[prev in list] [next in list] [prev in thread] [next in thread]
List: nmap-dev
Subject: Announce: nmap-3.30+V-2.99 ("Version" Scanning) [New File Format]
From: "Jay Freeman \(saurik\)" <saurik () saurik ! com>
Date: 2003-08-31 7:23:16
[Download RAW message or body]
Nmap 3.30+V-2.99
o Broke the Win32 build again. In fact, probably broke many builds. Win32
will be fixed in the next 4-5 days or so depending on when I have time,
but the best solution for other system is going to tend to be "upgrade
your copy of gcc". If you get weird compile errors I _am_ interested in
seeing them and will try to help you with possible workarounds. I really
want to support all relatively recent versions of gcc, so if you have at
least 3.0 _please_ tell me if you have a compile error (even if you are
willing to just upgrade your compiler) as I'd love to see what I can do
about compatibility thereof. For reference I use gcc 3.2 and gcc 3.2.3.
o Largely rewrote everything. The file format is now really, really nice.
(Well, at least in my opinion.) It's an XML file format that contains
little switch commands and nesting and some simplistic flow control...
it has a bunch of little goodies :). The way the <switch/> command works
allows me to scan remote computers slightly faster than before as I can
now short circuit the scan immediately as I get enough data to do so.
(Before I would always wait until the timeout before continuing.) This
doesn't tend to effect the timing of -sVV/-sVVV scans that much (which
against my computer against localhost with -F are around 20 seconds, I'm
still getting used to not having them take _forever_ as my older versions
did, hehe), but the timing for the less intrusive -sV is now about twice
as good (so on my computer against my computer about 4.5 seconds). These
timings are obviously not going to help anyone else reading this tell much
seeing as it's largely based on the particular set of services that I run
on my computer, but hey... I thought I'd include them. Oh, and if anyone
wants documentation on the new file format, please ask. I'm much better at
writing documentation targetted towards someone which I can then just
include in the release than I am writing just a general document that is
hopefully targetting someone "out there", hehe.
FTP Information (for "released" versions):
Source: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.99.tgz
Patch: ftp://ftp.saurik.com/pub/nmap/nmap+V-2.99
OLD Win32 Binary: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.91.win32.zip
MD5 Sums:
9c6a4066d5f82ceb04dfcad42bfb660a nmap-3.30+V-2.99.tgz
05a56a0aafda62c48a5b5c839ea721c8 nmap+V-2.99
6fd5723be17b81eb28a4f1ef536b9361 nmap-3.30+V-2.91.win32.zip
CVS Information (for current versions):
Repository: :pserver:anoncvs@cvs.saurik.com:/cvs/nmap
Module: nmap
Password: anoncvs
Simple Usage Instructions:
Add -sV to your scan to get service/version detection. If you are willing to
let nmap perform a number of connections to the remote machine to try
sending different data in expectation of different responses (helpful if
people are running services on the "wrong" port) then use -sVV instead. If
you would, in addition to that, like to get whatever extraneous information
I happen to pull off that port in addition to the service/version,
use -sVVV. I tend to go back and forth on whether -sVV and -sVVV should be
swapped, so far I've never changed them. If anyone has opinions please voice
up :). Another option is to make it entirely orthogonal and make the "extra
information" a different command line switch.
Example Output (for the curious; and yes, it should line up with a fixed
width font, although it is occasionally wider than 77 characters and wraps):
[root(2)@ironclad nmap]# ./nmap -sS -sV -F localhost
Starting nmap 3.30+V ( http://www.insecure.org/nmap/ ) at 2003-08-31 02:09
CDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1174 ports scanned but not shown below are in state: closed)
Port State Service Protocol Version
17/tcp open qotd
21/tcp open ftp FTP
22/tcp open ssh SSH 1.99-OpenSSH_3.4p1
23/tcp open telnet Telnet
25/tcp open smtp SMTP Sendmail
8.12.6/8.12.6
53/tcp open domain DNS
80/tcp open http HTTP Apache/2.1.0-dev
(Unix)
110/tcp open pop-3 POP3 Cyrus
v2.1.11-Invoca-RPM-2.1.11-3
111/tcp open sunrpc RPC
113/tcp open auth AUTH
139/tcp open netbios-ssn NETBIOS
143/tcp open imap2 IMAP Cyrus
v2.1.11-Invoca-RPM-2.1.11-3
465/tcp open smtps SSL
587/tcp open submission SMTP Sendmail
8.12.6/8.12.6
783/tcp open hp-alarm-mgr SpamAssassin
953/tcp open rndc
993/tcp open imaps SSL
995/tcp open pop3s SSL
2000/tcp open callbook Sieve Cyrus timsieved
v2.1.11-Invoca-RPM-2.1.11-3
2401/tcp open cvspserver CVS
5432/tcp open postgres PostgreSQL PostgreSQL 7.3
8009/tcp open ajp13 Ajp13 Apache Tomcat
8080/tcp open http-proxy HTTP Apache
Tomcat/4.1.18-LE-jdk14 (HTTP/1.1 Connector)
Nmap run completed -- 1 IP address (1 host up) scanned in 4.298 seconds
[root(2)@ironclad nmap]#
Sincerely,
Jay Freeman (saurik)
saurik@saurik.com
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List run by ezmlm-idx (www.ezmlm.org).
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic