CVS commit: pkgsrc/net/nmap

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Thu Aug  3 13:52:00 UTC 2017

Modified Files:
        pkgsrc/net/nmap: Makefile PLIST distinfo

Log Message:
Nmap 7.60

o Updated the bundled Npcap from 0.91 to 0.93, fixing several issues
  with installation and compatibility with the Windows 10 Creators Update.

o NSE scripts now have complete SSH support via libssh2,
  including password brute-forcing and running remote commands, thanks to the
  combined efforts of three Summer of Code students.

o Added 14 NSE scripts from 6 authors, bringing the total up to 579!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

  + ftp-syst sends SYST and STAT commands to FTP servers to get system version
    and connection information.

  + http-vuln-cve2017-8917 checks for an SQL injection vulnerability affecting
    Joomla! 3.7.x before 3.7.1.

  + iec-identify probes for the IEC 60870-5-104 SCADA protocol.

  + openwebnet-discovery retrieves device identifying information and
    number of connected devices running on openwebnet protocol.

  + puppet-naivesigning checks for a misconfiguration in the Puppet CA where
    naive signing is enabled, allowing for any CSR to be automatically signed.

  + smb-protocols discovers if a server supports dialects NT LM 0.12
    (SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11. This replaces the old
    smbv2-enabled script.

  + smb2-capabilities lists the supported capabilities of SMB2/SMB3
    servers.

  + smb2-time determines the current date and boot date of SMB2
    servers.

  + smb2-security-mode determines the message signing configuration of
    SMB2/SMB3 servers.

  + smb2-vuln-uptime attempts to discover missing critical patches in
    Microsoft Windows systems based on the SMB2 server uptime.

  + ssh-auth-methods lists the authentication methods offered by an SSH server.

  + ssh-brute performs brute-forcing of SSH password credentials.

  + ssh-publickey-acceptance checks public or private keys to see if they could
    be used to log in to a target. A list of known-compromised key pairs is
    included and checked by default.

  + ssh-run uses user-provided credentials to run commands on targets via SSH.

o Removed smbv2-enabled, which was incompatible with the new SMBv2/3
  improvements. It was fully replaced by the smb-protocols script.

o Added Datagram TLS (DTLS) support to Ncat in connect (client)
  mode with --udp --ssl. Also added Application Layer Protocol Negotiation
  (ALPN) support with the --ssl-alpn option.

o Updated the default ciphers list for Ncat and the secure ciphers list for
  Nsock to use "!aNULL:!eNULL" instead of "!ADH". With the addition of ECDH
  ciphersuites, anonymous ECDH suites were being allowed.

o Fix ndmp-version and ndmp-fs-info when scanning Veritas Backup
  Exec Agent 15 or 16.

o Added wildcard detection to dns-brute. Only hostnames that
  resolve to unique addresses will be listed.

o FTP scripts like ftp-anon and ftp-brute now correctly handle
  TLS-protected FTP services and use STARTTLS when necessary.

o Function url.escape no longer encodes so-called "unreserved"
  characters, including hyphen, period, underscore, and tilde, as per RFC 3986.

o Function http.pipeline_go no longer assumes that persistent
  connections are supported on HTTP 1.0 target (unless the target explicitly
  declares otherwise), as per RFC 7230.

o The HTTP response object has a new member, version, which
  contains the HTTP protocol version string returned by the server, e.g. "1.0".

o Fix handling of the objectSID Active Directory attribute
  by ldap.lua.

o Fix line endings in the list of Oracle SIDs used by oracle-sid-brute.
  Carriage Return characters were being sent in the connection packets, likely
  resulting in failure of the script.

o http-useragent-checker now checks for changes in HTTP status
  (usually 403 Forbidden) in addition to redirects to indicate forbidden User
  Agents.


To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 pkgsrc/net/nmap/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/nmap/PLIST
cvs rdiff -u -r1.74 -r1.75 pkgsrc/net/nmap/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/nmap/Makefile
diff -u pkgsrc/net/nmap/Makefile:1.135 pkgsrc/net/nmap/Makefile:1.136
--- pkgsrc/net/nmap/Makefile:1.135      Wed Jun 14 09:26:29 2017
+++ pkgsrc/net/nmap/Makefile    Thu Aug  3 13:52:00 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.135 2017/06/14 09:26:29 adam Exp $
+# $NetBSD: Makefile,v 1.136 2017/08/03 13:52:00 adam Exp $
 
-DISTNAME=      nmap-7.50
+DISTNAME=      nmap-7.60
 CATEGORIES=    net security
 MASTER_SITES=  http://nmap.org/dist/
 EXTRACT_SUFX=  .tar.bz2
@@ -26,7 +26,7 @@ CONFIGURE_ARGS+=      --without-subversion
 
 BUILD_DEFS+=           IPV6_READY
 
-TEST_TARGET+=          check
+TEST_TARGET=           check
 
 .include "options.mk"
 

Index: pkgsrc/net/nmap/PLIST
diff -u pkgsrc/net/nmap/PLIST:1.26 pkgsrc/net/nmap/PLIST:1.27
--- pkgsrc/net/nmap/PLIST:1.26  Wed Jun 14 09:26:29 2017
+++ pkgsrc/net/nmap/PLIST       Thu Aug  3 13:52:00 2017
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.26 2017/06/14 09:26:29 adam Exp $
+@comment $NetBSD: PLIST,v 1.27 2017/08/03 13:52:00 adam Exp $
 bin/ncat
 ${PLIST.ndiff}bin/ndiff
 bin/nmap
@@ -298,6 +298,7 @@ ${PLIST.lua}share/nmap/nselib/data/oracl
 ${PLIST.lua}share/nmap/nselib/data/packetdecoders.lua
 ${PLIST.lua}share/nmap/nselib/data/passwords.lst
 ${PLIST.lua}share/nmap/nselib/data/pixel.gif
+${PLIST.lua}share/nmap/nselib/data/publickeydb
 ${PLIST.lua}share/nmap/nselib/data/psexec/README
 ${PLIST.lua}share/nmap/nselib/data/psexec/backdoor.lua
 ${PLIST.lua}share/nmap/nselib/data/psexec/default.lua
@@ -342,12 +343,15 @@ ${PLIST.lua}share/nmap/nselib/informix.l
 ${PLIST.lua}share/nmap/nselib/ipOps.lua
 ${PLIST.lua}share/nmap/nselib/ipmi.lua
 ${PLIST.lua}share/nmap/nselib/ipp.lua
+${PLIST.lua}share/nmap/nselib/irc.lua
 ${PLIST.lua}share/nmap/nselib/iscsi.lua
 ${PLIST.lua}share/nmap/nselib/isns.lua
 ${PLIST.lua}share/nmap/nselib/jdwp.lua
 ${PLIST.lua}share/nmap/nselib/json.lua
 ${PLIST.lua}share/nmap/nselib/ldap.lua
 ${PLIST.lua}share/nmap/nselib/lfs.luadoc
+${PLIST.lua}share/nmap/nselib/libssh2-utility.lua
+${PLIST.lua}share/nmap/nselib/libssh2.luadoc
 ${PLIST.lua}share/nmap/nselib/listop.lua
 ${PLIST.lua}share/nmap/nselib/lpeg-utility.lua
 ${PLIST.lua}share/nmap/nselib/lpeg.luadoc
@@ -392,6 +396,7 @@ ${PLIST.lua}share/nmap/nselib/shortport.
 ${PLIST.lua}share/nmap/nselib/sip.lua
 ${PLIST.lua}share/nmap/nselib/slaxml.lua
 ${PLIST.lua}share/nmap/nselib/smb.lua
+${PLIST.lua}share/nmap/nselib/smb2.lua
 ${PLIST.lua}share/nmap/nselib/smbauth.lua
 ${PLIST.lua}share/nmap/nselib/smtp.lua
 ${PLIST.lua}share/nmap/nselib/snmp.lua
@@ -552,6 +557,7 @@ ${PLIST.lua}share/nmap/scripts/ftp-bounc
 ${PLIST.lua}share/nmap/scripts/ftp-brute.nse
 ${PLIST.lua}share/nmap/scripts/ftp-libopie.nse
 ${PLIST.lua}share/nmap/scripts/ftp-proftpd-backdoor.nse
+${PLIST.lua}share/nmap/scripts/ftp-syst.nse
 ${PLIST.lua}share/nmap/scripts/ftp-vsftpd-backdoor.nse
 ${PLIST.lua}share/nmap/scripts/ftp-vuln-cve2010-4221.nse
 ${PLIST.lua}share/nmap/scripts/ganglia-info.nse
@@ -690,6 +696,7 @@ ${PLIST.lua}share/nmap/scripts/http-vuln
 ${PLIST.lua}share/nmap/scripts/http-vuln-cve2017-1001000.nse
 ${PLIST.lua}share/nmap/scripts/http-vuln-cve2017-5638.nse
 ${PLIST.lua}share/nmap/scripts/http-vuln-cve2017-5689.nse
+${PLIST.lua}share/nmap/scripts/http-vuln-cve2017-8917.nse
 ${PLIST.lua}share/nmap/scripts/http-vuln-misfortune-cookie.nse
 ${PLIST.lua}share/nmap/scripts/http-vuln-wnr1000-creds.nse
 ${PLIST.lua}share/nmap/scripts/http-waf-detect.nse
@@ -702,6 +709,7 @@ ${PLIST.lua}share/nmap/scripts/http-xsse
 ${PLIST.lua}share/nmap/scripts/iax2-brute.nse
 ${PLIST.lua}share/nmap/scripts/iax2-version.nse
 ${PLIST.lua}share/nmap/scripts/icap-info.nse
+${PLIST.lua}share/nmap/scripts/iec-identify.nse
 ${PLIST.lua}share/nmap/scripts/ike-version.nse
 ${PLIST.lua}share/nmap/scripts/imap-brute.nse
 ${PLIST.lua}share/nmap/scripts/imap-capabilities.nse
@@ -818,6 +826,7 @@ ${PLIST.lua}share/nmap/scripts/omp2-enum
 ${PLIST.lua}share/nmap/scripts/omron-info.nse
 ${PLIST.lua}share/nmap/scripts/openlookup-info.nse
 ${PLIST.lua}share/nmap/scripts/openvas-otp-brute.nse
+${PLIST.lua}share/nmap/scripts/openwebnet-discovery.nse
 ${PLIST.lua}share/nmap/scripts/oracle-brute-stealth.nse
 ${PLIST.lua}share/nmap/scripts/oracle-brute.nse
 ${PLIST.lua}share/nmap/scripts/oracle-enum-users.nse
@@ -834,6 +843,7 @@ ${PLIST.lua}share/nmap/scripts/pop3-brut
 ${PLIST.lua}share/nmap/scripts/pop3-capabilities.nse
 ${PLIST.lua}share/nmap/scripts/pop3-ntlm-info.nse
 ${PLIST.lua}share/nmap/scripts/pptp-version.nse
+${PLIST.lua}share/nmap/scripts/puppet-naivesigning.nse
 ${PLIST.lua}share/nmap/scripts/qconn-exec.nse
 ${PLIST.lua}share/nmap/scripts/qscan.nse
 ${PLIST.lua}share/nmap/scripts/quake1-info.nse
@@ -884,6 +894,7 @@ ${PLIST.lua}share/nmap/scripts/smb-ls.ns
 ${PLIST.lua}share/nmap/scripts/smb-mbenum.nse
 ${PLIST.lua}share/nmap/scripts/smb-os-discovery.nse
 ${PLIST.lua}share/nmap/scripts/smb-print-text.nse
+${PLIST.lua}share/nmap/scripts/smb-protocols.nse
 ${PLIST.lua}share/nmap/scripts/smb-psexec.nse
 ${PLIST.lua}share/nmap/scripts/smb-security-mode.nse
 ${PLIST.lua}share/nmap/scripts/smb-server-stats.nse
@@ -898,7 +909,10 @@ ${PLIST.lua}share/nmap/scripts/smb-vuln-
 ${PLIST.lua}share/nmap/scripts/smb-vuln-ms10-061.nse
 ${PLIST.lua}share/nmap/scripts/smb-vuln-ms17-010.nse
 ${PLIST.lua}share/nmap/scripts/smb-vuln-regsvc-dos.nse
-${PLIST.lua}share/nmap/scripts/smbv2-enabled.nse
+${PLIST.lua}share/nmap/scripts/smb2-capabilities.nse
+${PLIST.lua}share/nmap/scripts/smb2-security-mode.nse
+${PLIST.lua}share/nmap/scripts/smb2-time.nse
+${PLIST.lua}share/nmap/scripts/smb2-vuln-uptime.nse
 ${PLIST.lua}share/nmap/scripts/smtp-brute.nse
 ${PLIST.lua}share/nmap/scripts/smtp-commands.nse
 ${PLIST.lua}share/nmap/scripts/smtp-enum-users.nse
@@ -924,6 +938,10 @@ ${PLIST.lua}share/nmap/scripts/snmp-win3
 ${PLIST.lua}share/nmap/scripts/socks-auth-info.nse
 ${PLIST.lua}share/nmap/scripts/socks-brute.nse
 ${PLIST.lua}share/nmap/scripts/socks-open-proxy.nse
+${PLIST.lua}share/nmap/scripts/ssh-auth-methods.nse
+${PLIST.lua}share/nmap/scripts/ssh-brute.nse
+${PLIST.lua}share/nmap/scripts/ssh-publickey-acceptance.nse
+${PLIST.lua}share/nmap/scripts/ssh-run.nse
 ${PLIST.lua}share/nmap/scripts/ssh-hostkey.nse
 ${PLIST.lua}share/nmap/scripts/ssh2-enum-algos.nse
 ${PLIST.lua}share/nmap/scripts/sshv1.nse

Index: pkgsrc/net/nmap/distinfo
diff -u pkgsrc/net/nmap/distinfo:1.74 pkgsrc/net/nmap/distinfo:1.75
--- pkgsrc/net/nmap/distinfo:1.74       Wed Jun 14 09:26:29 2017
+++ pkgsrc/net/nmap/distinfo    Thu Aug  3 13:52:00 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.74 2017/06/14 09:26:29 adam Exp $
+$NetBSD: distinfo,v 1.75 2017/08/03 13:52:00 adam Exp $
 
-SHA1 (nmap-7.50.tar.bz2) = 08a2f57bf8923f9f9fa80f3ec005020011a1d69a
-RMD160 (nmap-7.50.tar.bz2) = 46010d6ab65efe0e86973e43f58afc05f33db49f
-SHA512 (nmap-7.50.tar.bz2) = b74c5711f03bae363164cdb7e62923ab938c81c7bbcd080eaa2d1acc89f09eb0a7e0f5deb9628b81057c7a35ecd487a2d09dfe3b58b0db6c84cf0b39f526e5f2
-Size (nmap-7.50.tar.bz2) = 9309616 bytes
+SHA1 (nmap-7.60.tar.bz2) = 5d36a55ce772ec24f7f50ab52780f932ee20529f
+RMD160 (nmap-7.60.tar.bz2) = 24d27f10cbfcb4ae895f1010b401246a510fab0c
+SHA512 (nmap-7.60.tar.bz2) = 74ba8f6de026ade9ee6bb2252bee18a57210f8207977df7f1c04556629dcdc1e6127f33febc8a52ef88a1dac876116d590564dee4f1c23798c3ac37529991aa4
+Size (nmap-7.60.tar.bz2) = 10394925 bytes
 SHA1 (patch-configure) = 5fc39f084eadd6ea0560cd8e6f52074113566600
 SHA1 (patch-libdnet-stripped_src_arp-bsd.c) = c56c4e70eca2fa04dd8aab38ed2c3f4cac83f5e3
 SHA1 (patch-libnetutil_netutil.cc) = 7bd1059d6cbcf4f6d129730d6c6f6bc3ab54c0a0