head 1.12; access; symbols pkgsrc-2026Q1:1.11.0.6 pkgsrc-2026Q1-base:1.11 pkgsrc-2025Q4:1.11.0.4 pkgsrc-2025Q4-base:1.11 pkgsrc-2025Q3:1.11.0.2 pkgsrc-2025Q3-base:1.11 pkgsrc-2025Q2:1.10.0.2 pkgsrc-2025Q2-base:1.10 pkgsrc-2025Q1:1.9.0.8 pkgsrc-2025Q1-base:1.9 pkgsrc-2024Q4:1.9.0.6 pkgsrc-2024Q4-base:1.9 pkgsrc-2024Q3:1.9.0.4 pkgsrc-2024Q3-base:1.9 pkgsrc-2024Q2:1.9.0.2 pkgsrc-2024Q2-base:1.9 pkgsrc-2024Q1:1.8.0.8 pkgsrc-2024Q1-base:1.8 pkgsrc-2023Q4:1.8.0.6 pkgsrc-2023Q4-base:1.8 pkgsrc-2023Q3:1.8.0.4 pkgsrc-2023Q3-base:1.8 pkgsrc-2023Q2:1.8.0.2 pkgsrc-2023Q2-base:1.8 pkgsrc-2023Q1:1.7.0.6 pkgsrc-2023Q1-base:1.7 pkgsrc-2022Q4:1.7.0.4 pkgsrc-2022Q4-base:1.7 pkgsrc-2022Q3:1.7.0.2 pkgsrc-2022Q3-base:1.7 pkgsrc-2022Q2:1.6.0.6 pkgsrc-2022Q2-base:1.6 pkgsrc-2022Q1:1.6.0.4 pkgsrc-2022Q1-base:1.6 pkgsrc-2021Q4:1.6.0.2 pkgsrc-2021Q4-base:1.6 pkgsrc-2021Q3:1.4.0.2 pkgsrc-2021Q3-base:1.4 pkgsrc-2021Q2:1.3.0.2 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.2.0.14 pkgsrc-2021Q1-base:1.2 pkgsrc-2020Q4:1.2.0.12 pkgsrc-2020Q4-base:1.2 pkgsrc-2020Q3:1.2.0.10 pkgsrc-2020Q3-base:1.2 pkgsrc-2020Q2:1.2.0.8 pkgsrc-2020Q2-base:1.2 pkgsrc-2020Q1:1.2.0.4 pkgsrc-2020Q1-base:1.2 pkgsrc-2019Q4:1.2.0.6 pkgsrc-2019Q4-base:1.2 pkgsrc-2019Q3:1.2.0.2 pkgsrc-2019Q3-base:1.2 pkgsrc-2019Q2:1.1.0.10 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.8 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.6 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.4 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.2 pkgsrc-2018Q2-base:1.1; locks; strict; comment @# @; 1.12 date 2026.04.01.13.00.05; author adam; state Exp; branches; next 1.11; commitid RJNsPXcwVjVjXfAG; 1.11 date 2025.08.25.11.54.33; author adam; state Exp; branches; next 1.10; commitid 6Is6pE94w1FfD68G; 1.10 date 2025.05.15.15.44.41; author adam; state Exp; branches; next 1.9; commitid ogNfvdLFszyjb1VF; 1.9 date 2024.04.25.07.15.03; author adam; state Exp; branches; next 1.8; commitid I86OqPyvpzbQJu7F; 1.8 date 2023.06.06.10.45.10; author adam; state Exp; branches; next 1.7; commitid 9Ajle7FrJGJxjSrE; 1.7 date 2022.09.06.18.47.27; author adam; state Exp; branches; next 1.6; commitid x0uHhc5sSIL4LPSD; 1.6 date 2021.10.26.11.07.14; author nia; state Exp; branches; next 1.5; commitid G83yJyZF8er6kjeD; 1.5 date 2021.10.07.14.43.07; author nia; state Exp; branches; next 1.4; commitid EMvsIaZgYm1t8TbD; 1.4 date 2021.08.26.08.24.48; author adam; state Exp; branches; next 1.3; commitid MMhjJVyBqCDSos6D; 1.3 date 2021.04.16.06.55.33; author adam; state Exp; branches; next 1.2; commitid zA8RJP8Sra759uPC; 1.2 date 2019.08.28.13.55.44; author adam; state Exp; branches; next 1.1; commitid znQPj28BteKuENAB; 1.1 date 2018.04.14.13.04.33; author adam; state Exp; branches; next ; commitid 5KDRvOt4i7RFtpyA; desc @@ 1.12 log @ndiff nmap zenma: updated to 7.99 Nmap 7.99 [2026-03-26] o Integrated many of the most-frequently-submitted IPv4 and IPv6 OS fingerprints, as well as dozens of updated service fingerprints. o Upgraded included libraries: OpenSSL 3.0.19, libpcap 1.10.6, libpcre2 10.47, liblinear 2.50, zlib 1.3.2 o [Windows] Upgraded the included version of Npcap from 1.83 to 1.87, resolving several crashes and stability-related issues. See https://npcap.com/changelog o [Zenmap][GH-3182] Zenmap is now distributed as a universal wheel (zenmap-7.99-py3-none-any.whl) instead of an RPM package so that it can be installed on any system with Python 3. [Daniel Miller] o [Ncat][Windows] Limited the number of handles inherited by subprocesses launched with -e, preventing interference between clients when -e and --keep-open are used. Reported by Nimish Verma. o [Ncat] Several fixes for regressions or longstanding failure cases in ncat-test.pl [Daniel Miller]: + [Windows] Fixed handling of socket EOF with --exec + Fixed the -i (idle timeout) option for listen mode, which was broken when adding the -q option in Ncat 7.96 + Fixed HTTP proxy server when SSL is used. + DTLS (SSL over UDP) shutdown connection on stdin EOF. o [Windows][GH-2711] Nmap now supports scanning over various VPN virtual adapters like OpenVPN TAP adapters. [Daniel Miller] o [GH-3280] Fix a performance regression in reverse-DNS in Nmap 7.98. The fix for -3130 had caused Nmap to send requests too slowly. [Daniel Miller] o [macOS][GH-3289] Fixed a configure-time failure in libdnet that resulted in incorrect MAC addresses being reported. [Daniel Miller] o [Zenmap][GH-3189] Fix a crash in Zenmap topology and hosts viewer: "TypeError: format requires a mapping" [Daniel Miller] o [GH-2955] Fix a routing issue with -e and -S related to -2206 causing error "setup_target: failed to determine route" [Daniel Miller] o [GH-3214] Improve compatibility of build process on various platforms and add multiplatform autobuilds in Github workflow. [Jordan Ritter] o [NSE][GH-2183][GH-3239] Script hostmap-crtsh now reports only true subdomains of a given target hostname by default. In the past, it was reporting any DNS name that included the target hostname as a substring (but not necessarily as a suffix). The old behavior can be enabled by setting script argument hostmap-crtsh.lax. [Sweekar-cmd, nnposter] o [NSE] Function url.parse_query was not interpreting plus signs as spaces. [nnposter] o [NSE] Function url.parse was not properly parsing URLs with query strings but empty paths. [nnposter] o [NSE][GH-3287] Functions tableaux.tcopy and tableaux.shallow_tcopy were not behaving the same when the input table had a custom __pairs metamethod. Both functions now perform a raw copy, ignoring the metamethod. [nnposter] o [NSE] Function tableaux.shallow_tcopy did not work correctly for tables with Boolean keys. [nnposter] o [NSE] IPP print queue job details were not getting populated, having a hard dependency on Apple-specific attributes. [nnposter] o [NSE][GH-3245] Functions connect and close have been removed from the IPP library, as they served no purpose. [nnposter] o [NSE] ipOps.expand_ip was crashing upon malformed IPv6 addresses. [nnposter] o [NSE][GH-3262] FTP banner parsing is now more closely aligned with RFC 959, section 4.2. [nnposter] o [NSE][GH-3253] Function stdnse.make_buffer now accepts an extra parameter that allows preloading the newly created buffer with data. [nnposter] o [NSE][GH-3191][GH-3218] Script http-internal-ip-disclosure has been enhanced, including added support for IPv6 and HTTPS and more accurate processing of target responses. [nnposter] o [NSE][GH-3194] RPC-based scripts were sporadically failing due to privileged port conflicts. [nnposter] o [NSE][GH-3196] Script rlogin-brute was sporadically failing due to using an off-by-one range for privileged ports and not handling potential port conflicts. [nnposter] @ text @$NetBSD: distinfo,v 1.11 2025/08/25 11:54:33 adam Exp $ BLAKE2s (nmap-7.99.tar.bz2) = 2a4f8ad74dd7b0206dd78ca01b1f783a49596e9f947d385627ad9abd9af70dac SHA512 (nmap-7.99.tar.bz2) = 9ff69659b76573eb10b6e472a0217032fd5fed20f0ac971b3736a4222fb6251c5fbf381ebea7ede313b8ff2feac90a848f645000c61200772d01b843594f4ba4 Size (nmap-7.99.tar.bz2) = 13036588 bytes SHA1 (patch-pyproject.toml) = 57c7caa4efd8ede5ea047c8176f1727e16eab91e @ 1.11 log @nmap ndiff zenmap: updated to 7.98 7.98 o Updated liblua to 5.4.8 o Fixed an issue in FTP bounce scan where a single null byte is written past the end of the receive buffer. The issue is triggered by a malicious server but does not cause a crash with default builds. [Tyler Zars] o [GH3130] Fix a crash (stack exhaustion due to excessive recursion) in the parallel DNS resolver. Additionally, improved performance by processing responses that come after the request has timed out. [Daniel Miller] o [GH2757] Fix a crash in traceroute when using randomly-generated decoys: "Assertion `source->ss_family == AF_INET' failed" [Daniel Miller] o [GH2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers that are registered as Extension Header values. When the --data option was used, these would fail the assertion "len == (u32) ntohs(ip6->ip6_plen)" [Daniel Miller] o [NSE][GH3133] Fix the error "nse_nsock.cc:637: void receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == 1' failed." when reading from an SSL connection. [Daniel Miller] o [GH3086] Prevent TCP Connect scan (-sT) from leaking one socket per hostgroup, which led to progressively slower scans and assertion failures in other scan phases. [Daniel Miller] o [NSE] Added NSE bindings for more libssh2 functions: channel_request, channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive. ssh-brute will now use keyboard-interactive auth if password auth is not offered. [Daniel Miller, CrowdStrike] o Fix a bug that was causing Nmap to send empty DNS packets for each target that was not found up instead of just skipping them for reverse DNS. o [macOS][GH3127] Fix "dnet: Failed to open device en0" errors on macOS since Nmap 7.96. [Daniel Miller] o [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including post-quantum ciphersuites. o [GH3114][Windows] Use only the DNS servers for up and configured interfaces for forward and reverse DNS lookups. When -e or -S are used, use only DNS servers that can be connected via that interface or source address. [Daniel Miller] o [Ndiff][GH3115] Have configure script check for PyPA 'build' module. [Daniel Miller] o [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover latest strings. o [Zenmap][GH2718] Zenmap language translation (i18n) files were not being installed. [Daniel Miller] o [Zenmap][GH3066] Fix Zenmap error "ValueError: I/O operation on closed file" when Nmap crashes or fails. [Daniel Miller] o [Zenmap][GH3084][GH3127] Fix UnicodeDecodeError issues in ScriptMetadata and UmitConfigParser. [Daniel Miller] o [NSE][GH3123] WS-Discovery parsing would error out if the MessageID UUID was not prefixed with "urn:". [nnposter] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2025/05/15 15:44:41 adam Exp $ d3 4 a6 3 BLAKE2s (nmap-7.98.tar.bz2) = 1bc70d03fee3da63d804a1e21af732cb8c0a5ce3db55d8f1b970dfc0d8e59ebe SHA512 (nmap-7.98.tar.bz2) = 14e13689d1276f70efc8c905e8eb0a15970f4312c2ef86d8d97e9df11319735e7f7cd73f728f69cf43d27a078ef5ac1e0f39cd119d8cb9262060c42606c6cab3 Size (nmap-7.98.tar.bz2) = 12273108 bytes @ 1.10 log @nmap ndiff zenmap: updated to 7.97 Nmap 7.97 [2025-05-12] o [Zenmap] Fix a crash when starting a scan on Windows in locales that use non-latin character sets. Also changed Nmap to print the time zone as an offset from UTC instead of as a localized string. [Daniel Miller] o Fixed an issue with the parallel forward DNS resolver: it had not been consulting /etc/hosts, nor did it correctly handle the 'localhost' name. [Daniel Miller] o Mitigate a false-positive detection by replacing a malicious URL in the example output of http-malware-host [nnposter] Nmap 7.96 [2025-05-01] o Upgraded included libraries: OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1, libpcap 1.10.5, libpcre2 10.45 o [Windows] Upgraded the included version of Npcap from version 1.79 to the latest version 1.82, bringing faster packet injection, VLAN header capture, and support for SR-IOV adapters, along with many other bug fixes and feature enhancements described at https://npcap.com/changelog o Nmap now performs forward DNS lookups in parallel, using the same engine that has been reliably performing reverse-DNS lookups for nearly a decade. Scanning large lists of hostnames is now enormously faster and avoids the unresponsive wait for blocking system calls, so progress stats can be shown. In testing, resolving 1 million website names to both IPv4 and IPv6 took just over an hour. The previous system took 49 hours for the same data set! [Daniel Miller] o [Nping] Promoted Nping version number from a 0.7.95 alpha release to the same release version as Nmap. o [Zenmap] Added dark mode, accessed via Profile->Toggle Dark Mode or window::dark_mode in zenmap.conf. [Daniel Miller] o [NSE] Added 3 new scripts, for a total of 612 NSE scripts: + mikrotik-routeros-version queries MikroTik's WinBox router admin service to get the RouterOS version. New service probes were also added for this service. [deauther890, Daniel Miller] + mikrotik-routeros-username-brute brute-forces WinBox usernames for the router using CVE-2024-54772. [deauther890] + targets-ipv6-eui64 generates target IPv6 addresses from a user-provided file of MAC addresses, using the EUI-64 method. [Daniel Miller] o Fixed an issue preventing the Nmap OEM 7.95 uninstaller from correctly uninstalling Nmap OEM. o [Nsock][Windows] Fixed the IOCP Nsock engine, which had been demoted since Nmap 7.91 due to unresolved issues around SSL sockets and IPv6. [Daniel Miller] o Fixed the issue where TCP Connect scans (-sT) on Windows would show 'filtered' instead of 'closed', due to differences in understanding timeouts. o Nmap is now able to scan IP protocol 255. [nnposter] o Nmap will now allow targets to be specified both on the command line and in an input file with -iL. Previously, if targets were provided in both places, only the targets in the input file would be scanned, and no notice was given that the command-line targets were ignored. [Daniel Miller] o [Zenmap] Fixed a Zenmap crash in DiffViewer when Ndiff exits with error. o [Zenmap] Fixed several UnicodeDecodeError or UnicodeEncodeError crashes throughout Zenmap. o [Zenmap] Fixed an issue preventing Zenmap from launching if nmap was not in the PATH. The issue primarily affected macOS users. [Daniel Miller] o Fixed a couple of issues with parsing the argument to the -iR option. o [NSE] Added TLS support to redis.lua and improved -sV detection of redis. o Fix 2 potential crashes in parsing IPv6 extension headers discovered using AFL++ fuzzer. [Domen Puncer Kugler, Daniel Miller] o [Nping] Bind raw socket to device when possible. This was already done for IPv6, but was needed for IPv4 L3 tunnels. [ValdikSS] o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP connections. This makes it more compatible with other netcats. The -k option will enable the old behavior. See https://seclists.org/nmap-dev/2013/q1/188 [Daniel Miller] o [Nsock] Fix an issue affecting Ncat where unread bytes in the SSL layer's buffer could not be read until more data arrived on the socket, which could lead to deadlock. [Daniel Miller] o [Ncat] New Ncat option -q to delay quit after EOF on stdin, the same as traditional netcat's -q option. [Daniel Miller] o [Ncat] Ncat in listen mode with -e or -c correctly handles error and EOF conditions that had not been being delivered to the child process. o [Ncat][Windows] All Nsock engines now work correctly. The default is still 'select', but others can be set with --nsock-engine=iocp or --nsock-engine=poll [Daniel Miller] o [NSE] SSH NSE scripts now catch connection errors thrown by the libssh2 Lua binding, providing useful output instead of a backtrace. [Joshua Rogers, Daniel Miller] o [NSE] Several fixes and extensions to the libssh2 NSE bindings: fixed libssh2.channel_read_stderr, which was reading stdout instead; add binding for libssh2_userauth_publickey_frommemory; allow open_channel to avoid allocating a pty; o [Nsock] Improvements for platforms without selectable pcap handles (e.g. Windows). Interleaved pcap and socket events were favoring pcap reads, possibly resulting in timeouts of the socket events. [Daniel Miller] o [Nsock] Improved memory performance of poll engine on Windows. [Daniel Miller] o [Nsock] Improvements to Nsock event list management, fixing errors like "could not find 1 of the purportedly pending events on that IOD." [Daniel Miller] o When Nmap is used with --disable-arp-ping, a local IP that cannot be ARP-resolved will use the "no-route" reason instead of the "unknown-response" reason, since no response was received. o [NSE] Various bug fixes in the mssql NSE library. [johnjaylward, nnposter] o [NSE] Testing for acceptance of SSH keys for a given username caused heap corruption. [Julijan Nedic, nnposter] o [NSE] Scripts were not able to load SSH public keys. from a file. [nnposter] o [NSE] Encryption/decryption performed by the OpenSSL NSE module did not work correctly when the IV started with a null byte. [nnposter] o [NSE] Arbitrary separator in stdnse.tohex() is now supported. Script smb-protocols now reports SMB dialects correctly. [nnposter] o [NSE] ether_type inconsistency in packet.Frame has been resolved. Both Frame:new() and Frame:build_ether_frame() now use an integer. [nnposter] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2024/04/25 07:15:03 adam Exp $ d3 3 a5 3 BLAKE2s (nmap-7.97.tar.bz2) = 61f88fc575e9c6bd934dbefbe8bc0ecf3211894d11173e7a9005c7c075e42000 SHA512 (nmap-7.97.tar.bz2) = 050241744c311f5fc16297e1698aded2a9fdc78eb7a0954d1c70f7713ef6e1b07f3fcbf28a6a53f43785b1ae710aadf10237d1d0bd8855c6b3c423da4d35961c Size (nmap-7.97.tar.bz2) = 12142624 bytes @ 1.9 log @ndiff nmap zenmap: updated to 7.95 Nmap 7.95 [2024-04-19] o [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.75 to the latest version 1.79. It includes many performance improvements, bug fixes and feature enhancements described at https://npcap.com/changelog. o Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added 336 fingerprints, bringing the new total to 6036. Additions include iOS 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2 o Integrated over 2500 service/version detection fingerprints submitted since June 2020. The signature count went up 1.4% to 12089, including 9 new softmatches. We now detect 1246 protocols, including new additions of grpc, mysqlx, essnet, remotemouse, and tuya. o [NSE] Four new scripts from the DINA community (https://github.com/DINA-community) for querying industrial control systems: + hartip-info reads device information from devices using the Highway Addressable Remote Transducer protocol + iec61850-mms queries devices using Manufacturing Message Specification requests. [Dennis Rösch, Max Helbig] + multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All message and prints the responses. [Stefan Eiwanger, DINA-community] + profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the PNIO-CM service. o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2 1.11.0, liblinear 2.47 o Upgraded OpenSSL binaries (for the Windows builds and for RPMs) to version 3.0.13. CVEs resolved in this update include only 2 moderate-severity issues which we do not believe affect Nmap: CVE-2023-5363 and CVE-2023-2650 o [Zenmap][Ndiff] Zenmap and Ndiff now use setuptools, not distutils for packaging. o [Ncat] Fixed Ncat UDP server mode to not quit after EOF on stdin. Reported as Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613 o Fixed an issue where TCP Connect scan (-sT) on Windows would fail to open any sockets, leading to scans that never finish. [Daniel Miller] o [NSE] ssh-auth-methods will now print the pre-authentication banner text when available. Requires libssh2 1.11.0 or later. [Daniel Miller] o [Zenmap] Fix a crash in Zenmap when changing a host comment. o [NSE] Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger] o [Zenmap] RPM spec files now correctly require the python3 package, not python>=3 o Improvements to OS detection fingerprint matching, including a syntax change for nmap-os-db that allows ranges within the TCP Options string. This leads to more concise and maintainable fingerprints. [Daniel Miller] o Improved the OS detection engine by using a new source port for each retry. Scans from systems such as Windows that do not send RST for unsolicited SYN|ACK responses were previously unable to get a response in subsequent tries. [Daniel Miller] o Several profile-guided optimizations of the port scan engine. [Daniel Miller] o Fix an out-of-bounds read which led to out-of-memory errors when duplicate addresses were used with --exclude o Fixed a memory leak in Nsock: compiled pcap filters were not freed. o Fixed a crash when using service name wildcards with -p, as in -p "http*" o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap 7.80 and later. [David Fifield, Mike Pattrick] o [NSE] Fixed packet size testing in KNX scripts [f0rw4rd] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2023/06/06 10:45:10 adam Exp $ d3 3 a5 3 BLAKE2s (nmap-7.95.tar.bz2) = 07bd501519952dae05b65ad465ef1417bd3aeb22e36ff0dde875e78194d82af8 SHA512 (nmap-7.95.tar.bz2) = fd95a8bc627a2b8b507353f761dc9fdc8e880a0dd2d75a51b9cb3ec664318796af9bb16a6ff9a1358bd77ad669c2a54e333be630f201f69287692a7d2d41c17e Size (nmap-7.95.tar.bz2) = 11717069 bytes @ 1.8 log @nmap ndiff zenmap: updated to 7.94 Nmap 7.94 [2023-05-19] o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made this effort possible: + [Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík] + [Ndiff] Updated Ndiff to Python 3. [Brian Quigley] + Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks to those who opened Python 3-related issues and pull requests: Eli Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa, Hasan Aliyev, and others. o [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.71 to the latest version 1.75. It includes dozens of performance improvements, bug fixes and feature enhancements described at https://npcap.com/changelog. o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M (28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC prefix used previously for lookups. o Added partial silent-install support to the Nmap Windows installer. It previously didn't offer silent mode (/S) because the free/demo version of Npcap Windoes packet capturing driver that it needs and ships with doesn't include a silent installer. Now with the /S option, Nmap checks whether Npcap is already installed (either the free version or OEM) and will silently install itself if so. This is similar to how the Wireshark installer works and is particularly helpful for organizations that want to fully automate their Nmap (and Npcap) deployments. See https://nmap.org/nmap-silent-install for more details. o Lots of profile-guided memory and processing improvements for Nmap, including OS fingerprint matching, probe matching and retransmission lookups for large hostgroups, and service name lookups. Overhauled Nmap's string interning and several other startup-related procedures to speed up start times, especially for scans using OS detection. [Daniel Miller] o Integrated many of the most-submitted IPv4 OS fingerprints for recent versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints, bringing the new total to 5700! o [NSE] Added the tftp-version script which requests a nonexistent file from a TFTP server and matches the error message to a database of known software. [Mak Kolybabi] o [Ncat] Ncat can now accept "connections" from multiple UDP hosts in listen mode with the --keep-open option. This also enables --broker and --chat via UDP. [Daniel Miller] o Upgraded OpenSSL binaries (for the Windows builds and for RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602; CVE-2022-3786) which don't impact Nmap proper since it doesn't do certificate validation, but could possibly impact Ncat when the --ssl-verify option is used. o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4 o Removed the bogus OpenSSL message from the Windows Nmap executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL legacy provider failed to load." We actually already have the legacy provider built-in to our OpenSSL builds, and that's why loading the external one fails. o UDP port scan (-sU) and version scan (-sV) now both use the same data source, nmap-service-probes, for data payloads. Previously, the nmap-payloads file was used for port scan. Port scan responses will be used to kick-start the version matching process. [Daniel Miller] o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel, the same as it already does for TCP services with SSL/TLS encryption. The DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent sooner in the scan. [Daniel Miller] o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming connections. [Daniel Miller] o Handle Internationalized Domain Names (IDN) like Яндекс.рф on platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller] o [Ncat] Addressed an issue from the Debian bug tracker (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data received immediately after a SOCKS CONNECT response. Ncat can now be correctly used in the ProxyCommand option of OpenSSH. o Improved DNS domain name parsing to avoid recursion and enforce name length limits, avoiding a theoretical stack overflow issue with certain crafted DNS server responses, reported by Philippe Antoine. o [NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone] o Updates to the Japanese manpage translation by Taichi Kotake. o [Ncat] Dramatically speed up Ncat transfers on Windows by avoiding a 125ms wait for every read from STDIN. [scriptjunkie] o [Windows] Periodically reset the system idle timer to keep the system from going to sleep while scans are in process. This only affects port scans and OS detection scans, since NSE and version scan do not rely on timing data to adjust speed. o Updated the Nmap Public Source License (NPSL) to Version 0.95. This just clarifies that the derivative works definition and all other license clauses only apply to parties who choose to accept the license in return for the special rights granted (such as Nmap redistribution rights). If a party can do everything they need to using copyright provisions outside of this license such as fair use, we support that and aren't trying to claim any control over their work. Versions of Nmap released under previous versions of the NPSL may also be used under the NPSL 0.95 terms. o Avoid storing many small strings from IPv4 OS detection results in the global string_pool. These were effectively leaked after a host is done being scanned, since string_pool allocations are not freed until Nmap quits. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2022/09/06 18:47:27 adam Exp $ d3 3 a5 3 BLAKE2s (nmap-7.94.tar.bz2) = fb58b74eaf86ab57d253e947fc1dea5cfc6a418fba62001a767e37833399979f SHA512 (nmap-7.94.tar.bz2) = a55cddf9c1d9272243d01251eb3315b26f232d0596818857083222a385398618b428dc2bd8282c3e832527e135a74aeb020ca8609d83d8337342f5d8a04d7f2c Size (nmap-7.94.tar.bz2) = 11102195 bytes @ 1.7 log @nmap ndiff zenmap: updated to 7.93 Nmap 7.93 [2022-09-01] o This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html. o [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.50 to the latest version 1.71. It includes dozens of performance improvements, bug fixes and feature enhancements described at https://npcap.com/changelog. o Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5. o Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1 o Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured. [Daniel Miller, nnposter] o [NSE] NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output nor a "ERROR: script execution failed" message in script output, since the intended behavior has always been to end the script immediately without output. [Daniel Miller] o Update the Nmap output DTD to match actual output since the `` element was added in Nmap 7.90. o [NSE] Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase. [Daniel Miller] o Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier. [nnposter] o Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer [linholmes] o Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes. [nnposter] o Nmap and Nping were unable to obtain system routes on FreeBSD [benpratt, nnposter] o Script ipidseq was broken due to calling an unreachable library function. [nnposter] o Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location. [nnposter] o [NSE] Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes. [Daniel Miller] o We ceased creating the Nmap win32 binary zipfile. It was useful back when you could just unzip it and run Nmap from there, but that hasn't worked well for many years. The win32 self-installer handles Npcap installation and many other dependencies and complexities. Anyone who needs the binaries for some reason can still install Nmap on any system and retrieve them from there. For now we're keeping the Win32 zipfile in the Nmap OEM Edition (https://nmap.org/oem) for companies building Nmap into their own products. But even in that case we believe that running the Nmap OEM self-installer in silent mode is a better approach. o Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode. o Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services [Esa Jokinen] o [NSE] Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types. [Daniel Miller] o [Ncat] Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712. o [Ncat] Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses. [pomu0325] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2021/10/26 11:07:14 nia Exp $ d3 3 a5 4 BLAKE2s (nmap-7.93.tar.bz2) = 8c2e549318f6329d7252750ab903cbeec79c93cc001b542ed3166eaa1b2c7fbd SHA512 (nmap-7.93.tar.bz2) = 4ec9295e25bd7a215e718c3dbbf09bfe6339b60850f4a8d09b5ad0cbf41a0da8ece0168efc5ca91ba1ecbd83b1d31735d77dacd5f1ec1a9fd212454dd1f0f0fd Size (nmap-7.93.tar.bz2) = 10823114 bytes SHA1 (patch-zenmapCore_Paths.py) = 55ccc83a8f7dd302e4b0ffc1df0837ff651ba913 @ 1.6 log @ net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2021/10/07 14:43:07 nia Exp $ d3 3 a5 3 BLAKE2s (nmap-7.92.tar.bz2) = 0bf7a3882fbb25dd0a19807cbbd4e14c4d9f92c0198ec3444a821a61868e5435 SHA512 (nmap-7.92.tar.bz2) = 7828367f9dc76ff4d1e8c821260e565fb0c3cb6aba0473d24759133a3006cdf2cb087574f0dd7d2ba47a63754ba4f72e0b78cdae1333a58f05c41d428b56ad59 Size (nmap-7.92.tar.bz2) = 10498200 bytes @ 1.5 log @net: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2021/08/26 08:24:48 adam Exp $ d3 1 a3 1 RMD160 (nmap-7.92.tar.bz2) = 90e066815ff7f9d6e8bffcd6464a22061c150a24 @ 1.4 log @nmap: updated to 7.92 Nmap 7.92 [2021-08-08] o [Windows] Upgraded Npcap to version 1.50, the fastest and most stable release yet. Among the many exciting changes listed at https://npcap.org/changelog is support for Windows on ARM, which means Nmap can now run on lightweight Windows tablets like the Surface Pro X. o Updated Nmap's NPSL license to rewrite a poorly-worded clause which many folks interpreted as a "field of endeavor restriction" related to "proprietary software companies". We are retroactively offering Nmap versions 7.90 and 7.91 under this new Version 0.93 of the NPSL so that users and distributors may choose either version of the license. o [Windows] Updated our Windows builds to Visual Studio 2019, Windows 10 SDK, and the UCRT, removing support for Windows Vista and earlier. Npcap is required for packet injection and capture, not WinPcap. o New Nmap option --unique will prevent Nmap from scanning the same IP address twice, which can happen when different names resolve to the same address. [Daniel Miller] o [NSE] Added 3 NSE scripts, from 4 authors, bringing the total up to 604! They are all listed at https://nmap.org/nsedoc/, and the summaries are below: + nbns-interfaces queries NetBIOS name service (NBNS) to gather IP addresses of the target's network interfaces [Andrey Zhukov] + openflow-info gathers preferred and supported protocol versions from OpenFlow devices [Jay Smith, Mak Kolybabi] + port-states prints a list of ports that were found in each state, including states that were summarized as "Not shown: X closed ports" [Daniel Miller] o Several changes to UDP payloads to improve accuracy: + Fix an issue with -sU where payload data went out-of-scope before it was used, causing corrupted payloads to be sent. [Mariusz Ziulek] + Nmap's retransmission limits were preventing some UDP payloads from being tried with -sU and -PU. Now, Nmap sends each payload for a particular port at the same time without delay. [Daniel Miller] + New UDP payloads: - TS3INIT1 for UDP 3389 [colcrunch] - DTLS for UDP 3391 (RD Gateway) [Arnim Rupp] o [NSE] TLS 1.3 now supported by most scripts for which it is relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel connections and certificate parsing will require OpenSSL 1.1.1 or later to fully support TLS 1.3. [Daniel Miller] o Changes to Nmap's XML output: + If a host times out, the XML element will have the attribute timedout="true" and the host's timing info (srtt etc.) will still be printed. + The "extrareasons" element now includes a list of port numbers for each "ignored" state. The "All X ports" and "Not shown:" lines in normal output have been changed slightly to provide more detail. [Daniel Miller] o Fix an issue in addrset matching that was causing all targets to be excluded if the --excludefile listed a CIDR range that contains an earlier, smaller CIDR range. [Daniel Miller] o Setting --host-timeout=0 will disable the host timeout, which is set by -T5 to 15 minutes. Earlier versions of Nmap require the user to specify a very long timeout instead. o [NSE] Prevent the ssl-* NSE scripts from probing ports that were excluded from version scan, usually 9100-9107, since JetDirect will print anything sent to these ports. [Daniel Miller] o Nmap no longer produces cryptic message "Failed to convert source address to presentation format" when unable to find useable route to the target. [nnposter] o [Ncat] Use safety-checked versions of FD_* macros to abort early if number of connections exceeds FD_SETSIZE. [Pavel Zhukov] o [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping server data sent right after the connection got established, such as port banners. [Sami Pönkänen] o [Ncat] Fixed a bug in proxy connect mode which would close the connection as soon as it was opened in Nmap 7.90 and 7.91. o [NSE] Fixed NSE so it will not consolidate all port script output for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller] o [Zenmap] Fixed an issue where a failure to execute Nmap would result in a Zenmap crash with "TypeError: coercing to Unicode" exception. o Nmap no longer considers an ICMP Host Unreachable as confirmation that a target is down, in accordance with RFC 1122 which says these errors may be transient. Instead, the probe will be destroyed and other probes used to determine aliveness. [Daniel Miller] o [Ncat] Ncat no longer crashes when used with Unix domain sockets. o [Ncat] Ncat is now again generating certificates with the duration of one year. Due to a bug, recent versions of Ncat were using only one minute. [Tobias Girstmair] o [NSE] URL/percent-encoding is now using uppercase hex digits to align with RFC 3986, section 2.1, and to improve compatibility with some real-world web servers. [nnposter] o [NSE] Script hostmap-crtsh got improved in several ways. The most visible are that certificate SANs are properly split apart and that identities that are syntactically incorrect to be hostnames are now ignored. [Michel Le Bihan, nnposter] o [NSE] Loading of a Nikto database failed if the file was referenced relative to the Nmap directory [nnposter] o [NSE] SMB2 dialect handling has been redesigned. Visible changes include: * Notable improvement in speed of script smb-protocols and others * Some SMB scripts are no longer using a hardcoded dialect, improving target interoperability * Dialect names are aligned with Microsoft, such as 3.0.2, instead of 3.02 [nnposter] o [NSE] Script smb2-vuln-uptime no longer reports false positives when the target does not provide its boot time. [nnposter] o [NSE] Client packets composed by the DHCP library will now contain option 51 (IP address lease time) only when requested. [nnposter] o [NSE] XML decoding in library citrixxml no longer crashes when encountering a character reference with codepoint greater than 255. (These references are now left unmodified.) [nnposter] o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for the audit rule base. [nnposter] o [NSE] It is now possible to control whether the SNMP library uses v1 (default) or v2c by setting script argument snmp.version. [nnposter] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2021/04/16 06:55:33 adam Exp $ a2 1 SHA1 (nmap-7.92.tar.bz2) = 62342a9a6641833c5c16b7a24ced4bace68c60fb @ 1.3 log @nmap ndiff zenmap: updated to 7.91 Nmap 7.91 [2020-10-09] o [Zenmap] Fix a crash in the profile editor due to a missing import. o [Nsock][Windows] Demote the IOCP Nsock engine because of some known issues that will take longer to resolve. The previous default "poll" engine will be used instead. o [Nsock][Windows] Fix a crash in service scan due to a previously-unknown error being returned from the IOCP Nsock engine. [Daniel Miller] o [NSE] Fix several places where Lua's os.time was being used to represent dates prior to January 1, 1970, which fails on Windows. Notably, NSE refused to run in UTC+X timezones with the error "time result cannot be represented in this installation" [Clément Notin, nnposter, Daniel Miller] o [NSE] MySQL library was not properly parsing server responses, resulting in script crashes. [nnposter] o Silence the irrelevant warning, "Your ports include 'T:' but you haven't specified any TCP scan type" when running nmap -sUV Nmap 7.90 [2020-10-02] o [Windows] Upgraded Npcap, our Windows packet capturing (and sending) library to the milestone 1.00 release! It's the culmination of 7 years of development with 170 public pre-releases. This includes dozens of performance improvements, bug fixes, and feature enhancements described at https://npcap.org/changelog. o Integrated over 800 service/version detection fingerprints submitted since August 2017. The signature count went up 1.8% to 11,878, including 17 new softmatches. We now detect 1237 protocols from airmedia-audio, banner-ivu, and control-m to insteon-plm, pi-hole-stats, and ums-webviewer. A significant number of submissions remain to be integrated in the next release. o Integrated over 330 of the most-frequently-submitted IPv4 OS fingerprints since August 2017. Added 26 fingerprints, bringing the new total to 5,678. Additions include iOS 12 & 13, macOS Catalina & Mojave, Linux 5.4, FreeBSD 13, and more. o Integrated all 67 of your IPv6 OS fingerprint submissions from August 2017 to September 2020. Added new groups for FreeBSD 12, Linux 5.4, and Windows 10, and consolidated several weak groups to improve classification accuracy. o [NSE] Added 3 NSE scripts, from 2 authors, bringing the total up to 601! They are all listed at https://nmap.org/nsedoc/, and the summaries are below: + dicom-brute attempts to brute force the called Application Entity Title of DICOM servers. [Paulino Calderon] + dicom-ping discovers DICOM servers and determines if any Application Entity Title is allowed to connect. [Paulino Calderon] + uptime-agent-info collects system information from an Idera Uptime Infrastructure Monitor agent. [Daniel Miller] o Addressed over 250 code quality issues identified by LGTM.com, improving our code quality score from "C" to "A+" o Released Npcap OEM Edition. For more than 20 years, the Nmap Project has been funded by selling licenses for companies to distribute Nmap with their products, along with commercial support. Hundreds of commercial products now use Nmap for network discovery tasks like port scanning, host discovery, OS detection, service/version detection, and of course the Nmap Scripting Engine (NSE). Until now they have just used standard Nmap, but this new OEM Edition is customized for use within other Windows software. Nmap OEM contains the OEM version of our Npcap driver, which allows for silent installation. It also removes the Zenmap GUI, which cuts the installer size by more than half. And it reports itself as Nmap OEM so customers know it's a properly licensed Nmap. See https://nmap.org/oem for more details. We will be reaching out to all existing licensees with Nmap OEM access credentials, but any licensees who wants it quicker should see https://nmap.org/oem. o Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a cleaner and better organized version (still based on GPLv2) now called the Nmap Public Source License to avoid confusion. See https://nmap.org/npsl/ for more details and annotated license text. This NPSL project was started in 2006 (community discussion here: https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for 7 years until it was restarted in 2013 (https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted by development again. We still have some ideas for improving the NPSL, but it's already much better than the current license, so we're applying NPSL Version 0.92 to the code now and can make improvements later if needed. This does not change the license of previous Nmap releases. o Removed nmap-update. This program was intended to provide a way to update data files and NSE scripts, but the infrastructure was never fielded. It depended on Subversion version control and would have required maintaining separate versions of NSE scripts for compatibility. o Removed the silent-install command-line option (/S) from the Windows installer. It causes several problems and there were no objections when we proposed removing it in 2016 (https://seclists.org/nmap-dev/2016/q4/168). It will remain in Nmap OEM since its main use was for customers who redistribute Nmap with other software. If anyone else has a strong need for an Nmap silent installer, please contact sales@@nmap.com and we'll see what we can do. o 23 new UDP payloads and dozens more default ports for existing payloads developed for Rapid7's InsightVM scan engine. These speed up and ensure detection of open UDP services. [Paul Miseiko, Rapid7] o Added a UDP payload for STUN (Session Traversal Utilities for NAT). [David Fifield] o [NSE] Fixed an off-by-one bug in the stun.lua library that prevented parsing a server response. [David Fifield] o Restrict Nmap's search path for scripts and data files. NMAPDATADIR, defined on Unix and Linux as ${prefix}/share/nmap, will not be searched on Windows, where it was previously defined as C:\Nmap . Additionally, the --script option will not interpret names as directory names unless they are followed by a '/'. [Daniel Miller] o Fix an assertion failure when unsolicited ARP response is received: nmap: Target.cc:503: void Target::stopTimeOutClock(const timeval*): Assertion `htn.toclock_running == true' failed. o [NSE] New outlib library consolidates functions related to NSE output, both string formatting conventions and structured output. [Daniel Miller] o [NSE] New dicom library implements the DICOM protocol used for storing and transfering medical images. [Paulino Calderon] o Fix a regression in ARP host discovery left over from the move from massping to ultra_scan in Nmap 4.22SOC8 (2007) that sometimes resulted in missing ARP responses from targets near the end of a scan. Accuracy and speed are both improved. [Daniel Miller] o Restrict Nmap's search path for scripts and data files. NMAPDATADIR, defined on Unix and Linux as ${prefix}/share/nmap, will not be searched on Windows, where it was previously defined as C:\Nmap . Additionally, the --script option will not interpret names as directory names unless they are followed by a '/'. [Daniel Miller] o Fix the "iocp" Nsock engine for Windows to be able to correctly handle PCAP read events. This engine is now the default for Windows, which should greatly improve performance over the previous default, the "poll" engine. [Daniel Miller] o Reduced CPU usage of OS scan by 50% by avoiding string copy operations and removing undocumented fingerprint syntax unused in nmap-os-db ('&' and '+' in expressions). [Daniel Miller] o Allow multiple UDP payloads to be specified for a port in nmap-payloads. If the first payload does not get a response, the remaining payloads are tried round-robin. [Paul Miseiko, Rapid7] o New option --discovery-ignore-rst tells Nmap to ignore TCP RST responses when determining if a target is up. Useful when firewalls are spoofing RST packets. [Tom Sellers, Rapid7] o [Ncat] It is now possible to override the value of TLS SNI via --ssl-servername [Hank Leininger, nnposter] o Fixed parsing of TCP options which would hang (infinite loop) if an option had an explicit length of 0. Affects Nmap 7.80 only. [Daniel Miller, Imed Mnif] o [NSE] Script ssh2-enum-algos would fail if the server initiated the key exchange before completing the protocol version exchange [Scott Ellis, nnposter] o [NSE] Fetching of SSH2 keys might fail because of key exchange confusion [nnposter] o [NSE] Performance of script afp-ls has been dramatically improved [nnposter] o [NSE] Parsing of AFP FPGetFileDirParms and FPEnumerateExt2FPEnumerateExt2 responses was not working correctly [nnposter] o [NSE] Eliminated false positives in script http-shellshock caused by simple reflection of HTTP request data [Anders Kaseorg] o [NSE] SNMP scripts are now enabled on non-standard ports where SNMP has been detected [usd-markus, nnposter] o [NSE] MQTT library was using incorrect position when parsing received responses [tatulea] o [NSE] IPMI library was using incorrect position when parsing received responses [Star Salzman] o [NSE] Scripts ipmi-brute and deluge-rpc-brute were not capturing successfully brute-forced credentials [Star Salzman] o Allow resuming IPv6 scans with --resume. The address parsing was assuming IPv4 addresses, leading to "Unable to parse ip" error. In a related fix, MAC addresses will not be parsed as IP addresses when resuming from XML. [Daniel Miller] o Fix reverse-DNS handling of PTR records that are not lowercase. Nmap was failing to identify reverse-DNS names when the DNS server delivered them like ".IN-ADDR.ARPA". [Lucas Nussbaum, Richard Schütz, Daniel Miller] o [NSE] IKE library was not properly populating the protocol number in aggressive mode requests. [luc-x41] o Added service fingerprinting for MySQL 8.x, Microsoft SQL Server 2019, MariaDB, and Crate.io CrateDB. Updated PostreSQL coverage and added specific detection of recent versions running in Docker. [Tom Sellers] o New XML output "hosthint" tag emitted during host discovery when a target is found to be up. This gives earlier notification than waiting for the hostgroup to finish all scan phases. [Paul Miseiko] o New UDP payloads for GPRS Tunneling Protocol (GTP) on ports 2123, 2152, and 3386. [Guillaume Teissier] o [NSE] SSH scripts now run on several ports likely to be SSH based on empirical data from Shodan.io, as well as the netconf-ssh service. [Lim Shi Min Jonathan, Daniel Miller] o [Zenmap] Stop creating a debugging output file 'tmp.txt' on the desktop in macOS. [Roland Linder] o [Nping] Address build failure under libc++ due to "using namespace std;" in several headers, resulting in conflicting definitions of bind(). Reported by StormBytePP and Rosen Penev. [Daniel Miller] o [Ncat] Fix a fatal error when connecting to a Linux VM socket with verbose output enabled. [Stefano Garzarella] o [Ncat] Proxy credentials can be alternatively passed onto Ncat by setting environment variable NCAT_PROXY_AUTH, which reduces the risk of the credentials getting captured in process logs. [nnposter] o [NSE] Fixed a crash on Windows when processing a GZIP-encoded HTTP body. [Daniel Miller] o Upgrade libpcap to 1.9.1, which addresses several CVE vulnerabilities. o Upgrade libssh2 to 1.9.0, fixing compilation with OpenSSL 1.1.0 API. o Processing of IP address CIDR blocks was not working correctly on ppc64, ppc64le, and s390x architectures. [rfrohl, nnposter] o [Windows] Add support for the new loopback behavior in Npcap 0.9983 and later. This enables Nmap to scan localhost on Windows without needing the Npcap Loopback Adapter to be installed, which was a source of problems for some users. [Daniel Miller] o [NSE] MS SQL library has improved version resolution, from service pack level to individual cumulative updates [nnposter] o [NSE] With increased verbosity, script http-default-accounts now reports matched target fingerprints even if no default credentials were found [nnposter] o [NSE] IPP request object conversion to string was not working correctly [nnposter] o [NSE] IPP response parser was not correctly processing end-of-attributes-tag [nnposter] o [NSE] Script cups-info was failing due to erroneous double-decoding of the IPP printer status [nnposter] o [NSE] Oracle TNS parser was incorrectly unmarshalling DALC byte arrays [nnposter] o [NSE] The password hashing function for Oracle 10g was not working correctly for non-alphanumeric characters [nnposter] o [NSE] Virtual host probing list, vhosts-full.lst, was missing numerous entries present in vhosts-default.lst [nnposter] o [NSE] Script http-grep was not correctly calculating Luhn checksum [Colleen Li, nnposter] o [NSE] Scripts dhcp-discover and broadcast-dhcp-discover now support new argument "mac" to force a specific client MAC address [nnposter] o [NSE] Code improvements in RPC Dump, benefitting NFS-related scripts [nnposter] o [NSE] RPC code was using incorrect port range, which was causing some calls, such as NFS mountd, to fail intermittently [nnposter] o [NSE] XML output from script ssl-cert now includes RSA key modulus and exponent [nnposter] o [NSE] Nmap no longer crashes when SMB scripts, such as smb-ls, call smb.find_files [nnposter] o [NSE] The MongoDB library was causing errors when assembling protocol payloads. [nnposter] o [NSE] The RTSP library was not correctly generating request strings. [nnposter] o [NSE] VNC handshakes were failing with insert position out of bounds error. [nnposter] o [NSE] Function marshall_dom_sid2 in library msrpctypes was not correctly populating ID Authority. [nnposter] o [NSE] Unmarshalling functions in library msrpctypes were attempting arithmetic on a nil argument. [Ivan Ivanov, nnposter] o [NSE] Functions lsa_lookupnames2 and lsa_lookupsids2 in library msrpc were incorrectly referencing function strjoin when called with debug level 2 or higher. [Ivan Ivanov] o [NSE] Added HTTP default account fingerprints for Tomcat Host Manager and Dell iDRAC9. [Clément Notin] o [NSE] A MS-SMB spec non-compliance in Samba was causing protocol negotiation to fail with data string too short error. [Clément Notin, nnposter] o [NSE] A bug in SMB library was causing scripts to fail with bad format argument error. [Ivan Ivanov] o [NSE] The HTTP library no longer crashes when code requests digest authentication but the server does not provide the necessary authentication header. [nnposter] o [NSE] Fixed a bug in http-wordpress-users.nse that could cause extraneous output to be captured as part of a username. [Duarte Silva] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2019/08/28 13:55:44 adam Exp $ d3 4 a6 4 SHA1 (nmap-7.91.tar.bz2) = e72198f463ee9d557e4c5c9444cc5a0e5c36b00c RMD160 (nmap-7.91.tar.bz2) = 3e011fdd6fb3b391a3cbfc6e4c7ec35ccfe1819b SHA512 (nmap-7.91.tar.bz2) = 9d59f031b5f748311e9f9a0b9d05ad4a7a70fc6ac17598d7c4c81a4825c95d53817d74435d839e67b9379a052f2d37889fd634f9c75301a851f465d60fb9974d Size (nmap-7.91.tar.bz2) = 10503500 bytes @ 1.2 log @nmap: updated to 7.80 7.80: Here is the full list of significant changes: o [Windows] The Npcap Windows packet capturing library (https://npcap.org/) is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all of these changes from the last 15 Npcap releases: https://nmap.org/npcap/changelog o [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598! They are all listed at https://nmap.org/nsedoc/, and the summaries are below: + broadcast-hid-discoveryd discovers HID devices on a LAN by sending a discoveryd network broadcast probe. + broadcast-jenkins-discover discovers Jenkins servers on a LAN by sending a discovery broadcast probe. + http-hp-ilo-info extracts information from HP Integrated Lights-Out (iLO) servers. + http-sap-netweaver-leak detects SAP Netweaver Portal with the Knowledge Management Unit enabled with anonymous access. + https-redirect detects HTTP servers that redirect to the same port, but with HTTPS. Some nginx servers do this, which made ssl-* scripts not run properly. + lu-enum enumerates Logical Units (LU) of TN3270E servers. + rdp-ntlm-info extracts Windows domain information from RDP services. + smb-vuln-webexec checks whether the WebExService is installed and allows code execution. + smb-webexec-exploit exploits the WebExService to run arbitrary commands with SYSTEM privileges. + ubiquiti-discovery extracts information from the Ubiquiti Discovery service and assists version detection. + vulners queries the Vulners CVE database API using CPE information from Nmap's service and application version detection. o Use pcap_create instead of pcap_live_open in Nmap, and set immediate mode on the pcap descriptor. This solves packet loss problems on Linux and may improve performance on other platforms. o [NSE] Collected utility functions for string processing into a new library, stringaux.lua. o [NSE] New rand.lua library uses the best sources of random available on the system to generate random strings. o [NSE] New library, oops.lua, makes reporting errors easy, with plenty of debugging detail when needed, and no clutter when not. o [NSE] Collected utility functions for manipulating and searching tables into a new library, tableaux.lua. o [NSE] New knx.lua library holds common functions and definitions for communicating with KNX/Konnex devices. o [NSE] The HTTP library now provides transparent support for gzip- encoded response body. (See https://github.com/nmap/nmap/pull/1571 for an overview.) o [Nsock][Ncat] Add AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat. VM sockets are used for communication between virtual machines and the hypervisor. o [Security][Windows] Address CVE-2019-1552 in OpenSSL by building with the prefix "C:\Program Files (x86)\Nmap\OpenSSL". This should prevent unauthorized users from modifying OpenSSL defaults by writing configuration to this directory. o [Security] Reduced LibPCRE resource limits so that version detection can't use as much of the stack. Previously Nmap could crash when run on low-memory systems against target services which are intentionally or accidentally difficult to match. Someone assigned CVE-2018-15173 for this issue. o Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is already used whenever possible, and the -PR option would not force it to be used in any other case. o [NSE] bin.lua is officially deprecated. Lua 5.3, added 2 years ago in Nmap 7.25BETA2, has native support for binary data packing via string.pack and string.unpack. All existing scripts and libraries have been updated. o [NSE] Completely removed the bit.lua NSE library. All of its functions are replaced by native Lua bitwise operations, except for `arshift` (arithmetic shift) which has been moved to the bits.lua library. [Daniel Miller] o [NSE] The HTTP library is now enforcing a size limit on the received response body. The default limit can be adjusted with a script argument, which applies to all scripts, and can be overridden case-by-case with an HTTP request option. (See https://github.com/nmap/nmap/pull/1571 for details.) o [NSE] CR characters are no longer treated as illegal in script XML output. o Allow resuming nmap scan with lengthy command line [Clément Notin] o [NSE] Add TLS support to rdp-enum-encryption. Enables determining protocol version against servers that require TLS and lays ground work for some NLA/CredSSP information collection. o [NSE] Address two protocol parsing issues in rdp-enum-encryption and the RDP nse library which broke scanning of Windows XP. Clarify protocol types o [NSE] Script http-fileupload-exploiter failed to locate its resource file unless executed from a specific working directory. o [NSE] Avoid clobbering the "severity" and "ignore_404" values of fingerprints in http-enum. None of the standard fingerprints uses these fields. o [NSE] Fix a crash caused by a double-free of libssh2 session data when running SSH NSE scripts against non-SSH services. o [NSE] Updates the execution rule of the mongodb scripts to be able to run on alternate ports. o [Ncat] Allow Ncat to connect to servers on port 0, provided that the socket implementation allows this. o Update the included libpcap to 1.9.0. o [NSE] Fix a logic error that resulted in scripts not honoring the smbdomain script-arg when the target provided a domain in the NTLM challenge. o [Nsock] Avoid a crash (Protocol not supported) caused by trying to reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel Miller] o [NSE] Removed OSVDB references from scripts and replaced them with BID references where possible. o [NSE] Updates TN3270.lua and adds argument to disable TN3270E o RMI parser could crash when encountering invalid input [Clément Notin] o Avoid reporting negative latencies due to matching an ARP or ND response to a probe sent after it was recieved. o [Ncat] To avoid confusion and to support non-default proxy ports, option --proxy now requires a literal IPv6 address to be specified using square-bracket notation, such as --proxy o [Ncat] New ncat option provides control over whether proxy destinations are resolved by the remote proxy server or locally, by Ncat itself. See option --proxy-dns. o [NSE] Updated script ftp-syst to prevent potential endless looping. o New service probes and match lines for v1 and v2 of the Ubiquiti Discovery protocol. Devices often leave the related service open and it exposes significant amounts of information as well as the risk of being used as part of a DDoS. New nmap-payload entry for v1 of the protocol. o [NSE] Removed hostmap-ip2hosts.nse as the API has been broken for a while and the service was completely shutdown on Feb 17th, 2019. [Paulino Calderon] o [NSE] Adds TN3270E support and additional improvements to tn3270.lua and updates tn3270-screen.nse to display the new setting. o [NSE] Updates product codes and adds a check for response length in enip-info.nse. The script now uses string.unpack. o [Ncat] Temporary RSA keys are now 2048-bit to resolve a compatibility issue with OpenSSL library configured with security level 2, as seen on current Debian or Kali. o [NSE] Fix a crash (double-free) when using SSH scripts against non-SSH services. o [Zenmap] Fix a crash when Nmap executable cannot be found and the system PATH contains non-UTF-8 bytes, such as on Windows. o [Zenmap] Fix a crash in results search when using the dir: operator: AttributeError: 'SearchDB' object has no attribute 'match_dir' [Daniel Miller] o [Ncat] Fixed an issue with Ncat -e on Windows that caused early termination of connections. o [NSE] Fix a false-positive in http-phpmyadmin-dir-traversal when the server responds with 200 status to a POST request to any URI. o [NSE] New vulnerability state in vulns.lua, UNKNOWN, is used to indicate that testing could not rule out vulnerability. o When searching for Lua header files, actually use them where they are found instead of forcing /usr/include. [Fabrice Fontaine, Daniel Miller] o [NSE] Script traceroute-geolocation no longer crashes when www.GeoPlugin.net returns null coordinates o Limit verbose -v and debugging -d levels to a maximum of 10. Nmap does not use higher levels internally. o [NSE] tls.lua when creating a client_hello message will now only use a SSLv3 record layer if the protocol version is SSLv3. Some TLS implementations will not handshake with a client offering less than TLSv1.0. Scripts will have to manually fall back to SSLv3 to talk to SSLv3-only servers. o [NSE] Fix a few false-positive conditions in ssl-ccs-injection. TLS implementations that responded with fatal alerts other than "unexpected message" had been falsely marked as vulnerable. o Emergency fix to Nmap's birthday announcement so Nmap wishes itself a "Happy 21st Birthday" rather than "Happy 21th" in verbose mode (-v) on September 1, 2018. o Start host timeout clocks when the first probe is sent to a host, not when the hostgroup is started. Sometimes a host doesn't get probes until late in the hostgroup, increasing the chance it will time out. o [NSE] Support for edns-client-subnet (ECS) in dns.lua has been improved by: - - Properly trimming ECS address, as mandated by RFC 7871 - Fixing a bug that prevented using the same ECS option table more than once o [Ncat] Fixed communication with commands launched with -e or -c on Windows, especially when --ssl is used. o [NSE] Script http-default-accounts can now select more than one fingerprint category. It now also possible to select fingerprints by name to support very specific scanning. o [NSE] Script http-default-accounts was not able to run against more than one target host/port. o [NSE] New script-arg `http.host` allows users to force a particular value for the Host header in all HTTP requests. o [NSE] Use smtp.domain script arg or target's domain name instead of "example.com" in EHLO command used for STARTTLS. o [NSE] Fix brute.lua's BruteSocket wrapper, which was crashing Nmap with an assertion failure due to socket mixup [Daniel Miller]: nmap: nse_nsock.cc:672: int receive_buf(lua_State*, int, lua_KContext): Assertion `lua_gettop(L) == 7' failed. o [NSE] Handle an error condition in smb-vuln-ms17-010 caused by IPS closing the connection. o [Ncat] Fixed literal IPv6 URL format for connecting through HTTP proxies. o [NSE] Updates vendors from ODVA list for enip-info. [NothinRandom] o [NSE] Add two common error strings that improve MySQL detection by the script http-sql-injection. o [NSE] Fix bug in http-vuln-cve2006-3392 that prevented the script to generate the vulnerability report correctly. o [NSE] Fix bug related to screen rendering in NSE library tn3270. This patch also improves the brute force script tso-brute. o [NSE] Fix SIP, SASL, and HTTP Digest authentication when the algorithm contains lowercase characters. o Nmap could be fooled into ignoring TCP response packets if they used an unknown TCP Option, which would misalign the validation, causing it to fail. o [NSE]The HTTP response parser now tolerates status lines without a reason phrase, which improves compatibility with some HTTP servers. o [NSE]] Parser for HTTP Set-Cookie header is now more compliant with RFC 6265: - empty attributes are tolerated - double quotes in cookie and/or attribute values are treated literally - attributes with empty values and value-less attributes are parsed equally - attributes named "name" or "value" are ignored o [NSE] Fix parsing http-grep.match script-arg. [Hans van den Bogert] o [Zenmap] Avoid a crash when recent_scans.txt cannot be written to. o Fixed --resume when the path to Nmap contains spaces. o New service probe and match lines for adb, the Android Debug Bridge, which allows remote code execution and is left enabled by default on many devices. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2018/04/14 13:04:33 adam Exp $ d3 4 a6 4 SHA1 (nmap-7.80.tar.bz2) = cfd8162192cfe2623f5770b8ed3c6237791ff6bf RMD160 (nmap-7.80.tar.bz2) = f9e2a71733fd25db98681286c9c2bf23d41bdd71 SHA512 (nmap-7.80.tar.bz2) = d4384d3ebf4f3abf3588eed5433f733874ecdceb9342a718dc36db19634b0cc819d73399974eb0a9a9c9dd9e5c88473e07644ec91db28b0c072552b54430be6b Size (nmap-7.80.tar.bz2) = 10550327 bytes @ 1.1 log @nmap: ndiff and zenmap are now separate packages (incl. build fixes for zenmap) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.76 2018/04/03 14:34:00 adam Exp $ d3 4 a6 4 SHA1 (nmap-7.70.tar.bz2) = 71057361a0953bba5967dc0385de77f3eed792de RMD160 (nmap-7.70.tar.bz2) = 39b176e3b515bb5bf95503e3cb431a0dcd9e97ed SHA512 (nmap-7.70.tar.bz2) = 084c148b022ff6550e269d976d0077f7932a10e2ef218236fe13aa3a70b4eb6506df03329868fc68cb3ce78e4360b200f5a7a491d3145028fed679ef1c9ecae5 Size (nmap-7.70.tar.bz2) = 10467371 bytes @