v7.8 [Aug 11, 2019]
- The Npcap Windows packet capturing library (https://npcap.org/) is faster and more stable than ever.
- Added 11 NSE scripts, from 8 authors, bringing the total up to 598! They are all listed at https://nmap.org/nsedoc/.
- The macOS installer is now built for x86_64 architecture, not i386.
- Replaced the addrset matching code that is used by --exclude and --excludefile with a much faster implementation using a radix tree (trie).
- Use pcap_create instead of pcap_live_open in Nmap, and set immediate mode on the pcap descriptor. This solves packet loss problems on Linux and may improve performance on other platforms.
- Fixed an infinite loop in tls-alpn when the server forces a particular protocol.
- Collected utility functions for string processing into a new library, stringaux.lua.
- New rand.lua library uses the best sources of random available on the system to generate random strings.
- New library, oops.lua, makes reporting errors easy, with plenty of debugging detail when needed, and no clutter when not.
- Collected utility functions for manipulating and searching tables into a new library, tableaux.lua.
- New knx.lua library holds common functions and definitions for communicating with KNX/Konnex devices.
- The HTTP library now provides transparent support for gzip- encoded response body.
- Add AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat. VM sockets are used for communication between virtual machines and the hypervisor.
- Address CVE-2019-1552 in OpenSSL by building with the prefix "C:\Program Files (x86)\Nmap\OpenSSL". This should prevent unauthorized users from modifying OpenSSL defaults by writing configuration to this directory.
- Reduced LibPCRE resource limits so that version detection can't use as much of the stack. Previously Nmap could crash when run on low-memory systems against target services which are intentionally or accidentally difficult to match. Someone assigned CVE-2018-15173 for this issue.
- Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is already used whenever possible, and the -PR option would not force it to be used in any other case.
- Fixed an issue with Ncat -e on Windows that caused early termination of connections.
- Fix a false-positive in http-phpmyadmin-dir-traversal when the server responds with 200 status to a POST request to any URI.
- New vulnerability state in vulns.lua, UNKNOWN, is used to indicate that testing could not rule out vulnerability.
- When searching for Lua header files, actually use them where they are found instead of forcing /usr/include.
- Script traceroute-geolocation no longer crashes when www.GeoPlugin.net returns null coordinates
- Limit verbose -v and debugging -d levels to a maximum of 10. Nmap does not use higher levels internally.
tls.lua when creating a client_hello message will now only use a SSLv3 record layer if the protocol version is SSLv3. Some TLS implementations will not handshake with a client offering less than TLSv1.0. Scripts will have to manually fall back to SSLv3 to talk to SSLv3-only servers.
- Fix a few false-positive conditions in ssl-ccs-injection. TLS implementations that responded with fatal alerts other than "unexpected message" had been falsely marked as vulnerable.
- Emergency fix to Nmap's birthday announcement so Nmap wishes itself a "Happy 21st Birthday" rather than "Happy 21th" in verbose mode (-v) on September 1, 2018.
- Start host timeout clocks when the first probe is sent to a host, not when the hostgroup is started. Sometimes a host doesn't get probes until late in the hostgroup, increasing the chance it will time out.
- Support for edns-client-subnet (ECS) in dns.lua has been improved by:
- Using ECS code compliant with RFC 7871
- Properly trimming ECS address, as mandated by RFC 7871
- Fixing a bug that prevented using the same ECS option table more than once
- Fixed communication with commands launched with -e or -c on Windows, especially when --ssl is used.
- Script http-default-accounts can now select more than one fingerprint category. It now also possible to select fingerprints by name to support very specific scanning.
- Script http-default-accounts was not able to run against more than one target host/port.
- New script-arg `http.host` allows users to force a particular value for the Host header in all HTTP requests.
- Use smtp.domain script arg or target's domain name instead of "example.com" in EHLO command used for STARTTLS. [
- Fix brute.lua's BruteSocket wrapper, which was crashing Nmap with an assertion failure due to socket mixup : nmap: nse_nsock.cc:672: int receive_buf(lua_State*, int, lua_KContext): Assertion `lua_gettop(L) == 7' failed.
- Handle an error condition in smb-vuln-ms17-010 caused by IPS closing the connection.
- Fixed literal IPv6 URL format for connecting through HTTP proxies.
- Updates vendors from ODVA list for enip-info.
