http://permalink.gmane.org/gmane.comp.security.nmap.devel hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.comp.security.nmap.devel/21833 <pre>List, Two bugs and a code structure improvement in this patch to the httpspider library, found while working with the http-chrono script. First bug, the LinkExtractor portion of httpspider doesn't check for a negative maxdepth (indicating no limit), and rejects all links. Second bug, the withinhost and withindomain matching functions would throw an error when presented with a URL without a host portion. Example: &lt;a href="http://"&gt;link&lt;/a&gt;. I threw in a test for parsed_u.host == nil, assuming that that would fail either of the checks. Lastly, the attached patch fixes moves the function definition for validate_link out of the innermost loop of the LinkExtractor.parse function. It had been declared as a closure over url, then called on the very next line. I chose to move it to a method of the LinkExtractor class, in case it should ever need to be overridden, but it could have just as easily been inlined. Dan _______________________________________________ Sent through the nmap-dev mailing list ht</pre> Daniel Miller 2012-05-22T16:03:47 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21832 <pre>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 May 2012 06:19:14 -0700 Michael Right &lt;specked&lt; at &gt;gmail.com&gt; wrote: Hi Michael, This is a complicated question and the answer depends a lot on what sort of scan you're doing. I assume in your case, if you want to scan a whole /8 you probably want to find up hosts or locate just one or two services. In that case, you can tune a single Nmap process to blast packets which should outperform more than one Nmap instance (when you factor in accuracy). So suppose you want to scan hosts for port 80. I'd try something like: nmap -v -d -p 80 -Pn -n -T5 --min-hostgroup 8192 --min-parallelism 1024 - --randomize-hosts -oA big_scan 10.0.0.0/8 When you use --randomize-hosts Nmap doesn't actually randomly sort all IPs but rather blocks of IPs much like how it scans in blocks (hosts groups). If you have a big global network with your /8 divided up into a bunch of /16s or so and each routed to different parts of the world then the random blocks Nmap uses won't b</pre> Brandon Enright 2012-05-22T15:24:09 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21831 <pre> Hi ... ... I think Zenmap is an Universal Binary App cause is doesn’t start on my PowerBook G4 running OS 10.4.11 anymore ... ... the Installer Readme told me that PPC and 10.4 is no problem ... vernetzungsvoll, Clemens Schaber · Wels · Austria _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ </pre> yxynaxen< at >A1.net 2012-05-22T11:14:47 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21830 <pre>hi, after scanning about 188 hosts i wanted to filter them. "op:80" was just fine. i wanted to extend that to "op:80 or op:8080" it crashed Version: 6.00 Traceback (most recent call last): File "zenmapGUI\ScanInterface.pyo", line 247, in filter_hosts File "zenmapCore\NetworkInventory.pyo", line 498, in apply_filter File "zenmapCore\NetworkInventory.pyo", line 448, in _match_all_args File "zenmapCore\NetworkInventory.pyo", line 458, in match_keyword File "zenmapCore\NetworkInventory.pyo", line 471, in match_os File "zenmapCore\SearchResult.pyo", line 155, in match_os KeyError: 'osmatches' greetings _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ </pre> Thomas Neumayer 2012-05-22T09:52:15 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21829 <pre>None of the default scans appear to be working. It is not able to ping any of the hosts. Removed 6.0 and reinstalled 5.5 and was able to ping and define open ports and other command line switches. Tried multiple host, and verified they were up and pingable from this host. I would be willing to answer other question if need. Just email if you like. Scott R. Schmit Systems Engineer Mobile: 864.616.7953 Desk: 864.307.0766 Fax: 864.307.0866 Email: sschmit&lt; at &gt;csioutfitters.com&lt;mailto:sschmit&lt; at &gt;csioutfitters.com&gt; [cid:image001.png&lt; at &gt;01CD37F9.EFD1C960] _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/</pre> Scott Schmit 2012-05-22T13:04:47 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21828 <pre>Hi, Would it be faster to scan a /8 using a single nmap instance or splitting it into a bunch of smaller networks and running multiple parallel nmaps? Thanks _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ </pre> Michael Right 2012-05-22T13:19:14 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21827 <pre>Hi, I tried Nmap6 on Windows XP SP3. As startup, Nmap performed address resolution with Neighbor solicitation sent using unspecified address and Source Link layer address option. Neighbor Solicitation message must not be sent with source as unspecified address and having source link layer as specified in RFC4861 section 7.1.1. Snapshot of the same indicated in bold. 7.1.1&lt;http://tools.ietf.org/html/rfc4861#section-7.1.1&gt;. Validation of Neighbor Solicitations A node MUST silently discard any received Neighbor Solicitation messages that do not satisfy all of the following validity checks: - The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router. - ICMP Checksum is valid. - ICMP Code is 0. - ICMP length (derived from the IP length) is 24 or more octets. - Target Address is not a multicast address. - All included options have a length that is greater than zero. - If the </pre> Venkataramanappa Sathyanarayana 2012-05-22T12:54:12 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21826 <pre>Hi, I wanted to test the http-unsafe-output-escaping script provided by the new nmap-6.00 Version. Using this new nma version - both installed version and using NMAPDIR environment variable - I get the following error. nmap-6.00# nmap --script=http-unsafe-output-escaping 1.2.3.4 Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-22 13:33 CEST NSE: Script Engine Scan Aborted. An error was thrown by the engine: /home/bk/nmap-6.00/nse_main.lua:312: attempt to index field '?' (a nil value) stack traceback: /home/bk/nmap-6.00/nse_main.lua:312: in function 'close' /home/bk/nmap-6.00/nse_main.lua:908: in function 'run' /home/bk/nmap-6.00/nse_main.lua:1218: in function &lt;/home/bk/nmap-6.00/nse_main.lua:1125&gt; [C]: ? The nmap scan report shows correct information about open porst FYI best Bernd </pre> Bernd Kohler 2012-05-22T11:42:13 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21825 <pre>Il 22/05/2012 11:28, Jan Reister ha scritto: Sorry for the unhelpful post, I was blindly following a crash dialog before realizing it went to nmap-dev list! I was using the zenmap "filter hosts" feature when it crashed. nmap v. 6.00 compiled from ther tarball. Linux 3.2.0-24-generic #37-Ubuntu SMP Wed Apr 25 08:43:22 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux Jan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ </pre> Jan Reister 2012-05-22T10:39:09 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21824 <pre>Version: 6.00 Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/zenmapGUI/ScanInterface.py", line 247, in filter_hosts self.inventory.apply_filter(filter_string) File "/usr/local/lib/python2.7/dist-packages/zenmapCore/NetworkInventory.py", line 498, in apply_filter if not self._match_all_args(host, operator, args): File "/usr/local/lib/python2.7/dist-packages/zenmapCore/NetworkInventory.py", line 448, in _match_all_args if not self.__getattribute__("match_%s" % operator)(host, arg): File "/usr/local/lib/python2.7/dist-packages/zenmapCore/NetworkInventory.py", line 458, in match_keyword return self.match_os(host, keyword) or\ File "/usr/local/lib/python2.7/dist-packages/zenmapCore/NetworkInventory.py", line 471, in match_os return HostSearch.match_os(host, os) File "/usr/local/lib/python2.7/dist-packages/zenmapCore/SearchResult.py", line 155, in match_os for osclass in osmatch['osmatches']: KeyError: 'osmatches' </pre> Jan Reister 2012-05-22T09:28:45 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21823 <pre>Hi list, Although it didn't change much for me, the GSoC official period began yesterday. Fun and exciting times ahead. :) Achievements: - Fixed / committed some issues with http-drupal-modules. - Worked on / committed http-traceroute, a script that exploits Max-Forwards HTTP header to detect reverse proxies. - Began working on firewall-bypass. - Gone through some of Nmap / Lua internals documentation. - Had a meeting with Henri and discussed the finished scripts, the next one to work on (firewall-bypass) and ideas for new scripts. Priorities: - Work on firewall-bypass. - Find ideas for new scripts and features to work on. - Discuss some ideas and features with the NSE team. Cheers, Hani. </pre> Hani Benhabiles 2012-05-22T08:23:23 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21822 <pre> I can confirm that this fixed the problem... ! Thanks :-) Forrest _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ </pre> Forrest Aldrich 2012-05-21T18:29:19 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21821 <pre>Hello, I proceeded to localize in my native language - Japanese. screenshot http://bogus.jp/wp/wp-content/zenmap_jp1.png ja.po and zenmap.mo(japanese) http://bogus.jp/zenmap_lc_ja.zip Regards. </pre> bogus 2012-05-22T03:05:07 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21820 <pre>Hi, I have downloaded Nmap-5.51 from http://nmap.org,but when I am running the nmap command in command prompt i am getting the error, "dnet:Failed to open device eth24" I have installed the latest version of WinPcap version 4.1.2. NPF is running properly. I guess there is some problem in WinPcap. I am using Windows 7 ultimate,32 bit. Please suggest Regards AnandK Attachments: ScreenShot of the error _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/</pre> anand k 2012-05-21T19:07:56 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21819 <pre>Trouble shooting of sperious port closing. Added a usleep(60000) to ultra_scan() that seems to correct the problem. Obviously this is not an acceptable solution, just troubleshooting to help isolate the issue. Switching to looking at the Clang bug reports over the next week to look to see if any of the bugs found is a major issue. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ </pre> James Rogers 2012-05-22T03:14:24 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21818 <pre>Greetings, Accomplishments: Made progress on the sv-tidy language support (namely adding table and reverse table) Set up weekly meetings with Mentor, David. Priorities: Build a CPE parser. Compare CPE language and i field langague for all CPE fields. Contact David for the next step in this program. That is all, </pre> sean rivera 2012-05-22T02:54:11 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21817 <pre>Congratulations everyone on version 6! For a year or so, I've been looking for feedback on my patch for XML structured output for NSE scripts [1], and as it has been a while, I thought I'd bring it up again. I've fixed a couple bugs since last time, and I've started keeping my local copy of the Nmap source under Git source control, so I can rebase my branch as development continues on the official source. I'm attaching 2 patches: nse-structured.diff has all the code changes to use XML output for scripts, and scripts-structured.diff patches a few scripts to take better advantage of the structured output. As far as impact to script writers, there shouldn't be much, since a table passed to stdnse.format_output() will work as it always has, as will simply returning a string from a script. In this regard, the functionality is largely opt-in. If the patch is accepted, I'll spend time updating existing scripts to structure their output. There is room for improvement: Currently, "horizontal lists" don't work; tha</pre> Daniel Miller 2012-05-22T01:57:38 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21816 <pre>Hi all, Accomplishments: * made some progress on the fuzzer - it now finds forms automatically and parses them into convenient format. The result of parsing a form may look like this: {action="/test.php", fields={{name="field1", type="text"}, {name="field2", type="file"}}}. I've sent the code to Patrick for a review. Priorities: * there's a lot more to be done on the fuzzer. The next thing I'm planning to do is to analyze the response we get after sending a form and determine if the fuzzing was successful. I'd also like to add fuzzing with numbers. Cheers, Peter _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ </pre> Peter O 2012-05-21T23:30:37 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21815 <pre>Hi all, Last week was all about getting ready for official start of coding. I was trying to do as much work related to my studies as I could in order to have more free time to work on nmap. Apart from that, I've compiled a small list of interesting vulnerabilities that I will be making into scripts soon. I've had a meeting with David, I've created my own branch on the svn and played around with it to make sure I know my way around with svn on such a big project. I've discussed with David which scripts should I do first and we settled on RMI registry default configuration vulnerability (on which I have started working on today) and one of the bruteforce scripts that needs improvement. As I will be working with RMI I took time to read trough existing nse's rmi library. My priorities for this week will be to write a script for detecting and exploiting vulnerable RMI registry servers and extend the rmi library accordingly. And to rewrite mysql-brute script to use brute lib. If time permits, I will try to rewri</pre> Aleksandar Nikolic 2012-05-21T21:43:37 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21814 <pre> Hi David, This is Apple's X11 server. dn _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ </pre> David Newman 2012-05-21T21:22:13 http://permalink.gmane.org/gmane.comp.security.nmap.devel/21813 <pre> Thanks for this report. Is your XQuartz server the default X11 server that Apple provides, or one you installed separately? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ </pre> David Fifield 2012-05-21T21:16:58 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.comp.security.nmap.devel