Nmap 7.60 released!
发表于:2024-10-21 作者:千家信息网编辑
千家信息网最后更新 2024年10月21日,Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and
千家信息网最后更新 2024年10月21日Nmap 7.60 released!
Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more
From: Fyodor
Date: Tue, 1 Aug 2017 15:26:58 -0700
Hello everyone. I'm back from Defcon and excited to announce the new Nmap7.60 release! It has only been a month and a half since 7.50, but we stillpacked a lot into this one. Mostly because we have such an awesome GSoCteam of 8 students and mentors working on so many cool projects. Theprogram hasn't even ended yet, but much of their work has already beenintegrated into this release.One of the things I'm most excited about is ssh support. Nmap scripts cannow perform brute force SSH password cracking, query servers about whatauth methods and public keys they accept, and even log in using known ordiscovered credentials to execute arbitrary commands. We're including fourscripts to start out with, and it opens the door to many more futurecapabilities! This was the product of three summers of GSoC studentsbuilding on each other's work until we finally have something portable(works on Linux, Windows, Mac, etc.) and reliable enough to include. Madprops to the students Devin Bjelland (2014), Sergey Khegay (2016), andEvangelos Deirmentzoglou (2017) as well as their mentors Patrick Donnellyand Fotis "Ithilgore" Hantzis!Oh, we also have 14 (!) new NSE scripts, and a bunch of great SMB2/SMB3improvements by Paulino Calderon. This release also includes our new Npcap0.93 which resolves an issue where the Microsoft Windows 10 Creators Updatewas breaking Npcap and impairing Nmap functionality. There's a lot more,so I'll end this email with the full list.Nmap 7.60 source code and binary packages for Linux, Windows, and Mac areavailable for free download from the usual spot:https://nmap.org/download.htmlIf you find any bugs in this release, please let us know on the Nmap Devlist or bug tracker as described at https://nmap.org/book/man-bugs.html.Here is the full list of significant changes since Nmap 7.50: [Windows] Updated the bundled Npcap from 0.91 to 0.93, fixing severalissues with installation and compatibility with the Windows 10 CreatorsUpdate. [NSE][GH#910] NSE scripts now have complete SSH support via libssh3,including password brute-forcing and running remote commands, thanks to thecombined efforts of three Summer of Code students: [Devin Bjelland, SergeyKhegay, Evangelos Deirmentzoglou] [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 579!They are all listed at https://nmap.org/nsedoc/, and the summaries arebelow: - ftp-syst sends SYST and STAT commands to FTP servers to get system version and connection information. [Daniel Miller] - [GH#916] http-vuln-cve2017-8917 checks for an SQL injection vulnerability affecting Joomla! 3.7.x before 3.7.1. [Wong Wai Tuck] - iec-identify probes for the IEC 60870-5-104 SCADA protocol. [Aleksandr Timorin, Daniel Miller] - [GH#915] openwebnet-discovery retrieves device identifying information and number of connected devices running on openwebnet protocol. [Rewanth Cool] - puppet-naivesigning checks for a misconfiguration in the Puppet CA where naive signing is enabled, allowing for any CSR to be automatically signed. [Wong Wai Tuck] - [GH#943] smb-protocols discovers if a server supports dialects NT LM 0.12 (SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11. This replaces the old smbv2-enabled script. [Paulino Calderon] - [GH#943] smb2-capabilities lists the supported capabilities of SMB2/SMB3 servers. [Paulino Calderon] - [GH#943] smb2-time determines the current date and boot date of SMB2 servers. [Paulino Calderon] - [GH#943] smb2-security-mode determines the message signing configuration of SMB2/SMB3 servers. [Paulino Calderon] - [GH#943] smb2-vuln-uptime attempts to discover missing critical patches in Microsoft Windows systems based on the SMB2 server uptime. [Paulino Calderon] - ssh-auth-methods lists the authentication methods offered by an SSH server. [Devin Bjelland] - ssh-brute performs brute-forcing of SSH password credentials. [Devin Bjelland] - ssh-publickey-acceptance checks public or private keys to see if they could be used to log in to a target. A list of known-compromised key pairs is included and checked by default. [Devin Bjelland] - ssh-run uses user-provided credentials to run commands on targets via SSH. [Devin Bjelland] [NSE] Removed smbv2-enabled, which was incompatible with the new SMBv2/3improvements. It was fully replaced by the smb-protocols script. [Ncat][GH#446] Added Datagram TLS (DTLS) support to Ncat in connect(client) mode with --udp --ssl. Also added Application Layer ProtocolNegotiation (ALPN) support with the --ssl-alpn option. [Denis Andzakovic,Daniel Miller] Updated the default ciphers list for Ncat and the secure ciphers list forNsock to use "!aNULL:!eNULL" instead of "!ADH". With the addition of ECDHciphersuites, anonymous ECDH suites were being allowed. [Daniel Miller] [NSE][GH#930] Fix ndmp-version and ndmp-fs-info when scanning VeritasBackup Exec Agent 15 or 16. [Andrew Orr] [NSE][GH#943] Added new SMB2/3 library and related scripts. [PaulinoCalderon] [NSE][GH#950] Added wildcard detection to dns-brute. Only hostnames thatresolve to unique addresses will be listed. [Aaron Heesakkers] [NSE] FTP scripts like ftp-anon and ftp-brute now correctly handleTLS-protected FTP services and use STARTTLS when necessary. [Daniel Miller] [NSE][GH#936] Function url.escape no longer encodes so-called"unreserved" characters, including hyphen, period, underscore, and tilde,as per RFC 3986. [nnposter] [NSE][GH#935] Function http.pipeline_go no longer assumes that persistentconnections are supported on HTTP 1.0 target (unless the target explicitlydeclares otherwise), as per RFC 7230. [nnposter] [NSE][GH#934] The HTTP response object has a new member, version, whichcontains the HTTP protocol version string returned by the server, e.g."1.0". [nnposter] [NSE][GH#938] Fix handling of the objectSID Active Directory attribute byldap.lua. [Tom Sellers] [NSE] Fix line endings in the list of Oracle SIDs used byoracle-sid-brute. Carriage Return characters were being sent in theconnection packets, likely resulting in failure of the script. [AnantShrivastava] [NSE][GH#141] http-useragent-checker now checks for changes in HTTPstatus (usually 403 Forbidden) in addition to redirects to indicateforbidden User Agents. [Gyanendra Mishra]Enjoy this new release and please do let us know if you find any problems!Download link: https://nmap.org/download.htmlCheers,Fyodor_______________________________________________Sent through the announce mailing listhttps://nmap.org/mailman/listinfo/announceArchived at http://seclists.org/nmap-hackers/
e.g.
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
网络安全时间的技术措施
mc和谐服务器
售前网络安全的应用
宣传部网络安全中心走专技岗
加强网络安全监测值守工作
腾讯游戏服务器卡么
数据库怎么查询总分
湖北浪潮服务器维修调试云服务器
网络安全卫士肖鹏
虚拟机内安装sql数据库
流水线点胶软件开发
软件开发公司适合的组织结构
当前数据库开发的现状
对当今网络安全的认识
什么是共享服务器
违反网络安全法自我检讨书
三菱plc与数据库
慕义互联网科技有限公司
山东南山村软件开发
怀旧服服务器捐献进度
江苏乐活网络技术有限公司
数据库生成sql语句
软件开发 履行职责情况
如何用负载均衡解决服务器问题
网络技术维面试
南京 软件开发公司
兵团防疫健康平台无法连接服务器
购买的软件开发费怎么入账
共享app数据库
上海网络技术 官网