nmap-7.00

[Fernando de Oliveira]

​http://nmap.org/dist/nmap-7.00.tar.bz2

​https://nmap.org/dist/sigs/nmap-7.00.tar.bz2.asc

​https://nmap.org/dist/sigs/nmap-7.00.tar.bz2.digest.txt

nmap-7.00.tar.bz2: MD5 = 6C DF 5D 03 CC 32 94 B9 9D 69 DF CA 83 F2 F2 EE

​http://nmap.org/changelog.html

Nmap 7.00 [2015-11-19] §

 • This is the most important release since Nmap 6.00 back in May 2012!
   For a list of the most significant improvements and new features, see
   the announcement at: https://nmap.org/7
 • [NSE] Added 6 NSE scripts from 6 authors, bringing the total up to
   515! They are all listed at https://nmap.org/nsedoc/, and the
   summaries are below (authors are listed in brackets):
     ◦ targets-xml extracts target addresses from previous Nmap XML
       results files. [Daniel Miller]
     ◦ [GH#232] ssl-dh-params checks for problems with weak, non-safe,
       and export-grade Diffie-Hellman parameters in TLS handshakes.
       This includes the LOGJAM vulnerability (CVE-2015-4000). [Jacob
       Gajek]
     ◦ nje-node-brute does brute-forcing of z/OS JES Network Job Entry
       node names. [Soldier of Fortran]
     ◦ ip-https-discover detectings support for Microsoft's IP over
       HTTPS tunneling protocol. [Niklaus Schiess]
     ◦ [GH#165] broadcast-sonicwall-discover detects and extracts
       information from SonicWall firewalls. [Raphael Hoegger]
     ◦ [GH#38] http-vuln-cve2014-8877 checks for and optionally exploits
       a vulnerability in CM Download Manager plugin for Wordpress.
       [Mariusz Ziulek] 
 • [Ncat] [GH#151] [GH#142] New option --no-shutdown prevents Ncat from
   shutting down when it reads EOF on stdin. This is the same as
   traditional netcat's "-d" option. [Adam Saponara]
 • [NSE] [GH#229] Improve parsing in http.lua for multiple Set-Cookie
   headers in a single response. [nnposter] 

Nmap 6.49BETA6 [2015-11-03] §

 • Integrated all of your IPv6 OS fingerprint submissions from April to
   October (only 9 of them!). We are steadily improving the IPv6
   database, but we need your submissions. The classifier added 3 new
   groups, bringing the new total to 93. Highlights:
   http://seclists.org/nmap-dev/2015/q4/61 [Daniel Miller]
 • Integrated all of your IPv4 OS fingerprint submissions from February
   to October (1065 of them). Added 219 fingerprints, bringing the new
   total to 4985. Additions include Linux 4.1, Windows 10, OS X 10.11,
   iOS 9, FreeBSD 11.0, Android 5.1, and more. Highlights:
   http://seclists.org/nmap-dev/2015/q4/60 [Daniel Miller]
 • Integrated all of your service/version detection fingerprints
   submitted from February to October (800+ of them). The signature
   count went up 2.5% to 10293. We now detect 1089 protocols, from afp,
   bitcoin, and caldav to xml-rpc, yiff, and zebra. Highlights:
   http://seclists.org/nmap-dev/2015/q4/62 [Daniel Miller]
 • [NSE] Added 10 NSE scripts from 5 authors, bringing the total up to
   509! They are all listed at http://nmap.org/nsedoc/, and the
   summaries are below (authors are listed in brackets):
     ◦ knx-gateway-discover and knx-gateway-info scripts gather
       information from multicast and unicast KNX gateways, which
       connect home automation systems to IP networks. [Niklaus Schiess,
       Dominik Schneider]
     ◦ http-ls parses web server directory index pages with optional
       recursion. [Pierre Lalet]
     ◦ xmlrpc-methods perfoms introspection of xmlrpc services and lists
       methods and their descriptions. [Gyanendra Mishra]
     ◦ http-fetch can be used like wget or curl to fetch all files,
       specific filenames, or files that match a given pattern.
       [Gyanendra Mishra]
     ◦ http-svn-enum enumerates users of a Subversion repository by
       examining commit logs. [Gyanendra Mishra]
     ◦ http-svn-info requests information from a Subversion repository,
       similar to the "svn info" command. [Gyanendra Mishra]
     ◦ hnap-info detects and outputs info for Home Network
       Administration Protocol devices. [Gyanendra Mishra]
     ◦ http-webdav-scan detects WebDAV servers and reports allowed
       methods and directory listing. [Gyanendra Mishra]
     ◦ tor-consensus-checker checks the target's address with the Tor
       directory authorities to determine if a target is a known Tor
       node. [Jiayi Ye] 
 • [NSE] Several scripts have been split, combined, or renamed:
     ◦ [GH#171] smb-check-vulns has been split into:
         ▪ smb-vuln-conficker
         ▪ smb-vuln-cve2009-3103
         ▪ smb-vuln-ms06-025
         ▪ smb-vuln-ms07-029
         ▪ smb-vuln-regsvc-dos
         ▪ smb-vuln-ms08-067
     ◦ The scripts now use the vulns library, and the "unsafe"
       script-arg has been replaced by putting the scripts into the
       "dos" category. [Paulino Calderon]
     ◦ http-email-harvest was removed, as the new http-grep does email
       address scraping by default. [Gyanendra Mishra]
     ◦ http-drupal-modules was renamed to http-drupal-enum. Extended to
       enumerate both themes and modules of Drupal installaions.
       [Gyanendra Mishra] 
 • [Ncat] [GH#193] Fix Ncat listen mode over Unix sockets (named pipes)
   on OS X. This was crashing with the error:

       Ncat: getnameinfo failed: Undefined error: 0 QUITTING.

 • Fixed by forcing the name to "localhost" [Michael Wallner]
 • [Zenmap] Fix a crash in Zenmap when using Compare Results:

       AttributeError: 'NoneType' object has no attribute
       'get_nmap_output'

   [Daniel Miller]
 • [NSE] [GH#194] Add support for reading fragmented TLS messages to
   ssl-enum-ciphers. [Jacob Gajek]
 • [GH#51] Added IPv6 support to nmap_mass_rdns, improved reverse DNS
   cache, and refactored DNS code to improve readability and
   extensibility. All in all, this makes the rDNS portion of IPv6 scans
   much faster. [Gioacchino Mazzurco]
 • [NSE] Added NTLM brute support to http-brute. [Gyanendra Mishra]
 • [NSE] Added NTLM authentication support to http.lua and a related
   function to create an ntlm v2 session response in smbauth.lua.
   [Gyanendra Mishra]
 • [NSE] [GH#106] Added a new NSE module, ls.lua, for accumulating and
   outputting file and directory listings. The afp-ls, nfs-ls, and
   smb-ls scripts have been converted to use this module. [Pierre Lalet]
 • [NSE] bacnet-info.nse and s7-info.nse were added to the version
   category. [Paulino Calderon]
 • [NSE] Added 124 new identifiers to bacnet-info.nse vendor database.
   [Paulino Calderon]
 • [NSE] Fixed bacnet-info.nse to bind to the service port detected
   during scan instead of fixed port. [Paulino Calderon]
 • [NSE] Enhanced reporting of elliptic curve names and strengths in
   ssl-enum-ciphers. The name of the curve is now reported instead of
   just "ec" [Brandon Paulsen]
 • [GH#75] Normalize Makefile targets to use the same verb-project
   format, e.g. build-ncat, check-zenmap, install-nping, clean-nsock
   [Gioacchino Mazzurco]
 • [NSE] Added builtin pattern and multiple pattern search to http-grep.
   [Gyanendra Mishra]
 • [NSE] http-crossdomainxml is now http-cross-domain-policy and
   supports client access policies and uses the new SLAXML parser.
   [Gyanendra Mishra]
 • [NSE] Added a patch for vulns lib that allows list of tables to be
   submitted to fields in the vulns report. [Jacob Gajek]
 • [NSE] Added additional checks for successful PUT request in http-put.
   [Oleg Mitrofanov]
 • [NSE] Added an update for http-methods that checks all possible
   methods not in Allow or Public header of OPTIONS response. [Gyanendra
   Mishra]
 • [NSE] Added SLAXML, an XML parser in Lua originally written by Gavin
   Kistner (a.k.a. Phrogz). [Gyanendra Mishra]
 • [NSE] [GH#122] Update the snmp-brute and other snmp-* scripts to use
   the creds library to store brute-forced snmp community strings. This
   allows Nmap to use the correct brute-forced string for each host.
   [Gioacchino Mazzurco]
 • Several improvements to TLS/SSL detection in nmap-service-probes. A
   new probe, TLSSessionReq, and improvements to default SSL ports
   should help speed up -sV scans.
   http://seclists.org/nmap-dev/2015/q2/17 [Daniel Miller]
 • [Nsock] Clean up the API so that nsp_* calls are now nsock_pool_* and
   nsi_* are nsock_iod_*. Simplify Nsock SSL init API, and make logging
   global to the library instead of associated with a nspool. [Henri
   Doreau]
 • [GH#181] The configure script now prints a summary of configured
   options. Most importantly, it warns if OpenSSL was not found, since
   most users will want this library compiled in. [Gioacchino Mazzurco]
 • Define TCP Options for SYN scan in nmap.h instead of literally
   throughout. This string is used by p0f and other IDS to detect Nmap
   scans, so having it a compile-time option is a step towards better
   evasion. [Daniel Miller]
 • [GH#51] Nmap's parallel reverse-DNS resolver now handles IPv6
   addresses. This should result in faster -6 scans. The old behavior is
   available with --system-dns. [Gioacchino Mazzurco]
 • [NSE] Fix a couple odd bugs in NSE command-line parsing. Most
   notably, --script broadcast-* will now work (generally, wildcards
   with scripts whose name begins with a category name were not working
   properly). [Daniel Miller]
 • [NSE] [GH#113] http-form-fuzzer will now stop increasing the size of
   a request when an HTTP 413 or 414 error indicates the web server will
   not accept a larger request. [Gioacchino Mazzurco]
 • [NSE] [GH#159] Add the ability to tag credentials in the creds
   library with freeform text for easy retrieval. This gives necessary
   granularity to track credentials to multiple web apps on a single
   host+port. [Gioacchino Mazzurco] 

Nmap 6.49BETA5 [2015-09-25] §

 • Work around a bug which could cause Nmap to hang when running
   multiple instances at once on Windows. The actual bug appears to be
   in the WinPCAP driver in that it hanges when accessed via
   OpenServiceA by multiple processes at once. So for now we have added
   a mutex to prevent even multiple Nmap processes from making
   concurrent calls to this part of WinPcap. We've received the reports
   from multiple users on Windows 8.1 and Windows Server 2012 R2 and
   this fix seems to resolve the hang for them. [Daniel Miller]
 • [GH#212][NSE] Fix http.get_url function which was wrongly attempting
   non-SSL HTTP requests first when passed https URLs. [jah]
 • [GH#201] Fix Ndiff interpreter path problems in the OS X .dmg
   installer which could prevent Ndiff (and the related Zenmap "compare
   results" window) from working on OS X in some cases. [Daniel Miller]
 • Fix Nmap's DTD, which did not recognize that the script element could
   contain character data when a script returns a number or a boolean.
   [Jonathan Daugherty]
 • [GH#172][NSE] Fix reporting of DH parameter sizes by
   ssl-enum-ciphers. The number shown was the length in bytes, not bits
   as it should have been. Reported by Michael Staruch. [Brandon
   Paulsen]
 • Our Windows Nmap packages are now compiled with the older platform
   toolset (v120_xp rather than v120) and so they may work with Windows
   XP again for the dwindling number of users still on that operating
   system.
 • [GH#34] Disable TPACKET_V3 in our included libpcap. This version of
   the Linux kernel packet ring API has problems that result in lots of
   lost packets. This patch falls back to TPACKET_V2 or earlier versions
   if available. [nnposter]
 • [NSE] Check for socket errors in iscsi.lua. This was causing the
   iscsi-info script to crash against some services. [Daniel Miller]
 • [NSE] Fix http-useragent-tester, which was using cached HTTP
   responses instead of testing new User-Agent strings. [Daniel Miller]
 • Output a warning when deprecated options are used, and suggest the
   preferred option. Currently deprecated: -i -o -m -sP -P0 -PN -oM -sR.
   The warning is only visible with -v. [Daniel Miller]
 • Add a fatal error for options like -oG- which is interpreted as the
   deprecated -o option, outputting to a file named "G-", instead of the
   expected behavior of -oG - (Grepable output to stdout). [Daniel
   Miller]
 • [GH#196] Fix raw packet sending on FreeBSD 10.0 and later. FreeBSD
   changed byte order of the IPv4 stack, so SYN scan and other raw
   packet functions were broken. [Edward Napierała] Also reported in
   [GH#50] by Olli Hauer.
 • [GH#183] Fix compilation on Visual Studio 2010, which failed with
   error: "service_scan.cc(2559): error C2065: 'EOPNOTSUPP' : undeclared
   identifier" [Daniel Miller]
 • [GH#115][NSE] ssl-enum-ciphers will still produce output if OpenSSL
   (required for certificate parsing) is not available. In cases where
   handshake strength depends on the certificate, it will be reported as
   "unknown". [jrchamp] 

Nmap 6.49BETA4 [2015-07-06] §

 • Fix a hang on OS X in Zenmap's Topology page with error
   "zenmap_wrapper.py[857]: GError: Couldn't recognize the image file
   format for file
   '/Applications/Zenmap.app/Contents/MacOS/../Resources/share/zenmap/pixmaps/radialnet/padlock.png'
   http://seclists.org/nmap-dev/2015/q3/8 [Daniel Miller]
 • Fix a small memory leak for each target specified as a hostname which
   fails to resolve. [Daniel Miller]
 • Allow 'make check' to succeed when Nmap is configured without OpenSSL
   support. This was broken due to our NSE unittest library expecting to
   be able to load every library without error. [Daniel Miller]
 • [NSE] Enable ssl-enum-ciphers to safely scan servers with a long
   handshake intolerance issue which resulted in incomplete results when
   the handshake was greater than 255 bytes. [Jacob Gajek, Daniel
   Miller]
 • [Ncat] Fix a write overrun in Ncat that could cause a segfault if the
   -g (source route) option was given too many times. [Daniel Miller]
 • [NSE] [GH#168] Allow ssl-enum-ciphers to run on non-typical ports
   when it is selected by name. It will now send a service detection
   probe if the port is not a typical SSL port and version scan (-sV)
   was not used. [Daniel Miller] 

Nmap 6.49BETA3 [2015-06-25] §

 • [GH#166] Fix Ncat listen mode on Solaris and other platforms where
   struct sockaddr does not have a sa_len member. This also affected use
   of the -p and -s options. Brandon Haberfeld reported the crash.
   [Daniel Miller]
 • [GH#164] Fix a Zenmap failure ot open on OS X with the error: "dyld:
   Symbol not found: _iconv Referenced from: /usr/lib/libcups.2.dylib"
   We had to remove the DYLD_LIBRARY_PATH environment variable from
   zenmap_wrapper.py. Reported by Robert Strom. [Daniel Miller]
 • Report our https URL (https://nmap.org) in more places rather than
   our non-SSL one. [David Fifield]
 • [NSE] Fix Diffie-Hellman parameter extraction in tls.lua. [Jacob
   Gajek] 

Nmap 6.49BETA2 [2015-06-16] §

 • [GH#154] Fix a crash (assertion error) when Nmap recieves an ICMP
   Host Unreachable message.
 • [GH#158] Fix a configure failure when Python is not present, but no
   Python projects were requested. [Gioacchino Mazzurco]
 • [GH#161] [Zenmap] Fix Zenmap on OS X which was failing with
   zipimport.ZipImportError due to architecture mismatch.
 • [NSE] Remove ahbl.org checks from dnsbl.lua, since the service was
   shut down. [Forrest B.] 

Nmap 6.49BETA1 [2015-06-03] §

 • Integrated all of your IPv4 OS fingerprint submissions from May 2014
   to February 2015 (1900+ of them). Added 281 fingerprints, bringing
   the new total to 4766. Addtions include Linux 3.18, Windows 8.1, OS X
   10.10, Android 5.0, FreeBSD 10.1, OpenBSD 5.6, and more. Highlights:
   http://seclists.org/nmap-dev/2015/q2/169 [Daniel Miller]
 • Integrated all of your service/version detection fingerprints
   submitted from June 2013 to February 2015 (2500+ of them). The
   signature count soared over the 10000 mark, a 12% increase. We now
   detect 1062 protocols, from http, telnet, and ftp to jute, bgp, and
   slurm. Highlights: http://seclists.org/nmap-dev/2015/q2/171 [Daniel
   Miller]
 • Integrated all of your IPv6 OS fingerprint submissions from June 2013
   to April 2015 (only 97 of them!). We are steadily improving the IPv6
   database, but we need your submissions. The classifier added 9 new
   groups, bringing the new total to 90. Highlights:
   http://seclists.org/nmap-dev/2015/q2/170 [Daniel Miller]
 • Nmap now has an official bug tracker! We are using Github Issues,
   which you can reach from http://issues.nmap.org/. We welcome your bug
   reports, enhancement requests, and code submissions via the Issues
   and Pull Request features of Github (https://github.com/nmap/nmap),
   though the repository itself is just a mirror of our authoritative
   Subversion repository.
 • [Zenmap] New Chinese-language (zh) translation from Jie Jiang, new
   Hindi (hi) translation by Gyanendra Mishra, and updated translations
   for German (de, Chris Leick), Italian (it, Jan Reister), Polish (pl,
   Jacek Wielemborek), and French (fr, MaZ)
 • Added options --data <hex string> and --data-string <string> to send
   custom payloads in scan packet data. [Jay Bosamiya]
 • --reason is enabled for verbosity > 2, and now includes the TTL of
   received packets in Normal output (this was already present in XML)
   [Jay Bosamiya]
 • Fix ICMP Echo (-PE) host discovery for IPv6, broken since 6.45,
   caused by failing to set the ICMP ID for outgoing packets which is
   used to match incoming responses. [Andrew Waters]
 • Solve a crash on Windows (reported on Windows 8.1 on Surface Pro 3)
   caused by passing a NULL pointer to a WinPcap function that then
   tries to write an error message to it. [Peter Malecka]
 • Enhance Nmap's tcpwrapped service detection by using a shorter
   timeout for the tcpwrapped designation. This prevents falsely
   labeling services as tcpwrapped which merely have a read timeout
   shorter than 6 seconds. Full discussion: http://issues.nmap.org/39
   [nnposter, Daniel Miller]
 • All nmap.org pages are now available SSL-secured to improve privacy
   and ensure your binaries can't be tampered with in transit. So be
   sure to download from https://nmap.org/download.html . We will soon
   remove the non-SSL version of the site. We still offer GPG-signed
   binaries as well: https://nmap.org/book/install.html#inst-integrity
 • [NSE] Added 25 NSE scripts from 17 authors, bringing the total up to
   494! They are all listed at https://nmap.org/nsedoc/, and the
   summaries are below (authors are listed in brackets):
     ◦ bacnet-info gets device information from SCADA/ICS devices via
       BACnet (Building Automation and Control Networks) [Stephen Hilt,
       Michael Toecker]
     ◦ docker-version detects and fingerprints Docker [Claudio
       Criscione]
     ◦ enip-info gets device information from SCADA/ICS devices via
       EtherNet/IP [Stephen Hilt]
     ◦ fcrdns performs a Forward-confirmed Reverse DNS lookup and
       reports anomalous results. [Daniel Miller]
     ◦ http-avaya-ipoffice-users enumerates users in Avaya IP Office 7.x
       systems. [Paulino Calderon]
     ◦ http-cisco-anyconnect gets version and tunnel information from
       Cisco SSL VPNs. [Patrik Karlsson]
     ◦ http-crossdomainxml detects overly permissive crossdomain
       policies and finds trusted domain names available for purchase.
       [Paulino Calderon]
     ◦ http-shellshock detects web applications vulnerable to Shellshock
       (CVE-2014-6271). [Paulino Calderon]
     ◦ http-vuln-cve2006-3392 exploits a file disclosure vulnerability
       in Webmin. [Paul AMAR]
     ◦ http-vuln-cve2014-2126, http-vuln-cve2014-2127,
       http-vuln-cve2014-2128 and http-vuln-cve2014-2129 detect specific
       vulnerabilities in Cisco AnyConnect SSL VPNs. [Patrik Karlsson]
     ◦ http-vuln-cve2015-1427 detects Elasticsearch servers vulnerable
       to remote code execution. [Gyanendra Mishra]
     ◦ http-vuln-cve2015-1635 detects Microsoft Windows systems
       vulnerable to MS15-034. [Paulino Calderon]
     ◦ http-vuln-misfortune-cookie detects the "Misfortune Cookie"
       vulnerability in Allegro RomPager 4.07, commonly used in SOHO
       routers for TR-069 access. [Andrew Orr]
     ◦ http-wordpress-plugins was renamed http-wordpress-enum and
       extended to enumerate both plugins and themes of Wordpress
       installations and their versions. http-wordpress-enum is now
       http-wordpress-users. [Paulino Calderon]
     ◦ mikrotik-routeros-brute performs password auditing attacks
       against Mikrotik's RouterOS API. [Paulino Calderon]
     ◦ omron-info gets device information from Omron PLCs via the FINS
       service. [Stephen Hilt]
     ◦ s7-info gets device information from Siemens PLCs via the S7
       service, tunneled over ISO-TSAP on TCP port 102. [Stephen Hilt]
     ◦ snmp-info gets the enterprise number and other information from
       the snmpEngineID in an SNMPv3 response packet. [Daniel Miller]
     ◦ ssl-ccs-injection detects whether a server is vulnerable to the
       SSL/TLS CCS Injection vulnerability (CVE-2014-0224) [Claudiu
       Perta]
     ◦ ssl-poodle detects the POODLE bug in SSLv3 (CVE-2014-3566)
       [Daniel Miller]
     ◦ supermicro-ipmi-conf exploits Supermicro IPMI/BMC controllers.
       [Paulino Calderon]
     ◦ targets-ipv6-map4to6 generates target IPv6 addresses which
       correspond to IPv4 addresses mapped within a particular IPv6
       subnet. [Raúl Fuentes]
     ◦ targets-ipv6-wordlist generates target IPv6 addresses from a
       wordlist made of hexadecimal characters. [Raúl Fuentes] 
 • Update our Windows build system to VS 2013 on Windows 8.1. Also, we
   now build our included OpenSSL with DEP, ASLR, and SafeSEH enabled.
   [Daniel Miller]
 • Our OS X installer is now built for a minimum supported version of
   10.8 (Mountain Lion), a much-needed update from 10.5 (Leopard).
   Additionally, OpenSSL is now statically linked, allowing us to
   distribute the latest from Macports instead of being subjected to the
   0.9.8 branch still in use as of 10.9. [Daniel Miller]
 • Add 2 more ASCII-art configure splash images to be rotated randomly
   with the traditional dragon image. New ideas for other images to use
   here may be sent to dev@nmap.org. [Jay Bosamiya, Daniel Miller]
 • Solve a crash on Windows (reported on Windows 8.1 on Surface Pro 3)
   caused by passing a NULL pointer to a WinPcap function that then
   tries to write an error message to it. [Peter Malecka]
 • Fix compilation and several bugs on AIX. [Daniel Miller]
 • Fix a bug in libdnet-stripped on Solaris that resulted in the wrong
   MAC address being detected for all interfaces.
   http://seclists.org/nmap-dev/2015/q2/1 [Daniel Miller]
 • New features for the IPv6 OS detection engine allow for better
   classification of systems: IPv6 guessed initial hop limit (TTL) and
   ratio of TCP initial window size to maximum segment size. [Alexandru
   Geana]
 • [NSE] Rework ssl-enum-ciphers to actually score the strength of the
   SSL/TLS handshake, including certificate key size and DH parameters
   if applicable. This is similar to Qualys's SSL Labs scanner, and
   means that we no longer maintain a list of scores per ciphersuite.
   [Daniel Miller]
 • [NSE] Improved http-form-brute autodetection and behavior to handle
   more unusual-but-valid HTML syntax, non-POST forms, success/failure
   testing on HTTP headers, and more. [nnposter]
 • [NSE] Reduce many NSE default timeouts and base them on Nmap's
   detected timeouts for those hosts from the port scan phase. Scripts
   which take timeout script-args can now handle 's' and 'ms' suffixes,
   just like Nmap's own options. [Daniel Miller]
 • [NSE] Remove db2-discover, as its functionality was performed by
   service version detection since the broadcast portion was separated
   into broadcast-db2-discover. http://seclists.org/nmap-dev/2014/q3/415
   [Daniel Miller]
 • Cache dnet names not found on Windows when enumerating interfaces in
   the Windows Registry. Reduces startup times. [Elon Natovich]
 • [NSE] Make smb-ls able to leverage results from smb-enum-shares or
   list of shares specified on command line. [Pierre Lalet]
 • [NSE] Fix X509 cert date parsing for dates after 2049. Reported by
   Teppo Turtiainen. [Daniel Miller]
 • Handle a bunch of socket errors that can result from odd ICMP Type 3
   Destination Unreachable messages received during service scanning.
   The crash reported was "Unexpected error in NSE_TYPE_READ callback.
   Error code: 92 (Protocol not available)" [Daniel Miller]
 • Fixed a crash (NULL pointer dereference) in PortList::isTCPwrapped
   when using -sV and -O on an unknown service not listed in
   nmap-services. [Pierre Lalet]
 • Fixed a benign TOCTOU race between stat() and open() in mmapfile().
   Reported by Camille Mougey. [Henri Doreau]
 • Reduce CPU consumption when using nsock poll engine with no
   registered FD, by actually calling Poll() for the time until timeout,
   instead of directly returning zero and entering the loop again.
   [Henri Doreau]
 • Change the URI for the fingerprint submitter to its new location at
   https://nmap.org/cgi-bin/submit.cgi
 • [NSE] Added a check for Cisco ASA version disclosure, CVE-2014-3398,
   to http-enum in the 'security' category [Daniel Miller]
 • Fixed a bug that caused Nmap to fail to find any network interface
   when a Prism interface is in monitor mode. The fix was to define the
   ARP_HRD_IEEE80211_PRISM header identifier in the libdnet-stripped
   code. [Brad Johnson]
 • Added a version probe for Tor. [David Fifield]
 • [NSE] Add support to citrix-enum-apps-xml for reporting if Citrix
   published applications in the list are enforcing/requiring the level
   of ICA/session data encryption shown in the script result. [Tom
   Sellers]
 • [NSE] Updated our Wordpress plugin list to improve the
   http-wordpress-enum NSE script. We can now detect 34,077 plugins, up
   from 18,570. [Danila Poyarkov]
 • [NSE] Add the signature algorithm that was used to sign the target
   port's x509 certificate to the output of ssl-cert.nse [Tom Sellers]
 • [NSE] Fixed a bug in the sslcert.lua library that was triggered
   against certain services when version detection was used. [Tom
   Sellers]
 • [NSE] vulns.Report:make_output() now generates XML structured output
   reports automatically. [Paulino Calderon]
 • [NSE] Add port.reason_ttl, host.reason, host.reason_ttl for use in
   scripts [Jay Bosamiya]
 • [NSE] If a version script is run by name, nmap.version_intensity()
   returns the maximum value (9) for it [Jay Bosamiya]
 • [NSE] shortport.version_port_or_service() takes an optional rarity
   parameter now to run only when version intensity > rarity [Jay
   Bosamiya]
 • [NSE] Added nmap.version_intensity() function so that NSE version
   scripts can use the argument to --version-intensity (which can be
   overridden by the script arg 'script-intensity') in order to decide
   whether to run or not [Jay Bosamiya]
 • Improve OS detection; If a port is detected to be 'tcpwrapped', then
   it will not be used for OS detection. This helps in cases where a
   firewall might be the port to be 'tcpwrapped' [Jay Bosamiya]
 • [Zenmap] Reduce noise generated in Topology View due to anonymous
   hops [Jay Bosamiya]
 • Added option --exclude-ports to Nmap so that some ports can be
   excluded from scanning (for example, due to policy) [Jay Bosamiya]
 • [Zenmap] Catch the MemoryError caused in Zenmap due to large Nmap
   Output, and display a more helpful error message [Jay Bosamiya]
 • Catch badly named output files (such as those unintentionally caused
   by "-oX -sV logfile.xml") [Jay Bosamiya]
 • [Zenmap] Improved NmapParser to increase speed in opening scans.
   Large scans now open in seconds instead of hours. [Jay Bosamiya]
 • Modify the included libpcap configure script to disable certain
   unused features: bluetooth, usb, usb-can, and dbus sniffing. Dbus
   support caused a build problem on CentOS 6.5. [Daniel Miller]
 • Updated the bundled libpcap from 1.2.1 to 1.5.3 [Jay Bosamiya]
 • Correct the Target MAC Address in Nmap's ARP discovery to conform to
   what IP stacks in currently popular operating systems use. [Jay
   Bosamiya]
 • Fixed a bug which caused Nmap to be unable to have any runtime
   interaction when called from sudo or from a shell script. [Jay
   Bosamiya]
 • Improvements to whois-ip.nse: fix an unhandled error when a
   referred-to response could not be understood; add a new pattern to
   recognise a LACNIC "record not found" type of response and update the
   way ARIN is queried. [jah] 

[Fernando de Oliveira]

Fixed at r16677.