Fala galera beleza?
Uma das ferramentas mais versáteis e amadas pela galera de security e pelos analistas de pentest é o NMAP, para quem não conhece a ferramenta ela é um port-scanner/sniffer/scanner de rede e ainda executa scripts diversos baseados nos resultados alcançados nos scans, além de tudo isso é open-source e suportada por uma comunidade grande e ativa.
Nessa atualização, foram cerca de 80 novidades além da correção dos bugs, segue algumas novidades:
o [Windows] The Npcap Windows packet capturing library (https://npcap.org/) is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all of these changes from the last 15 Npcap releases: https://nmap.org/npcap/changelog o [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598! They are all listed at https://nmap.org/nsedoc/, and the summaries are below: + [GH#1232] broadcast-hid-discoveryd discovers HID devices on a LAN by sending a discoveryd network broadcast probe. [Brendan Coles] + [GH#1236] broadcast-jenkins-discover discovers Jenkins servers on a LAN by sending a discovery broadcast probe. [Brendan Coles] + [GH#1016][GH#1082] http-hp-ilo-info extracts information from HP Integrated Lights-Out (iLO) servers. [rajeevrmenon97] + [GH#1243] http-sap-netweaver-leak detects SAP Netweaver Portal with the Knowledge Management Unit enabled with anonymous access. [ArphanetX] + https-redirect detects HTTP servers that redirect to the same port, but with HTTPS. Some nginx servers do this, which made ssl-* scripts not run properly. [Daniel Miller] + [GH#1504] lu-enum enumerates Logical Units (LU) of TN3270E servers. [Soldier of Fortran] + [GH#1633] rdp-ntlm-info extracts Windows domain information from RDP services. [Tom Sellers] + smb-vuln-webexec checks whether the WebExService is installed and allows code execution. [Ron Bowes] + smb-webexec-exploit exploits the WebExService to run arbitrary commands with SYSTEM privileges. [Ron Bowes] + [GH#1457] ubiquiti-discovery extracts information from the Ubiquiti Discovery service and assists version detection. [Tom Sellers] + [GH#1126] vulners queries the Vulners CVE database API using CPE information from Nmap's service and application version detection. [GMedian, Daniel Miller] o [GH#1291][GH#34][GH#1339] Use pcap_create instead of pcap_live_open in Nmap, and set immediate mode on the pcap descriptor. This solves packet loss problems on Linux and may improve performance on other platforms. [Daniel Cater, Mike Pontillo, Daniel Miller] o [NSE] Collected utility functions for string processing into a new library, stringaux.lua. [Daniel Miller] o [NSE] New rand.lua library uses the best sources of random available on the system to generate random strings. [Daniel Miller] o [NSE] New library, oops.lua, makes reporting errors easy, with plenty of debugging detail when needed, and no clutter when not. [Daniel Miller]
Para lista completa das novidades de dos bugfix:
https://seclists.org/nmap-announce/2019/0
Para download:
https://nmap.org/download.html
https://github.com/nmap/npcap/blob/master/CHANGELOG.md
Abraços pessoal
Nenhum comentário:
Postar um comentário