Nmap 6/7 Released

отредактировано September 2021 Раздел: Уязвимости систем и приложений


Nmap 6 Released

May 21, 2012—The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade.
Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
Тэги темы:

Комментарии

  • отредактировано August 2017 PM
    поиск с помощью nmap активности Conficker-а
    --------
    2. Сканирование компьютеров с использованием готовой маски из комплекта последней версии nmap:
    nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.1.0/24
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано August 2017 PM
    поиск уязвимости CVE-2017-0143 (ETERNALBLUE) в системе. (nmap v7.50)
    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
    nmap -p445 --script smb-vuln-ms17-010 <target>
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано August 2017 PM
    Вышел Nmap 7.60! Поддержка SSH, усовершенствования SMB2 / SMB3, еще 14 скриптов, новый Npcap, работа GSoC и многое другое

    From: Fyodor <fyodor () nmap org>
    Date: Tue, 1 Aug 2017 15:26:58 -0700
    Hello everyone. I'm back from Defcon and excited to announce the new Nmap
    7.60 release! It has only been a month and a half since 7.50, but we still
    packed a lot into this one. Mostly because we have such an awesome GSoC
    team of 8 students and mentors working on so many cool projects. The
    program hasn't even ended yet, but much of their work has already been
    integrated into this release.

    One of the things I'm most excited about is ssh support. Nmap scripts can
    now perform brute force SSH password cracking, query servers about what
    auth methods and public keys they accept, and even log in using known or
    discovered credentials to execute arbitrary commands. We're including four
    scripts to start out with, and it opens the door to many more future
    capabilities! This was the product of three summers of GSoC students
    building on each other's work until we finally have something portable
    (works on Linux, Windows, Mac, etc.) and reliable enough to include. Mad
    props to the students Devin Bjelland (2014), Sergey Khegay (2016), and
    Evangelos Deirmentzoglou (2017) as well as their mentors Patrick Donnelly
    and Fotis "Ithilgore" Hantzis!

    Oh, we also have 14 (!) new NSE scripts, and a bunch of great SMB2/SMB3
    improvements by Paulino Calderon. This release also includes our new Npcap
    0.93 which resolves an issue where the Microsoft Windows 10 Creators Update
    was breaking Npcap and impairing Nmap functionality. There's a lot more,
    so I'll end this email with the full list.


    Вот полный список существенных изменений с момента появления Nmap 7.50:
    • [Windows] Updated the bundled Npcap from 0.91 to 0.93, fixing several
    issues with installation and compatibility with the Windows 10 Creators
    Update.

    • [NSE][GH#910] NSE scripts now have complete SSH support via libssh2,
    including password brute-forcing and running remote commands, thanks to the
    combined efforts of three Summer of Code students: [Devin Bjelland, Sergey
    Khegay, Evangelos Deirmentzoglou]

    • [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 579!
    They are all listed at https://nmap.org/nsedoc/, and the summaries are
    below:

    - ftp-syst sends SYST and STAT commands to FTP servers to get system
    version and connection information. [Daniel Miller]
    - [GH#916] http-vuln-cve2017-8917 checks for an SQL injection
    vulnerability affecting Joomla! 3.7.x before 3.7.1. [Wong Wai Tuck]
    - iec-identify probes for the IEC 60870-5-104 SCADA protocol. [Aleksandr
    Timorin, Daniel Miller]
    - [GH#915] openwebnet-discovery retrieves device identifying information
    and number of connected devices running on openwebnet protocol. [Rewanth
    Cool]
    - puppet-naivesigning checks for a misconfiguration in the Puppet CA
    where naive signing is enabled, allowing for any CSR to be automatically
    signed. [Wong Wai Tuck]
    - [GH#943] smb-protocols discovers if a server supports dialects NT LM
    0.12 (SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11. This replaces the old
    smbv2-enabled script. [Paulino Calderon]
    - [GH#943] smb2-capabilities lists the supported capabilities of
    SMB2/SMB3 servers. [Paulino Calderon]
    - [GH#943] smb2-time determines the current date and boot date of SMB2
    servers. [Paulino Calderon]
    - [GH#943] smb2-security-mode determines the message signing
    configuration of SMB2/SMB3 servers. [Paulino Calderon]
    - [GH#943] smb2-vuln-uptime attempts to discover missing critical
    patches in Microsoft Windows systems based on the SMB2 server uptime.
    [Paulino Calderon]
    - ssh-auth-methods lists the authentication methods offered by an SSH
    server. [Devin Bjelland]
    - ssh-brute performs brute-forcing of SSH password credentials. [Devin
    Bjelland]
    - ssh-publickey-acceptance checks public or private keys to see if they
    could be used to log in to a target. A list of known-compromised key pairs
    is included and checked by default. [Devin Bjelland]
    - ssh-run uses user-provided credentials to run commands on targets via
    SSH. [Devin Bjelland]

    • [NSE] Removed smbv2-enabled, which was incompatible with the new SMBv2/3
    improvements. It was fully replaced by the smb-protocols script.

    • [Ncat][GH#446] Added Datagram TLS (DTLS) support to Ncat in connect
    (client) mode with --udp --ssl. Also added Application Layer Protocol
    Negotiation (ALPN) support with the --ssl-alpn option. [Denis Andzakovic,
    Daniel Miller]

    • Updated the default ciphers list for Ncat and the secure ciphers list for
    Nsock to use "!aNULL:!eNULL" instead of "!ADH". With the addition of ECDH
    ciphersuites, anonymous ECDH suites were being allowed. [Daniel Miller]

    • [NSE][GH#930] Fix ndmp-version and ndmp-fs-info when scanning Veritas
    Backup Exec Agent 15 or 16. [Andrew Orr]

    • [NSE][GH#943] Added new SMB2/3 library and related scripts. [Paulino
    Calderon]

    • [NSE][GH#950] Added wildcard detection to dns-brute. Only hostnames that
    resolve to unique addresses will be listed. [Aaron Heesakkers]

    • [NSE] FTP scripts like ftp-anon and ftp-brute now correctly handle
    TLS-protected FTP services and use STARTTLS when necessary. [Daniel Miller]

    • [NSE][GH#936] Function url.escape no longer encodes so-called
    "unreserved" characters, including hyphen, period, underscore, and tilde,
    as per RFC 3986. [nnposter]

    • [NSE][GH#935] Function http.pipeline_go no longer assumes that persistent
    connections are supported on HTTP 1.0 target (unless the target explicitly
    declares otherwise), as per RFC 7230. [nnposter]

    • [NSE][GH#934] The HTTP response object has a new member, version, which
    contains the HTTP protocol version string returned by the server, e.g.
    "1.0". [nnposter]

    • [NSE][GH#938] Fix handling of the objectSID Active Directory attribute by
    ldap.lua. [Tom Sellers]

    • [NSE] Fix line endings in the list of Oracle SIDs used by
    oracle-sid-brute. Carriage Return characters were being sent in the
    connection packets, likely resulting in failure of the script. [Anant
    Shrivastava]

    • [NSE][GH#141] http-useragent-checker now checks for changes in HTTP
    status (usually 403 Forbidden) in addition to redirects to indicate
    forbidden User Agents. [Gyanendra Mishra]

    Enjoy this new release and please do let us know if you find any problems!
    Download link: https://nmap.org/download.html

    Cheers,
    Fyodor

    http://seclists.org/nmap-announce/2017/4
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано March 2018 PM
    Nmap 7.70 [2018-03-20]
    [Windows] Updated the bundled Npcap from 0.93 to 0.99-r2, with many stability fixes and installation improvements, as well as fixes to raw 802.11 frame capture. See https://nmap.org/npcap/changelog
    Integrated all of your service/version detection fingerprints submitted from March 2017 to August 2017 (728 of them). The signature count went up 1.02% to 11,672, including 26 new softmatches. We now detect 1224 protocols from filenet-pch, lscp, and netassistant to sharp-remote, urbackup, and watchguard. We will try to integrate the remaining submissions in the next release.

    Integrated all of your IPv4 OS fingerprint submissions from September 2016 to August 2017 (667 of them). Added 298 fingerprints, bringing the new total to 5,652. Additions include iOS 11, macOS Sierra, Linux 4.14, Android 7, and more.
    Integrated all 33 of your IPv6 OS fingerprint submissions from September 2016 to August 2017. New groups for OpenBSD 6.0 and FreeBSD 11.0 were added, as well as strengthened groups for Linux and OS X.

    Added the --resolve-all option to resolve and scan all IP addresses of a host. This essentially replaces the resolveall NSE script. [Daniel Miller]

    [NSE][SECURITY] Nmap developer nnposter found a security flaw (directory traversal vulnerability) in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script with against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. Existing files couldn't be overwritten. We fixed http-fetch, audited our other scripts to ensure they didn't make this mistake, and we updated the httpspider library API to protect against this by default. [nnposter, Daniel Miller]

    [NSE] Added 9 NSE scripts, from 8 authors, bringing the total up to 588! They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

    deluge-rpc-brute performs brute-force credential testing against Deluge BitTorrent RPC services, using the new zlib library. [Claudiu Perta]
    hostmap-crtsh lists subdomains by querying Google's Certificate Transparency logs. [Paulino Calderon]
    [GH#892] http-bigip-cookie decodes unencrypted F5 BIG-IP cookies and reports back the IP address and port of the actual server behind the load-balancer. [Seth Jackson]
    http-jsonp-detection Attempts to discover JSONP endpoints in web servers. JSONP endpoints can be used to bypass Same-origin Policy restrictions in web browsers. [Vinamra Bhatia]
    http-trane-info obtains information from Trane Tracer SC controllers and connected HVAC devices. [Pedro Joaquin]
    [GH#609] nbd-info uses the new nbd.lua library to query Network Block Devices for protocol and file export information. [Mak Kolybabi]
    rsa-vuln-roca checks for RSA keys generated by Infineon TPMs vulnerable to Return Of Coppersmith Attack (ROCA) (CVE-2017-15361). Checks SSH and TLS services. [Daniel Miller]
    [GH#987] smb-enum-services retrieves the list of services running on a remote Windows machine. Modern Windows systems requires a privileged domain account in order to list the services. [Rewanth Cool]
    tls-alpn checks TLS servers for Application Layer Protocol Negotiation (ALPN) support and reports supported protocols. ALPN largely replaces NPN, which tls-nextprotoneg was written for. [Daniel Miller]
    ....

    https://nmap.org/changelog.html#7.70
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • Nmap 7.80 [2019-08-10]
    [Windows] The Npcap Windows packet capturing library (https://npcap.org/) is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all of these changes from the last 15 Npcap releases: https://nmap.org/npcap/changelog

    [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598! They are all listed at https://nmap.org/nsedoc/,

    https://nmap.org/changelog.html#7.80

    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано November 2020 PM
    Nmap 7.90 Released! First release since August 2019. From: Gordon Fyodor Lyon <fyodor () nmap org>
    Date: Sat, 3 Oct 2020 13:48:42 -0700
    [Windows] Upgraded Npcap, our Windows packet capturing (and sending) library to the milestone 1.00 release! It's the culmination of 7 years of development with 170 public pre-releases. This includes dozens of performance improvements, bug fixes, and feature enhancements described at https://npcap.org/changelog.
    [Windows] Обновленный Npcap, наша библиотека для захвата (и отправки) пакетов Windows, до версии 1.00! Это кульминация 7-летней разработки со 170 общедоступными предварительными релизами. Сюда входят десятки улучшений производительности, исправлений ошибок и улучшений функций, описанных на https://npcap.org/changelog.
    • Released Npcap OEM Edition. For more than 20 years, the Nmap Project has been funded by selling licenses for companies to distribute Nmap with their products, along with commercial support. Hundreds of commercial products now use Nmap for network discovery tasks like port scanning, host discovery, OS detection, service/version detection, and of course the Nmap Scripting Engine (NSE). Until now they have just used standard Nmap, but this new OEM Edition is customized for use within other Windows software. Nmap OEM contains the OEM version of our Npcap driver, which allows for silent installation. It also removes the Zenmap GUI, which cuts the installer size by more than half. And it reports itself as Nmap OEM so customers know it's a properly licensed Nmap. See https://nmap.org/oem formore details.

    • Выпущен Npcap OEM Edition. За более чем 20 лет проект Nmap финансировались за счет продажи лицензий компаниям на распространение Nmap со своими продуктов вместе с коммерческой поддержкой. Сотни коммерческих продуктов теперь используйте Nmap для задач обнаружения сети, таких как сканирование портов, хост обнаружение, обнаружение ОС, обнаружение службы / версии и, конечно же, Nmap Scripting Engine (NSE). До сих пор они использовали только стандартный Nmap, но эта новая OEM-версия адаптирована для использования с другим программным обеспечением Windows.
    Nmap OEM содержит OEM-версию нашего драйвера Npcap, которая позволяет тихая установка. Он также удаляет графический интерфейс Zenmap, что сокращает размер установщика более чем наполовину. И он сообщает о себе как Nmap OEM, поэтому клиенты знают, что это правильно лицензированный Nmap. См. Https://nmap.org/oem для подробнее.
    Removed nmap-update. This program was intended to provide a way to update
    data files and NSE scripts, but the infrastructure was never fielded. It depended on Subversion version control and would have required maintaining separate versions of NSE scripts for compatibility.

    Удалено nmap-update. Эта программа была предназначена для обновления файлы данных и сценарии NSE, но инфраструктура так и не была развернута. Это зависело от управления версиями Subversion и требовал поддержки отдельные версии скриптов NSE для совместимости.

    полное описание изменений:
    https://nmap.org/changelog.html#7.90
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано September 2021 PM
    Nmap 7.92 [2021-08-07]
    [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.00 to the latest version 1.50. You can read about the dozens of performance improvements, bug fixes and feature enhancements at https://npcap.org/changelog.

    [Windows] Thanks to the Npcap 1.50 upgrade, Nmap now works on the Windows ARM architecture so you can run it on lightweight and power-efficient tablets like the Microsoft Surface Pro X and Samsung Galaxy Book Go. More ARM devices are on the way along with the upcoming Windows 11 release. See the Npcap on ARM announcement at https://seclists.org/nmap-announce/2021/2.

    [Windows] Updated our Windows builds to Visual Studio 2019, Windows 10 SDK, and the UCRT. This prevents Nmap from working on Windows Vista and earlier, but they can still use older versions of Nmap on their ancient operating system.
    New Nmap option --unique will prevent Nmap from scanning the same IP address twice, which can happen when different names resolve to the same address. [Daniel Miller]

    [NSE][GH#1691] TLS 1.3 now supported by most scripts for which it is relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel connections and certificate parsing will require OpenSSL 1.1.1 or later to fully support TLS 1.3. [Daniel Miller]

    [NSE] Added 3 NSE scripts, from 4 authors, bringing the total up to 604! They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
    [GH#2201] nbns-interfaces queries NetBIOS name service (NBNS) to gather IP addresses of the target's network interfaces [Andrey Zhukov]
    [GH#711] openflow-info gathers preferred and supported protocol versions from OpenFlow devices [Jay Smith, Mak Kolybabi]
    port-states prints a list of ports that were found in each state, including states that were summarized as "Not shown: X closed ports" [Daniel Miller]
    Several changes to UDP payloads to improve accuracy:
    [GH#2269] Fix an issue with -sU where payload data went out-of-scope before it was used, causing corrupted payloads to be sent. [Mariusz Ziulek]
    Nmap's retransmission limits were preventing some UDP payloads from being tried with -sU and -PU. Now, Nmap sends each payload for a particular port at the same time without delay. [Daniel Miller]
    New UDP payloads:
    [GH#1279] TS3INIT1 for UDP 3389 [colcrunch]
    [GH#1895] DTLS for UDP 3391 (RD Gateway) [Arnim Rupp]

    [NSE][GH#2208][GH#2203] SMB2 dialect handling has been redesigned. Visible changes include:
    Notable improvement in speed of script smb-protocols and others
    Some SMB scripts are no longer using a hardcoded dialect, improving target interoperability
    Dialect names are aligned with Microsoft, such as 3.0.2, instead of 3.02 [nnposter]
    [GH#2350] Upgraded OpenSSL to version 1.1.1k. This addresses some CVE's which don't affect Nmap in a material way. Details: https://github.com/nmap/nmap/issues/2350
    Removed support for the ancient WinPcap library since we already include our own Npcap library (https://npcap.org) supporting the same API. WinPcap was abandoned years ago and it's official download page says that "WE RECOMMEND USING Npcap INSTEAD" for security, stability, compatibility, and support reasons.
    [GH#2257] Fix an issue in addrset matching that was causing all targets to be excluded if the --excludefile listed a CIDR range that contains an earlier, smaller CIDR range. [Daniel Miller]
    [GH#1922] Fix an issue that would cause Nmap to hang during scans with a host timeout, such as -T5. Any active probes when a target timed out were counting towards the global congestion window.
    [GH#2153] Do not count host discovery phase time against the host timeout, since Nmap may wait a long time between sending probes to a target while it processes other targets instead.
    [GH#2153] Fix issues with matching ICMP Time Exceeded messages that led to ignored responses and long scan times when scanning distant targets.
    Upgrade the Windows NSIS installer to use the latest NSIS 3 (version 3.07) instead of the previous NSIS 2 generation.
    Setting --host-timeout=0 will disable the host timeout, which is set by -T5 to 15 minutes. Earlier versions of Nmap require the user to specify a very long timeout instead.
    Improvements to Nmap's XML output:
    If a host times out, the XML <host> element will have the attribute timedout="true" and the host's timing info (srtt etc.) will still be printed.
    The "extrareasons" element now includes a list of port numbers for each "ignored" state. The "All X ports" and "Not shown:" lines in normal output have been changed slightly to provide more detail. [Daniel Miller]

    [NSE][GH#2237] Prevent the ssl-* NSE scripts from probing ports that were excluded from version scan, usually 9100-9107, since JetDirect will print anything sent to these ports. [Daniel Miller]
    [GH#2206] Nmap no longer produces cryptic message "Failed to convert source address to presentation format" when unable to find useable route to the target. [nnposter]
    [Ncat][GH#2202] Use safety-checked versions of FD_* macros to abort early if number of connections exceeds FD_SETSIZE. [Pavel Zhukov]
    [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping server data sent right after the connection got established, such as port banners. [Sami Pönkänen]
    [Ncat][GH#2149] Fixed a bug in proxy connect mode which would close the connection as soon as it was opened in Nmap 7.90 and 7.91.

    [NSE][GH#2175] Fixed NSE so it will not consolidate all port script output for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller]
    [Zenmap][GH#2157] Fixed an issue where a failure to execute Nmap would result in a Zenmap crash with "TypeError: coercing to Unicode" exception.
    Nmap no longer considers an ICMP Host Unreachable as confirmation that a target is down, in accordance with RFC 1122 which says these errors may be transient. Instead, the probe will be destroyed and other probes used to determine aliveness. [Daniel Miller]
    [Ncat][GH#2154] Ncat no longer crashes when used with Unix domain sockets.
    [Ncat][GH#2167][GH#2168] Ncat is now again generating certificates with the duration of one year. Due to a bug, recent versions of Ncat were using only one minute. [Tobias Girstmair]

    [NSE][GH#2281] URL/percent-encoding is now using uppercase hex digits to align with RFC 3986, section 2.1, and to improve compatibility with some real-world web servers. [nnposter]

    [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most visible are that certificate SANs are properly split apart and that identities that are syntactically incorrect to be hostnames are now ignored. [Michel Le Bihan, nnposter]

    [NSE] Loading of a Nikto database failed if the file was referenced relative to the Nmap directory [nnposter]
    [GH#2199] Updated Nmap's NPSL license to rewrite a poorly-worded clause about "proprietary software companies". The new license version 0.93 is still available from https://nmap.org/npsl/. As described on that page, we are also still offering Nmap 7.90, 7.91, and 7.92 under the previous Nmap 7.80 license. Finally, we still offer the Nmap OEM program for companies who want a non-copyleft license allowing them to redistribute Nmap with their products at https://nmap.org/oem/.

    [NSE] Script smb2-vuln-uptime no longer reports false positives when the target does not provide its boot time. [nnposter]

    [NSE][GH#2197] Client packets composed by the DHCP library will now contain option 51 (IP address lease time) only when requested. [nnposter]

    [NSE][GH#2192] XML decoding in library citrixxml no longer crashes when encountering a character reference with codepoint greater than 255. (These references are now left unmodified.) [nnposter]

    [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for the audit rule base. [nnposter]

    [NSE][GH#1473] It is now possible to control whether the SNMP library uses v1 (default) or v2c by setting script argument snmp.version. [nnposter]

    https://nmap.org/changelog.html#7.92
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • Правительство Великобритании выпускает скрипты Nmap для поиска незакрытых уязвимостей

    Национальный центр кибербезопасности Соединенного Королевства (NCSC), правительственное агентство, возглавляющее миссию по кибербезопасности Великобритании, выпускает скрипты NMAP Scripting Engine, чтобы помочь защитникам сканировать и устранять уязвимые системы в своих сетях.

    Это совместная инициатива NCSC и i100 (Industry 100), которая объединяет отраслевых и государственных экспертов для поиска решений угроз кибербезопасности.

    Сценарии, созданные партнерами i100 или экспертами по безопасности, которые хотят поделиться своими сценариями с сообществом, будут опубликованы на GitHub в рамках нового проекта Scanning Made Easy (SME).

    «Когда обнаруживается уязвимость в программном обеспечении, зачастую проще найти код для проверки концепции, чтобы использовать ее, чем найти инструменты, которые помогут защитить вашу сеть», — заявил сегодня NCSC.

    «Что еще хуже, даже при наличии сценария сканирования может быть трудно понять, безопасно ли его запускать, не говоря уже о том, возвращает ли он действительные результаты сканирования. Scanning Made Easy (SME) родился из-за нашего разочарования в эту проблему и наше желание помочь сетевым защитникам найти уязвимые системы, чтобы они могли их защитить».

    Перед добавлением новых скриптов в коллекцию SME NCSC проверит выполнение следующих требований:
    написан для NMAP с использованием обработчика сценариев NMAP (.nse).
    относятся к одной из высокоприоритетных уязвимостей, влияющих на Великобританию;
    соответствовать шаблону метаданных;
    работать изолированно, т.е. без зависимостей и не подключаться к другим серверам;
    быть как можно ближе к 100% надежному обнаружению уязвимых экземпляров, т. е. иметь низкий уровень ложноположительных результатов;
    быть максимально ненавязчивым (т.е. не передавать избыточный сетевой трафик) и максимально безопасным в механизме обнаружения;
    размещаться в общедоступном репозитории или на веб-сайте;
    быть в свободном доступе в соответствии с разрешительной лицензией с открытым исходным кодом;
    не собирать конфиденциальные данные, например, подверженность угрозе кибербезопасности или персональные данные;
    не отправлять данные из системы, на которой запущен скрипт; и
    возможность записи вывода скрипта в файл.

    Первый сценарий SME уже выпущен

    NCSC уже выпустил первый сценарий SME в сотрудничестве с NCC Group (партнер i100), чтобы помочь администраторам сканировать серверы, уязвимые для атак с использованием эксплойтов 21Nails, нацеленных на уязвимости удаленного выполнения кода Exim.

    Правительственное агентство Великобритании планирует выпускать новые сценарии Nmap только для критических уязвимостей безопасности, которые, как считается, находятся в верхней части списков целей злоумышленников.

    Новый проект NCSC для малого и среднего бизнеса направлен на упрощение обнаружения уязвимых систем с помощью надежных и простых в использовании инструментов.

    «Мы хотим, чтобы SME был как можно более простым в использовании, а также должен быть надежным. Обеспечение ложного чувства безопасности или ложных срабатываний не помогает сделать ваши системы более безопасными, поскольку вы не будете устанавливать реальную безопасность. проблемы", - добавили в НКСС.

    «Вот почему сценарии SME пишутся с использованием NMAP Scripting Engine (NSE). NMAP — это стандартный отраслевой инструмент отображения сети, который активно разрабатывается уже более 20 лет».

    https://www.bleepingcomputer.com/news/security/uk-govt-releasing-nmap-scripts-to-find-unpatched-vulnerabilities/
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • Nmap 7.93 [2022-09-01]

    This release commemorates Nmap's 25th anniversary! It all started with this September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
    [Windows]Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.50 to the latest version 1.71. It includes dozens of performance improvements, bug fixes and feature enhancements described at https://npcap.com/changelog.
    Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions. Binaries for this release include OpenSSL 3.0.5.
    Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
    [GH#2416]Fix a bug that prevented Nmap from discovering interfaces on Linux when no IPv4 addresses were configured. [Daniel Miller, nnposter]
    [NSE][GH#2463]NSE "exception handling" with nmap.new_try() will no longer result in a stack traceback in debug output nor a "ERROR: script execution failed" message in script output, since the intended behavior has always been to end the script immediately without output. [Daniel Miller]
    [GH#2494]Update the Nmap output DTD to match actual output since the `<hosthint>` element was added in Nmap 7.90.
    [NSE][GH#2496]Fix newtargets support: since Nmap 7.92, scripts could not add targets in script pre-scanning phase. [Daniel Miller]
    [GH#2468]Scripts dhcp-discover and broadcast-dhcp-discover now support setting a client identifier. [nnposter]
    [GH#2331][GH#2471]Script oracle-tns-version was not reporting the version correctly for Oracle 19c or newer [linholmes]
    [GH#2296][GH#2342]Script redis-info was crashing or producing inaccurate information about client connections and/or cluster nodes. [nnposter]
    [GH#2379]Nmap and Nping were unable to obtain system routes on FreeBSD [benpratt, nnposter]
    [GH#2464]Script ipidseq was broken due to calling an unreachable library function. [nnposter]
    [GH#2420][GH#2436]Support for EC crypto was not properly enabled if Nmap was compiled with OpenSSL in a custom location. [nnposter]
    [NSE]Improvements to event handling and pcap socket garbage collection, fixing potential hangs and crashes. [Daniel Miller]
    We ceased creating the Nmap win32 binary zipfile. It was useful back when you could just unzip it and run Nmap from there, but that hasn't worked well for many years. The win32 self-installer handles Npcap installation and many other dependencies and complexities. Anyone who needs the binaries for some reason can still install Nmap on any system and retrieve them from there. For now we're keeping the Win32 zipfile in the Nmap OEM Edition (https://nmap.org/oem) for companies building Nmap into their own products. But even in that case we believe that running the Nmap OEM self-installer in silent mode is a better approach.
    [GH#2388]Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode.
    [GH#2402]Replace deprecated CPEs for IIS with their updated identifier, cpe:/a:microsoft:internet_information_services [Esa Jokinen]
    [NSE][GH#2393]Fix script-terminating error when unknown BSON data types are encountered. Added parsers for most standard data types. [Daniel Miller]
    [Ncat]Fix hostname/certificate comparison and matching to handle ASN.1 strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
    [Ncat][GH#2365]Added support for SOCKS5 proxies that return bind addresses as hostnames, instead of IPv4/IPv6 addresses. [pomu0325]

    https://nmap.org/changelog#7.93
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
Войдите или Зарегистрируйтесь чтобы комментировать.