Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Nmap 6.49BETA1 released

Published: 2015-06-05
Last Updated: 2015-06-05 17:39:34 UTC
by Basil Alawi S.Taher (Version: 1)
0 comment(s)


Fyodor has announced the release of Nmap 6.49BETA1.This version will have hundreds of improvement, including:
 

  •  Integrated all of the latest OS detection and version/service detection submissions (including IPv6)
  •  Infrastructure improvements: an official bug tracker
  •  Added options --data and --data-string to send custom payloads in scan packet data.
  •  25 new NSE scripts (total is now 494):

       bacnet-info gets device information from SCADA/ICS devices via BACnet (Building Automation and Control Networks)

      o   docker-version detects and fingerprints Docker
      o   enip-info gets device information from SCADA/ICS devices via EtherNet/IP
      o   fcrdns performs a Forward-confirmed Reverse DNS lookup and reports anomalous results
      o   http-avaya-ipoffice-users enumerates users in Avaya IP Office 7.x systems.
      o   http-cisco-anyconnect gets version and tunnel information from Cisco SSL VPNs
      o   http-crossdomainxml detects overly permissive crossdomain policies and finds trusted domain names available for purchase
      o   http-shellshock detects web applications vulnerable to Shellshock (CVE-2014-6271).
      o   http-vuln-cve2006-3392 exploits a file disclosure vulnerability in Webmin.
      o   http-vuln-cve2014-2126, http-vuln-cve2014-2127, http-vuln-cve2014-2128 and http-vuln-cve2014-2129 detect specific vulnerabilities              in Cisco AnyConnect SSL VPNs
      o   http-vuln-cve2015-1427 detects Elasticsearch servers vulnerable to remote code execution.
      o   http-vuln-cve2015-1635 detects Microsoft Windows systems vulnerable to MS15-034
      o   http-vuln-misfortune-cookie detects the "Misfortune Cookie"    vulnerability in Allegro RomPager 4.07, commonly used in SOHO                    routers for TR-069 access.
      o   http-wordpress-plugins was renamed http-wordpress-enum and extended to enumerate both plugins and themes of Wordpress                       installations and their versions. http-wordpress-enum is now http-wordpress-users.
      o   mikrotik-routeros-brute performs password auditing attacks against Mikrotik's RouterOS API.
      o   omron-info gets device information from Omron PLCs via the FINS service.
      o   s7-info gets device information from Siemens PLCs via the S7 service, tunneled over ISO-TSAP on TCP port 102.
      o   snmp-info gets the enterprise number and other information from the snmpEngineID in an SNMPv3 response packet.
      o   ssl-ccs-injection detects whether a server is vulnerable to the SSL/TLS CCS Injection vulnerability (CVE-2014-0224)
      o   ssl-poodle detects the POODLE bug in SSLv3 (CVE-2014-3566)
      o   supermicro-ipmi-conf exploits Supermicro IPMI/BMC controllers.
      o   targets-ipv6-map4to6 generates target IPv6 addresses which correspond to IPv4 addresses mapped within a particular IPv6 subnet.
      o   targets-ipv6-wordlist generates target IPv6 addresses from a wordlist made of hexadecimal characters

=======================================================================================

http://seclists.org/nmap-announce/2015/2

 

 

 
 
 
 
 
 

 

Keywords:
0 comment(s)
Diary Archives