Nmap Announce mailing list archives
Nmap 4.68 release
From: Fyodor <fyodor () insecure org>
Date: Thu, 31 Jul 2008 23:06:28 -0700
Hi All. I'm happy to report that there have been several stable Nmap releases since I mailed you about Nmap 4.60 in March. The latest version is 4.68, and I think you'll like it (unless you still use Win2K, which can be problematic due to IPv6 issues that we hope to resolve in the next release). Before I give you the full list of 125 improvements, I'll start with a few highlights: o Added a new --min-rate option that allows specifying a minimum rate at which to send packets. This allows you to override Nmap's congestion control algorithms and request that Nmap try to keep at least the rate you specify. The rate is given in packets per second. Read more in the Nmap man page (http://nmap.org/book/man-performance.html). If you use the latest version in the Nmap subversion repository, you'll also get a --max-rate option which lets you limit Nmap's packet rate (and thus bandwidth used). o Mac OS X binary packages for Zenmap+Nmap are now available, as I mentioned in the previous mail. o The Windows version of Nmap now supports OpenSSL just as the UNIX versions have for years. Both the .zip and executable installer binary packages we ship from the Nmap download page now include OpenSSL. o We now compile in IPv6 support on Windows. In order to use this, you need to have IPv6 set up. It is installed by default on Vista, but must be downloaded from Microsoft for XP. See http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx . This feature causes Nmap to no longer work on Windows 2000, but we hope to fix that in the next release. o Tons of new version detection signatures and OS detection fingerprints have been added. Version 4.68 has reached more than 5,000 version detection signatures, and the latest subversion version of Nmap has more than 1,500 2nd generation OS detection fingerprints. We were only able to do this because so many of you submit updates and corrections when Nmap guesses wrong or provides a fingerprint and URL for submission on our site. Please keep those submissions coming! We receive far more fingerprint submissions than correction notices -- please do remember to submit a correction when Nmap guesses wrong, as described at http://nmap.org/submit/ . o Nmap now supports 64-bit versions of Windows. o We added advanced search functionality (and dozens of other improvements) to the Zenamp GUI. You can now locate previous scans using criteria such as which ports were open, keywords in the target names, OS detection results. etc. Try it out with Ctrl-F or "Tools->Search Scan Results" o Fixed an integer overflow which prevented a target specification of "*.*.*.*" from working. Support for the CIDR /0 is now also available for those times you wish to scan the entire Internet. o Made many performance enhancements, and also fixed many errors which could lead to crashes in Nmap or Zenmap. See the big list below for details. You can obtain Nmap 4.68 from the normal location: http://nmap.org/download.html Please give it a try! And if you encounter any problems, report them to nmap-dev as described at http://nmap.org/book/man-bugs.html I've included the detailed list of changes between 4.60 and 4.68 below. Or you can read it at http://nmap.org/changelog.html . The URL version also includes the post-4.68 changes which you get if you use the svn version. Nmap 4.68 [2008-6-28] o Doug integrated all of your version detection submissions and corrections for the year up to May 31. There were more than 1,000 new submissions and 18 corrections. Please keep them coming! And don't forget that corrections are very important, so do submit them if you ever catch Nmap making a version detection or OS detection mistake. The version detection DB has grown to 5,054 signatures representing 486 service protocols. Protocols span the gamut from abc, acap, access-remote-pc, activefax, and activemq, to zebedee, zebra, zenimaging, and zenworks. The most popular protocols are http (1,672 signatures), telnet (519), ftp (459), smtp (344), and pop3 (201). o Nmap compilation on Windows is now done with Visual C++ Express 2008 rather than 2005. Windows compilation instructions have been updated at http://nmap.org/book/inst-windows.html#inst-win-source . [Kris] o The Nmap Windows self-installer now automatically installs the MS Visual C++ 2008 runtime components if they aren't already installed on a system. These are some reasonably small DLLs that are generally necessary for applications compiled with Visual C++ (with dynamic linking). Many or most systems already have these installed from other software packages. The lack of these components led to the error message "The Application failed to initialize properly (0xc0150002)." with Nmap 4.65. A related change is that Nmap on Windows is now compiled with /MD rather than /MT so that it consistently uses these runtime libraries. The patch was created by Rob Nicholls. o Added advanced search functionality to Zenmap so that you can locate previous scans using criteria such as which ports were open, keywords in the target names, OS detection results. etc. Try it out with Ctrl-F or "Tools->Search Scan Results". [Vladimir] o Nmap's special WinPcap installer now handles 64-bit Windows machines by installing the proper 64-bit npf.sys. [Rob Nicholls] o Added a new NSE Comm (common communication) library for common network discovery tasks such as banner-grabbing (get_banner()) and making a quick exchange of data (exchange()). 16 scripts were updated to use this library. [Kris] o The Nmap Scripting Engine now supports mutexes for gracefully handling concurrency issues. Mutexes are documented at http://nmap.org/book/nse-api.html#nse-mutex . [Patrick] o Added a UDP SNMPv3 probe to version detection, along with 9 vendor match lines. The patch was from Tom Sellers, who contributed other probes and match lines to this release as well. o Added a new timing_level() function to NSE which reports the Nmap timing level from 0 to 5, as set by the Nmap -T option. The default is 3. [Thomas Buchanan] o Update the HTTP library to use the new timing_level functionality to set connection and response timeouts. An error preventing the new timing_level feature from working was also fixed. [Jah] o Optimized the doAnyOutstandingProbes() function to make Nmap a bit faster and more efficient. This makes a particularly big difference in cases where --min-rate is being used to specify a very high packet sending rate. [David] o Fixed an integer overflow which prevented a target specification of "*.*.*.*" from working. Support for the CIDR /0 is now also available for those times you wish to scan the entire Internet. [Kris] o The robots.nse script has been improved to print output more compactly and limit the number of entries of large robots.txt files based on Nmap verbosity and debugging levels. [Eddie Bell] o The Nmap NSE scripts have been re-categorized in a more logical fashion. The new categories are described at http://nmap.org/book/nse-usage.html#nse-categories . [Kris] o Improve AIX support by linking against -lodm and -lcfg on that platform. [David] o Updated showHTMLTitle NSE script to follow one HTTP redirect if necessary as long as it is on the same server. [Jah] o Michael Pattrick and David created a new OSassist application which streamlines the OS fingerprint submission integration process and prevents certain previously common errors. OSassist isn't part of Nmap, but the system was used to integrate some submissions for this release. 13 fingerprints were added during OSassist testing, and some existing fingerprints were improved as well. Expect many more fingerprints coming soon. o Improved the mapping from dnet device names (like eth0) and WinPcap names (like \Device\NPF_{28700713...}). You can see this mapping with --iflist, and the change should make Nmap more likely to work on Windows machines with unusual networking configurations. [David] o Service fingerprints in XML output are no longer be truncated to 2kb. [Michael] o Some laptops report the IP Family as NULL for disabled WiFi cards. This could lead to a crash with the "sin->sin_family == AF_INET6" assertion failure. Nmap no longer quits when this is encountered. [Michael] o On systems without the GNU getopt_long_only() function, Nmap has its own replacement. That replacement used to call the system's getopt() function if it exists. But the AIX and Solaris getopt() functions proved insufficient/buggy, so Nmap now always calls its own internal getopt() now from its getopt_long_only() replacement. [David] o Integrated several service match lines from Tom Sellers. o An error was fixed where Zenmap would crash when trying to load from the recent scans database a file containing non-ASCII characters. The error looked like pysqlite2.dbapi2.OperationalError: Could not decode to UTF-8 column 'nmap_xml_output' with text '<?xml version="1.0" encoding="iso-8859-1"?> <nmaprun profile="nmap -T Aggressive -n -v %s" scanner="nmap" hint="" The error would be seen when such a scan was found in using the search interface. [David] o Fix a Zenmap crash which occurred when local.getpreferredencoding() returns "None". Similarly, deal with the case when a "X-MAC-KOREAN" is returned by this function. Both problems were found with the Zenmap crash reporter. [David] o A whole bunch of internal Zenmap cleanup was done by David to make the code more logical and remove dead code. o Install icons and pixmaps under /usr/share/zenmap/{icons,pixmaps} so they don't get mixed in with the files in /usr/share/{icons,pixmaps}. [Jurand Nogiec] o Fixed a Zenmap command entry problem where Zenmap would lose a custom command you had entered into the command entry field if you changed the target field after entering the custom command. [Jurand Nogiec] o The Zenmap crash reporter now includes a stack trace rather than just the exception name. [David] o Zenmap now executes the proper Nmap command by honoring the nmap_command_path variable in zenmap.conf. [Jurand Nogiec] o Fixed a bug which caused -PN to erroneously bail out for unprivileged users. Thanks to Jabra (jabra(a)spl0it.org) for the report. [Kris] o Fixed several Nmap NSE memory leaks found with Valgrind. [Kris] o Migrated some stray malloc()/realloc() calls to the Nbase safe_malloc()/safe_realloc() versions which guard against certain errors. o Fixed a bunch of subtle bugs, some of which could have resulted in a crash, reported by Ilja van Sprundel. [Kris] o Fixed several byte-order bugs in Traceroute. [Kris] o Fixed a crash in RateMeter::update() which could lead to an error saying "diff >= 0.0" assertion failed. I think the problem was actually caused by SMP machines which didn't sync the clock time perfectly. This lead to gettimeofday() sometimes reporting that time decreased by some microseconds. Now Nmap is willing to tolerate decreases of up to 1 millisecond in this function. [Fyodor] o Nmap now returns correct values for --iflist in windows even if interface aliases have been set. Previously it would misreport the windevices and not list all interfaces. [Michael] o Nmap no longer crashes with an 'assert' error when its told to access a disabled WiFi NIC on some laptops. [Michael] o Upgraded the OpenSSL shipped for Windows to 0.9.8h. [Kris] o The NSE http library was updated to gracefully handle certain bogus (non-)http responses. [Jah] o The zoneTrans.nse script now takes a "domain" script argument to specify the desired domain name to transfer. You can narrow the scope down with the form "zoneTrans={domain=xxx}". [Kris] o Increase write buffer length for Nmap output on Windows. This should prevent error messages like: "log_vwrite: vnsprintf failed. Even after increasing bufferlen to 819200, Vsnprintf returned -1 (logt == 1)." Thanks to prozente0 for the report. [Fyodor] o Fixed the --script-updatedb command, which was claiming to be "Aborting database update" even when the update was performed perfectly. See http://seclists.org/nmap-dev/2008/q2/0623.html . Thanks to Jah for the report. Nmap 4.65 [2008-6-1] o A Mac OS X Nmap/Zenmap installer is now available from the Nmap download page! It is rather straightforward, but detailed instructions are available anyway at http://nmap.org/book/inst-macosx.html . As a universal installer, it works on both Intel and PPC Macs. It is distributed as a disk image file (.dmg) containing an mpkg package. The installed Nmap does include OpenSSL support. It also supports Authorization Services so that Zenmap can run as root. David created this installer. He wants to thank Benson Kalahar and Vlad Alexa for extensive testing of the nine test releases. o The Windows version of Nmap now supports OpenSSL just as the UNIX versions have for years. Both the .zip and executable installer binary packages we ship from the Nmap download page now include OpenSSL. [Kris, Thomas Buchanan] o We now compile in IPv6 support on Windows. In order to use this, you need to have IPv6 set up. It is installed by default on Vista, but must be downloaded from Microsoft for XP. See http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx . [Kris] o Seven Google-sponsored Summer of Code students began working on exciting Nmap projects full times. The winning students and their Nmap development projects are described at http://seclists.org/nmap-dev/2008/q2/0132.html . o Our WinPcap installer now starts the NPF driver running as a service immediately upon installation and after restarts. You can disable this with new check-boxes. This behavior is important for Vista and Windows Server 2008 machines when User Account Control (UAC) is enabled. [Rob Nicholls] o Nmap and Nmap-WinPcap silent installation now works. Nmap can be silently installed with the /S option to the installer. If you install Nmap from the zip file, you can install just WinPcap silently with the /S option to that installer. [Rob Nicholls] o Our WinPcap installer is now included with the Nmap Win32 zip file. [Fyodor] o Numerous miscellaneous improvements were made to our Win32 installer, such as using the "Modern" NSIS UI for WinPcap, improving the option description labels, and showing a finish page in all cases. [Rob Nicholls] o The nmap-dev and nmap-hackers mailing list RSS feeds at seclists.org now include message excerpts to make it easier to identify interesting messages and speed the process of reading through the list. Feeds for all other mailing lists archived at SecLists.Org have been similarly augmented. For details, see http://seclists.org/nmap-dev/2008/q2/0333.html . [David] o A new "default" Nmap Scripting Engine category was added. Only scripts in this category now run by default (except for "version" scripts which run when version detection was requested). Previously, any scripts in the "safe" or "intrusive" categories were run. 21 being recorded properly when scanning certain printers from little-endian computers. Updated nmap-os-db to compensate for signatures that had an incorrect U1.RID value. [Michael] o Updated to include the latest MAC Address prefixes from the IEEE in nmap-mac-prefixes [Fyodor] o Updated the SMTPcommands NSE script to work better against Postfix and reduce verbosity. [Jason DePriest, Fyodor] o Reorganized the way ping probes are handled internally. Rather than being stored in the NmapOps structure, they are now stored within the individual scan_lists structures. This is a cleaner organization. [Michael] o Fix grepable output's "Ignored State" reporting. Only one ignored state (the one with the highest numbers of ports) is shown. [David] o Update to Lua version 5.1.3 [Patrick] o Add NSE stdnse library to include tobinary, tooctal, and tohex functions. [Patrick] o Fixed a bug which caused the Zenmap crash reporter to, uh, crash. [David] o NSE engine was cleaned up significantly. nse_auxiliar was removed, and file system manipulation functions were moved from nse_init.cc into a new nse_fs.cc file. Numerous interfaces between Nmap and Lua were improved. Most of these functions are now callable directly by Lua. [Patrick] o Fixed a bug in the showOwner NSE script which caused it to try UDP ports instead of just TCP ports. This made it very slow in the common case where there are many UDP ports in the open|filtered state. Thanks to Jason DePriest for reporting the problem and Jah for tracking it down and fixing it. o Nbase now generates pseudo-random numbers itself rather than using /dev/urandom on Linux and the terrible rand() function on Windows. The new system uses ARC4 based on libdnet's implementation. [Brandon] o Made a number of updates and improvements to the Zenmap Users' Guide at http://nmap.org/book/zenmap.html . [David] o Fixed the way Zenmap handles command-line entry to prevent your custom command-line to be overwritten with the current profile's command just because you edited the target field. [Jurand] o Nsock was improved to better support reading from non-network descriptors such as stdin. This is important for the upcoming Ncat project Mixter is working on. [Mixter] o A bug was fixed that could cause Zenmap to crash when loading a results file that had multibyte characters in it. The error looked like: Gtk-ERROR **: file gtktextsegment.c: line 196 (_gtk_char_segment_new): assertion failed: (gtk_text_byte_begins_utf8_char (text)) [David] o Removed a superfluous test for the existence of the C++ compiler in the configure script. The test was not robust when configured with CXX="ccache g++". Thanks to Rainer Müller for the report. o Optimized cached DNS lookups so they are equally efficient when running on big-endian or little-endian systems. [Michael] o Fixed the nmap_command_path Zenmap configuration variable so that it is actually used to start the specified Nmap executable path. [Jurand Nogiec] o Nmap now reports scan start and end times for individual hosts within a larger scan. The information is added to the XML host element like so: [host starttime="1198292349" endtime="1198292370"] (but of course with angle brackets rather than square ones). It is also printed in normal output if -d or "-v -v" are specified. [Brandon, Kris, Fyodor] o "make uninstaltion returns. [Michael] o Nmap now understands the RFC 4007 percent syntax for IPv6 Zone IDs. On Windows, this ID has to be a numeric index. On Linux and some other OS's, this ID can instead be an interface name. Some examples of this syntax: fe80::20f:b0ff:fec6:15af%2 fe80::20f:b0ff:fec6:15af%eth0 [Kris] o The Zenmap installer and uninstaller are more careful about escaping filenames and dealing with an installation root (DESTDIR). [David] o Since assert() calls are used for various security-related tests, their safety is now ensured by keeping NDEBUG undefined throughout Nmap, Nbase and Nsock. [Kris] o Fix a couple bugs in the way the Nmap build system checked for an existing LUA library. A bashism caused one test to fail on system which don't use bash as /bin/sh, and another bug fixed --with-liblua configure option for specifying your own liblua. [Daniel Roethlisberger] o The NSE nmap.registry.args table is now available, albeit empty, when --script-args isn't used. Now scripts don't need to check if it's nil before attempting to index it. [Kris] o Changed SSLv2-support.nse so that it only enumerates the list of available ciphers with a verbosity level of at least two or with debugging enabled. [Kris] o Replaced kibuvDetection.nse with version detection match lines which work better than the script. [Kris, Brandon] o Removed mswindowsShell.nse as there is a version detection NULL probe match which does the same thing. [Brandon, Fyodor, Kris] o Updated IANA assignment IP list for random IP (-iR) generation. [Kris] Nmap 4.62 [2008-5-3] o Added a new --min-rate option that allows specifying a minimum rate at which to send packets. This allows you to override Nmap's congestion control algorithms and request that Nmap try to keep at least the rate you specify. The rate is given in packets per second. Read more in the Nmap man page (http://nmap.org/book/man-performance.html) [David] o Create /nmap/macosx directory in SVN with files necessary to build binary Mac OS X Nmap/Zenmap packages. We are trying to create binary installer packages which are as useful and easy to use as the Windows installer. This has involved a lot of work by David. We aren't quite yet distributing the results on the Nmap download page, but testing our beta versions is useful. You can find the latest universal (PPC and Intel) binary test version by looking at David Fifield's posts at http://seclists.org/nmap-dev/2008/q2/author.html. You can also read /nmap/macosx/README in svn for more info. o Nmap 2008 Summer of Code students have began working (though full time doesn't start until late May). Learn about the winners and their projects at http://seclists.org/nmap-dev/2008/q2/0132.html . o Brandon added/modified a whole bunch of version detection signatures based on systems discovered when scanning UCSD's network. o Reformat Nmap COPYING file (e.g. remove C comment markers, reduce line length) during Nmap windows build so that it looks much better when presented by the Windows executable (NSIS) installer. Thanks to Jah for the patch, which was modified slightly by Fyodor. o Added NSE Datafiles library which reads and parses Nmap's nmap-* data files for scripts. The functions (parse_protocols(), parse_rpc() and parse_services()) return tables with numbers (e.g. port numbers) indexing names (e.g. service names). The rpcinfo.nse script was also updated to use this library. [Kris] o Fixed a bug in the nbase random number generator (and the way it interacted with Nmap and MS Windows) which caused duplicates in some instances. Thanks to Jah for reporting the problem and working with Brandon Enright, Fyodor and Kris to fix it. o It turns out that hours contain 60 minutes, not 24. Fixed a scan status message which was rolling over the hours column prematurely. [David] o Added scripting options to Zenmap profile editor and command wizard to make use of NSE. [David] o Zenmap now prints an exception message rather than segfaulting when it can't open a display (such as when trying to connect to an X server as an unauthorized user). Thanks to Aaron Leininger for the initial report and Guilherme Polo for suggesting the fix. o Now ports in the "unfiltered" state can be selected for attention by NSE scripts. [Kris] o Nbase random number generation system now avoids having a high-bit of zero in every other byte on Windows due to Windows having such a low RAND_MAX. [Jah] o Added release dates for each Nmap version to this CHANGELOG going back to Nmap 3.00 (July 31, 2002). Dates are in MM/DD/YY format. If someone wants to track down dates for the last 22% of the file (pre-3.00), you are welcome to do so and send a patch. Searching Google for the version number and site:seclists.org seems to work well. [Fyodor] o Nmap RPM builds now use the versions of libdnet, libpcap, libpcre, and liblua included with Nmap rather than whatever happens to be installed on the build system. [David] o Zenmap can now be installed in and run in directories with a space in the name. [David] o Fixed an assertion failure ("Target.cc:396: void Target::stopTimeOutClock(const timeval*): Assertion 'htn.toclock_running == true' failed.")caused when a host had NSE scripts in multiple runlevels. This also fixes --host-timeout behavior in NSE. [Kris] o Reduce the maximum number of socket descriptors which Nmap is allowed to open concurrently. This resoles a bug which could cause "Too many open files" error on Mac OS X when not running as root. [David] o Canonicalized service names between nmap-service-probes (version detection DB) and nmap-services (port scanning DB). [Kris] o Removed the "class" attribute from the tcpsequence element in XML output. For a long time it had always been "unknown class" because Nmap doesn't calculate a class anymore. The XML output version has been increased from 1.01 to 1.02. [David] o Fixed a bug on Win32 which caused an infinite loop when Nmap encountered certain broadcast addresses. [Dudi Itzhakov] o Fix MingW compilation by adding a signal.h include to main.cc. [Gisle Vanem] o Fix the test in our build system to determine if liblua is already available or not. For example, the test needed to link with -lm since some systems require that. [David]. o Added TIMEVAL_BEFORE and TIMEVAL_AFTER macros to test whether one timeval is earlier than another while avoiding possible integer overflows in a naive approach we were using previously. [David] o Adjusted a bunch of code to avoid compilation warning messages on some Linux machines. [Andrew J. Bennieston] o Fixed the NmapArpCache so that it actually works. Previously, Nmap was always falling back to the system ARP cache. Of course this raises the question of whether NmapArpCache is needed in the first place. [Daniel Roethlisberger] o Fix a Zenmap bug which could cause the error message "zenmapCore.NmapOptions.OptionNotFound: No option named '' found!" if you create a new profile without checking any options then try to edit it. [David] o Zenmap now shows a more helpful error message when there is an error in executing Nmap. [David] o Zenmap now creates the directory ~/.zenmap-etc to store automatically generated GTK+ and Pango files. They used to go in the application bundle but that doesn't work on a read-only filesystem or disk image. This is what Wireshark does (~/.wireshark-etc), although the directory could be called anything. It doesn't have to persist across sessions. o Added a mechanism in Zenmap for including extra executable search paths on specific platforms, so we can include /usr/local/bin in PATH on Mac OS X by default and add the Nmap install directory on Windows. [David] o We now use --no-strip when building Zenmap Mac OS X packages to prevent many mysterious warnings which occur when the binary is stripped. [David] o When Zenmap invokes Nmap, it now copies the whole environment for the Nmap invocation rather than just providing $PATH. Windows may need this to do proper name resolution. [David] o Corrected uptime parsing and reporting in SNMPsysdesr.nse for an uptime of less than 46 hours. [Kris] o Modified the use of CXXFLAGS, CFLAGS, and CPPFLAGS in Nmap build system to work better when building Mac OS X universal binaries. [David] o Added many additional PCRE option flags to the list returned by the NSE pcre.flags() function. [Kris] o Changed the NSE function nmap.set_port_state() so that it checks to see if the requested port is already in the requested state. This prevents "Duplicate port" messages during the script scan and the inaccurate "script-set" state reason. [Kris] o Canonicalize NSE script license text--more than half did not even spell license correctly. They all still say that they are under Nmap's license, just with consistent capitalization and spelling, and now a link to Nmap legal page at http://nmap.org/man/man-legal.html. o Updated ripeQuery.nse to not print extraneous whitespace. [Kris] o Switched telnet brute force password cracking NSE (bruteTelnet.nse) to vulnerability category so it isn't executed by default. It can take too long to run. [Eddie] o NSE status messages now print host name and IP, rather than just the host name (which was blank when Nmap didn't know it). [Jah] o Allocate 128 characters for the idle scan ScanProgressMeter title. Previously it was 32 characters. The "idle scan against " and the \0 terminator take up 19 characters, leaving only 13, which isn't enough to represent all IP addresses, let alone host names. Bug reported by Stephan Fijneman, fixed by David. Enjoy the release! -Fyodor _______________________________________________ Sent through the nmap-hackers mailing list http://cgi.insecure.org/mailman/listinfo/nmap-hackers Archived at http://seclists.org
Current thread:
- Nmap 4.68 release Fyodor (Jul 31)