Nmap 6/7 Released

отредактировано 6 сен Раздел: Уязвимости систем и приложений

Nmap 6 Released

May 21, 2012—The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade.
Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
Тэги темы:


  • отредактировано августа 2017 PM
    поиск с помощью nmap активности Conficker-а
    2. Сканирование компьютеров с использованием готовой маски из комплекта последней версии nmap:
    nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано августа 2017 PM
    поиск уязвимости CVE-2017-0143 (ETERNALBLUE) в системе. (nmap v7.50)
    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
    nmap -p445 --script smb-vuln-ms17-010 <target>
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано августа 2017 PM
    Вышел Nmap 7.60! Поддержка SSH, усовершенствования SMB2 / SMB3, еще 14 скриптов, новый Npcap, работа GSoC и многое другое

    From: Fyodor <fyodor () nmap org>
    Date: Tue, 1 Aug 2017 15:26:58 -0700
    Hello everyone. I'm back from Defcon and excited to announce the new Nmap
    7.60 release! It has only been a month and a half since 7.50, but we still
    packed a lot into this one. Mostly because we have such an awesome GSoC
    team of 8 students and mentors working on so many cool projects. The
    program hasn't even ended yet, but much of their work has already been
    integrated into this release.

    One of the things I'm most excited about is ssh support. Nmap scripts can
    now perform brute force SSH password cracking, query servers about what
    auth methods and public keys they accept, and even log in using known or
    discovered credentials to execute arbitrary commands. We're including four
    scripts to start out with, and it opens the door to many more future
    capabilities! This was the product of three summers of GSoC students
    building on each other's work until we finally have something portable
    (works on Linux, Windows, Mac, etc.) and reliable enough to include. Mad
    props to the students Devin Bjelland (2014), Sergey Khegay (2016), and
    Evangelos Deirmentzoglou (2017) as well as their mentors Patrick Donnelly
    and Fotis "Ithilgore" Hantzis!

    Oh, we also have 14 (!) new NSE scripts, and a bunch of great SMB2/SMB3
    improvements by Paulino Calderon. This release also includes our new Npcap
    0.93 which resolves an issue where the Microsoft Windows 10 Creators Update
    was breaking Npcap and impairing Nmap functionality. There's a lot more,
    so I'll end this email with the full list.

    Вот полный список существенных изменений с момента появления Nmap 7.50:
    • [Windows] Updated the bundled Npcap from 0.91 to 0.93, fixing several
    issues with installation and compatibility with the Windows 10 Creators

    • [NSE][GH#910] NSE scripts now have complete SSH support via libssh2,
    including password brute-forcing and running remote commands, thanks to the
    combined efforts of three Summer of Code students: [Devin Bjelland, Sergey
    Khegay, Evangelos Deirmentzoglou]

    • [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 579!
    They are all listed at https://nmap.org/nsedoc/, and the summaries are

    - ftp-syst sends SYST and STAT commands to FTP servers to get system
    version and connection information. [Daniel Miller]
    - [GH#916] http-vuln-cve2017-8917 checks for an SQL injection
    vulnerability affecting Joomla! 3.7.x before 3.7.1. [Wong Wai Tuck]
    - iec-identify probes for the IEC 60870-5-104 SCADA protocol. [Aleksandr
    Timorin, Daniel Miller]
    - [GH#915] openwebnet-discovery retrieves device identifying information
    and number of connected devices running on openwebnet protocol. [Rewanth
    - puppet-naivesigning checks for a misconfiguration in the Puppet CA
    where naive signing is enabled, allowing for any CSR to be automatically
    signed. [Wong Wai Tuck]
    - [GH#943] smb-protocols discovers if a server supports dialects NT LM
    0.12 (SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11. This replaces the old
    smbv2-enabled script. [Paulino Calderon]
    - [GH#943] smb2-capabilities lists the supported capabilities of
    SMB2/SMB3 servers. [Paulino Calderon]
    - [GH#943] smb2-time determines the current date and boot date of SMB2
    servers. [Paulino Calderon]
    - [GH#943] smb2-security-mode determines the message signing
    configuration of SMB2/SMB3 servers. [Paulino Calderon]
    - [GH#943] smb2-vuln-uptime attempts to discover missing critical
    patches in Microsoft Windows systems based on the SMB2 server uptime.
    [Paulino Calderon]
    - ssh-auth-methods lists the authentication methods offered by an SSH
    server. [Devin Bjelland]
    - ssh-brute performs brute-forcing of SSH password credentials. [Devin
    - ssh-publickey-acceptance checks public or private keys to see if they
    could be used to log in to a target. A list of known-compromised key pairs
    is included and checked by default. [Devin Bjelland]
    - ssh-run uses user-provided credentials to run commands on targets via
    SSH. [Devin Bjelland]

    • [NSE] Removed smbv2-enabled, which was incompatible with the new SMBv2/3
    improvements. It was fully replaced by the smb-protocols script.

    • [Ncat][GH#446] Added Datagram TLS (DTLS) support to Ncat in connect
    (client) mode with --udp --ssl. Also added Application Layer Protocol
    Negotiation (ALPN) support with the --ssl-alpn option. [Denis Andzakovic,
    Daniel Miller]

    • Updated the default ciphers list for Ncat and the secure ciphers list for
    Nsock to use "!aNULL:!eNULL" instead of "!ADH". With the addition of ECDH
    ciphersuites, anonymous ECDH suites were being allowed. [Daniel Miller]

    • [NSE][GH#930] Fix ndmp-version and ndmp-fs-info when scanning Veritas
    Backup Exec Agent 15 or 16. [Andrew Orr]

    • [NSE][GH#943] Added new SMB2/3 library and related scripts. [Paulino

    • [NSE][GH#950] Added wildcard detection to dns-brute. Only hostnames that
    resolve to unique addresses will be listed. [Aaron Heesakkers]

    • [NSE] FTP scripts like ftp-anon and ftp-brute now correctly handle
    TLS-protected FTP services and use STARTTLS when necessary. [Daniel Miller]

    • [NSE][GH#936] Function url.escape no longer encodes so-called
    "unreserved" characters, including hyphen, period, underscore, and tilde,
    as per RFC 3986. [nnposter]

    • [NSE][GH#935] Function http.pipeline_go no longer assumes that persistent
    connections are supported on HTTP 1.0 target (unless the target explicitly
    declares otherwise), as per RFC 7230. [nnposter]

    • [NSE][GH#934] The HTTP response object has a new member, version, which
    contains the HTTP protocol version string returned by the server, e.g.
    "1.0". [nnposter]

    • [NSE][GH#938] Fix handling of the objectSID Active Directory attribute by
    ldap.lua. [Tom Sellers]

    • [NSE] Fix line endings in the list of Oracle SIDs used by
    oracle-sid-brute. Carriage Return characters were being sent in the
    connection packets, likely resulting in failure of the script. [Anant

    • [NSE][GH#141] http-useragent-checker now checks for changes in HTTP
    status (usually 403 Forbidden) in addition to redirects to indicate
    forbidden User Agents. [Gyanendra Mishra]

    Enjoy this new release and please do let us know if you find any problems!
    Download link: https://nmap.org/download.html


    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано марта 2018 PM
    Nmap 7.70 [2018-03-20]
    [Windows] Updated the bundled Npcap from 0.93 to 0.99-r2, with many stability fixes and installation improvements, as well as fixes to raw 802.11 frame capture. See https://nmap.org/npcap/changelog
    Integrated all of your service/version detection fingerprints submitted from March 2017 to August 2017 (728 of them). The signature count went up 1.02% to 11,672, including 26 new softmatches. We now detect 1224 protocols from filenet-pch, lscp, and netassistant to sharp-remote, urbackup, and watchguard. We will try to integrate the remaining submissions in the next release.

    Integrated all of your IPv4 OS fingerprint submissions from September 2016 to August 2017 (667 of them). Added 298 fingerprints, bringing the new total to 5,652. Additions include iOS 11, macOS Sierra, Linux 4.14, Android 7, and more.
    Integrated all 33 of your IPv6 OS fingerprint submissions from September 2016 to August 2017. New groups for OpenBSD 6.0 and FreeBSD 11.0 were added, as well as strengthened groups for Linux and OS X.

    Added the --resolve-all option to resolve and scan all IP addresses of a host. This essentially replaces the resolveall NSE script. [Daniel Miller]

    [NSE][SECURITY] Nmap developer nnposter found a security flaw (directory traversal vulnerability) in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script with against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. Existing files couldn't be overwritten. We fixed http-fetch, audited our other scripts to ensure they didn't make this mistake, and we updated the httpspider library API to protect against this by default. [nnposter, Daniel Miller]

    [NSE] Added 9 NSE scripts, from 8 authors, bringing the total up to 588! They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

    deluge-rpc-brute performs brute-force credential testing against Deluge BitTorrent RPC services, using the new zlib library. [Claudiu Perta]
    hostmap-crtsh lists subdomains by querying Google's Certificate Transparency logs. [Paulino Calderon]
    [GH#892] http-bigip-cookie decodes unencrypted F5 BIG-IP cookies and reports back the IP address and port of the actual server behind the load-balancer. [Seth Jackson]
    http-jsonp-detection Attempts to discover JSONP endpoints in web servers. JSONP endpoints can be used to bypass Same-origin Policy restrictions in web browsers. [Vinamra Bhatia]
    http-trane-info obtains information from Trane Tracer SC controllers and connected HVAC devices. [Pedro Joaquin]
    [GH#609] nbd-info uses the new nbd.lua library to query Network Block Devices for protocol and file export information. [Mak Kolybabi]
    rsa-vuln-roca checks for RSA keys generated by Infineon TPMs vulnerable to Return Of Coppersmith Attack (ROCA) (CVE-2017-15361). Checks SSH and TLS services. [Daniel Miller]
    [GH#987] smb-enum-services retrieves the list of services running on a remote Windows machine. Modern Windows systems requires a privileged domain account in order to list the services. [Rewanth Cool]
    tls-alpn checks TLS servers for Application Layer Protocol Negotiation (ALPN) support and reports supported protocols. ALPN largely replaces NPN, which tls-nextprotoneg was written for. [Daniel Miller]

    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • Nmap 7.80 [2019-08-10]
    [Windows] The Npcap Windows packet capturing library (https://npcap.org/) is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all of these changes from the last 15 Npcap releases: https://nmap.org/npcap/changelog

    [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598! They are all listed at https://nmap.org/nsedoc/,


    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано ноября 2020 PM
    Nmap 7.90 Released! First release since August 2019. From: Gordon Fyodor Lyon <fyodor () nmap org>
    Date: Sat, 3 Oct 2020 13:48:42 -0700
    [Windows] Upgraded Npcap, our Windows packet capturing (and sending) library to the milestone 1.00 release! It's the culmination of 7 years of development with 170 public pre-releases. This includes dozens of performance improvements, bug fixes, and feature enhancements described at https://npcap.org/changelog.
    [Windows] Обновленный Npcap, наша библиотека для захвата (и отправки) пакетов Windows, до версии 1.00! Это кульминация 7-летней разработки со 170 общедоступными предварительными релизами. Сюда входят десятки улучшений производительности, исправлений ошибок и улучшений функций, описанных на https://npcap.org/changelog.
    • Released Npcap OEM Edition. For more than 20 years, the Nmap Project has been funded by selling licenses for companies to distribute Nmap with their products, along with commercial support. Hundreds of commercial products now use Nmap for network discovery tasks like port scanning, host discovery, OS detection, service/version detection, and of course the Nmap Scripting Engine (NSE). Until now they have just used standard Nmap, but this new OEM Edition is customized for use within other Windows software. Nmap OEM contains the OEM version of our Npcap driver, which allows for silent installation. It also removes the Zenmap GUI, which cuts the installer size by more than half. And it reports itself as Nmap OEM so customers know it's a properly licensed Nmap. See https://nmap.org/oem formore details.

    • Выпущен Npcap OEM Edition. За более чем 20 лет проект Nmap финансировались за счет продажи лицензий компаниям на распространение Nmap со своими продуктов вместе с коммерческой поддержкой. Сотни коммерческих продуктов теперь используйте Nmap для задач обнаружения сети, таких как сканирование портов, хост обнаружение, обнаружение ОС, обнаружение службы / версии и, конечно же, Nmap Scripting Engine (NSE). До сих пор они использовали только стандартный Nmap, но эта новая OEM-версия адаптирована для использования с другим программным обеспечением Windows.
    Nmap OEM содержит OEM-версию нашего драйвера Npcap, которая позволяет тихая установка. Он также удаляет графический интерфейс Zenmap, что сокращает размер установщика более чем наполовину. И он сообщает о себе как Nmap OEM, поэтому клиенты знают, что это правильно лицензированный Nmap. См. Https://nmap.org/oem для подробнее.
    Removed nmap-update. This program was intended to provide a way to update
    data files and NSE scripts, but the infrastructure was never fielded. It depended on Subversion version control and would have required maintaining separate versions of NSE scripts for compatibility.

    Удалено nmap-update. Эта программа была предназначена для обновления файлы данных и сценарии NSE, но инфраструктура так и не была развернута. Это зависело от управления версиями Subversion и требовал поддержки отдельные версии скриптов NSE для совместимости.

    полное описание изменений:
    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
  • отредактировано 6 сен PM
    Nmap 7.92 [2021-08-07]
    [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission driver) from version 1.00 to the latest version 1.50. You can read about the dozens of performance improvements, bug fixes and feature enhancements at https://npcap.org/changelog.

    [Windows] Thanks to the Npcap 1.50 upgrade, Nmap now works on the Windows ARM architecture so you can run it on lightweight and power-efficient tablets like the Microsoft Surface Pro X and Samsung Galaxy Book Go. More ARM devices are on the way along with the upcoming Windows 11 release. See the Npcap on ARM announcement at https://seclists.org/nmap-announce/2021/2.

    [Windows] Updated our Windows builds to Visual Studio 2019, Windows 10 SDK, and the UCRT. This prevents Nmap from working on Windows Vista and earlier, but they can still use older versions of Nmap on their ancient operating system.
    New Nmap option --unique will prevent Nmap from scanning the same IP address twice, which can happen when different names resolve to the same address. [Daniel Miller]

    [NSE][GH#1691] TLS 1.3 now supported by most scripts for which it is relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel connections and certificate parsing will require OpenSSL 1.1.1 or later to fully support TLS 1.3. [Daniel Miller]

    [NSE] Added 3 NSE scripts, from 4 authors, bringing the total up to 604! They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
    [GH#2201] nbns-interfaces queries NetBIOS name service (NBNS) to gather IP addresses of the target's network interfaces [Andrey Zhukov]
    [GH#711] openflow-info gathers preferred and supported protocol versions from OpenFlow devices [Jay Smith, Mak Kolybabi]
    port-states prints a list of ports that were found in each state, including states that were summarized as "Not shown: X closed ports" [Daniel Miller]
    Several changes to UDP payloads to improve accuracy:
    [GH#2269] Fix an issue with -sU where payload data went out-of-scope before it was used, causing corrupted payloads to be sent. [Mariusz Ziulek]
    Nmap's retransmission limits were preventing some UDP payloads from being tried with -sU and -PU. Now, Nmap sends each payload for a particular port at the same time without delay. [Daniel Miller]
    New UDP payloads:
    [GH#1279] TS3INIT1 for UDP 3389 [colcrunch]
    [GH#1895] DTLS for UDP 3391 (RD Gateway) [Arnim Rupp]

    [NSE][GH#2208][GH#2203] SMB2 dialect handling has been redesigned. Visible changes include:
    Notable improvement in speed of script smb-protocols and others
    Some SMB scripts are no longer using a hardcoded dialect, improving target interoperability
    Dialect names are aligned with Microsoft, such as 3.0.2, instead of 3.02 [nnposter]
    [GH#2350] Upgraded OpenSSL to version 1.1.1k. This addresses some CVE's which don't affect Nmap in a material way. Details: https://github.com/nmap/nmap/issues/2350
    Removed support for the ancient WinPcap library since we already include our own Npcap library (https://npcap.org) supporting the same API. WinPcap was abandoned years ago and it's official download page says that "WE RECOMMEND USING Npcap INSTEAD" for security, stability, compatibility, and support reasons.
    [GH#2257] Fix an issue in addrset matching that was causing all targets to be excluded if the --excludefile listed a CIDR range that contains an earlier, smaller CIDR range. [Daniel Miller]
    [GH#1922] Fix an issue that would cause Nmap to hang during scans with a host timeout, such as -T5. Any active probes when a target timed out were counting towards the global congestion window.
    [GH#2153] Do not count host discovery phase time against the host timeout, since Nmap may wait a long time between sending probes to a target while it processes other targets instead.
    [GH#2153] Fix issues with matching ICMP Time Exceeded messages that led to ignored responses and long scan times when scanning distant targets.
    Upgrade the Windows NSIS installer to use the latest NSIS 3 (version 3.07) instead of the previous NSIS 2 generation.
    Setting --host-timeout=0 will disable the host timeout, which is set by -T5 to 15 minutes. Earlier versions of Nmap require the user to specify a very long timeout instead.
    Improvements to Nmap's XML output:
    If a host times out, the XML <host> element will have the attribute timedout="true" and the host's timing info (srtt etc.) will still be printed.
    The "extrareasons" element now includes a list of port numbers for each "ignored" state. The "All X ports" and "Not shown:" lines in normal output have been changed slightly to provide more detail. [Daniel Miller]

    [NSE][GH#2237] Prevent the ssl-* NSE scripts from probing ports that were excluded from version scan, usually 9100-9107, since JetDirect will print anything sent to these ports. [Daniel Miller]
    [GH#2206] Nmap no longer produces cryptic message "Failed to convert source address to presentation format" when unable to find useable route to the target. [nnposter]
    [Ncat][GH#2202] Use safety-checked versions of FD_* macros to abort early if number of connections exceeds FD_SETSIZE. [Pavel Zhukov]
    [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping server data sent right after the connection got established, such as port banners. [Sami Pönkänen]
    [Ncat][GH#2149] Fixed a bug in proxy connect mode which would close the connection as soon as it was opened in Nmap 7.90 and 7.91.

    [NSE][GH#2175] Fixed NSE so it will not consolidate all port script output for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller]
    [Zenmap][GH#2157] Fixed an issue where a failure to execute Nmap would result in a Zenmap crash with "TypeError: coercing to Unicode" exception.
    Nmap no longer considers an ICMP Host Unreachable as confirmation that a target is down, in accordance with RFC 1122 which says these errors may be transient. Instead, the probe will be destroyed and other probes used to determine aliveness. [Daniel Miller]
    [Ncat][GH#2154] Ncat no longer crashes when used with Unix domain sockets.
    [Ncat][GH#2167][GH#2168] Ncat is now again generating certificates with the duration of one year. Due to a bug, recent versions of Ncat were using only one minute. [Tobias Girstmair]

    [NSE][GH#2281] URL/percent-encoding is now using uppercase hex digits to align with RFC 3986, section 2.1, and to improve compatibility with some real-world web servers. [nnposter]

    [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most visible are that certificate SANs are properly split apart and that identities that are syntactically incorrect to be hostnames are now ignored. [Michel Le Bihan, nnposter]

    [NSE] Loading of a Nikto database failed if the file was referenced relative to the Nmap directory [nnposter]
    [GH#2199] Updated Nmap's NPSL license to rewrite a poorly-worded clause about "proprietary software companies". The new license version 0.93 is still available from https://nmap.org/npsl/. As described on that page, we are also still offering Nmap 7.90, 7.91, and 7.92 under the previous Nmap 7.80 license. Finally, we still offer the Nmap OEM program for companies who want a non-copyleft license allowing them to redistribute Nmap with their products at https://nmap.org/oem/.

    [NSE] Script smb2-vuln-uptime no longer reports false positives when the target does not provide its boot time. [nnposter]

    [NSE][GH#2197] Client packets composed by the DHCP library will now contain option 51 (IP address lease time) only when requested. [nnposter]

    [NSE][GH#2192] XML decoding in library citrixxml no longer crashes when encountering a character reference with codepoint greater than 255. (These references are now left unmodified.) [nnposter]

    [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for the audit rule base. [nnposter]

    [NSE][GH#1473] It is now possible to control whether the SNMP library uses v1 (default) or v2c by setting script argument snmp.version. [nnposter]

    Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
Войдите или Зарегистрируйтесь чтобы комментировать.