Changelog for zenmap-7.40-1.16.i586.rpm :
Mon Dec 26 13:00:00 2016
- update to 7.40
- update to 7.31
- update to 7.30

Mon Apr 4 14:00:00 2016
- update to 7.12
o [Zenmap] Avoid file corruption in zenmap.conf, reported as
files containing many null (\"\\x00\") characters.
Example exception: ValueError: unable to parse colour
o [NSE] VNC updates including vnc-brute support for TLS security
type and negotiating a lower RFB version if the server sends an
unknown higher version.
o [NSE] Added STARTTLS support for VNC, NNTP, and LMTP
o Added new service probes and match lines for OpenVPN on UDP and
- changes from 7.11
o [NSE][GH#341] Added support for diffie-hellman-group-exchange-
SSH key exchange methods to ssh2.lua, allowing ssh-hostkey to
run on servers that only support custom Diffie-Hellman groups.
o [NSE] Added support in sslcert.lua for Microsoft SQL Server\'s
TDS protocol, so you can now grab certs with ssl-cert or check
ciphers with ssl-enum-ciphers.
o [Zenmap] Fix a crash when setting default window geometry:
TypeError: argument of type \'int\' is not iterable
o [Zenmap] Fix a crash when displaying the date from an Nmap XML
file due to an empty or unknown locale:
File \"zenmapCore/\", line 627, in get_formatted_date
LookupError: unknown encoding:
o [Zenmap] Fix a crash due to incorrect file paths when
installing to /usr/local prefix. Example:
Exception: File \'/home/blah/.zenmap/scan_profile.usp\' does not
exist or could not be found!

Sat Mar 19 13:00:00 2016
- update to 7.10
o Integrated all 12 of your IPv6 OS fingerprint submissions from
October to January. The classifier added 3 new groups,
including new and expanded groups for OS X, bringing the new
total to 96.
o Integrated all of your IPv4 OS fingerprint submissions from
October to January (536 of them). Added 104 fingerprints,
bringing the new total to 5089. Additions include Linux 4.2,
more Windows 10, IBM i 7, and more.
o Integrated all of your service/version detection fingerprints
submitted from October to January (508 of them). The signature
count went up 2.2% to 10532. We now detect 1108 protocols, from
icy, finger, and rtsp to ipfs, basestation, and minecraft-pe.
o [NSE] Added 12 NSE scripts from 7 authors, bringing the total
up to 527! They are all listed at,
and the summaries are below (authors are listed in brackets):
+ [GH#322] http-apache-server-status parses the server status
page of Apache\'s mod_status.
+ http-vuln-cve2013-6786 detects a XSS and URL redirection
vulnerability in Allegro RomPager web server. Also added a
fingerprint for detecting CVE-2014-4019 to
+ [GH#226] http-vuln-cve2014-3704 detects and exploits the
\"Drupalgeddon\" pre-auth SQL Injection vulnerability in Drupal.
+ imap-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled IMAP services.
+ ipv6-multicast-mld-list discovers IPv6 multicast listeners
with MLD probes. The discovery is the same as
targets-ipv6-multicast-mld, but the subscribed addresses are
decoded and listed.
+ ms-sql-ntlm-info extracts OS version and sometimes hostname
from MS SQL Server instances via the NTLM challenge message.
+ nntp-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled NNTP services.
+ pop3-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled POP3 services.
+ rusers retrieves information about logged-on users from the
rusersd RPC service.
+ [GH#333] shodan-api queries the Shodan API
( and retrieves open port and service
info from their Internet-wide scan data.
+ smtp-ntlm-info extracts hostname and sometimes OS version from
NTLM-auth-enabled SMTP and submission services.
+ telnet-ntlm-info extracts hostname and sometimes OS version
from NTLM-auth-enabled Telnet services.
o [GH#249][Nsock] Avoid a crash on Windows reported by users
using Zenmap\'s Slow Comprehensive Scan profile. In the case of
unknown OpenSSL errors, ERR_reason_error_string would return
NULL, which could not be printed with the \"%s\" format string.
o [GH#284] Fix retrieval of route netmasks on FreeBSD.
IPv6 routes were given /32 netmasks regardless of actual
netmask configured, resulting in failed routing.
o Changed Nmap\'s idea of reserved and private IP addresses to
include 169.254/16 (RFC3927) and remove 6/8, 7/8, and 55/8
networks. This list, in libnetutil\'s isipprivate function, is
used to filter -iR randomly generated targets. The newly-valid
address ranges belong to the U.S. Department of Defense, so
users wanting to avoid those ranges should use their own
exclusion lists with --exclude or --exclude-file.
o [GH#265] When provided a verbosity of 0 (-v0), Nmap will not
output any text to the screen. This happens at the time of
argument parsing, so the usual meaning of \"verbosity 0\" is
o Allow the -4 option for Nmap to indicate IPv4 address family.
This is the default, and using the option doesn\'t change
anything, but does make it more explicit which address family
you want to scan. Using -4 with -6 is an error.
o [NSE][GH#314] Fix naming of SSL2_RC2_128_CBC_WITH_MD5 and
SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 ciphers in sslv2 in order to
match the draft specification from Mozilla.
o [NSE][GH#320] Add STARTTLS support to sslv2 to enable SSLv2
detection against services that are not TLS encrypted by
default but that support post connection upgrade. This will
enable more comprehensive detection of SSLv2 and DROWN
(CVE-2016-0800) attack oracles.
o [NSE][GH#301] Added default credential checks for RICOH Web
Image Monitor and BeEF to http-default-accounts.
o Properly display Next-hop MTU value from ICMP Type 3 Code 4
Fragmentation Required messages when tracing packets or in
Nping output. Improper offset meant we were printing the total
IP length.
o [NSE] Added support for DHCP options \"TFTP server name\" and
\"Bootfile name\" to dhcp.lua and enabled checking for options
with a code above 61 by default.
o [NSE] whois-ip: Don\'t request a remote IANA assignments data
file when the local filesystem will not permit the file to
cached in a local file.
o [NSE] Updated http-php-version hash database to cover all
versions from PHP 4.1.0 to PHP 5.4.45. Based on scans of a few
thousand PHP web servers pulled from Shodan API
o [GH#272][GH#269] Give option parsing errors after the usage
statement, or avoid printing the usage statement in some cases.
The options summary has grown quite large, requiring users to
scroll to the top to see the error message.
o Use the same ScanProgressMeter for FTP bounce scan (-b) as for
the other scan types, allowing periodic status updates with
- -stats-every or keypress events.
o [GH#274] Use a shorter pcap_select timeout on OpenBSD, just as
we do for OS X, old FreeBSD, and Solaris, which use BPF for
packet capture and do not have properly select-able fds.
Fix by OpenBSD port maintainer
o [NSE] Upgrade to http-form-brute allowing correct handling of
token-based CSRF protections and cookies. Also, a simple
database of common login forms supports Django, Wordpress,
MediaWiki, Joomla, and others.
o Print service info in grepable output for ports which are not
listed in nmap-services when a service tunnel (SSL) is detected.
Previously, the service info (\"ssl|unknown\") was not printed
unless the service inside the tunnel was positively identified.
o New service probe for CORBA GIOP (General Inter-ORB Protocol)
detection should elicit a not-found exception from GIOP
services that do not respond to non-GIOP probes.
o [NSE] [GH#242] Fix multiple false-positive sources in
o [Zenmap] [GH#247] Remember window geometry (position and size)
from the previous time Zenmap was run.

Mon Dec 14 13:00:00 2015
- Nmap 7.01:

* various bug fixes in NSE

Sun Nov 22 13:00:00 2015
- Nmap 7.00:

* see /usr/share/doc/packages/nmap/CHANGELOG
- removed patches:

* nmap-4.00-noreturn.diff

* nmap-6.00-libpcap-filter.diff
not needed since we do not build against the bundled libpcap
- updated patch:

* nmap-ncat-skip-network-tests.patch

Mon Oct 5 14:00:00 2015
- Unbreak everything not Factory

Mon Oct 5 14:00:00 2015
- Fix the build for Factory. Insist on lua 5.2.x

Thu Jul 30 14:00:00 2015
- BuildRequire lua52-devel on openSUSE > 13.2 (current Tumbleweed):
nmap has not been ported to LUA 5.3 yet.
- Minor fix in check session: internal lua identifies itself as
5.2.3 by now.

Tue Mar 3 13:00:00 2015
- fix build on SLE 12 by removing gpg-offline dependency
- run spec-cleaner

Tue Aug 26 14:00:00 2014
- Nmap 6.47:

* updated IPv4 OS fingerprints

* Removed the External Entity Declaration from the DOCTYPE in
Nmap\'s XML. The doctype is now:

* Ncat: Fixed SOCKS5 username/password authentication

* Avoid formatting NULL as \"%s\" when running nmap --iflist

* Zenmap, Ndiff: Avoid crashing with old PyXML package

* Handle ICMP admin-prohibited messages when doing service version

* NSE: Fix a bug causing http.head to not honor redirects.

* Zenmap: Fix a bug in DiffViewer causing a crash
- fix self-obsoletion of zenmap (nmap-gtk)

Sat Apr 26 14:00:00 2014
- Nmap 6.46
- NSE:

* Made numerous improvements to ssl-heartbleed to provide
more reliable detection of the vulnerability

* Fix some bugs which could cause snmp-ios-config and
snmp-sysdescr scripts to crash

* Improved performance of citrixlua library when handling large
XML responses containing application lists
- Zenmap:

* Fixed a bug which caused this crash message: \"IOError:
[Errno socket error] [Errno 10060] A connection attempt
failed [...]\" due to DOCTYPE definition to Nmap\'s XML output

Sat Apr 12 14:00:00 2014
- Nmap 6.45
- NSE:

* Add ssl-heartbleed script to detect the Heartbleed OpenSSL bug

* Fixed an error-handling bug in socks-open-proxy that caused it
to fail when scanning a SOCKS4-only proxy

* Improved ntp-info script to handle underscores in returned

* Add quake1-info script for retrieving server and player
information from Quake 1 game servers

* Add unicode library for decoding and encoding UTF-8, UTF-16,
CP437 and other character sets to Unicode code points. Scripts
that previously just added or skipped nulls in UTF-16 data can
use this to support non-ASCII characters

* When doing a ping scan (-sn), the --open option will prevent down
hosts from being shown when -v is specified. This aligns with
similar output for othe rscan types

* Add http-ntlm-info script for getting server information from
Web servers that require NTLM authentication

* Added tls library for functions related to SSLv3 and TLS
messages. Existing ssl-enum-ciphers, ssl-date, and
tls-nextprotoneg scripts were updated to use this library

* Add sstp-discover script to discover Microsoft\'s Secure Socket
Tunnelling Protocol

* Added unittest library and NSE script for adding unit tests to
NSE libraries

* Added allseeingeye-info script

* Add freelancer-info script

* Add http-server-header script

* Add rfc868-time script

* Add weblogic-t3-info script

* Removed a fixed value (28428) which was being set for the Request
ID in the snmpWalk library function

* Add http-iis-short-name-brute script

* Add http-dlink-backdoor

* Made telnet-brute support multiple parallel guessing threads

* Made the table returned by ssh1.fetch_host_key contain a \"key\"
element, like that of ssh2.fetch_host_key

* Update dns-cache-snoop script to use a new list of top 50
domains rather than a 2010 list

* Added the qconn-exec script
- Ncat:

* Added support for socks5 and corresponding regression tests.

* Fixed compilation when --without-liblua is specified

NCAT_LOCAL_ADDR and NCAT_LOCAL_PORT environment variables being
set in all --
*-exec child processes.
- Nsock:

* Handle timers and timeouts via a priority queue
- Various:

* Added TCP support to dns.lua

* Added safe fd_set operations. This makes nmap fail gracefully
instead of crashing when the number of file descriptors grows

* Updated bundled liblua from 5.2.2 to 5.2.3 (bugfix release)

* Added version detection signatures and probes for a bunch of
Android remote mouse/keyboard servers, including AndroMouse,
AirHID, Wifi-mouse, and RemoteMouse.

* Fixed a bug with UDP checksum calculation

* Idle scan now supports IPv6

* The ICMP ID of ICMP probes is now matched against the sent ICMP
ID to reduce the chance of false matches
- Zenmap:

* Fixed a crash that would happen when you entered a search
term starting with a colon

Fri Dec 6 13:00:00 2013
- add missing python-gtk dependency for zenmap [bnc#752158]

Mon Aug 19 14:00:00 2013
- update to 6.40
- [Ncat] Added --lua-exec
- new and updated IPv4 OS fingerprints
- new and updated IPv6 OS fingerprints
- new and updated service/version fingerprints
- [Nsock] Added initial proxy support to Nsock
- [NSE] Added 14 NSE scripts
- Updated the Nmap license terms, still GPL-2.0+
- [NSE] fix possibility of writing arbitrary file to client system
when using the http-domino-enum-passwords script with the
domino-enum-passwords.idpath parameter against a malicious server
- Unicast CIDR-style IPv6 range scanning is now supported
- It\'s now possible to mix IPv4 range notation with CIDR netmasks in
target specifications.
- Timeout script-args are now standardized to use the timespec that
Nmap\'s command-line arguments take (5s, 5000ms, 1h, etc.)
- Nmap may now partially rearrange its target list for more efficient
host groups.
- [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode.
- [Ncat] Ncat now support chained certificates with the --ssl-cert
- [Nping] Nping now checks for a matching ICMP ID on echo replies
- [NSE] The ipOps.isPrivate library now considers the deprecated
site-local prefix fec0::/10 to be private.
- Nmap\'s routing table is now sorted first by netmask, then by metric.
- Routes are now sorted to prefer those with a lower metric.
- Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments.
- Stop parsing TCP options after reaching EOL in libnetutil.
- [NSE] The dns-ip6-arpa-scan script now optionally accepts \"/\" syntax for
a network mask
- Fixed our NSEDoc system for UTF-8 names
- UDP protocol payloads were added for detecting the Murmer service
- [NSE] Added http-phpmyadmin-dir-traversal
- Fixed address matching for SCTP (-PY) ping
- Removed some non-ANSI-C strftime format strings (\"%F\") and
locale-dependent formats (\"%c\") from NSE scripts and libraries.
- [Zenmap] Improved internationalization support
- [Zenmap] Fixed internationalization files
- [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2.
- [Nsock] Added a minimal regression test suite for Nsock.
- [NSE] Updated the redis-brute and redis-info scripts to work against
the latest versions of redis server
- [Ncat] Fixed errors in connecting to IPv6 proxies.
- [NSE] Updated hostmap-bfk to work with the latest version of their website
- [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts.
+ http-git.nse.
- Added new service probes for:
+ Erlang distribution nodes
+ Minecraft servers.
+ Hazelcast data grid.
- [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers.
- Fixed a regression that changed the number of delimiters in machine
- Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output.
- Handle ICMP type 11 (Time Exceeded) responses to port scan probes.
- Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly.
- Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other.
- [NSE] Changed ip-geolocation-geoplugin to use the web service\'s new output
- Limited the number of open sockets in ultra_scan to FD_SETSIZE.
- Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK
- [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect.
- Packet trace of ICMP packets now include the ICMP ID and sequence number
by default.
- [NSE] Fixed various NSEDoc bugs
- [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables.
- Added an ncat_assert macro.
- Added nmap-fo.xsl to convert Nmap XML into XSL-FO, which can be converted
into PDF using tools suck as Apache FOP.
- Increased the number of slack file descriptors not used during connect
- Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (
- [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host.
- Removed the undocumented -q option, which renamed the nmap process to
something like \"pine\".
- Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code.
- [Nsock] Reworked the logging infrastructure to make it more flexible and
- [NSE] Fixed scripts using unconnected UDP sockets.
- Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files.
- [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again.
- [Ncat] Made exit with nonzero status if any tests
- Fixed compilation with --without-liblua.
- Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
- [NSE] Added multicast group name output to broadcast-igmp-discovery.nse.
- [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube.
- Packaging changes:

* remove nmap-ncat-fail-test-addrset.patch, committed upstream

* ja locale was corrected upstream

Sun Mar 10 13:00:00 2013
- add verification of gpg signatures of source tarballs

Sat Dec 8 13:00:00 2012
- run available unit tests
- add nmap-ncat-fail-test-addrset.patch to make ncat tests effective
- add nmap-ncat-skip-network-tests.patch to skip tests requiring
name resolution

Sun Dec 2 13:00:00 2012
- update to 6.25
+ add 373 IPv4 OS fingerprints and improve existing fingerprints
+ add more than 400 service/version detection fingerprints
+ integrate latest IPv6 OS submissions and corrections
+ Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes.
+ Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
+ Ncat: Added support for Unix domain sockets. The new -U and
- -unixsock options activate this mode.
+ removal of Windows dependencies reduces size of source tarball
+ Replaced old RPC grinder with NSE-based implementation
+ Updated Nmap Scripting Engine to use Lua 5.2
+ Added 85 NSE scripts
+ Added 12 new protocol libraries:

* ajp (Apache JServ Protocol)

* base32 (Base32 encoding/decoding - RFC 4648)

* bjnp (Canon BJNP printer/scanner discovery protocol)

* cassandra (Cassandra database protocol)

* eigrp (Cisco Enhanced Interior Gateway Routing Protocol)

* gps (Global Positioning System - does GPRMC NMEA decoding)

* ipp (CUPS Internet Printing Protocol)

* isns (Internet Storage Name Service)

* jdwp (Java Debug Wire Protocol)

* mobileme (a service for managing Apple/Mac devices)

* ospf (Open Shortest Path First routing protocol)

* rdp (Remote Desktop Protocol)
+ added more Common Platform Enumeration (CPE) identifiers
+ Scans that use OS sockets (including TCP connect scan, version
detection, and script scan) now use the SO_BINDTODEVICE sockopt on
Linux, so that the -e (select network device) option is
+ [Zenmap] Host filters can now do negative matching, for example you
can use \"os:!linux\" to match hosts NOT detected as Linux.
+ further minor improvements and bug fixes as listed in
- for openSUSE releases where lua 5.2 is available, build with that
library, otherwise use the library that comes with the sources
- add tests for the correct system or included libraries
- refresh nmap-4.75-nostrip.patch
- refresh su-to-zenmap.patch

Mon Jul 16 14:00:00 2012
- update manpages glob to fix Factory build

Sat Jun 23 14:00:00 2012
- update to upstream 6.0.1

* fix a zenmap a crash that happened when activating the host filter.

* fix finding network interfaces if one of them is in monitor mode

* fixx greppable output of hosts that time-out

Mon May 21 14:00:00 2012
- update to upstream 6.00

* enhanced Nmap Scripting Engine

* Better Web Scanning

* Full IPv6 Support

* New NPing Tool

* Better Zenmap GUI & results viewer

* Faster scans

* for a full list of changes see and
- refresh nmap-4.00-libpcap-filter.diff

Tue Mar 27 14:00:00 2012
- as nmap is built with the inluded and stripped nmap-libdnet-1.12,
remove system libdnet as build requirement

Mon Mar 26 14:00:00 2012
- Update to nmap-5.61TEST5
- refresh nmap-4.00-libpcap-filter.diff for moved source lines
- refresh nmap-4.00-noreturn.diff for moved source lines
- refresh nmap-4.75-nostrip.patch for moved source lines
- update nmap-5.00-desktop_files.patch
to nmap-5.61-desktop_files.patch for change source
- update su-to-zenmap.patch for moved source lines

Mon Mar 26 14:00:00 2012
- Conditionally change lua-devel BuildRequires to lua51-devel on
openSUSE > 12.1. The code is not yet ready for lua 5.2.

Sat Oct 22 14:00:00 2011
- Fixed a run Zenmap as sudo in KDE and GNOME

Mon Oct 17 14:00:00 2011
- Update to nmap 5.61-xxx branch, changelog too long, see NEWS
for details.
- Add a new subpackage \"nping\"
- drop no-md2.patch already in upstream.

Wed Dec 1 13:00:00 2010
- add nmap-5.21-gnomesu.patch (fixed bnc#613847)

Sat Oct 30 14:00:00 2010
- spec file clean up to build on SLE and openSUSE < 11.3

Fri Aug 27 14:00:00 2010
- update to 5.21

* Dramatically improved the version detection database, integrating
2,596 submissions that users contributed since February 3, 2009!

* bugfixes

Mon Apr 19 14:00:00 2010
- disable md2 in the scripting language (no longer supplied
by default openssl)

Fri Oct 9 14:00:00 2009
- fixed bnc#528581

Wed Aug 12 14:00:00 2009
- Pascal updated to 5.00 with way too many changes to list them,
see /usr/share/doc/packages/nmap/CHANGELOG
- introduce ncat and ndiff packages providing tools for nmap scans

Sun Aug 9 14:00:00 2009
- use new python macros

Tue Jun 23 14:00:00 2009
- remove strip so we have debuginfos