View Issue Details

IDProjectCategoryView StatusLast Update
0002313Kali LinuxQueued Tool Additionpublic2021-05-18 11:00
Reporterg0tmi1k Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Fixed in Versionkali-dev 
Summary0002313: nmap Upgrade (v6.49 beta2)

Name: nmap
Version: v6.49 beta2 (Current Version: 6.47 [Release Date: 2014-08-23])
Change log:

Nmap 6.49BETA1 [2015-06-03]

  • Integrated all of your IPv4 OS fingerprint submissions from May 2014 to
    February 2015 (1900+ of them). Added 281 fingerprints, bringing the new total
    to 4766. Addtions include Linux 3.18, Windows 8.1, OS X 10.10, Android 5.0,
    FreeBSD 10.1, OpenBSD 5.6, and more. Highlights: [Daniel Miller]

  • Integrated all of your service/version detection fingerprints submitted from
    June 2013 to February 2015 (2500+ of them). The signature count soared over
    the 10000 mark, a 12% increase. We now detect 1062 protocols, from http,
    telnet, and ftp to jute, bgp, and slurm. Highlights: [Daniel Miller]

  • Integrated all of your IPv6 OS fingerprint submissions from June 2013 to
    April 2015 (only 97 of them!). We are steadily improving the IPv6 database,
    but we need your submissions. The classifier added 9 new groups, bringing the
    new total to 90. Highlights: [Daniel

  • Nmap now has an official bug tracker! We are using Github Issues, which you
    can reach from We welcome your bug reports,
    enhancement requests, and code submissions via the Issues and Pull Request
    features of Github (, though the repository
    itself is just a mirror of our authoritative Subversion repository.

  • [Zenmap] New Chinese-language (zh) translation from Jie Jiang, new Hindi (hi)
    translation by Gyanendra Mishra, and updated translations for German (de,
    Chris Leick), Italian (it, Jan Reister), Polish (pl, Jacek Wielemborek), and
    French (fr, MaZ)

  • Added options --data <hex string> and --data-string <string> to send custom
    payloads in scan packet data. [Jay Bosamiya]

  • --reason is enabled for verbosity > 2, and now includes the TTL of received
    packets in Normal output (this was already present in XML) [Jay Bosamiya]

  • Update our Windows build system to VS 2013 on Windows 8.1. Also, we now build
    our included OpenSSL with DEP, ASLR, and SafeSEH enabled. [Daniel Miller]

  • Our OS X installer is now built for a minimum supported version of 10.8
    (Mountain Lion), a much-needed update from 10.5 (Leopard). Additionally,
    OpenSSL is now statically linked, allowing us to distribute the latest from
    Macports instead of being subjected to the 0.9.8 branch still in use as of
    10.9. [Daniel Miller]

  • New features for the IPv6 OS detection engine allow for better classification
    of systems: IPv6 guessed initial hop limit (TTL) and ratio of TCP initial
    window size to maximum segment size. [Alexandru Geana]

  • [NSE] Rework ssl-enum-ciphers to actually score the strength of the SSL/TLS
    handshake, including certificate key size and DH parameters if applicable.
    This is similar to Qualys's SSL Labs scanner, and means that we no longer
    maintain a list of scores per ciphersuite. [Daniel Miller]

  • All pages are now available SSL-secured to improve privacy
    and ensure your binaries can't be tampered with in transit. So be
    sure to download from We will soon
    remove the non-SSL version of the site. We still offer GPG-signed
    binaries as well:

  • [NSE] Added 25 NSE scripts from 17 authors, bringing the total up to 494!
    They are all listed at, and the summaries are below
    (authors are listed in brackets):

    • bacnet-info gets device information from SCADA/ICS devices via BACnet
      (Building Automation and Control Networks) [Stephen Hilt, Michael Toecker]

    • docker-version detects and fingerprints Docker [Claudio Criscione]

    • enip-info gets device information from SCADA/ICS devices via EtherNet/IP
      [Stephen Hilt]

    • fcrdns performs a Forward-confirmed Reverse DNS lookup and reports
      anomalous results. [Daniel Miller]

    • http-avaya-ipoffice-users enumerates users in Avaya IP Office 7.x systems.
      [Paulino Calderon]

    • http-cisco-anyconnect gets version and tunnel information from Cisco SSL
      VPNs. [Patrik Karlsson]

    • http-crossdomainxml detects overly permissive crossdomain policies and
      finds trusted domain names available for purchase. [Paulino Calderon]

    • http-shellshock detects web applications vulnerable to Shellshock
      (CVE-2014-6271). [Paulino Calderon]

    • http-vuln-cve2006-3392 exploits a file disclosure vulnerability in Webmin.
      [Paul AMAR]

    • http-vuln-cve2014-2126, http-vuln-cve2014-2127, http-vuln-cve2014-2128 and
      http-vuln-cve2014-2129 detect specific vulnerabilities in Cisco AnyConnect
      SSL VPNs. [Patrik Karlsson]

    • http-vuln-cve2015-1427 detects Elasticsearch servers vulnerable to remote
      code execution. [Gyanendra Mishra]

    • http-vuln-cve2015-1635 detects Microsoft Windows systems vulnerable to
      MS15-034. [Paulino Calderon]

    • http-vuln-misfortune-cookie detects the "Misfortune Cookie" vulnerability
      in Allegro RomPager 4.07, commonly used in SOHO routers for TR-069 access.
      [Andrew Orr]

    • http-wordpress-plugins was renamed http-wordpress-enum and extended to
      enumerate both plugins and themes of Wordpress installations and their
      versions. http-wordpress-enum is now http-wordpress-users. [Paulino Calderon]

    • mikrotik-routeros-brute performs password auditing attacks against
      Mikrotik's RouterOS API. [Paulino Calderon]

    • omron-info gets device information from Omron PLCs via the FINS service.
      [Stephen Hilt]

    • s7-info gets device information from Siemens PLCs via the S7 service,
      tunneled over ISO-TSAP on TCP port 102. [Stephen Hilt]

    • snmp-info gets the enterprise number and other information from the
      snmpEngineID in an SNMPv3 response packet. [Daniel Miller]

    • ssl-ccs-injection detects whether a server is vulnerable to the SSL/TLS
      CCS Injection vulnerability (CVE-2014-0224) [Claudiu Perta]

    • ssl-poodle detects the POODLE bug in SSLv3 (CVE-2014-3566) [Daniel Miller]

    • supermicro-ipmi-conf exploits Supermicro IPMI/BMC controllers. [Paulino

    • targets-ipv6-map4to6 generates target IPv6 addresses which correspond to
      IPv4 addresses mapped within a particular IPv6 subnet. [Raúl Fuentes]

    • targets-ipv6-wordlist generates target IPv6 addresses from a wordlist made
      of hexadecimal characters. [Raúl Fuentes]

  • Enhance Nmap's tcpwrapped service detection by using a shorter timeout for
    the tcpwrapped designation. This prevents falsely labeling services as
    tcpwrapped which merely have a read timeout shorter than 6 seconds. Full
    discussion: [nnposter, Daniel Miller]

  • Fix ICMP Echo (-PE) host discovery for IPv6, broken since 6.45, caused by
    failing to set the ICMP ID for outgoing packets which is used to match
    incoming responses. [Andrew Waters]

  • Add 2 more ASCII-art configure splash images to be rotated randomly with the
    traditional dragon image. New ideas for other images to use here may be sent
    to [email protected]. [Jay Bosamiya, Daniel Miller]

  • Solve a crash on Windows (reported on Windows 8.1 on Surface Pro 3) caused by
    passing a NULL pointer to a WinPcap function that then tries to write an
    error message to it. [Peter Malecka]

  • Fix compilation and several bugs on AIX. [Daniel Miller]

  • Fix a bug in libdnet-stripped on Solaris that resulted in the wrong MAC
    address being detected for all interfaces. [Daniel Miller]

  • [NSE] Improved http-form-brute autodetection and behavior to handle more
    unusual-but-valid HTML syntax, non-POST forms, success/failure testing on
    HTTP headers, and more. [nnposter]

  • [NSE] Reduce many NSE default timeouts and base them on Nmap's detected
    timeouts for those hosts from the port scan phase. Scripts which take timeout
    script-args can now handle 's' and 'ms' suffixes, just like Nmap's own
    options. [Daniel Miller]

  • [NSE] Remove db2-discover, as its functionality was performed by service
    version detection since the broadcast portion was separated into
    broadcast-db2-discover. [Daniel

  • Cache dnet names not found on Windows when enumerating interfaces in the
    Windows Registry. Reduces startup times. [Elon Natovich]

  • [NSE] Make smb-ls able to leverage results from smb-enum-shares or list of
    shares specified on command line. [Pierre Lalet]

  • [NSE] Fix X509 cert date parsing for dates after 2049. Reported by Teppo
    Turtiainen. [Daniel Miller]

  • Handle a bunch of socket errors that can result from odd ICMP Type 3
    Destination Unreachable messages received during service scanning. The crash
    reported was "Unexpected error in NSE_TYPE_READ callback. Error code: 92
    (Protocol not available)" [Daniel Miller]

  • Fixed a crash (NULL pointer dereference) in PortList::isTCPwrapped when using
    -sV and -O on an unknown service not listed in nmap-services. [Pierre Lalet]

  • Fixed a benign TOCTOU race between stat() and open() in mmapfile().
    Reported by Camille Mougey. [Henri Doreau]

  • Reduce CPU consumption when using nsock poll engine with no registered FD,
    by actually calling Poll() for the time until timeout, instead of directly
    returning zero and entering the loop again. [Henri Doreau]

  • Change the URI for the fingerprint submitter to its new location at

  • [NSE] Added a check for Cisco ASA version disclosure, CVE-2014-3398, to
    http-enum in the 'security' category [Daniel Miller]

  • Fixed a bug that caused Nmap to fail to find any network interface when a
    Prism interface is in monitor mode. The fix was to define the
    ARP_HRD_IEEE80211_PRISM header identifier in the libdnet-stripped code.
    [Brad Johnson]

  • Added a version probe for Tor. [David Fifield]

  • [NSE] Add support to citrix-enum-apps-xml for reporting if Citrix
    published applications in the list are enforcing/requiring the level
    of ICA/session data encryption shown in the script result.
    [Tom Sellers]

  • [NSE] Updated our Wordpress plugin list to improve the
    http-wordpress-enum NSE script. We can now detect 34,077 plugins,
    up from 18,570. [Danila Poyarkov]

  • [NSE] Add the signature algorithm that was used to sign the target port's
    x509 certificate to the output of ssl-cert.nse [Tom Sellers]

  • [NSE] Fixed a bug in the sslcert.lua library that was triggered against
    certain services when version detection was used. [Tom Sellers]

  • [NSE] vulns.Report:make_output() now generates XML structured output
    reports automatically. [Paulino Calderon]

  • [NSE] Add port.reason_ttl, host.reason, host.reason_ttl for use in scripts
    [Jay Bosamiya]

  • [NSE] If a version script is run by name, nmap.version_intensity() returns
    the maximum value (9) for it [Jay Bosamiya]

  • [NSE] shortport.version_port_or_service() takes an optional rarity parameter
    now to run only when version intensity > rarity [Jay Bosamiya]

  • [NSE] Added nmap.version_intensity() function so that NSE version scripts
    can use the argument to --version-intensity (which can be overridden by the
    script arg 'script-intensity') in order to decide whether to run or not
    [Jay Bosamiya]

  • Improve OS detection; If a port is detected to be 'tcpwrapped', then it will
    not be used for OS detection. This helps in cases where a firewall might be
    the port to be 'tcpwrapped' [Jay Bosamiya]

  • [Zenmap] Reduce noise generated in Topology View due to anonymous
    hops [Jay Bosamiya]

  • Added option --exclude-ports to Nmap so that some ports can be excluded from
    scanning (for example, due to policy) [Jay Bosamiya]

  • [Zenmap] Catch the MemoryError caused in Zenmap due to large Nmap Output,
    and display a more helpful error message [Jay Bosamiya]

  • Catch badly named output files (such as those unintentionally caused by
    "-oX -sV logfile.xml") [Jay Bosamiya]

  • [Zenmap] Improved NmapParser to increase speed in opening scans. Large scans
    now open in seconds instead of hours. [Jay Bosamiya]

  • Modify the included libpcap configure script to disable certain unused
    features: bluetooth, usb, usb-can, and dbus sniffing. Dbus support caused a
    build problem on CentOS 6.5. [Daniel Miller]

  • Updated the bundled libpcap from 1.2.1 to 1.5.3 [Jay Bosamiya]

  • Correct the Target MAC Address in Nmap's ARP discovery to conform to what IP
    stacks in currently popular operating systems use. [Jay Bosamiya]

  • Fixed a bug which caused Nmap to be unable to have any runtime interaction
    when called from sudo or from a shell script. [Jay Bosamiya]

  • Improvements to whois-ip.nse: fix an unhandled error when a referred-to
    response could not be understood; add a new pattern to recognise a
    LACNIC "record not found" type of response and update the way ARIN is
    queried. [jah]

o [GH#154] Fix a crash (assertion error) when Nmap recieves an ICMP Host
Unreachable message.

o [NSE] Support newer MS products in smb-os-discovery script and the mssql
library. [Rob Nicholls]

o Let --script-args values contain quotes again. LPEG conversion
incorrectly broke escaping. [Dan Miller]

o [GH#158] Fix a configure failure when Python is not present, but no
Python projects were requested. [Gioacchino Mazzurco]

o [GH#161] [Zenmap] Fix Zenmap on OS X which was failing with
zipimport.ZipImportError due to architecture mismatch.

o [NSE] Remove checks from dnsbl.lua, since the service was shut
down. [Forrest B.]

o Update copyright dates in header files and such to 2015 [Dan Miller]

o [NSE] Reduce excess space in the output of http-server-header NSE script.
[Dan Miller]




2015-06-18 10:09

administrator   ~0003415

Nmap 6.49BETA2 Released is now out ~



2015-07-15 06:48

manager   ~0003510

New version 6.49~BETA4-0kali1 is available in kali-sana and kali-rolling.

Issue History

Date Modified Username Field Change
2015-06-05 13:45 g0tmi1k New Issue
2015-06-18 10:09 g0tmi1k Note Added: 0003415
2015-06-18 10:10 g0tmi1k Summary nmap Upgrade (v6.49 beta1) => nmap Upgrade (v6.49 beta2)
2015-06-18 10:10 g0tmi1k Description Updated
2015-07-05 08:20 rhertzog Assigned To => sbrun
2015-07-05 08:20 rhertzog Status new => assigned
2015-07-15 06:48 sbrun Note Added: 0003510
2015-07-15 06:48 sbrun Status assigned => resolved
2015-07-15 06:48 sbrun Resolution open => fixed
2021-05-18 10:55 g0tmi1k Fixed in Version => kali-dev
2021-05-18 11:00 g0tmi1k Category New Tool Requests => Queued Tool Addition