- Update from version 7.95 to 7.98
- Update of rootfile
- Changelog
7.98
o Updated liblua to 5.4.8
o Fixed an issue in FTP bounce scan where a single null byte is written
past
the end of the receive buffer. The issue is triggered by a malicious
server
but does not cause a crash with default builds. [Tyler Zars]
o [GH#3130] Fix a crash (stack exhaustion due to excessive recursion)
in the
parallel DNS resolver. Additionally, improved performance by
processing
responses that come after the request has timed out. [Daniel Miller]
o [GH#2757] Fix a crash in traceroute when using randomly-generated
decoys:
"Assertion `source->ss_family == AF_INET' failed" [Daniel Miller]
o [GH#2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol
numbers
that are registered as Extension Header values. When the --data
option was
used, these would fail the assertion "len == (u32)
ntohs(ip6->ip6_plen)"
[Daniel Miller]
o [NSE][GH#3133] Fix the error "nse_nsock.cc:637: void
receive_callback(nsock_pool, nsock_event, void*): Assertion
`lua_status(L)
== 1' failed."
when reading from an SSL connection. [Daniel Miller]
o [GH#3086] Prevent TCP Connect scan (-sT) from leaking one socket per
hostgroup, which led to progressively slower scans and assertion
failures in
other scan phases. [Daniel Miller]
o [NSE] Added NSE bindings for more libssh2 functions: channel_request,
channel_request_pty_ex, channel_shell, and
userauth_keyboard_interactive.
ssh-brute will now use keyboard-interactive auth if password auth is
not
offered. [Daniel Miller, CrowdStrike]
o Fix a bug that was causing Nmap to send empty DNS packets for each
target
that was not found up instead of just skipping them for reverse DNS.
o [macOS][GH#3127] Fix "dnet: Failed to open device en0" errors on
macOS since
Nmap 7.96. [Daniel Miller]
o [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including
post-quantum ciphersuites.
o [GH#3114][Windows] Use only the DNS servers for up and configured
interfaces
for forward and reverse DNS lookups. When -e or -S are used, use only
DNS
servers that can be connected via that interface or source address.
[Daniel Miller]
o [Ndiff][GH#3115] Have configure script check for PyPA 'build' module.
[Daniel Miller]
o [Zenmap] Updated Spanish and Chinese language strings for Zenmap to
cover
latest strings.
o [Zenmap][GH#2718] Zenmap language translation (i18n) files were not
being
installed. [Daniel Miller]
o [Zenmap][GH#3066] Fix Zenmap error "ValueError: I/O operation on
closed file"
when Nmap crashes or fails. [Daniel Miller]
o [Zenmap][GH#3084][GH#3127] Fix UnicodeDecodeError issues in
ScriptMetadata
and UmitConfigParser. [Daniel Miller]
o [NSE][GH#3123] WS-Discovery parsing would error out if the MessageID
UUID
was not prefixed with "urn:". [nnposter]
7.97
o [Zenmap][GH#3087] Fix a crash when starting a scan on Windows in
locales that
use non-latin character sets. Also changed Nmap to print the time
zone as an
offset from UTC instead of as a localized string. [Daniel Miller]
o Fixed an issue with the parallel forward DNS resolver: it had not been
consulting /etc/hosts, nor did it correctly handle the 'localhost'
name.
[Daniel Miller]
o [GH#3088] Mitigate a false-positive detection by replacing a
malicious URL in
the example output of http-malware-host [nnposter]
7.96
o Upgraded included libraries: OpenSSL 3.0.16, Lua 5.4.7, libssh2
1.11.1,
libpcap 1.10.5, libpcre2 10.45, libdnet 1.18.0
o [Windows] Upgraded the included version of Npcap from version 1.79 to
the
latest version 1.82, bringing faster packet injection, VLAN header
capture,
and support for SR-IOV adapters, along with many other bug fixes and
feature
enhancements described at https://npcap.com/changelog
o [GH#1451] Nmap now performs forward DNS lookups in parallel, using
the same
engine that has been reliably performing reverse-DNS lookups for
nearly a
decade. Scanning large lists of hostnames is now enormously faster
and avoids
the unresponsive wait for blocking system calls, so progress stats
can be
shown. In testing, resolving 1 million website names to both IPv4 and
IPv6
took just over an hour. The previous system took 49 hours for the
same data
set! [Daniel Miller]
o [Nping][GH#2862] Promoted Nping version number from a 0.7.95 alpha
release to
the same release version as Nmap.
o [Zenmap][GH#2358] Added dark mode, accessed via Profile->Toggle Dark
Mode or
window::dark_mode in zenmap.conf. [Daniel Miller]
o [NSE] Added 3 new scripts, for a total of 612 NSE scripts:
+ [GH#2973] mikrotik-routeros-version queries MikroTik's WinBox
router admin
service to get the RouterOS version. New service probes were also
added for
this service. [deauther890, Daniel Miller]
+ mikrotik-routeros-username-brute brute-forces WinBox usernames for
the
router using CVE-2024-54772. [deauther890]
+ targets-ipv6-eui64 generates target IPv6 addresses from a
user-provided
file of MAC addresses, using the EUI-64 method. [Daniel Miller]
o [GH#2982] Fixed an issue preventing the Nmap OEM 7.95 uninstaller from
correctly uninstalling Nmap OEM.
o [GH#2139][Nsock][Windows] Fixed the IOCP Nsock engine, which had been
demoted
since Nmap 7.91 due to unresolved issues around SSL sockets and IPv6.
[Daniel Miller]
o [GH#2113] Fixed the issue where TCP Connect scans (-sT) on Windows
would show
'filtered' instead of 'closed', due to differences in understanding
timeouts.
o [GH#2900][GH#2896][GH#2897] Nmap is now able to scan IP protocol 255.
[nnposter]
o Nmap will now allow targets to be specified both on the command line
and in
an input file with -iL. Previously, if targets were provided in both
places,
only the targets in the input file would be scanned, and no notice
was given
that the command-line targets were ignored. [Daniel Miller]
o [Zenmap][GH#2854] Fixed a Zenmap crash in DiffViewer when Ndiff exits
with
error.
o [Zenmap] Fixed several UnicodeDecodeError or UnicodeEncodeError
crashes
throughout Zenmap.
o [Zenmap][GH#1696] Fixed an issue preventing Zenmap from launching if
nmap was
not in the PATH. The issue primarily affected macOS users. [Daniel
Miller]
o [GH#2838][GH#2836] Fixed a couple of issues with parsing the argument
to the
-iR option.
o [NSE][GH#2852] Added TLS support to redis.lua and improved -sV
detection of
redis.
o [GH#2954] Fix 2 potential crashes in parsing IPv6 extension headers
discovered using AFL++ fuzzer. [Domen Puncer Kugler, Daniel Miller]
o [Nping] Bind raw socket to device when possible. This was already
done for
IPv6, but was needed for IPv4 L3 tunnels. [ValdikSS]
o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP
connections. This makes it more compatible with other netcats. The -k
option
will enable the old behavior. See
https://seclists.org/nmap-dev/2013/q1/188
[Daniel Miller]
o [Nsock][GH#2788] Fix an issue affecting Ncat where unread bytes in
the SSL
layer's buffer could not be read until more data arrived on the
socket, which
could lead to deadlock. [Daniel Miller]
o [Ncat][GH#2422] New Ncat option -q to delay quit after EOF on stdin,
the
same as traditional netcat's -q option. [Daniel Miller]
o [Ncat][GH#2843] Ncat in listen mode with -e or -c correctly handles
error and
EOF conditions that had not been being delivered to the child process.
o [Ncat][Windows] All Nsock engines now work correctly. The default is
still
'select', but others can be set with --nsock-engine=iocp or
--nsock-engine=poll [Daniel Miller]
o [NSE][GH#1014][GH#2616] SSH NSE scripts now catch connection errors
thrown by
the libssh2 Lua binding, providing useful output instead of a
backtrace.
[Joshua Rogers, Daniel Miller]
o [NSE] Several fixes and extensions to the libssh2 NSE bindings: fixed
libssh2.channel_read_stderr, which was reading stdout instead; add
binding
for libssh2_userauth_publickey_frommemory; allow open_channel to avoid
allocating a pty;
o [Nsock] Improvements for platforms without selectable pcap handles
(e.g.
Windows). Interleaved pcap and socket events were favoring pcap reads,
possibly resulting in timeouts of the socket events. [Daniel Miller]
o [Nsock] Improved memory performance of poll engine on Windows.
[Daniel Miller]
o [Nsock][GH#187][GH#2912] Improvements to Nsock event list management,
fixing
errors like "could not find 1 of the purportedly pending events on
that IOD."
[Daniel Miller]
o When Nmap is used with --disable-arp-ping, a local IP that cannot be
ARP-resolved will use the "no-route" reason instead of the
"unknown-response"
reason, since no response was received.
o [NSE][GH#2571][GH#2572][GH#2622][GH#2784] Various bug fixes in the
mssql NSE
library. [johnjaylward, nnposter]
o [NSE][GH#2925][GH#2917][GH#2924] Testing for acceptance of SSH keys
for
a given username caused heap corruption. [Julijan Nedic, nnposter]
o [NSE][GH#2919][GH#2917] Scripts were not able to load SSH public keys.
from a file. [nnposter]
o [NSE][GH#2928][GH#2640] Encryption/decryption performed by the
OpenSSL NSE
module did not work correctly when the IV started with a null byte.
[nnposter]
o [NSE][GH#2901][GH#2744][GH#2745] Arbitrary separator in
stdnse.tohex() is now
supported. Script smb-protocols now reports SMB dialects correctly.
[nnposter]
o [NSE] ether_type inconsistency in packet.Frame has been resolved. Both
Frame:new() and Frame:build_ether_frame() now use an integer.
[nnposter]
Signed-off-by: Adolf Belka <[email protected]>
---
config/rootfiles/packages/nmap | 3 +++
lfs/nmap | 9 +++++----
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/packages/nmap b/config/rootfiles/packages/nmap
index 4fa71c9cf..39032f1ce 100644
--- a/config/rootfiles/packages/nmap
+++ b/config/rootfiles/packages/nmap
@@ -581,6 +581,8 @@ usr/share/nmap/scripts/metasploit-info.nse
usr/share/nmap/scripts/metasploit-msgrpc-brute.nse
usr/share/nmap/scripts/metasploit-xmlrpc-brute.nse
usr/share/nmap/scripts/mikrotik-routeros-brute.nse
+usr/share/nmap/scripts/mikrotik-routeros-username-brute.nse
+usr/share/nmap/scripts/mikrotik-routeros-version.nse
usr/share/nmap/scripts/mmouse-brute.nse
usr/share/nmap/scripts/mmouse-exec.nse
usr/share/nmap/scripts/modbus-discover.nse
@@ -791,6 +793,7 @@ usr/share/nmap/scripts/stuxnet-detect.nse
usr/share/nmap/scripts/supermicro-ipmi-conf.nse
usr/share/nmap/scripts/svn-brute.nse
usr/share/nmap/scripts/targets-asn.nse
+usr/share/nmap/scripts/targets-ipv6-eui64.nse
usr/share/nmap/scripts/targets-ipv6-map4to6.nse
usr/share/nmap/scripts/targets-ipv6-multicast-echo.nse
usr/share/nmap/scripts/targets-ipv6-multicast-invalid-dst.nse
diff --git a/lfs/nmap b/lfs/nmap
index cee8fa2a9..8418dcf4d 100644
--- a/lfs/nmap
+++ b/lfs/nmap
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <[email protected]> #
+# Copyright (C) 2007-2025 IPFire Team <[email protected]> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,8 @@ include Config
SUMMARY = Network exploration tool and security scanner
-VER = 7.95
+VER = 7.98
+# Also update ncat when nmap is updated
THISAPP = nmap-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -34,7 +35,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nmap
-PAK_VER = 19
+PAK_VER = 20
DEPS =
@@ -48,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 =
4ab4912468f6c1cf7517090bc94b1bb34e665fe1b3db973e1c7bb2d05cb885545cdf3ca5c7fb548ff0012b800f5dd60ed2f2010fc9fb62ba7d6a28537287193c
+$(DL_FILE)_BLAKE2 =
bbc7f4931876b2a59dc8d94b5498e72ee76084db19089820030473628f215a0a89972638f4128e46a46ffa55bd92141bfceab311fa00f4798cf111aca5ec104a
install : $(TARGET)
--
2.51.0
