Fyodor has announced the release of Nmap 6.49BETA1.This version will have hundreds of improvement, including:
- Integrated all of the latest OS detection and version/service detection submissions (including IPv6)
- Infrastructure improvements: an official bug tracker
- Added options --data and --data-string to send custom payloads in scan packet data.
- 25 new NSE scripts (total is now 494):
o bacnet-info gets device information from SCADA/ICS devices via BACnet (Building Automation and Control Networks)
o docker-version detects and fingerprints Docker
o enip-info gets device information from SCADA/ICS devices via EtherNet/IP
o fcrdns performs a Forward-confirmed Reverse DNS lookup and reports anomalous results
o http-avaya-ipoffice-users enumerates users in Avaya IP Office 7.x systems.
o http-cisco-anyconnect gets version and tunnel information from Cisco SSL VPNs
o http-crossdomainxml detects overly permissive crossdomain policies and finds trusted domain names available for purchase
o http-shellshock detects web applications vulnerable to Shellshock (CVE-2014-6271).
o http-vuln-cve2006-3392 exploits a file disclosure vulnerability in Webmin.
o http-vuln-cve2014-2126, http-vuln-cve2014-2127, http-vuln-cve2014-2128 and http-vuln-cve2014-2129 detect specific vulnerabilities in Cisco AnyConnect SSL VPNs
o http-vuln-cve2015-1427 detects Elasticsearch servers vulnerable to remote code execution.
o http-vuln-cve2015-1635 detects Microsoft Windows systems vulnerable to MS15-034
o http-vuln-misfortune-cookie detects the "Misfortune Cookie" vulnerability in Allegro RomPager 4.07, commonly used in SOHO routers for TR-069 access.
o http-wordpress-plugins was renamed http-wordpress-enum and extended to enumerate both plugins and themes of Wordpress installations and their versions. http-wordpress-enum is now http-wordpress-users.
o mikrotik-routeros-brute performs password auditing attacks against Mikrotik's RouterOS API.
o omron-info gets device information from Omron PLCs via the FINS service.
o s7-info gets device information from Siemens PLCs via the S7 service, tunneled over ISO-TSAP on TCP port 102.
o snmp-info gets the enterprise number and other information from the snmpEngineID in an SNMPv3 response packet.
o ssl-ccs-injection detects whether a server is vulnerable to the SSL/TLS CCS Injection vulnerability (CVE-2014-0224)
o ssl-poodle detects the POODLE bug in SSLv3 (CVE-2014-3566)
o supermicro-ipmi-conf exploits Supermicro IPMI/BMC controllers.
o targets-ipv6-map4to6 generates target IPv6 addresses which correspond to IPv4 addresses mapped within a particular IPv6 subnet.
o targets-ipv6-wordlist generates target IPv6 addresses from a wordlist made of hexadecimal characters