'Announce: nmap-3.30+V-2.99 ("Version" Scanning) [New File Format]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nmap-dev
Subject:    Announce: nmap-3.30+V-2.99 ("Version" Scanning) [New File Format]
From:       "Jay Freeman \(saurik\)" <saurik () saurik ! com>
Date:       2003-08-31 7:23:16
[Download RAW message or body]

Nmap 3.30+V-2.99

o Broke the Win32 build again. In fact, probably broke many builds. Win32
  will be fixed in the next 4-5 days or so depending on when I have time,
  but the best solution for other system is going to tend to be "upgrade
  your copy of gcc". If you get weird compile errors I _am_ interested in
  seeing them and will try to help you with possible workarounds. I really
  want to support all relatively recent versions of gcc, so if you have at
  least 3.0 _please_ tell me if you have a compile error (even if you are
  willing to just upgrade your compiler) as I'd love to see what I can do
  about compatibility thereof. For reference I use gcc 3.2 and gcc 3.2.3.

o Largely rewrote everything. The file format is now really, really nice.
  (Well, at least in my opinion.) It's an XML file format that contains
  little switch commands and nesting and some simplistic flow control...
  it has a bunch of little goodies :). The way the <switch/> command works
  allows me to scan remote computers slightly faster than before as I can
  now short circuit the scan immediately as I get enough data to do so.
  (Before I would always wait until the timeout before continuing.) This
  doesn't tend to effect the timing of -sVV/-sVVV scans that much (which
  against my computer against localhost with -F are around 20 seconds, I'm
  still getting used to not having them take _forever_ as my older versions
  did, hehe), but the timing for the less intrusive -sV is now about twice
  as good (so on my computer against my computer about 4.5 seconds). These
  timings are obviously not going to help anyone else reading this tell much
  seeing as it's largely based on the particular set of services that I run
  on my computer, but hey... I thought I'd include them. Oh, and if anyone
  wants documentation on the new file format, please ask. I'm much better at
  writing documentation targetted towards someone which I can then just
  include in the release than I am writing just a general document that is
  hopefully targetting someone "out there", hehe.


FTP Information (for "released" versions):

  Source: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.99.tgz
  Patch: ftp://ftp.saurik.com/pub/nmap/nmap+V-2.99

  OLD Win32 Binary: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.91.win32.zip


MD5 Sums:

9c6a4066d5f82ceb04dfcad42bfb660a  nmap-3.30+V-2.99.tgz
05a56a0aafda62c48a5b5c839ea721c8  nmap+V-2.99
6fd5723be17b81eb28a4f1ef536b9361  nmap-3.30+V-2.91.win32.zip


CVS Information (for current versions):

  Repository: :pserver:anoncvs@cvs.saurik.com:/cvs/nmap
  Module: nmap
  Password: anoncvs


Simple Usage Instructions:

Add -sV to your scan to get service/version detection. If you are willing to
let nmap perform a number of connections to the remote machine to try
sending different data in expectation of different responses (helpful if
people are running services on the "wrong" port) then use -sVV instead. If
you would, in addition to that, like to get whatever extraneous information
I happen to pull off that port in addition to the service/version,
use -sVVV. I tend to go back and forth on whether -sVV and -sVVV should be
swapped, so far I've never changed them. If anyone has opinions please voice
up :). Another option is to make it entirely orthogonal and make the "extra
information" a different command line switch.



Example Output (for the curious; and yes, it should line up with a fixed
width font, although it is occasionally wider than 77 characters and wraps):

[root(2)@ironclad nmap]# ./nmap -sS -sV -F localhost

Starting nmap 3.30+V ( http://www.insecure.org/nmap/ ) at 2003-08-31 02:09
CDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1174 ports scanned but not shown below are in state: closed)
Port       State       Service             Protocol     Version
17/tcp     open        qotd
21/tcp     open        ftp                 FTP
22/tcp     open        ssh                 SSH          1.99-OpenSSH_3.4p1
23/tcp     open        telnet              Telnet
25/tcp     open        smtp                SMTP         Sendmail
8.12.6/8.12.6
53/tcp     open        domain              DNS
80/tcp     open        http                HTTP         Apache/2.1.0-dev
(Unix)
110/tcp    open        pop-3               POP3         Cyrus
v2.1.11-Invoca-RPM-2.1.11-3
111/tcp    open        sunrpc              RPC
113/tcp    open        auth                AUTH
139/tcp    open        netbios-ssn         NETBIOS
143/tcp    open        imap2               IMAP         Cyrus
v2.1.11-Invoca-RPM-2.1.11-3
465/tcp    open        smtps               SSL
587/tcp    open        submission          SMTP         Sendmail
8.12.6/8.12.6
783/tcp    open        hp-alarm-mgr        SpamAssassin
953/tcp    open        rndc
993/tcp    open        imaps               SSL
995/tcp    open        pop3s               SSL
2000/tcp   open        callbook            Sieve        Cyrus timsieved
v2.1.11-Invoca-RPM-2.1.11-3
2401/tcp   open        cvspserver          CVS
5432/tcp   open        postgres            PostgreSQL   PostgreSQL 7.3
8009/tcp   open        ajp13               Ajp13        Apache Tomcat
8080/tcp   open        http-proxy          HTTP         Apache
Tomcat/4.1.18-LE-jdk14 (HTTP/1.1 Connector)

Nmap run completed -- 1 IP address (1 host up) scanned in 4.298 seconds
[root(2)@ironclad nmap]#


Sincerely,
Jay Freeman (saurik)
saurik@saurik.com



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help@insecure.org . List run by ezmlm-idx (www.ezmlm.org).


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic