changelog

nmapp最强的扫描工具

o Applied a patch from Matt Selsky (selsky(a)columbia.edu) which fixes
  compilation on some Solaris boxes, and maybe others.  The error said
  "cannot compute sizeof (char)"

o Applied some patches from the NetBSD ports tree that Hubert Feyrer
  (hubert.feyrer(a)informatik.fh-regensburg.de) sent me.  The NetBSD
  Nmap ports page is at http://www.NetBSD.org/packages/net/nmap/ .

o Applied some Makefile patches from the FreeBSD ports tree that I
  found at http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/nmap/files/

Nmap 3.45

o Integrated more service signatures from MadHat
  (madhat(a)unspecific.com), Brian Hatch (bri(a)ifokr.org), Niels
  Heinen (zillion(a)safemode.org), Solar Designer
  (solar(a)openwall.com), Seth Master
  (smaster(a)stanford.edu), and Curt Wilson
  (netw3_security(a)hushmail.com).  We now have 378 signatures
  recognizing 86 unique service protocols.

o Added new HTTPOptions and RTSPRequest probes suggested by MadHat
  (madhat(a)unspecific.com)

o Changed the .spec file to compile Nmap RPMs without SSL support to
  improve compatibility (Some users might not have OpenSSL, and even
  those who do might not have the right version (libopenssl.so.2 vs
  libopenssl.so.4, etc).

o Applied a patch from Solar Eclipse (solareclipse(a)phreedom.org)
  which increases the allowed size of the 'extrainfo' version field from
  80 characters to 128.  The main benefit is to allow longer apache module
  version strings.

o Fixed Windows compilation and improved the Windows port slightly (no
  more macro to redefine read().

o Applied some updates to README-WIN32 sent in by Kirby Kuehl
  (kkuehl(a)cisco.com).  He improved the list of suggested registry
  changes and also fixed a typo or two.  He also attached a .reg file
  automate the Nmap connect() scan performance enhancing registry
  changes.  I am now including that with the Nmap Windows binary .zip
  distribution (and in mswin32/ of the source distro).

o Applied a one-line patch from Dmitry V. Levin (ldv(a)altlinux.org)
  which fixes a test Nmap does during compilation to see if an existing
  libpcap installation is recent enough.

Nmap 3.40PVT17

o Wrote and posted a new paper on version scanning to
  http://www.insecure.org/nmap/versionscan.html .  Updated
  nmap-service-probes and the Nmap man page to simply refer to this
  URL.

o Integrated more service signatures from my own scanning as well as
  contributions from Brian Hatch (bri(a)ifokr.org), MadHat
  (madhat(a)unspecific.com), Max Vision (vision(a)whitehats.com), HD
  Moore (hdm(a)digitaloffense.net), Seth Master
  (smaster(a)stanford.edu), and Niels Heinen (zillion(a)safemode.org).
  MadHat also contributed a new probe for Windows Media Service.  Many
  people set a LOT of signatures, which has allowed
  nmap-service-probes to grow from 295 to 356 signatures representing
  85 service protocols!

o Applied a patch (with slight changes) from Brian Hatch
  (bri(a)ifokr.org) which enables caching of SSL sessions so that
  negotiation doesn't have to be repeated when Nmap reconnects to the same
  between probes.

o Applied a patch from Brian Hatch (bri(a)ifokr.org) which optimizes the
  requested SSL ciphers for speed rather than security.  The list was
  based on empirical evidence from substantial benchmarking he did with
  tests that resemble nmap-service-scanning.

o Updated the Nmap man page to discuss the new version scanning
  options (-sV, -A).

o I now include nmap-version/aclocal.m4 in the distribution as this is
  required to rebuild the configure script ( thanks to Dmitry V. Levin
  (ldv(a)altlinux.org) for notifying me of the problem.

o Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
  detects whether the PCRE include file is <pcre.h> or <pcre

o Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
  fixes typos in some error messages.  The patch apparently came from
  the highly-secure and stable Owl and Alt Linux distributions.  Check
  them out at http://www.openwall.com/Owl/ and
  http://www.altlinux.com/

o Fixed compilation on Mac OS X - thanks to Brian Hatch
  (bri(a)ifokr.org> and Ryan Lowe (rlowe(a)pablowe.net) for giving me
  access to Mac OS X boxes.

o Stripped down libpcre build system to remove libtool dependency and
  other cruft that Nmap doesn't need. (this was mostly a response to
  libtool-related issues on Mac OS X).

o Added a new --version_trace option which causes Nmap to print out extensive
  debugging info about what version scanning is doing (this is a subset
  of what you would get with --packet_trace).  You should usually use
  this in combination with at least one -d option.

o Fixed a port number printing bug that would cause Nmap service
  fingerprints to give a negative port number when the actual port was
  above 32K.  Thanks to Seth Master (smaster(a)stanford.edu) for finding
  this.

o Updated all the header text again to clarify our interpretation of
  "derived works" after some suggestions from Brian Hatch
  (bri(a)ifokr.org)

o Updated the Nsock config.sub/config.guess to the same newer versions
  that Nmap uses (for Mac OS X compilation).

Nmap 3.40PVT16

o Fixed a compilation problem on systems w/o OpenSSL that was
  discovered by Solar Designer.  I also fixed some compilation
  problems on non-IPv6 systems.  It now compiles and runs on my
  Solaris and ancient OpenBSD systems.

o Integrated more services thanks to submissions from Niels Heinen
  (zillion(a)safemode.org).

o Canonicalized the headers at the top of each Nmap/Nsock header source
  file.  This included clarifying our interpretation of derived works,
  updating the copyright date to 2003, making the header a bit wider,
  and a few other light changes.  I've been putting this off for a
  while, because it required editing about a hundred !#$# files!

Nmap 3.40PVT15

o Fixed a major bug in the Nsock time caching system.  This could
  cause service detection to inexplicably fail against certain ports in
  the second or later machines scanned.  Thanks to Solar Designer and HD
  Moore for helping me track this down.

o Fixed some *BSD compilation bugs found by 
  Zillion (zillion(a)safemode.org).

o Integrated more services thanks to submissions from Fyodor Yarochkin
  (fygrave(a)tigerteam.net), and Niels Heinen
  (zillion(a)safemode.org), and some of my own exploring.  There are
  now 295 signatures.

o Fixed a compilation bug found by Solar Designer on machines that
  don't have struct sockaddr_storage.  Nsock now just uses "struct
  sockaddr *" like connect() does.

o Fixed a bug found by Solar Designer which would cause the Nmap
  portscan table to be truncated in -oN output files if the results are
  very long.

o Changed a bunch of large stack arrays (e.g. int portlookup[65536])
  into dynamically allocated heap pointers.  The large stack variables
  apparently caused problems on some architectures.  This issue was
  reported by osamah abuoun (osamah_abuoun(a)hotmail.com).

Nmap 3.40PVT14

o Added IPv6 support for service scan.

o Added an 'sslports' directive to nmap-service-probes.  This tells
  Nmap which service checks to try first for SSL-wrapped ports.  The
  syntax is the same as the normal 'ports' directive for non-ssl ports.
  For example, the HTTP probe has an 'sslports 443' line and
  SMTP-detecting probes have and 'sslports 465' line.

o Integrated more services thanks to submissions from MadHat
  (madhat(a)unspecific.com), Solar Designer (solar(a)openwall.com), Dug
  Song (dugsong(a)monkey.org), pope(a)undersec.com, and Brian Hatch
  (bri(a)ifokr.org).  There are now 288 signatures, matching these 65
  service protocols:
    chargen cvspserver daytime domain echo exec finger font-service
    ftp ftp-proxy http http-proxy hylafax ident ident imap imaps ipp
    ircbot ircd irc-proxy issrealsecure landesk-rc ldap meetingmaker
    microsoft-ds msrpc mud mysql ncacn_http ncp netbios-ns netbios-ssn
    netsaint netwareip nntp nsclient oracle-tns pcanywheredata pop3
    pop3s postgres printer qotd redcarpet rlogind rpc rsync rtsp shell
    smtp snpp spamd ssc-agent ssh ssl telnet time upnp uucp vnc
    vnc-http webster whois winshell X11

o Added a Lotus Notes probe from Fyodor Yarochkin
  (fygrave(a)tigerteam.net).

o Dug Song wins the "award" for most obscure service fingerprint
  submission.  Nmap now detects Dave Curry's Webster dictionary server
  from 1986 :).

o Service fingerprints now include a 'T=SSL' attribute when SSL
  tunneling was used.

o More portability enhancements thanks to Solar Designer and his Linux
  2.0 libc5 boxes.

o Applied a patch from Gisle Vanem (giva(a)bgnett.no) which improves
  Windows emulation of the UNIX mmap() and munmap() memory mapping calls.

Nmap 3.40PVT13

o Added SSL-scan-through support.  If service detection finds a port to be
  SSL, it will transparently connect to the port using OpenSSL and use
  version detection to determine what service lies beneath.  This
  feature is only enabled if OpenSSL is available at build time.  A
  new --with-openssl=DIR configure option is available if OpenSSL is
  not in your default compiler paths.  You can use --without-openssl
  to disable this functionality.  Thanks to Brian Hatch
  (bri(a)ifokr.org) for sample code and other assistance.  Make sure
  you use a version without known exploitable overflows.  In
  particular, versions up to and including OpenSSL 0.9.6d and
  0.9.7-beta2 contained serious vulnerabilities described at
  http://www.openssl.org/news/secadv_20020730.txt .  Note that these
  vulnerabilities are well over a year old at the time of this
  writing.

o Integrated many more services thanks to submissions from Brian
  Hatch, HellNBack ( hellnbak(a)nmrc.org ), MadHat, Solar Designer,
  Simple Nomad, and Shawn Wallis (swallis(a)ku.edu).  The number of
  signatures has grown from 242 to 271.  Thanks!

o Integrated Novell Netware NCP and MS Terminal Server probes from
  Simple Nomad (thegnome(a)nmrc.org).

o Fixed a segfault found by Solar Designer that could occur when
  scanning certain "evil" services.

o Fixed a problem reported by Solar Designer and MadHat (
  madhat(a)unspecific.com ) where Nmap would bail when certain Apache
  version/info responses were particularly long.  It could happen in
  other cases as well.  Now Nmap just prints a warning.

o Fixed some portability issues reported by Solar Designer 
  ( solar(a)openwall.com )

Nmap 3.40PVT12

o I added probes for SSL (session startup request) and microsoft-ds
  (SMB Negotiate Protocol request).

o I changed the default read timeout for a service probe from 7.5s to 5s.

o Fixed a one-character bug that broke many scans when -sV was NOT
  given.  Thanks to Blue Boar (BlueBoar(a)thievco.com) for the report.

Nmap 3.40PVT11

o Integrated many more services thanks to submissions from Simple
  Nomad, Solar Designer, jerickson(a)inphonic.com, Curt Wilson, and
  Marco Ivaldi.  Thanks!  The match line count has risen from 201 to 242.

o Implemented a service classification scheme to separate the
  vendor/product name from the version number and any extra info that
  is provided.  Instead of v/[big version string]/, the new match
  lines include v/[vendor/productname]/[version]/[extrainfo]/ .  See
  the docs at the top of nmap-service-probes for more info.  This
  doesn't change the normal output (which lumps them together anyway),
  but they are separate in the XML so that higher-level programs can
  easily match against just a product name.  Here are a few examples
  of the improved service element:
  <service name="ssh" product="OpenSSH" version="3.1p1"
     extrainfo="protocol 1.99" method="probed" conf="10" />
  <service name="domain" product="ISC Bind" version="9.2.1"
     method="probed" conf="10" />
  <state state="open" /><service name="rpcbind" version="2"
     extrainfo="rpc #