forked from nmap/nmap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
16940 lines (13047 loc) · 760 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#Nmap Changelog ($Id$); -*-text-*-
o Nmap will now allow targets to be specified both on the command line and in
an input file with -iL. Previously, if targets were provided in both places,
only the targets in the input file would be scanned, and no notice was given
that the command-line targets were ignored. [Daniel Miller]
o [GH#1451] Nmap now performs forward DNS lookups in parallel, using the same
engine that has been reliably performing reverse-DNS lookups for nearly a
decade. Scanning large lists of hostnames is now enormously faster and avoids
the unresponsive wait for blocking system calls, so progress stats can be
shown. In testing, resolving 1 million website names to both IPv4 and IPv6
took just over an hour. The previous system took 49 hours for the same data
set! [Daniel Miller]
o [GH#2571, GH#2572, GH#2622, GH#2784] Various bug fixes in the mssql NSE
library [johnjaylward, nnposter]
o [GH#2900, GH#2896, GH#2897] Nmap is now able to scan IP protocol 255.
[nnposter]
Nmap 7.95 [2024-04-23]
o Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,
bringing the new total to 6,036. Additions include iOS 15 & 16, macOS
Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
o Integrated over 2,500 service/version detection fingerprints. The signature
count went up 1.4% to 12,089, including 9 new softmatches. We now detect
1,246 protocols, including new additions of grpc, mysqlx, essnet,
remotemouse, and tuya.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and transmission
driver) from version 1.75 to the latest version 1.79. It includes many
performance improvements, bug fixes and feature enhancements described at
https://npcap.com/changelog.
o [NSE] Added four new scripts from the DINA community
(https://github.com/DINA-community) for querying industrial control
systems:
+ hartip-info reads device information from devices using the Highway
Addressable Remote Transducer protocol
+ iec61850-mms queries devices using Manufacturing Message Specification
requests. [Dennis Rösch, Max Helbig]
+ multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All
message and prints the responses. [Stefan Eiwanger, DINA-community]
+ profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the
PNIO-CM service.
o Improvements to OS detection fingerprint matching, including a syntax
change for nmap-os-db that allows ranges within the TCP Options
string. This leads to more concise and maintainable fingerprints. [Daniel
Miller]
o Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
o Several profile-guided optimizations of the port scan engine. [Daniel Miller]
o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1, libssh2
1.11.0, liblinear 2.47
o [GH#2639] Upgraded OpenSSL binaries (for the Windows builds and for RPMs)
to version 3.0.13. This addresses various OpenSSL vulnerabilities which
don't impact Nmap (full details are in the GH issue).
o [GH#2672] Fixed an issue where TCP Connect scan (-sT) on Windows would fail
to open any sockets, leading to scans that never finish. [Daniel Miller]
o [Zenmap][Ndiff][GH#2649] Zenmap and Ndiff now use setuptools, not distutils
for packaging.
o [Ncat][GH#2685] Fixed Ncat UDP server mode to not quit after EOF on
stdin. Reported as Debian bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613
o [NSE] ssh-auth-methods will now print the pre-authentication banner text
when available. Requires libssh2 1.11.0 or later. [Daniel Miller]
o [Zenmap][GH#2739] Fix a crash in Zenmap when changing a host comment.
o [NSE][GH#2766] Fix TLS 1.2 signature algorithms for EdDSA. [Daniel Roethlisberger]
o [Zenmap][GH#2706] RPM spec files now correctly require the python3 package, not python>=3
o [GH#2731] Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
o [GH#2609] Fixed a memory leak in Nsock: compiled pcap filters were not freed.
o [GH#2658] Fixed a crash when using service name wildcards with -p, as in -p "http*"
o [NSE] Fixed DNS TXT record parsing bug which caused asn-query to fail in
Nmap 7.80 and later. [David Fifield, Mike Pattrick]
o [NSE][GH#2727][GH#2728] Fixed packet size testing in KNX scripts [f0rw4rd]
Nmap 7.94 [2023-05-19]
o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
this effort possible:
+ [GH#2088][GH#1176][Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík]
+ [GH#1807][GH#1176][Ndiff] Updated Ndiff to Python 3. [Brian Quigley]
+ Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
to those who opened Python 3-related issues and pull requests: Eli
Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
Hasan Aliyev, and others.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.71 to the latest version 1.75. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M
(28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC
prefix used previously for lookups.
o Added partial silent-install support to the Nmap Windows
installer. It previously didn't offer silent mode (/S) because the
free/demo version of Npcap Windoes packet capturing driver that it
needs and ships with doesn't include a silent installer. Now with
the /S option, Nmap checks whether Npcap is already installed
(either the free version or OEM) and will silently install itself if
so. This is similar to how the Wireshark installer works and is
particularly helpful for organizations that want to fully automate
their Nmap (and Npcap) deployments. See
https://nmap.org/nmap-silent-install for more details.
o Lots of profile-guided memory and processing improvements for Nmap, including
OS fingerprint matching, probe matching and retransmission lookups for large
hostgroups, and service name lookups. Overhauled Nmap's string interning and
several other startup-related procedures to speed up start times, especially
for scans using OS detection. [Daniel Miller]
o Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints,
bringing the new total to 5700!
o [NSE][GH#548] Added the tftp-version script which requests a
nonexistent file from a TFTP server and matches the error message
to a database of known software. [Mak Kolybabi]
o [Ncat][GH#1223] Ncat can now accept "connections" from multiple UDP hosts in
listen mode with the --keep-open option. This also enables --broker and
--chat via UDP. [Daniel Miller]
o [GH#2575] Upgraded OpenSSL binaries (for the Windows builds and for
RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602;
CVE-2022-3786) which don't impact Nmap proper since it doesn't do
certificate validation, but could possibly impact Ncat when the
--ssl-verify option is used.
o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
o [GH#2532] Removed the bogus OpenSSL message from the Windows Nmap
executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL
legacy provider failed to load." We actually already have the legacy
provider built-in to our OpenSSL builds, and that's why loading the
external one fails.
o [GH#2541] UDP port scan (-sU) and version scan (-sV) now both use the same
data source, nmap-service-probes, for data payloads. Previously, the
nmap-payloads file was used for port scan. Port scan responses will be used
to kick-start the version matching process. [Daniel Miller]
o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption. The
DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent
sooner in the scan. [Daniel Miller]
o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming
connections. [Daniel Miller]
o [GH#1023] Handle Internationalized Domain Names (IDN) like Яндекс.рф on
platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
o [Ncat] Addressed an issue from the Debian bug tracker
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
received immediately after a SOCKS CONNECT response. Ncat can now be
correctly used in the ProxyCommand option of OpenSSH.
o Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted DNS
server responses, reported by Philippe Antoine.
o [GH#2338][NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]
o [GH#2507] Updates to the Japanese manpage translation by Taichi Kotake.
o [Ncat][GH#1026][GH#2426] Dramatically speed up Ncat transfers on
Windows by avoiding a 125ms wait for every read from
STDIN. [scriptjunkie]
o [GH#1192][Windows] Periodically reset the system idle timer to keep the
system from going to sleep while scans are in process. This only affects port
scans and OS detection scans, since NSE and version scan do not rely on
timing data to adjust speed.
o Updated the Nmap Public Source License (NPSL) to Version 0.95. This
just clarifies that the derivative works definition and all other
license clauses only apply to parties who choose to accept the
license in return for the special rights granted (such as Nmap
redistribution rights). If a party can do everything they need to
using copyright provisions outside of this license such as fair use,
we support that and aren't trying to claim any control over their
work. Versions of Nmap released under previous versions of the NPSL
may also be used under the NPSL 0.95 terms.
o Avoid storing many small strings from IPv4 OS detection results in the global
string_pool. These were effectively leaked after a host is done being
scanned, since string_pool allocations are not freed until Nmap quits.
Nmap 7.93 [2022-09-01]
o This release commemorates Nmap's 25th anniversary! It all started with this
September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.50 to the latest version 1.71. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions.
Binaries for this release include OpenSSL 3.0.5.
o Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
o [GH#2416] Fix a bug that prevented Nmap from discovering interfaces on Linux
when no IPv4 addresses were configured. [Daniel Miller, nnposter]
o [NSE][GH#2463] NSE "exception handling" with nmap.new_try() will no longer
result in a stack traceback in debug output nor a "ERROR: script execution
failed" message in script output, since the intended behavior has always been
to end the script immediately without output. [Daniel Miller]
o [GH#2494] Update the Nmap output DTD to match actual output since the
`<hosthint>` element was added in Nmap 7.90.
o [NSE][GH#2496] Fix newtargets support: since Nmap 7.92, scripts could not add
targets in script pre-scanning phase. [Daniel Miller]
o [GH#2468] Scripts dhcp-discover and broadcast-dhcp-discover now support
setting a client identifier. [nnposter]
o [GH#2331][GH#2471] Script oracle-tns-version was not reporting the version
correctly for Oracle 19c or newer [linholmes]
o [GH#2296][GH#2342] Script redis-info was crashing or producing inaccurate
information about client connections and/or cluster nodes. [nnposter]
o [GH#2379] Nmap and Nping were unable to obtain system routes on FreeBSD
[benpratt, nnposter]
o [GH#2464] Script ipidseq was broken due to calling an unreachable library
function. [nnposter]
o [GH#2420][GH#2436] Support for EC crypto was not properly enabled if Nmap
was compiled with OpenSSL in a custom location. [nnposter]
o [NSE] Improvements to event handling and pcap socket garbage collection,
fixing potential hangs and crashes. [Daniel Miller]
o We ceased creating the Nmap win32 binary zipfile. It was useful back when
you could just unzip it and run Nmap from there, but that hasn't worked well
for many years. The win32 self-installer handles Npcap installation and many
other dependencies and complexities. Anyone who needs the binaries for some
reason can still install Nmap on any system and retrieve them from there.
For now we're keeping the Win32 zipfile in the Nmap OEM Edition
(https://nmap.org/oem) for companies building Nmap into their own
products. But even in that case we believe that running the Nmap OEM
self-installer in silent mode is a better approach.
o [GH#2388] Fix TDS7 password encoding for mssql.lua, which had been assuming
ASCII input even though other parts of the library had been passing it Unicode.
o [GH#2402] Replace deprecated CPEs for IIS with their updated identifier,
cpe:/a:microsoft:internet_information_services [Esa Jokinen]
o [NSE][GH#2393] Fix script-terminating error when unknown BSON data types are
encountered. Added parsers for most standard data types. [Daniel Miller]
o [Ncat] Fix hostname/certificate comparison and matching to handle ASN.1
strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
o [Ncat][GH#2365] Added support for SOCKS5 proxies that return bind addresses
as hostnames, instead of IPv4/IPv6 addresses. [pomu0325]
Nmap 7.92 [2021-08-07]
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.00 to the latest version 1.50. You can
read about the dozens of performance improvements, bug fixes and feature
enhancements at https://npcap.com/changelog.
o [Windows] Thanks to the Npcap 1.50 upgrade, Nmap now works on the Windows
ARM architecture so you can run it on lightweight and power-efficient
tablets like the Microsoft Surface Pro X and Samsung Galaxy Book Go. More
ARM devices are on the way along with the upcoming Windows 11 release. See
the Npcap on ARM announcement at
https://seclists.org/nmap-announce/2021/2.
o [Windows] Updated our Windows builds to Visual Studio 2019, Windows 10
SDK, and the UCRT. This prevents Nmap from working on Windows Vista and
earlier, but they can still use older versions of Nmap on their ancient
operating system.
o New Nmap option --unique will prevent Nmap from scanning the same IP
address twice, which can happen when different names resolve to the same
address. [Daniel Miller]
o [NSE][GH#1691] TLS 1.3 now supported by most scripts for which it is
relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel
connections and certificate parsing will require OpenSSL 1.1.1 or later to
fully support TLS 1.3. [Daniel Miller]
o [NSE] Added 3 NSE scripts, from 4 authors, bringing the total up to 604!
They are all listed at https://nmap.org/nsedoc/, and the summaries are
below:
+ [GH#2201] nbns-interfaces queries NetBIOS name service (NBNS) to gather
IP addresses of the target's network interfaces [Andrey Zhukov]
+ [GH#711] openflow-info gathers preferred and supported protocol versions
from OpenFlow devices [Jay Smith, Mak Kolybabi]
+ port-states prints a list of ports that were found in each state,
including states that were summarized as "Not shown: X closed ports"
[Daniel Miller]
o Several changes to UDP payloads to improve accuracy:
+ [GH#2269] Fix an issue with -sU where payload data went out-of-scope
before it was used, causing corrupted payloads to be sent. [Mariusz
Ziulek]
+ Nmap's retransmission limits were preventing some UDP payloads from
being tried with -sU and -PU. Now, Nmap sends each payload for a
particular port at the same time without delay. [Daniel Miller]
+ New UDP payloads:
- [GH#1279] TS3INIT1 for UDP 3389 [colcrunch]
- [GH#1895] DTLS for UDP 3391 (RD Gateway) [Arnim Rupp]
o [NSE][GH#2208][GH#2203] SMB2 dialect handling has been
redesigned. Visible changes include:
* Notable improvement in speed of script smb-protocols and others
* Some SMB scripts are no longer using a hardcoded dialect, improving
target interoperability
* Dialect names are aligned with Microsoft, such as 3.0.2, instead of
3.02 [nnposter]
o [GH#2350] Upgraded OpenSSL to version 1.1.1k. This addresses some
CVE's which don't affect Nmap in a material way. Details:
https://github.com/nmap/nmap/issues/2350
o Removed support for the ancient WinPcap library since we already include
our own Npcap library (https://npcap.com) supporting the same API. WinPcap
was abandoned years ago and it's official download page says that "WE
RECOMMEND USING Npcap INSTEAD" for security, stability, compatibility, and
support reasons.
o [GH#2257] Fix an issue in addrset matching that was causing all targets to
be excluded if the --excludefile listed a CIDR range that contains an
earlier, smaller CIDR range. [Daniel Miller]
o [GH#1922] Fix an issue that would cause Nmap to hang during scans
with a host timeout, such as -T5. Any active probes when a target timed out
were counting towards the global congestion window.
o [GH#2153] Do not count host discovery phase time against the host timeout,
since Nmap may wait a long time between sending probes to a target while it
processes other targets instead.
o [GH#2153] Fix issues with matching ICMP Time Exceeded messages that led to
ignored responses and long scan times when scanning distant targets.
o Upgrade the Windows NSIS installer to use the latest NSIS 3 (version
3.07) instead of the previous NSIS 2 generation.
o Setting --host-timeout=0 will disable the host timeout, which is set by
-T5 to 15 minutes. Earlier versions of Nmap require the user to specify a
very long timeout instead.
o Improvements to Nmap's XML output:
+ If a host times out, the XML <host> element will have the attribute
timedout="true" and the host's timing info (srtt etc.) will still be
printed.
+ The "extrareasons" element now includes a list of port numbers for each
"ignored" state. The "All X ports" and "Not shown:" lines in normal
output have been changed slightly to provide more detail. [Daniel
Miller]
o [NSE][GH#2237] Prevent the ssl-* NSE scripts from probing ports that were
excluded from version scan, usually 9100-9107, since JetDirect will print
anything sent to these ports. [Daniel Miller]
o [GH#2206] Nmap no longer produces cryptic message "Failed to convert
source address to presentation format" when unable to find useable route
to the target. [nnposter]
o [Ncat][GH#2202] Use safety-checked versions of FD_* macros to abort early
if number of connections exceeds FD_SETSIZE. [Pavel Zhukov]
o [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping
server data sent right after the connection got established, such as port
banners. [Sami Pönkänen]
o [Ncat][GH#2149] Fixed a bug in proxy connect mode which would close the
connection as soon as it was opened in Nmap 7.90 and 7.91.
o [NSE][GH#2175] Fixed NSE so it will not consolidate all port script output
for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel
Miller]
o [Zenmap][GH#2157] Fixed an issue where a failure to execute Nmap would
result in a Zenmap crash with "TypeError: coercing to Unicode" exception.
o Nmap no longer considers an ICMP Host Unreachable as confirmation that a
target is down, in accordance with RFC 1122 which says these errors may be
transient. Instead, the probe will be destroyed and other probes used to
determine aliveness. [Daniel Miller]
o [Ncat][GH#2154] Ncat no longer crashes when used with Unix domain sockets.
o [Ncat][GH#2167][GH#2168] Ncat is now again generating certificates with
the duration of one year. Due to a bug, recent versions of Ncat were using
only one minute. [Tobias Girstmair]
o [NSE][GH#2281] URL/percent-encoding is now using uppercase hex digits to
align with RFC 3986, section 2.1, and to improve compatibility with some
real-world web servers. [nnposter]
o [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most
visible are that certificate SANs are properly split apart and that
identities that are syntactically incorrect to be hostnames are now
ignored. [Michel Le Bihan, nnposter]
o [NSE] Loading of a Nikto database failed if the file was referenced
relative to the Nmap directory [nnposter]
o We're no longer building and distributing 32-bit Linux binary RPMs since
the vast majority of users are on x64 systems now. Nmap still works on
32-bit systems and so users can build it themselves from the source
RPMs or tarball, or obtain it from their distribution's repository.
o [GH#2199] Updated Nmap's NPSL license to rewrite a poorly-worded clause
about "proprietary software companies". The new license version 0.93 is
still available from https://nmap.org/npsl/. As described on that page, we
are also still offering Nmap 7.90, 7.91, and 7.92 under the previous Nmap
7.80 license. Finally, we still offer the Nmap OEM program for companies
who want a non-copyleft license allowing them to redistribute Nmap with
their products at https://nmap.org/oem/.
o [NSE] Script smb2-vuln-uptime no longer reports false positives when the
target does not provide its boot time. [nnposter]
o [NSE][GH#2197] Client packets composed by the DHCP library will now
contain option 51 (IP address lease time) only when requested. [nnposter]
o [NSE][GH#2192] XML decoding in library citrixxml no longer crashes when
encountering a character reference with codepoint greater than 255. (These
references are now left unmodified.) [nnposter]
o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for
the audit rule base. [nnposter]
o [NSE][GH#1473] It is now possible to control whether the SNMP library uses
v1 (default) or v2c by setting script argument snmp.version. [nnposter]
Nmap 7.91 [2020-10-09]
o [NSE][GH#2136][GH#2137] Fix several places where Lua's os.time was being used
to represent dates prior to January 1, 1970, which fails on Windows. Notably,
NSE refused to run in UTC+X timezones with the error "time result cannot be
represented in this installation" [Clément Notin, nnposter, Daniel Miller]
o [GH#2148][Zenmap] Fix a crash in the profile editor due to a missing import.
o [GH#2139][Nsock][Windows] Demote the IOCP Nsock engine because of some known
issues that will take longer to resolve. The previous default "poll" engine
will be used instead.
o [GH#2140][Nsock][Windows] Fix a crash in service scan due to a previously-unknown
error being returned from the IOCP Nsock engine. [Daniel Miller]
o [NSE][GH#2128] MySQL library was not properly parsing server responses,
resulting in script crashes. [nnposter]
o [GH#2135] Silence the irrelevant warning, "Your ports include 'T:' but you
haven't specified any TCP scan type" when running nmap -sUV
Nmap 7.90 [2020-10-03]
o [Windows] Upgraded Npcap, our Windows packet capturing (and sending)
library to the milestone 1.00 release! It's the culmination of 7 years of
development with 170 public pre-releases. This includes dozens of
performance improvements, bug fixes, and feature enhancements described
at https://npcap.com/changelog.
o Integrated over 800 service/version detection fingerprints submitted since
August 2017. The signature count went up 1.8% to 11,878, including 17 new
softmatches. We now detect 1237 protocols from airmedia-audio, banner-ivu,
and control-m to insteon-plm, pi-hole-stats, and ums-webviewer. A
significant number of submissions remain to be integrated in the next
release.
o Integrated over 330 of the most-frequently-submitted IPv4 OS fingerprints
since August 2017. Added 26 fingerprints, bringing the new total to 5,678.
Additions include iOS 12 & 13, macOS Catalina & Mojave, Linux 5.4, FreeBSD
13, and more.
o Integrated all 67 of your IPv6 OS fingerprint submissions from August 2017 to
September 2020. Added new groups for FreeBSD 12, Linux 5.4, and Windows 10,
and consolidated several weak groups to improve classification accuracy.
o [NSE] Added 3 NSE scripts, from 2 authors, bringing the total up to 601!
They are all listed at https://nmap.org/nsedoc/, and the summaries are
below:
+ dicom-brute attempts to brute force the called Application Entity Title
of DICOM servers. [Paulino Calderon]
+ dicom-ping discovers DICOM servers and determines if any Application
Entity Title is allowed to connect. [Paulino Calderon]
+ uptime-agent-info collects system information from an Idera Uptime
Infrastructure Monitor agent. [Daniel Miller]
o [GH#1834] Addressed over 250 code quality issues identified by LGTM.com,
improving our code quality score from "C" to "A+"
o Released Npcap OEM Edition. For more than 20 years, the Nmap Project has
been funded by selling licenses for companies to distribute Nmap with
their products, along with commercial support. Hundreds of commercial
products now use Nmap for network discovery tasks like port scanning,
host discovery, OS detection, service/version detection, and of course
the Nmap Scripting Engine (NSE). Until now they have just used standard
Nmap, but this new OEM Edition is customized for use within other Windows
software. Nmap OEM contains the OEM version of our Npcap driver, which
allows for silent installation. It also removes the Zenmap GUI, which
cuts the installer size by more than half. And it reports itself as Nmap
OEM so customers know it's a properly licensed Nmap. See
https://nmap.org/oem for more details. We will be reaching out to all
existing licensees with Nmap OEM access credentials, but any licensees
who wants it quicker should see https://nmap.org/oem.
o Upgraded the Nmap license form a sort of hacked-up version of GPLv2 to a
cleaner and better organized version (still based on GPLv2) now called the
Nmap Public Source License to avoid confusion. See https://nmap.org/npsl/
for more details and annotated license text. This NPSL project was started
in 2006 (community discussion here:
https://seclists.org/nmap-dev/2006/q4/126) and then it lost momentum for 7
years until it was restarted in 2013
(https://seclists.org/nmap-dev/2013/q1/399) and then we got distracted by
development again. We still have some ideas for improving the NPSL, but
it's already much better than the current license, so we're applying NPSL
Version 0.92 to the code now and can make improvements later if
needed. This does not change the license of previous Nmap releases.
o Removed nmap-update. This program was intended to provide a way to update
data files and NSE scripts, but the infrastructure was never fielded. It
depended on Subversion version control and would have required maintaining
separate versions of NSE scripts for compatibility.
o Removed the silent-install command-line option (/S) from the Windows
installer. It causes several problems and there were no objections when we
proposed removing it in 2016 (https://seclists.org/nmap-dev/2016/q4/168).
It will remain in Nmap OEM since its main use was for customers who
redistribute Nmap with other software. If anyone else has a strong need
for an Nmap silent installer, please contact [email protected] and we'll see
what we can do.
o [GH#1860] 23 new UDP payloads and dozens more default ports for existing
payloads developed for Rapid7's InsightVM scan engine. These speed up and
ensure detection of open UDP services. [Paul Miseiko, Rapid7]
o [GH#2051] Restrict Nmap's search path for scripts and data files.
NMAPDATADIR, defined on Unix and Linux as ${prefix}/share/nmap, will not be
searched on Windows, where it was previously defined as C:\Nmap .
Additionally, the --script option will not interpret names as directory names
unless they are followed by a '/'. [Daniel Miller]
o [GH#1764] Fix an assertion failure when unsolicited ARP response is received:
nmap: Target.cc:503: void Target::stopTimeOutClock(const timeval*): Assertion `htn.toclock_running == true' failed.
o [NSE] New outlib library consolidates functions related to NSE output,
both string formatting conventions and structured output. [Daniel Miller]
o [NSE] New dicom library implements the DICOM protocol used for
storing and transfering medical images. [Paulino Calderon]
o [GH#92] Fix a regression in ARP host discovery left over from the move from
massping to ultra_scan in Nmap 4.22SOC8 (2007) that sometimes resulted in
missing ARP responses from targets near the end of a scan. Accuracy and speed
are both improved. [Daniel Miller]
o [GH#2126] Fix the "iocp" Nsock engine for Windows to be able to correctly
handle PCAP read events. This engine is now the default for Windows, which
should greatly improve performance over the previous default, the "poll"
engine. [Daniel Miller]
o [GH#2050] Reduced CPU usage of OS scan by 50% by avoiding string copy
operations and removing undocumented fingerprint syntax unused in nmap-os-db
('&' and '+' in expressions). [Daniel Miller]
o [GH#1859] Allow multiple UDP payloads to be specified for a port in
nmap-payloads. If the first payload does not get a response, the remaining
payloads are tried round-robin. [Paul Miseiko, Rapid7]
o [GH#1616] New option --discovery-ignore-rst tells Nmap to ignore TCP RST
responses when determining if a target is up. Useful when firewalls are
spoofing RST packets. [Tom Sellers, Rapid7]
o [Ncat][GH#2087][GH#1927][GH#1928][GH#1974] It is now possible to override
the value of TLS SNI via --ssl-servername [Hank Leininger, nnposter]
o [GH#2104] Fixed parsing of TCP options which would hang (infinite loop) if an
option had an explicit length of 0. Affects Nmap 7.80 only.
[Daniel Miller, Imed Mnif]
o Added a UDP payload for STUN (Session Traversal Utilities for NAT).
[David Fifield]
o [NSE] Fixed an off-by-one bug in the stun.lua library that prevented
parsing a server response. [David Fifield]
o [NSE][GH#1460] Script ssh2-enum-algos would fail if the server initiated
the key exchange before completing the protocol version exchange
[Scott Ellis, nnposter]
o [NSE][GH#2105] Fetching of SSH2 keys might fail because of key exchange
confusion [nnposter]
o [NSE][GH#2098] Performance of script afp-ls has been dramatically improved
[nnposter]
o [NSE][GH#2091] Parsing of AFP FPGetFileDirParms and
FPEnumerateExt2FPEnumerateExt2 responses was not working correctly [nnposter]
o [NSE][GH#2089] Eliminated false positives in script http-shellshock caused by
simple reflection of HTTP request data [Anders Kaseorg]
o [NSE][GH#1473] SNMP scripts are now enabled on non-standard ports where SNMP
has been detected [usd-markus, nnposter]
o [NSE][GH#2084] MQTT library was using incorrect position when parsing
received responses [tatulea]
o [NSE][GH#2086] IPMI library was using incorrect position when parsing
received responses [Star Salzman]
o [NSE][GH#2086] Scripts ipmi-brute and deluge-rpc-brute were not capturing
successfully brute-forced credentials [Star Salzman]
o Allow resuming IPv6 scans with --resume. The address parsing was assuming IPv4
addresses, leading to "Unable to parse ip" error. In a related fix, MAC addresses
will not be parsed as IP addresses when resuming from XML. [Daniel Miller]
o [GH#1622][GH#2068] Fix reverse-DNS handling of PTR records that are not lowercase.
Nmap was failing to identify reverse-DNS names when the DNS server delivered
them like ".IN-ADDR.ARPA". [Lucas Nussbaum, Richard Schütz, Daniel Miller]
o [NSE][GH#1999][GH#2005] IKE library was not properly populating the protocol
number in aggressive mode requests. [luc-x41]
o [GH#1963] Added service fingerprinting for MySQL 8.x, Microsoft SQL
Server 2019, MariaDB, and Crate.io CrateDB. Updated PostreSQL coverage and
added specific detection of recent versions running in Docker. [Tom Sellers]
o New XML output "hosthint" tag emitted during host discovery when a target is
found to be up. This gives earlier notification than waiting for the
hostgroup to finish all scan phases. [Paul Miseiko]
o [GH#917] New UDP payloads for GPRS Tunneling Protocol (GTP) on ports 2123,
2152, and 3386. [Guillaume Teissier]
o [NSE][GH#1825] SSH scripts now run on several ports likely to be SSH based on
empirical data from Shodan.io, as well as the netconf-ssh service.
[Lim Shi Min Jonathan, Daniel Miller]
o [Zenmap][GH#1777] Stop creating a debugging output file 'tmp.txt' on the
desktop in macOS. [Roland Linder]
o [Nping] Address build failure under libc++ due to "using namespace std;" in
several headers, resulting in conflicting definitions of bind(). Reported by
StormBytePP and Rosen Penev. [Daniel Miller]
o [Ncat][GH#1868] Fix a fatal error when connecting to a Linux VM socket with
verbose output enabled. [Stefano Garzarella]
o [Ncat][GH#2060] Proxy credentials can be alternatively passed onto Ncat by
setting environment variable NCAT_PROXY_AUTH, which reduces the risk of the
credentials getting captured in process logs. [nnposter]
o [NSE][GH#1723] Fixed a crash on Windows when processing a GZIP-encoded HTTP
body. [Daniel Miller]
o Upgrade libpcap to 1.9.1, which addresses several CVE vulnerabilities.
o Upgrade libssh2 to 1.9.0, fixing compilation with OpenSSL 1.1.0 API.
o [GH#1717][GH#1718] Processing of IP address CIDR blocks was not working
correctly on ppc64, ppc64le, and s390x architectures. [rfrohl, nnposter]
o [Windows] Add support for the new loopback behavior in Npcap 0.9983 and
later. This enables Nmap to scan localhost on Windows without needing the
Npcap Loopback Adapter to be installed, which was a source of problems for
some users. [Daniel Miller]
o [NSE] MS SQL library has improved version resolution, from service pack level
to individual cumulative updates [nnposter]
o [NSE][GH#2077] With increased verbosity, script http-default-accounts now
reports matched target fingerprints even if no default credentials were found
[nnposter]
o [NSE][GH#2063] IPP request object conversion to string was not working
correctly [nnposter]
o [NSE][GH#2063] IPP response parser was not correctly processing
end-of-attributes-tag [nnposter]
o [NSE] Script cups-info was failing due to erroneous double-decoding
of the IPP printer status [nnposter]
o [NSE][GH#2010] Oracle TNS parser was incorrectly unmarshalling DALC byte
arrays [nnposter]
o [NSE] The password hashing function for Oracle 10g was not working correctly
for non-alphanumeric characters [nnposter]
o [NSE] Virtual host probing list, vhosts-full.lst, was missing numerous
entries present in vhosts-default.lst [nnposter]
o [NSE][GH#1931][GH#1932] Script http-grep was not correctly calculating Luhn
checksum [Colleen Li, nnposter]
o [NSE][GH#1838] Scripts dhcp-discover and broadcast-dhcp-discover now support
new argument "mac" to force a specific client MAC address [nnposter]
o [NSE] Code improvements in RPC Dump, benefitting NFS-related scripts
[nnposter]
o [NSE] RPC code was using incorrect port range, which was causing some calls,
such as NFS mountd, to fail intermittently [nnposter]
o [NSE][GH#1876] XML output from script ssl-cert now includes RSA key modulus
and exponent [nnposter]
o [NSE][GH#1837] Nmap no longer crashes when SMB scripts, such as smb-ls, call
smb.find_files [nnposter]
o [NSE][GH#1802] The MongoDB library was causing errors when assembling protocol
payloads. [nnposter]
o [NSE][GH#1781][GH#1796] The RTSP library was not correctly generating request
strings. [nnposter]
o [NSE][GH#1706] VNC handshakes were failing with insert position out of bounds
error. [nnposter]
o [NSE][GH#1720] Function marshall_dom_sid2 in library msrpctypes was not
correctly populating ID Authority. [nnposter]
o [NSE][GH#1720] Unmarshalling functions in library msrpctypes were attempting
arithmetic on a nil argument. [Ivan Ivanov, nnposter]
o [NSE][GH#1720] Functions lsa_lookupnames2 and lsa_lookupsids2 in library
msrpc were incorrectly referencing function strjoin when called with debug
level 2 or higher. [Ivan Ivanov]
o [NSE][GH#1755][GH#2096] Added HTTP default account fingerprints for Tomcat
Host Manager and Dell iDRAC9. [Clément Notin]
o [NSE][GH#1476][GH#1707] A MS-SMB spec non-compliance in Samba was causing
protocol negotiation to fail with data string too short error.
[Clément Notin, nnposter]
o [NSE][GH#1480][GH#1713][GH#1714] A bug in SMB library was causing scripts to
fail with bad format argument error. [Ivan Ivanov]
o [NSE][GH#1665] The HTTP library no longer crashes when code requests digest
authentication but the server does not provide the necessary authentication
header. [nnposter]
o [NSE] Fixed a bug in http-wordpress-users.nse that could cause
extraneous output to be captured as part of a username. [Duarte Silva]
Nmap 7.80 [2019-08-10]
o [Windows] The Npcap Windows packet capturing library (https://npcap.com/)
is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap
from version 0.99-r2 to 0.9982, including all of these changes from the
last 15 Npcap releases: https://npcap.com/changelog
o [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598!
They are all listed at https://nmap.org/nsedoc/, and the summaries are
below:
+ [GH#1232] broadcast-hid-discoveryd discovers HID devices on a LAN by
sending a discoveryd network broadcast probe. [Brendan Coles]
+ [GH#1236] broadcast-jenkins-discover discovers Jenkins servers on a LAN
by sending a discovery broadcast probe. [Brendan Coles]
+ [GH#1016][GH#1082] http-hp-ilo-info extracts information from HP
Integrated Lights-Out (iLO) servers. [rajeevrmenon97]
+ [GH#1243] http-sap-netweaver-leak detects SAP Netweaver Portal with the
Knowledge Management Unit enabled with anonymous access. [ArphanetX]
+ https-redirect detects HTTP servers that redirect to the same port, but
with HTTPS. Some nginx servers do this, which made ssl-* scripts not run
properly. [Daniel Miller]
+ [GH#1504] lu-enum enumerates Logical Units (LU) of TN3270E servers.
[Soldier of Fortran]
+ [GH#1633] rdp-ntlm-info extracts Windows domain information from RDP
services. [Tom Sellers]
+ smb-vuln-webexec checks whether the WebExService is installed and allows
code execution. [Ron Bowes]
+ smb-webexec-exploit exploits the WebExService to run arbitrary commands
with SYSTEM privileges. [Ron Bowes]
+ [GH#1457] ubiquiti-discovery extracts information from the Ubiquiti
Discovery service and assists version detection. [Tom Sellers]
+ [GH#1126] vulners queries the Vulners CVE database API using CPE
information from Nmap's service and application version detection.
[GMedian, Daniel Miller]
o [GH#1371] The macOS installer is now built for x86_64 architecture, not i386.
o [GH#1396] Fixed the Windows installer, which would replace the entire PATH
system variable with the path for Nmap if it exceeded 1024 bytes. This was
fixed by using the "large strings" build of NSIS to build the new installer.
[Daniel Miller]
o Replaced the addrset matching code that is used by --exclude and
--excludefile with a much faster implementation using a radix tree (trie).
https://seclists.org/nmap-dev/2018/q4/13
o [GH#1291][GH#34][GH#1339] Use pcap_create instead of pcap_live_open in
Nmap, and set immediate mode on the pcap descriptor. This solves packet
loss problems on Linux and may improve performance on other platforms.
[Daniel Cater, Mike Pontillo, Daniel Miller]
o [NSE][GH#1330] Fixed an infinite loop in tls-alpn when the server forces a
particular protocol. [Daniel Miller]
o [NSE] Collected utility functions for string processing into a new
library, stringaux.lua. [Daniel Miller]
o [NSE] New rand.lua library uses the best sources of random available on
the system to generate random strings. [Daniel Miller]
o [NSE] New library, oops.lua, makes reporting errors easy, with plenty of
debugging detail when needed, and no clutter when not. [Daniel Miller]
o [NSE] Collected utility functions for manipulating and searching tables
into a new library, tableaux.lua. [Daniel Miller]
o [NSE] New knx.lua library holds common functions and definitions for
communicating with KNX/Konnex devices. [Daniel Miller]
o [NSE][GH#1571] The HTTP library now provides transparent support for gzip-
encoded response body. (See https://github.com/nmap/nmap/pull/1571 for an
overview.) [nnposter]
o [Nsock][Ncat][GH#1075] Add AF_VSOCK (Linux VM sockets) functionality to
Nsock and Ncat. VM sockets are used for communication between virtual
machines and the hypervisor. [Stefan Hajnoczi]
o [Security][Windows] Address CVE-2019-1552 in OpenSSL by building with the
prefix "C:\Program Files (x86)\Nmap\OpenSSL". This should prevent
unauthorized users from modifying OpenSSL defaults by writing
configuration to this directory.
o [Security][GH#1147][GH#1108] Reduced LibPCRE resource limits so that
version detection can't use as much of the stack. Previously Nmap could
crash when run on low-memory systems against target services which are
intentionally or accidentally difficult to match. Someone assigned
CVE-2018-15173 for this issue. [Daniel Miller]
o [GH#1361] Deprecate and disable the -PR (ARP ping) host discovery
option. ARP ping is already used whenever possible, and the -PR option
would not force it to be used in any other case. [Daniel Miller]
o [NSE] bin.lua is officially deprecated. Lua 5.3, added 2 years ago in Nmap
7.25BETA2, has native support for binary data packing via string.pack and
string.unpack. All existing scripts and libraries have been updated.
[Daniel Miller]
o [NSE] Completely removed the bit.lua NSE library. All of its functions are
replaced by native Lua bitwise operations, except for `arshift`
(arithmetic shift) which has been moved to the bits.lua library. [Daniel
Miller]
o [NSE][GH#1571] The HTTP library is now enforcing a size limit on the
received response body. The default limit can be adjusted with a script
argument, which applies to all scripts, and can be overridden case-by-case
with an HTTP request option. (See https://github.com/nmap/nmap/pull/1571
for details.) [nnposter]
o [NSE][GH#1648] CR characters are no longer treated as illegal in script
XML output. [nnposter]
o [GH#1659] Allow resuming nmap scan with lengthy command line [Clément
Notin]
o [NSE][GH#1614] Add TLS support to rdp-enum-encryption. Enables determining
protocol version against servers that require TLS and lays ground work for
some NLA/CredSSP information collection. [Tom Sellers]
o [NSE][GH#1611] Address two protocol parsing issues in rdp-enum-encryption
and the RDP nse library which broke scanning of Windows XP. Clarify
protocol types [Tom Sellers]
o [NSE][GH#1608] Script http-fileupload-exploiter failed to locate its
resource file unless executed from a specific working
directory. [nnposter]
o [NSE][GH#1467] Avoid clobbering the "severity" and "ignore_404" values of
fingerprints in http-enum. None of the standard fingerprints uses these
fields. [Kostas Milonas]
o [NSE][GH#1077] Fix a crash caused by a double-free of libssh2 session data
when running SSH NSE scripts against non-SSH services. [Seth Randall]
o [NSE][GH#1565] Updates the execution rule of the mongodb scripts to be
able to run on alternate ports. [Paulino Calderon]
o [Ncat][GH#1560] Allow Ncat to connect to servers on port 0, provided that
the socket implementation allows this. [Daniel Miller]
o Update the included libpcap to 1.9.0. [Daniel Miller]
o [NSE][GH#1544] Fix a logic error that resulted in scripts not honoring the
smbdomain script-arg when the target provided a domain in the NTLM
challenge. [Daniel Miller]
o [Nsock][GH#1543] Avoid a crash (Protocol not supported) caused by trying
to reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel
Miller]
o [NSE][GH#1534] Removed OSVDB references from scripts and replaced them
with BID references where possible. [nnposter]
o [NSE][GH#1504] Updates TN3270.lua and adds argument to disable TN3270E
[Soldier of Fortran]
o [GH#1504] RMI parser could crash when encountering invalid input [Clément
Notin]
o [GH#863] Avoid reporting negative latencies due to matching an ARP or ND
response to a probe sent after it was recieved. [Daniel Miller]
o [Ncat][GH#1441] To avoid confusion and to support non-default proxy ports,
option --proxy now requires a literal IPv6 address to be specified using
square-bracket notation, such as --proxy [2001:db8::123]:456. [nnposter]
o [Ncat][GH#1214][GH#1230][GH#1439] New ncat option provides control over
whether proxy destinations are resolved by the remote proxy server or
locally, by Ncat itself. See option --proxy-dns. [nnposter]
o [NSE][GH#1478] Updated script ftp-syst to prevent potential endless
looping. [nnposter]
o [GH#1454] New service probes and match lines for v1 and v2 of the Ubiquiti
Discovery protocol. Devices often leave the related service open and it
exposes significant amounts of information as well as the risk of being
used as part of a DDoS. New nmap-payload entry for v1 of the
protocol. [Tom Sellers]
o [NSE] Removed hostmap-ip2hosts.nse as the API has been broken for a while
and the service was completely shutdown on Feb 17th, 2019. [Paulino
Calderon]
o [NSE][GH#1318] Adds TN3270E support and additional improvements to
tn3270.lua and updates tn3270-screen.nse to display the new
setting. [mainframed]
o [NSE][GH#1346] Updates product codes and adds a check for response length
in enip-info.nse. The script now uses string.unpack. [NothinRandom]
o [Ncat][GH#1310][GH#1409] Temporary RSA keys are now 2048-bit to resolve a
compatibility issue with OpenSSL library configured with security level 2,
as seen on current Debian or Kali. [Adrian Vollmer, nnposter]