nmap 3.50 released
Results 1 to 10 of 10

Thread: nmap 3.50 released

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    nmap 3.50 released

    Hey everyone,

    Most of you are probably on the mailing list, so you would have recieved notice of this, but anyways.... nmap 3.50 has been released.

    I don't know what changes have been made to the Windows binary. However I'm at work right now, so I only have immediate access to XP, and I've had issues getting previous version of nmap to run on this machine, however I've downloaded this one and started scanning and I have no problems. So for those of you who have had problems with the windows version, this may be the answer you've been looking for.

    It's available from http://www.insecure.org/nmap/nmap_download.html

    Here's the except from Fyodor's email.


    o Integrated a ton of service fingerprints, increasing the number of
    signatures more than 50%. It has now exceeded 1,000 for the first
    time, and represents 180 unique service protocols from acap, afp,
    and aim to xml-rpc, zebedee, and zebra.

    o Implemented a huge OS fingerprint update. The number of
    fingerprints has increased more than 13% to 1,121. This is the first
    time it has exceeded 1000. Notable updates include Linux 2.6.0, Mac
    OS X up to 10.3.2 (Panther), OpenBSD 3.4 (normal and pf "scrub all"),
    FreeBSD 5.2, the latest Windows Longhorn warez, and Cisco PIX 6.3.3.
    As usual, there are a ton of new consumer devices from ubiquitous
    D-Link, Linksys, and Netgear broadband routers to a number of new IP
    phones including the Cisco devices commonly used by Vonage. Linksys
    has apparently gone special-purpose with some of their devices, such
    as their WGA54G "Wireless Game Adapter" and WPS54GU2 wireless print
    server. A cute little MP3 player called the Rio Karma was submitted
    multiple times and I also received and integrated fingerprints for the
    Handspring Treo 600 (PalmOS).

    o Applied some man page fixes from Eric S. Raymond
    (esr(a)snark.thyrsus.com).

    o Added version scan information to grepable output between the last
    two '/' delimiters (that space was previously unused). So the format
    is now "portnum/state/protocol/owner/servicename/rpcinfo/versioninfo"
    as in "53/open/tcp//domain//ISC Bind 9.2.1/" and
    "22/open/tcp//ssh//OpenSSH 3.5p1 (protocol 1.99)/". Thanks to
    MadHat (madhat(a)unspecific.com) for sending a patch (although I did
    it differently). Note that any '/' characters in the
    version (or owner) field are replaced with '|' to keep awk/cut
    parsing simple. The service name field has been updated so that it
    is the same as in normal output (except for the same sort of
    escaping discussed above).

    o Integrated an Oracle TNS service probe and match lines contributed
    by Frank Berger (fm.berger(a)gmx.de). New probe contributions are
    always appreciated!

    o Fixed a crash that could happen during SSL version detection due to
    SSL session ID cache reference counting issues.

    o Applied patch from Rob Foehl (rwf(a)loonybin.net) which fixes the
    --with_openssl=DIR configure argument.

    o Applied patch to nmap XML dtd (nmap.dtd) from Mario Manno
    (mm(a)koeln.ccc.de). This accounts for the new version scanning
    functionality.

    o Updated the Windows build system so that you don't have to manually
    copy nmap-service-probes to the output directory. I also updated
    the README-WIN32 to elaborate further on the build process.

    o Added configure option --with-libpcre=included which causes Nmap to
    build with its included version of libpcre even if an acceptable
    version is available on the system.

    o Upgraded to Autoconf 2.59 (from 2.57). This should help HP-UX
    compilation problems reported by Petter Reinholdtsen
    (pere(a)hungry.com) and may have other benefits as well.

    o Applied patch from Przemek Galczewski (sako(a)avet.com.pl) which
    adds spaces to the XML output in places tha apparently help certain
    older XML parsers.

    o Made Ident-scan (-I) limits on the length and type of responses
    stricter so that rogue servers can't flood your screen with 1024
    characters. The new length limit is 32. Thanks to Tom Rune Flo
    (tom(a)x86.no) for the suggestion and a patch.

    o Fingerprints for unrecognized services can now be a bit longer to
    avoid truncating as much useful response information. While the
    fingerprints can be longer now, I hope they will be less frequent
    because of all the newly recognized services in this version.

    o The nmap-service-probes "match" directive can now take a service
    name like "ssl/vmware-auth". The service will then be reported as
    vmware-auth (or whatever follows "ssl/") tunneled by SSL, yet Nmap
    won't actually bother initiating an SSL connection. This is useful
    for SSL services which can be fully recognized without the overhead
    of making an SSL connection.

    o Version scan now chops commas and whitespace from the end of
    vendorproductname, version, and info fields. This makes it easier to
    write templates incorporating lists. For example, the tcpmux service
    (TCP port 1) gives a list of supported services separated by CRLF.
    Nmap uses this new feature to print them comma separated without
    having an annoying trailing comma as so (linewrapped):
    match tcpmux m|^(sgi_[-.\w]+\r\n([-.\w]+\r\n)*)$|
    v/SGI IRIX tcpmux//Available services: $SUBST(1, "\r\n", ",")/

    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I was playing with this today and there is an interesting twist/problem/bug: I cannot do an nmap locally. That is, doing nmap localhost generates an error, which says basically that it cannot figure out what interface to route out on (I'm not at work where I have 3.50 installed and won't have time this evening to install here -- I'll post the exact error -- if someone else doesn't -- tomorrow morning). What I found odd was that it has no problem doing a scan on an external host.

    Bizarre.

    Otherwise, Kudos to Fyodor again!
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hrm.. Seems you're onto something MsM. I just attempted to scan localhost and it returned this:

    Code:
    C:\Documents and Settings\Administrator\Desktop\nmap-3.50>nmap -sS localhost
    
    Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-01-21 19:40 Eastern
    Standard Time
    rawrecv_open: SIO_RCVALL failed (10022) on device loopback0
    
    QUITTING!
    I wonder if this is a bug in nmap or pcap. Were you playing with it on Windows or Linux MsM?
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Junior Member
    Join Date
    Nov 2003
    Posts
    15
    I found this in README-WIN32 under 'known issues' in the Windows tarball:

    == You cannot scan yourself (localhost). This is a Windows/WinPcap
    limitation which we haven't yet found a way to workaround.
    \"Any sufficiently advanced technology is indistinguishable from magic.\" - Arthur C. Clarke

  5. #5
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Gulducat beat me to it. NMap for Windows cannot scan lo. However eth0 can be scanned. So all you should have to do is type nmap <local ip address> and the scan works. However, nmap localhost or nmap 127.0.0.1 doesn't.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    cgkanchi, well, see that's what I thought at first but I got the same response for an nmap <local machine address> as I did for localhost and 127.0.0.1. So there is something more to it than that.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Hrm... I have nmap 3.0.0 and nmap 90.0.0.245 works but nmap localhost gives me :
    Starting nmap V. 3.00 ( www.insecure.org/nmap )
    rawrecv_open: SIO_RCVALL failed (10022) on device loopback0

    QUITTING!

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Well here's where I find it weird. Under nmap 3.48, scanning locally works:

    Interesting ports on localhost (127.0.0.1):
    (The 1654 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    22/tcp open ssh
    111/tcp open rpcbind
    6000/tcp open X11
    Weird. I was going to pull up the error I got from the work machine and *pffft* it works fine. This leads me to believe that it's something specific that Red Hat did with their kernels versus what slackware has done with their kernels. The slackware machine can scan locally (see below) while the Red Hat one can't (see post in 3 hours).

    root@MsMittens:~# nmap localhost

    Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-01-22 05:14 EST
    Interesting ports on localhost (127.0.0.1):
    (The 1656 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    22/tcp open ssh
    111/tcp open rpcbind
    6000/tcp open X11

    Nmap run completed -- 1 IP address (1 host up) scanned in 1.754 seconds
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    There is no way in hell that nmap should fail on localhost with Linux. That problem is a WinPCap problem and unique to the Win32 version of nmap.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Oh, I agree. And it seems to work today. Dammit. Sigh... perhaps all I needed was a reboot?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •