Recent Releases
7.9525 Apr 2024 06:25
minor bugfix:
o Windows Upgraded Npcap (our Windows raw packet capturing and
Transmission driver) from version 1.75 to the latest version 1.79. It
Includes many performance improvements, and feature
Enhancements described at https://npcap.com/changelog.
o Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added
336 fingerprints, bringing the new total to 6036. Additions include iOS 15
16, macOS Ventura Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2.
o Integrated over 2500 service/version detection fingerprints submitted since
June 2020. The signature count went up 1.4 to 12089, including 9 new.
Softmatches. We now detect 1246 protocols, including new additions of grpc,
Mysqlx, essnet, remotemouse, and tuya.
o NSE Four new scripts from the DINA community (https://github.com/DINA-community).
For querying industrial control systems:
Hartip-info reads device information from devices using the Highway
Addressable Remote Transducer protocol.
Iec61850-mms queries devices using Manufacturing Message Specification.
Requests. Dennis Rösch, Max Helbig
Multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All.
Message and prints the responses. Stefan Eiwanger, DINA-community
Profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the
PNIO-CM service.
o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1.
Libssh2 1.11.0, liblinear 2.47
o Upgraded OpenSSL binaries (for the Windows builds and for
RPMs) to version 3.0.13. CVEs resolved in this update include only 2.
Moderate-severity which we do not believe affect Nmap:
CVE-2023-5363 and CVE-2023-2650.
o Zenmap Ndiff Zenmap and Ndiff now use setuptools, not distutils for packaging.
o Ncat Ncat UDP server mode to not quit after EOF on stdin. Reported
as Debian : https://.debian.org/cgi-bin/report.cgi?=1039613.
o an where TCP Connect scan (-sT) on Windows would fail to open any.
Sockets, leading to scans that never finish. Daniel Miller
o N
7.9421 May 2023 13:05
minor bugfix:
o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
This effort possible:
Zenmap Updated Zenmap to Python 3 and PyGObject. Jakub Kulík .
+ Ndiff Updated Ndiff to Python 3. Brian Quigley .
+ Additional Python 3 update by Sam James, Daniel Miller. Special thanks
to those who opened Python 3-related and pull requests: Eli
Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
Hasan Aliyev, and others.
o Windows Upgraded Npcap (our Windows raw packet capturing and.
Transmission driver) from version 1.71 to the latest version 1.75. It
Includes dozens of performance improvements, and feature
Enhancements described at https://npcap.com/changelog.
o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M.
(28-bit), and MA-L (36-bit) registrations instead of the byte MAC.
Preused previously for lookups.
o Added partial silent-install support to the Nmap Windows.
Installer. It previously didn't offer silent mode (/S) because the
Free/demo version of Npcap Windoes packet capturing driver that it
Needs and ships with doesn't include a silent installer. Now with
The /S option, Nmap checks whether Npcap is already installed
(either the free version or OEM) and will silently install itself if
so. This is similar to how the Wireshark installer works and is.
Particularly helpful for organizations that want to fully automate
Their Nmap (and Npcap) deployments. See
Https://nmap.org/nmap-silent-install for more details.
o Lots of profile-guided memory and processing improvements for Nmap, including
OS fingerprint matching, probe matching and retransmission lookups for large.
Hostgroups, and service name lookups. Overhauled Nmap's string interning and
Several other startup-related procedures to speed up start times, especially
For scans using OS detection. Daniel Miller
o Integrated many of the most-submitted IPv4 OS fingerprints for recent.
Versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fing
7.9302 Sep 2022 07:25
minor bugfix:
o This release commemorates Nmap's 25th anniversary! It all started with this
September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
o Windows Upgraded Npcap (our Windows raw packet capturing and.
Transmission driver) from version 1.50 to the latest version 1.71. It
Includes dozens of performance improvements, and feature
Enhancements described at https://npcap.com/changelog.
o Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions.
Binaries for this release include OpenSSL 3.0.5.
o Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1.
o a that prevented Nmap from discovering interfaces on Linux.
When no IPv4 addresses were configured. Daniel Miller, nnposter
o NSE NSE "exception handling" with nmap.new_try() will no longer.
Result in a stack traceback in deoutput nor a "ERROR: script execution
Failed" message in script output, since the intended behavior has always been
to end the script immediately without output. Daniel Miller .
o Update the Nmap output DTD to match actual output since the.
`` element was added in Nmap 7.90.
o NSE newtargets support: since Nmap 7.92, scripts could not add.
Targets in script pre-scanning phase. Daniel Miller
o Scripts dhcp-discover and broadcast-dhcp-discover now support.
Setting a client identifier. nnposter
o Script oracle-tns-version was not reporting the version.
Correctly for Oracle 19c or newer linholmes
o Script redis-info was crashing or producing inaccurate.
Information about client connections and/or cluster nodes. nnposter
o Nmap and Nping were unable to obtain system routes on FreeBSD.
benpratt, nnposter .
o Script ipidseq was broken due to calling an unreachable library.
Function. nnposter
o Support for EC crypto was not properly enabled if Nmap.
Was compiled with OpenSSL in a custom location. nnposter
o NSE Improvements to event handling and pcap socket garbage collection.
Ing potential hangs
7.9208 Aug 2021 11:45
minor feature:
o Windows Upgraded Npcap (our Windows raw packet capturing and
Transmission driver) from version 1.00 to the latest version 1.50. You can
Read about the dozens of performance improvements, and feature
Enhancements at https://npcap.org/changelog.
o Windows Thanks to the Npcap 1.50 upgrade, Nmap now works on the Windows
ARM architecture so you can run it on lightweight and power-efficient.
Tablets like the Microsoft Surface Pro X and Samsung Galaxy Book Go. More
ARM devices are on the way along with the upcoming Windows 11 release. See.
The Npcap on ARM announcement at
Https://seclists.org/nmap-announce/2021/2.
o Windows Updated our Windows builds to Visual Studio 2019, Windows 10
SDK, and the UCRT. This prevents Nmap from working on Windows Vista and.
Earlier, but they can still use older versions of Nmap on their ancient
Operating system.
o New Nmap option --unique will prevent Nmap from scanning the same IP.
Address twice, which can happen when different names resolve to the same
Address. Daniel Miller
o NSE TLS 1.3 now supported by most scripts for which it is.
Relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel
Connections and certificate parsing will require OpenSSL 1.1.1 or later to
Fully support TLS 1.3. Daniel Miller
o NSE Added 3 NSE scripts, from 4 authors, bringing the total up to 604!
They are all listed at https://nmap.org/nsedoc/, and the summaries are.
Below:
Nbns-interfaces queries NetBIOS name service (NBNS) to gather
IP addresses of the target's network interfaces Andrey Zhukov .
+ GH#711 openflow-info gathers preferred and supported protocol versions.
From OpenFlow devices Jay Smith, Mak Kolybabi
Port-states prints a list of ports that were found in each state.
Including states that were summarized as "Not shown: X ports"
Daniel Miller .
o Several changes to UDP payloads to improve accuracy:
+ an with -sU where payload data went out-of-scope.
Before it was used, causing corrupted payloads to be
7.9121 Oct 2020 01:45
minor bugfix:
o NSE several places where Lua's os.time was being used
to represent dates prior to January 1, 1970, which fails on Windows. Notably,
NSE refused to run in UTC+X timezones with the error "time result cannot be.
Represented in this installation" Clément Notin, nnposter, Daniel Miller
o Zenmap a crash in the profile editor due to a missing import.
o Nsock Windows Demote the IOCP Nsock engine because of some known.
That will take longer to resolve. The previous default "poll" engine
Will be used instead.
o Nsock Windows a crash in service scan due to a previously-unknown.
Error being returned from the IOCP Nsock engine. Daniel Miller
o NSE MySQL library was not properly parsing server responses.
Resulting in script crashes. nnposter
o Silence the irrelevant warning, "Your ports include 'T:' but you.
Haven't specified any TCP scan type" when running nmap -sUV
7.9005 Oct 2020 06:48
minor feature:
o the "iocp" Nsock engine for Windows to be able to correctly
Handle PCAP read events. This engine is now the default for Windows, which
Should greatly improve performance over the previous default, the "poll"
Engine. Daniel Miller
o Restrict Nmap's search path for scripts and data files.
NMAPDATADIR, defined on Unix and Linux as pre /share/nmap, will not be.
Searched on Windows, where it was previously defined as C: Nmap.
Additionally, the --script option will not interpret names as directory names.
Unless they are followed by a '/'. Daniel Miller
o Removed nmap-update. This program was intended to provide a way to update.
Data files and NSE scripts, but the infrastructure was never fielded. It
Depended on Subversion version control and would have required maintaining
Separate versions of NSE scripts for compatibility.
o Reduced CPU usage of OS scan by 50 by avoiding string copy.
Operations and removing undocumented fingerprint syntax unused in nmap-os-db
(' ' and '+' in expressions). Daniel Miller .
o GH#92 a regression in ARP host discovery left over from the move from.
Massping to ultra_scan in Nmap 4.22SOC8 (2007) that sometimes resulted in
Missing ARP responses from targets near the end of a scan. Accuracy and speed
Are both improved. Daniel Miller
o Addressed over 250 code quality identified by LGTM.com.
Improving our code quality score from "C" to "A+"
o an assertion failure when unsolicited ARP response is received:
Nmap: Target.cc:503: void Target::stopTimeOutClock(const timeval*): Assertion `htn.toclock_running == true' failed.
o Allow multiple UDP payloads to be specified for a port in.
Nmap-payloads. If the first payload does not get a response, the remaining
Payloads are tried round-robin. Paul Miseiko, Rapid7
o 23 new UDP payloads and dozens more default ports for existing.
Payloads developed for Rapid7's InsightVM scan engine. These speed up and
Ensure detection of open UDP services. Paul Miseiko, Rapid7
o Ne
7.8012 Aug 2019 11:25
minor feature:
o Windows The Npcap Windows packet capturing library (https://npcap.org/)
is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap.
From version 0.99-r2 to 0.9982, including all of these changes from the
Last 15 Npcap releases: https://nmap.org/npcap/changelog
o NSE Added 11 NSE scripts, from 8 authors, bringing the total up to 598!
They are all listed at https://nmap.org/nsedoc/, and the summaries are.
Below:
Broadcast-hid-discoveryd discovers HID devices on a LAN by.
Sending a discoveryd network broadcast probe. Brendan Coles
Broadcast-jenkins-discover discovers Jenkins servers on a LAN
by sending a discovery broadcast probe. Brendan Coles .
Http-hp-ilo-info extracts information from HP
Integrated Lights-Out (iLO) servers. rajeevrmenon97 .
Http-sap-netweaver-leak detects SAP Netweaver Portal with the
Knowledge Management Unit enabled with anonymous access. ArphanetX .
Https-redirect detects HTTP servers that redirect to the same port, but.
With HTTPS. Some nginx servers do this, which made ssl- scripts not run
Properly. Daniel Miller
+ lu-enum enumerates Logical Units (LU) of TN3270E servers.
Soldier of Fortran .
Rdp-ntlm-info extracts Windows domain information from RDP.
Services. Tom Sellers
Smb-vuln-webexec checks whether the WebExService is installed and allows.
Code execution. Ron Bowes
Smb-webexec-exploit exploits the WebExService to run arbitrary commands.
With SYSTEM privileges. Ron Bowes
Ubiquiti-discovery extracts information from the Ubiquiti
Discovery service and assists version detection. Tom Sellers .
Vulners queries the Vulners CVE database API using CPE.
Information from Nmap's service and application version detection.
GMedian, Daniel Miller .
o GH#34 Use pcap_create instead of pcap_live_open in
Nmap, and set immediate mode on the pcap descriptor. This solves packet.
Loss problems on Linux and may improve performance on other platforms.
Daniel Cater, Mike Pontillo, Daniel Miller .
7.7021 Mar 2018 20:45
minor feature:
o Windows Updated the bundled Npcap from 0.93 to 0.99-r2, with many
Stability and installation improvements, as well as to
Raw 802.11 frame capture. See https://nmap.org/npcap/changelog
o Integrated all of your service/version detection fingerprints submitted from
March 2017 to August 2017 (728 of them). The signature count went up 1.02
to 11,672, including 26 new softmatches. We now detect 1224 protocols from.
Filenet-pch, lscp, and netassistant to sharp-remote, urbackup, and
Watchguard. We will try to integrate the remaining submissions in the next
Release.
o Integrated all of your IPv4 OS fingerprint submissions from September 2016
to August 2017 (667 of them). Added 298 fingerprints, bringing the new total
to 5,652. Additions include iOS 11, macOS Sierra, Linux 4.14, Android 7, and.
More.
o Integrated all 33 of your IPv6 OS fingerprint submissions from September
2016 to August 2017. New groups for OpenBSD 6.0 and FreeBSD 11.0 were added,
as well as strengthened groups for Linux and OS X.
o Added the --resolve-all option to resolve and scan all IP addresses of a.
Host. This essentially replaces the resolveall NSE script. Daniel Miller
o NSE SECURITY Nmap developer nnposter found a security flaw (directory.
Traversal vulnerability) in the way the non-default http-fetch script
Sanitized URLs. If a user manualy ran this NSE script with against a
Malicious web server, the server could potentially (depending on NSE
Arguments used) cause files to be saved outside the intended destination
Directory. Existing files couldn't be overwritten. We http-fetch,
Audited our other scripts to ensure they didn't make this mistake, and we
Updated the httpspider library API to protect against this by
Default. nnposter, Daniel Miller
o NSE Added 9 NSE scripts, from 8 authors, bringing the total up to 588!
They are all listed at https://nmap.org/nsedoc/, and the summaries are.
Below:
Deluge-rpc-brute performs brute-force credential testing against Deluge
Bit
7.6002 Aug 2017 16:05
minor feature:
o Windows Updated the bundled Npcap from 0.91 to 0.93, ing several with installation and compatibility with the Windows 10 Creators Update.
o NSE GH#910 NSE scripts now have complete SSH support via libssh2.
Including password brute-forcing and running remote commands, thanks to the
Combined efforts of three Summer of Code students: Devin Bjelland, Sergey
Khegay, Evangelos Deirmentzoglou .
o NSE Added 14 NSE scripts from 6 authors, bringing the total up to 579!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
Ftp-syst sends SYST and STAT commands to FTP servers to get system version.
And connection information. Daniel Miller
+ GH#916 http-vuln-cve2017-8917 checks for an SQL injection vulnerability affecting
Joomla! 3.7.x before 3.7.1. Wong Wai Tuck .
Iec-identify probes for the IEC 60870-5-104 SCADA protocol. Aleksandr
Timorin, Daniel Miller .
+ GH#915 openwebnet-discovery retrieves device identifying information and.
Number of connected devices running on openwebnet protocol. Rewanth Cool
Puppet-naivesigning checks for a misconfiguration in the Puppet CA where.
Naive signing is enabled, allowing for any CSR to be automatically signed.
Wong Wai Tuck .
+ GH#943 smb-protocols discovers if a server supports dialects NT LM 0.12.
(SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11. This replaces the old.
Smbv2-enabled script. Paulino Calderon
+ GH#943 smb2-capabilities lists the supported capabilities of SMB2/SMB3.
Servers. Paulino Calderon
+ GH#943 smb2-time determines the current date and boot date of SMB2.
Servers. Paulino Calderon
+ GH#943 smb2-security-mode determines the message signing configuration of
SMB2/SMB3 servers. Paulino Calderon .
+ GH#943 smb2-vuln-uptime attempts to discover missing critical patches in
Microsoft Windows systems based on the SMB2 server uptime. Paulino Calderon .
Ssh-auth-methods lists the authentication methods offered by an SSH server.
Devin Bjelland .
Ssh-b
7.5015 Jun 2017 13:25
minor feature:
o Windows Updated the bundled Npcap from 0.78 to 0.91, with several for WiFi connectivity problems and stability. Daniel Miller, Yang Luo
o Integrated all of your service/version detection fingerprints submitted from
September to March (855 of them). The signature count went up 2.9 to 11,418.
We now detect 1193 protocols from apachemq, bro, and clickhouse to jmon.
Slmp, and zookeeper. Highlights: http://seclists.org/nmap-dev/2017/q2/140
o NSE Added 14 NSE scripts from 12 authors, bringing the total up to 566!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
+ GH#743 broadcast-ospf2-discover discovers OSPF 2 routers and neighbors.
OSPFv2 authentication is supported. Emiliano Ticci .
+ GH#671 cics-info checks IBM TN3270 services for CICS transaction services.
And extracts useful information. Soldier of Fortran
+ GH#671 cics-user-brute does brute-force enumeration of CICS usernames on
IBM TN3270 services. Soldier of Fortran .
+ GH#669 http-cookie-flags checks HTTP session cookies for HTTPOnly and
Secure flags. Steve Benson .
Http-security-headers checks for the HTTP response headers related to.
Security given in OWASP Secure Headers Project, giving a brief description
of the header and its configuration value. Vinamra Bhatia, Ícaro Torres .
+ GH#740 GH#759 http-vuln-cve2017-5638 checks for the RCE in Apache
Struts2. Seth Jackson .
+ GH#876 http-vuln-cve2017-5689 detects a privilege escalation.
Vulnerability (INTEL-SA-00075) in Intel Active Management Technology (AMT)
Capable systems. Andrew Orr
Http-vuln-cve2017-1001000 detects a privilege escalation vulnerability in
Wordpress 4.7.0 and 4.7.1 (CVE-2017-1001000) Vinamra Bhatia .
+ GH#713 impress-remote-discover attempts to pair with the LibreOffice
Impress presentation remote service and extract version info. Pairing is
PIN-protected, and the script can optionally brute-force the PIN. New.
Service probe and match line also added. Jeremy Hi
7.4021 Dec 2016 11:45
major feature:
o Windows Updated the bundled Npcap from 0.10r9 to 0.78r5, with an
Improved installer experience, driver signing updates to work with
Windows 10 build 1607, and for WiFi connectivity.
Problems. Yang Luo, Daniel Miller
o Integrated all of your IPv4 OS fingerprint submissions from April to
September (568 of them). Added 149 fingerprints, bringing the new total to
5,336. Additions include Linux 4.6, macOS 10.12 Sierra, NetBSD 7.0, and more.
Highlights: http://seclists.org/nmap-dev/2016/q4/110 Daniel Miller .
o Integrated all of your service/version detection fingerprints submitted from
April to September (779 of them). The signature count went up 3.1 to 11,095.
We now detect 1161 protocols, from airserv-ng, domaintime, and mep to.
Nutcracker, rhpp, and usher. Highlights: http://seclists.org/nmap-dev/2016/q4/115
Daniel Miller .
o reverse DNS on Windows which was failing with the message "mass_dns:
Warning: Unable to determine any DNS servers." This was because the interface
GUID comparison needed to be case-insensitive. Robert Croteau .
o NSE Added 12 NSE scripts from 4 authors, bringing the total up to 552!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
Cics-enum enumerates CICS transaction IDs, mapping to screens in TN3270.
Services. Soldier of Fortran
Cics-user-enum brute-forces usernames for CICS users on TN3270 services.
Soldier of Fortran .
Fingerprint-strings will print the ASCII strings it finds in the service.
Fingerprints that Nmap shows for unidentified services. Daniel Miller
+ GH#606 ip-geolocation-map-bing renders IP geolocation data as an image.
Via Bing Maps API. Mak Kolybabi
+ GH#606 ip-geolocation-map-google renders IP geolocation data as an image.
Via Google Maps API. Mak Kolybabi
+ GH#606 ip-geolocation-map-kml records IP geolocation data in a KML file.
For import into other mapping software Mak Kolybabi
Nje-pass-brute brute-forces the password to a NJE node, given a valid
7.3122 Oct 2016 21:45
minor bugfix:
o Windows Updated the bundled Npcap from 0.10r2 to 0.10r9, bringing
Increased stability,, and raw 802.11 WiFi capture. Further details on these changes can be found at
Https://github.com/nmap/npcap/releases. Yang Luo
o the way Nmap handles scanning names that resolve to the same IP. Due to.
Changes in 7.30, the IP was only being scanned once, with bogus results
Displayed for the other names. The previous behavior is now restored.
Tudor Emil Coman .
o Nping GH#559 Nping's ability to use Npcap on Windows. A privilege.
Check was performed too late, so the Npcap loading code assumed the user had no
Rights. Yang Luo, Daniel Miller
o GH#350 an assertion failure due to floating point error in equality.
Comparison, which triggered mainly on OpenBSD:
Assertion "diff
7.3001 Oct 2016 06:25
minor feature:
o Integrated all 12 of your IPv6 OS fingerprint submissions from June to
September. No new groups, but several classifications were strengthened.
Especially Windows localhost and OS X. Daniel Miller
o NSE Added 7 NSE scripts, from 3 authors, bringing the total up to 541!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below.
(authors are listed in brackets):
+ GH#369 coap-resources grabs the list of available resources from CoAP.
Endpoints. Mak Kolybabi
Fox-info retrieves detailed version and configuration info from Tridium
Niagara Fox services. Stephen Hilt .
Ipmi-brute performs authentication brute-forcing on IPMI services.
Claudiu Perta .
Ipmi-cipher-zero checks IPMI services for Cipher Zero support, which allows.
Connection without a password. Claudiu Perta
Ipmi-version retrieves protocol version and authentication options from
ASF-RMCP (IPMI) services. Claudiu Perta .
+ GH#352 mqtt-subscribe connects to a MQTT broker, subscribes to topics.
And lists the messages received. Mak Kolybabi
Pcworx-info retrieves PLC model, firmware version, and date from Phoenix
Contact PLCs. Stephen Hilt .
o Upgraded Npcap, our new Windows packet capturing driver/library.
From version to 0.09 to 0.10r2. This includes many, with a
Particular on emphasis on concurrency discovered by running
Hundreds of Nmap instances at a time. More details are available
From https://github.com/nmap/npcap/releases. Yang Luo, Daniel
Miller, Fyodor .
o New service probes and match lines for DTLS, IPMI-RMCP, MQTT, PCWorx,
ProConOS, and Tridium Fox, Stephen Hilt, Mak Kolybabi, Daniel Miller .
o Improved some output filtering to remove or escape carriage returns (' r').
That could allow output spoofing by overwriting portions of the screen. reported by Adam Rutherford. Daniel Miller
o NSE a few bad Lua patterns that could result in denial of service due
to excessive backtracking. Adam Rutherford, Daniel Miller .
o a discrepancy betw
7.1204 Apr 2016 03:15
minor feature:
o Zenmap Avoid file corruption in zenmap.conf, reported as files containing
Many null (" x00") characters. Example exceptions:
TypeError: int() argument must be a string or a number, not 'list'
ValueError: unable to parse colour specification.
o NSE VNC updates including vnc-brute support for TLS security type and.
Negotiating a lower RFB version if the server sends an unknown higher
Version. Daniel Miller
o NSE Added STARTTLS support for VNC, NNTP, and LMTP Daniel Miller .
o Added new service probes and match lines for OpenVPN on UDP and TCP.
7.1019 Mar 2016 03:15
minor feature:
o NSE Added 12 NSE scripts from 7 authors, bringing the total up to 527!
They are all listed at https://nmap.org/nsedoc/, and the summaries are below.
(authors are listed in brackets):
+ GH#322 http-apache-server-status parses the server status page of
Apache's mod_status. Eric Gershman .
Http-vuln-cve2013-6786 detects a XSS and URL redirection vulnerability in
Allegro RomPager web server. Also added a fingerprint for detecting
CVE-2014-4019 to http-fingerprints.lua. Vlatko Kosturjak .
+ GH#226 http-vuln-cve2014-3704 detects and exploits the "Drupalgeddon".
Pre-auth SQL Injection vulnerability in Drupal. Mariusz Ziulek
Imap-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled IMAP services. Justin Cacak .
Ipv6-multicast-mld-list discovers IPv6 multicast listeners with MLD probes.
The discovery is the same as targets-ipv6-multicast-mld, but the subscribed.
Addresses are decoded and listed. Alexandru Geana, Daniel Miller
+ ms-sql-ntlm-info extracts OS version and sometimes hostname from MS SQL
Server instances via the NTLM challenge message. Justin Cacak .
Nntp-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled NNTP services. Justin Cacak .
Pop3-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled POP3 services. Justin Cacak .
Rusers retrieves information about logged-on users from the rusersd RPC.
Service. Daniel Miller
+ GH#333 shodan-api queries the Shodan API (https://www.shodan.io) and.
Retrieves open port and service info from their Internet-wide scan data.
Glenn Wilkinson .
Smtp-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled SMTP and submission services. Justin Cacak .
Telnet-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled Telnet services. Justin Cacak .
o Updated the OpenSSL shipped with our binary builds (Windows, OS X, and Linux
RPM) to 1.0.2g with SSLv2 enabled.
o Integrated all
6.4724 Aug 2014 21:22
major bugfix:
More IPv4 OS fingerprints incorporated, upgraded OpenSSL to version 1.0.1i, Python to 2.7.8, removed external XML entities. Nmap fixes for installation on Windows, ndiff.bat wrapper fixed. Zenmap .dmg installed fixed. Ncat SOCKS5 auth adapted.
Avoid formatting NULL as " s" when running nmap --iflist.
Avoid crashes with old PyXML packages.
Fix for handling of ICMP admin-prohibited messages
Bugfix for HTTP HEAD requests with redirects.
Gtk crash in Zenmaps DiffViewer fixed.