Release of nmap 7.10 (12 new scripts & amp; bug fixes & amp; added OS recognition)

Source: Internet
Author: User
Tags cve

Release of nmap 7.10 (12 new scripts, bug fixes, and OS recognition are added)


In this release, Namp 7.10 has been greatly improved based on previous versions! 12 new NNS are added, with hundreds of OS systems and version fingerprint recognition. Of course, there are also some minor improvements and Bug fixes.
Source code and installation packages for Linux, Windows, Mac systems can be obtained through the following link: https://nmap.org/download.html
Update Status in Namp 7.10:
1. Added 12 new AUC scripts, with a total of 527.
2. added the HTTP-Apache Application Status parsing script.
3. allegro RomPager (Embedded Web Server tool set, widely used in multiple manufacturers of broadband routers) CVE-2013-06786 XSS and URL redirection vulnerability detection module, and add fingerprint detection for CVE-2014-4019 Vulnerability Detection.
4. HTTP-CVE-2014-3704 probe module and an SQL injection exploitation module in Durpal that requires pre-authentication.
5. NTLM Identity Authentication host name and System Version Detection for IMAP services.
6. IPV6 multicast listening list recognition. Its subscribed Mac address can be decoded and the list of scanned listeners can be listed.
7. You can identify the Host Name and system version of the ms SQL Server through the NTLM question information.
8. NTLM Identity Authentication NNTP service host and OS system version identification.
9. NTLM Identity Authentication POP3 service host and OS system version identification.
10. Use the shodan-api interface to query open ports and Service Activation lists.
11. NTLM Identity Authentication Telnet service host and OS version identification
12. A total of 104 IPV4-Based Fingerprint recognition systems were added, including linux4.2, Win10, and IBM i7.
13. application Service and version fingerprint detection (508), the number of new application information Signature Identification accounts for 2.2%, the total number reaches 10532, currently 1108 protocols can be detected (from icy to fingerprint, from rtsp to ipfs ).
14. New Fingerprint Recognition for 12 ipv6 systems belonging to three recognition categories, including a new recognition type dedicated to OSX systems, with a total of 96 new types added.
15. Upgraded http Form cracking (including Common Logon forms such as Django, Wordpress, MediaWiki, and Joomla) to bypass CSRF protection and cookies verification.
16. You can obtain the geographical location information of the Window host scanned before ZenMap.
17. added the test for the corba giop service.
18. Fixed the routing mask address bug in the FreeBSD system. By default, a route using an IPV6 address contains a 32-bit mask address. In a previous version of Namp, the number of actually configured mask digits is ignored, and thus data packets cannot be routed out.
19. When a usage error occurs, the option configuration error message or usage prompt is displayed in some cases. As the options become very long, you need to scroll the cursor to find the error message.
20. Avoids system crash when Window users use Zenmap for slow scanning. Fixed the issue where an unknown error occurs in OpenSSL, and the system variable returned is NULL, leading to the failure to print the % s format variable.
21. Fixed the bug that Zenmap cannot be copied or pasted in Windows.
22. Changed the reserved and private IP addresses included in RFC3927 and removed the 6/8, 7/8, and 55/8 networks. A function is added to determine whether the target ip address belongs to a private ip address. The scan target can be randomly generated by filtering-iR. To avoid these problems, you can use a custom method or import a list from a file.
23. The-4 option is used to specify the ipv4 protocol for scanning (this is the default scan method), but Nmap can detect the target in a more precise manner.
24. Use the-v0 option Nmap to return the intermediate information instead of the final scan result.
25. According to the Mozilla draft specification, the naming problem of SSL2_RC2_128_CBC_WITH_MD5 and SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 in SSLV2 is fixed.
26. Added start tls support for SSLV2 service probe to facilitate Vulnerability Detection for SSLV2 and DROWN (CVE-2016-0800.
27. Added ricoh web image monitoring and BeEF Web Default User Logon detection.
28. Added packet tracking and viewing for ICMP packets, and determined the entire data packet flow direction based on the returned offset of the data packet.
29. Added DHCP options "TFTP (server name)" and "Startup File Name". By default, 61 cases can be checked.
30. When the host file system does not allow caching, you cannot request data files allocated by remote IANA.
31. Updated php version recognition, covering PHP 4.1.0 to PHP5.4.45. Thousands of WEB servers using PHP can be obtained through the shodan interface.
32. Like other scan types, you can use the same scan process for FTP to perform a bounce scan. You can use the -- stats-every or press the button to regularly update the scan status.
33. Set a shorter timeout time on OpenBSD to use BPF to capture packets. The OpenBSD port management problem is also fixed.
34. When the SSL Service Information is unknown, it is not printed by default.
35. Multiple scan information backups have been fixed.
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.