changelog

nmapp最强的扫描工具

  Beirne Konarski (beirne(a)neo.rr.com) for reporting the problem.

o If a user attempts -PO (the letter O), print an error suggesting
  that they probably mean -P0 (Zero) to disable ping scanning.

o Applied a couple patches (with minor changes) from Oliver Eikemeier
  (eikemeier(a)fillmore-labs.com) which fix an edge case relating to
  decoy scanning IP ranges that must be sent through different
  interfaces, and improves the Nmap response to certain error codes
  returned by the FreeBSD firewall system.  The patches are from
  http://cvsweb.freebsd.org/ports/security/nmap/files/ .

o Many people have reported this error: "checking for type of 6th
  argument to recvfrom()... configure: error: Cannot find type for 6th
  argument to recvfrom()".  In most cases, the cause was a missing or
  broken C++ compiler.  That should now be detected earlier with a
  clearer message.

o Fixed the FTP bounce scan to better detect filtered ports on the
  target network.

o Fixed some minor bugs related to the new MAC address printing
  feature.

o Fixed a problem with UDP-scanning port 0, which was reported by
  Sebastian Wolfgarten (sebastian(a)wolfgarten.com).

o Applied patch from Ruediger Rissmann (RRI(a)zurich.ibm.com), which
  helps Nmap understand an EACCESS error, which can happen at least
  during IPv6 scans from certain platforms to some firewalled targets.

o Renamed ACK ping scan option from -PT to -PA in the documentation.
  Nmap has accepted both names for years and will continue to do
  so.

o Removed the notice that Nmap is reading target specifications from a
  file or stdin when you specify the -iL option.  It was sometimes
  printed to stdout even when you wanted to redirect XML or grepable
  output there, because it was printed during options processing before
  output files were handled.  This change was suggested by Anders Thulin
  (ath(a)algonet.se).

o Added --source_port as a longer, but hopefully easier to remember,
  alias for -g.  In other words, it tries to use the constant source
  port number you specify for probes.  This can help against poorly
  configured firewalls that trust source port 20, 53, and the like.

o Removed undocumented (and useless) -N option.

o Fixed a version detection crash reported in excellent detail by
  Jedi/Sector One (j(a)pureftpd.org).

o Applied patch from Matt Selsky (selsky(a)columbia.edu) which helps
  Nmap build with OpenSSL.

o Modified the configure/build system to fix library ordering problems
  that prevented Nmap from building on certain platforms.  Thanks to
  Greg A. Woods (woods(a)weird.com) and Saravanan
  (saravanan_kovai(a)HotPop.com) for the suggestions.

o Applied a patch to Makefile.in from Scott Mansfield
  (thephantom(a)mac.com) which enables the use of a DESTDIR variable
  to install the whole Nmap directory structure under a different root
  directory.  The configure --prefix option would do the same thing in
  this case, but DESTDIR is apparently a standard that package
  maintainers like Scott are used to.  An example usage is 
  "make DESTDIR=/tmp/packageroot".

o Removed unnecessary banner printing in the non-root connect() ping
  scan.  Thanks to Tom Rune Flo (tom(a)x86.no) for the suggestion and
  a patch.

o Updated the headers at the top of each source file (mostly to
  advance the copyright year to 2004 and note that Nmap is a registered
  trademark).

o The SInfo line of submitted fingerprints now provides the target's
  OUI (first three bytes of the MAC address) if available.  Example:
  "M=00A0CC".  To save a couple bytes, the "Time" field in SInfo has
  been renamed to "Tm".  The OUI helps identify the device vendor, and
  is only available when the source and target machines are on the
  same ethernet network.

Nmap 3.50

o Integrated a ton of service fingerprints, increasing the number of
  signatures more than 50%.  It has now exceeded 1,000 for the first
  time, and represents 180 unique service protocols from acap, afp,
  and aim to xml-rpc, zebedee, and zebra.

o Implemented a huge OS fingerprint update.  The number of
  fingerprints has increased more than 13% to 1,121.  This is the first
  time it has exceeded 1000.  Notable updates include Linux 2.6.0, Mac
  OS X up to 10.3.2 (Panther), OpenBSD 3.4 (normal and pf "scrub all"),
  FreeBSD 5.2, the latest Windows Longhorn warez, and Cisco PIX 6.3.3.
  As usual, there are a ton of new consumer devices from ubiquitous
  D-Link, Linksys, and Netgear broadband routers to a number of new IP
  phones including the Cisco devices commonly used by Vonage.  Linksys
  has apparently gone special-purpose with some of their devices, such
  as their WGA54G "Wireless Game Adapter" and WPS54GU2 wireless print
  server.  A cute little MP3 player called the Rio Karma was submitted
  multiple times and I also received and integrated fingerprints for the
  Handspring Treo 600 (PalmOS).

o Applied some man page fixes from Eric S. Raymond
  (esr(a)snark.thyrsus.com).

o Added version scan information to grepable output between the last
  two '/' delimiters (that space was previously unused).  So the format
  is now "portnum/state/protocol/owner/servicename/rpcinfo/versioninfo"
  as in "53/open/tcp//domain//ISC Bind 9.2.1/" and
  "22/open/tcp//ssh//OpenSSH 3.5p1 (protocol 1.99)/".  Thanks to
  MadHat (madhat(a)unspecific.com) for sending a patch (although I did
  it differently).  Note that any '/' characters in the
  version (or owner) field are replaced with '|' to keep awk/cut
  parsing simple.  The service name field has been updated so that it
  is the same as in normal output (except for the same sort of
  escaping discussed above).

o Integrated an Oracle TNS service probe and match lines contributed
  by Frank Berger (fm.berger(a)gmx.de).  New probe contributions are
  always appreciated!

o Fixed a crash that could happen during SSL version detection due to
  SSL session ID cache reference counting issues.

o Applied patch from Rob Foehl (rwf(a)loonybin.net) which fixes the
  --with_openssl=DIR configure argument.

o Applied patch to nmap XML dtd (nmap.dtd) from Mario Manno
  (mm(a)koeln.ccc.de).  This accounts for the new version scanning
  functionality.

o Updated the Windows build system so that you don't have to manually
  copy nmap-service-probes to the output directory.  I also updated
  the README-WIN32 to elaborate further on the build process.

o Added configure option --with-libpcre=included which causes Nmap to
  build with its included version of libpcre even if an acceptable
  version is available on the system.

o Upgraded to Autoconf 2.59 (from 2.57).  This should help HP-UX
  compilation problems reported by Petter Reinholdtsen
  (pere(a)hungry.com) and may have other benefits as well.

o Applied patch from Przemek Galczewski (sako(a)avet.com.pl) which
  adds spaces to the XML output in places that apparently help certain
  older XML parsers.

o Made Ident-scan (-I) limits on the length and type of responses
  stricter so that rogue servers can't flood your screen with 1024
  characters.  The new length limit is 32.  Thanks to Tom Rune Flo
  (tom(a)x86.no) for the suggestion and a patch.

o Fingerprints for unrecognized services can now be a bit longer to
  avoid truncating as much useful response information.  While the
  fingerprints can be longer now, I hope they will be less frequent
  because of all the newly recognized services in this version.

o The nmap-service-probes "match" directive can now take a service
  name like "ssl/vmware-auth".  The service will then be reported as
  vmware-auth (or whatever follows "ssl/") tunneled by SSL, yet Nmap
  won't actually bother initiating an SSL connection.  This is useful
  for SSL services which can be fully recognized without the overhead
  of making an SSL connection.

o Version scan now chops commas and whitespace from the end of
  vendorproductname, version, and info fields.  This makes it easier to
  write templates incorporating lists.  For example, the tcpmux service
  (TCP port 1) gives a list of supported services separated by CRLF.
  Nmap uses this new feature to print them comma separated without
  having an annoying trailing comma as so (linewrapped):
  match tcpmux m|^(sgi_[-.\w]+\r\n([-.\w]+\r\n)*)$| 
        v/SGI IRIX tcpmux//Available services: $SUBST(1, "\r\n", ",")/

Nmap 3.48

o Integrated an enormous number of version detection service
  submissions.  The database has almost doubled in size to 663
  signatures representing the following 130 services: 
    3dm-http afp apcnisd arkstats bittorent chargen citrix-ica
    cvspserver cvsup dantzretrospect daytime dict directconnect domain
    echo eggdrop exec finger flexlm font-service ftp ftp-proxy gnats
    gnutella-http hddtemp hp-gsg http http-proxy hylafax icecast ident
    imap imaps imsp ipp irc ircbot irc-proxy issrealsecure jabber
    kazaa-http kerberos-sec landesk-rc ldap linuxconf lmtp lotusnotes
    lpd lucent-fwadm meetingmaker melange microsoft-ds microsoft-rdp
    mldonkey msactivesync msdtc msrpc ms-sql-m mstask mud mysql
    napster ncacn_http ncp netbios-ns netbios-ssn netrek netsaint
    netstat netwareip networkaudio nntp nsclient nsunicast ntop-http
    omniback oracle-mts oracle-tns pcanywheredata pksd pmud pop2 pop3
    pop3s poppass postgresql powerchute printer qotd redcarpet
    rendezvous rlogind rpc rsync rtsp sdmsvc sftp shell shivahose
    sieve slimp3 smtp smux snpp sourceoffice spamd ssc-agent ssh ssl
    svrloc symantec-av symantec-esm systat telnet time tinyfw upnp
    uucp veritasnetbackup vnc vnc-http vtun webster whois wins
    winshell wms X11 xfce zebra

o Added the ability to execute "helper functions" in version
  templates, to help clean up/manipulate data captured from a server
  response.  The first defined function is P() which includes only
  printable characters in a captured string.  The main impetus for
  this is to deal with Unicode strings like
  "W\0O\0R\0K\0G\0R\0O\0U\0P\0" that many MS protocols send.  Nmap can
  now decode that into "WORKGROUP".

o Added SUBST() helper function, which replaces strings in matched
  appname/version/extrainfo strings with something else.  For example,
  VanDyke Vshell gives a banner that includes
  "SSH-2\.0-VShell_2_2_0_528".  A substring match is used to pick out
  the string "2_2_0_528", and then SUB21ST(1,"_",".") is called on that
  match to form the version number 2.2.0.528.

o If responses to a probe fail to match any of the registered match
  strings for that probe, Nmap will now try against the registered "null
  probe" match strings.  This helps in the case that the NULL probe
  initially times out (perhaps because of initial DNS lookup) but the
  banner appears in later responses.

o Applied some portability fixes (particularly for OpenBSD) from Chad
  Loder (cloder(a)loder.us), who is also now the OpenBSD Nmap port
  maintainer.

o Applied some portability fixes from Marius Strobl
  (marius(a)alchemy.franken.de).

o The tarball distribution of Nmap now strips the binary at install
  time thanks to a patch from Marius Strobl
  (marius(a)alchemy.franken.de).

o Fixed a problem related to building Nmap on systems that lack PCRE
  libs (and thus have to use the ones included by Nmap).  Thanks to Remi
  Denis-Courmont (deniscr6(a)cti.ecp.fr) for the report and patch.

o Alphabetized the service names in each Probe section in
  nmap-service-probes (makes them easier to find and add to).

o Fixed the problem several people reported where Nmap would quit with
  a "broken pipe" error during service scanning.  Thanks to Jari Ruusu
  (jari.ruusu(a)pp.inet.fi) for sending a patch.  The actual error
  message was "Unexpected error in NSE_TYPE_READ callback.  Error
  code: 32 (Broken pipe)"

o Fixed protocol scan (-sO), which I had broken when adding the new
  output table format.  It would complain "NmapOutputTable.cc:128:
  failed assertion `row < numRows'".  Thanks to Matt Burnett
  (marukka(a)mac.com) for notifying me of the problem.

o Upgraded Libpcap to the latest tcpdump.org version (0.7.2) from
  0.7.1

o Applied a patch from Peter Marschall (peter(a)adpm.de) which adds
  version detection support to nmapfe.

o Fixed a problem with XML output being invalid when service detection
  was done on SSL-tunneled ports.  Thanks to the several people who
  reported this - it means that folks are actually using the XML
  output :).

o Fixed (I hope) some Solaris Sun ONE compiler compilation problems
  reported (w/patches) by Mikael Mannstrom (candyman(a)penti.org)

o Fixed the --with-openssl configure option for people who have
  OpenSSL installed in a path not automatically found by their
  compilers.  Thanks to  Marius Strobl (marius(a)alchemy.franken.de) for
  the patch.

o Made some portability changes for HP-UX and possibly other types of
  machines, thanks to a patch from Petter Reinholdtsen (pere(a)hungry.com)