Nabble - Nmap - Hackers

Diagramming networks

2009-09-28T04:18:30Z

Hi,

Is there any addon for NMAP that will allow me to export network diagrams as visio files or some other file type that i can then use to edit and tidy the diagrams up ?

Olly

Nmap -sC -oG file.xml

2009-09-18T08:21:13Z

I am unable to get the output from script scan in the grep format. I use -oX and try the powershell parser still no script scan data. Would love to get this in -oG any way to do that?

How to scan a secure network

2009-09-09T08:43:05Z

I have tried scaning a network for computer but the network is very secure and blocks a lot of scans is there a way to scan these without being pucked up on

Nmap 5.00 Released!

2009-07-16T10:03:52Z

Hello everyone. I'm delighted to announce the release of Nmap 5.00!
This is the first major release since 4.50 in 2007, and includes about
600 significant changes since then! We consider this the most
important Nmap release since 1997, and we recommend that all current
users upgrade.

There are too many changes to list them all in this email, so here are
the top 5 improvements in Nmap 5:

1) The new Ncat tool aims to be your Swiss Army Knife for data
transfer, redirection, and debugging. We released a whole users'
guide (http://nmap.org/ncat/guide/index.html) detailing security
testing and network administration tasks it made easy with Ncat.
Details: http://nmap.org/5/#changes-ncat

2) The addition of the Ndiff scan comparison tool completes Nmap's
growth into a whole suite of applications which work together to
serve network administrators and security practitioners. Ndiff
makes it easy to automatically scan your network daily and report
on any changes (systems coming up or going down or changes to the
software services they are running). The other two tools now
packaged with Nmap itself are Ncat and the much improved Zenmap GUI
and results viewer. Details: http://nmap.org/5/#changes-ndiff

3) Nmap performance has improved dramatically. We spent last summer
scanning much of the Internet and merging that data with internal
enterprise scan logs to determine the most commonly open
ports. This allows Nmap to scan fewer ports by default while
finding more open ports. We also added a fixed-rate scan engine so
you can bypass Nmap's congestion control algorithms and scan at
exactly the rate (packets per second) you specify. Details:
http://nmap.org/5/#changes-performance

4) We released Nmap Network Scanning, the official Nmap guide to
network discovery and security scanning. From explaining port
scanning basics for novices to detailing low-level packet crafting
methods used by advanced hackers, this book suits all levels of
security and networking professionals. A 42-page reference guide
documents every Nmap feature and option, while the rest of the book
demonstrates how to apply those features to quickly solve
real-world tasks. More than half the book is available in the free
online edition at http://nmap.org/book/toc.html. Details:
http://nmap.org/5/#changes-book

5) The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and
flexible features. It allows users to write (and share) simple
scripts to automate a wide variety of networking tasks. Those
scripts are then executed in parallel with the speed and efficiency
you expect from Nmap. All existing scripts have been improved, and
32 new ones added. New scripts include a whole bunch of
MSRPC/NetBIOS attacks, queries, and vulnerability probes; open
proxy detection; whois and AS number lookup queries; brute force
attack scripts against the SNMP and POP3 protocols; and many
more. All NSE scripts and modules are described in the new NSE
documentation portal. Details: http://nmap.org/5/#changes-nse

To learn about even more changes, see the full release notes here:

http://nmap.org/5/

The Nmap 5.00 source code and Linux, Mac, and Windows packages are
available for download at the usual place:

http://nmap.org/download.html

Go give it a try! And if you find any bugs, let us know on nmap-dev
(http://nmap.org/book/man-bugs.html).

As an open source project, we don't have a marketing budget. So
please help spread the word about the new release! I encounter many
folks at security conferences who have been using Nmap for more than a
decade but just as a simple port scanner and never learned about the
newer features. So this is our chance to spread the word about NSE,
Ncat, Ndiff, Zenmap, and all the other great things Nmap has to offer!

Enjoy the new release!
-Fyodor
_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

Re: nmap OS detection

2009-07-16T07:06:24Z

What version are you using?

I'm using 4.76 and it seems to work fairly well in a Windows environment.

nandkishorejk wrote:

i am trying to run nmap scan in Windows environment for os detection...
but i am getting the error message as "Too many fingerprints match this host to give specific OS details"
Please suggest how can i overcome this problem

it would be very helpful if someone specifies a model example that i can use on command line to solve my problem,

nmap OS detection

2009-07-15T08:41:59Z

i am trying to run nmap scan in Windows environment for os detection...
but i am getting the error message as "Too many fingerprints match this host to give specific OS details"
Please suggest how can i overcome this problem

it would be very helpful if someone specifies a model example that i can use on command line to solve my problem,

Nmap news: stable release candidate 4.90RC1, SoC team, and new translations

2009-06-26T14:04:44Z

Hi Folks. I'm pleased to announce some exciting Nmap news:

[=================Nmap 4.90RC1==================]

It has been nearly 10 months (and 11 dev releases) since 4.76, the
last stable Nmap release. And we've made many dramatic changes, so it
is time for a new stable version! I've posted a release
candidate--4.90RC1--on the Nmap download page:

http://nmap.org/download.html

Please test it out, and let us know if you find any problems (bug
reporting instructions: http://nmap.org/book/man-bugs.html). If this
gets some good testing and no show-stopper bugs are discovered, we
hope to do the major release next week.

Changes are too numerous to list here, but you can find them at
http://nmap.org/changelog.html. There are more than 100 significant
changes in the five releases since the last one I sent to this list
(4.85BETA6).

[=================Summer of Code==================]

I'm pleased to introduce the 2009 Nmap/Google Summer of Code team! We
have six students working hard on a network authentication cracker
(ncrack), a raw packet prober (nping), the Nmap Scripting Engine, and
more:

http://seclists.org/nmap-dev/2009/q2/0317.html

You can follow their progress on the nmap-dev mailing list, where they
post updates every Monday night:

http://seclists.org/#nmap-dev

[=================Twitter==================]

We've been posting news tidbits (only 1 or 2 a week) to Twitter. You
can follow us at:

http://twitter.com/nmap/

[=================Translation News==================]

Open Source Press has just released their German translation of Nmap
Network Scanning. I worked closely with Dinu Gherman, who did the
actual translating, and Dr. Markus Wirtz, who runs things there and
took a great interest in the book. It is currently featured on their
front page at https://www.opensourcepress.de/ and the detail page for
Nmap Netzwerke Scannen, Analysieren und Absichern is at:

https://www.opensourcepress.de/index.php?26&backPID=178&tt_products=270

Open Source Press also contributed their German translation of the
Nmap Reference Guide so we could post it free online:

http://nmap.org/man/de/

I'm also happy to announce another new Nmap Reference Guide
translation: Indonesian by Tedi Heriyanto. Here it is:

http://nmap.org/man/id/

We now have the Nmap Reference Guide in 16 languages! You can see
them all here:

http://nmap.org/docs.html

While 16 languages is great, we're always looking for new
translations! If you speak a language other than those 16 (or think
an existing translation needs to be updated/improved) and would like
to help, let me know! Here are the translation instructions:

http://nmap.org/xlate-faq.html

We're also always on the lookout for translators for the Zenmap
frontend. This is a substantially easier job than translating the
whole reference guide. And so far, we only have translations to
German, French, Hungarian, and Brazilian Portuguese. If you'd like to
add your native language, see:

http://nmap.org/book/zenmap-lang.html

Official Brazilian Portuguese and Korean translations of the whole
Nmap Network Scanning book are on the way. The English version
continues to be a best-seller, and I'm pleased to see some great
reviews:

http://nmap.org/book/#reviews

[=================FIN==================]

That is all for now. Happy hacking!

-Fyodor

_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

nmap killt internet-connection

2009-06-15T03:25:54Z

Hi@all!

I use nmap on my computer which runs sygate personal firewall.
When I scan a target nmap delivers results but when the scan is finished
my Internet-Connection is not available, I can not even access Lan-Resources.
When I do a ping to any host the dos-box answers: Hardware-Error.
When I deactivate the Sygate-Wall, everything works ok.
Any Idea what this is?

Greetings from Germay

Tobi

Need a hacker

2009-04-22T13:06:12Z

Can a hacker please send me a pm

How to crack the news sistem

2009-04-22T08:02:49Z

Hi to everybody, i'd like to now if enyone ever tried to crack a news sistem. My specific interest is to find a way to recive and view videoclips from the APTN network, wich is one of the most important international video provider for broadcasters like CNN, BBC and so on.
This kind of providers use satellite connection to redistribute videos all over the word and national televisions can use them to creaet news. The problem is that when we watch the tv this images have been cutted and mixet on the discretion of each channel and we loose the capacity of a personal interpretation.
This is the reason why I'd like to find a way to watch original clips without spending the enormous amount of money that a regular subscription to APTN requires, and that joust a great broadcasting network can effort.
Please help me if you can.

Babemb

Nmap 4.85BETA6 now avail w/Conficker detection

2009-03-31T17:04:29Z

Hi Folks! In case you missed all the news reports yesterday, a couple
great researchers from the Honeynet Project (Tillmann Werner and Felix
Leder) and Dan Kaminsky came up with a way to remotely detect the
Conficker worm which has infected millions of machines worldwide.
Some say 15,000,000 machines infected, but that might just be
exaggerated AV-company BS for all I know. But there are clearly
millions of infections, and this massive botnet is scheduled for a new
update cycle starting tomorrow. Will this cause Internet doom? No,
but the bad guys might fix the mechanism that lets us remotely detect
'em. Or they might engage in other mischief with their botnet.
That's why we did the emergency releases--so you can scan for and
remove them early! During the process, I had to infect one of my
systems with Conficker for testing, and Nmap even got booted from
Dreamhost's "unlimited bandwidth" hosting because the downloads were
taking too much bandwidth. They said:

"Sadly your file nmap-4.85BETA5-setup.exe, and a few similar, were
getting so many downloads on your machine, iceman, that it
saturated out the 100mbit connection on it, and cause everyone
else's sites to go down."

Dreamhost blocked further downloads, but we quickly switched to using
our colocation provider and also got some mirroring help from Brandon
Enright at UCSD! So UCSD is hosting 4.85BETA6. Of course I'd like to
thank Ron Bowes who wrote the detection code (it is an update to his
existing smb-check-vulns SMB script). David Fifield was a huge help
too.

An example Conficker scan command is:

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnets]

A clean machine should report at the bottom: "Conficker: Likely
Clean", while likely infected machines report "Conflicker: Likely
INFECTED". For more details and updates, see our announcement here:

http://insecure.org/

And of course to download Nmap 4.85BETA6, see:

http://nmap.org/download.html

Of course we have some other nice improvements besides Conficker
detection. Here are the changes since BETA4:

Nmap 4.85BETA6 [2009-03-31]

o Fixed some bugs with the Conficker detection script
(smb-check-vulns) [Ron]:
o SMB response timeout raised to 20s from 5s to compensate for
slow/overloaded systems and networks.
o MSRPC now only signs messages if OpenSSL is available (avoids an
error).
o Better error checking for MS08-067 patch
o Fixed forgotten endian-modifier (caused problems on big-endian
systems such as Solaris on SPARC).

o Host status messages (up/down) are now uniform between ping scanning
and port scanning and include more information. They used to vary
slightly, but now all look like
Host is up (Xs latency).
Host is down.
The new latency information is Nmap's estimate of the round trip
time. In addition, the reason for a host being up is now printed for
port scans just as for ping scans, with the --reason option. [David]

o Version detection now has a generic match line for SSLv3 servers,
which matches more servers than the already-existing set of specific
match lines. The match line found 13% more SSL servers in a test.
Note that Nmap will not be able to do SSL scan-through against a
small fraction of these servers, those that are SSLv3-only or
TLSv1-only, because that ability is not yet built into Nsock. There
is also a new version detection probe that works against SSLv2-only
servers. These have shown themselves to be very rare, so that probe
is not sent by default. Kristof Boeynaems provided the patch and did
the testing.

o [Zenmap] A typo that led to a crash if the ndiff subprocess
terminated with an error was fixed. [David] The message was
File "zenmapGUI\DiffCompare.pyo", line 331, in check_ndiff_process
UnboundLocalError: local variable 'error_test' referenced before assignment

o [Zenmap] A crash was fixed:
File "zenmapGUI\SearchGUI.pyo", line 582, in operator_changed
KeyError: "Syst\xc3\xa8me d'Exploitation"
The text could be different, because the error was caused by
translating a string that was also being used as an index into an
internal data structure. The string will be untranslated until that
part of the code can be rewritten. [David]

o [Zenmap] A bug was fixed that caused a crash when doing a keyword:
or target: search over hosts that had a MAC address. [David]
The crash output was
File "zenmapCore\SearchResult.pyo", line 86, in match_keyword
File "zenmapCore\SearchResult.pyo", line 183, in match_target
TypeError: argument of type 'NoneType' is not iterable

o Fixed a bug which prevented all comma-separated --script arguments
from being shown in Nmap normal and XML output files where they show
the original Nmap command. [David]

o Fixed ping scanner's runtime statistics system so that instead of
saying "0 undergoing Ping Scan" it gives the actual number of hosts in
the group (e.g. 4096). [David]

o [Zenmap] A crash was fixed in displaying the "Error creating the
per-user configuration directory" dialog:
File "zenmap", line 104, in
File "zenmapGUI\App.pyo", line 129, in run
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 43-45:
invalid data
The crash would only happen to users with paths containing
multibyte characters in a non-UTF-8 locale, who also had some error
preventing the creation of the directory. [David]

Nmap 4.85BETA5 [2009-03-30]

o Ron (in just a few hours of furious coding) added remote detection
of the Conficker worm to smb-check-vulns. It is based on new
research by Tillmann Werner and Felix Leder. You can scan your
network for Conficker with a command like: nmap -PN -T4 -p139,445 -n
-v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

o Ndiff now includes service (version detection) and OS detection
differences. [David]

o [Ncat] The --exec and --sh-exec options now work in UDP mode like
they do in TCP mode: the server handles multiple concurrent clients
and doesn't have to be restarted after each one. Marius Sturm
provided the patch.

o [Ncat] The -v option (used alone) no longer floods the screen with
debugging messages. With just -v, we now only print the most
important status messages such as "Connected to ...", a startup
banner, and error messages. At -vv, minor debugging messages are
enabled, such as what command is being executed by --sh-exec. With
-vvv you get detailed debugging messages. [David]

o [Ncat] Chat mode now lets other participants know when someone
connects or disconnects, and it also broadcasts a current list of
participants at such times. [David]

o [Ncat] Fixed a socket handling bug which could occur when you
redirect Ncat stdin, such as "ncat -l --chat < /dev/null". The next
user to connect would end up with file descriptor 0 (which is
normally stdin) and thus confuse Ncat. [David]

o [Zenmap] The "Scan Output" expanders in the diff window now behave
more naturally. Some strange behavior on Windows was noted by Jah.
[David]

o The following OS detection tests are no longer included in OS
fingerprints: U1.RUL, U1.TOS, IE.DLI, IE.SI, and IE.TOSI. URL, DLI,
and SI were found not be helpful in distinguishing operating systems
because they didn't vary. TOS and TOSI were disabled in 4.85BETA1
but now they are not included in prints at all. [David]

o The compile-time Nmap ASCII dragon is now more ferocious thanks to
better teeth alignment. [David]

o Version 4.85BETA4 had a bug in the implementation of the new SEQ.CI
test that could cause a closed-port IP ID to be written into the
array for the SEQ.TI test and cause erroneous results. The bug was
found and fixed by Guillaume Prigent.

o Nbase has grown routines for calculating Adler32 and CRC32C
checksums. This is needed for future SCTP support. [Daniel
Roethlisberger]

o [Zenmap] Zenmap no longer shows an error message when running Nmap
with options that cause a zero-length XML file to be produced (like
--iflist). [David]

o Fixed an off-by-one error in printableSize() which could cause Nmap
to crash while reporting NSE results. Also, NmapOutputTable's memory
allocation strategy was improved to conserve memory. [Brandon,
Patrick]

o [Zenmap] We now give the --force option to setup.py for installation
to ensure that it replaces all files. [David]

o Nmap's --packet-trace, --version-trace, and --script-trace now use
an Nsock trace level of 2 rather than 5. This removes some
superfluous lines which can flood the screen. [David]

o [Zenmap] Fixed a crash which could occur when loading the help URL
if the path contains multibyte characters. [David]

o [Ncat] The version number is now matched to the Nmap release it came
with rather than always being 0.2. [David]

o Fixed a strtok issue between load_exclude and
TargetGroup::parse_expr that caused only the first exclude on
a line to be loaded as well as an invalid read into free()'d
memory in load_exclude(). [Brandon, David]

o NSE's garbage collection system (for cleaning up sockets from
completed threads, etc.) has been improved. [Patrick]

Enjoy the new release and disenfect those systems!
-Fyodor
_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

Nmap News: 4.84BETA4 release, Nmap book news, Summer of Code, Twitter, etc.

2009-03-27T14:01:00Z

Hello everyone. We've seen 848 messages on nmap-dev this year, but
this is my first post to nmap-hackers. So I have a lot of exciting
Nmap news to fit into this one email!

[=================Nmap 4.85BETA4==================]

While the last release I posted to this list was 4.76 in September of
last year, we've had four beta releases since then with hundreds of
important and dramatic changes. I'm pretty happy with the latest
4.85BETA4 release, but more testing and feedback would help. Please
give it a try and report any issues or suggestions to
nmap-dev@... as described at
http://nmap.org/book/man-bugs.html.

4.85BETA4 (compared to 4.76) includes our new Ncat and Ndiff tools, a
ton of new NSE scripts for superior network discovery, more than 5,000
version detection signatures and nearly 2,000 OS fingerprints,
improved scan performance, and much more! You can read about all the
changes at http://nmap.org/changelog.html. Be sure to read all the
way down to 4.85BETA1, as that includes some of the most dramatic
changes.

Download Nmap 4.85BETA4 from: http://nmap.org/download.html

[===============Summer of Code 2009===============]

The Nmap project has been accepted to participate for our fifth year
of the Google Summer of Code! This phenomenal program sponsors
college and graduate students to spend the summer working on open
source software. Many of Nmap's coolest features started out as SoC
projects, including:

Zenmap GUI - http://nmap.org/zenmap/
Nmap Scripting Engine (NSE) - http://nmap.org/book/nse.html
Ncat - http://nmap.org/ncat/
Ndiff - http://nmap.org/ndiff/
2nd Generation OS Detection - http://nmap.org/book/osdetect.html

We hope to work on even more great projects this summer! But the key
to successful projects is recruiting talented and motivated
participants. If anyone here on nmap-hackers is an eligible college
or graduate student with time for full time open source development
work this summer, I urge you to apply! Or if you have eligible
friends or relatives who might benefit from the program, please let
them know about it!

Applications are due next Friday (April 3) by Noon PDT (19:00 UTC).
More information:

Nmap SoC ideas and application instructions: http://nmap.org/soc/
Google's SoC 2009 information page: http://socghop.appspot.com/
Details on Nmap's Previous SoC Successes:
http://google-opensource.blogspot.com/2008/11/nmaps-fourth-gsoc-success-stories-and.html

Even if you aren't eligible or interested in participating as a
student, you can always join the nmap-dev list and help out. That is
where SoC work (and the rest of Nmap development) is coordinated. So
you can discuss ideas, review code patches, try experimental releases,
etc. See http://seclists.org/#nmap-dev for archives, or click "about
list" there for a signup form.

[==============Nmap Network Scanning==============]

I'm delighted to report that the Nmap book release was a huge success!
Nmap Network Scanning was even the top selling computer book on Amazon
for a while. I was so excited I took a screen shot:

http://nmap.org/book/img/nns-top-seller-942x1024.png

It is great to see a book on network scanning up ahead of more
mainstream topics such as digital photography and blogging, even if
only for a day or two.

A down side of the unexpectedly high sales was that NNS went out of
stock on Amazon for a couple weeks. Fortunately it is now back in
stock for immediate shipment:

http://www.amazon.com/dp/0979958717?tag=secbks-20

Although it is hard in the U.S. to beat Amazon's $32.97 price (which
includes free shipping), I've added some other purchasing options
here:

http://nmap.org/book/#purchase

I was also gratified to see so many positive reviews of NNS from the
likes of TaoSecurity, Information Week, About.Com, Slashdot, ITWire,
etc. I posted more than a dozen of them to:

http://nmap.org/book/#reviews

One goal is to make Nmap more accessible by translating the book to
many languages. Contracts have already been signed for German,
Korean, and Brazilian Portuguese editions. But if you have contacts
with publishers in other languages who might be interested, I'd love
to hear from you! Details on the pending translations are available
here:

http://nmap.org/book/#reviews

Don't forget that more than half the book chapters are already free
online at:

http://nmap.org/book/toc.html

[================Nmap News Briefs================]

o Nmap won the LinuxQuestions.Org Network Security App of the Year
Award--for the sixth year in a row! See
http://seclists.org/nmap-dev/2009/q1/0395.html.

o Nmap was spotted in its 8th movie (Khottabych). Find them all at
http://nmap.org/movies.html.

o The Nmap Project now has a Twitter account! Don't expect more than
a handful of tweets each month, but you can follow us at
http://twitter.com/nmap/.

That is all for now, but stay tuned because we have a lot of exciting
plans for 2009!

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

New Hackers Forum h4ckanything.freeforums.org

2009-03-19T05:16:03Z

we have a lot of hacking things at our forum like.... the things are listed below...
: For sale .. Fresh ccv, and FULLZ ( paypal login and ebay + email acess ), Bank logins and Tranfer availabler ( only for sale ), western union Transfer Availble ( with debit & credit card ), tranfer from CC ( fullz ) to paypal, Dumps , track 1 & 2.. intrested peoples IM me now ............ contact blackhat.hackers@ymail.com for deal

: western union transfer is available in ... I will show the proof first http://h4ckanything.freeforums.org/ ............ contact blackhat.hackers@ymail.com for deal

: Free credit cards @ http://hackanything.freeforums.org/ ............ contact http://h4ckanything.freeforums.org/ for deal

BUY,Exchange, SELL your liberty reserve ,alertpay, altergold, moneybookers amount in http://h4ckanything.freeforums.org/............ contact blackhat.hackers@ymail.com for deal

: Learn hacking from best hacking forum on net
http://h4ckanything.freeforums.org/ ............ contact blackhat.hackers@ymail.com for deal

: Bank transfers available on http://h4ckanything.freeforums.org/ ............ contact blackhat.hackers@ymail.com for deal

: CVV : USA = $3 . UK = $5 .. FULLZ USA = $10 .. UK =$ 15 . ASIA = $20 ............ contact blackhat.hackers@ymail.com for deal

Nmap Network Scanning Book Released!

2008-12-09T03:07:59Z

Nmap Hackers:

After promising you a book on Nmap for years, I'm delighted to finally
announce the release of Nmap Network Scanning! It contains everything
I've learned about network scanning from more than a decade of Nmap
development, plus some bad jokes and (over Time Warner's written
objections) pictures of Trinity hacking the Matrix :). Here is the
abstract:

Nmap Network Scanning is the official guide to the Nmap Security
Scanner, a free and open source utility used by millions of people
for network discovery, administration, and security auditing. From
explaining port scanning basics for novices to detailing low-level
packet crafting methods used by advanced hackers, this book by
Nmap's original author suits all levels of security and networking
professionals. The reference guide documents every Nmap feature and
option, while the remainder demonstrates how to apply them to
quickly solve real-world tasks. Examples and diagrams show actual
communication on the wire. Topics include subverting firewalls and
intrusion detection systems, optimizing Nmap performance, and
automating common networking tasks with the Nmap Scripting Engine.

The planned release date was January 1, but Amazon beat the deadline
and is now shipping in time for Christmas! Imagine your loved one's
surprise when she (or he) finds nearly 500 pages of port scanning
bliss in her stocking!

You can find reviews, sample chapters, and a detailed summary at:

http://nmap.org/book/

Or you can pick the book up at Amazon for $33.71:

http://www.amazon.com/dp/0979958717?tag=secbks-20

It is available on the International Amazon sites too, as well as
other online retailers. Your local book store probably doesn't have
it yet, but can likely order it for you.

About half of the content is available free online at
http://nmap.org/book/toc.html . Chapters exclusive to the print
edition include "Detecting and Subverting Firewalls and Intrusion
Detection Systems", "Optimizing Nmap Performance", "Port Scanning
Techniques and Algorithms", "Host Discovery (Ping Scanning)", and
more.

If you enjoy the book, please help spread the word! While my previous
books were published by Addison-Wesley and Syngress, this one was
self-published. While that allowed me to post half the book online
before it was even released, it also means I lose the marketing budget
and clout of a major publisher. So if you like the book, please post
a review to your blog/site/Amazon or tell your friends about it!

Apparently there was some pent-up demand for the book, as it is
currently the 11th best-selling computer book on Amazon. Maybe it
will be even higher by the time you read this:

http://www.amazon.com/gp/bestsellers/books/5/ref=pd_zg_hrsr_b_1_2&tag=secbks-20

I'd like to thank the many people who helped make this book possible
by reviewing drafts, contributing stories, brainstorming ideas, etc.
In particular, I'd like to thank David Fifield, Raven Alder, Matt
Baxter, Saurabh Bhasin, Mark Brewis, Ellen Colombo, Patrick Donnelly,
Brandon Enright, Brian Hatch, Loren Heal, Lee "MadHat" Heath, Dan
Henage, Tor Houghton, Doug Hoyte, Marius Huse Jacobsen, Kris
Katterjohn, Eric Krosnes, Vlad Alexa Mancini, Michael Naef, Bill
Pollock, David Pybus, Tyler Reguly, Chuck Sterling, Anders Thulin,
Bennett Todd, Diman Todorov, and Catherine Tornabene!

And most importantly, I want to wish you all happy holidays!

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

Nmap News: 4.76 release, Defcon presentation online, Is port scanning legal?

2008-09-23T13:11:16Z

Hi everyone. I'm happy to report that the Nmap 4.75 release (with
port frequencies, Zenmap topology, etc.) was a big success. But such
large exposure inevitably leads to bug discovery, so we've
released version 4.76 with about a dozen small fixes and stability
improvements. If 4.75 is working great for you, there is probably no
need to upgrade. But if you encountered problems, or if you are the
type who waits a couple weeks for stabilization before trying a big
new release, now is your chance to upgrade to 4.76. It's available at
the normal location:

http://nmap.org/download.html

And you can read about the changes here:

http://nmap.org/changelog.html

Speaking of the big 4.75 changes, I presented many of them at Defcon
and Black Hat last month in Las Vegas, including details behind my
Worldscan project (scanning tens of millions of hosts all over the
Internet) and some of the ways smart folks can use this empirical data
to make your scans more effective.

But I know that some of you couldn't make it to Defcon this year, and
even many who came were turned away from my talk because the room was
full :(. So now that 4.75 is out and includes most of the new
features I demonstrate in the presentation, I've posted the audio,
video, and slides online (along with a previous presentation at
ShmooCon) at my new presentations page:

http://insecure.org/presentations/

Note a few of the new features discussed (particularly Ncat and Ndiff)
didn't make it into 4.75, but they are available now in our SVN
repository:

http://nmap.org/book/install.html#inst-svn

The third thing I wanted to mention is that I've freed Ch1 of my
upcoming (in late October) Nmap book. I actually put this online a
while back, but forgot to link to it or tell anyone :). The title is
"Getting Started with Nmap", which sounds too basic for a group of
nmap-hackers. But there are several sections you might find
interesting:

"Legal issues" discusses whether unauthorized port scanning is a crime
and also how to mitigate the risk of crashing target
computers/networks:

http://nmap.org/book/legal-issues.html

"The History and Future of Nmap" discusses where we've been and where
we're going:

http://nmap.org/book/history-future.html

Sometimes the best way to understand something is to see it in action.
The "Nmap Overview and Demonstration" section includes examples of
Nmap used in (mostly) fictional yet typical circumstances. The Nmap
experts here probably won't learn much from this section, but it is
good for getting newbies excited about Nmap and to understand the
basics:

http://nmap.org/book/nmap-overview-and-demos.html

Enjoy all the new content!
-Fyodor
_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

Nmap 4.75 released

2008-09-08T14:14:31Z

Hi Everyone. I'm delighted to report the release of Nmap 4.75, which
has almost 100 significant improvements since 4.68. Some which I'm
most excited about are:

o While Nmap stands for "Network Mapper", it hasn't been able to
actually draw you a map of the network--until now! Visit
http://nmap.org/book/zenmap-topology.html for details and pretty
pictures of Zenmap's new Scan Topology system.

o I spent much of this summer scanning tens of millions of IPs on the
Internet (plus collecting data contributed by some enterprises) to
determine the most commonly open ports. Nmap now uses that
empirical data to scan more effectively.

And there is much more, from hundreds of new OS detection fingerprints
to many new Nmap Scripting Engine scripts and libraries. I had no
idea how many people still used Windows 2000 until 4.68 came out
broken on that platform and I was flooded with email! That is fixed
now. And its just one of many bug fixes and performance improvements
in this release. Remember that we had 7 Google SoC students working
full-time this summer, and this release includes some of their best
work.

You can obtain Nmap 4.75 from the normal location:

http://nmap.org/download.html

Please give it a try! And if you encounter any problems, report them
to nmap-dev as described at http://nmap.org/book/man-bugs.html

Here is the detailed list of important 4.75 changes from
http://nmap.org/changelog.html:

o [Zenmap] Added a new Scan Topology system. The idea is that if we
are going to call Nmap the "Network Mapper", it should at least be
able to draw you a map of the network! And that is what this new
system does. It was achieved by integrating the RadialNet Nmap
visualization tool (http://www.dca.ufrn.br/~joaomedeiros/radialnet),
into Zenmap. Joao Medeiros has been developing RadialNet for more
than a year. For details, complete with some of the most beautiful
Zenmap screen shots ever, visit
http://nmap.org/book/zenmap-topology.html. The integration work was
done by SoC student Vladimir Mitrovic and his mentor David Fifield.

o [Zenmap] Another exciting new Zenmap feature is Scan Aggregation.
This allows you to visualize and analyze the results of multiple
scans at once, as if they were from one Nmap execution. So you might
scan one network, analyze the results a bit, then scan some of the
machines more intensely or add a completely new subnet to the
scan. The new results are seamlessly added to the old, as described
at http://nmap.org/book/zenmap-scanning.html#aggregation. [David,
Vladimir]

o Expanded nmap-services to include information on how frequently each
port number is found open. The results were generated by scanning
tens of millions of IPs on the Internet this Summer, and augmented
with internal network data contributed by some large
organizations. [Fyodor]

o Nmap now scans the most common 1,000 ports by default in either
protocol (UDP scan is still optional). This is a decrease from
1,715 TCP ports and 1,488 UDP ports in Nmap 4.68. So Nmap is faster
by default and, since the port selection is better thanks to the
port frequency data, it often finds more open ports as
well. [Fyodor]

o Nmap fast scan (-F) now scans the top 100 ports by default in either
protocol. This is a decrease from 1,276 (TCP) and 1,017 (UDP) in
Nmap 4.68. Port scanning time with -F is generally an order of
magnitude faster than before, making -F worthy of its "fast scan"
moniker. [Fyodor]

o The --top-ports option lets you specify the number of ports you wish
to scan in each protocol, and will pick the most popular ports for
you based on the new frequency data. For both TCP and UDP, the top
10 ports gets you roughly half of the open ports. The top 1,000
(out of 65,536 possible) finds roughly 93% of the open TCP ports and
more than 95% of the open UDP ports. [Fyodor, Doug Hoyte]

o David integrated all of your OS detection fingerprint and correction
submissions from March 11 until mid-July. In the process we reached
the 1500-signature milestone for the 2nd generation OS detection
system. We can now detect the newest iPhones, Linux 2.6.25, OS X
Darwin 9.2.2, Windows Vista SP1, and even the Nintendo Wii. Nmap now
has 1,503 signatures, vs. 1,320 in 4.68. Integration is now faster
and more pleasant thanks to the new OSassist application developed
by Nmap SoC student Michael Pattrick. See
http://seclists.org/nmap-dev/2008/q3/0089.html and
http://seclists.org/nmap-dev/2008/q3/0139.html for more details.

o Nmap now works with Windows 2000 again, after being broken by our
IPv6 support improvements in version 4.65. A couple new dependencies
are required to run on Win2K, as described at
http://nmap.org/book/inst-windows.html#inst-win2k .

o [Zenmap] Added a context-sensitive help system to the Profile
Editor. You can now mouse-over options to learn more about what
they are used for and their proper argument syntax. [Jurand Nogiec]

o When Nmap finds a probe during ping scan which elicits a response,
it now saves that information for the port scan and later phases.
It can then "ping" the host with that probe as necessary to collect
timing information even if the host is not responding to the normal
port scan packets. Previously, Nmap's port scan timing pings could
only use information gathered during that port scan itself. A
number of other "port scan ping" system improvements were made at
the same time to improve performance against firewalled hosts. For
full details, see http://seclists.org/nmap-dev/2008/q3/0647.html
[David, Michael, Fyodor]

o --traceroute now uses the timing ping probe saved from host
discovery and port scanning instead of finding its own probe. The
timing ping probe is always the best probe Nmap knows about for
eliciting a response from a target. This will have the most effect
on traceroute after a ping scan, where traceroute would sometimes
pick an ineffective probe and traceroute would fail even though the
target was up. [David]

o Added dns-safe-recursion-port and dns-safe-recursion-txid
(non-default NSE scripts) which use the 3rd party dns-oarc.net
lookup to test the source port and transaction ID randomness of
discovered DNS servers (assuming they allow recursion at all).
These scripts, which test for the "Kaminsky" DNS bugs, were
contributed by Brandon Enright.

o Added whois.nse, which queries the Regional Internet Registries
(RIRs) to determine who the target IP addresses are assigned
to. [Jah]

o [Zenmap] Overhauled the default list of scan profiles based on
nmap-dev discussion. Users now have a much more diverse and useful
set of default profile options. And if they don't like any of those
canned scan commands, they can easily create their own in the
Profile Editor! [David]

o Fyodor made a number of performance tweaks, such as:
o increase host group sizes in many cases, so Nmap will now commonly
scan 64 hosts at a time rather than 30
o align host groups with common network boundaries, such as /24 or
/25
o Increase maximum per-target port-scan ping frequency to one every
1.25 seconds rather than every five. Port scan pings happen
against heavily firewalled hosts and the like when Nmap is not
receiving enough responses to normal scan to properly calculate
timing variables and detect packet drops.

o Added a new NSE binlib library, which offers bin.pack() and
bin.unpack() functions for dealing with storing values in and
extracting them from binary strings. For details, see
http://nmap.org/book/nse-library.html#nse-binlib . [Philip
Pickering]

o Added a new NSE DNS library. See this thread:
http://seclists.org/nmap-dev/2008/q3/0310.html [Philip Pickering]

o Added new NSE libraries for base64 encoding, SNMP, and POP3 mail
operations. They are described at
http://seclists.org/nmap-dev/2008/q3/0233.html . [Philip Pickering]

o Added NSE scripts popcapa (retrieves POP3 server capabilities) and
brutePOP3 (brute force POP3 authentication cracker) which make use
of the new POP3 library. [Philip Pickering]

o Added the SNMPcommunitybrute NSE script, which is a brute force
community string cracker. Also modified SNMPsysdescr to use the new
SNMP library. [Philip Pickering]

o Fixed the SMTPcommands script so that it can't return multiple
values (which was causing problems). Thanks to Jah for tracking down
the problem and sending a fix for SMTPcommands. Then Patrick fixed
NSE so it can handle misbehaving scripts like this without causing
mysterious side effects.

o Added a new NSE Unpwdb (username/password database) library for
easily obtaining usernames or passwords from a list. The functions
usernames() and passwords() return a closure which returns a new
list entry with every call, or nil when the list is exhausted. You
can specify your own username and/or password lists via the script
arguments userdb and passdb, respectively. [Kris]

o Nmap's Nsock-utilizing subsystems (DNS, NSE, version detection) have
been updated to support the -S and --ip-options flags. [Kris]

o A new --max-rate option was added, which complements --min-rate. It
allows you to specify the maximum byte rate that Nmap is allowed to
send packets. [David]

o Added --ip-options support for the connect() scan (-sT). [Kris]

o Nsock now supports binding to a local address and setting IPv4
options with nsi_set_localaddr() and nsi_set_ipoptions(),
respectively. [Kris]

o Added IPProto Ping (-PO) support to Traceroute, and fixed support for
IPProto Scan (-sO) and the ICMP Pings (-PE, -PP, -PM) in Traceroute
as well. These could cause Nmap to hang during Traceroute. [Kris]

o [Zenmap] Added a "Cancel" button for cancelling a scan in progress
without losing any Nmap output obtained so far. [Jurand Nogiec]

o Improve the netbios-smb-os-discovery NSE script to improve target
port selection and to also decode the system's timestamp from an SMB
response. [Ron at SkullSecurity]

o Nmap now avoids collapsing large numbers of ports in open|filtered
state (e.g. just printing that 500 ports are in that state rather
than listing them individually) if verbosity or debugging levels are
greater than two. See this thread:
http://seclists.org/nmap-dev/2008/q3/0312.html . [Fyodor]

o The NSE http library now supports chunked encoding. [Sven Klemm]

o The NSE datafiles library now has generic file parsing routines, and
the parsing of the standard nmap data files (e.g. nmap-services,
nmap-protocols, etc.) now uses those generic routines. NSE scripts
and libraries may find them useful for dealing with their own data
files, such as password lists. [Jah]

o Passed the big revision 10,000 milestone in the Nmap project SVN
server: http://seclists.org/nmap-dev/2008/q3/0682.html

o Added some Windows and MinGW compatibility patches submitted by
Gisle Vanem.

o Improved nse_init so that compilation/runtime errors in NSE scripts
no longer cause the script engine to abort. [Patrick]

o Fix a cosmetic bug in --script-trace hex dump output which resulting
in bytes with the highest bit set being prefixed with ffffff. [Sven
Klemm]

o Removed the nselib-bin directory. The last remaining shared NSE
module, bit, has been made static by Patrick. Shared modules were
broken for static builds of Nmap, such as those in the RPMS. We also
had the compilation problems (particularly on OpenBSD) with shared
modules which lead us to make PCRE static a while back. [David]

o Updated rpcinfo NSE script to use the new pack/unpack (binlib)
functions, use the new tab library, include better documentation, and
fix some bugs. [Sven Klemm]

o Add useful details to the error message printed when an NSE script
fails to load (due to syntax error, etc.) [Patrick]

o Fix a bug in the NSE http library which would cause some scripts to
give the error: SCRIPT ENGINE: C:\Program
Files\Nmap\nselib/http.lua:77: attempt to call field 'parse' (a nil
value) [Jah]

o Fixed a Makefile problem (race condition) which could lead to build
failures when launching make in parallel mode (e.g. -j4). [Michal
Januszewski]

o Added new addrow() function to NSE tab library. It allows
developers to add a whole row at once rather than doing a separate
add() call for each column in a row. [Sven Klemm]

o Completion time estimates provided in verbose mode or when you hit a
key during scanning are now more accurate thanks to algorithm
improvements by David.

o Fixed a number of NSE scripts which used print_debug()
incorrectly. See
http://seclists.org/nmap-dev/2008/q3/0470.html. [Sven Klemm].

o [Zenmap] The Ports/Hosts view now provides full version detection
values rather than just a simple summary. [Jurand Nogiec]

o [Zenmap] When you edit the command-entry field, then change the
target selection, Nmap no longer blows away your edits in favor of
using your current profile. [Jurand Nogiec]

o Nsock now returns data from UDP packets individually, preserving the
packet boundary, rather than concatenating the data from multiple
packets into a single buffer. This fixes a problem related to our
reverse-DNS system, which can only handle one DNS packet at a time.
Thanks to Tim Adam of ManageSoft for debugging the problem and
sending the patch. Doug Hoyte helped with testing, and it was
applied by Fyodor.

o [Zenmap] Fixed a crash which would occur when you try to compare two
files, either of which has more than one extraports element. [David]

o Added the undocumented (except here) --nogcc option which disables
global/group congestion control algorithms and so each member of a
scan group of machines is treated separately. This is just an
experimental option for now. [Fyodor]

o [Zenmap] The Ports/Hosts display now has different colors for open
and closed ports. [Vladimir]

o Fixed Zenmap so that it displays all Nmap errors. Previously, only
stdout was redirected into the window, and not stderr. Now they are
both redirected. [Vladimir]

o NSE can now be used in combination with ping scan (e.g. "-sP
--script") so that you can execute host scripts without needing to
perform a port scan. [Kris]

o [NSE] Category names are now case insensitive. [Patrick]

o [NSE] Each thread for a script now gets its own action closure (and
upvalues). See: http://seclists.org/nmap-dev/2008/q2/0549.html
[Patrick]

o [NSE] The script_scan_result structure has been changed to a class,
ScriptResult, which now holds a Script's output in an std::string.
This removes the need to use malloc and free to manage this memory.
A similar change was made to the run_record structure. [Patrick]

o [NSE] Fixed a socket exhaustion deadlock which could prevent a
script scan from ever finishing. Now, rather than limit the total
number of sockets which can be open, we limit the number of scripts
which can have sockets open at once. And once a script has one
socket opened, it is permitted to open as many more as it
needs. [Patrick]

o A hashing library (code from OpenSSL) was added to NSE. hashlib
contains md5 and sha1 routines. [Philip Pickering]

o Fixed host discovery probe matching when looking at the returned TCP
data in an ICMP error message. This could formerly lead to
incorrectly discarded responses and the debugging error message:
"Bogus trynum or sequence number in ICMP error message" [Kris]

o Fixed a segmentation fault in Nsock which occurred when calling
nsock_write() with a data length of -1 (which means the data is a
NUL-terminated string and Nsock should take the length itself) and
the Nsock trace level was at least 2. [Kris]

o The NSE Comm library now defaults to trying to read as many bytes as
are available rather than lines if neither the "bytes" nor "lines"
options are given. Thanks to Brandon for reporting a problem which
he noticed in the dns-test-open-recursion script. [Kris]

o Updated zoneTrans.nse to replace length bytes in returned domain
names to periods itself rather than relying on NSE's old behavior of
replacing non-printable characters with periods. Thanks to Rob
Nicholls for reporting the problem. [Kris]

o Some Zenmap crashes have been fixed: trying to "refresh" the output
of a scan loaded from a file, and trying to re-save a file loaded
from the command line in some circumstances. [David]

o [Zenmap] The file selector now remembers what directory it was last
looking at. [David]

o Added an extra layer of validity checking to received packets
(readip_pcap), just to be extra safe. See
http://seclists.org/nmap-dev/2008/q3/0644.html . [Kris]

o Zenmap defaults to showing files matching both *.xml and *.usr in
the file selector. Previously it only showed those matching *.usr.
The new combined format will be XML and .usr will be deprecated.
See http://seclists.org/nmap-dev/2008/q3/0093.html .

o Nmap avoids printing the sending rate in bytes per second during a
TCP connect scan. Because the number of bytes per probe is not
known, it used to print current sending rates: 11248.85 packets / s,
0.00 bytes / s. Now it will print simply print rates like "11248.85
packets / s". [David]

o [Zenmap] Nmap's installation process now include .desktop files
which install menu items for launching Zenmap as a privileged or
non-privileged process on Linux. This will mainly effect people who
install nmap and Zenmap directly from the source code. [Michael]

o Improved performance of IP protocol scan by fixing a bug related to
timing calculations on ICMP probe responses. See r8754 svn log for
full details. [David]

o Nmap --reason output no longer falsely reports a localhost-response
during -PN scans. See
http://seclists.org/nmap-dev/2008/q3/0188.html. [Michael]

o [Zenmap] The higwidgets Python package has moved so it is now a
subpackage of zenmapGUI. This avoids naming conflicts with Umit,
which uses a slightly different version of higwidgets. [David]

o A bug that could cause some host discovery probes to be incorrectly
interpreted as drops was fixed. This occurred only when the IP
protocol ping (-PO) option was combined with other ping
types. [David]

o A new scanflags attribute has been added to XML output, which lists
all user specified --scanflags for the scan. nmap.dtd has been
modified to account for this. [Michael]

o The loading of the nmap-services file has been made much
faster--roughly 9 times faster in common cases. This is important
for the new (much larger) frequency augmented nmap-services
file. [David]

o Added a script (ASN.nse) which uses Team Cymru's DNS interface to
determine the routing AS numbers of scanned IP addresses. They even
set up a special domain just for Nmap queries. The script is still
experimental and non-default. [Jah, Michael]

o [Zenmap] Clicking "Cancel" in a file chooser in the diff interface
no longer causes a crash. [David]

o The shtool build helper script has been updated to version 2.0.8. An
older version of shutil caused installation to fail when the locale
was set to et_EE. Thanks to Michal Januszewski for the bug
report. [David]

o [Zenmap] Removed services.dmp and os_dmp.dmp and all the files that
referred to them. They are not needed with the new search
interface. Also removed an unused search progress bar. And some
broken fingerprint submission code. Yay for de-bloating! [David]

o [Zenmap] Added "%F" to the Exec link in the new Zenmap desktop
file. We expect (hope) that this will allow dragging and dropping
XML files onto the icon. [David]

o [Zenmap] The -o[XGASN] options can now be specified, just as you can
at the console. [Vladimir]

o [Zenmap] You can now shrink the scan window below its default
size thanks to NmapOutputViewer code enhancements. [David]

o [Zenmap] Removed optional use of the Psyco Python optimizer since
Zenmap is not the kind of CPU-bound application which benefits from
Psyco.

o [Zenmap] You can now select more than one host in the "Ports /
Hosts" view by control-clicking them in the column at left.

o [Zenmap] The profile editor now offers the --traceroute option.

o Zenmap now uses Unicode objects pervasively when dealing with Nmap
text output, though the only internationalized text Nmap currently
outputs is the user's time zone. [David]

o Unprintable characters in NSE script output (which really shouldn't
happen anyway) are now printed like \xHH, where HH is the
hexadecimal representation of the character. See
http://seclists.org/nmap-dev/2008/q3/0180.html . [Patrick]

o Nmap sometimes sent packets with incorrect IP checksums,
particularly when sending the UDP probes in OS detection. This has
been fixed. Thanks to Gisle Vanem for reporting and investigating the
bug. [David]

o Fixed the --without-liblua configure option so that it works
again. [David]

o In the interest of forward compatibility, the xmloutputversion
attribute in Nmap XML output is no longer constrained to be a
certain string ("1.02"). The xmloutputversion should be taken as
merely advisory by authors of parsers.

o Zenmap no longer leaves any temporary files lying around. [David]

o Nmap only prints an uptime guess in verbose mode now, because in
some situations it can be very inaccurate. See the discussion at
http://seclists.org/nmap-dev/2008/q3/0392.html. [David]

Enjoy the release!
-Fyodor
_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

New to nmap...

2008-09-03T13:57:14Z

Hello all,

I just discovered nmap and have been trying to get a better grasp of nmap. To be more specific, I am have been looking for specific information but can't seem to find it. Bet yet, maybe if i explain my situation to get clearer responses..

I currently live in a complex which offers inet (meraki.net w/ 5 gb usage per month). I do a lot of p2p, so you can imagine that i kill about 5 gigs per day. I was able to surpass 5 gb per month by chaning computer name and changing macid when they ban me from the inet.

However, it is firewalled, so when i upload, i am limited...so my question is

1. will nmap do anything for me?
2. if so, can someone link me to a forum or pm me a set of step by step direction in order to use open ports?

Thanks
-eastbay80

remote desktop trojan

2008-08-16T01:57:36Z

Hi all ,

I want to know about the windows remote desktop trojan ( remote machine is windows 2003 server ) is there any remote desktop trojan tool which allows
me to remotely access the desktop of remote machine

am new bie in this field

Nmap 4.68 release

2008-07-31T23:06:28Z

Hi All. I'm happy to report that there have been several stable Nmap
releases since I mailed you about Nmap 4.60 in March. The latest
version is 4.68, and I think you'll like it (unless you still use
Win2K, which can be problematic due to IPv6 issues that we hope to
resolve in the next release). Before I give you the full list of 125
improvements, I'll start with a few highlights:

o Added a new --min-rate option that allows specifying a minimum rate
at which to send packets. This allows you to override Nmap's
congestion control algorithms and request that Nmap try to keep at
least the rate you specify. The rate is given in packets per
second. Read more in the Nmap man page
(http://nmap.org/book/man-performance.html). If you use the latest
version in the Nmap subversion repository, you'll also get a
--max-rate option which lets you
limit Nmap's packet rate (and thus bandwidth used).

o Mac OS X binary packages for Zenmap+Nmap are now available, as I
mentioned in the previous mail.

o The Windows version of Nmap now supports OpenSSL just as the UNIX
versions have for years. Both the .zip and executable installer
binary packages we ship from the Nmap download page now include
OpenSSL.

o We now compile in IPv6 support on Windows. In order to use this,
you need to have IPv6 set up. It is installed by default on Vista,
but must be downloaded from Microsoft for XP. See
http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx . This
feature causes Nmap to no longer work on Windows 2000, but we hope to
fix that in the next release.

o Tons of new version detection signatures and OS detection
fingerprints have been added. Version 4.68 has reached more than
5,000 version detection signatures, and the latest subversion
version of Nmap has more than 1,500 2nd generation OS detection
fingerprints. We were only able to do this because so many of you
submit updates and corrections when Nmap guesses wrong or provides a
fingerprint and URL for submission on our site. Please keep those
submissions coming! We receive far more fingerprint submissions
than correction notices -- please do remember to submit a correction
when Nmap guesses wrong, as described at http://nmap.org/submit/ .

o Nmap now supports 64-bit versions of Windows.

o We added advanced search functionality (and dozens of other
improvements) to the Zenamp GUI. You can now locate previous scans
using criteria such as which ports were open, keywords in the target
names, OS detection results. etc. Try it out with Ctrl-F or
"Tools->Search Scan Results"

o Fixed an integer overflow which prevented a target specification of
"*.*.*.*" from working. Support for the CIDR /0 is now also
available for those times you wish to scan the entire
Internet.

o Made many performance enhancements, and also fixed many errors which
could lead to crashes in Nmap or Zenmap. See the big list below for
details.

You can obtain Nmap 4.68 from the normal location:

http://nmap.org/download.html

Please give it a try! And if you encounter any problems, report them
to nmap-dev as described at http://nmap.org/book/man-bugs.html

I've included the detailed list of changes between 4.60 and 4.68
below. Or you can read it at http://nmap.org/changelog.html . The
URL version also includes the post-4.68 changes which you get if you
use the svn version.

Nmap 4.68 [2008-6-28]

o Doug integrated all of your version detection submissions and
corrections for the year up to May 31. There were more than 1,000
new submissions and 18 corrections. Please keep them coming! And
don't forget that corrections are very important, so do submit them
if you ever catch Nmap making a version detection or OS detection
mistake. The version detection DB has grown to 5,054 signatures
representing 486 service protocols. Protocols span the gamut from
abc, acap, access-remote-pc, activefax, and activemq, to zebedee,
zebra, zenimaging, and zenworks. The most popular protocols are
http (1,672 signatures), telnet (519), ftp (459), smtp (344), and
pop3 (201).

o Nmap compilation on Windows is now done with Visual C++ Express 2008
rather than 2005. Windows compilation instructions have been
updated at http://nmap.org/book/inst-windows.html#inst-win-source .
[Kris]

o The Nmap Windows self-installer now automatically installs the MS
Visual C++ 2008 runtime components if they aren't already installed
on a system. These are some reasonably small DLLs that are
generally necessary for applications compiled with Visual C++ (with
dynamic linking). Many or most systems already have these installed
from other software packages. The lack of these components led to
the error message "The Application failed to initialize properly
(0xc0150002)." with Nmap 4.65. A related change is that Nmap on
Windows is now compiled with /MD rather than /MT so that it
consistently uses these runtime libraries. The patch was created by
Rob Nicholls.

o Added advanced search functionality to Zenmap so that you can locate
previous scans using criteria such as which ports were open,
keywords
in the target names, OS detection results. etc. Try it out with
Ctrl-F or "Tools->Search Scan Results". [Vladimir]

o Nmap's special WinPcap installer now handles 64-bit Windows machines
by installing the proper 64-bit npf.sys. [Rob Nicholls]

o Added a new NSE Comm (common communication) library for common
network discovery tasks such as banner-grabbing (get_banner()) and
making a quick exchange of data (exchange()). 16 scripts were
updated to use this library. [Kris]

o The Nmap Scripting Engine now supports mutexes for gracefully
handling concurrency issues. Mutexes are documented at
http://nmap.org/book/nse-api.html#nse-mutex . [Patrick]

o Added a UDP SNMPv3 probe to version detection, along with 9 vendor
match lines. The patch was from Tom Sellers, who contributed other
probes and match lines to this release as well.

o Added a new timing_level() function to NSE which reports the Nmap
timing level from 0 to 5, as set by the Nmap -T option. The default
is 3. [Thomas Buchanan]

o Update the HTTP library to use the new timing_level functionality to
set connection and response timeouts. An error preventing the new
timing_level feature from working was also fixed. [Jah]

o Optimized the doAnyOutstandingProbes() function to make Nmap a bit
faster and more efficient. This makes a particularly big difference
in cases where --min-rate is being used to specify a very high
packet sending rate. [David]

o Fixed an integer overflow which prevented a target specification of
"*.*.*.*" from working. Support for the CIDR /0 is now also
available for those times you wish to scan the entire
Internet. [Kris]

o The robots.nse script has been improved to print output more
compactly and limit the number of entries of large robots.txt files
based on Nmap verbosity and debugging levels. [Eddie Bell]

o The Nmap NSE scripts have been re-categorized in a more logical
fashion. The new categories are described at
http://nmap.org/book/nse-usage.html#nse-categories . [Kris]

o Improve AIX support by linking against -lodm and -lcfg on that
platform. [David]

o Updated showHTMLTitle NSE script to follow one HTTP redirect if
necessary as long as it is on the same server. [Jah]

o Michael Pattrick and David created a new OSassist application which
streamlines the OS fingerprint submission integration process and
prevents certain previously common errors. OSassist isn't part of
Nmap, but the system was used to integrate some submissions for this
release. 13 fingerprints were added during OSassist testing, and
some existing fingerprints were improved as well. Expect many more
fingerprints coming soon.

o Improved the mapping from dnet device names (like eth0) and WinPcap
names (like \Device\NPF_{28700713...}). You can see this mapping
with --iflist, and the change should make Nmap more likely to work
on Windows machines with unusual networking configurations. [David]

o Service fingerprints in XML output are no longer be truncated to
2kb. [Michael]

o Some laptops report the IP Family as NULL for disabled WiFi cards.
This could lead to a crash with the "sin->sin_family == AF_INET6"
assertion failure. Nmap no longer quits when this is
encountered. [Michael]

o On systems without the GNU getopt_long_only() function, Nmap has its
own replacement. That replacement used to call the system's
getopt() function if it exists. But the AIX and Solaris getopt()
functions proved insufficient/buggy, so Nmap now always calls its
own internal getopt() now from its getopt_long_only()
replacement. [David]

o Integrated several service match lines from Tom Sellers.

o An error was fixed where Zenmap would crash when trying to load from
the recent scans database a file containing non-ASCII
characters. The error looked like
pysqlite2.dbapi2.OperationalError: Could not decode to UTF-8
column
'nmap_xml_output' with text
'<?xml version="1.0" encoding="iso-8859-1"?>
<nmaprun profile="nmap -T Aggressive -n -v %s" scanner="nmap"
hint=""
The error would be seen when such a scan was found in using the
search interface. [David]

o Fix a Zenmap crash which occurred when local.getpreferredencoding()
returns "None". Similarly, deal with the case when a "X-MAC-KOREAN"
is returned by this function. Both problems were found with the
Zenmap crash reporter. [David]

o A whole bunch of internal Zenmap cleanup was done by David to make
the code more logical and remove dead code.

o Install icons and pixmaps under /usr/share/zenmap/{icons,pixmaps} so
they don't get mixed in with the files in
/usr/share/{icons,pixmaps}. [Jurand Nogiec]

o Fixed a Zenmap command entry problem where Zenmap would lose a
custom command you had entered into the command entry field if you
changed the target field after entering the custom command. [Jurand
Nogiec]

o The Zenmap crash reporter now includes a stack trace rather than
just the exception name. [David]

o Zenmap now executes the proper Nmap command by honoring the
nmap_command_path variable in zenmap.conf. [Jurand Nogiec]

o Fixed a bug which caused -PN to erroneously bail out for
unprivileged users. Thanks to Jabra (jabra(a)spl0it.org) for the
report. [Kris]

o Fixed several Nmap NSE memory leaks found with Valgrind. [Kris]

o Migrated some stray malloc()/realloc() calls to the Nbase
safe_malloc()/safe_realloc() versions which guard against certain
errors.

o Fixed a bunch of subtle bugs, some of which could have resulted in
a crash, reported by Ilja van Sprundel. [Kris]

o Fixed several byte-order bugs in Traceroute. [Kris]

o Fixed a crash in RateMeter::update() which could lead to an error
saying "diff >= 0.0" assertion failed. I think the problem was
actually caused by SMP machines which didn't sync the clock time
perfectly. This lead to gettimeofday() sometimes reporting that
time decreased by some microseconds. Now Nmap is willing to
tolerate decreases of up to 1 millisecond in this function. [Fyodor]

o Nmap now returns correct values for --iflist in windows even
if interface aliases have been set. Previously it would misreport
the windevices and not list all interfaces. [Michael]

o Nmap no longer crashes with an 'assert' error when its told to
access a disabled WiFi NIC on some laptops. [Michael]

o Upgraded the OpenSSL shipped for Windows to 0.9.8h. [Kris]

o The NSE http library was updated to gracefully handle certain bogus
(non-)http responses. [Jah]

o The zoneTrans.nse script now takes a "domain" script argument to
specify the desired domain name to transfer. You can narrow the
scope down with the form "zoneTrans={domain=xxx}". [Kris]

o Increase write buffer length for Nmap output on Windows. This should
prevent error messages like: "log_vwrite: vnsprintf failed. Even
after increasing bufferlen to 819200, Vsnprintf returned -1 (logt ==
1)." Thanks to prozente0 for the report. [Fyodor]

o Fixed the --script-updatedb command, which was claiming to be
"Aborting database update" even when the update was performed
perfectly. See http://seclists.org/nmap-dev/2008/q2/0623.html .
Thanks to Jah for the report.

Nmap 4.65 [2008-6-1]

o A Mac OS X Nmap/Zenmap installer is now available from the Nmap
download page! It is rather straightforward, but detailed
instructions are available anyway at
http://nmap.org/book/inst-macosx.html . As a universal installer,
it works on both Intel and PPC Macs. It is distributed as a disk
image file (.dmg) containing an mpkg package. The installed Nmap
does include OpenSSL support. It also supports Authorization
Services so that Zenmap can run as root. David created this
installer. He wants to thank Benson Kalahar and Vlad Alexa for
extensive testing of the nine test releases.

o The Windows version of Nmap now supports OpenSSL just as the UNIX
versions have for years. Both the .zip and executable installer
binary packages we ship from the Nmap download page now include
OpenSSL. [Kris, Thomas Buchanan]

o We now compile in IPv6 support on Windows. In order to use this,
you need to have IPv6 set up. It is installed by default on Vista,
but must be downloaded from Microsoft for XP. See
http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx . [Kris]

o Seven Google-sponsored Summer of Code students began working on
exciting Nmap projects full times. The winning students and their
Nmap development projects are described at
http://seclists.org/nmap-dev/2008/q2/0132.html .

o Our WinPcap installer now starts the NPF driver running as a
service immediately upon installation and after restarts. You can
disable this with new check-boxes. This behavior is important for
Vista and Windows Server 2008 machines when User Account
Control (UAC) is enabled. [Rob Nicholls]

o Nmap and Nmap-WinPcap silent installation now works. Nmap can
be silently installed with the /S option to the installer.
If you install Nmap from the zip file, you can install just
WinPcap silently with the /S option to that
installer. [Rob Nicholls]

o Our WinPcap installer is now included with the Nmap Win32 zip
file. [Fyodor]

o Numerous miscellaneous improvements were made to our Win32
installer, such as using the "Modern" NSIS UI for WinPcap,
improving the option description labels, and showing a finish
page in all cases. [Rob Nicholls]

o The nmap-dev and nmap-hackers mailing list RSS feeds at seclists.org
now include message excerpts to make it easier to identify
interesting messages and speed the process of reading through the
list. Feeds for all other mailing lists archived at SecLists.Org
have been similarly augmented. For details, see
http://seclists.org/nmap-dev/2008/q2/0333.html . [David]

o A new "default" Nmap Scripting Engine category was added. Only
scripts in this category now run by default (except for "version"
scripts which run when version detection was requested).
Previously, any scripts in the "safe" or "intrusive" categories were
run. 21 being recorded properly when scanning certain printers
from
little-endian computers. Updated nmap-os-db to compensate for
signatures that had an incorrect U1.RID value. [Michael]

o Updated to include the latest MAC Address prefixes from the IEEE in
nmap-mac-prefixes [Fyodor]

o Updated the SMTPcommands NSE script to work better against Postfix
and reduce verbosity. [Jason DePriest, Fyodor]

o Reorganized the way ping probes are handled internally. Rather than
being stored in the NmapOps structure, they are now stored within
the individual scan_lists structures. This is a cleaner
organization. [Michael]

o Fix grepable output's "Ignored State" reporting. Only one ignored
state (the one with the highest numbers of ports) is shown. [David]

o Update to Lua version 5.1.3 [Patrick]

o Add NSE stdnse library to include tobinary, tooctal, and tohex
functions. [Patrick]

o Fixed a bug which caused the Zenmap crash reporter to, uh,
crash. [David]

o NSE engine was cleaned up significantly. nse_auxiliar was removed,
and file system manipulation functions were moved from nse_init.cc
into a new nse_fs.cc file. Numerous interfaces between Nmap and Lua
were improved. Most of these functions are now callable directly by
Lua. [Patrick]

o Fixed a bug in the showOwner NSE script which caused it to try UDP
ports instead of just TCP ports. This made it very slow in the
common case where there are many UDP ports in the open|filtered
state. Thanks to Jason DePriest for reporting the problem and Jah
for tracking it down and fixing it.

o Nbase now generates pseudo-random numbers itself rather than using
/dev/urandom on Linux and the terrible rand() function on Windows.
The new system uses ARC4 based on libdnet's
implementation. [Brandon]

o Made a number of updates and improvements to the Zenmap Users' Guide
at http://nmap.org/book/zenmap.html . [David]

o Fixed the way Zenmap handles command-line entry to prevent your
custom command-line to be overwritten with the current profile's
command just because you edited the target field. [Jurand]

o Nsock was improved to better support reading from non-network
descriptors such as stdin. This is important for the upcoming Ncat
project Mixter is working on. [Mixter]

o A bug was fixed that could cause Zenmap to crash when loading a
results file that had multibyte characters in it. The error looked
like:
Gtk-ERROR **: file gtktextsegment.c: line 196
(_gtk_char_segment_new): assertion failed:
(gtk_text_byte_begins_utf8_char (text))
[David]

o Removed a superfluous test for the existence of the C++ compiler in
the configure script. The test was not robust when configured with
CXX="ccache g++". Thanks to Rainer Müller for the report.

o Optimized cached DNS lookups so they are equally efficient when
running on big-endian or little-endian systems. [Michael]

o Fixed the nmap_command_path Zenmap configuration variable so that it
is actually used to start the specified Nmap executable
path. [Jurand Nogiec]

o Nmap now reports scan start and end times for individual hosts
within a larger scan. The information is added to the XML host
element like so: [host starttime="1198292349" endtime="1198292370"]
(but of course with angle brackets rather than square ones). It is
also printed in normal output if -d or "-v -v" are
specified. [Brandon, Kris, Fyodor]

o "make uninstaltion returns. [Michael]

o Nmap now understands the RFC 4007 percent syntax for IPv6 Zone IDs.
On Windows, this ID has to be a numeric index. On Linux and some
other OS's, this ID can instead be an interface name. Some examples
of this syntax:
fe80::20f:b0ff:fec6:15af%2
fe80::20f:b0ff:fec6:15af%eth0
[Kris]

o The Zenmap installer and uninstaller are more careful about escaping
filenames and dealing with an installation root (DESTDIR). [David]

o Since assert() calls are used for various security-related tests,
their safety is now ensured by keeping NDEBUG undefined throughout
Nmap, Nbase and Nsock. [Kris]

o Fix a couple bugs in the way the Nmap build system checked for an
existing LUA library. A bashism caused one test to fail on system
which don't use bash as /bin/sh, and another bug fixed --with-liblua
configure option for specifying your own liblua. [Daniel
Roethlisberger]

o The NSE nmap.registry.args table is now available, albeit empty,
when --script-args isn't used. Now scripts don't need to check if
it's nil before attempting to index it. [Kris]

o Changed SSLv2-support.nse so that it only enumerates the list of
available ciphers with a verbosity level of at least two or with
debugging enabled. [Kris]

o Replaced kibuvDetection.nse with version detection match lines which
work better than the script. [Kris, Brandon]

o Removed mswindowsShell.nse as there is a version detection NULL
probe match which does the same thing. [Brandon, Fyodor, Kris]

o Updated IANA assignment IP list for random IP (-iR)
generation. [Kris]

Nmap 4.62 [2008-5-3]

o Added a new --min-rate option that allows specifying a minimum rate
at which to send packets. This allows you to override Nmap's
congestion control algorithms and request that Nmap try to keep at
least the rate you specify. The rate is given in packets per
second. Read more in the Nmap man page
(http://nmap.org/book/man-performance.html) [David]

o Create /nmap/macosx directory in SVN with files necessary to build
binary Mac OS X Nmap/Zenmap packages. We are trying to create
binary installer packages which are as useful and easy to use as the
Windows installer. This has involved a lot of work by David. We
aren't quite yet distributing the results on the Nmap download page,
but testing our beta versions is useful. You can find the latest
universal (PPC and Intel) binary test version by looking at David
Fifield's posts at http://seclists.org/nmap-dev/2008/q2/author.html.
You can also read /nmap/macosx/README in svn for more info.

o Nmap 2008 Summer of Code students have began working (though full
time doesn't start until late May). Learn about the winners and
their projects at http://seclists.org/nmap-dev/2008/q2/0132.html .

o Brandon added/modified a whole bunch of version detection signatures
based on systems discovered when scanning UCSD's network.

o Reformat Nmap COPYING file (e.g. remove C comment markers, reduce
line length) during Nmap windows build so that it looks much better
when presented by the Windows executable (NSIS) installer. Thanks
to Jah for the patch, which was modified slightly by Fyodor.

o Added NSE Datafiles library which reads and parses Nmap's nmap-*
data files for scripts. The functions (parse_protocols(),
parse_rpc() and parse_services()) return tables with numbers
(e.g. port numbers) indexing names (e.g. service names). The
rpcinfo.nse script was also updated to use this library. [Kris]

o Fixed a bug in the nbase random number generator (and the way it
interacted with Nmap and MS Windows) which caused duplicates in some
instances. Thanks to Jah for reporting the problem and working with
Brandon Enright, Fyodor and Kris to fix it.

o It turns out that hours contain 60 minutes, not 24. Fixed a scan
status message which was rolling over the hours column
prematurely. [David]

o Added scripting options to Zenmap profile editor and command wizard
to make use of NSE. [David]

o Zenmap now prints an exception message rather than segfaulting when
it can't open a display (such as when trying to connect to an X
server as an unauthorized user). Thanks to Aaron Leininger for the
initial report and Guilherme Polo for suggesting the fix.

o Now ports in the "unfiltered" state can be selected for attention by
NSE scripts. [Kris]

o Nbase random number generation system now avoids having a high-bit
of zero in every other byte on Windows due to Windows having such a
low RAND_MAX. [Jah]

o Added release dates for each Nmap version to this CHANGELOG going
back to Nmap 3.00 (July 31, 2002). Dates are in MM/DD/YY format.
If someone wants to track down dates for the last 22% of the file
(pre-3.00), you are welcome to do so and send a patch. Searching
Google for the version number and site:seclists.org seems to work
well. [Fyodor]

o Nmap RPM builds now use the versions of libdnet, libpcap, libpcre,
and liblua included with Nmap rather than whatever happens to be
installed on the build system. [David]

o Zenmap can now be installed in and run in directories with a space
in the name. [David]

o Fixed an assertion failure ("Target.cc:396: void
Target::stopTimeOutClock(const timeval*): Assertion
'htn.toclock_running == true' failed.")caused when a host had NSE
scripts in multiple runlevels. This also fixes --host-timeout
behavior in NSE. [Kris]

o Reduce the maximum number of socket descriptors which Nmap is
allowed to open concurrently. This resoles a bug which could cause
"Too many open files" error on Mac OS X when not running as
root. [David]

o Canonicalized service names between nmap-service-probes (version
detection DB) and nmap-services (port scanning DB). [Kris]

o Removed the "class" attribute from the tcpsequence element in XML
output. For a long time it had always been "unknown class" because
Nmap doesn't calculate a class anymore. The XML output version has
been increased from 1.01 to 1.02. [David]

o Fixed a bug on Win32 which caused an infinite loop when Nmap
encountered certain broadcast addresses. [Dudi Itzhakov]

o Fix MingW compilation by adding a signal.h include to
main.cc. [Gisle Vanem]

o Fix the test in our build system to determine if liblua is already
available or not. For example, the test needed to link with -lm
since some systems require that. [David].

o Added TIMEVAL_BEFORE and TIMEVAL_AFTER macros to test whether one
timeval is earlier than another while avoiding possible integer
overflows in a naive approach we were using previously. [David]

o Adjusted a bunch of code to avoid compilation warning messages on
some Linux machines. [Andrew J. Bennieston]

o Fixed the NmapArpCache so that it actually works. Previously, Nmap
was always falling back to the system ARP cache. Of course this
raises the question of whether NmapArpCache is needed in the first
place. [Daniel Roethlisberger]

o Fix a Zenmap bug which could cause the error message
"zenmapCore.NmapOptions.OptionNotFound: No option named '' found!"
if you create a new profile without checking any options then try to
edit it. [David]

o Zenmap now shows a more helpful error message when there is an error
in executing Nmap. [David]

o Zenmap now creates the directory ~/.zenmap-etc to store
automatically generated GTK+ and Pango files. They used to go in the
application bundle but that doesn't work on a read-only filesystem
or disk image. This is what Wireshark does (~/.wireshark-etc),
although the directory could be called anything. It doesn't have to
persist across sessions.

o Added a mechanism in Zenmap for including extra executable search
paths on specific platforms, so we can include /usr/local/bin in
PATH on Mac OS X by default and add the Nmap install directory on
Windows. [David]

o We now use --no-strip when building Zenmap Mac OS X packages to
prevent many mysterious warnings which occur when the binary is
stripped. [David]

o When Zenmap invokes Nmap, it now copies the whole environment for
the Nmap invocation rather than just providing $PATH. Windows may
need this to do proper name resolution. [David]

o Corrected uptime parsing and reporting in SNMPsysdesr.nse for an
uptime of less than 46 hours. [Kris]

o Modified the use of CXXFLAGS, CFLAGS, and CPPFLAGS in Nmap build
system to work better when building Mac OS X universal
binaries. [David]

o Added many additional PCRE option flags to the list returned by the
NSE pcre.flags() function. [Kris]

o Changed the NSE function nmap.set_port_state() so that it checks to
see if the requested port is already in the requested state. This
prevents "Duplicate port" messages during the script scan and the
inaccurate "script-set" state reason. [Kris]

o Canonicalize NSE script license text--more than half did not even
spell license correctly. They all still say that they are under
Nmap's license, just with consistent capitalization and spelling,
and now a link to Nmap legal page at
http://nmap.org/man/man-legal.html.

o Updated ripeQuery.nse to not print extraneous whitespace. [Kris]

o Switched telnet brute force password cracking NSE (bruteTelnet.nse)
to vulnerability category so it isn't executed by default. It can
take too long to run. [Eddie]

o NSE status messages now print host name and IP, rather than just the
host name (which was blank when Nmap didn't know it). [Jah]

o Allocate 128 characters for the idle scan ScanProgressMeter
title. Previously it was 32 characters. The "idle scan against " and
the \0 terminator take up 19 characters, leaving only 13, which
isn't enough to represent all IP addresses, let alone host
names. Bug reported by Stephan Fijneman, fixed by David.

Enjoy the release!
-Fyodor

_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

Lots of Nmap News

2008-07-31T14:45:38Z

Hi All. I feel derelict for failing to post any Nmap news to this
nmap-hackers list in the last four months, but you can rest assured
that we've been busy on the project! For example, there have been
1,181 posts on the nmap-dev list (not all from me) since my March
nmap-hackers announcements. So you can always join that if you want a
constant flood of Nmap news :). There have also been several stable
Nmap releases since that time, great news on the Nmap book project,
web site improvements, Google SoC success stories, and much more!

In this mail, I describe the most important general Nmap and
Insecure.Org news, while the next email will introduce Nmap 4.68 and
125 of its most important enhancements since March.

==Black Hat and Defcon Presentations==

I will be speaking next week in Las Vegas at the Black Hat Briefings
in the first speaking slot (10AM Wednesday the 6th) and then at Defcon
on Friday the 8th (4PM). My talk discusses the results of large-scale
Internet scans I've been conducting, and demonstrates how you can use
the empirical data to make your scans (over the Internet or even
internal) more efficient. I also plan to show off new and
poorly-understand features which can help you bypass firewall
restrictions, reduce scan times, and gather more information about
remote hosts.

Preparing for this presentation required scanning millions of hosts
and got me into minor trouble with my ISP and also with the
U.S. Department of Defense Joint Task Force for Global Network
Operations. Apparently they don't like people scanning their
sensitive military installations. But if they are so sensitive, maybe
they shouldn't be on the Internet in the first place. Anyway, when
you see the new Nmap features this data enables, I hope you'll agree
that it was worth ruffling some feathers :).

==Nmap Network Scanning book==

Most of you know that I've been working for years on a comprehensive
guide to Nmap and network/security scanning. I'm happy to report that
the book is almost done! Here is the marketing blurb:

"From port scanning basics for novices to the type of packet
crafting used by advanced hackers, this book suits all levels of
security and networking professionals. Rather than simply document
what every Nmap option does, Nmap Network Scanning demonstrates how
these features can be applied to solve real world tasks such as
penetration testing, taking network inventory, detecting rogue
wireless access points or open proxies, quashing network worm and
virus outbreaks, and much more. Examples and diagrams show actual
communication on the wire. This book is essential for anyone who
needs to get the most out of Nmap, particularly security auditors
and systems or network administrators."

I plan to do the official release in mid/late September, but I've
printed up 75 pre-release copies each for Black Hat and Defcon. The
Black Hat copies will be available at the Black Hat Bookstore starting
on Tuesday evening or Wednesday morning. At Defcon the books will be
sold by Bill Pollock at his No Starch Press table in the vendor area
(starting at 10AM Friday). I'm planning to do a signing right after
my Black Hat talk in the bookstore, and right after my Defcon talk in
either the QA room or the No Starch booth. But the trick to get a
book before they sell out will probably be to pick it up _before_ my
talks, and then you can bring the copy to the signing. More than
7,000 people are expected at Defcon, so 75 books may not last long.

You can find a lot more about the book online:

Description and pictures: http://nmap.org/book/

Defcon pre-release table of contents: http://nmap.org/book/toc.pdf

Acknowledging the dozens of people who helped make this happen:
http://nmap.org/book/acknowledgements.html

If you'd like to see a sample chapter, you have plenty to choose from!
About half of the book is already online at:
http://nmap.org/book/toc.html

==Mac OS X Nmap/Zenmap Installer==

A native Mac OS X installer for Nmap and the Zenmap GUI is now
available from the Nmap download page (http://nmap.org/download.html).
We plan to create these for each new release now, just as we do with
the Linux RPMs and the Windows installer. Installation is
straightforward, but detailed instructions are available anyway at
http://nmap.org/book/inst-macosx.html . As a universal installer, it
works on both Intel and PPC Macs. It is distributed as a disk image
file (.dmg) containing an mpkg package. OpenSSL is supported, and it
also supports Authorization Services so that Zenmap can run as root.
Thanks to David Fifield for all his hard work in creating this!

==Mailing list RSS Feed Improvements==

The nmap-dev and nmap-hackers mailing list RSS feeds at SecLists.Org
now include message excerpts to make it easier to identify interesting
messages and speed the process of reading through the list. Feeds for
Bugtraq, Full Disclosure, Security Basics, Pen-Test, and all other
mailing lists archived at http://seclists.org have been similarly
augmented. For details, see
http://seclists.org/nmap-dev/2008/q2/0333.html .

==Google Summer of Code==

Seven Google-sponsored Summer of Code students are spending the summer
working full time on exciting Nmap projects. The winning students and
their Nmap development projects are showcased at
http://seclists.org/nmap-dev/2008/q2/0132.html . All of them have
already written code which has been integrated into Nmap, and they
still have several weeks of work left.

==Nmap's 7th Movie==

To end on a fun note, Nmap recently appeared in its seventh movie--the
acclaimed Thai thriller "13: Game of Death". This movie follows the
story of a man given the chance to complete 13 challenges to win $100
million. Successive challenges become increasingly intense, dangerous,
and illegal. What would you do for $100 million?

I posted a video clip and screenshots yesterday to the Nmap movies
page:

http://nmap.org/movies.html

==New Nmap Releases==

Nmap has so many new features and improvements that they deserve their
own email. I'll send it shortly!

I look forward to seeing many of you next week at Black Hat and
Defcon!

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

Re: Probelm running Nmap

2008-07-22T08:35:47Z

Neminath wrote:

I m new to Nmap and to linux rather
have the following problem running Nmap scanner

nmap -O x.x.x.x

when i run the above command i get the following

Starting Nmap 4.20 ( http://insecure.org ) at 2008-07-06 11:46 IST
mass_dns: warning: Unable to open /etc/resolv.conf. Try using --system-dns or specify valid servers with --dns-servers
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.171 seconds

whats this message is all about how do i resolve it .

Regards
Neminath

target host could be behind a firewall, try option -PO to confirm it

Probelm running Nmap

2008-07-05T23:33:09Z

I m new to Nmap and to linux rather
have the following problem running Nmap scanner

nmap -O x.x.x.x

when i run the above command i get the following

Starting Nmap 4.20 ( http://insecure.org ) at 2008-07-06 11:46 IST
mass_dns: warning: Unable to open /etc/resolv.conf. Try using --system-dns or specify valid servers with --dns-servers
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.171 seconds

whats this message is all about how do i resolve it .

Regards
Neminath

lf: computer virus

2008-06-30T22:03:57Z

anyone who has nice computer virus that i can use? work in a bank would like give goodbye gift to stupid management. work under techsup department. can save file in best places.

Port scan from two machine

2008-06-10T22:32:19Z

Hi everybody, m looking forward if somebody can answer my two queries
1>
if i scan my own computer from nmap (ofcourse not possible in windows) , will i get the ports from lo or local loopback also or just the ports from my ethernet card , the destination i have specified is the ip address of the computer itself.

2>
same way if i try to scan the same computer from other computer on network, i am getting different results,
Details
m/c 1: CentOS
m/c 2: Backtrack Live iso

wen i scanned for the centOS, from both, itself & Backtrack, i m getting different results,
while backtrack is showing port 38292(landesk) open, CentOS is showing much more ports
22
111
627
5555
5900
11111
16851

Both machines are on different subnets with inter subnet ping blocked, but i dont think so that should create a problem, as i m doing a syn scan on both.

Plz tell me what is the problem, Thanks in advance.

i need a helping hand ....contact me

2008-05-17T16:20:58Z

hello,i need someone to teach me how to host and how to hack a website,i have so much dollars to spend on these project,contact me on messenger on yahoo...these is my id ...punpinman@yahoo.com

R&D Information

2008-05-06T03:40:27Z

does anyone know of a good site to seek security professionals to help develop new security products ?

Re: Problem to scan

2008-04-22T12:37:23Z

Are you sure your using eth4 as your adaptor?

fullmax wrote:

Hi,
I have a problem while it's either a host or an iP adress.
I executed the following command : nmap Ip_Adress or host.
It doesn't work, after executign command there is written :

Copyright (c) 2006 Microsoft Corporation. All rigths reserved.

nmap 192.168.0.137

Starting Nmap 4.60 ( http://insecure.org ) at 2008-03-26 23:36 Paris, Madrid
dnet: Failed to open device eth4
QUITTING!

C:\>

Could somebody help me or exlain me what's the problem.
Thanks

Problem to scan

2008-03-26T15:39:12Z

Hi,
I have a problem while it's either a host or an iP adress.
I executed the following command : nmap Ip_Adress or host.
It doesn't work, after executign command there is written :

Copyright (c) 2006 Microsoft Corporation. All rigths reserved.

nmap 192.168.0.137

Starting Nmap 4.60 ( http://insecure.org ) at 2008-03-26 23:36 Paris, Madrid
dnet: Failed to open device eth4
QUITTING!

C:\>

Could somebody help me or exlain me what's the problem.
Thanks

Nmap accepting applications for Summer of Code developers

2008-03-24T21:04:25Z

It may have taken me four months to send this year's first
nmap-hackers mail, but the second only took me four hours. I want to
let you all know that Nmap has been accepted for the fourth year
running to participate in the Google Summer of Code program. This
generous and innovative program provides $4,500 stipends to hundreds
of university students to create or enhance open source software.
Applications are only accepted for one week, until Monday, March 31.

If you are a college student in any country, I'd strongly encourage
you to apply for Nmap SoC. There aren't many opportunities available
to get paid to work on free software of your choice, and this is one
of them. The last three years have been great! Even if you aren't a
student, perhaps you have a talented friend or relative who might be
interested. This program is a great benefit to Nmap, and the benefit
is proportional to the quality of applicants we get. So please spread
the word! Some SoC students have turned into long-term Nmap
developers and are still writing great new code. Several have become
SoC mentors to guide new Nmap SoC students.

Summer of code successes in recent years have lead to the 2nd
Generation OS detection system, the Zenmap GUI, the runtime
interaction feature which tells you how soon your scan is likely to
finish, and much more. Here are more Nmap SoC success stories:

2007: http://seclists.org/nmap-dev/2007/q4/0024.html
2006: http://seclists.org/nmap-dev/2007/q1/0235.html
2005: http://slashdot.org/comments.pl?sid=183143&cid=15133184

If you or someone you know are interested, you can send them to the
Nmap 2008 project ideas page at:

http://nmap.org/GoogleGrants.html

And you can learn more about the program in general at:

http://code.google.com/soc/2008/

Since you can apply for more than one project, I'd like to mention
some other security projects which were accepted, along with their
ideas pages:

OSVDB: The Open Source Vulnerability Database:
http://osvdb.org/blog/?p=231

OSSIM: Open Source Security Information Management:
http://www.ossim.net/dokuwiki/doku.php?id=ideas

The Electronic Frontier Foundation/Tor Project:
https://www.torproject.org/volunteer.html.en#Projects

Freenet Project:
http://wiki.freenetproject.org/SummerOfCode2008

So please get those applications in by Monday, or help spread the
word!

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

Nmap 4.60 and new movies page

2008-03-24T13:39:15Z

Hi everyone. This is the first nmap-hackers message of the year, but
we haven't been slacking. The nmap-dev list has more than 500 posts
so far this quarter, and we've made many great improvements to Nmap
during the period.

Nmap-hackers is reserved for the most important Nmap news, but that
won't prevent me from starting out this message with something
frivolous :). I recently learned that Nmap was in not just one, but
two major motion pictures last year! In addition to the known Bourne
Ultimatum appearance, I now have screen shots of Nmap being used in
Die Hard 4: Live Free or Die Hard. I've posted them to the new Nmap
movies page:

http://nmap.org/movies.html

Nmap has become quite the movie star! Who knows where it will show up
in 2008.

The other exciting news I have for you is that Nmap 4.60 has been
released. The changelog (http://nmap.org/changelog.html) notes more
than 60 important changes since 4.50. This includes a new and shorter
URL (nmap.org rather than insecure.org/nmap/), massive OS detection and
version detection signature updates, many new Nmap Scripting Engine
scripts, bug fixes, performance optimization, and more. It is
available now from the download page:

http://nmap.org/download.html

Don't hesitate to let us know on nmap-dev if you find any problems.
Here is the detailed list of changes since 4.50:

4.60

o Nmap has moved. Everything at http://insecure.org/nmap/ can now be
found at http://nmap.org . That should save your fingers from a
little bit of typing. Even though transparent redirectors are in
place for the old URLs, please update your links and bookmarks. And
if you don't have a link to Nmap on your web site, now is a good
time to add one :).

o All of your OS detection fingerprints up until March 10, 2008 have
now been integrated by David. The second generation database has
grown from 1,085 fingerprints representing 421 operating
systems/devices, to 1,304 fingerprints representing 478 systems.
That is an increase of more than 20%. New fingerprints were added
for Mac OS X Tiger, iPod Touch, the La Fonera WAP, FreeBSD 7.0,
Linux 2.6.24, Windows 2008, Vista, OpenBSD 4.2, and of course
hundreds of broadband routers, VoIP phones, printers, some crazy
oscilloscope, etc. We get a ton of new fingerprint submissions, but
not as many corrections. Please remember to visit
http://nmap.org/submit/ if Nmap gives you bad results, whether they
are completely wrong or just a slight mistake (like Nmap says Linux
2.6.20-2.6.23, but you're running 2.6.24). Of course you need to be
certain you know exactly what is running on the target before you do
this.

o All of your service fingerprints and corrections submitted until
January 14, 2008 have now been integrated by Doug. As usual, he has
documented his adventures at http://hcsw.org/blog.pl/33 . More than
a hundred signatures were added, growing the database to 4,645
signatures for 457 services. Corrections are welcome for service
detection too -- visit http://nmap.org/submit/ if you get incorrect results.

o Nmap now saves the target name (if any) specified on the command
line, since this can differ from the reverse DNS results. It can be
particularly important when doing HTTP tests against virtual hosts.
The data can be accessed from target->TargetName() from Nmap proper
and host.targetname from NSE scripts. The NSE HTTP library now uses
this for the Host header. Thanks to Sven Klemm for adding this
useful feature.

o Added NSE HTTP library which allows scripts to easily fetch URLs
with http.get_url() or create more complex requests with
http.request(). There is also an http.get() function which takes
components (hostname, port, and path) rather than a URL. The
HTTPAuth, robots, and showHTMLTitle NSE scripts have been updated to
use this library. Sven Klemm wrote all of this code.

o Fixed an integer overflow in the DNS caching code that caused nmap
to loop infinitely once it had expunging the cache of older
entries. Thanks to David Moore for the report, and Eddie Bell for
the fix.

o Fixed another integer overflow in the DNS caching code which caused
infinite loops. [David]

o Added IPv6 host support to the RPC scan. Attempting this before
(via -sV) caused a segmentation fault. Thanks to Will Cladek for
the report. [Kris]

o Fixed an event handling bug in NSE that could cause execution of
some in-progress scripts to be excessively delayed. [Marek]

o A new NSE table library (tab.lua) allows scripts to deliver better
formatted output. The Zone transfer script (zoneTrans.nse) has been
updated to use this new facility. [Eddie]

o Rewrote HTTPpasswd.nse to use Sven's excellent HTTP library and to
do some much-needed cleaning up. [Kris]

o Added a new MsSQL version detection probe and a bunch of match lines
developed by Tom Sellers.

o Added a new service detection probe and signatures for the memcached
service [Doug]

o Added new service detection probes and signatures for the Beast
Trojan and Firebird RDBMS. [Brandon Enright]

o Fixed a crash in Zenmap which occurred when attempting to edit or
create a new profile based on an existing one when there wasn't one
selected. The error message was:
'NoneType' object has no attribute 'toolbar'
Now a new Profile Editor is opened. Thanks to D1N (d1n@...)
for the report. [Kris]

o Fixed another crash in Zenmap which occurred when exiting the
Profile Editor (while editing an existing profile) by clicking the
"X", then going to edit the same profile again. The error message
was: "No option named '' found!". Now the same window that appears
when clicking Cancel comes up when clicking "X". Thanks to David
for reporting this bug. [Kris]

o Another Zenmap bug was fixed: ports consolidated into "extra ports"
groups are now counted and shown in the "Host Details" tab. The
closed, filtered and scanned port counts in this tab didn't contain
this information before so they were usually very inaccurate. [Kris]

o Another Zenmap bug was fixed: the --scan-delay and --max-scan-delay
buttons ("amount of time between probes") under the Advanced tab in
the Profile Editor were backwards. [Kris]

o Added the UDP Scan (-sU) and IPProto Ping (-PO) to Zenmap's Profile
Editor and Command Wizard. [Kris]

o Reordered the UDP port selection for Traceroute: a closed port is
now chosen before an open one. This is because an open UDP port is
usually due to running version detection (-sV), so a Traceroute
probe wouldn't elicit a response. [Kris]

o Add Famtech Radmin remote control software probe and signatures to
the Nmap version detection DB. [Tom Sellers, Fyodor]

o Add "Conection: Close" header to requests from HTTP NSE scripts so
that they finish faster. [Sven Klemm]

o Update SSLv2-support NSE script to run against more services which
are likely SSL. [Sven Klemm]

o A bunch of service name canonicalization was done in the Nmap
version detection file by Brandon Enright (e.g. capitalizing D-Link
and Netgear consistently).

o Upgraded the shipped LibPCRE from version 7.4 to 7.6. [Kris]

o Updated to latest (as of 3/15) autoconf config.sub/config.guess
files from http://cvs.savannah.gnu.org/viewvc/config/?root=config .

o We now escape newlines, carriage returns, and tabs (\n\r\t) in XML
output. While those are allowed in XML attributes, they get
normalized which can make formatting the output difficult for
applications which parse Nmap XML. [Joao Medeiros, David, Fyodor]

o The Zenmap man page is now installed on Unix when "make install" is
run. This was supposed to work before, but didn't. [Kris]

o Fixed a man page bug related to our DocBook to Nroff translation
software producing incorrect Nroff output. The man page no longer
uses the ".nse" string which was being confused with the Nroff
no-space mode command. [Fyodor]

o Fixed a bug in which some NSE error messages were improperly escaped
so that a message including "c:\nmap" would end up with a newline
between "c:" and "map".

o Updated IANA assignment IP list for random IP (-iR)
generation. [Kris]

o The DocBook XML source code to the Nmap Scripting Engine docs
(http://nmap.org/nse/) is now in SVN under docs/scripting.xml .

4.53

o Impoved Windows executable installer by making uninstall wor. [Rob Nicholls]

o The Nmap Scripting Engine (NSE) now supports run-time interaction
and the Nmap --host-timeout option. [Doug]

o Added nmap.fetchfile() function for scripts so they can easily find
Nmap's nmap-* data files (such as the OS/version detection DBs, port
number mapping, etc.) [Kris]

o Updated rpcinfo.nse to use nmap.fetchfile() to read from nmap-rpc
instead of having a huge table of RPC numbers. This reduced the
script's size by nearly 75%. [Kris]

o Fixed multiple NSE scripts that weren't always properly closing their
sockets. The error message was:
"bad argument #1 to 'close' (nsock expected, got no value)" [Kris]

o Added a new version detection probe for the Trend Micro OfficeScan
product line. [Tom Sellers, Doug]

4.51BETA

o We now have a detailed Zenmap Guide at http://nmap.org/zenmapguide/ .
Thanks to David for writing it.

o Added rpcinfo.nse script, which contacts a listening RPC portmapper
and reports the listening services and port information (like
rpcinfo -p does). The script was written by Sven Klemm. Fyodor
then enhanced the RPC number list with all of the entries from
nmap-rpc.

o Added a new NSE script (MySQLinfo) which prints MySQL server information
such as the protocol and version numbers, status, thread id, capabilities,
and password salt. [Kris]

o Nmap's output options (-oA, -oX, etc.) now support strftime()-like
conversions in the filename. %H, %M, %S, %m, %d, %y, and %Y are
all the same as in strftime(). %T is the same as %H%M%S, %R is the
same as %H%M, and %D is the same as %m%d%y. A % followed by any
other character just yields that character (%% yields a %). This
means that "-oX 'scan-%T-%D.xml'" uses an XML file in the form of
"scan-144840-121307.xml". [Kris]

o Fixed Winpcap installer to install the right version of Packet.dll
on Windows Vista. [Fyodor]

o Fixed our Winpcap installer so that it waits for a Winpcap uninstall
(if needed) to complete before trying to install the new Winpcap.
[Jah]

o Fix a bunch of warning/error messages which contained an extra
newline. [Brandon Enright]

o Fixed an error when attempting to scan localhost as an unprivileged
user on Windows (nmap --unprivileged localhost). The error was:
"Skipping SYN Stealth Scan against localhost (127.0.0.1) because
Windows does not support scanning your own machine (localhost) this
way."
Now connect scan is used instead of SYN scan. [David]

o Fixed a bug that prevented the --resume option from working on
Windows. The error message was:
..\utils.cc(996): CreateFileMapping(), file 'testresume', length 103,
mflags 000 00006: The parameter is incorrect.(87)
[Fixed by David, reported by Rob Nicholls]

o Zenmap's new web page (http://nmap.org/zenmap/) is now shown in the
Zenmap about dialogue.

o On Windows, paths beginning with \ are now considered absolute when
used with the --script option. jah (jah(a)zadkiel.plus.com) suggested
this. [David]

o Zenmap no longer double-spaces its output (by inadvertently
duplicating newlines) when viewing scan results that were saved to a
file. [Joao Medeiros]

o Upgraded the shipped LibPCRE from version 7.2 to 7.4. [Kris]

o Fixed Zenmap crash that occurred when selecting Help from the Compar

Enjoy!
Fyodor

_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org

Using nmap on a firewall

2008-03-17T18:06:35Z

Hi

I have a firewall but I'm not responsable for it.
I tryied nessus it sometimes gave me some information and other time no information, So I tryied nmap to scan it tryied some commands

I got this

nmap -P0 -vv -sA -ff -r -n 195.XX.XX.XX

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-03-17 23:27 WET
Initiating ACK Scan against 195.XX.XX.XX [1680 ports] at 23:27
ACK Scan Timing: About 16.46% done; ETC: 23:30 (0:02:32 remaining)
The ACK Scan took 54.32s to scan 1680 total ports.
Host 195.XX.XX.XX appears to be up ... good.
Interesting ports on 195.XX.XX.XX:
Not shown: 1679 filtered ports
PORT STATE SERVICE
1723/tcp UNfiltered pptp

Nmap finished: 1 IP address (1 host up) scanned in 54.338 seconds

then I did this scan
nmap -P0 -vv -sS -ff -r -n -p 1-65535 195.XX.XX.XX

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-03-18 00:44 WET
Initiating SYN Stealth Scan against 195.XX.XX.XX [65535 ports] at 00:44
SYN Stealth Scan Timing: About 0.42% done; ETC: 02:43 (1:58:12 remaining)
SYN Stealth Scan Timing: About 3.02% done; ETC: 01:17 (0:32:10 remaining)
SYN Stealth Scan Timing: About 5.66% done; ETC: 01:10 (0:25:01 remaining)
SYN Stealth Scan Timing: About 9.37% done; ETC: 01:07 (0:21:18 remaining)
SYN Stealth Scan Timing: About 27.15% done; ETC: 01:04 (0:14:56 remaining)
The SYN Stealth Scan took 1161.75s to scan 65535 total ports.
Host 195.XX.XX.XX appears to be up ... good.
All 65535 scanned ports on 195.XX.XX.XX are filtered

Nmap finished: 1 IP address (1 host up) scanned in 1161.813 seconds
Raw packets sent: 262136 (8.388MB) | Rcvd: 4 (234B)

But I know that there are more ports open

What is the best command to see which ports are open?'

Google Summer of code 2008

2008-03-14T13:07:45Z

hi to all nmappers , Saw Nmap's participation in GSoc 2007.Found that real good and worth indulging in Now that I want to submit a modification in the Nmap modules, i face a communication problem- I access internet from my College's internet LAN, where the access to IRC is blocked. 1. Is there an alternate method to communicate with nmap enthusiasts ? Something like an IRC proxy would help.. 2. What all programming languages / IDEs are required to be comfortable with in order to proceed for the projects. 3. Will the ideas be strictly provided by the core nmap team, or students can also propose their own ideas. thanks -anirudh sharma

nmap won't save with -oN

2008-02-27T18:23:53Z

i can't seem to save with nmap using -oN random.txt I look in my folder and it is not there..... any ideas???

vulnerable host

2008-02-03T21:43:20Z

hello,
i need to inform that i have discovered a very vulnerable linux system with public IP of 203.129.220.203. i have tried many system attcks attempts like ssh,telnet and ftp login etc. and the results have been fruitful.this is also vulnerable to buffer overflow,brute force and other system level attacks.
TRY IT OUT.
as for me i am again going to hack system

need help with /usr/local/bin/nmap

2008-02-01T10:47:59Z

hey guys, i'm kinda a n00b at this kinda stuff, i've just installed nmap 4.53 on OS X tiger(10.4.11) with terminal, and it works, as in if i enter /usr/local/bin/nmap, nmap will run, but why can't i just enter nmap? is there anyway i can bind /usr/local/bin/nmap to if i just type nmap? please tell me full instructions as i kinda suck at using CLi