Posted by Avik Sarkar
On 5/22/2012 10:34:00 pm
Nmap 6 Released With Full IPv6 Support, Better Web Scanning & 289 New Scripts
Earlier we have discussed several times about
Nmap. Now the Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner
version 6.00. According to the project release - this product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big
Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more.
Top 6 improvements in Nmap 6:-
- 1. NSE Enhanced
- The Nmap Scripting Engine (NSE) has exploded in popularity and capabilities. This modular system allows users to automate a wide variety of networking tasks, from querying network applications for configuration information to vulnerability detection and advanced host discovery. The script count has grown from 59 in Nmap 5 to 348 in Nmap 6, and all of them are documented and categorized in our NSE Documentation Portal. The underlying NSE infrastructure has improved dramatically as well.
- 2. Better Web Scanning
- As the Internet has grown more web-centric, Nmap has developed web scanning capabilities to keep pace. When Nmap was first released in 1997, most of the network services offered by a server listened on individual TCP or UDP ports and could be found with a simple port scan. Now, applications are just as commonly accessed via URL path instead, all sharing a web server listening on a single port. Nmap now includes many techniques for enumerating those applications, as well as performing a wide variety of other HTTP tasks, from web site spidering to brute force authentication cracking. Technologies such as SSL encryption, HTTP pipelining, and caching mechanisms are well supported.
- 3. Full IPv6 Support
- Given the exhaustion of available IPv4 addresses, the Internet community is trying to move to IPv6. Nmap has been a leader in the transition, offering basic IPv6 support since 2002. But basic support isn't enough, so we spent many months ensuring that Nmap version 6 contains full support for IP version 6. And we released it just in time for the World IPv6 Launch. We've created a new IPv6 OS detection system, advanced host discovery, raw-packet IPv6 port scanning, and many NSE scripts for IPv6-related protocols. It's easy to use too—just specify the -6 argument along with IPv6 target IP addresses or DNS records. In addition, all of our web sites are now accessible via IPv6. For example, Nmap.org can be found at 2600:3c01::f03c:91ff:fe96:967c.
- 4. New Nping Tool
- The newest member of the Nmap suite of networking and security tools is Nping, an open source tool for network packet generation, response analysis and response time measurement. Nping can generate network packets for a wide range of protocols, allowing full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator for network stack stress testing, ARP poisoning, Denial of Service attacks, route tracing, etc. Nping's novel echo mode lets users see how packets change in transit between the source and destination hosts. That's a great way to understand firewall rules, detect packet corruption, and more.
- 5. Better Zenmap GUI & results viewer
- While Nmap started out as a command-line tool and many (possibly most) users still use it that way, we've also developed an enhanced GUI and results viewer named Zenmap. One addition since Nmap 5 is a “filter hosts” feature which allows you to see only the hosts which match your criteria (e.g. Linux boxes, hosts running Apache, etc.) We've also localized the GUI to support five languages besides English. A new script selection interface helps you find and execute Nmap NSE scripts. It even tells you what arguments each script supports.
- 6. Faster scans
- In Nmap's 15-year history, performance has always been a top priority. Whether scanning one target or a million, users want scans to run as fast as possible without sacrificing accuracy. Since Nmap 5 we've rewritten the traceroute system for higher performance and increased the allowed parallelism of the Nmap Scripting Engine and version detection subsystems. We also performed an intense memory audit which reduced peak consumption during our benchmark scan by 90%. We made many improvements to Zenmap data structures and algorithms as well so that it can now handle large enterprise scans with ease.
For detailed information click here. And to download
Nmap 6 for Windows, Linux and many UNIX platforms (Solaris, Free/Net/OpenBSD, etc.) included Zenmap, the GUI frontend Click
Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 12/05/2012 07:33:00 pm
Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance
Gordon Lyon also known as
Fyodor, the author of world's most popular security scanner
'Nmap' announced another update. Almost after five months we got this new version that is
Nmap 6.25. This release of Nmap contains hundreds of improvements,
including 85 new NSE scripts,
nearly 1,000 new OS and service detection fingerprints, performance enhancements such as the new kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8 improvements, and much more! It also includes the work of five Google Summer of Code interns who worked full time with Nmap mentors during the summer.
Here are the most important change since 6.01:
- Integrated all of your IPv4 OS fingerprint submissions since January (more than 3,000 of them). Added 373 fingerprints, bringing the new total to 3,946. Additions include Linux 3.6, Windows 8, Windows Server 2012, Mac OS X 10.8, and a ton of new WAPs, printers, routers, and other devices--including our first IP-enabled doorbell! Many existing fingerprints were improved.
- Integrated all of your service/version detection fingerprints submitted since January (more than 1,500)! Our signature count jumped by more than 400 to 8,645. We now detect 897 protocols, from extremely popular ones like http, ssh, smtp and imap to the more obscure airdroid, gopher-proxy, and enemyterritory.
- Integrated your latest IPv6 OS submissions and corrections. We're still low on IPv6 fingerprints, so please scan any IPv6 systems you own or administer and submit them to http://nmap.org/submit/. Both new fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap guesses wrong) are useful.
- Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto(Next Header) probes.
- Scripts can now return a structured name-value table so that results are query-able from XML output. Scripts can return a string as before, or a table, or a table and a string. In this last case, the table will go to XML output and the string will go to screen output. See http://nmap.org/book/nse-api.html#nse-structured-output
- [Nsock] Added new poll and kqueue I/O engines for improved performance on Windows and BSD-based systems including Mac OS X. These are in addition to the epoll engine (used on Linux) and the classic select engine fallback for other system.
- [Ncat] Added support for Unix domain sockets. The new -U and --unixsock options activate this mode. These provide compatibility with Hobbit's original Netcat.
- Moved some Windows dependencies, including OpenSSL, libsvn, and the vcredist files, into a new public Subversion directory /nmap-mswin32-aux and moved it out of the source tarball. This reduces the compressed tarball size from 22 MB to 8 MB and similarly reduces the bandwidth and storage required for an svn checkout.
- [NSE] Replaced old RPC grinder (RPC enumeration, performed as part of version detection when a port seems to run a SunRPC service) with a faster and easier to maintain NSE-based implementation. This also allowed us to remove the crufty old pos_scan scan engine.
For additional information and to know the full change log of this release click
Here. To download
Namp 6.25 (Source Code & Binary Packages) for
Windows, Linux, Mac, Unix & few other OS click
Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 7/01/2011 07:55:00 pm
Nmap 5.59 BETA1 released. This version includes 40 new NSE scripts (plus improvements to many others), even more IPv6 goodness than the informal World IPv6 Day release, 7 new NSE protocol libraries and hundreds of bug fixes! This release also expands and improves IPv6 support!
o [NSE] Added 40 scripts, bringing the total to 217! You can learn
more about any of them at http://nmap.org/nsedoc/. Here are the new
ones (authors listed in brackets):
+ afp-ls: Lists files and their attributes from Apple Filing
Protocol (AFP) volumes. [Patrik Karlsson]
+ backorifice-brute: Performs brute force password auditing against
the BackOrifice remote administration (trojan) service. [Gorjan
Petrovski]
+ backorifice-info: Connects to a BackOrifice service and gathers
information about the host and the BackOrifice service
itself. [Gorjan Petrovski]
+ broadcast-avahi-dos: Attempts to discover hosts in the local
network using the DNS Service Discovery protocol, then tests
whether each host is vulnerable to the Avahi NULL UDP packet
denial of service bug (CVE-2011-1002). [Djalal Harouni]
+ broadcast-netbios-master-browser: Attempts to discover master
browsers and the Windows domains they manage. [Patrik Karlsson]
+ broadcast-novell-locate: Attempts to use the Service Location
Protocol to discover Novell NetWare Core Protocol (NCP)
servers. [Patrik Karlsson]
+ creds-summary: Lists all discovered credentials (e.g. from brute
force and default password checking scripts) at end of scan.
[Patrik Karlsson]
+ dns-brute: Attempts to enumerate DNS hostnames by brute force
guessing of common subdomains. [Cirrus]
+ dns-nsec-enum: Attempts to discover target hosts' services using
the DNS Service Discovery protocol. [Patrik Karlsson]
+ dpap-brute: Performs brute force password auditing against an
iPhoto Library. [Patrik Karlsson]
+ epmd-info: Connects to Erlang Port Mapper Daemon (epmd) and
retrieves a list of nodes with their respective port
numbers. [Toni Ruottu]
+ http-affiliate-id: Grabs affiliate network IDs (e.g. Google
AdSense or Analytics, Amazon Associates, etc.) from a web
page. These can be used to identify pages with the same
owner. [Hani Benhabiles, Daniel Miller]
+ http-barracuda-dir-traversal: Attempts to retrieve the
configuration settings from a Barracuda Networks Spam & Virus
Firewall device using the directory traversal vulnerability
described at
http://seclists.org/fulldisclosure/2010/Oct/119. [Brendan Coles]
+ http-cakephp-version: Obtains the CakePHP version of a web
application built with the CakePHP framework by fingerprinting
default files shipped with the CakePHP framework. [Paulino
Calderon]
+ http-majordomo2-dir-traversal: Exploits a directory traversal
vulnerability existing in the Majordomo2 mailing list manager to
retrieve remote files. (CVE-2011-0049). [Paulino Calderon]
+ http-wp-plugins: Tries to obtain a list of installed WordPress
plugins by brute force testing for known plugins. [Ange Gutek]
+ ip-geolocation-geobytes: Tries to identify the physical location
of an IP address using the Geobytes geolocation web service
(http://www.geobytes.com/iplocator.htm). [Gorjan Petrovski]
+ ip-geolocation-geoplugin: Tries to identify the physical location
of an IP address using the Geoplugin geolocation web service
(http://www.geoplugin.com/). [Gorjan Petrovski]
+ ip-geolocation-ipinfodb: Tries to identify the physical location
of an IP address using the IPInfoDB geolocation web service
(http://ipinfodb.com/ip_location_api.php). [Gorjan Petrovski]
+ ip-geolocation-maxmind: Tries to identify the physical location of
an IP address using a Geolocation Maxmind database file (available
from http://www.maxmind.com/app/ip-location). [Gorjan Petrovski]
+ ldap-novell-getpass: Attempts to retrieve the Novell Universal
Password for a user. You must already have (and include in script
arguments) the username and password for an eDirectory server
administrative account. [Patrik Karlsson]
+ mac-geolocation: Looks up geolocation information for BSSID (MAC)
addresses of WiFi access points in the Google geolocation
database. [Gorjan Petrovski]
+ mysql-audit: Audit MySQL database server security configuration
against parts of the CIS MySQL v1.0.2 benchmark (the engine can
also be used for other MySQL audits by creating appropriate audit
files). [Patrik Karlsson]
+ ncp-enum-users: Retrieves a list of all eDirectory users from the
Novell NetWare Core Protocol (NCP) service. [Patrik Karlsson]
+ ncp-serverinfo: Retrieves eDirectory server information (OS
version, server name, mounts, etc.) from the Novell NetWare Core
Protocol (NCP) service. [Patrik Karlsson]
+ nping-brute: Performs brute force password auditing against an
Nping Echo service. [Toni Ruottu]
+ omp2-brute: Performs brute force password auditing against the
OpenVAS manager using OMPv2. [Henri Doreau]
+ omp2-enum-targets: Attempts to retrieve the list of target systems
and networks from an OpenVAS Manager server. [Henri Doreau]
+ ovs-agent-version: Detects the version of an Oracle OVSAgentServer
by fingerprinting responses to an HTTP GET request and an XML-RPC
method call. [David Fifield]
+ quake3-master-getservers: Queries Quake3-style master servers for
game servers (many games other than Quake 3 use this same
protocol). [Toni Ruottu]
+ servicetags: Attempts to extract system information (OS, hardware,
etc.) from the Sun Service Tags service agent (UDP port
6481). [Matthew Flanagan]
+ sip-brute: Performs brute force password auditing against Session
Initiation Protocol (SIP -
http://en.wikipedia.org/wiki/Session_Initiation_Protocol)
accounts. This protocol is most commonly associated with VoIP
sessions. [Patrik Karlsson]
+ sip-enum-users: Attempts to enumerate valid SIP user accounts.
Currently only the SIP server Asterisk is supported. [Patrik
Karlsson]
+ smb-mbenum: Queries information managed by the Windows Master
Browser. [Patrik Karlsson]
+ smtp-vuln-cve2010-4344: Checks for and/or exploits a heap overflow
within versions of Exim prior to version 4.69 (CVE-2010-4344) and
a privilege escalation vulnerability in Exim 4.72 and prior
(CVE-2010-4345). [Djalal Harouni]
+ smtp-vuln-cve2011-1720: Checks for a memory corruption in the
Postfix SMTP server when it uses Cyrus SASL library authentication
mechanisms (CVE-2011-1720). This vulnerability can allow denial
of service and possibly remote code execution. [Djalal Harouni]
+ snmp-ios-config: Attempts to downloads Cisco router IOS
configuration files using SNMP RW (v1) and display or save
them. [Vikas Singhal, Patrik Karlsson]
+ ssl-known-key: Checks whether the SSL certificate used by a host
has a fingerprint that matches an included database of problematic
keys. [Mak Kolybabi]
+ targets-sniffer: Sniffs the local network for a configurable
amount of time (10 seconds by default) and prints discovered
addresses. If the newtargets script argument is set, discovered
addresses are added to the scan queue. [Nick Nikolaou]
+ xmpp: Connects to an XMPP server (port 5222) and collects server
information such as supported auth mechanisms, compression methods
and whether TLS is supported and mandatory. [Vasiliy Kulikov]
o Nmap has long supported IPv6 for basic (connect) port scans, basic
host discovery, version detection, Nmap Scripting Engine. This
release dramatically expands and improves IPv6 support:
+ IPv6 raw packet scans (including SYN scan, UDP scan, ACK scan,
etc.) are now supported. [David, Weilin]
+ IPv6 raw packet host discovery (IPv6 echo requests, TCP/UDP
discovery packets, etc.) is now supported. [David, Weilin]
+ IPv6 traceroute is now supported [David]
+ IPv6 protocol scan (-sO) is now supported, including creating
realistic headers for many protocols. [David]
+ IPv6 support to the wsdd, dnssd and upnp NSE libraries. [Daniel
Miller, Patrik]
+ The --exclude and --excludefile now support IPV6 addresses with
netmasks. [Colin]
o Scanme.Nmap.Org (the system anyone is allowed to scan for testing
purposes) is now dual-stacked (has an IPv6 address as well as IPv4)
so you can scan it during IPv6 testing. We also added a DNS record
for ScanmeV6.nmap.org which is IPv6-only. See
http://seclists.org/nmap-dev/2011/q2/428. [Fyodor]
o The Nmap.Org website as well as sister sites Insecure.Org,
SecLists.Org, and SecTools.Org all have working IPv6 addresses now
(dual stacked). [Fyodor]
o Nmap now determines the filesystem location it is being run from and
that path is now included early in the search path for data files
(such as nmap-services). This reduces the likelihood of needing to
specify --datadir or getting data files from a different version of
Nmap installed on the system. For full details, see
http://nmap.org/book/data-files-replacing-data-files.html. Thanks
to Solar Designer for implementation advice. [David]
o Created a page on our SecWiki for collecting Nmap script ideas! If
you have a good idea, post it to the incoming section of the page.
Or if you're in a script writing mood but don't know what to write,
come here for inspiration: https://secwiki.org/w/Nmap_Script_Ideas.
o The development pace has greatly increased because Google (again)
sponsored a 7 full-time college and graduate student programmer
interns this summer as part of their Summer of Code program!
Thanks, Google Open Source Department! We're delighted to introduce
the team: http://seclists.org/nmap-dev/2011/q2/312
o [NSE] Added 7 new protocol libraries, bringing the total to 66. You
can read about them all at http://nmap.org/nsedoc/. Here are the new
ones (authors listed in brackets):
+ creds: Handles storage and retrieval of discovered credentials
(such as passwords discovered by brute force scripts). [Patrik
Karlsson]
+ ncp: A tiny implementation of Novell Netware Core Protocol
(NCP). [Patrik Karlsson]
+ omp2: OpenVAS Management Protocol (OMP) version 2 support. [Henri
Doreau]
+ sip: Supports a limited subset of SIP commands and
methods. [Patrik Karlsson]
+ smtp: Simple Mail Transfer Protocol (SMTP) operations. [Djalal
Harouni]
+ srvloc: A relatively small implementation of the Service Location
Protocol. [Patrik Karlsson]
+ tftp: Implements a minimal TFTP server. It is used in
snmp-ios-config to obtain router config files.[Patrik Karlsson]
o Improved Nmap's service/version detection database by adding:
+ Apple iPhoto (DPAP) protocol probe [Patrik]
+ Zend Java Bridge probe [Michael Schierl]
+ BackOrifice probe [Gorjan Petrovski]
+ GKrellM probe [Toni Ruotto]
+ Signature improvements for a wide variety of services (we now have
7,375 signatures)
o [NSE] ssh-hostkey now additionally has a postrule that prints hosts
found during the scan which share the same hostkey. [Henri Doreau]
o [NSE] Added 300+ new signatures to http-enum which look for admin
directories, JBoss, Tomcat, TikiWiki, Majordomo2, MS SQL, WordPress,
and more. [Paulino]
o Made the final IP address space assignment update as all available
IPv4 address blocks have now been allocated to the regional
registries. Our random IP generation (-iR) logic now only excludes
the various reserved blocks. Thanks to Kris for years of regular
updates to this function!
o [NSE] Replaced http-trace with a new more effective version. [Paulino]
o Performed some output cleanup work to remove unimportant status
lines so that it is easier to find the good stuff! [David]
o [Zenmap] now properly kills Nmap scan subprocess when you cancel a
scan or quit Zenmap on Windows. [Shinnok]
o [NSE] Banned scripts from being in both the "default" and
"intrusive" categories. We did this by removing dhcp-discover and
dns-zone-transfer from the set of scripts run by default (leaving
them "intrusive"), and reclassifying dns-recursion, ftp-bounce,
http-open-proxy, and socks-open-proxy as "safe" rather than
"intrusive" (keeping them in the "default" set).
o [NSE] Added a credential storage library (creds.lua) and modified
the brute library and scripts to make use of it. [Patrik]
o [Ncat] Created a portable version of ncat.exe that you can just drop
onto Microsoft Windows systems without having to run any installer
or copy over extra library files. See the Ncat page
(http://nmap.org/ncat/) for binary downloads and a link to build
instructions. [Shinnok]
o Fix a segmentation fault which could occur when running Nmap on
various Android-based phones. The problem related to NULL being
passed to freeaddrinfo(). [David, Vlatko Kosturjak]
o [NSE] The host.bin_ip and host.bin_ip_src entries now also work with
16-byte IPv6 addresses. [David]
o [Ncat] Updated the ca-bundle.crt list of trusted certificate
authority certificates. [David]
o [NSE] Fixed a bug in the SMB Authentication library which could
prevent concurrently running scripts with valid credentials from
logging in. [Chris Woodbury]
o [NSE] Re-worked http-form-brute.nse to better autodetect form
fields, allow brute force attempts where only the password (no
username) is needed, follow HTTP redirects, and better detect
incorrect login attempts. [Patrik, Daniel Miller]
o [Zenmap] Changed the "slow comprehensive scan" profile's NSE script
selection from "all" to "default or (discovery and safe)"
categories. Except for testing and debugging, "--script all" is
rarely desirable.
o [NSE] Added the stdnse.silent_require method which is used for
library requires that you know might fail (e.g. "openssl" fails if
Nmap was compiled without that library). If these libraries are
called with silent_require and fail to load, the script will cease
running but the user won't be presented with ugly failure messages
as would happen with a normal require. [Patrick Donnelly]
o [Ncat] ncat now listens on both localhost and ::1 when you run ncat
-l. It works as before if you specify -4 or -6 or a specific
address. [Colin Rice]
o [Zenmap] Fixed a bug in topology mapper which caused endpoints
behind firewalls to sometimes show up in the wrong place (see
http://seclists.org/nmap-dev/2011/q2/733). [Colin Rice]
o [Zenmap] If you scan a system twice, any open ports from the first
scan which are closed in the 2nd will be properly marked as
closed. [Colin Rice].
o [Zenmap] Fixed an error that could cause a crash ("TypeError: an
integer is required") if a sort column in the ports table was unset.
[David]
o [Ndiff] Added nmaprun element information (Nmap version, scan date,
etc.) to the diff. Also, the Nmap banner with version number and
data is now only printed if there were other differences in the
scan. [Daniel Miller, David, Dr. Jesus]
o [NSE] Added nmap.get_interface and nmap.get_interface_info functions
so scripts can access characteristics of the scanning interface.
Removed nmap.get_interface_link. [Djalal]
o Fixed an overflow in scan elapsed time display that caused negative
times to be printed after about 25 days. [Daniel Miller]
o Updated nmap-rpc from the master list, now maintained by IANA.
[Daniel Miller, David]
o [Zenmap] Fixed a bug in the option parser: -sN (null scan) was
interpreted as -sn (no port scan). This was reported by
Shitaneddine. [David]
o [Ndiff] Fixed the Mac OS X packages to use the correct path for
Python: /usr/bin/python instead of /opt/local/bin/python. The bug
was reported by Wellington Castello. [David]
o Removed the -sR (RPC scan) option--it is now an alias for -sV
(version scan), which always does RPC scan when an rpcinfo service
is detected.
o [NSE] Improved the ms-sql scripts and library in several ways:
- Improved version detection and server discovery
- Added support for named pipes, integrated authentication, and
connecting to instances by name or port
- Improved script and library stability and documentation.
[Patrik Karlsson, Chris Woodbury]
o [NSE] Fixed http.validate_options when handling a cookie table.
[Sebastian Prengel]
o Added a Service Tags UDP probe for port 6481/udp. [David]
o [NSE] Enabled firewalk.nse to automatically find the gateways at
which probes are dropped and fixed various bugs. [Henri Doreau]
o [Zenmap] Worked around a pycairo bug that prevented saving the
topology graphic as PNG on Windows: "Error Saving Snapshot:
Surface.write_to_png takes one argument which must be a filename
(str), file object, or a file-like object which has a 'write' method
(like StringIO)". The problem was reported by Alex Kah. [David]
o The -V and --version options now show the platform Nmap was compiled
on, which features are compiled in, the version numbers of libraries
it is linked against, and whether the libraries are the ones that
come with Nmap or the operating system. [Ambarisha B., David]
o Fixed some inconsistencies in nmap-os-db reported by Xavier Sudre
from netVigilance.
o The Nmap Win32 uninstaller now properly deletes nping.exe. [Fyodor]
o [NSE] Added a shortport.ssl function which can be used as a script
portrule to match SSL services. It is similar in concept to our
existing shortport.http. [David]
o Set up the RPM build to use the compat-glibc and compat-gcc-34-c++
packages (on CentOS 5.3) to resolve a report of Nmap failing to run
on old versions of Glibc. [David]
o We no longer support Nmap on versions of Windows earlier than XP
SP2. Even Microsoft no longer supports Windows versions that old.
But if you must use Nmap on such systems anyway, please see
https://secwiki.org/w/Nmap_On_Old_Windows_Releases.
o There were hundreds of other little bug fixes and improvements
(especially to NSE scripts). See the SVN logs for revisions 22,274
through 24,460 for details.
To Download Nmap 5.59 BETA 1 Click HERE
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/09/2011 02:45:00 am
Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).
Though Nmap has been supporting IPv6 since 2002, there were a few limitations with raw packet scans (SYN scan, UDP scan, ICMP ping packets,etc.) not being supported. This limitation has finally been emilinated!
However, the following features related to IPv6 scanning are still not completely supported:-
OS detection.
Protocol scan.
IPv6 CIDR address notation.
Neighbor Discovery-based host discovery (analog to ARP scan).
Multicast host discovery.
Windows Teredo tunnels (a system for tunneling IPv6 to systems which don’t support it natively) are not supported by the raw system, but you can still use -6 with –unprivileged to scan through those interfaces.
When scanning link local IPv6 addresses (they start with fe80), you might need to put the interface name at the end like you sometimes do with ping6 and other system IPv6 tools (e.g. fe80::9afc:22ee:bc91:3e1d%eth0)
Whats more is that the same support has been added to the Nmap scanme engine too.
Download Nmap from the following Links:-
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/22/2011 02:35:00 pm
Nmap ver. 5.61TEST1 released.
What is Nmap:-
Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).
To download Nmap Click
Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 3/10/2012 10:13:00 pm
Nmap 5.61TEST5 Released With 43 New Scripts, Improved OS & Version Detection & More
Earlier we have discussed several times about
Nmap. After 2 months of hard work with
Nmap 5.61TEST4 finally the developer has announced the availability of
Nmap 5.61TEST5. This release has
43 new scripts, including new
brute forcers for http proxies, SOCKS proxies, Asterisk IAX2, Membase, MongoDB, Nessus XMLRPC, Redis, the WinPcap remote capture daemon, the VMWare auth daemon, and old-school rsync. Better check that your passwords are strong! Some other fun scripts are
nat-pmp-mapport, asn-to-prefix, url-snarf, and http-auth-finder. See the
changelog entries below for a full list with descriptions.
This release also incorporated thousands of your
OS detection and service detection submissions, dramatically improving the databases.
The IPv6 OS detection system became smarter as well. And aslo as incorporated a new
"nsock engines" system which improves performance by using advanced I/O APIs (such as epoll on Linux) rather than always using select.
To Download Nmap Click Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/14/2011 03:19:00 am
Security Onion:-
The Security Onion LiveCD is a bootable CD that contains software used for installing, configuring, and testing Intrusion Detection Systems.
What software does it contain?
The Security Onion LiveCD is based on Xubuntu 9.04 and contains Snort 2.8.4.1, Snort 3.0.0b3 (Beta), sguil, idswakeup, nmap, metasploit, scapy, hping, fragroute, fragrouter, netcat, paketto, tcpreplay, and many other security tools.
What can it be used for?
- The Security Onion LiveCD can be used for Intrusion Detection. Simply boot the CD and double-click either the Snort-Sguil or SnortSP-Sguil desktop shortcuts. The Snort and Sguil daemons will then start, listening on eth0 for any suspicious traffic and creating alerts in the Sguil console.
- The Security Onion LiveCD can be used to test an Intrusion Detection System. Simply boot the CD and use the included tools (such as nmap, metasploit, idswakeup, scapy, hping, and others) to test your existing IDS or to test the included Snort 2.8.4.1 and Snort 3.0 Beta 3.
- The Security Onion LiveCD can be used to install an Intrusion Detection System. Simply boot the CD and double-click the Install desktop shortcut. For more information about installation, please see the README desktop shortcut.
Click here to Download Security Onion Live iso.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 4/28/2011 04:02:00 pm
infondlinux is a script that installs most of tools, that we use during penetration tests and capture the flag tournaments. It is a post configuration script for Ubuntu Linux. We can also install it on other *nix system but not all of the below mentioned tools may work depending on environment. It has been actively tested on Ubuntu 10.10.
It installs useful security tools and Firefox addons. Tools installed by script are listed at the beginning of source code, which we can edit as per our requirement.
List of security tools included:
Debian packages:
- imagemagick
- vim
- less
- gimp
- build-essential
- wipe
- xchat
- pidgin
- vlc
- nautilus-open-terminal
- nmap
- zenmap
- sun-java6-plugin et jre et jdk
- bluefish
- flash-plugin-nonfree
- aircrack-ng
- wireshark
- ruby
- ascii
- webhttrack
- socat
- nasm
- w3af
- subversion
- mercurial
- libopenssl-ruby
- ruby-gnome2
- traceroute
- filezilla
- gnupg
- rubygems
- php5
- libapache2-mod-php5
- mysql-server
- php5-mysql
- phpmyadmin
- extract
- p0f
- spikeproxy
- ettercap
- dsniff :
- arpspoof Send out unrequested (and possibly forged) arp replies.
- dnsspoof forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
- dsniff password sniffer for several protocols.
- filesnarf saves selected files sniffed from NFS traffic.
- macof flood the local network with random MAC addresses.
- mailsnarf sniffs mail on the LAN and stores it in mbox format.
- msgsnarf record selected messages from different Instant Messengers.
- sshmitm SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
- sshow SSH traffic analyser.
- tcpkill kills specified in-progress TCP connections.
- tcpnice slow down specified TCP connections via “active” traffic shaping.
- urlsnarf output selected URLs sniffed from HTTP traffic in CLF.
- webmitm HTTP / HTTPS monkey-in-the-middle. transparently proxies.
- webspy sends URLs sniffed from a client to your local browser
- unrar
- torsocks
- secure-delete
- nautilus-gksu
- sqlmap
Third party packages:
- tor
- tor-geoipdb
- virtualbox 4.0
- google-chrome-stable
Manually downloaded software’s and versions:
- DirBuster (1.0RC1)
- truecrypt (7.0a)
- metasploit framework (3.6)
- webscarab (latest)
- burp suite (1.3.03)
- parosproxy (3.2.13)
- jmeter (2.4)
- rips (0.35)
- origami-pdf (latest)
- pdfid.py (0.0.11)
- pdf-parser.pym (0.3.7)
- fierce (latest)
- wifite (latest)
- pyloris (3.2)
- skipfish (1.86 beta)
- hydra (6.2)
- Maltego (3.0)
- SET
Author made scripts:
- hextoasm
- md5crack.py (written by Corbiero)
- chartoascii.py
- asciitochar.py
- rsa.py
Firefox extensions:
- livehttpheaders
- firebug
- tamperdata
- noscript
- flashblock
- flashgot
- foxyproxy
- certificatepatrol
- chickenfoot 1.0.7
Pretty good list of applications we must say.
How to install?
or
Download infondlinux v0.5 (infondlinux.sh) here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 8/04/2011 06:55:00 pm
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.
New Exploit Modules:
VSFTPD v2.3.4 Backdoor Command Execution
Java RMI Server Insecure Default Configuration Java Code Execution
HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow
Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability
Black Ice Cover Page ActiveX Control Arbitrary File Download
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview
RealWin SCADA Server DATAC Login Buffer Overflow
Siemens FactoryLink vrn.exe Opcode 9 Buffer Overflow
Iconics GENESIS32 Integer overflow version 9.21.201.01
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
Sielco Sistemi Winlog Buffer Overflow
Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
HP OmniInet.exe Opcode 20 Buffer Overflow
HP OmniInet.exe Opcode 27 Buffer Overflow
Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow
Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview
New Post-Exploitation Modules:
Winlogon Lockout Credential Keylogger
Windows Gather Microsoft Outlook Saved Password Extraction
Windows Gather Process Memory Grep
Windows Gather Trillian Password Extractor
Windows PCI Hardware Enumeration
Windows Gather FlashFXP Saved Password Extraction
Windows Gather Local and Domain Controller Account Password Hashes
Windows Gather Nimbuzz Instant Messenger Password Extractor
Windows Gather CoreFTP Saved Password Extraction
Internet Download Manager (IDM) Password Extractor
Windows Gather SmartFTP Saved Password Extraction
Windows Gather Bitcoin wallet.dat
Windows Gather Service Info Enumeration
Windows Gather IPSwitch iMail User Data Enumeration
New Auxiliary Modules:
John the Ripper Password Cracker Fast Mode
Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
Kaillera 0.86 Server Denial of Service
2Wire Cross-Site Request Forgery Password Reset Vulnerability
SIPDroid Extension Grabber
MSSQL Password Hashdump
Notable Features & Closed Bugs:-
Feature #4982 – Support for custom executable with psexec
Feature #4856 – RegLoadKey and RegUnLoadKey functions for the Meterpreter stdapi
Feature #4578 – Update Nmap XML parsers to support Nokogiri parsing
Feature #4417 – Post exploitation module to harvest OpenSSH credentials
Feature #4015 – Increase test coverage for railgun
Bug #4963 – Rework db_* commands for consistency
Bug #4892 – non-windows meterpreters upload into the wrong filename
Bug #4296 – Meterpreter stdapi registry functions create key if one doesn’t exist
Bug #3565 – framework installer fails on RHEL (postgres taking too long to start)
Armitage integrates with Metasploit 4.0 to:-
Take advantage of the new Meterpreter payload stagers
Crack credentials with the click of a button
Run post modules against multiple hosts
Automatically log all post-exploitation activity
Revision Information:
Framework Revision 13462
Several import parsers were rewritten to use Nokogiri for much faster processing of large import files. Adding to Metasploit’s extensive payload support, Windows and Java Meterpreter now both support staging over HTTP and Windows can use HTTPS. In a similar vein, POSIX Meterpreter is seeing some new development again. It still isn’t perfect nor is it nearly as complete as the Windows version, but many features already work. Java applet signing is now done directly in Ruby, removing the need for a JDK for generating self-signed certificates. The Linux installers now ship with ruby headers, making it possible to install native gems in the Metasploit ruby environment.
Another flexibility improvement comes in the form of a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets.
To download Metasploit Framework v4.0.0 Click
Here For more information abous MSF click
here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 11/16/2011 08:00:00 pm
NmapSi4 is a complete Qt-based Gui with the design goals to provide a complete nmap interface for users, in order to management all options of this powerful security net scanner. This is the beta1 version of NMapSi4 0.3. With this release all component are freeze for stable 0.3 release.
What is New in NmapSi4 v0.3-Beta:-
Scan:-
- Disable Lookup, traceroute with action.
- Support for global profile
- Split parameters bookmark for user and admin mode.
- Info action for help menu.
- Combo for hosts in bookmark.
- Support for static profile.
- Combo for scan log parameters.
NSE:-
- Support for nse script categories.
- Inline help for nse categories.
- Cache support for nse inline help.
- Inline help for nse script.
Monitor:-
- Select and stop single scan.
- Scan details support on monitor.
- ETC or remaing scan time on monitor. (if estimated).
- Dbus interface (signal with host scanning number). (if estimated).
Vulnerability:-
- Insert a new search vulneribility url
- Fix some issue with parser
Discover:-
- First support for ip discover with nping (REQUIRED)
- LCD Diplay for remaining ip in discover.
- Direct ip scan in discover.
- Support in discover for probes mode.
To Download NMapSi4 v0.3-beta Click Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 7/18/2011 03:11:00 pm
NmapSi4 is a complete Qt-based Gui with the design goals to provide a complete nmap interface for users, in order to management all options of this powerful security net scanner
Download NMapSi4 v0.2.86 Alpha2 (nmapsi4-0.2.86-alpha2.tar.gz) here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/14/2011 01:31:00 pm
The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools.
Official Change Log for Security Onion 20110909:-
- The “IDS Rules” menu now has a new entry called “Add Local Rules” which will open /etc/nsm/rules/local.rules for editing using the “mousepad” GUI editor. You can then add any rules that you want to maintain locally (outside of the downloaded VRT or Emerging Threats rulesets).
- A new menu called “IDS Config” was added with a new menu entry called “Configure IDS engine(s)”. This will list all of the IDS engines on your system and allow you to choose one to configure. It will then open the proper config file for whatever IDS engine you’re running. After you save and close the config file, it will offer to restart the IDS engine for you.
For more information & to see their official blog release Click
Here
To download Security Onion Click
Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/04/2012 01:05:00 am
Earlier we have talked about
BackBox Linux. Now a days it has became a very common penetration testing distribution. Now we have version 2.01 of BackBox Linux.
Brief About BackBox :-
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0.
What's New In This Release:-
- System upgrade
- Performance boost
- New look
- Improved start menu
- Bug corrections
- New sections such as Forensic Analysis, Documentation & Reporting and Reverse Engineering
- New Hacking tools and updated tools such as dradis 2.8, ettercap 0.7.4.2, john 1.7.8, metasploit 4.2, nmap 5.51, set 2.5.2, sleuthkit 3.2.1, w3af 1.0, weevely 0.5, wireshark 1.6.3, etc.
To Download BackBox Click Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 5/02/2011 11:57:00 pm
BackBox is a Linux distribution based on Ubuntu Lucid 10.04 LTS developed to perform penetration tests and security assessments. Designed to be fast, easy to use and to provide a minimal yet complete desktop environment thanks to its own software repositories always been updated to the last stable version of the most known and used ethical hacking tools.
This is the official change log:
- New ISO image (32bit & 64bit)
- System upgrade
- Performance boost
- New look and feel
- Improved start menu
- Bug fixing
- Hacking tools new or updated: Firefox 4, Hydra 6.2, Kismet 2011.03.2, Metasploit Framework 3.6.0, NMap 5.51, SET 1.3.5, SqlMap 0.9, sslstrip 0.8, w3af 1.0-rc5, weevely 0.3, WhatWeb 1.4.7, Wireshark 1.4.5, Zaproxy 1.2, etc.
This BackBox Linux 1.05 features the following upstream components: Ubuntu 10.04, Linux 2.6.32 and Xfce 4.6.1. Slowly, yet surely, this distribution is going to be great!
Download BackBox Linux 1.05 (backbox-1.05-i386.iso) here.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
