segunda-feira, 19 de agosto de 2019

Nmap 7.80 Released


Fala galera beleza?

Uma das ferramentas mais versáteis e amadas pela galera de security e pelos analistas de pentest é o NMAP, para quem não conhece a ferramenta  ela é um port-scanner/sniffer/scanner de rede e ainda executa scripts diversos baseados nos resultados alcançados nos scans, além de tudo isso é open-source e suportada por uma comunidade grande e ativa.



Nessa atualização, foram cerca de 80 novidades além da correção dos bugs, segue algumas novidades:

o [Windows] The Npcap Windows packet capturing library (https://npcap.org/)
  is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap
  from version 0.99-r2 to 0.9982, including all of these changes from the
  last 15 Npcap releases: https://nmap.org/npcap/changelog

o [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are
  below:

  + [GH#1232] broadcast-hid-discoveryd discovers HID devices on a LAN by
    sending a discoveryd network broadcast probe. [Brendan Coles]

  + [GH#1236] broadcast-jenkins-discover discovers Jenkins servers on a LAN
    by sending a discovery broadcast probe. [Brendan Coles]

  + [GH#1016][GH#1082] http-hp-ilo-info extracts information from HP
    Integrated Lights-Out (iLO) servers. [rajeevrmenon97]

  + [GH#1243] http-sap-netweaver-leak detects SAP Netweaver Portal with the
    Knowledge Management Unit enabled with anonymous access. [ArphanetX]

  + https-redirect detects HTTP servers that redirect to the same port, but
    with HTTPS. Some nginx servers do this, which made ssl-* scripts not run
    properly. [Daniel Miller]

  + [GH#1504] lu-enum enumerates Logical Units (LU) of TN3270E servers.
    [Soldier of Fortran]

  + [GH#1633] rdp-ntlm-info extracts Windows domain information from RDP
    services. [Tom Sellers]

  + smb-vuln-webexec checks whether the WebExService is installed and allows
    code execution. [Ron Bowes]

  + smb-webexec-exploit exploits the WebExService to run arbitrary commands
    with SYSTEM privileges. [Ron Bowes]

  + [GH#1457] ubiquiti-discovery extracts information from the Ubiquiti
    Discovery service and assists version detection. [Tom Sellers]

  + [GH#1126] vulners queries the Vulners CVE database API using CPE
    information from Nmap's service and application version detection.
    [GMedian, Daniel Miller]

o [GH#1291][GH#34][GH#1339] Use pcap_create instead of pcap_live_open in
  Nmap, and set immediate mode on the pcap descriptor. This solves packet
  loss problems on Linux and may improve performance on other platforms.
  [Daniel Cater, Mike Pontillo, Daniel Miller]

o [NSE] Collected utility functions for string processing into a new
  library, stringaux.lua. [Daniel Miller]

o [NSE] New rand.lua library uses the best sources of random available on
  the system to generate random strings. [Daniel Miller]

o [NSE] New library, oops.lua, makes reporting errors easy, with plenty of
  debugging detail when needed, and no clutter when not. [Daniel Miller]

Para lista completa das novidades de dos bugfix:
https://seclists.org/nmap-announce/2019/0

Para download: 
https://nmap.org/download.html
https://github.com/nmap/npcap/blob/master/CHANGELOG.md


Abraços pessoal

Nenhum comentário:

Postar um comentário