CERBERUS/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-05-13 16:57:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
Nmap - the Network Mapper. Github mirror of official SVN repository. https://svn.nmap.org/
1603 commits 2 branches 0 tags 564 MiB
Find a file
david 901915dfbc Simplify and fix the logic surrounding the handling of host discovery 
probes, especially IP protocol probes.

Previously if IP protocol ping (-PO) was used anywhere in a host
discovery scan, any response was treated as a protocol response. (The
handlers for other response types had an explicit check for this.) This
means that if you did

nmap -PS -PO

and got back a SYN/ACK in response to the -PS probe, it would be marked
with a reason of proto-response rather than syn-ack. Now, because the IP
protocol response handler matches so broadly, it is given the last
chance at handling a response, only if no interpretation makes sense.
Now the aforementioned scan will give a reason of syn-ack.

The old behavior was not only misleading with respect to reasons, it had
a minor and subtle bug. Consider the following packet trace:

SENT (2.0990s) TCP 192.168.0.21:42205 > target:25 S ttl=40 id=39342 iplen=44  seq=114128202 win=1024 <mss 1460>
SENT (2.2560s) TCP 192.168.0.21:42205 > target:53 S ttl=40 id=51247 iplen=44  seq=114128202 win=1024 <mss 1460>
SENT (2.3280s) TCP 192.168.0.21:42206 > target:25 S ttl=37 id=31111 iplen=44  seq=114062667 win=2048 <mss 1460>
RCVD (2.3530s) TCP target:53 > 192.168.0.21:42205 SA ttl=51 id=0 iplen=44  seq=4159224453 win=5840 ack=114128203 <mss 1460>
ultrascan_host_probe_update called for machine target state UNKNOWN -> HOST_UP (trynum 1 time: 25123)
Ultrascan DROPPED probe packet to target detected
Changing ping technique for target to tcp to port 25; flags: S

Why is the received packet marked as a drop? And why is the ping
technique change to SYN to port 25 when the response came back from port
53? The reason is that the IP protocol response handler caught the probe
and decided it was in response to one of the sent TCP probes--any of the
TCP probes. It selected the probe to port 25 essentially at random and
used that as the relevant probe. The result is that a drop is wrongly
recorded (slowing down the scan), and a worse than useless ping probe is
used (worse than useless because it will cause another drop any time
it's used).

I found this while trying to emulate PortBunny's default ping scan,
which is
-PS80,25,22,443,21,113,23,53,554,3389,445 -PA3333,11 -PE -PP -PU161,162 -PO51
though not in the same order Nmap uses.
2008-08-01 00:08:47 +00:00
docs fix wrong function name noted by Tom Sellers 2008-07-30 00:27:59 +00:00
libdnet-stripped o The Nmap Windows self-installer now automatically installs the MS 2008-06-29 04:52:00 +00:00
liblua o The Nmap Windows self-installer now automatically installs the MS 2008-06-29 04:52:00 +00:00
libpcap Delete auxiliary scripts config.guess, config.sub, depcomp, install-sh, 2007-11-27 06:22:46 +00:00
libpcre o The Nmap Windows self-installer now automatically installs the MS 2008-06-29 04:52:00 +00:00
macosx Fix a little typo in macosx/Makefile that kept COPYING.formatted from being 2008-07-11 20:54:31 +00:00
mswin32 modified nmap.vcproj, added binlib and hashlib for NSE 2008-07-31 14:20:45 +00:00
nselib added pop3.lua 2008-07-31 22:51:45 +00:00
nselib-bin Merging changes from my vc2008-testing branch. This moves Windows development 2008-06-13 05:58:11 +00:00
scripts added brutePOP3.nse 2008-07-31 22:55:28 +00:00
acinclude.m4
aclocal.m4 Check for Python only if Zenmap is requested, and bail out if Zenmap is 2007-11-22 08:37:34 +00:00
CHANGELOG trivial rewording, typo fixing, etc. 2008-07-31 21:50:15 +00:00
charpool.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
charpool.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
config.guess o Updated to latest (as of 3/15) autoconf config.sub/config.guess 2008-03-15 10:21:56 +00:00
config.sub o Updated to latest (as of 3/15) autoconf config.sub/config.guess 2008-03-15 10:21:56 +00:00
configure Link against -lodm and -lcfg on AIX. 2008-06-15 07:05:12 +00:00
configure.ac Link against -lodm and -lcfg on AIX. 2008-06-15 07:05:12 +00:00
COPYING trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
COPYING.OpenSSL
depcomp Delete auxiliary scripts config.guess, config.sub, depcomp, install-sh, 2007-11-27 06:22:46 +00:00
FingerPrintResults.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
FingerPrintResults.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
global_structures.h Bump up MAX_OS_CLASSIFICATIONS_PER_FP from 8 to 10. 2008-07-15 20:07:25 +00:00
HACKING URL change from http://insecure.org/nmap/* to http://nmap.org/* 2008-01-17 07:22:03 +00:00
idle_scan.cc Adding packet validity checking to readip_pcap() so the caller can assume the 2008-06-30 23:55:19 +00:00
idle_scan.h This patch reorganizes the way ping probes are handled internally. 2008-05-29 07:49:37 +00:00
INSTALL URL change from http://insecure.org/nmap/* to http://nmap.org/* 2008-01-17 07:22:03 +00:00
install-sh
ltmain.sh Delete auxiliary scripts config.guess, config.sub, depcomp, install-sh, 2007-11-27 06:22:46 +00:00
MACLookup.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
MACLookup.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
main.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
Makefile.in modified Makefile.in, added binlib and hashlib for nse 2008-07-31 14:20:10 +00:00
missing Delete auxiliary scripts config.guess, config.sub, depcomp, install-sh, 2007-11-27 06:22:46 +00:00
nmap-header-template.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap-mac-prefixes o Updated to include the latest MAC Address prefixes from the IEEE in 2008-05-30 21:47:20 +00:00
nmap-os-db Add July 2008 OS corrections. 2008-07-25 15:36:44 +00:00
nmap-protocols URL change from http://insecure.org/nmap/* to http://nmap.org/* 2008-01-17 07:22:03 +00:00
nmap-rpc URL change from http://insecure.org/nmap/* to http://nmap.org/* 2008-01-17 07:22:03 +00:00
nmap-service-probes slight updates to some MailEnable smtpd sigs 2008-07-25 21:56:50 +00:00
nmap-services add iPhone port 62078 - if anyone has more information about this port which would be useful for the entry, let me know. It seems to be used for syncing, so I called it iphone-sync for now. 2008-07-28 17:19:19 +00:00
nmap.cc little fix to make --max_rate (underscore) work 2008-07-30 04:06:22 +00:00
nmap.h update version number 2008-06-29 09:13:44 +00:00
nmap.spec.in Remove the listing of zenmap.1.gz from nmap.spec.in, and remove the manual 2008-05-06 23:56:13 +00:00
nmap_amigaos.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap_config.h.in trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap_dns.cc Documenting an earlier change and adding a new, related one: 2008-07-14 19:52:31 +00:00
nmap_dns.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap_error.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap_error.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap_rpc.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap_rpc.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap_tty.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap_tty.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nmap_winconfig.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
NmapOps.cc Add --max-rate to go with --min-rate. 2008-07-30 00:15:57 +00:00
NmapOps.h Add --max-rate to go with --min-rate. 2008-07-30 00:15:57 +00:00
NmapOutputTable.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
NmapOutputTable.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
nse_binlib.cc added nse_binlib.cc: bin.pack() and bin.unpack() 2008-07-31 14:19:23 +00:00
nse_binlib.h added nse_binlib.h 2008-07-31 14:18:21 +00:00
nse_debug.cc Large recode of nse_init.cc 2008-05-31 02:39:27 +00:00
nse_debug.h
nse_fs.cc Fix to Windows define for nse_fs 2008-05-31 08:22:39 +00:00
nse_fs.h Large recode of nse_init.cc 2008-05-31 02:39:27 +00:00
nse_hash.cc added nse_hash.cc, hash-functions for nse 2008-07-31 14:17:41 +00:00
nse_hash.h added nse_hash.h 2008-07-31 14:17:12 +00:00
nse_init.cc modified nse_init.cc, added binlib and hashlib to NSE 2008-07-31 14:21:28 +00:00
nse_init.h Large recode of nse_init.cc 2008-05-31 02:39:27 +00:00
nse_macros.h Updated some macros to clean up code. Moved 2008-07-07 17:33:36 +00:00
nse_main.cc [NSE] Added fix for deadlocks on sockets. Now, 10 or max.parallelism threads 2008-07-31 07:35:19 +00:00
nse_main.h Added ScriptResult class change in order to avoid managing string memory 2008-07-07 17:37:08 +00:00
nse_nmaplib.cc [NSE] Added fix for deadlocks on sockets. Now, 10 or max.parallelism threads 2008-07-31 07:35:19 +00:00
nse_nmaplib.h Large recode of nse_init.cc 2008-05-31 02:39:27 +00:00
nse_nsock.cc [NSE] Added fix for deadlocks on sockets. Now, 10 or max.parallelism threads 2008-07-31 07:35:19 +00:00
nse_nsock.h [NSE] Added fix for deadlocks on sockets. Now, 10 or max.parallelism threads 2008-07-31 07:35:19 +00:00
nse_pcrelib.cc Removed nse_auxiliar. Updated Script Argument parsing. Fixed typos in 2008-05-31 02:19:24 +00:00
nse_pcrelib.h Revert r5485. This changes the pcre Lua module back to statically linked 2007-10-23 00:45:00 +00:00
osscan.cc Increase the line buffer for reading fingerprints in osscan.cc. The latest 2008-07-15 05:33:33 +00:00
osscan.h Make the parameter to parse_fingerprint_file const. 2008-06-13 17:32:47 +00:00
osscan2.cc Adding packet validity checking to readip_pcap() so the caller can assume the 2008-06-30 23:55:19 +00:00
osscan2.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
output.cc report scan time to hundredths of a second, not thousandths 2008-07-11 07:29:09 +00:00
output.h Added ScriptResult class change in order to avoid managing string memory 2008-07-07 17:37:08 +00:00
portlist.cc Added ScriptResult class change in order to avoid managing string memory 2008-07-07 17:37:08 +00:00
portlist.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
portreasons.cc Nmap will no longer misreport a localhost-response during PN scans, it will now be reported as 'user-set'. 2008-07-29 17:01:31 +00:00
portreasons.h Nmap will no longer misreport a localhost-response during PN scans, it will now be reported as 'user-set'. 2008-07-29 17:01:31 +00:00
protocols.cc trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
protocols.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
README-WIN32 URL change from http://insecure.org/nmap/* to http://nmap.org/* 2008-01-17 07:22:03 +00:00
scan_engine.cc Simplify and fix the logic surrounding the handling of host discovery 2008-08-01 00:08:47 +00:00
scan_engine.h Save timing ping probes between calls to ultra_scan. This allows, for example, 2008-07-11 06:12:38 +00:00
service_scan.cc Documenting an earlier change and adding a new, related one: 2008-07-14 19:52:31 +00:00
service_scan.h This patch reorganizes the way ping probes are handled internally. 2008-05-29 07:49:37 +00:00
services.cc This patch reorganizes the way ping probes are handled internally. 2008-05-29 07:49:37 +00:00
services.h This patch reorganizes the way ping probes are handled internally. 2008-05-29 07:49:37 +00:00
shtool
Target.cc Save timing ping probes between calls to ultra_scan. This allows, for example, 2008-07-11 06:12:38 +00:00
Target.h Save timing ping probes between calls to ultra_scan. This allows, for example, 2008-07-11 06:12:38 +00:00
TargetGroup.cc o Fixed an integer overflow which prevented a target specification 2008-06-03 19:25:16 +00:00
TargetGroup.h o Fixed an integer overflow which prevented a target specification 2008-06-03 19:25:16 +00:00
targets.cc Nmap will no longer misreport a localhost-response during PN scans, it will now be reported as 'user-set'. 2008-07-29 17:01:31 +00:00
targets.h trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
tcpip.cc Fixing a Windows casting-related compilation error. Thanks to Jah for reporting this 2008-07-26 02:58:07 +00:00
tcpip.h o Added --ip-options support for the connect() scan (-sT). [Kris] 2008-07-14 20:02:30 +00:00
timing.cc updated to allow RateMeter::update to accept time decreases up to 5ms rather than a 1ms limit, as I just had a crash where now=1217210189.144224; last_update_tv=1217210189.148486. I still think this may be a bug in my SMP Linux kernel. But if it affects me, probably affects others. 2008-07-28 03:34:19 +00:00
timing.h Avoid showing the sending rate in bytes per second if no sent bytes have been 2008-07-23 22:21:37 +00:00
traceroute.cc Adding packet validity checking to readip_pcap() so the caller can assume the 2008-06-30 23:55:19 +00:00
traceroute.h This patch reorganizes the way ping probes are handled internally. 2008-05-29 07:49:37 +00:00
utils.cc Move tval2msecs() to Nbase for reuse 2008-07-15 20:06:05 +00:00
utils.h Move tval2msecs() to Nbase for reuse 2008-07-15 20:06:05 +00:00
zenmap.spec.in Include the new .desktop files in zenmap.spec.in. 2008-07-27 19:15:24 +00:00

docs/README 

Here is some documentation for Nmap, but these files are much less
comprehensive than what you'll find at the actual Nmap documentation
site ( http://nmap.org ).