User Tools

Site Tools


nmap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
nmap [2019/11/23 19:15]
admin
nmap [2019/11/23 19:36] (current)
admin
Line 69: Line 69:
 o [NSE][GH#​1608] Script http-fileupload-exploiter failed to locate its resource file unless executed from a specific working directory. [nnposter] o [NSE][GH#​1608] Script http-fileupload-exploiter failed to locate its resource file unless executed from a specific working directory. [nnposter]
  
-o [NSE][GH#​1467] Avoid clobbering the "​severity"​ and "​ignore_404"​ values of +o [NSE][GH#​1467] Avoid clobbering the "​severity"​ and "​ignore_404"​ values of fingerprints in http-enum. None of the standard fingerprints uses these fields. [Kostas Milonas]
-  ​fingerprints in http-enum. None of the standard fingerprints uses these +
-  ​fields. [Kostas Milonas]+
  
-o [NSE][GH#​1077] Fix a crash caused by a double-free of libssh2 session data +o [NSE][GH#​1077] Fix a crash caused by a double-free of libssh2 session data when running SSH NSE scripts against non-SSH services. [Seth Randall]
-  ​when running SSH NSE scripts against non-SSH services. [Seth Randall]+
  
-o [NSE][GH#​1565] Updates the execution rule of the mongodb scripts to be +o [NSE][GH#​1565] Updates the execution rule of the mongodb scripts to be able to run on alternate ports. [Paulino Calderon]
-  ​able to run on alternate ports. [Paulino Calderon]+
  
-o [Ncat][GH#​1560] Allow Ncat to connect to servers on port 0, provided that +o [Ncat][GH#​1560] Allow Ncat to connect to servers on port 0, provided that the socket implementation allows this. [Daniel Miller]
-  ​the socket implementation allows this. [Daniel Miller]+
  
 o Update the included libpcap to 1.9.0. [Daniel Miller] o Update the included libpcap to 1.9.0. [Daniel Miller]
  
-o [NSE][GH#​1544] Fix a logic error that resulted in scripts not honoring the +o [NSE][GH#​1544] Fix a logic error that resulted in scripts not honoring the smbdomain script-arg when the target provided a domain in the NTLM challenge. ​ [Daniel Miller]
-  ​smbdomain script-arg when the target provided a domain in the NTLM +
-  ​challenge. ​ [Daniel Miller]+
  
-o [Nsock][GH#​1543] Avoid a crash (Protocol not supported) caused by trying +o [Nsock][GH#​1543] Avoid a crash (Protocol not supported) caused by trying to reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel Miller]
-  ​to reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel +
-  ​Miller]+
  
-o [NSE][GH#​1534] Removed OSVDB references from scripts and replaced them +o [NSE][GH#​1534] Removed OSVDB references from scripts and replaced them with BID references where possible. [nnposter]
-  ​with BID references where possible. [nnposter]+
  
-o [NSE][GH#​1504] Updates TN3270.lua and adds argument to disable TN3270E +o [NSE][GH#​1504] Updates TN3270.lua and adds argument to disable TN3270E [Soldier of Fortran]
-  ​[Soldier of Fortran]+
  
-o [GH#1504] RMI parser could crash when encountering invalid input [Clément +o [GH#1504] RMI parser could crash when encountering invalid input [Clément Notin]
-  ​Notin]+
  
-o [GH#863] Avoid reporting negative latencies due to matching an ARP or ND +o [GH#863] Avoid reporting negative latencies due to matching an ARP or ND response to a probe sent after it was recieved. [Daniel Miller]
-  ​response to a probe sent after it was recieved. [Daniel Miller]+
  
-o [Ncat][GH#​1441] To avoid confusion and to support non-default proxy ports, +o [Ncat][GH#​1441] To avoid confusion and to support non-default proxy ports, option --proxy now requires a literal IPv6 address to be specified using square-bracket notation, such as --proxy [2001:​db8::​123]:​456. [nnposter]
-  ​option --proxy now requires a literal IPv6 address to be specified using +
-  ​square-bracket notation, such as --proxy [2001:​db8::​123]:​456. [nnposter]+
  
-o [Ncat][GH#​1214][GH#​1230][GH#​1439] New ncat option provides control over +o [Ncat][GH#​1214][GH#​1230][GH#​1439] New ncat option provides control over whether proxy destinations are resolved by the remote proxy server or locally, by Ncat itself. See option --proxy-dns. [nnposter]
-  ​whether proxy destinations are resolved by the remote proxy server or +
-  ​locally, by Ncat itself. See option --proxy-dns. [nnposter]+
  
-o [NSE][GH#​1478] Updated script ftp-syst to prevent potential endless +o [NSE][GH#​1478] Updated script ftp-syst to prevent potential endless looping. ​ [nnposter]
-  ​looping. ​ [nnposter]+
  
-o [GH#1454] New service probes and match lines for v1 and v2 of the Ubiquiti +o [GH#1454] New service probes and match lines for v1 and v2 of the Ubiquiti Discovery protocol. Devices often leave the related service open and it exposes significant amounts of information as well as the risk of being used as part of a DDoS. New nmap-payload entry for v1 of the protocol. [Tom Sellers]
-  ​Discovery protocol. Devices often leave the related service open and it +
-  ​exposes significant amounts of information as well as the risk of being +
-  ​used as part of a DDoS. New nmap-payload entry for v1 of the +
-  ​protocol. [Tom Sellers]+
  
-o [NSE] Removed hostmap-ip2hosts.nse as the API has been broken for a while +o [NSE] Removed hostmap-ip2hosts.nse as the API has been broken for a while and the service was completely shutdown on Feb 17th, 2019. [Paulino Calderon]
-  ​and the service was completely shutdown on Feb 17th, 2019. [Paulino +
-  ​Calderon]+
  
-o [NSE][GH#​1318] Adds TN3270E support and additional improvements to +o [NSE][GH#​1318] Adds TN3270E support and additional improvements to tn3270.lua and updates tn3270-screen.nse to display the new setting. [mainframed]
-  ​tn3270.lua and updates tn3270-screen.nse to display the new +
-  ​setting. [mainframed]+
  
-o [NSE][GH#​1346] Updates product codes and adds a check for response length +o [NSE][GH#​1346] Updates product codes and adds a check for response length in enip-info.nse. The script now uses string.unpack. [NothinRandom]
-  ​in enip-info.nse. The script now uses string.unpack. [NothinRandom]+
  
-o [Ncat][GH#​1310][GH#​1409] Temporary RSA keys are now 2048-bit to resolve a +o [Ncat][GH#​1310][GH#​1409] Temporary RSA keys are now 2048-bit to resolve a compatibility issue with OpenSSL library configured with security level 2, as seen on current Debian or Kali.  [Adrian Vollmer, nnposter]
-  ​compatibility issue with OpenSSL library configured with security level 2, +
-  ​as seen on current Debian or Kali.  [Adrian Vollmer, nnposter]+
  
-o [NSE][GH#​1227] Fix a crash (double-free) when using SSH scripts against +o [NSE][GH#​1227] Fix a crash (double-free) when using SSH scripts against non-SSH services. [Daniel Miller]
-  ​non-SSH services. [Daniel Miller]+
  
-o [Zenmap] Fix a crash when Nmap executable cannot be found and the system +o [Zenmap] Fix a crash when Nmap executable cannot be found and the system PATH contains non-UTF-8 bytes, such as on Windows. [Daniel Miller]
-  ​PATH contains non-UTF-8 bytes, such as on Windows. [Daniel Miller]+
  
-o [Zenmap] Fix a crash in results search when using the dir: operator: +o [Zenmap] Fix a crash in results search when using the dir: operator: AttributeError:​ '​SearchDB'​ object has no attribute '​match_dir'​ [Daniel Miller]
-    ​AttributeError:​ '​SearchDB'​ object has no attribute '​match_dir'​ [Daniel +
-    ​Miller]+
  
-o [Ncat][GH#​1372] Fixed an issue with Ncat -e on Windows that caused early +o [Ncat][GH#​1372] Fixed an issue with Ncat -e on Windows that caused early termination of connections. [Alberto Garcia Illera]
-  ​termination of connections. [Alberto Garcia Illera]+
  
-o [NSE][GH#​1359] Fix a false-positive in http-phpmyadmin-dir-traversal when +o [NSE][GH#​1359] Fix a false-positive in http-phpmyadmin-dir-traversal when the server responds with 200 status to a POST request to any URI. [Francesco Soncina]
-  ​the server responds with 200 status to a POST request to any +
-  ​URI. [Francesco Soncina]+
  
-o [NSE] New vulnerability state in vulns.lua, UNKNOWN, is used to indicate +o [NSE] New vulnerability state in vulns.lua, UNKNOWN, is used to indicate that testing could not rule out vulnerability. [Daniel Miller]
-  ​that testing could not rule out vulnerability. [Daniel Miller]+
  
-o [GH#1355] When searching for Lua header files, actually use them where +o [GH#1355] When searching for Lua header files, actually use them where they are found instead of forcing /​usr/​include. [Fabrice Fontaine, Daniel Miller]
-  ​they are found instead of forcing /​usr/​include. [Fabrice Fontaine, Daniel +
-  ​Miller]+
  
-o [NSE][GH#​1331] Script traceroute-geolocation no longer crashes when +o [NSE][GH#​1331] Script traceroute-geolocation no longer crashes when www.GeoPlugin.net returns null coordinates [Michal Kubenka, nnposter]
-  ​www.GeoPlugin.net returns null coordinates [Michal Kubenka, nnposter]+
  
-o Limit verbose -v and debugging -d levels to a maximum of 10. Nmap does not +o Limit verbose -v and debugging -d levels to a maximum of 10. Nmap does not use higher levels internally. [Daniel Miller]
-  ​use higher levels internally. [Daniel Miller]+
  
-o [NSE] tls.lua when creating a client_hello message will now only use a +o [NSE] tls.lua when creating a client_hello message will now only use a SSLv3 record layer if the protocol version is SSLv3. Some TLS implementations will not handshake with a client offering less than TLSv1.0. Scripts will have to manually fall back to SSLv3 to talk to SSLv3-only servers. [Daniel Miller]
-  ​SSLv3 record layer if the protocol version is SSLv3. Some TLS +
-  ​implementations will not handshake with a client offering less than +
-  ​TLSv1.0. Scripts will have to manually fall back to SSLv3 to talk to +
-  ​SSLv3-only servers. [Daniel Miller]+
  
-o [NSE][GH#​1322] Fix a few false-positive conditions in +o [NSE][GH#​1322] Fix a few false-positive conditions in ssl-ccs-injection. TLS implementations that responded with fatal alerts other than "​unexpected message"​ had been falsely marked as vulnerable. [Daniel Miller]
-  ​ssl-ccs-injection. TLS implementations that responded with fatal alerts +
-  ​other than "​unexpected message"​ had been falsely marked as +
-  ​vulnerable. [Daniel Miller]+
  
-o Emergency fix to Nmap's birthday announcement so Nmap wishes itself a +o Emergency fix to Nmap's birthday announcement so Nmap wishes itself a "Happy 21st Birthday"​ rather than "Happy 21th" in verbose mode (-v) on September 1, 2018. [Daniel Miller]
-  ​"Happy 21st Birthday"​ rather than "Happy 21th" in verbose mode (-v) on +
-  ​September 1, 2018. [Daniel Miller]+
  
-o [GH#1150] Start host timeout clocks when the first probe is sent to a +o [GH#1150] Start host timeout clocks when the first probe is sent to a host, not when the hostgroup is started. Sometimes a host doesn'​t get probes until late in the hostgroup, increasing the chance it will time out. [jsiembida]
-  ​host, not when the hostgroup is started. Sometimes a host doesn'​t get +
-  ​probes until late in the hostgroup, increasing the chance it will time +
-  ​out. [jsiembida]+
  
 o [NSE] Support for edns-client-subnet (ECS) in dns.lua has been improved o [NSE] Support for edns-client-subnet (ECS) in dns.lua has been improved
 by: by:
-  ​- [GH#1271] Using ECS code compliant with RFC 7871 [John Bond] +- [GH#1271] Using ECS code compliant with RFC 7871 [John Bond] 
-  - Properly trimming ECS address, as mandated by RFC 7871 [nnposter] +- Properly trimming ECS address, as mandated by RFC 7871 [nnposter] 
-  - Fixing a bug that prevented using the same ECS option table more than +- Fixing a bug that prevented using the same ECS option table more than once [nnposter]
-    ​once [nnposter]+
  
-o [Ncat][GH#​1267] Fixed communication with commands launched with -e or -c +o [Ncat][GH#​1267] Fixed communication with commands launched with -e or -c on Windows, especially when --ssl is used. [Daniel Miller]
-  ​on Windows, especially when --ssl is used. [Daniel Miller]+
  
-o [NSE] Script http-default-accounts can now select more than one +o [NSE] Script http-default-accounts can now select more than one fingerprint category. It now also possible to select fingerprints by name to support very specific scanning. [nnposter]
-  ​fingerprint category. It now also possible to select fingerprints by name +
-  ​to support very specific scanning. [nnposter]+
  
-o [NSE] Script http-default-accounts was not able to run against more than +o [NSE] Script http-default-accounts was not able to run against more than one target host/port. [nnposter]
-  ​one target host/port. [nnposter]+
  
-o [NSE][GH#​1251] New script-arg `http.host` allows users to force a +o [NSE][GH#​1251] New script-arg `http.host` allows users to force a particular value for the Host header in all HTTP requests.
-  ​particular value for the Host header in all HTTP requests.+
  
-o [NSE][GH#​1258] Use smtp.domain script arg or target'​s domain name instead +o [NSE][GH#​1258] Use smtp.domain script arg or target'​s domain name instead of "​example.com"​ in EHLO command used for STARTTLS. [gwire]
-  ​of "​example.com"​ in EHLO command used for STARTTLS. [gwire]+
  
-o [NSE][GH#​1233] Fix brute.lua'​s BruteSocket wrapper, which was crashing +o [NSE][GH#​1233] Fix brute.lua'​s BruteSocket wrapper, which was crashing Nmap with an assertion failure due to socket mixup [Daniel Miller]: nmap: nse_nsock.cc:​672:​ int receive_buf(lua_State*,​ int, lua_KContext):​ Assertion `lua_gettop(L) == 7' failed.
-  ​Nmap with an assertion failure due to socket mixup [Daniel Miller]: nmap: +
-  ​nse_nsock.cc:​672:​ int receive_buf(lua_State*,​ int, lua_KContext):​ +
-  ​Assertion `lua_gettop(L) == 7' failed.+
  
-o [NSE][GH#​1254] Handle an error condition in smb-vuln-ms17-010 caused by +o [NSE][GH#​1254] Handle an error condition in smb-vuln-ms17-010 caused by IPS closing the connection. [Clément Notin]
-  ​IPS closing the connection. [Clément Notin]+
  
-o [Ncat][GH#​1237] Fixed literal IPv6 URL format for connecting through HTTP +o [Ncat][GH#​1237] Fixed literal IPv6 URL format for connecting through HTTP proxies. [Phil Dibowitz]
-  ​proxies. [Phil Dibowitz]+
  
-o [NSE][GH#​1212] Updates vendors from ODVA list for enip-info. +o [NSE][GH#​1212] Updates vendors from ODVA list for enip-info. [NothinRandom]
-[NothinRandom]+
  
-o [NSE][GH#​1191] Add two common error strings that improve MySQL detection +o [NSE][GH#​1191] Add two common error strings that improve MySQL detection by the script http-sql-injection. [Robert Taylor, Paulino Calderon]
-  ​by the script http-sql-injection. [Robert Taylor, Paulino Calderon]+
  
-o [NSE][GH#​1220] Fix bug in http-vuln-cve2006-3392 that prevented the script +o [NSE][GH#​1220] Fix bug in http-vuln-cve2006-3392 that prevented the script to generate the vulnerability report correctly. [rewardone]
-  ​to generate the vulnerability report correctly. [rewardone]+
  
-o [NSE][GH#​1218] Fix bug related to screen rendering in NSE library +o [NSE][GH#​1218] Fix bug related to screen rendering in NSE library tn3270. This patch also improves the brute force script tso-brute. [mainframed]
-  ​tn3270. This patch also improves the brute force script +
-  ​tso-brute. [mainframed]+
  
-o [NSE][GH#​1209] Fix SIP, SASL, and HTTP Digest authentication when the +o [NSE][GH#​1209] Fix SIP, SASL, and HTTP Digest authentication when the algorithm contains lowercase characters. [Jeswin Mathai]
-  ​algorithm contains lowercase characters. [Jeswin Mathai]+
  
-o [GH#1204] Nmap could be fooled into ignoring TCP response packets if they +o [GH#1204] Nmap could be fooled into ignoring TCP response packets if they used an unknown TCP Option, which would misalign the validation, causing it to fail. [Clément Notin, Daniel Miller]
-  ​used an unknown TCP Option, which would misalign the validation, causing +
-  ​it to fail. [Clément Notin, Daniel Miller]+
  
-o [NSE]The HTTP response parser now tolerates status lines without a reason +o [NSE]The HTTP response parser now tolerates status lines without a reason phrase, which improves compatibility with some HTTP servers. [nnposter]
-  ​phrase, which improves compatibility with some HTTP servers. [nnposter]+
  
 o [NSE][GH#​1169][GH#​1170][GH#​1171]][GH#​1198] Parser for HTTP Set-Cookie o [NSE][GH#​1169][GH#​1170][GH#​1171]][GH#​1198] Parser for HTTP Set-Cookie
-header +header is now more compliant with RFC 6265: 
-  ​is now more compliant with RFC 6265: +- empty attributes are tolerated 
-  - empty attributes are tolerated +- double quotes in cookie and/or attribute values are treated literally 
-  - double quotes in cookie and/or attribute values are treated literally +- attributes with empty values and value-less attributes are parsed equally 
-  - attributes with empty values and value-less attributes are parsed +- attributes named "​name"​ or "​value"​ are ignored [nnposter]
-equally +
-  - attributes named "​name"​ or "​value"​ are ignored +
-  ​[nnposter]+
  
-o [NSE][GH#​1158] Fix parsing http-grep.match script-arg. [Hans van den +o [NSE][GH#​1158] Fix parsing http-grep.match script-arg. [Hans van den Bogert]
-  ​Bogert]+
  
-o [Zenmap][GH#​1177] Avoid a crash when recent_scans.txt cannot be written +o [Zenmap][GH#​1177] Avoid a crash when recent_scans.txt cannot be written to.  [Daniel Miller]
-  ​to.  [Daniel Miller]+
  
-o Fixed --resume when the path to Nmap contains spaces. Reported on Windows +o Fixed --resume when the path to Nmap contains spaces. Reported on Windows by Adriel Desautels. [Daniel Miller]
-  ​by Adriel Desautels. [Daniel Miller]+
  
-o New service probe and match lines for adb, the Android Debug Bridge, which +o New service probe and match lines for adb, the Android Debug Bridge, which allows remote code execution and is left enabled by default on many devices. [Daniel Miller]
-  ​allows remote code execution and is left enabled by default on many +
-  ​devices. [Daniel Miller]+
  
nmap.txt · Last modified: 2019/11/23 19:36 by admin

(C) BlackWeb Security 2017 - 2019