| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix patches to configure scripts to only add -libverbs if found in base
PR: 242987
Reported by: Dries Michiels <driesm.michiels@gmail.com>
Reported by: garga
MFH: 2020Q1
Notes:
svn path=/head/; revision=522159
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove local patches incorporated upstream.
- Add patches to add missing libibverbs dependency when linking
libpcap statically (required to allow build on FreeBSD >= 12.0).
(See similar fix applied to port net-mgmt/dhcdrop in r499639).
Changes this release:
https://seclists.org/nmap-announce/2019/0
Approved by: ohauer (maintainer timeout)
Differential Revision: https://reviews.freebsd.org/D22730
Notes:
svn path=/head/; revision=521487
|
| |
|
|
| |
Notes:
svn path=/head/; revision=514144
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- add option for bundled libssh2
- add option for bundled libpcap
- add upstream patch for arp-ioctl.c
- change URL's from http to https
PR: 221522
Submitted by: lightside
Notes:
svn path=/head/; revision=466083
|
| |
|
|
|
|
|
|
|
| |
- regenerate patches with makepatch
PR: ports/221522
Notes:
svn path=/head/; revision=460437
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- add new FreeBSD-specific patch;
- remove invalid comment from Makefile (it did build but produced run-time error);
- bump PORTREVISION.
PR: 217558
Approved by: ohauer (maintainer timeout, 10 weeks), vsevolod (mentor)
Notes:
svn path=/head/; revision=441214
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library improvements
Full Changelog:
https://nmap.org/changelog.html
Notes:
svn path=/head/; revision=429075
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nmap 7.31 [2016-10-20]
o Fixed the way Nmap handles scanning names that resolve to the same IP. Due to
changes in 7.30, the IP was only being scanned once, with bogus results
displayed for the other names. The previous behavior is now restored.
[Tudor Emil Coman]
o [GH#350] Fix an assertion failure due to floating point error in equality
comparison, which triggered mainly on OpenBSD:
assertion "diff <= interval" failed: file "timing.cc", line 440
This was reported earlier as [GH#472] but the assertion fixed there was a
different one. [David Carlier]
o [Zenmap] Fix a crash in the About page in the Spanish translation due to a
missing format specifier:
File "zenmapGUI\About.pyo", line 217, in __init__
TypeError: not all arguments converted during string formatting
[Daniel Miller]
o [Zenmap][GH#556] Better visual indication that display of hostname is tied to
address in the Topology page. You can show numeric addresses with hostnames
or without, but you can't show hostnames without numeric addresses when they
are not available. [Daniel Miller]
o To increase the number of IPv6 fingerprint submissions, a prompt for
submission will be shown with some random chance for successful matches of OS
classes that are based on only a few submissions. Previously, only
unsuccessful matches produced such a prompt. [Daniel Miller]
MFH: 2016Q4
Notes:
svn path=/head/; revision=424433
|
| |
|
|
|
|
|
|
|
|
| |
PR: 213570
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
Notes:
svn path=/head/; revision=424411
|
| |
|
|
|
|
|
|
| |
Changelog:
https://nmap.org/changelog.html
Notes:
svn path=/head/; revision=422952
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security/nmap:
- Ensure MAINTAINER and COMMENT do not clobber those of slave port
- Add .if !defined(MASTERDIR) to prevent inclusion in slave port
- Do not include bsd.port.options.mk, as none of the features are used
security/zenmap:
- Convert to slave of security/nmap to ensure they are updated in lockstep
- Inherently update to 7.25 BETA2 (current version of security/nmap)
- Take maintainership
- Remove redundant port header variables included from MASTERDIR
- PKGNAME of zenmap achieved using PKGNAMEPREFIX=ze and PORTNAME=nmap
- Inherit LICENSE_FILE, as zenmap/COPYING states it is the same as nmap
- Set directory variables so they are not inhereted from MASTERDIR
- Convert post-extract to post-patch, as it is modifying WRKSRC files
- Fix REINPLACE command, as it was leaving the line with nothing but a
single ',' and causing the build to fail
- Do not download external zenmap icon, as one is included in distfile
Approved by: ohauer (security/nmap maintainer), mat (mentor)
Differential Revision: https://reviews.freebsd.org/D7880
Notes:
svn path=/head/; revision=422291
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Full Changelog: https://nmap.org/changelog.html
Changelog (very shortened):
Nmap 7.25BETA2 [2016-09-01]
- [NSE] Upgraded NSE to Lua 5.3
- [NSE] Added 2 NSE scripts, bringing the total up to 534!
- Add 587 new fingerprints
- [NSE] Fix a crash when parsing TLS certificates
- [NSE][GH#531] Fix two issues in sslcert.lua
- [NSE][GH#234] Added a --script-timeout option for limiting run time
- [Ncat][GH#444] Added a -z option to Ncat
- [NSE] ssl-enum-ciphers now warn about 64-bit block ciphers in CBC mode
- [NSE][GH#117] Improve tftp-enum
- [GH#472] Avoid an unnecessary assert failure in timing.cc
- [NSE][GH#519] Removed the obsolete script ip-geolocation-geobytes
- [NSE] refresh of almost all fingerprints for script http-default-accounts
- [GH#98] Added support for decoys in IPv6
- Various performance improvements for large-scale high-rate scanning
- [GH#439] Nmap now supports OpenSSL 1.1.0-pre5 and previous versions
- [Ncat] Fix a crash when --exec was used with --ssl and --max-conns
- Improve FTP Bounce scan
- [GH#140] Allow target DNS names up to 254 bytes
- [NSE] Allow bigger hard limit on number of concurrently running scripts
- [NSE] Added the datetime library
- [GH#103][GH#364] Made Nmap's parallel reverse DNS resolver more robust
Notes:
svn path=/head/; revision=421269
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- s/USE=OPENSSL/USES=ssl/
Some highlighs from the Changelog:
Nmap 7.25BETA1 [2016-07-13]
o [NSE] Added 6 NSE scripts, from 5 authors, bringing the total up to 533!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
+ clamav-exec detects ClamAV servers vulnerable to unauthorized clamav
command execution. [Paulino Calderon]
+ http-aspnet-debug detects ASP.NET applications with debugging enabled.
[Josh Amishav-Zlatin]
+ http-internal-ip-disclosure determines if the web server leaks its internal
IP address when sending an HTTP/1.0 request without a Host header. [Josh
Amishav-Zlatin]
+ [GH#304] http-mcmp detects mod_cluster Management Protocol (MCMP) and dumps
its configuration. [Frank Spierings]
+ [GH#365] sslv2-drown detects vulnerability to the DROWN attack, including
CVE-2016-0703 and CVE-2016-0704 that enable fast attacks on OpenSSL.
[Bertrand Bonnefoy-Claudet]
+ vnc-title logs in to VNC servers and grabs the desktop title, geometry, and
color depth. [Daniel Miller]
o Integrated all of your IPv4 OS fingerprint submissions from January
to April (539 of them). Added 98 fingerprints, bringing the new total
to 5187. Additions include Linux 4.4, Android 6.0, Windows Server
2016, and more. [Dan Miller]
o Integrated all 31 of your IPv6 OS fingerprint submissions from January to
June. The classifier added 2 groups and expanded several others. Several
Apple OS X groups were consolidated, reducing the total number of groups to
93. [Daniel Miller]
Notes:
svn path=/head/; revision=418661
|
| |
|
|
| |
Notes:
svn path=/head/; revision=412164
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
o [NSE] VNC updates including vnc-brute support for TLS security type and
negotiating a lower RFB version if the server sends an unknown higher
version. [Daniel Miller]
o [NSE] Added STARTTLS support for VNC, NNTP, and LMTP [Daniel Miller]
o Added new service probes and match lines for OpenVPN on UDP and TCP.
Notes:
svn path=/head/; revision=412154
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
o [NSE][GH#341] Added support for diffie-hellman-group-exchange-* SSH key
exchange methods to ssh2.lua, allowing ssh-hostkey to run on servers that
only support custom Diffie-Hellman groups. [Sergey Khegay]
o [NSE] Added support in sslcert.lua for Microsoft SQL Server's TDS protocol,
so you can now grab certs with ssl-cert or check ciphers with
ssl-enum-ciphers. [Daniel Miller]
Notes:
svn path=/head/; revision=411673
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- remove support for custom IPv4 only kernel [1]
Short summary:
- 12 new NSE scripts
- hundreds of new OS/version fingerprints
- dozens if smaller improvements and bug fixes
Full Changelog:
https://nmap.org/changelog.html
[1] nmap does no longer build agains custom kernel without IPv6!
Notes:
svn path=/head/; revision=411320
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FreeBSD related changes:
========================
Nmap 7.01 [2015-12-09]
o [NSE] [GH#254] Update the TLSSessionRequest probe in ssl-enum-ciphers to
match the one in nmap-service-probes, which was fixed previously to correct a
length calculation error. [Daniel Miller]
o [NSE] [GH#251] Correct false positives and unexpected behavior in http-*
scripts which used http.identify_404 to determine when a file was not found
on the target. The function was following redirects, which could be an
indication of a soft-404 response. [Tom Sellers]
o [NSE] [GH#241] Fix a false-positive in hnap-info when the target responds
with 200 OK to any request. [Tom Sellers]
o [NSE] [GH#244] Fix an error response in xmlrpc-methods when run against a
non-HTTP service. The expected behavior is no output. [Niklaus Schiess]
o [NSE] Fix SSN validation function in http-grep, reported by Bruce Barnett.
Notes:
svn path=/head/; revision=403675
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
Nmap 7.00 [2015-11-19]
o This is the most important release since Nmap 6.00 back in May 2012!
For a list of the most significant improvements and new features,
see the announcement at: https://nmap.org/7
o [NSE] Added 6 NSE scripts from 6 authors, bringing the total up to 515!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
+ targets-xml extracts target addresses from previous Nmap XML results files.
[Daniel Miller]
+ [GH#232] ssl-dh-params checks for problems with weak, non-safe, and
export-grade Diffie-Hellman parameters in TLS handshakes. This includes the
LOGJAM vulnerability (CVE-2015-4000). [Jacob Gajek]
+ nje-node-brute does brute-forcing of z/OS JES Network Job Entry node names.
[Soldier of Fortran]
+ ip-https-discover detectings support for Microsoft's IP over HTTPS
tunneling protocol. [Niklaus Schiess]
+ [GH#165] broadcast-sonicwall-discover detects and extracts information from
SonicWall firewalls. [Raphael Hoegger]
+ [GH#38] http-vuln-cve2014-8877 checks for and optionally exploits a
vulnerability in CM Download Manager plugin for Wordpress. [Mariusz Ziulek]
o [Ncat] [GH#151] [GH#142] New option --no-shutdown prevents Ncat from shutting
down when it reads EOF on stdin. This is the same as traditional netcat's
"-d" option. [Adam Saponara]
o [NSE] [GH#229] Improve parsing in http.lua for multiple Set-Cookie headers in
a single response. [nnposter]
Notes:
svn path=/head/; revision=401988
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- use new OPTIONS targes
Parts from Changelog [1]
==========================
Nmap 6.49BETA6
o Integrated all of your IPv6 OS fingerprint submissions from April to October
(only 9 of them!). We are steadily improving the IPv6 database, but we need
your submissions. The classifier added 3 new groups, bringing the new total
to 93. Highlights: http://seclists.org/nmap-dev/2015/q4/61 [Daniel Miller]
o Integrated all of your IPv4 OS fingerprint submissions from February to
October (1065 of them). Added 219 fingerprints, bringing the new total to
4985. Additions include Linux 4.1, Windows 10, OS X 10.11, iOS 9, FreeBSD
11.0, Android 5.1, and more. Highlights:
http://seclists.org/nmap-dev/2015/q4/60 [Daniel Miller]
o Integrated all of your service/version detection fingerprints submitted from
February to October (800+ of them). The signature count went up 2.5% to
10293. We now detect 1089 protocols, from afp, bitcoin, and caldav to
xml-rpc, yiff, and zebra. Highlights: http://seclists.org/nmap-dev/2015/q4/62
[Daniel Miller]
o [NSE] Added 10 NSE scripts from 5 authors, bringing the total up to 509!
They are all listed at http://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
...
[1] https://nmap.org/changelog.html
Notes:
svn path=/head/; revision=400749
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- use DOCS instead PORTDOCS
- remove gcc workaround [1]
- (hopefully) use the correct __FreeBSD_version for SOCK_RAW
Changelog:
https://nmap.org/changelog.html
PR: 196065 [1]
PR: 200558 [2]
PR: 202139 [3]
Submitted by: sbruno@ , mikael.urankar@gmail.com [1]
Submitted by: truckman@ [2]
Submitted by: trasz@ [3]
Notes:
svn path=/head/; revision=398033
|
| |
|
|
|
|
|
|
| |
PR: 196065
Submitted by: mikael.urankar
Notes:
svn path=/head/; revision=375549
|
| |
|
|
|
|
|
|
| |
PR: 193478
Submitted by: dewayne @ heuristicsystems.com.au
Notes:
svn path=/head/; revision=368003
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add CPE entry
- sort pkg-plist
Changelog (entries related to the command line tools)
Nmap 6.47 [2014-08-20]
o Integrated all of your IPv4 OS fingerprint submissions since June 2013
(2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
Highlights: http://seclists.org/nmap-dev/2014/q3/325 [Daniel Miller]
o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
was added in 6.45, and resulted in trouble for Nmap XML parsers without
network access, as well as increased traffic to Nmap's servers. The doctype
is now:
<!DOCTYPE nmaprun>
o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
being written in the wrong place, so authentication could not succeed.
Reported with patch by Pierluigi Vittori.
o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
this to the string "(null)", but it caused segfault on Solaris. [Daniel Miller]
o Handle ICMP admin-prohibited messages when doing service version detection.
Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
callback. Error code: 101 (Network is unreachable) [David Fifield]
o [NSE] Fix a bug causing http.head to not honor redirects. [Patrik Karlsson]
MFH: 2014Q3
Notes:
svn path=/head/; revision=365724
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o [NSE] Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability.
o [Zenmap] Fixed a bug which caused this crash message:
IOError: [Errno socket error] [Errno 10060] A connection attempt failed
because the connected party did not properly respond after a period of
time, or established connection failed because connected host has
failed to
respond
The bug was caused by us adding a DOCTYPE definition to Nmap's XML
output which caused Python's XML parser to try and fetch the DTD
every time it parses an XML file. We now override that DTD-fetching
behavior. [Daniel Miller]
o [NSE] Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash
(http://seclists.org/nmap-dev/2014/q2/120) [Patrik Karlsson]
o [NSE] Improved performance of citrixlua library when handling large XML
responses containing application lists. [Tom Sellers]
Notes:
svn path=/head/; revision=351520
|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
http://nmap.org/changelog.html
Most of the changes of version 6.45 where already
adopted in the last port version
Notes:
svn path=/head/; revision=351324
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The update includes a working script to detect whether a server
is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160)
http://nmap.org/nsedoc/scripts/ssl-heartbleed.html
MFH: 2014Q2
Notes:
svn path=/head/; revision=350889
|
| |
|
|
|
|
|
|
|
|
|
| |
- update internal liblua from 5.2.2 -> 5.2.3
- bump PORTREVISION
[1] nmap use static lua for nmap, nping and ncat, after
build lua is no longer needed.
Notes:
svn path=/head/; revision=339526
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- adopt ${opt}_USE style
- remove ${opt} PKGNAMEPREFIX
- bump PORTREVISION
PR: ports/184288
Submitted by: Ruslan Makhmatkhanov <rm@FreeBSD.org>
Notes:
svn path=/head/; revision=334897
|
| |
|
|
| |
Notes:
svn path=/head/; revision=328590
|
| |
|
|
|
|
|
| |
security)
Notes:
svn path=/head/; revision=327769
|
| |
|
|
|
|
|
|
|
|
|
| |
- remove patches for EOL FreeBSD releases
- convert to OPTIONS
Changelog:
http://nmap.org/changelog.html
Notes:
svn path=/head/; revision=325091
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(nmap 6.25 contains liblua5.2.1)
Requested by Martin Olsson <martin.olsson@sentor.se> per PM
PR: 175210
Submitted by: Jürgen <caligula@primamail.de>
Obtained from: http://lua-users.org/lists/lua-l/2011-12/msg00708.html
Notes:
svn path=/head/; revision=310346
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- fix build with clang and stdlib=libc++ [1]
Nmap 6.25 [2012-11-29]
o [NSE] Added CPE to smb-os-discovery output.
o [Ncat] Fixed the printing of warning messages for large arguments to
the -i and -w options. [Michal Hlavinka]
o [Ncat] Shut down the write part of connected sockets in listen mode
when stdin hits EOF, just as was already done in connect mode.
[Michal Hlavinka]
o [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube. [Jesper Kückelhahn]
o Added some new checks for failed library calls. [Bill Parker]
PR: 172358
174817
Submitted by: arrowdodger <6yearold@gmail.com> [1]
Anders N. <wicked@baot.se> (general update request)
Notes:
svn path=/head/; revision=310010
|
| |
|
|
|
|
|
|
| |
Introduces the UTF-32 library pcre32
Bump PORTREVISION in dependent ports
Notes:
svn path=/head/; revision=308630
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Announcement: http://seclists.org/nmap-hackers/2012/3
Changelog: http://nmap.org/changelog.html
Some relevant changes in 6.01:
o Fixed a bug that caused Nmap to fail to find any network interface when
at least one of them is in the monitor mode. The fix was to define the
ARP_HRD_IEEE80211_RADIOTAP 802.11 radiotap header identifier in the
libdnet-stripped code. Network interfaces that are in this mode are used
by radiotap for 802.11 frame injection and reception. The bug was
reported by Tom Eichstaedt and Henri Doreau.
http://seclists.org/nmap-dev/2012/q2/449
http://seclists.org/nmap-dev/2012/q2/478
[Djalal Harouni, Henri Doreau]
o Fixed the greppable output of hosts that time-out (when --host-timeout was
used and the host timed-out after something was received from that host).
This issue was reported by Matthew Morgan. [jah]
Notes:
svn path=/head/; revision=299888
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
Nmap 6.00
o Most important release since Nmap 5.00 in July 2009! For a list of
the most significant improvements and new features, see the
announcement at: http://nmap.org/6
o In XML output, <osclass> elements are now child elements of the
<osmatch> they belong to. Old output was thus:
<os><osclass/><osclass/>...<osmatch/><osmatch/>...</os>
New output is:
<os><osmatch><osclass/><osclass/>...</osmatch>...</os>
The option --deprecated-xml-osclass restores the old output, in case
you use an Nmap XML parser that doesn't understand the new
structure. The xmloutputversion has been increased to 1.04.
o Added a new <target> element to XML output that indicates when a
target specification was ignored, perhaps because of a syntax error
or DNS failure. It looks like this:
<target specification="1.2.3.4.5" status="skipped" reason="invalid"/>
[David Fifield]
o [NSE] Added the script samba-vuln-cve-2012-1182 which detects the
SAMBA pre-auth remote root vulnerability (CVE-2012-1182).
[Aleksandar Nikolic]
o [NSE] Added http-vuln-cve2012-1823.nse, which checks for PHP CGI
installations with a remote code execution vulnerability. [Paulino
Calderon]
o [NSE] Added script targets-ipv6-mld that sends a malformed ICMP6 MLD Query
to discover IPv6 enabled hosts on the LAN. [Niteesh Kumar]
o [NSE] Added rdp-vuln-ms12-020.nse by Aleksandar Nikolic. This tests
for two Remote Desktop vulnerabilities, including one allowing
remote code execution, that were fixed in the MS12-020 advisory.
o [NSE] Added a stun library and the scripts stun-version and stun-info, which
extract version information and the external NAT:ed address.
[Patrik Karlsson]
o [NSE] Added the script duplicates which attempts to determine duplicate
hosts by analyzing information collected by other scripts. [Patrik Karlsson]
o Fixed the routing table loop on OS X so that on-link routes appear.
Previously, they were ignored so that things like ARP scan didn't
work. [Patrik Karlsson, David Fifield]
o Upgraded included libpcap to version 1.2.1.
o [NSE] Added ciphers from RFC 5932 and Fortezza-based ciphers to
ssl-enum-ciphers.nse. The patch was submitted by Darren McDonald.
o [NSE] Renamed hostmap.nse to hostmap-bfk.nse.
o Fixed a compilation problem on Solaris 9 caused by a missing
definition of IPV6_V6ONLY. Reported by Dagobert Michelsen.
o Setting --min-parallelism by itself no longer forces the maximum
parallelism to the same value. [Chris Woodbury, David Fifield]
o Changed XML output to show the "service" element whenever a tunnel
is discovered for a port, even if the service behind it was unknown.
[Matt Foster]
o [Zenmap] Fixed a crash that would happen in the profile editor when
the script.db file doesn't exist. The bug was reported by Daniel
Miller.
o [Zenmap] It is now possible to compare scans having the same name or
command line parameters. [Jah, David Fifield]
o Fixed an error that could occur with ICMPv6 probes and -d4 debugging:
"Unexpected probespec2ascii type encountered" [David Fifield]
o [NSE] Added new script http-chrono, which measures min, max and average
response times of web servers. [Ange Gutek]
o Applied a workaround to make pcap captures work better on Solaris
10. This involves peeking at the pcap buffer to ensure that captures
are not being lost. A symptom of the previous behavior was that,
when doing ARP host discovery against two targets, only one would be
reported as up. [David Fifield]
o Fixed a bug that could cause Nsock timers to fire too early. This
could happen for the timed probes in IPv6 OS detection, causing an
incorrect measurement of the TCP_ISR feature. [David Fifield]
o [Zenmap] We now build on Windows with a newer version of PyGTK, so
copy and paste should work again.
o Changed the way timeout calculations are made in the IPv6 OS engine.
In rare cases a certain interleaving of probes and responses would
result in an assertion failure.
Notes:
svn path=/head/; revision=297346
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
small snippet from changelog:
http://nmap.org/changelog.html
o Integrated all of your IPv4 OS fingerprint submissions since June 2011 (about 1,900 of them)
Added about 256 new fingerprints (total 3,572)
o Integrated all of your service/version detection fingerprints submitted since November 2010
(signature count increased to 7,423)
o Integrated your latest IPv6 OS submissions and corrections
o [NSE] Added 43(!) NSE scripts, bringing the total up to 340
o [NSE] Added 14 new protocol libraries
o [CPE] (Common Platform Enumeration) OS classification is now supported for IPv6 OS detection
o Added a new --script-args-file option
o [NSE] Added support for decoding EIGRP broadcasts from Cisco routers to broadcast-listener
o [NSE] Added redirect support to the http library
o Update to the latest MAC address prefix assignments from IEEE as of March 8, 2012
Test builds sponsored by redports.org
Feature safe: yes
Notes:
svn path=/head/; revision=293047
|
| |
|
|
| |
Notes:
svn path=/head/; revision=291338
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For detailed Changes see http://nmap.org/changelog.html
(List is simply to long ...)
Some highlights
* [NSE] Added a new httpspider library which is used for recursively
crawling web sites for information. New scripts using this
functionality include http-backup-finder, http-email-harvest,
http-grep, http-open-redirect, and http-unsafe-output-escaping. See
http://nmap.org/nsedoc/ or the list later in this file for details
on these.
* [NSE] Added a vulnerability management library (vulns.lua) to store and to
report discovered vulnerabilities.
* [NSE] Added a new script force feature. You can force scripts to
run against target ports (even if the "wrong" service is detected)
by placing a plus in front of the script name passed to --script.
See http://nmap.org/book/nse-usage.html#nse-script-selection.
* [NSE] Added 51(!) NSE scripts, bringing the total up to 297.
Build tests sponsored by redports.org
Notes:
svn path=/head/; revision=288517
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- add workaround for system build with WITHOUT_INET6 [1]
Thanks to Kim Scarborough for sharing the libpcap workaround
PR: ports/159376 [1]
Submitted by: Alexander Panyushkin [1]
Notes:
svn path=/head/; revision=282935
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Fix all ports that add {CPP,LD}FLAGS to *_ENV to modify flags instead
PR: 157936
Submitted by: myself
Exp-runs by: pav
Approved by: pav
Notes:
svn path=/head/; revision=282282
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Here is the (partial) CHANGELOG since 5.59BETA1:
Nmap 5.61TEST1 [2011-09-19]
o The changelog entries below for this test release are not yet
finished or comprehensive. We'll update them soon.
o [Ncat] Updated ca-bundle.crt (primarily to remove DigiNotar).
o Fixed compilation on OS X 10.7 Lion. Thanks to Patrik Karlsson and
Babak Farroki for researching fixes.
o [NSE] Fixed SSL compressor names in ssl-enum-ciphers.nse, and
removed redundant multiple listings of the NULL compressor.
[Matt Selsky]
o [NSE] Added cipher strength ratings to ssl-enum-ciphers.nse.
[Gabriel Lawrence]
o Added Common Platform Enumeration (CPE, http://cpe.mitre.org/)
output for OS and service versions. These show up in normal output
with the headings "OS CPE:" and "Service Info:":
OS CPE: cpe:/o:linux:kernel:2.6.39
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
These also appear in XML output, which additionally has CPE entries
for service versions. [David, Henri]
o [NSE] Added new default credential list for Oracle and modified the
oracle-brute script to make use of it. [Patrik]
o [NSE] Added xmpp-info.nse as a replacement for xmpp.nse. This updated version
brings new features and fixes. [Vasiliy Kulikov]
o Fixed RPC scan for 64-bit architectures by using fixed-size data
types. [David]
o Relaxed the XML DTD to allow validation of files where the verbosity
level changed during the scan. [Daniel Miller]
o Made a service confidence of 8 (used when tcpwrapped) and indeed any
number between 0 and 10 be legal in XML output according to the DTD.
[Daniel Miller]
o [NSE] Added three scripts that do host discovery on local IPv6
subnets. Each of them uses a different multicast technique, meaning
that even very large networks have host discovery done without
needing to probe every address individually.
+ targets-multicast-ipv6-echo: Sends a multicast echo request, like
broadcast-ping does for IPv4.
+ targets-multicast-ipv6-invalid-dst: Sends an invalid packet that
can elicit an ICMPv6 Parameter Problem response.
+ targets-multicast-ipv6-slaac: Sends a phony router advertisement,
which causes hosts to allocate a temporary address and then send a
packet to discover if anyone else is using the address.
[Weilin, David]
o [NSE] Added functions to packet.lua to make it easier to build IPv6
packets. [Weilin]
o [NSE] Added new script http-vuln-cve2011-3192 which checks whether an instance
of Apache is vulnerable to a DoS attack exploiting the byterange filter.
[Duarte Silva].
o [NSE] Fixed authentication problems in the TNS library that would prevent
authentication from working against Oracle 11.2.0.2.0 XE [Chris Woodbury]
o Removed some restrictions on probe matching that, for example,
prevented a RST/ACK reply from being recognized in a NULL scan. This
was found and fixed by Matthew Stickney and Joe McEachern.
o Rearranged some characters classes in service matches to avoid any
that look like POSIX collating symbols ("[.xyz.]"). John Hutchison
discovered this error caused by one of the match lines:
InitMatch: illegal regexp: POSIX collating elements are not supported
[Daniel Miller]
o [NSE] Added the address-info.nse script, which shows extra information about IP addresses.
o [NSE] Added scripts http-joomla-brute, http-wordpress-brute, http-wp-enum and
http-awstatstotal-exec. [Paulino]
o [Zenmap] Fixed zenmap deleting ports based on newer scans which did
not actually scan the port in question. Additionally ncat now only
updates ports with new information if the new information is the same
protocol. Not just the same port. [Colin Rice]
o [Ncat] Fixed ncat crashing with --ssl-verify -vvv on windows. [Colin Rice]
o [NSE] Added script http-waf-detect. This script tries to determine
if an IDS/IPS/WAF is protecting a web server. [Paulino]
o [NSE] Added the bittorrent library and bittorrent-discovery script which
enables us to discover peers and nodes for a particular torrent file or
magnet link.
o [NSE] Added basic query support to the Oracle TNS library making it possible
for scripts to query the database server using SQL. [Patrik]
o [Ncat] Added --append-output option, that when used along with -o and/or -x
prevents clobbering(truncating) an existing file. [Shinnok]
o [NSE] Added script broadcast-listener that attempts to discover hosts by
passively listening to the network. It does so by decoding ethernet and IP
broadcast and multicast messages. [Patrik]
o Fixed a bug that would make Nmap segfault if it failed to open an interface
using pcap. The bug details and patch are posted here:
http://seclists.org/nmap-dev/2011/q3/365 [Patrik]
o Ncat SCTP mode supports connection brokering now(--sctp --broker). [Shinnok]
o Nmap now defers options parsing until it has read through all the command line
arguments. You can now use options like -S with an IPv6 address before
specifying -6 at the command line, which previously got you an error.
[Shinnok]
o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs
brute force password auditing against XMPP (Jabber) servers. [Patrik]
o [NSE] Fixed a bug in the ssh2-enum-algos script that would prevent it from
displaying any output unless run in debug mode. [Patrik]
o [NSE] Fixed the nsedebug print_hex() function so it does not print an
empty line if there are no remaining characters, and improved its NSEDoc.
[Chris Woodbury].
o [NSE] Added the scripts http-axis2-dir-traversal and
http-litespeed-sourcecode-download that exploits a directory traversal and
null byte poisoning vulnerabilities in Apache Axis2 and LiteSpeed Web Server
respectively. [Paulino]
o [Ncat] Ncat now no longer blocks while an ssl handshake is taking place or
waiting to complete. [Shinnok]
o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover
message to the broadcast address and collects and reports the network
information received from the DHCP server. [Patrik]
o [NSE] Added the script smtp-brute that performs brute force password
auditing against SMTP servers. [Patrik]
o [NSE] Updated SMTP library to support authentication using both plain-text
and the SASL library. [Patrik]
o [NSE] Added the script imap-brute that performs brute force password
auditing against IMAP servers. [Patrik]
o [NSE] Updated IMAP library to support authentication using both plain-text
and the SASL library. [Patrik]
o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson
providing common code for "Simple Authentication and Security Layer" to
services supporting it. The algorithms supported by the library are:
PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]
o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs
library. The cvs-brute-repository script allows for guessing possible
repository names needed in order to perform password guessing using the
cvs-brute.nse script. [Patrik]
o [Zenmap] The Zenmap crash handler now instructs you to mail in crash
information to nmap-dev. [Colin Rice]
o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4
ARP scan. It is the default ping type for local IPv6 networks.
[Weilin]
o [NSE] Added smtp-vuln-cve2011-1764 script, which checks if the Exim
SMTP server is vulnerable to the DKIM Format String vulnerability
(CVE-2011-1764). [Djalal]
o Added the broadcast-ping script which sends icmp packets to broadcast
addresses on the selected network interface, or all ethernet interfaces if
none is selected. It has the option to add the discovered hosts as targets.
o [NSE] Applied patch from Chris Woodbury that adds the following additional
information to the output of smb-os-discovery:
+ Forest name
+ FQDN
+ NetBIOS computer name
+ NetBIOS domain name
o [Ncat] Ncat now supports IPV6 addresses by default without the -6 flag.
Additionally ncat listens on both :: and localhost when passed
-l, or any other listening mode unless a specific listening address is
supplied.
o [NSE] Split script db2-discover into two scripts, adding a new
broadcast-db2-discover script. This script attempts to discover DB2
database servers through broadcast requests. [Patrik Karlsson]
o Fixed broken XML output in the case of timed-out hosts; the
enclosing host element was missing. The fix was suggested by Rémi
Mollon.
o [NSE] Added ftp-vuln-cve2010-4221 script, which checks if the ProFTPD
server is vulnerable to the Telnet IAC stack overflow vulnerability
(CVE-2010-4221). [Djalal]
o [NSE] Added ftp-vsftpd-backdoor, which detects a backdoor that was introduced
into vsftpd-2.3.4 source code distributions. [Daniel Miller]
o [NSE] ldap-brute.nse - Multiple changes:
+ Added support for 2008 R2 functional level Active Directory instances
to ldap-brute.
+ Added detection for valid credentials where the target account was
expired or limited by time or login host constraints.
+ Added support for specifying a UPN suffix to be appended to usernames
when brute forcing Microsoft Active Directory accounts.
+ Added support for saving discovered credentials to a CSV file.
+ Now reports valid credentials as they are discovered when the script
is run with -vv or higher.
[Tom Sellers]
o [NSE] ldap-search.nse - Added support for saving search results to
CSV. This is done by using the ldap.savesearch script argument to
specify an output filename prefix. [Tom Sellers]
o [NSE] Updated smb-brute to add detection for valid credentials where the
target account was expired or limited by time or login host constraints.
[Tom Sellers]
o [NSE] Updated account status text in brute force password discovery
scripts in an effort to make the reporting more consistent across
all scripts. This will have an impact on any code that parses these
values. [Tom Sellers]
Notes:
svn path=/head/; revision=282279
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This version includes:
o 40 new NSE scripts (plus improvements to many others)
o even more IPv6 goodness than our informal World IPv6 Day release
o 7 new NSE protocol libraries
o hundreds of bug fixes
o and much more see http://seclists.org/nmap-hackers/2011/3
Notes:
svn path=/head/; revision=276784
|
| |
|
|
|
|
|
|
| |
PR: ports/156880
Submitted by: Zhihao Yuan <lichray _at_ gmail.com>
Notes:
svn path=/head/; revision=275042
|
| |
|
|
|
|
|
| |
Thanks to Christian Peron csjp@
Notes:
svn path=/head/; revision=272976
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nmap 5.51 [2011-02-11]
o [Ndiff] Added support for prerule and postrule scripts. [David]
o [NSE] Fixed a bug which caused some NSE scripts to fail due to the
absence of the NSE SCRIPT_NAME environment variable when loaded.
Michael Pattrick reported the problem. [Djalal]
o [Zenmap] Selecting one of the scan targets in the left pane is
supposed to jump to that host in the Nmap Output in the right pane
(but it wasn't). Brian Krebs reported this bug. [David]
o Fixed an obscure bug in Windows interface matching. If the MAC
address of an interface couldn't be retrieved, it might have been
used instead of the correct interface. Alexander Khodyrev reported
the problem. [David]
o [NSE] Fixed portrules in dns-zone-transfer and ftp-proftpd-backdoor
that used shortport functions incorrectly and always returned
true. [Jost Krieger]
o [Ndiff] Fixed ndiff.dtd to include two elements that can be diffed:
status and address. [Daniel Miller]
o [Ndiff] Fixed the ordering of hostscript-related elements in XML
output. [Daniel Miller]
o [NSE] Fixed a bug in the nrpe-enum script that would make it run for
every port (when it was selected--it isn't by default). Daniel
Miller reported the bug. [Patrick]
o [NSE] When an NSE script sets a negative socket timeout, it now
causes a controlled Lua stack trace instead of a fatal error.
Vlatko Kosturjak reported the bug. [David]
o [Zenmap] Worked around an error that caused the py2app bootstrap
executable to be non-universal even when the rest of the application
was universal. This prevented the binary .dmg from working on
PowerPC. Yxynaxen reported the problem. [David]
o [Ndiff] Fixed an output line that wasn't being redirected to a file
when all other output was. [Daniel Miller]
Notes:
svn path=/head/; revision=269092
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- always enable bpf in libdnet-stripped to support build in Jail [1]
Announcement and Changelog are very long and covered by last updates.
Announcement: http://seclists.org/nmap-hackers/2011/0
Changelog: http://nmap.org/changelog.html
PR: ports/154353 [1]
Submitted by: Mars G Miro <spry _at_ anarchy.in.the.ph> [1]
Feature safe: yes
Notes:
svn path=/head/; revision=268453
|
| |
|
|
|
|
|
|
|
| |
Changelog: http://nmap.org/changelog.html
Feature safe: yes
Notes:
svn path=/head/; revision=268112
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- remove dead mirror servers
Changelog: http://nmap.org/changelog.html
Mayjor changes are NSE script related, some highlihts:
o [NSE] Added stuxnet-detect.nse
o [NSE] Added the ftp-proftpd-backdoor.nse
and many more interesting NSE scripts.
Notes:
svn path=/head/; revision=267490
|
