![]() |
The Nmap Thread
What is Nmap?
Quote:
The Nping utility is now also included with the Nmap suite. What can I do with Nmap? Nmap is typically used to scan networks for hosts and their available ports/services. The latest versions include the ability to execute pre-packaged scripts, which can do everything from service detection and interrogation to finding hosts that are potentially susceptible to worm infection. If you administer a network in any capacity, Nmap is your friend! Nmap on Maemo 5/Fremantle Nmap 5.59BETA1 is now available in Extras-testing! Quote:
Nmap 5.50 is currently available for Fremantle in Extras. Extras - Nmap 5.50 Some Nmap scanning operations (such as OS fingerprinting) require root privileges. This Nmap package gives you the ability to use 'sudo nmap'. Screenshots of Nmap on the N900 Running an OS fingerprint scan against localhost (an N900) http://i40.tinypic.com/11a9yyq.png Running an OS fingerprint scan against a Windows XP virtual machine http://i42.tinypic.com/ehkmt4.png Running the 'SMB OS Discovery' script to show Windows OS specific details http://i39.tinypic.com/98ra5l.png Running the 'SMB Security Mode' script to show supported authentication types http://i41.tinypic.com/24qpp8n.png Using the 'SMB Check Vulns' script to show that this host is potentially vulnerable to the Conficker worm http://i41.tinypic.com/2mnm4pi.png More coming soon! Zenmap on the N900 Zenmap does run on the N900, and can be executed from the command line by running 'zenmap'. Several changes are needed to make Zenmap run properly on Fremantle, including some interface adjustments to make the user experience as smooth as possible. Check back, updates will be posted here! More information Nmap Homepage Official Nmap documentation Scanning Windows Deeper with the Nmap Scanning Engine [PDF] Detecting Conficker with Nmap |
Re: The Nmap Thread
bump, added more interesting screenshots
|
Re: The Nmap Thread
Nice, I already have nmap installed, can't wait for zenmap :)
|
Re: The Nmap Thread
Update: Nmap 5.21 now available in Extras!
|
Re: The Nmap Thread
Update: Nmap 5.50 is now available in Extras-testing!
A lot of updates since the last version of Nmap on Fremantle (5.21), including the addition of the Nping utility as well as a bunch of new scripts. You can find the latest changelog for 5.50 here: http://nmap.org/changelog.html |
Re: The Nmap Thread
Update: Nmap 5.59BETA1 has been promoted and is now in Extras-testing!
Additions include 40 new scripts, 7 new protocol libraries, and improved service detection. Nmap changelog is located at http://nmap.org/changelog.html |
Re: The Nmap Thread
There's a bug with beta version:
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-07-14 08:13 IDT route_dst_netlink: can't find interface "wlan0" edit: this happens only when running as root. |
Re: The Nmap Thread
Positive, except that for me it's complaining about "lo" interface being missing. Non-root work fine.
|
Re: The Nmap Thread
There seems to be a few issues with libnetutil included in 5.59BETA1, it underwent a few changes to handle IPv6 support. BTW, I haven't yet had a chance to do thorough testing with IPv6 scanning under Maemo, if one of you guys beats me to it please post your findings!
There look to be some updates in the SVN, I'll see if these fix the route_dst_netlink issues. |
Re: The Nmap Thread
No relevent changes in SVN, I'm tracking down some changes in libnetutil and the libdnet included with Nmap to find the source of the issue.
In the meantime, can I get a few people to run 'nmap --iflist' with both root and non-root privileges? I'm also interested if you're running power-kernel and busybox-power or the stock kernel and/or busybox. Thanks! |
Re: The Nmap Thread
without root:
INTERFACES: NONE FOUND(!) ROUTES: NONE FOUND(!) with root - surprisingly - same output. Kernel-power v47 and busybox-power here. |
Re: The Nmap Thread
Those were my results and configuration, I'm wondering if someone with a stock kernel has the same issues.
|
Re: The Nmap Thread
Quote:
|
Re: The Nmap Thread
KP47, busybox-power, no cssu
Same result. Went back to 5.50-2 for now. |
Re: The Nmap Thread
Quote:
Hope that helps. |
Re: The Nmap Thread
Quote:
Quote:
|
Re: The Nmap Thread
Any news on update ??
same here: without root: INTERFACES: NONE FOUND(!) ROUTES: NONE FOUND(!) with root: INTERFACES: NONE FOUND(!) ROUTES: NONE FOUND(!) Kernel-power v47 and busybox v1.19.0power1 |
Re: The Nmap Thread
Just upgraded to kernel-power v48 and still as above
|
Re: The Nmap Thread
*technical bump* for users with nmap 5.59beta1 installed (from extras-devel repository), the issue is with nmap itself. I have kernel-power48, mp-fremantle-community-pr=20.2010.36-2maemo16.8, busybox-power=1.19.2power1 installed.
When I ran nmap=5.59beta1 with exactly the same configuration above. I got: Code:
Nokia-N900:~# nmap -sS xxx.xxx.xxx.xxx Code:
Nokia-N900:~# nmap --iflist Code:
Nokia-N900:~# apt-get install nmap=5.50-2 Code:
Nokia-N900:~# nmap -sS -vv xxx.xxx.xxx.xxx |
Re: The Nmap Thread
i compiled and make install Nmap 5.61TEST5 on my N900,,but the same result. nmap --iflist ,output:INTERFACES: NONE FOUND(!) ,ROUTES: NONE FOUND(!)
has somebody can fix it .nmap is the best network scaner! |
Re: The Nmap Thread
Quote:
|
Re: The Nmap Thread
Nathan
(terminal3, author of 5.59beta1 port) is MIA (last seen in april) - meantime, upstream nmap6 got released, and bugfixed already. Maybe someone skilled enough, could compile and package it for Maemo (with chance, that "root bug" won't be still present)? Pretty please? /Estel |
Re: The Nmap Thread
I made a new version of nmap - 6.25.
It's fully working, also with zenmap and other goodies. Package is optified. After the migration finish, when garage.maemo will be available I'll upload it to the repo. |
Re: The Nmap Thread
Spoofy, can you upload the deb in the meantime?
|
Re: The Nmap Thread
Ugh. I would like to wait and upload it into repository or wait until PPP (the polishpwniephone image) release.
|
Re: The Nmap Thread
Will all programms found in PPP be uploaded in the repository too? I mean we already have dozens of tools in the repositories but updated tools in repositories are much more prefered than 1 big image packed with all tools. It gives freedom of choice. Ofcourse not all programs can be uploaded, I guess. Metasploit is a bit hard in the repos but updated Nmap, aircrack-ng and ettercap are great examples of tools which easily can go into the repositories (and some of the already are).
Is hamster and ferret for example included in PPP? While it's maybe to be included in PPP only, it would be even better if these tools are in the repositories, given that they work.... Where can I find some info about PPP and about included tools ? |
Re: The Nmap Thread
First of all - Sorry for my english - It's not my primary language :)
We don't know already how the PPP will be released. In fact all of tools that can be "debd" will be available with sources, but for the moment we prefer to focus on updating (and MAKING) as much as we can. Yesterday I spoke with Doc on irc and there is such a possibility that all .debs will not be uploaded into maemo.org repo but on our own repo. Metasploit will NOT be available on .deb package but all of updated dependencies (We found out the solution to run newest metasploit updated via subversion, fully functionall - loaded less then 3 minutes and not freezing whole system). However all of info about PPP and our work will be available on www.meegoforum.pl or (when we finish our project and website) on other subpage like www.meegoforum.pl/PolishPwniePhone/ . Ugh. I think we start an offtopic about pentesting tools here :P All maemo users are one big family and we should stick together and share our work, but IMO we focus too much on newer "core" of maemo (like new release of CSSU) and forget about the functionality. The n900 is still the best phone to do some real-life "hacky" things. However, I'll upload the nmap package soon and give you an url ;) Edit: Description: nmap - Command line open-source network and security scanning tool Format: 1.0 Source: nmap Version: 6.25-1 Binary: nmap Maintainer: Sp00Fy <spoofy@os.pl> Architecture: any Standards-Version: 3.7.2 Build-Depends: debhelper (>= 5), autotools-dev, openssl, libssl-dev, libssl0.9.8, bluez, python, python-central [some python-gtk for zenmap :) ] DOWNLOAD |
Re: The Nmap Thread
First of all your english is fine to me ;) English isn't my first language either but as long as we can comprehend eachother, we are fine :)
About the polish part, I really hope it's targeted at the whole maemo community and that all tools + documentation will be in english. (I can volunteer to help on this matter.) Just that the polish part of PPP is because the authors are polish. Anyway good luck, you are doing a great job! An new repostory for all tools sound awesome to me. With enabling of one repository on your N900 you could turn your N900 to pwnie phone yourself and skip the tools you don't need or want. I have quite a few pentesting programs on my N900 and I like the idea of the image but I never bothered to install the full image. If you know what I mean ;) Sure there are some things that won't fit easy in a repository so it will be better in tarball or indeed, a image. My wish would be that everything could be installable by using 3 tools: apt(dpkg), wget and tar |
Re: The Nmap Thread
I just wonder, have it got anywhere? Migration ended long time ago, and I haven't noticed new nmap in repos (correct me if I'm wrong, just stumbled accidentaly into this thread, again.
Thanks for efforts, no matter what. /Estel |
Re: The Nmap Thread
Quote:
I think I'll take care of the PPP right now ;) |
Re: The Nmap Thread
Do I understand it correctly as "no plans for putting it into repos, as I'll work on PPP"?
|
Re: The Nmap Thread
Just uploaded to the auto builder the new nmap 6.46 with fixed zenmap to run with python 2.5.
Nmap version 6.46 ( http://nmap.org ) Platform: arm-unknown-linux-gnueabi Compiled with: nmap-liblua-5.2.3 openssl-0.9.8n nmap-libpcre-7.6 nmap-libpcap-1.2.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select Enjoy the power of nmap scripts! Examples: nmap -sV -d --script=ssl-heartbleed domain.com nmap --script ssl-enum-ciphers.nse domain.com nmap -sV -d --script=broadcast-upnp-info |
Re: The Nmap Thread
So I see NMap got updated (awesome) and that the prior devel version was pushed to testing (what?).
Now, I get that we're a dwindling community and the users of testing probably number in the single digits, but there was a reason why the original maintainer never pushed the update to testing: it simply didn't work on the stock driver like the prior versions, and only worked on the injection-capable one (I think something about interfaces changed and the new one had it while the old one didn't). So what, we pushed a package that simply does not work with the stock driver, into testing? And we did NOT update the dependency list to specify that any of the packages that provide the injection drivers (that also provide whatever else we still need)? As maintainers we shouldn't be doing that. I guess it's partly my fault: I actually failed to step up as maintainer myself (but in my defence, I also didn't know I was maintainer until about a month or two ago, no idea when my maintainer request got approved; and I have been trying to finish college and secure a fulltime well-paying job so that I could afford to contribute to things like this later.) xes: All of the above said, I really appreciate you getting this release out (whether it's one release or indefinite maintenance).Thank you for taking the time and effort to do so. |
Re: The Nmap Thread
Quote:
Now this to me seems much more worthy of promotion to testing than the 5.59-BETA1 or whatever was pushed to testing previously, simply by strenth of the increased compatibility and useful ease of usability alone. Quote:
|
Re: The Nmap Thread
Oh, one more thing: I kinda half-flipped when I saw this, but been so busy couldn't get around to making a note of it here (seriously, someone please yell at me like once a week until it's addressed):
The aforementioned version of this in extras-devel added nmap and ncat to 'NOPASSWD' sudoers. This introduces a security issue. Why? Because ncat can launch arbitrary programs and then connect up to them. So even if you have a fairly locked down N900 with sudo password protected across all invocations (as I do on mine), that update comes in, and unless you KNOW it has been thus tweaked (which I didn't just getting the update over apt-get), that extra sudoers entry just opens the door to everything, because now effectively any process on the device can run 'sudo ncat [parameters to run 'sh' or arbitrary command]', and either do another ncat instance to connect up to that very root shell, or just sit back and let the aforementioned arbitrary command does it's thing. ...honestly, the more I think about it, the more I hate the convention we have here in our repos of adding entries to sudoers to let people run things at their leisure, because such habits cause things like this. If no one else thinks of something better, what I'd like to do is push a separate package that provides the sudoers entries (like "nmap-sudoers") and that's it, and then push an upgrade that removes these new sudoers entries from the main nmap package. |
Re: The Nmap Thread
I really appreciate your security worries and i would see more checks like this for all the crucial packages we have here.
Latest package followed the insane approach to make an intense use of sudo because the previous one was prepared in the same way and evaluating the long time since last update the painless step and more reasonable way (to me) was to pick up the package and update following the previous situation. Now, since all the feedback received here sounds like a silent/consent to the last package version, we (I / YOU) can proceed with further changes. Anyway, i think that have an updated nmap version is very important considering the package purpose and leaving it there "just sleeping" for 3 years sounds like abandoned and not acceptable. I was expecting for the new version 6.47 to be released to prepare another package, but, if you have more time than me to take care of it, as older maintainer, feel free to go ahead! |
Re: The Nmap Thread
I also appreciate your efforts.
But: this is for one package only. Even we/techstaff would find a solution, it is so much easy to put a postinst script adding whatever you do not like. So security wise one would need to throw a look into each deb you install. Another but: go ahead, please. :) Fixing it one by one is our only chance. -- Just to clarify: I just wanted to express that a 'safe' package needs to be checked either way. One could use such sudoers or just some postinst script to break into your device. But this is surely not the thing here but probably mis-packaging (like sudser package which I re-configured pretty early). So I would propose to change this behaviour in the sudoers file. |
Re: The Nmap Thread
Re: sudoers
I think it would be too much effort to clean-up all packages to remove the package-specific sudoers files. What might work nicely would be to re-work /usr/sbin/update-sudoers (part of sudo package), which is the one actually generating the sudoers file based on the files available under /etc/sudoers.d/ (which is where packages place their sudo-stuff). My idea would be to patch update-sudoers so that it does nothing (hence preventing a rogue postint from breaking your system before you have a chance to fix it) and then make a customized version of update-sudoers (called "update-sudoers-really" or something to that effect), which either does everything automatically (like now) or interactively ("do you want to integrate nmap.sudoers in your sudoers list? [y/N]") or using some rule file ("01sudoers = Y, nmap = N, powertop = Y, default = ask", etc.) I guess the issue is not so critical for now (after all, each one can take care of his/her sudoers file), but adapting the script would be quite easy. Then we could provide a package like "sudo-sanitize" which could replace update-sudoers using some debian-fu (alternatives) to keep dpkg and apt-get happy with replacing a file which is part of the sudo package. I'll add it to my list. |
Re: The Nmap Thread
Yeah, good idea.
But that would help us geeks. Normal user does not know about sudoers. And maybe should not know ? Some packages need some sudo voodooo (I do) to get things working. And to ask the user to run update-sudoers as root? But I will accept any other good reason/explanation! :) |
Re: The Nmap Thread
I'm getting following error when trying to install latest nmap package:
Code:
dpkg: error processing /var/cache/apt/archives/nmap_6.46-1maemo2_armel.deb (--unpack): For the record, there was other error that was breaking configure (trying to optify /usr/share/doc/nmap, which doesnmt exist), but it is well-known and workaround consist of just touch /usr/share/doc/nmap. /Estel |
All times are GMT. The time now is 01:08. |
vBulletin® Version 3.8.8