now implies --defeat-rst-ratelimit. This may result in
inaccuracies in the numbers of "Not shown:" closed and filtered ports, but
only in situations where it also speeds up scan times. [Daniel Miller]
o [NSE] Added known Diffie-Hellman parameters for haproxy, postfix, and
IronPort to ssl-dh-params. [Frank Bergmann]
o Added service probe for ClamAV servers (clam),
an open source antivirus engine used in mail scanning. [Paulino Calderon]
o Added service probe and UDP payload for Quick UDP Internet Connection (QUIC),
a secure transport developed by Google and used with HTTP/2. [Daniel Miller]
o [NSE] Enabled resolveall to run against any target provided as a hostname, so
the resolveall.hosts script-arg is no longer required. [Daniel Miller]
o [NSE] Revised script http-default-accounts in several ways [nnposter]:
- Added 21 new fingerprints, plus broadened 5 to cover more variants.
- [GH#577] It can now can test systems that return status 200 for
non-existent pages.
- [GH#604] Implemented XML output. Layout of the classic text output has also
changed, including reporting blank usernames or passwords as "<blank>",
instead of just empty strings.
- Added CPE entries to individual fingerprints (where known). They are
reported only in the XML output.
o [NSE][GH#573] Updated http.lua to allow processing of HTTP responses with
malformed header names. Such header lines are still captured in the rawheader
list but skipped otherwise. [nnposter]
o [GH#416] New service probe and match line for iperf3. [Eric Gershman]
o [NSE][GH#555] Add Drupal to the set of web apps brute forced by
http-form-brute. [Nima Ghotbi]
Nmap 7.31 [2016-10-20]
o [Windows] Updated the bundled Npcap from 0.10r2 to 0.10r9, bringing
increased stability, bug fixes, and raw 802.11 WiFi capture (unused
by Nmap). Further details on these changes can be found at
https://github.com/nmap/npcap/releases. [Yang Luo]
o Fixed the way Nmap handles scanning names that resolve to the same IP. Due to
changes in 7.30, the IP was only being scanned once, with bogus results
displayed for the other names. The previous behavior is now restored.
[Tudor Emil Coman]
o [Nping][GH#559] Fix Nping's ability to use Npcap on Windows. A privilege
check was performed too late, so the Npcap loading code assumed the user had no
rights. [Yang Luo, Daniel Miller]
o [GH#350] Fix an assertion failure due to floating point error in equality
comparison, which triggered mainly on OpenBSD:
assertion "diff <= interval" failed: file "timing.cc", line 440
This was reported earlier as [GH#472] but the assertion fixed there was a
different one. [David Carlier]
o [Zenmap] Fix a crash in the About page in the Spanish translation due to a
missing format specifier:
File "zenmapGUI\About.pyo", line 217, in __init__
TypeError: not all arguments converted during string formatting
[Daniel Miller]
o [Zenmap][GH#556] Better visual indication that display of hostname is tied to
address in the Topology page. You can show numeric addresses with hostnames
or without, but you can't show hostnames without numeric addresses when they
are not available. [Daniel Miller]
o To increase the number of IPv6 fingerprint submissions, a prompt for
submission will be shown with some random chance for successful matches of OS
classes that are based on only a few submissions. Previously, only
unsuccessful matches produced such a prompt. [Daniel Miller]
Nmap 7.30 [2016-09-29]
o Integrated all 12 of your IPv6 OS fingerprint submissions from June to
September. No new groups, but several classifications were strengthened,
especially Windows localhost and OS X. [Daniel Miller]
o [NSE] Added 7 NSE scripts, from 3 authors, bringing the total up to 541!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
+ [GH#369] coap-resources grabs the list of available resources from CoAP
endpoints. [Mak Kolybabi]
+ fox-info retrieves detailed version and configuration info from Tridium
Niagara Fox services. [Stephen Hilt]
+ ipmi-brute performs authentication brute-forcing on IPMI services.
[Claudiu Perta]
+ ipmi-cipher-zero checks IPMI services for Cipher Zero support, which allows
connection without a password. [Claudiu Perta]
+ ipmi-version retrieves protocol version and authentication options from
ASF-RMCP (IPMI) services. [Claudiu Perta]
+ [GH#352] mqtt-subscribe connects to a MQTT broker, subscribes to topics,
and lists the messages received. [Mak Kolybabi]
+ pcworx-info retrieves PLC model, firmware version, and date from Phoenix
Contact PLCs. [Stephen Hilt]
o Upgraded Npcap, our new Windows packet capturing driver/library,
from version to 0.09 to 0.10r2. This includes many bug fixes, with a
particular on emphasis on concurrency issues discovered by running
hundreds of Nmap instances at a time. More details are available
from https://github.com/nmap/npcap/releases. [Yang Luo, Daniel
Miller, Fyodor]
o New service probes and match lines for DTLS, IPMI-RMCP, MQTT, PCWorx,
ProConOS, and Tridium Fox, [Stephen Hilt, Mak Kolybabi, Daniel Miller]
o Improved some output filtering to remove or escape carriage returns ('\r')
that could allow output spoofing by overwriting portions of the screen. Issue
reported by Adam Rutherford. [Daniel Miller]
o [NSE] Fixed a few bad Lua patterns that could result in denial of service due
to excessive backtracking. [Adam Rutherford, Daniel Miller]
o Fixed a discrepancy between the number of targets selected with -iR and the
number of hosts scanned, resulting in output like "Nmap done: 1033 IP
addresses" when the user specified -iR 1000. [Daniel Miller]
o Fixed a bug in port specification parsing that could cause extraneous
'T', 'U', 'S', and 'P' characters to be ignored when they should have
caused an error. [David Fifield]
o [GH#543] Restored compatibility with LibreSSL, which was lost in adding
library version checks for OpenSSL 1.1. [Wonko7]
o [Zenmap] Fixed a bug in the Compare Scans window of Zenmap on OS X resulting
in this message instead of Ndiff output:
ImportError: dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so, 2): no suitable image found. Did find:
/Applications/Zenmap.app/Contents/Resources/lib/python2.7/lib-dynload/datetime.so: mach-o, but wrong architecture
Reported by Kyle Gustafson. [Daniel Miller]
o [NSE] Fixed a bug in ssl-enum-ciphers and ssl-dh-params which caused them to
not output TLSv1.2 info with DHE ciphersuites or others involving
ServerKeyExchange messages. [Daniel Miller]
o [NSE] Added X509v3 extension parsing to NSE's sslcert code. ssl-cert now
shows the Subject Alternative Name extension; all extensions are shown in the
XML output. [Daniel Miller]
Nmap 7.25BETA2 [2016-09-01]
o [GH#376] Windows binaries are now code-signed with our "Insecure.Com LLC"
SHA256 certificate. This should give our users extra peace-of-mind and avoid
triggering Microsoft's ever-increasing security warnings.
o [NSE] Upgraded NSE to Lua 5.3, adding bitwise operators, integer data type, a
utf8 library, and native binary packing and unpacking functions. Removed bit
library, added bits.lua, replaced base32, base64, and bin libraries. [Patrick
Donnelly]
o [NSE] Added 2 NSE scripts, bringing the total up to 534! They are both listed
at https://nmap.org/nsedoc/, and the summaries are below:
+ oracle-tns-version decodes the version number from Oracle Database Server's
TNS listener. [Daniel Miller]
+ clock-skew analyzes and reports clock skew between Nmap and services that
report timestamps, grouping hosts with similar skews. [Daniel Miller]
o Integrated all of your service/version detection fingerprints submitted from
January to April (578 of them). The signature count went up 2.2% to 10760.
We now detect 1122 protocols, from elasticsearch, fhem, and goldengate to
ptcp, resin-watchdog, and siemens-logo. [Daniel Miller]
o Upgraded Npcap, our new Windows packet capturing driver/library,
from version 0.07-r17 to 0.09. This includes many improvements you can
read about at https://github.com/nmap/npcap/releases.
o [Nsock][GH#148] Added the new IOCP Nsock engine which uses the Windows
Overlapped I/O API to improve performance of version scan and NSE against
many targets on Windows. [Tudor Emil Coman]
o [GH#376] Windows binaries are now code-signed with our "Insecure.Com LLC"
SHA256 certificate. This should give our users extra peace-of-mind and avoid
triggering Microsoft's ever-increasing security warnings.
o Various performance improvements for large-scale high-rate scanning,
including increased ping host groups, faster probe matching, and ensuring
data types can handle an Internet's-worth of targets. [Tudor Emil Coman]
o [NSE] Added the oracle-tns-version NSE script which decodes the version
number from Oracle Database Server's TNS
listener. https://nmap.org/nsedoc/scripts/oracle-tns-version.html [Daniel
Miller]
o [NSE] Added the clock-skew NSE script which analyzes and reports clock skew
between Nmap and services that report timestamps, grouping hosts with
similar skews. https://nmap.org/nsedoc/scripts/clock-skew.html [Daniel
Miller]
o [Zenmap] Long-overdue Spanish language translation has been added! Muy bien!
[Vincent Dumont, Marta Garcia De La Paz, Paulino Calderon, Patricio Castagnaro]
o [Zenmap][GH#449] Fix a crash when closing Zenmap due to a read-only
zenmap.conf. User will be warned that config cannot be saved and that they
should fix the file permissions. [Daniel Miller]
o [NSE] Fix a crash when parsing TLS certificates that OpenSSL doesn't support,
like DH certificates or corrupted certs. When this happens, ssl-enum-ciphers
will label the ciphersuite strength as "unknown." Reported by Bertrand
Bonnefoy-Claudet. [Daniel Miller]
o [NSE][GH#531] Fix two issues in sslcert.lua that prevented correct operations
against LDAP services when version detection or STARTTLS were used.
[Tom Sellers]
o [GH#426] Remove a workaround for lack of selectable pcap file descriptors on
Windows, which required including pcap-int.h and locking us to a single
version of libpcap. The new method, using WaitForSingleObject should work
with all versions of both WinPcap and Npcap. [Daniel Miller]
o [NSE][GH#234] Added a --script-timeout option for limiting run time for
every individual NSE script. [Abhishek Singh]
o [Ncat][GH#444] Added a -z option to Ncat. Just like the -z option in
traditional netcat, it can be used to quickly check the status of a
port. Port ranges are not supported since we recommend a certain other tool
for port scanning. [Abhishek Singh]
o Fix checking of Npcap/WinPcap presence on Windows so that "nmap -A" and
"nmap" with no options result in the same behaviors as on Linux (and no
crashes) [Daniel Miller]
o [NSE] ssl-enum-ciphers will now warn about 64-bit block ciphers in CBC mode,
which are vulnerable to the SWEET32 attack.
o [NSE][GH#117] tftp-enum now only brute-forces IP-address-based Cisco filenames when
the wordlist contains "{cisco}". Previously, custom wordlists would still end
up sending these extra 256 requests. [Sriram Raghunathan]
o [GH#472] Avoid an unnecessary assert failure in timing.cc when printing estimated
completion time. Instead, we'll output a diagnostic error message:
Timing error: localtime(n) is NULL
where "n" is some number that is causing problems. [Jean-Guilhem Nousse]
o [NSE][GH#519] Removed the obsolete script ip-geolocation-geobytes. [Paulino Calderon]
o [NSE] Added 9 new fingerprints for script http-default-accounts.
(Motorola AP, Lantronix print server, Dell iDRAC6, HP StorageWorks, Zabbix,
Schneider controller, Xerox printer, Citrix NetScaler, ESXi hypervisor)
[nnposter]
o [NSE] Completed a refresh and validation of almost all fingerprints for
script http-default-accounts. Also improved the script speed. [nnposter]
o [GH#98] Added support for decoys in IPv6. Earlier we supported decoys only in
IPv4. [Abhishek Singh]
o Various performance improvements for large-scale high-rate scanning,
including increased ping host groups, faster probe matching, and ensuring
data types can handle an Internet's-worth of targets. [Tudor Emil Coman]
o [GH#484] Allow Nmap to compile on some older Red Hat distros that disable EC
crypto support in OpenSSL. [Jeroen Roovers, Vincent Dumont]
o [GH#439] Nmap now supports OpenSSL 1.1.0-pre5 and previous versions. [Vincent Dumont]
o [Ncat] Fix a crash ("add_fdinfo() failed.") when --exec was used with --ssl
and --max-conns, due to improper accounting of file descriptors. [Daniel
Miller]
o FTP Bounce scan: improved some edge cases like anonymous login without
password, 500 errors used to indicate port closed, and timeouts for LIST
command. Also fixed a 1-byte array overrun (read) when checking for
privileged ports. [Daniel Miller]
o [GH#140] Allow target DNS names up to 254 bytes. We previously imposed an
incorrect limit of 64 bytes in several parts of Nmap. [Vincent Dumont]
o [NSE] The hard limit on number of concurrently running scripts can now
increase above 1000 to match a high user-set --min-parallelism value. [Tudor
Emil Coman]
o [NSE] Solved a memory corruption issue that would happen if a socket connect
operation produced an error immediately, such as Network Unreachable. The
event handler was throwing a Lua error, preventing Nsock from cleaning up
properly, leaking events. [Abhishek Singh, Daniel Miller]
o [NSE] Added the datetime library for performing date and time calculations,
and as a helper to the clock-skew script.
o [GH#103][GH#364] Made Nmap's parallel reverse DNS resolver more robust, fully
handling truncated replies. If a response is too long, we now fall back to
using the system resolver to answer it. [Abhishek Singh]
o [Zenmap][GH#279] Added a legend for the Topography window. [Suraj Hande]
Nmap 7.25BETA1 [2016-07-15]
o Nmap now ships with and uses Npcap, our new packet sniffing library
for Windows. It's based on WinPcap (unmaintained for years), but
uses modern Windows APIs for better performance. It also includes
security improvements and many bug fixes. See http://npcap.org. And
it enables Nmap to perform SYN scans and OS detection against
localhost, which we haven't been able to do on Windows since
Microsoft removed the raw sockets API in 2003. [Yang Luo, Daniel
Miller, Fyodor]
o [NSE] Added 6 NSE scripts, from 5 authors, bringing the total up to 533!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
+ clamav-exec detects ClamAV servers vulnerable to unauthorized clamav
command execution. [Paulino Calderon]
+ http-aspnet-debug detects ASP.NET applications with debugging enabled.
[Josh Amishav-Zlatin]
+ http-internal-ip-disclosure determines if the web server leaks its internal
IP address when sending an HTTP/1.0 request without a Host header. [Josh
Amishav-Zlatin]
+ [GH#304] http-mcmp detects mod_cluster Management Protocol (MCMP) and dumps
its configuration. [Frank Spierings]
+ [GH#365] sslv2-drown detects vulnerability to the DROWN attack, including
CVE-2016-0703 and CVE-2016-0704 that enable fast attacks on OpenSSL.
[Bertrand Bonnefoy-Claudet]
+ vnc-title logs in to VNC servers and grabs the desktop title, geometry, and
color depth. [Daniel Miller]
o Integrated all of your IPv4 OS fingerprint submissions from January
to April (539 of them). Added 98 fingerprints, bringing the new total
to 5187. Additions include Linux 4.4, Android 6.0, Windows Server
2016, and more. [Daniel Miller]
o Integrated all 31 of your IPv6 OS fingerprint submissions from January to
June. The classifier added 2 groups and expanded several others. Several
Apple OS X groups were consolidated, reducing the total number of groups to
93. [Daniel Miller]
o Update oldest supported Windows version to Vista (Windows 6.0). This enables
the use of the poll Nsock engine, which has significant performance and
accuracy advantages. Windows XP users can still use Nmap 7.12, available from
https://nmap.org/dist/?C=M&O=D [Daniel Miller]
o [NSE] Fix a crash that happened when trying to print the percent done of 0
NSE script threads:
timing.cc:710 bool ScanProgressMeter::printStats(double, const timeval*): Assertion 'ltime' failed.
This would happen if no scripts were scheduled in a scan phase and the user
pressed a key or specified a short --stats-every interval. Reported by
Richard Petrie. [Daniel Miller]
o [GH#283][Nsock] Avoid "unknown protocol:0" debug messages and an "Unknown
address family 0" crash on Windows and other platforms that do not set the
src_addr argument to recvfrom for TCP sockets. [Daniel Miller]
o Retrieve the correct network prefix length for an adapter on Windows. If more
than one address was configured on an adapter, the same prefix length would
be used for both. This incorrect behavior is still used on Windows XP and
earlier. Reported by Niels Bohr. [Daniel Miller]
o Changed libdnet-stripped to avoid bailing completely when an interface is
encountered with an unsupported hardware address type. Caused "INTERFACES:
NONE FOUND!" bugs in Nmap whenever Linux kernel added new hardware address
types. [Daniel Miller]
o Improved service detection of Docker and fixed a bug in the output of
docker-version script. [Tom Sellers]
o Fix detection of Microsoft Terminal Services (RDP). Our improved TLS service
probes were matching on port 3389 before our specific Terminal Services
probe, causing the port to be labeled as "ssl/unknown". Reported by Josh
Amishav-Zlatin.
o [NSE] Update to enable smb-os-discovery to augment version detection
for certain SMB related services using data that the script discovers.
[Tom Sellers]
o Improved version detection and descriptions for Microsoft and Samba
SMB services. Also addresses certain issues with OS identification.
[Tom Sellers]
o [NSE] ssl-enum-ciphers will give a failing score to any server with an RSA
certificate whose public key uses an exponent of 1. It will also cap the
score of an RC4-ciphersuite handshake at C and output a warning referencing
RFC 7465. [Daniel Miller]
o [NSE] Refactored some SSLv2 functionality into a new library, sslv2.lua .
[Daniel Miller]
o [GH#399] Zenmap's authorization wrapper now uses an AppleScript method for
privilege escalation on OS X, avoiding the deprecated
AuthorizationExecuteWithPrivileges method previously used. [Vincent Dumont]
o [GH#454] The OS X binary package is distributed in a .dmg disk image that now
features an instructive background image. [Vincent Dumont]
o [GH#420] Our OS X build system now uses gtk-mac-bundler and jhbuild to
provide all dependencies. We no longer use Macports for this purpose.
[Vincent Dumont]
o [GH#345][Zenmap] On Windows, save Zenmap's stderr output to a writeable
location (%LOCALAPPDATA%\zenmap.exe.log or %TEMP%\zenmap.exe.log) instead of
next to the zenmap.exe executable. This avoids a warning message when closing
Zenmap if it produced any stderr output. [Daniel Miller]
o [GH#379][NSE] Fix http-iis-short-name-brute to report non vulnerable hosts.
Reported by alias1. [Paulino Calderon]
o [NSE][GH#371] Fix mysql-audit by adding needed library requires to the
mysql-cis.audit file. The script would fail with "Failed to load rulebase"
message. [Paolo Perego]
o [NSE][GH#362] Added support for LDAP over udp to ldap-rootdse.nse.
Also added version detection and information extraction to match the
new LDAP LDAPSearchReq and LDAPSearchReqUDP probes. [Tom Sellers]
o [GH#354] Added new version detection Probes for LDAP services, LDAPSearchReq
and LDAPSearchReqUDP. The second is Microsoft Active Directory specific. The
Probes will elicit responses from target services that allow better finger
-printing and information extraction. Also added nmap-payload entry for
detecting LDAP on udp. [Tom Sellers]
o [NSE] More VNC updates: Support for VeNCrypt and Tight auth types, output of
authentication sub-types in vnc-info, and all zero-authentication types are
recognized and reported. [Daniel Miller]
Nmap 7.12 [2016-03-29]
o [Zenmap] Avoid file corruption in zenmap.conf, reported as files containing
many null ("\x00") characters. Example exceptions:
TypeError: int() argument must be a string or a number, not 'list'
ValueError: unable to parse colour specification
o [NSE] VNC updates including vnc-brute support for TLS security type and
negotiating a lower RFB version if the server sends an unknown higher
version. [Daniel Miller]
o [NSE] Added STARTTLS support for VNC, NNTP, and LMTP [Daniel Miller]
o Added new service probes and match lines for OpenVPN on UDP and TCP.
Nmap 7.11 [2016-03-22]
o [NSE][GH#341] Added support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on servers that
only support custom Diffie-Hellman groups. [Sergey Khegay]
o [NSE] Added support in sslcert.lua for Microsoft SQL Server's TDS protocol,
so you can now grab certs with ssl-cert or check ciphers with
ssl-enum-ciphers. [Daniel Miller]
o [Zenmap] Fix a crash when setting default window geometry:
TypeError: argument of type 'int' is not iterable
o [Zenmap] Fix a crash when displaying the date from an Nmap XML file due to an
empty or unknown locale:
File "zenmapCore/NmapParser.py", line 627, in get_formatted_date
locale.getpreferredencoding())
LookupError: unknown encoding:
o [Zenmap] Fix a crash due to incorrect file paths when installing to
/usr/local prefix. Example:
Exception: File '/home/blah/.zenmap/scan_profile.usp' does not exist or could not be found!
Nmap 7.10 [2016-03-17]
o [NSE] Added 12 NSE scripts from 7 authors, bringing the total up to 527!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
+ [GH#322] http-apache-server-status parses the server status page of
Apache's mod_status. [Eric Gershman]
+ http-vuln-cve2013-6786 detects a XSS and URL redirection vulnerability in
Allegro RomPager web server. Also added a fingerprint for detecting
CVE-2014-4019 to http-fingerprints.lua. [Vlatko Kosturjak]
+ [GH#226] http-vuln-cve2014-3704 detects and exploits the "Drupalgeddon"
pre-auth SQL Injection vulnerability in Drupal. [Mariusz Ziulek]
+ imap-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled IMAP services. [Justin Cacak]
+ ipv6-multicast-mld-list discovers IPv6 multicast listeners with MLD probes.
The discovery is the same as targets-ipv6-multicast-mld, but the subscribed
addresses are decoded and listed. [Alexandru Geana, Daniel Miller]
+ ms-sql-ntlm-info extracts OS version and sometimes hostname from MS SQL
Server instances via the NTLM challenge message. [Justin Cacak]
+ nntp-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled NNTP services. [Justin Cacak]
+ pop3-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled POP3 services. [Justin Cacak]
+ rusers retrieves information about logged-on users from the rusersd RPC
service. [Daniel Miller]
+ [GH#333] shodan-api queries the Shodan API (https://www.shodan.io) and
retrieves open port and service info from their Internet-wide scan data.
[Glenn Wilkinson]
+ smtp-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled SMTP and submission services. [Justin Cacak]
+ telnet-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled Telnet services. [Justin Cacak]
o Updated the OpenSSL shipped with our binary builds (Windows, OS X, and Linux
RPM) to 1.0.2g with SSLv2 enabled.
o Integrated all of your IPv4 OS fingerprint submissions from October to
January (536 of them). Added 104 fingerprints, bringing the new total to
5089. Additions include Linux 4.2, more Windows 10, IBM i 7, and more.
Highlights: http://seclists.org/nmap-dev/2016/q1/270 [Daniel Miller]
o Integrated all of your service/version detection fingerprints submitted from
October to January (508 of them). The signature count went up 2.2% to 10532.
We now detect 1108 protocols, from icy, finger, and rtsp to ipfs,
basestation, and minecraft-pe. Highlights:
http://seclists.org/nmap-dev/2016/q1/271 [Daniel Miller]
o Integrated all 12 of your IPv6 OS fingerprint submissions from October to
January. The classifier added 3 new groups, including new and expanded groups
for OS X, bringing the new total to 96. Highlights:
http://seclists.org/nmap-dev/2016/q1/273 [Daniel Miller]
o [NSE] Upgrade to http-form-brute allowing correct handling of token-based
CSRF protections and cookies. Also, a simple database of common login forms
supports Django, Wordpress, MediaWiki, Joomla, and others. [Daniel Miller]
o [Zenmap] [GH#247] Remember window geometry (position and size) from the
previous time Zenmap was run. [isjing]
o New service probe for CORBA GIOP (General Inter-ORB Protocol) detection
should elicit a not-found exception from GIOP services that do not respond to
non-GIOP probes. [Quentin Hardy]
o [GH#284] Fix retrieval of route netmasks on FreeBSD. IPv6 routes were given
/32 netmasks regardless of actual netmask configured, resulting in failed
routing. Reported by Martin Gysi. [Daniel Miller]
o [GH#272][GH#269] Give option parsing errors after the usage statement, or
avoid printing the usage statement in some cases. The options summary has
grown quite large, requiring users to scroll to the top to see the error
message. [Abhishek Singh]
o [GH#249][Nsock] Avoid a crash on Windows reported by users using Zenmap's
Slow Comprehensive Scan profile. In the case of unknown OpenSSL errors,
ERR_reason_error_string would return NULL, which could not be printed with
the "%s" format string. Reported by Dan Baxter. [Gisle Vanem, Daniel Miller]
o [GH#293][Zenmap] Fix a regression in our build that caused copy-and-paste to
not work in Zenmap on Windows.
o Changed Nmap's idea of reserved and private IP addresses to include
169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8 networks. This list, in
libnetutil's isipprivate function, is used to filter -iR randomly generated
targets. The newly-valid address ranges belong to the U.S. Department of
Defense, so users wanting to avoid those ranges should use their own
exclusion lists with --exclude or --exclude-file. [Bill Parker, Daniel
Miller]
o Allow the -4 option for Nmap to indicate IPv4 address family. This is the
default, and using the option doesn't change anything, but does make it more
explicit which address family you want to scan. Using -4 with -6 is an error.
[Daniel Miller]
o [GH#265] When provided a verbosity of 0 (-v0), Nmap will not output any text to the
screen. This happens at the time of argument parsing, so the usual meaning of
"verbosity 0" is preserved. [isjing]
o [NSE][GH#314] Fix naming of SSL2_RC2_128_CBC_WITH_MD5 and
SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 ciphers in sslv2 in order to match the
draft specification from Mozilla. [Bertrand Bonnefoy-Claudet]
o [NSE][GH#320] Add STARTTLS support to sslv2 to enable SSLv2 detection
against services that are not TLS encrypted by default but that support
post connection upgrade. This will enable more comprehensive detection
of SSLv2 and DROWN (CVE-2016-0800) attack oracles. [Tom Sellers]
o [NSE][GH#301] Added default credential checks for RICOH Web Image Monitor and
BeEF to http-default-accounts. [nnposter]
o Properly display Next-hop MTU value from ICMP Type 3 Code 4 Fragmentation
Required messages when tracing packets or in Nping output. Improper offset
meant we were printing the total IP length. [Sławomir Demeszko]
o [NSE] Added support for DHCP options "TFTP server name" and "Bootfile name"
to dhcp.lua and enabled checking for options with a code above 61 by default.
[Mike Rykowski]
o [NSE] whois-ip: Don't request a remote IANA assignments data file when the
local filesystem will not permit the file to cached in a local file. [jah]
o [NSE] Updated http-php-version hash database to cover all versions from PHP
4.1.0 to PHP 5.4.45. Based on scans of a few thousand PHP web servers pulled
from Shodan API (https://www.shodan.io/) [Daniel Miller]
o Use the same ScanProgressMeter for FTP bounce scan (-b) as for the other scan
types, allowing periodic status updates with --stats-every or keypress
events. [Daniel Miller]
o [GH#274] Use a shorter pcap_select timeout on OpenBSD, just as we do for OS
X, old FreeBSD, and Solaris, which use BPF for packet capture and do not have
properly select-able fds. Fix by OpenBSD port maintainer [David Carlier]
o Print service info in grepable output for ports which are not listed in
nmap-services when a service tunnel (SSL) is detected. Previously, the
service info ("ssl|unknown") was not printed unless the service inside the
tunnel was positively identified. http://seclists.org/nmap-dev/2015/q4/260
[Daniel Miller]
o [NSE] [GH#242] Fix multiple false-positive sources in http-backup-agent.
[Tom Sellers]
Nmap 7.01 [2015-12-09]
o Switch to using gtk-mac-bundler and jhbuild for building the OS X installer.
This promises to reduce a lot of the problems we've had with local paths and
dependencies using the py2app and macports build system. [Daniel Miller]
o The Windows installer is now built with NSIS 2.47 which features LoadLibrary
security hardening to prevent DLL hijacking and other unsafe use of temporary
directories. Thanks to Stefan Kanthak for reporting the issue to NSIS and to
us and the many other projects that use it.
o Updated the OpenSSL shipped with our binary builds (Windows, OS X, and RPM)
to 1.0.2e.
o [Zenmap] [GH#235] Fix several failures to launch Zenmap on OS X. The new
build process eliminates these errors:
IOError: [Errno 2] No such file or directory: '/Applications/Zenmap.app/Contents/Resources/etc/pango/pangorc.in'
LSOpenURLsWithRole() failed for the application /Applications/Zenmap.app with error -10810.
o [NSE] [GH#254] Update the TLSSessionRequest probe in ssl-enum-ciphers to
match the one in nmap-service-probes, which was fixed previously to correct a
length calculation error. [Daniel Miller]
o [NSE] [GH#251] Correct false positives and unexpected behavior in http-*
scripts which used http.identify_404 to determine when a file was not found
on the target. The function was following redirects, which could be an
indication of a soft-404 response. [Tom Sellers]
o [NSE] [GH#241] Fix a false-positive in hnap-info when the target responds
with 200 OK to any request. [Tom Sellers]
o [NSE] [GH#244] Fix an error response in xmlrpc-methods when run against a
non-HTTP service. The expected behavior is no output. [Niklaus Schiess]
o [NSE] Fix SSN validation function in http-grep, reported by Bruce Barnett.
Nmap 7.00 [2015-11-19]
o This is the most important release since Nmap 6.00 back in May 2012!
For a list of the most significant improvements and new features,
see the announcement at: https://nmap.org/7/
o [NSE] Added 6 NSE scripts from 6 authors, bringing the total up to 515!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
+ targets-xml extracts target addresses from previous Nmap XML results files.
[Daniel Miller]
+ [GH#232] ssl-dh-params checks for problems with weak, non-safe, and
export-grade Diffie-Hellman parameters in TLS handshakes. This includes the
LOGJAM vulnerability (CVE-2015-4000). [Jacob Gajek]
+ nje-node-brute does brute-forcing of z/OS JES Network Job Entry node names.
[Soldier of Fortran]
+ ip-https-discover detectings support for Microsoft's IP over HTTPS
tunneling protocol. [Niklaus Schiess]
+ [GH#165] broadcast-sonicwall-discover detects and extracts information from
SonicWall firewalls. [Raphael Hoegger]
+ [GH#38] http-vuln-cve2014-8877 checks for and optionally exploits a
vulnerability in CM Download Manager plugin for Wordpress. [Mariusz Ziulek]
o [Ncat] [GH#151] [GH#142] New option --no-shutdown prevents Ncat from shutting
down when it reads EOF on stdin. This is the same as traditional netcat's
"-d" option. [Adam Saponara]
o [NSE] [GH#229] Improve parsing in http.lua for multiple Set-Cookie headers in
a single response. [nnposter]
Nmap 6.49BETA6 [2015-11-03]
o Integrated all of your IPv6 OS fingerprint submissions from April to October
(only 9 of them!). We are steadily improving the IPv6 database, but we need
your submissions. The classifier added 3 new groups, bringing the new total
to 93. Highlights: http://seclists.org/nmap-dev/2015/q4/61 [Daniel Miller]
o Integrated all of your IPv4 OS fingerprint submissions from February to
October (1065 of them). Added 219 fingerprints, bringing the new total to
4985. Additions include Linux 4.1, Windows 10, OS X 10.11, iOS 9, FreeBSD
11.0, Android 5.1, and more. Highlights:
http://seclists.org/nmap-dev/2015/q4/60 [Daniel Miller]
o Integrated all of your service/version detection fingerprints submitted from
February to October (800+ of them). The signature count went up 2.5% to
10293. We now detect 1089 protocols, from afp, bitcoin, and caldav to
xml-rpc, yiff, and zebra. Highlights: http://seclists.org/nmap-dev/2015/q4/62
[Daniel Miller]
o [NSE] Added 10 NSE scripts from 5 authors, bringing the total up to 509!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
+ knx-gateway-discover and knx-gateway-info scripts gather information from
multicast and unicast KNX gateways, which connect home automation systems
to IP networks. [Niklaus Schiess, Dominik Schneider]
+ http-ls parses web server directory index pages with optional recursion.
[Pierre Lalet]
+ xmlrpc-methods perfoms introspection of xmlrpc services and lists methods
and their descriptions. [Gyanendra Mishra]
+ http-fetch can be used like wget or curl to fetch all files, specific
filenames, or files that match a given pattern. [Gyanendra Mishra]
+ http-svn-enum enumerates users of a Subversion repository by examining
commit logs. [Gyanendra Mishra]
+ http-svn-info requests information from a Subversion repository, similar to
the "svn info" command. [Gyanendra Mishra]
+ hnap-info detects and outputs info for Home Network Administration Protocol
devices. [Gyanendra Mishra]
+ http-webdav-scan detects WebDAV servers and reports allowed methods and
directory listing. [Gyanendra Mishra]
+ tor-consensus-checker checks the target's address with the Tor directory
authorities to determine if a target is a known Tor node. [Jiayi Ye]
o [NSE] Several scripts have been split, combined, or renamed:
+ [GH#171] smb-check-vulns has been split into:
* smb-vuln-conficker
* smb-vuln-cve2009-3103
* smb-vuln-ms06-025
* smb-vuln-ms07-029
* smb-vuln-regsvc-dos
* smb-vuln-ms08-067
The scripts now use the vulns library, and the "unsafe" script-arg has been
replaced by putting the scripts into the "dos" category. [Paulino Calderon]
+ http-email-harvest was removed, as the new http-grep does email address
scraping by default. [Gyanendra Mishra]
+ http-drupal-modules was renamed to http-drupal-enum. Extended to enumerate
both themes and modules of Drupal installaions. [Gyanendra Mishra]
o [Ncat] [GH#193] Fix Ncat listen mode over Unix sockets (named pipes) on OS X.
This was crashing with the error:
Ncat: getnameinfo failed: Undefined error: 0 QUITTING.
Fixed by forcing the name to "localhost" [Michael Wallner]
o [Zenmap] Fix a crash in Zenmap when using Compare Results:
AttributeError: 'NoneType' object has no attribute 'get_nmap_output'
[Daniel Miller]
o [NSE] [GH#194] Add support for reading fragmented TLS messages to
ssl-enum-ciphers. [Jacob Gajek]
o [GH#51] Added IPv6 support to nmap_mass_rdns, improved reverse DNS cache,
and refactored DNS code to improve readability and
extensibility. All in all, this makes the rDNS portion of IPv6 scans
much faster. [Gioacchino Mazzurco]
o [NSE] Added NTLM brute support to http-brute. [Gyanendra Mishra]
o [NSE] Added NTLM authentication support to http.lua and a related function to create
an ntlm v2 session response in smbauth.lua. [Gyanendra Mishra]
o [NSE] [GH#106] Added a new NSE module, ls.lua, for accumulating and
outputting file and directory listings. The afp-ls, nfs-ls, and smb-ls
scripts have been converted to use this module. [Pierre Lalet]
o [NSE] bacnet-info.nse and s7-info.nse were added to the version category.
[Paulino Calderon]
o [NSE] Added 124 new identifiers to bacnet-info.nse vendor database.
[Paulino Calderon]
o [NSE] Fixed bacnet-info.nse to bind to the service port detected
during scan instead of fixed port. [Paulino Calderon]
o [NSE] Enhanced reporting of elliptic curve names and strengths in
ssl-enum-ciphers. The name of the curve is now reported instead of just "ec"
[Brandon Paulsen]
o [GH#75] Normalize Makefile targets to use the same verb-project format, e.g.
build-ncat, check-zenmap, install-nping, clean-nsock [Gioacchino Mazzurco]
o [NSE] Added builtin pattern and multiple pattern search to http-grep. [Gyanendra Mishra]
o [NSE] http-crossdomainxml is now http-cross-domain-policy and supports client
access policies and uses the new SLAXML parser. [Gyanendra Mishra]
o [NSE] Added a patch for vulns lib that allows list of tables to be submitted
to fields in the vulns report. [Jacob Gajek]
o [NSE] Added additional checks for successful PUT request in http-put.
[Oleg Mitrofanov]
o [NSE] Added an update for http-methods that checks all possible methods not in
Allow or Public header of OPTIONS response. [Gyanendra Mishra]
o [NSE] Added SLAXML, an XML parser in Lua originally written by Gavin Kistner
(a.k.a. Phrogz). [Gyanendra Mishra]
o [NSE] [GH#122] Update the snmp-brute and other snmp-* scripts to use the
creds library to store brute-forced snmp community strings. This allows Nmap
to use the correct brute-forced string for each host. [Gioacchino Mazzurco]
o Several improvements to TLS/SSL detection in nmap-service-probes. A new
probe, TLSSessionReq, and improvements to default SSL ports should help speed
up -sV scans. http://seclists.org/nmap-dev/2015/q2/17 [Daniel Miller]
o [Nsock] Clean up the API so that nsp_* calls are now nsock_pool_* and nsi_*
are nsock_iod_*. Simplify Nsock SSL init API, and make logging global to the
library instead of associated with a nspool. [Henri Doreau]
o [GH#181] The configure script now prints a summary of configured options.
Most importantly, it warns if OpenSSL was not found, since most users will
want this library compiled in. [Gioacchino Mazzurco]
o Define TCP Options for SYN scan in nmap.h instead of literally throughout.
This string is used by p0f and other IDS to detect Nmap scans, so having it a
compile-time option is a step towards better evasion. [Daniel Miller]
o [GH#51] Nmap's parallel reverse-DNS resolver now handles IPv6 addresses. This
should result in faster -6 scans. The old behavior is available with
--system-dns. [Gioacchino Mazzurco]
o [NSE] Fix a couple odd bugs in NSE command-line parsing. Most notably,
--script broadcast-* will now work (generally, wildcards with scripts whose
name begins with a category name were not working properly). [Daniel Miller]
o [NSE] [GH#113] http-form-fuzzer will now stop increasing the size of a
request when an HTTP 413 or 414 error indicates the web server will not
accept a larger request. [Gioacchino Mazzurco]
o [NSE] [GH#159] Add the ability to tag credentials in the creds library with
freeform text for easy retrieval. This gives necessary granularity to track
credentials to multiple web apps on a single host+port. [Gioacchino Mazzurco]
Nmap 6.49BETA5 [2015-09-25]
o Work around a bug which could cause Nmap to hang when running
multiple instances at once on Windows. The actual bug appears to be
in the WinPCAP driver in that it hanges when accessed via
OpenServiceA by multiple processes at once. So for now we have added
a mutex to prevent even multiple Nmap processes from making