changelog

Overview是Linux,FreeBSD,UNIX,Windows下的网络扫描和嗅探工 具包,其基本功能有三个,一是探测一组主机是否在线 其次是扫描 主机端口,嗅探所提供的网络服务 还可以推断主机

o Added an NSE script (HTTPpasswd.nse) for finding directory traversal
  problems and /etc/password files on web servers. [Kris]

o Fixed an error related to version scans against SSL services on
  UNIX.  The error said "nsock_connect_ssl called - but nsock was
  built w/o SSL support. QUITTING".  Thanks to Jason DePriest for
  tracking down the problem and David Fifield for fixing it.

o Removed win_dependencies cruft from UMIT directory. [Kris]

o Upgraded Libpcap from version 0.9.4 to 0.9.7 [Kris]

o Removed the effectively empty XML elements for traceroute hops which
  timed out. [Eddie]

o Fixed (I hope) a problem with running Nmap on Mac OS X machines with
  VMWare Fusion running.  The error message started with:
  "getinterfaces: Failed to open ethernet interface (vmnet8). A
  possible cause on BSD operating systems is running out of BPF
  devices ...."  For more details, see
  http://seclists.org/nmap-dev/2007/q3/0254.html.

o Check that --script arguments are reasonable when Nmap starts rather
  than potentially waiting for a bunch of port scanning to finish
  first. [Stoiko]

o Fixed (we hope) a UMIT problem which resulted in the error message:
  "NameError: global name 'S_IRUSR' is not defined". [Adriano]

o Removed an error message which used to appear when you quit UMIT on
  Windows.  The message used to say "Errors occurred - See the logfile
  [filename] for details." [Adriano]

o Fix permissions on files installed by Umit so that it should work
  even if you do 'make install' from an account with a 077 umask.

o Add a feature to Umit that lets you search your unsaved
  scans. [Eddie]

o Added back a previously removed feature which allows you to specify
  'rnd' as one of your decoys (-D option) to let Nmap choose a random
  IP.  You also use a format such as rnd:5 to generate five random
  decoys. [Kris]

o Reference guide (man page) updates to the NSE section, and some
  general cleanup.

o When Nmap finishes, it now says "Nmap done" rather than "Nmap run
  completed".  No need to waste pixels on excess verbiage.

4.22SOC5

o The Windows installer should actually install UMIT properly now.

o Remove umit.db from the installation process.  Let Umit create a new
  one on its own when needed.

o Fixed the UMIT portion of the Windows installer build system to
  detect certain heinous errors (like not being able to find Python)
  and bail out. [Kris]

o Prevent scripts directory from containing .svn cruft when using the
  Win32 installer (thanks to David Fifield for the patch).

4.22SOC3

o Umit is now included in the Nmap Windows executable installer.
  Please give it a try and let us know what you think!  Kris put a lot
  of work into getting this set up.

o Added four new NSE scripts: HTTP proxy detection (Arturo 'Buanzo'
  Busleiman), DNS zone transfer attempt (Eddie), detecting SQL
  injection vulnerabilities on web sites (Eddie), and fetching and
  displaying portions of /robots.txt from web servers (Eddie).

o All of your 2nd Quarter 2007 Nmap version detection fingerprints
  were integrated by Doug.  The DB now contains 4,347 signatures for
  439 service protocols.  Doug describes the highlights (craziest
  services found) in his integration report at
  http://hcsw.org/blog.pl/29 .

o NSE now supports raw IP packet sending and receiving thanks to a
  patch from Marek Majkowski.  Diman handled testing and applied the
  patch.

o Nmap now has Snprintf() and Vsnprintf() as safer alternatives to the
  standard version.  The problem is that the Windows version of these
  functions (_snprintf, _vsnprintf) doesn't properly terminate strings
  when it has to truncate them.  These wrappers ensure that the string
  written is always truncated.  Thanks to Kris for doing the work.

o Upgraded libpcre from version 6.7 to 7.2 [Kris]

o Merged various Umit bug fixes from SourceForge trunk: "missing import
  webbrowser on umit", "Missing markup in 'OS Class' on
  HostDetailsPage", "some command line options are now working
  (target, profile, verbose, open result file and run an nmap
  command)", "removing unused functions import from os.path",
  "verbosity works on command line"

o Eddie fixed several Umit bugs.  Umit now sets the file save
  extension to .usr unless the user specifies something else. The
  details highlight regular expression was improved and an error message was added
  when no target was specified and -iR and -iL aren't used.

o reason.cc/reason.h renamed to portreasons.cc/.h because a reason.h
  in the Windows platform SDK was causing conflicts. [Kris]

o Fixed a bug in --iflist which would lead to crashes.  Thanks to
  Michael Lawler for the report, and Eddie for the fix.

o Finished updating Winpcap to 4.01 (a few static libraries were
  missed) [ Eddie ]

o Added NSE support for buffered data reads. [Stoiko]

o Added new --script-args option for passing arguments to NSE scripts
  [Stoiko]

o Performed a bunch of OS fingerprint text canonicalization thanks to
  reports of dozens of capitalization inconsistencies from Suicidal Bob.

o Fixed an assertion failure which could be experienced when script
  scan was requested without also requesting version scan. [Stoiko]

o Fixed an output bug on systems like Windows which return -1 when
  vsnprintf is passed a too-small buffer rather than returning the
  size needed.  Thanks to jah (jah(a)zadkiel.plus.com) for the report.

o Added sys/types.h include to portreasons.h to help OpenBSD compilation.  
  Thanks to Olivier Meyer for the patch.

o Many hard coded function names and instances of __FUNCTION__ were
  changed to __func__ [Kris]

o Configure scripts for Nmap, Nbase, and Nsock were optimized to
  remove redundant checks.  This improves compilation time
  performance. [Eddie]

o Updated IANA assignment IP list for random IP (-iR)
  generation. [Kris]

4.22SOC2

o NSE compilation fixes by Stoiko and Kris

4.22SOC1

o The UMIT graphical Nmap frontend is now included (as an ALPHA TEST
  release) with the Nmap tarball distribution.  It isn't yet in the
  RPMs or the Windows distributions.  UMIT is written with Python/GTK
  and has many huge advantages over NmapFE.  It installs from the Nmap
  source tarballs as part of the "make install" process unless you
  specify --without-umit to configure.  Please give UMIT a try (the
  executable is named umit) and let us know the results!  We hope to
  include UMIT in the Windows Nmap distributions soon.

o Added more Nmap Scripting Engine scripts, bringing the total to 31.
  The new ones are bruteTelnet (Eddie Bell), SMTPcommands (Jason
  DePriest), iax2Detect (Jason), nbstat (Brandon Enright),
  SNMPsysdescr (Thomas Buchanan), HTTPAuth (Thomas), finger (Eddie),
  ircServerInfo (Doug Hoyte), and MSSQLm (Thomas Buchanan).

o Added the --reason option which explains WHY Nmap assigned a port
  status.  For example, a port could be listed as "filtered" because
  no response was received, or because an ICMP network unreachable
  message was received. [ Eddie ]

o Integrated all of your 2nd generation OS detection submissions,
  increasing the database size by 68% since 4.21ALPHA4 to 699
  fingerprints.  The 2nd generation database is now nearly half (42%)
  the size of the original.  Please keep those submissions coming so
  that we can do another integration round before the SoC program ends
  on August 20!  Thanks to David Fifield for doing most of the
  integration work!

o Integrated version detection submissions.  The database has grown by
  more than 350 signatures since 4.21ALPHA4.  Nmap now has 4,236
  signatures for 432 service protocols.  As usual, Doug Hoyte deserves
  credit for the integration marathon, which he describes at
  http://hcsw.org/blog.pl .

o Added the NSE library (NSELib) which is a library of useful
  functions (which can be implemented in LUA or as loadable C/C++
  modules) for use by NSE scripts.  We already have libraries for bit
  operations (bit), list operations (listop), URL fetching and
  manipulation (url), activation rules (shortport), and miscellaneous
  commonly useful functions (stdnse).  Stoiko added the underlying
  functionality, though numerous people contributed to the library
  routines.

o Added --servicedb and --versiondb command-line options which allow
  you to specify a custom Nmap services (port to port number translation
  and port frequency) file or version detection database. [ David
  Fifield ]

o The build dependencies were dramatically reduced by removing
  unnecessary header includes and moving header includes from .h
  files to .cc as well as adding some forward declarations.  This
  reduced the number of makefile.dep dependencies from 1469 to 605.
  This should make Nmap compilation faster and prevent some
  portability problems. [David Fifield]

o Upgraded from WinPcap 3.1 to WinPcap 4.01 and fixed a WinPcap installer
  error. [Eddie]

o In verbose mode, Nmap now reports where it obtains data files (such as
  nmap-services) from. [David Fifield]

o Canonicalized a bunch of OS classes, device types, etc. in the OS
  detection and version scanning databases so they are named
  consistently. [Doug]

o If we get a ICMP Protocol Unreachable from a host other than our
  target during a port scan, we set the state to 'filtered' rather than
  'closed'. This is consistent with how port unreachable errors work for
  udp scan. [Kris]

o Relocated OSScan warning message (could not find 1 closed and 1 open
  port). Now output.cc prints the warning along with a targets OSScan 
  results. [Eddie]

o Fixed a bug which caused port 0 to be improperly used for gen1 OS
  detection in some cases when your scan includes port 0 (it isn't
  included by default).  Thanks to Sebastian Wolfgarten for the report
  and Kris Katterjohn for the fix.

o The --iflist table now provides Winpcap device names on
  Windows. [Eddie]

o The Nmap reference guide (man page) DocBook XML source is now in the
  SVN repository at svn://svn.insecure.org/nmap/docs/refguide.xml .

o NSE now has garbage collection so that if you forget to close a
  socket before exiting a script, it is closed for you. [Stoiko]

o The [portused] tag in XML output now provides the open TCP port used
  for OS detection as well as the closed TCP and UDP ports which were
  reported previously. [Kris]

o XML output now has a [times] tag for reporting final time
  information which was already printed in normal output in verbose
  mode (round trip time, rtt variance, timeout, etc.) [Kris]

o Changed the XML output format so that the [extrareasons] tag (part
  of Eddie's --reason patch) falls within the [extraports] tag. [Kris]

o Nmap now provides more concise OS fingerprints for submission thanks
  to better merging. [David Fifield]

o A number of changes were made to the Windows build system to handle
  version numbers, publisher field, add/remove program support,
  etc. [Eddie]

o The Nmap -A option now enables the traceroute option too [Eddie]

o Improved how the Gen1 OS Detection system selects which UDP ports to
  send probes to.  [Kris]

o Updated nmap-mac-prefixes to latest IEEE data as of 5/18/07. Also
  removed some high (greater than 0x80) characters from some company
  names because they were causing this error on Windows when Nmap is
  compiled in Debug mode: 
  isctype.c Line 56: Expression: (unsigned)(c + 1) <= 256".
  Thanks to Sina Bahram for the initial report and Thomas Buchanan for
  tracking down the problem.

o Added a SIP (IP phone) probe from Matt Selsky to nmap-service-probes.

o Fixed a bug which prevented the NSE scripts directory from appearing
  in the Win32 .zip version of Nmap.

o Fixed a bug in --traceroute output.  It occurred when a traced host could
  be fully consolidated, but only the first hop number was outputted. [Kris]

o The new "rnd" option to -D allows you to ask Nmap to generate random
  decoy IPs rather having to specify them all yourself. [Kris]

o Fixed a Traceroute bug relating to scanning through the localhost
  interface on Windows (which previously caused a crash).  Thanks to
  Alan Jones for the report and Eddie Bell for the fix.

o Fixed a traceroute bug related to tracing between interfaces of a
  multi-homed host.  Thanks to David Fifield for reporting the problem
  and Eddie Bell for the fix.

o Service detection (-sV) and OS detection (-O) are now (rightfully)
  disabled when used with the IPProto Scan (-sO).  Using the Service
  Scan like this led to premature exiting, and the OS Scan led to gross
  inaccuracies.  [Kris]

o Updated IANA assignment IP list for random IP (-iR) generation. [Kris]

4.21ALPHA4

o Performed another big OS detection run.  The DB has grown almost 10%
  to 417 fingerprints.  All submissions up to February 6 have been
  processed.  Please keep them coming!