Change log Nmap v-6.40 :
[Note that the Nmap 6.40 Changelog is still incomplete. We’re working
on it 🙂 ]
o [Nping] Nping now checks for a matching ICMP ID on echo replies, to
avoid receiving crosstalk from other ping programs running at the
same time. [David Fifield]
o [NSE] Added http-adobe-coldfusion-apsa1301.nse. It exploits an authentication
bypass vulnerability in Adobe Coldfusion servers. [Paulino Calderon]
o [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private. [Marek Majkowski]
o [Ncat] Added –lua-exec. This feature is basically an equivalent of ncat
–sh-exec “lua ” and allows you to run Lua scripts with Ncat,
redirecting all stdin and stdout operations to the socket connection.
o [NSE] Oops, there was a vulnerability in one of our 437 NSE scripts.
If you ran the (fortunately non-default) http-domino-enum-passwords
script with the (fortunately also non-default)
domino-enum-passwords.idpath parameter against a malicious server,
it could cause an arbitrarily named file to to be written to the
client system. Thanks to Trustwave researcher Piotr Duszynski for
discovering and reporting the problem. We’ve fixed that script, and
also updated several other scripts to use a new
stdnse.filename_escape function for extra safety. This breaks our
record of never having a vulnerability in the 16 years that Nmap has
existed, but that’s still a fairly good run. [David, Fyodor]
o [NSE] Added teamspeak2-version.nse by Marin Maržić.
o Nmap’s routing table is now sorted first by netmask, then by metric.
Previously it was the other way around, which could cause a very
general route with a low metric to be preferred over a specific
route with a higher metric.
o [Ncat] The -i option (idle timeout) now works in listen mode as well
as connect mode. [Tomas Hozza]
o Fixed a byte-ordering problem on little-endian architectures when
doing idle scan with a zombie that uses broken ID incremements.
o [Ncat] Ncat now support chained certificates with the –ssl-cert
option. [Greg Bailey]
o Stop parsing TCP options after reaching EOL in libnetutil. Bug reported
by Gustavo Moreira. [Henri Doreau]
o [NSE] The dns-ip6-arpa-scan script now optionally accepts “/” syntax
for a network mask. Based on a patch by Indula Nayanamith.
o [Ncat] Reduced the default –max-conns limit from 100 to 60 on
Windows, to stay within platform limitations. Suggested by Andrey
o Fixed IPv6 routing table alignment on NetBSD.
o [NSE] Added http-phpmyadmin-dir-traversal by Alexey Meshcheryakov.
o Added a service probe for Erlang distribution nodes.
o Updated libdnet to not SIOCIFNETMASK before SIOCIFADDR on OpenBSD. This was
reported to break on -current as of May 2013. [Giovanni Bechis]
o Fixed address matching for SCTP (-PY) ping. [Marin Maržić]
o Removed some non-ANSI-C strftime format strings (“%F”) and
locale-dependent formats (“%c”) from NSE scripts and libraries.
C99-specified %F was noticed by Alex Weber. [Daniel Miller]
o [Zenmap] Added Polish translation by Jacek Wielemborek.
o [NSE] Added http-coldfusion-subzero. It detects Coldfusion 9 and 10
vulnerable to a local file inclusion vulnerability and grabs the
version, install path and the administrator credentials. [Paulino Calderon]
o [Nsock] Added a minimal regression test suite for nsock. [Henri Doreau]
o [NSE] Updated redis-brute.nse and redis-info.nse to work against
the latest versions of redis server. [Henri Doreau]
o [Ncat] Fixed errors in conneting to IPv6 proxies. [Joachim Henke]
o Added a service probe for Minecraft servers. [Eric Davisson]
o [NSE] Updated hostmap-bfk to work with the latest version of their website.
o [NSE] Added XML structured output support to hostmap-bfk, hostmap-robtex,
and hostmap-ip2hosts. [Paulino Calderon]
o [NSE] Added hostmap-ip2hosts. It uses the service provider ip2hosts.com
to list domain names pointing to the same IP address. [Paulino Calderon]
o [NSE] Added http-vuln-cve2013-0156. It detects Ruby on Rails servers
vulnerable to remote command execution (CVE-2013-0156). [Paulino Calderon]
o Added a service probe for the Hazelcast data grid. [Pavel Kankovsky]
o [NSE] Rewrote telnet-brute for better compatibility with a variety
of telnet servers. [nnposter]
o [Nsock] Added initial proxy support to nsock. Nsock based modules (version
scan, nse) of nmap can now establish TCP connections through chains of
proxies. HTTP CONNECT and SOCKS4 protocols are supported, with some
limitations. [Henri Doreau]
o Fixed a regression that changed the number of delimiters in machine
output. [Daniel Miller]
o [Zenmap] Updated the Italian translation. [Giacomo]
o Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
Ports will be reported as “filtered”, to be consistent with existing
Connect scan results, and will have a reason of time-exceeded.
DiabloHorn reported this issue via IRC. [Daniel Miller]
o Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and changed
output of some of the decoders slightly. [Patrik Karlsson]
o Timeout script-args are now standardized to use the timespec that
Nmap’s command-line arguments take (5s, 5000ms, 1h, etc.). Some
scripts that previously took an integer number of milliseconds will
now treat that as a number of seconds if not explicitly denoted as
ms. [Daniel Miller]
o The list of nameservers on Windows now ignores nameservers from
inactive interfaces. [David Fifield]
o Namespace the pipes used to communicate with subprocesses by PID, to
avoid multiple instances of Ncat from interfering with each other.
Patch by Andrey Olkhin.
o Nmap may now partially rearrange its target list for more efficient
host groups. Previously, a single target with a different interface,
or with an IP address the same as a that of a target already in the
group, would cause the group to be broken off at whatever size it
was. Now, we buffer a small number of such targets, and keep looking
through the input for more targets to fill out the current group.
o [NSE] Changed ip-geolocation-geoplugin to use the web service’s new
output format. Reported by Robin Wood.
o Limited the number of open sockets in ultra_scan to FD_SETSIZE. Very
fast connect scans could write past the end of an fd_set and cause a
variety of crashes:
nmap: scan_engine.cc:978: bool ConnectScanInfo::clearSD(int): Assertion `numSDs > 0′ failed.
select failed in do_one_select_round(): Bad file descriptor (9)
o Fixed a bug that prevented Nmap from finding any interfaces when one
of them had the type ARP_HDR_APPLETALK; this was the case for
AppleTalk interfaces. However, This support is not complete
since AppleTalk interfaces use different size hardware addresses than Ethernet.
Nmap IP level scans should work without any problem, please refer to
the ‘–send-ip’ switch and to the following thread:
This bug was reported by Steven Gregory Johnson. [Daniel Miller]
o [Nping] Nping now skips localhost targets for privileged pings (with
an error message) because those generally don’t work.
o [Ncat] Ncat now keeps running in connect mode after receiving EOF
from the remote socket, unless –recv-only is in effect.
o Routes are now sorted to prefer those with a lower metric. Retrieval
of metrics is supported only on Linux and Windows. [David Fifield]
o Packet trace of ICMP packets now include the ICMP ID and sequence
number by default. [David Fifield]
o [NSE] Added ike-version and a new ike library by Jesper Kückelhahn. Thanks
also go to Roy Hills, who allowed the use of the signature database from
the ike-scan tool.
o [NSE] Fixed various NSEDoc bugs found by David Matousek.
o [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and
NMAP_UNPRIVILEGED environment variables. [Tyler Wagner]
o It’s now possible to mix IPv4 range notation with CIDR netmasks in
target specifications. For example, 192.168-170.4-100,200.5/16 is
effectively the same as 192.168.168-170.0-255.0-255. [David Fifield]
o Added nmap-fo.xsl, contributed by Tilik Ammon. This converts Nmap
XML into XSL-FO, which can be converted into PDF using Apache FOP.
o Increased the number of slack file descriptors not used during connect
scan. Previously, the calculation did not consider the descriptors
used by various open log files. Connect scans using a lot of sockets
could fail with the message “Socket creation in sendConnectScanProbe:
Too many open files”. [David Fifield]
o [Zenmap] Fixed internationalization files. Running in a language
other than the default English would result in the error
“ValueError: too many values to unpack”. [David Fifield]
o Changed the –webxml XSL stylesheet to point to the new location of
nmap.xsl in the new respository,
This was noticed by Simon John.
o [NSE] Made the vulnerability library able to preserve vulnerability
information across multiple ports of the same host. The bug was
reported by iphelix. [Djalal Harouni]
o [NSE] Added ventrilo-info by Marin Maržić. This gets information
from a Ventrilo VoIP server.
o Removed the undocumented -q option, which renamed the nmap process
to something like “pine”.
o Moved the Japanese man page from man1/jp to man1/ja. jp is a country
code while ja is a language code. Reported by Christian Neukirchen.
o [NSE] Added mysql-enum script which enumerates valid mysql server
usernames [Aleksandar Nikolic]
o [Nsock] Reworked the logging infrastructure to make it more flexible
and consistent. Updated nmap, nping and ncat accordingly. Nsock log level
can now be adjusted at runtime by pressing d/D in nmap.
[Henri Doreau, David Fifield]
o [NSE] Fixed scripts using unconnected UDP sockets. The bug was
reported by Dhiru Kholia. [David Fifield]
o [NSE] Added structured output to http-git.nse. [Alex Weber]
o [NSE] Added murmur-version by Marin Maržić. This gets the server
version and other information for Murmur, the server for the Mumble
o Added a corresponding UDP payload for Murmur. [Marin Maržić]
o [Zenmap] Fixed a crash that could be caused by opening the About
dialog, using the window manager to close it, and opening it again.
This was reported by Yashartha Chaturvedi and Jordan Schroeder.
o [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail. This in turn causes “make check” to fail if any tests fail.
o Fixed compilation with –without-liblua. The bug was reported by
Rick Farina, Nikos Chantziaras, and Alex Turbov. [David Fifield]
o Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms. [Pontus Andersson]
|Zenmap Sample ScreenShoot|
Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
- Host discovery – Identify hosts on a network.
- Port scanning – Enumerate the open ports on one or more target hosts.
- Version detection – Interrogate network services listening on remote devices to determine the application name and version number.
- OS detection – Remotely determine the operating system and some hardware characteristics of network devices.
- Scriptable interaction with the target – Using Nmap Scripting Engine and the Lua language, customized queries can be made.
- Reverse DNS lookup.
- Find device type information.
- Retrieve MAC addresses.
Download Version :
Windows : nmap-6.40-setup.exe (26.8 MB)
Mac OS : nmap-6.40.dmg (19.2 MB)
nmap-6.40-1.x86_64.rpm (5.0 MB)
nmap-6.40-1.i386.rpm (4.9 MB)
Find Other Version |
Read more in here : http://nmap.org/
Our Post Before :
o [NSE] Added multicast group name output to
broadcast-igmp-discovery.nse. [Vasily Kulikov]
o [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube. [Jesper Kückelhahn]