Nmap is een handig programma voor het verkennen en controleren van je netwerk. Het is ontworpen om zonder vertragingen een groot netwerk te scannen, maar het werkt ook zonder problemen op een enkele host. Het programma maakt gebruik van zogenaamde 'raw IP packets' waarmee de actieve hosts en de beschikbare services met allerlei extra informatie worden achterhaald. Voor meer informatie over de mogelijkheden verwijzen we jullie door naar deze pagina. Google's Summer of Code 2007 loopt bijna ten einde en daarom hebben de ontwikkelaars Nmap 4.22 SoC 3 uitgebracht in de development-tak. De aankondiging ziet er als volgt uit:
The SoC program is almost over (ends on Monday) and we have a lot of great stuff to show for it! As further demonstration of that, I am pleased to release Nmap 4.22SOC3. Perhaps the coolest change is that this release ships UMIT for Windows (as well as UNIX like the last release). Only the self-installer contains Umit, as I'm guessing that people who choose the .zip are more command-line oriented.
Please give Umit a spin on Windows or Unix and report any problems or ideas you have to the nmap-dev list and/or the Umit bugtracker! It is very important that we get Umit into shape to make a great first impression when it is included in the next stable Nmap. While it does have some bugs, I've played with it a bit today and am quite impressed with its capabilities. It certainly blows NmapFE away on many, many levels!
While UMIT is awesome, I don't want to shortchange any of the other great advancements in this release. We've got 4 new NSE scripts, all of your 2nd quarter version detection fingerprints integrated, raw IP packet support for NSE, and much more!
It is particularly important that you guys test this release extensively as we only have the full-time efforts of the SoC participants for a few more days!
Here is a detailed list of the most important changes since 4.22SOC2:
- Umit is now included in the Nmap Windows executable installer. Please give it a try and let us know what you think! Kris put a lot of work into getting this set up.
- Added four new NSE scripts: HTTP proxy detection (Arturo 'Buanzo' Busleiman), DNS zone transfer attempt (Eddie), detecting SQL injection vulnerabilities on web sites (Eddie), and fetching and displaying portions of /robots.txt from web servers (Eddie).
- All of your 2nd Quarter 2007 Nmap version detection fingerprints were integrated by Doug. The DB now contains 4,347 signatures for 439 service protocols. Doug describes the highlights (craziest services found) in his integration report at http://hcsw.org/blog.pl/29 .
- NSE now supports raw IP packet sending and receiving thanks to a patch from Marek Majkowski. Diman handled testing and applied the patch.
- Nmap now has Snprintf() and Vsnprintf() as safer alternatives to the standard version. The problem is that the Windows version of these functions (_snprintf, _vsnprintf) doesn't properly terminate strings when it has to truncate them. These wrappers ensure that the string written is always truncated. Thanks to Kris for doing the work.
- Upgraded libpcre from version 6.7 to 7.2 [Kris]
- Merged various Umit bug fixes from SouceForge trunk: "missing import webbrowser on umit", "Missing markup in 'OS Class' on HostDetailsPage", "some command line options are now working (target, profile, verbose, open result file and run an nmap command)", "removing unused functions import from os.path", "verbosity works on command line"
- Eddie fixed several Umit bugs. Umit now sets the file save extension to .usr unless the user specifies something else. The details highlight regex was improved, and nn error message was added when no target was specified and -iR and -iL aren't used.
- reason.cc/reason.h renamed to portreasons.cc/.h because a reason.h in the Windows platform SDK was causing conflicts. [Kris]
- Fixed a bug in --iflist which would lead to crashes. Thanks to Michael Lawler for the report, and Eddie for the fix.
- Finished updating Winpcap to 4.01 (a few static libraries were missed) [Eddie]
- Added NSE support for buffered data reads. [Stoiko]
- Added new --script-args option for passing arguments to NSE scripts [Stoiko]
- Performed a bunch of OS fingerprint text canonicalization thanks to reports of dozens of capitalization inconsistencies from Suicidal Bob.
- Fixed an assertion failure which could be experienced when script scan was requested without also requesting version scan. [Stoiko]
- Fixed an output bug on systems like Windows which return -1 when vsnprintf is passed a too-small buffer rather than returning the size needed. Thanks to jah for the report.
- Added sys/types.h include to portreasons.h to help OpenBSD compilation. Thanks to Olivier Meyer for the patch.
- Many hardcoded function names and instances of __FUNCTION__ were changed to __func__ [Kris]
- Configure scripts for Nmap, Nbase, and Nsock were optimized to remove redundant checks. This improves compilation time performance. [Eddie]
- Updated IANA assignment IP list for random IP (-iR) generation. [Kris]
Fyodor[break]Nmap 4.22 SoC 3 is in de volgende smaken binnen te halen: