6.45后的1星期Nmap再次更新为6.46
下面是6.45和6.46的更新内容:P
Nmap 6.46
o [NSE] Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability.
o [Zenmap] Fixed a bug which caused this crash message:
IOError: [Errno socket error] [Errno 10060] A connection attempt failed
because the connected party did not properly respond after a period of
time, or established connection failed because connected host has
failed to
respond
The bug was caused by us adding a DOCTYPE definition to Nmap's XML
output which caused Python's XML parser to try and fetch the DTD
every time it parses an XML file. We now override that DTD-fetching
behavior. [Daniel Miller]
o [NSE] Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
(http://seclists.org/nmap-dev/2014/q2/120) [Patrik Karlsson]
o [NSE] Improved performance of citrixlua library when handling large XML
responses containing application lists. [Tom Sellers]
Nmap 6.45
o NOTE THAT THE CHANGELOG FOR THIS RELEASE IS INCOMPLETE. We plan to
finish it soon.
o [NSE] Add ssl-heartbleed script to detect the Heartbleed bug in OpenSSL
CVE-2014-0160 [Patrik Karlsson]
o [NSE] Fixed an error-handling bug in socks-open-proxy that caused it to fail
when scanning a SOCKS4-only proxy. Reported on IRC by Husky. [Daniel Miller]
o [NSE] Improved ntp-info script to handle underscores in returned
data.
o [NSE] Add quake1-info script for retrieving server and player information
from Quake 1 game servers. Reports potential DoS amplification factor.
[Ulrik Haugen]
o [NSE] Add unicode library for decoding and encoding UTF-8, UTF-16, CP437 and
other character sets to Unicode code points. Scripts that previously just
added or skipped nulls in UTF-16 data can use this to support non-ASCII
characters. [Daniel Miller]
o When doing a ping scan (-sn), the --open option will prevent down hosts from
being shown when -v is specified. This aligns with similar output for other
scan types. [Daniel Miller]
o [Ncat] Added support for socks5 and corresponding regression tests.
[Marek Lucaszuk, Petr Stodulka]
o [NSE] Add http-ntlm-info script for getting server information from Web
servers that require NTLM authentication. [Justin Cacak]
o Added TCP support to dns.lua. [John Bond]
o Added safe fd_set operations. This makes nmap fail gracefully instead of
crashing when the number of file descriptors grows over FD_SETSIZE. Jacek
Wielemborek reported the crash. [Henri Doreau]
o [NSE] Added tls library for functions related to SSLv3 and TLS messages.
Existing ssl-enum-ciphers, ssl-date, and tls-nextprotoneg scripts were
updated to use this library. [Daniel Miller]
o [NSE] Add sstp-discover script to discover Microsoft's Secure Socket
Tunnelling Protocol (http://msdn.microsoft.com/en-us/library/cc247338.aspx)
[Niklaus Schiess]
o [NSE] Added unittest library and NSE script for adding unit tests to NSE
libraries. See unittest.lua for examples, and run `nmap --script=unittest
--script-args=unittest.run -d` to run the tests. [Daniel Miller]
o Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release) [Daniel Miller]
o Added version detection signatures and probes for a bunch of Android
remote mouse/keyboard servers, including AndroMouse, AirHID,
Wifi-mouse, and RemoteMouse. [Paul Hemberger]
o [NSE] Added allseeingeye-info for gathering information from games
using this query protocol. A version detection probe was also
added. [Marin Maržić]
o [NSE] Add freelancer-info to gather information about the Freelancer
game server. Also added a related version detection probe and UDP
protocol payload for detecting the service. [Marin Maržić]
o [Ncat] Fixed compilation when --without-liblua is specified in
configure (an #include needed an ifdef guard). [Quentin Glidic]
o [NSE] Add http-server-header script to grab the Server header as a last-ditch
effort to get a software version. This can't be done as a softmatch because
of the need to match non-HTTP services that obey some HTTP requests. [Daniel
Miller]
o [NSE] Add rfc868-time script to get the date and time from an RFC 868 Time
server. [Daniel Miller]
o [NSE] Add weblogic-t3-info script that detects the T3 RMI protocol used by
Oracle/BEA Weblogic. Extracts the Weblogic version, as well [Alessandro
Zanni, Daniel Miller]
o Fixed a bug in libdnet with handling interfaces with AF_LINK addresses on
FreeBSD >9 reported by idwer on IRC. Likely affected other *BSDs. Handled by
skipping these non-network addresses. [Daniel Miller]
o Fixed a bug with UDP checksum calculation. When the UDP checksum is zero
(0x0000), it must be transmitted as 1's-complement -0 (0xffff) to avoid
ambiguity with +0, which indicates no checksum was calculated. This affected
UDP on IPv4 only. Reported by Michael Weber. [Daniel Miller]
o [NSE] Removed a fixed value (28428) which was being set for the Request ID in
the snmpWalk library function; a value based on nmap.clock_ms will now be set
instead.
o [NSE] Add http-iis-short-name-brute script that detects Microsoft IIS
servers vulnerable to a file/folder name disclosure and a denial of
service vulnerability. The script obtains the "shortnames" of the
files and folders in the webroot folder. [Paulino Calderon]
o Idle scan now supports IPv6. IPv6 packets don't usually come with
fragments identifiers like IPv4 packets do, so new techniques had to
be developed to make idle scan possible. The implementation is by
Mathias Morbitzer, who made it the subject of his master's thesis.
o [NSE] Add http-dlink-backdoor script that detects DLink routers with firmware
backdoor allowing admin access over HTTP interface. [Patrik Karlsson]
o The ICMP ID of ICMP probes is now matched against the sent ICMP ID,
to reduce the chance of false matches. Patch by Chris Johnson.
o [NSE] Made telnet-brute support multiple parallel guessing threads,
reuse connections, and support password-only logins.
o [NSE] Made the table returned by ssh1.fetch_host_key contain a "key"
element, like that of ssh2.fetch_host_key. This fixed a crash in the
ssh-hostkey script reported by Dan Farmer and Florian Pelgrim. The
"key" element of ssh2.fetch_host_key now is base64-encoded, to match
the format used by the known_hosts file. [David Fifield]
o [Nsock] Handle timers and timeouts via a priority queue (using a heap)
for improved performance. Nsock now only iterates over events which are
completed or expired instead of inspecting the entire event set at each
iteration. [Henri Doreau]
o [NSE] Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list. [Nicolle Neulist]
o [NSE] Added the qconn-exec script by Brendan Coles, which tests the
QNX QCONN service for remote command execution.
o [Zenmap] Fixed a crash that would happen when you entered a search
term starting with a colon: "AttributeError:
'FilteredNetworkInventory' object has no attribute 'match_'".
Reported by Kris Paernell. [David Fifield]
o [Ncat] Added NCAT_PROTO, NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT, NCAT_LOCAL_ADDR
and NCAT_LOCAL_PORT environment variables being set in all --*-exec child
processes.