Navigation:
Browse pkgsrc
(this page)
net nmap
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2025-10-23 22:40:24 by Thomas Klausner | Files touched by this commit (2999) |
Log message: *: recursive bump for pcre2 Running an old binary against the new pcre doesn't work: /usr/pkg/lib/libpcre2-8.so.0: version PCRE2_10.47 required by \ /usr/pkg/lib/libglib-2.0.so.0 not defined |
2025-08-25 13:54:33 by Adam Ciarcinski | Files touched by this commit (5) |  |
Log message: nmap ndiff zenmap: updated to 7.98 7.98 o Updated liblua to 5.4.8 o Fixed an issue in FTP bounce scan where a single null byte is written past the end of the receive buffer. The issue is triggered by a malicious server but does not cause a crash with default builds. [Tyler Zars] o [GH3130] Fix a crash (stack exhaustion due to excessive recursion) in the parallel DNS resolver. Additionally, improved performance by processing responses that come after the request has timed out. [Daniel Miller] o [GH2757] Fix a crash in traceroute when using randomly-generated decoys: "Assertion `source->ss_family == AF_INET' failed" [Daniel Miller] o [GH2899] When IP protocol scanning on IPv6 (-sO -6), skip protocol numbers that are registered as Extension Header values. When the --data option was used, these would fail the assertion "len == (u32) \ ntohs(ip6->ip6_plen)" [Daniel Miller] o [NSE][GH3133] Fix the error "nse_nsock.cc:637: void \ receive_callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == 1' \ failed." when reading from an SSL connection. [Daniel Miller] o [GH3086] Prevent TCP Connect scan (-sT) from leaking one socket per hostgroup, which led to progressively slower scans and assertion failures in other scan phases. [Daniel Miller] o [NSE] Added NSE bindings for more libssh2 functions: channel_request, channel_request_pty_ex, channel_shell, and userauth_keyboard_interactive. ssh-brute will now use keyboard-interactive auth if password auth is not offered. [Daniel Miller, CrowdStrike] o Fix a bug that was causing Nmap to send empty DNS packets for each target that was not found up instead of just skipping them for reverse DNS. o [macOS][GH3127] Fix "dnet: Failed to open device en0" errors on \ macOS since Nmap 7.96. [Daniel Miller] o [NSE] Fix/update/enhance tls.lua for newer TLSv1.3 ciphers, including post-quantum ciphersuites. o [GH3114][Windows] Use only the DNS servers for up and configured interfaces for forward and reverse DNS lookups. When -e or -S are used, use only DNS servers that can be connected via that interface or source address. [Daniel Miller] o [Ndiff][GH3115] Have configure script check for PyPA 'build' module. [Daniel \ Miller] o [Zenmap] Updated Spanish and Chinese language strings for Zenmap to cover \ latest strings. o [Zenmap][GH2718] Zenmap language translation (i18n) files were not being installed. [Daniel Miller] o [Zenmap][GH3066] Fix Zenmap error "ValueError: I/O operation on closed \ file" when Nmap crashes or fails. [Daniel Miller] o [Zenmap][GH3084][GH3127] Fix UnicodeDecodeError issues in ScriptMetadata and UmitConfigParser. [Daniel Miller] o [NSE][GH3123] WS-Discovery parsing would error out if the MessageID UUID was not prefixed with "urn:". [nnposter] |
| 2025-07-02 05:39:36 by Mark Davies | Files touched by this commit (1) |
Log message: nmap: explicitly disable libnl |
| 2025-05-15 17:47:09 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: nmap: add patches |
| 2025-05-15 17:44:41 by Adam Ciarcinski | Files touched by this commit (10) | |
Log message:
nmap ndiff zenmap: updated to 7.97
Nmap 7.97 [2025-05-12]
o [Zenmap] Fix a crash when starting a scan on Windows in locales that
use non-latin character sets. Also changed Nmap to print the time zone as an
offset from UTC instead of as a localized string. [Daniel Miller]
o Fixed an issue with the parallel forward DNS resolver: it had not been
consulting /etc/hosts, nor did it correctly handle the 'localhost' name.
[Daniel Miller]
o Mitigate a false-positive detection by replacing a malicious URL in
the example output of http-malware-host [nnposter]
Nmap 7.96 [2025-05-01]
o Upgraded included libraries: OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1,
libpcap 1.10.5, libpcre2 10.45
o [Windows] Upgraded the included version of Npcap from version 1.79 to the
latest version 1.82, bringing faster packet injection, VLAN header capture,
and support for SR-IOV adapters, along with many other bug fixes and feature
enhancements described at https://npcap.com/changelog
o Nmap now performs forward DNS lookups in parallel, using the same
engine that has been reliably performing reverse-DNS lookups for nearly a
decade. Scanning large lists of hostnames is now enormously faster and avoids
the unresponsive wait for blocking system calls, so progress stats can be
shown. In testing, resolving 1 million website names to both IPv4 and IPv6
took just over an hour. The previous system took 49 hours for the same data
set! [Daniel Miller]
o [Nping] Promoted Nping version number from a 0.7.95 alpha release to
the same release version as Nmap.
o [Zenmap] Added dark mode, accessed via Profile->Toggle Dark Mode or
window::dark_mode in zenmap.conf. [Daniel Miller]
o [NSE] Added 3 new scripts, for a total of 612 NSE scripts:
+ mikrotik-routeros-version queries MikroTik's WinBox router admin
service to get the RouterOS version. New service probes were also added for
this service. [deauther890, Daniel Miller]
+ mikrotik-routeros-username-brute brute-forces WinBox usernames for the
router using CVE-2024-54772. [deauther890]
+ targets-ipv6-eui64 generates target IPv6 addresses from a user-provided
file of MAC addresses, using the EUI-64 method. [Daniel Miller]
o Fixed an issue preventing the Nmap OEM 7.95 uninstaller from
correctly uninstalling Nmap OEM.
o [Nsock][Windows] Fixed the IOCP Nsock engine, which had been demoted
since Nmap 7.91 due to unresolved issues around SSL sockets and IPv6. [Daniel \
Miller]
o Fixed the issue where TCP Connect scans (-sT) on Windows would show
'filtered' instead of 'closed', due to differences in understanding timeouts.
o Nmap is now able to scan IP protocol 255.
[nnposter]
o Nmap will now allow targets to be specified both on the command line and in
an input file with -iL. Previously, if targets were provided in both places,
only the targets in the input file would be scanned, and no notice was given
that the command-line targets were ignored. [Daniel Miller]
o [Zenmap] Fixed a Zenmap crash in DiffViewer when Ndiff exits with error.
o [Zenmap] Fixed several UnicodeDecodeError or UnicodeEncodeError crashes
throughout Zenmap.
o [Zenmap] Fixed an issue preventing Zenmap from launching if nmap was
not in the PATH. The issue primarily affected macOS users. [Daniel Miller]
o Fixed a couple of issues with parsing the argument to the
-iR option.
o [NSE] Added TLS support to redis.lua and improved -sV detection of redis.
o Fix 2 potential crashes in parsing IPv6 extension headers
discovered using AFL++ fuzzer. [Domen Puncer Kugler, Daniel Miller]
o [Nping] Bind raw socket to device when possible. This was already done for
IPv6, but was needed for IPv4 L3 tunnels. [ValdikSS]
o [Ncat] Ncat in connect mode no longer defaults to half-closed TCP
connections. This makes it more compatible with other netcats. The -k option
will enable the old behavior. See https://seclists.org/nmap-dev/2013/q1/188
[Daniel Miller]
o [Nsock] Fix an issue affecting Ncat where unread bytes in the SSL
layer's buffer could not be read until more data arrived on the socket, which
could lead to deadlock. [Daniel Miller]
o [Ncat] New Ncat option -q to delay quit after EOF on stdin, the
same as traditional netcat's -q option. [Daniel Miller]
o [Ncat] Ncat in listen mode with -e or -c correctly handles error and
EOF conditions that had not been being delivered to the child process.
o [Ncat][Windows] All Nsock engines now work correctly. The default is still
'select', but others can be set with --nsock-engine=iocp or
--nsock-engine=poll [Daniel Miller]
o [NSE] SSH NSE scripts now catch connection errors thrown by
the libssh2 Lua binding, providing useful output instead of a backtrace.
[Joshua Rogers, Daniel Miller]
o [NSE] Several fixes and extensions to the libssh2 NSE bindings: fixed
libssh2.channel_read_stderr, which was reading stdout instead; add binding
for libssh2_userauth_publickey_frommemory; allow open_channel to avoid \
allocating a pty;
o [Nsock] Improvements for platforms without selectable pcap handles (e.g.
Windows). Interleaved pcap and socket events were favoring pcap reads,
possibly resulting in timeouts of the socket events. [Daniel Miller]
o [Nsock] Improved memory performance of poll engine on Windows. [Daniel Miller]
o [Nsock] Improvements to Nsock event list management, fixing
errors like "could not find 1 of the purportedly pending events on that \
IOD." [Daniel Miller]
o When Nmap is used with --disable-arp-ping, a local IP that cannot be
ARP-resolved will use the "no-route" reason instead of the \
"unknown-response"
reason, since no response was received.
o [NSE] Various bug fixes in the mssql NSE
library. [johnjaylward, nnposter]
o [NSE] Testing for acceptance of SSH keys for
a given username caused heap corruption. [Julijan Nedic, nnposter]
o [NSE] Scripts were not able to load SSH public keys.
from a file. [nnposter]
o [NSE] Encryption/decryption performed by the OpenSSL NSE
module did not work correctly when the IV started with a null byte.
[nnposter]
o [NSE] Arbitrary separator in stdnse.tohex() is now
supported. Script smb-protocols now reports SMB dialects correctly.
[nnposter]
o [NSE] ether_type inconsistency in packet.Frame has been resolved. Both
Frame:new() and Frame:build_ether_frame() now use an integer. [nnposter]
|
| 2025-03-03 21:29:32 by Thomas Klausner | Files touched by this commit (54) |
Log message: *: reset MAINTAINER |
| 2024-12-17 14:29:09 by Tobias Nygren | Files touched by this commit (2) |
Log message: nmap: fix detection of pkgsrc libpcap |
| 2024-04-25 09:15:03 by Adam Ciarcinski | Files touched by this commit (9) | |
Log message:
ndiff nmap zenmap: updated to 7.95
Nmap 7.95 [2024-04-19]
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.75 to the latest version 1.79. It
includes many performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added
336 fingerprints, bringing the new total to 6036. Additions include iOS 15 &
16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
o Integrated over 2500 service/version detection fingerprints submitted since
June 2020. The signature count went up 1.4% to 12089, including 9 new
softmatches. We now detect 1246 protocols, including new additions of grpc,
mysqlx, essnet, remotemouse, and tuya.
o [NSE] Four new scripts from the DINA community (https://github.com/DINA-community)
for querying industrial control systems:
+ hartip-info reads device information from devices using the Highway
Addressable Remote Transducer protocol
+ iec61850-mms queries devices using Manufacturing Message Specification
requests. [Dennis Rösch, Max Helbig]
+ multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All
message and prints the responses. [Stefan Eiwanger, DINA-community]
+ profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the
PNIO-CM service.
o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1,
libssh2 1.11.0, liblinear 2.47
o Upgraded OpenSSL binaries (for the Windows builds and for
RPMs) to version 3.0.13. CVEs resolved in this update include only 2
moderate-severity issues which we do not believe affect Nmap:
CVE-2023-5363 and CVE-2023-2650
o [Zenmap][Ndiff] Zenmap and Ndiff now use setuptools, not distutils for packaging.
o [Ncat] Fixed Ncat UDP server mode to not quit after EOF on stdin. Reported
as Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613
o Fixed an issue where TCP Connect scan (-sT) on Windows would fail to open any
sockets, leading to scans that never finish. [Daniel Miller]
o [NSE] ssh-auth-methods will now print the pre-authentication banner text when
available. Requires libssh2 1.11.0 or later. [Daniel Miller]
o [Zenmap] Fix a crash in Zenmap when changing a host comment.
o [NSE] Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
o [Zenmap] RPM spec files now correctly require the python3 package, not python>=3
o Improvements to OS detection fingerprint matching, including a syntax change
for nmap-os-db that allows ranges within the TCP Options string. This leads
to more concise and maintainable fingerprints. [Daniel Miller]
o Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
o Several profile-guided optimizations of the port scan engine. [Daniel Miller]
o Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
o Fixed a memory leak in Nsock: compiled pcap filters were not freed.
o Fixed a crash when using service name wildcards with -p, as in -p "http*"
o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap
7.80 and later. [David Fifield, Mike Pattrick]
o [NSE] Fixed packet size testing in KNX scripts [f0rw4rd]
|
New packages: