Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Nmap 6.49BETA1 released - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Nmap 6.49BETA1 released

Fyodor has announced the release of Nmap 6.49BETA1.This version will have hundreds of improvement, including:

  •  Integrated all of the latest OS detection and version/service detection submissions (including IPv6)
  •  Infrastructure improvements: an official bug tracker
  •  Added options --data and --data-string to send custom payloads in scan packet data.
  •  25 new NSE scripts (total is now 494):

       bacnet-info gets device information from SCADA/ICS devices via BACnet (Building Automation and Control Networks)

      o   docker-version detects and fingerprints Docker
      o   enip-info gets device information from SCADA/ICS devices via EtherNet/IP
      o   fcrdns performs a Forward-confirmed Reverse DNS lookup and reports anomalous results
      o   http-avaya-ipoffice-users enumerates users in Avaya IP Office 7.x systems.
      o   http-cisco-anyconnect gets version and tunnel information from Cisco SSL VPNs
      o   http-crossdomainxml detects overly permissive crossdomain policies and finds trusted domain names available for purchase
      o   http-shellshock detects web applications vulnerable to Shellshock (CVE-2014-6271).
      o   http-vuln-cve2006-3392 exploits a file disclosure vulnerability in Webmin.
      o   http-vuln-cve2014-2126, http-vuln-cve2014-2127, http-vuln-cve2014-2128 and http-vuln-cve2014-2129 detect specific vulnerabilities              in Cisco AnyConnect SSL VPNs
      o   http-vuln-cve2015-1427 detects Elasticsearch servers vulnerable to remote code execution.
      o   http-vuln-cve2015-1635 detects Microsoft Windows systems vulnerable to MS15-034
      o   http-vuln-misfortune-cookie detects the "Misfortune Cookie"    vulnerability in Allegro RomPager 4.07, commonly used in SOHO                    routers for TR-069 access.
      o   http-wordpress-plugins was renamed http-wordpress-enum and extended to enumerate both plugins and themes of Wordpress                       installations and their versions. http-wordpress-enum is now http-wordpress-users.
      o   mikrotik-routeros-brute performs password auditing attacks against Mikrotik's RouterOS API.
      o   omron-info gets device information from Omron PLCs via the FINS service.
      o   s7-info gets device information from Siemens PLCs via the S7 service, tunneled over ISO-TSAP on TCP port 102.
      o   snmp-info gets the enterprise number and other information from the snmpEngineID in an SNMPv3 response packet.
      o   ssl-ccs-injection detects whether a server is vulnerable to the SSL/TLS CCS Injection vulnerability (CVE-2014-0224)
      o   ssl-poodle detects the POODLE bug in SSLv3 (CVE-2014-3566)
      o   supermicro-ipmi-conf exploits Supermicro IPMI/BMC controllers.
      o   targets-ipv6-map4to6 generates target IPv6 addresses which correspond to IPv4 addresses mapped within a particular IPv6 subnet.
      o   targets-ipv6-wordlist generates target IPv6 addresses from a wordlist made of hexadecimal characters







60 Posts
ISC Handler
Jun 5th 2015

Sign Up for Free or Log In to start participating in the conversation!