fa50e38b519be59bae9c8cea7838b025882a74bcb3e47d1104b63d8166d180dd : setup.py 
6ca3089f48a3efb13d2d95f1194200f00a64dd03e24ca68649f103deb993484b : nmap-7.01-setup.exe 
cc041c84df81426c97c584c597b9f0cbd3c820993430be1b7ac1462067c20eba : .vscode/settings.json 
bdd0a39b8d5a175ab8b2b7fcddf7a0cba23e63d90b474d3ee93af88c2c61b9a2 : .vscode/launch.json 
75a484f315db38bac9dbfbc9be6f449737ce87858a55c7bfa1266a1165568dab : .env 
a0cc0e6d7a40b410d712120a0e75a3b9e4b8839fae3313aca9368366f6bd9414 : WAPT/wapt.psproj 
405df748d867d3009a224d7eb555f3cbd39ddcc636372dc4f38d9b2a8d3c3506 : WAPT/icon.png 
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt 
16505a2b0e3931e476261460bc0de051d473fe0cec5ce2a617f041fa02a68277 : WAPT/changelog.txt 
55d1e6402f0f459d74798928359ac94801ce4c924b55dcddd65cb546c2ca7a85 : WAPT/control 
     						

#Nmap Changelog ($Id: CHANGELOG 37679 2019-06-26 20:13:44Z dmiller $); -*-text-*-

    [NSE][GH#1126] New script vulners.nse queries the Vulners CVE database API using CPE information from Nmap's service and application version detection. [GMedian, Daniel Miller]
    [NSE][GH#1633] New script rdp-ntlm-info.nse allows extraction of Windows domain information from RDP services. Information extracted and format of output is the same as other *-ntlm-info scripts. [Tom Sellers]
    [NSE][GH#1614] Add TLS support to rdp-enum-encryption. Enables determining protocol version against servers that require TLS and lays ground work for some NLA/CredSSP information collection. [Tom Sellers]
    [NSE][GH#1611] Address two protocol parsing issues in rdp-enum-encryption and the RDP nse library which broke scanning of Windows XP. Clarify protocol types [Tom Sellers]
    [NSE][GH#1608] Script http-fileupload-exploiter failed to locate its resource file unless executed from a specific working directory. [nnposter]
    [NSE][GH#1571] The HTTP library now provides transparent support for gzip- encoded response body. (See https://github.com/nmap/nmap/pull/1571 for an overview.) [nnposter]
    [NSE][GH#1571] The HTTP library is now enforcing a size limit on the received response body. The default limit can be adjusted with a script argument, which applies to all scripts, and can be overridden case-by-case with an HTTP request option. (See https://github.com/nmap/nmap/pull/1571 for details.) [nnposter]
    [Nsock][Ncat][GH#1075] Add AF_VSOCK (Linux VM sockets) functionality to Nsock and Ncat. VM sockets are used for communication between virtual machines and the hypervisor. [Stefan Hajnoczi]
    [NSE][GH#1467] Avoid clobbering the "severity" and "ignore_404" values of fingerprints in http-enum. None of the standard fingerprints uses these fields. [Kostas Milonas]
    [NSE][GH#1077] Fix a crash caused by a double-free of libssh2 session data when running SSH NSE scripts against non-SSH services. [Seth Randall]
    [NSE][GH#1565] Updates the execution rule of the mongodb scripts to be able to run on alternate ports. [Paulino Calderon]
    [Ncat][GH#1560] Allow Ncat to connect to servers on port 0, provided that the socket implementation allows this. [Daniel Miller]
    Update the included libpcap to 1.9.0. [Daniel Miller]
    [NSE][GH#1544] Fix a logic error that resulted in scripts not honoring the smbdomain script-arg when the target provided a domain in the NTLM challenge. [Daniel Miller]
    [Nsock][GH#1543] Avoid a crash (Protocol not supported) caused by trying to reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel Miller]
    [NSE][GH#1016][GH#1082] New script http-hp-ilo-info to extract information from HP Integrated Lights-Out (iLO) servers. [rajeevrmenon97]
    [NSE][GH#1534] Removed OSVDB references from scripts and replaced them with BID references where possible. [nnposter]
    [NSE][GH#1504] New script lu-enum.nse attempts to enumerate Logical Units (LU) of TN3270E servers. [Soldier of Fortran]
    [NSE][GH#1504] Updates TN3270.lua and adds argument to disable TN3270E [Soldier of Fortran]
    [GH#1504] RMI parser could crash when encountering invalid input [Clément Notin]
    [GH#863] Avoid reporting negative latencies due to matching an ARP or ND response to a probe sent after it was recieved. [Daniel Miller]
    [ncat][GH#1441] To avoid confusion and to support default proxy ports, option --proxy now requires a literal IPv6 address to be specified using square-bracket notation, such as --proxy [2001:db8::123]:456. [nnposter]
    [ncat][GH#1214][GH#1230][GH#1439] New ncat option provides control over whether proxy destinations are resolved by the remote proxy server or locally, by Ncat itself. See option --proxy-dns. [nnposter]
    [NSE][GH#1478] Updated script ftp-syst to prevent potential endless looping. [nnposter]
    [NSE][GH#1457] New script, ubiquiti-discovery, which extracts information from the Ubiquiti Discovery service and assists version detection. [Tom Sellers]
    [GH#1454] New service probes and match lines for v1 and v2 of the Ubiquiti Discovery protocol. Devices often leave the related service open and it exposes significant amounts of information as well as the risk of being used as part of a DDoS. New nmap-payload entry for v1 of the protocol. [Tom Sellers]
    [NSE] Removes hostmap-ip2hosts.nse as the API has been broken for a while and the service will be completely shutdown on Feb 17th. [Paulino Calderon]
    [NSE][GH#1318] Adds TN3270E support and additional improvements to tn3270.lua and updates tn3270-screen.nse to display the new setting. [mainframed]
    [NSE][GH#1346] Updates product codes and adds a check for response length in enip-info.nse. The script now uses string.unpack. [NothinRandom]
    [Ncat][GH#1310][GH#1409] Temporary RSA keys are now 2048-bit to resolve a compatibility issue with OpenSSL library configured with security level 2, as seen on current Debian or Kali. [Adrian Vollmer, nnposter]
    [NSE][GH#1227] Fix a crash (double-free) when using SSH scripts against non-SSH services. [Daniel Miller]
    [Zenmap] Fix a crash when Nmap executable cannot be found and the system PATH contains non-UTF-8 bytes, such as on Windows. [Daniel Miller]
    [Zenmap] Fix a crash in results search when using the dir: operator:

        AttributeError: 'SearchDB' object has no attribute 'match_dir'

    [Daniel Miller]
    [Ncat][GH#1372] Fixed an issue with Ncat -e on Windows that caused early termination of connections. [Alberto Garcia Illera]
    [GH#1361] Deprecate and disable the -PR (ARP ping) host discovery option. ARP ping is already used whenever possible, and the -PR option would not force it to be used in any other case. [Daniel Miller]
    [NSE][GH#1243] Added http-sap-netweaver-leak to detect SAP Netweaver Portal with the Knowledge Management Unit enabled with anonymous access. [ArphanetX]
    [NSE] Collected utility functions for string processing into a new library, stringaux.lua. [Daniel Miller]
    [NSE][GH#1359] Fix a false-positive in http-phpmyadmin-dir-traversal when the server responds with 200 status to a POST request to any URI. [Francesco Soncina]
    [NSE] New vulnerability state in vulns.lua, UNKNOWN, is used to indicate that testing could not rule out vulnerability. [Daniel Miller]
    [NSE] New rand.lua library uses the best sources of random available on the system to generate random strings. [Daniel Miller]
    [NSE] Collected utility functions for manipulating and searching tables into a new library, tableaux.lua. [Daniel Miller]
    [GH#1355] When searching for Lua header files, actually use them where they are found instead of forcing /usr/include. [Fabrice Fontaine, Daniel Miller]
    [NSE][GH#1331] Script traceroute-geolocation no longer crashes when www.GeoPlugin.net returns null coordinates [Michal Kubenka, nnposter]
    Limit verbose -v and debugging -d levels to a maximum of 10. Nmap does not use higher levels internally. [Daniel Miller]
    [NSE] bin.lua is officially deprecated. Lua 5.3, added 2 years ago in Nmap 7.25BETA2, has native support for binary data packing via string.pack and string.unpack. All existing scripts and libraries have been updated. [Daniel Miller]
    [NSE] tls.lua when creating a client_hello message will now only use a SSLv3 record layer if the protocol version is SSLv3. Some TLS implementations will not handshake with a client offering less than TLSv1.0. Scripts will have to manually fall back to SSLv3 to talk to SSLv3-only servers. [Daniel Miller]
    [NSE][GH#1322] Fix a few false-positive conditions in ssl-ccs-injection. TLS implementations that responded with fatal alerts other than "unexpected message" had been falsely marked as vulnerable. [Daniel Miller]
    Emergency fix to Nmap's birthday announcement so Nmap wishes itself a "Happy 21st Birthday" rather than "Happy 21th" in verbose mode (-v) on September 1, 2018. [Daniel Miller]
    [NSE] New knx.lua library holds common functions and definitions for communicating with KNX/Konnex devices. [Daniel Miller]
    [NSE] Completely removed the bit.lua NSE library. All of its functions are replaced by native Lua bitwise operations, except for `arshift` (arithmetic shift) which has been moved to the bits.lua library. [Daniel Miller]
    [GH#1291][GH#34][GH#1339] Use pcap_create instead of pcap_live_open in Nmap, and set immediate mode on the pcap descriptor. This solves packet loss problems on Linux and may improve performance on other platforms. [Daniel Cater, Mike Pontillo, Daniel Miller]
    [GH#1150] Start host timeout clocks when the first probe is sent to a host, not when the hostgroup is started. Sometimes a host doesn't get probes until late in the hostgroup, increasing the chance it will time out. [jsiembida]
    [GH#1147][GH#1108] Reduced LibPCRE resource limits so that version detection can't use as much of the stack. Previously Nmap could crash when run on low-memory systems against target services which are intentionally or accidentally difficult to match. Someone assigned CVE-2018-15173 for this issue. [Daniel Miller]
    [NSE] Support for edns-client-subnet (ECS) in dns.lua has been improved by:
        [GH#1271] Using ECS code compliant with RFC 7871 [John Bond]
        Properly trimming ECS address, as mandated by RFC 7871 [nnposter]
        Fixing a bug that prevented using the same ECS option table more than once [nnposter]
    [Ncat][GH#1267] Fixed communication with commands launched with -e or -c on Windows, especially when --ssl is used. [Daniel Miller]
    Upgraded included libpcap to 1.8.1 [Daniel Miller]
    [NSE] Script http-default-accounts can now select more than one fingerprint category. It now also possible to select fingerprints by name to support very specific scanning. [nnposter]
    [NSE] Script http-default-accounts was not able to run against more than one target host/port. [nnposter]
    [NSE][GH#1251] New script-arg `http.host` allows users to force a particular value for the Host header in all HTTP requests.
    [NSE][GH#1258] Use smtp.domain script arg or target's domain name instead of "example.com" in EHLO command used for STARTTLS. [gwire]
    [NSE][GH#1233] Fix brute.lua's BruteSocket wrapper, which was crashing Nmap with an assertion failure due to socket mixup [Daniel Miller]:

        nmap: nse_nsock.cc:672: int receive_buf(lua_State*, int, lua_KContext): Assertion `lua_gettop(L) == 7' failed.

    [NSE][GH#1254] Handle an error condition in smb-vuln-ms17-010 caused by IPS closing the connection. [Clément Notin]
    [NSE] https-redirect detects HTTP servers that redirect to the same port, but with HTTPS. Some nginx servers do this, which made ssl-* scripts not run properly. [Daniel Miller]
    [NSE][GH#1236] Added broadcast-jenkins-discover to discover Jenkins servers on a LAN by sending a discovery broadcast probe. [Brendan Coles]
    [NSE][GH#1232] Added broadcast-hid-discoveryd to discover HID devices on a LAN by sending a discoveryd network broadcast probe. [Brendan Coles]
    New service probe and match lines for adb, the Android Debug Bridge, which allows remote code execution and is left enabled by default on many devices. [Daniel Miller]
    [Ncat][GH#1237] Fixed literal IPv6 URL format for connecting through HTTP proxies. [Phil Dibowitz]
    [NSE][GH#1212] Updates vendors from ODVA list for enip-info. [NothinRandom]
    [NSE][GH#1191] Add two common error strings that improve MySQL detection by the script http-sql-injection. [Robert Taylor, Paulino Calderon]
    [NSE][GH#1220] Fix bug in http-vuln-cve2006-3392 that prevented the script to generate the vulnerability report correctly. [rewardone]
    [NSE][GH#1218] Fix bug related to screen rendering in NSE library tn3270. This patch also improves the brute force script tso-brute. [mainframed]
    [NSE][GH#1209] Fix SIP, SASL, and HTTP Digest authentication when the algorithm contains lowercase characters. [Jeswin Mathai]
    [GH#1204] Nmap could be fooled into ignoring TCP response packets if they used an unknown TCP Option, which would misalign the validation, causing it to fail. [Clément Notin, Daniel Miller]
    [NSE]The HTTP response parser now tolerates status lines without a reason phrase, which improves compatibility with some HTTP servers. [nnposter]
    [NSE][GH#1169][GH#1170][GH#1171]][GH#1198] Parser for HTTP Set-Cookie header is now more compliant with RFC 6265:
        empty attributes are tolerated
        double quotes in cookie and/or attribute values are treated literally
        attributes with empty values and value-less attributes are parsed equally
        attributes named "name" or "value" are ignored
    [nnposter]
    [NSE][GH#1158] Fix parsing http-grep.match script-arg. [Hans van den Bogert]
    [Zenmap][GH#1177] Avoid a crash when recent_scans.txt cannot be written to. [Daniel Miller]
    Fixed --resume when the path to Nmap contains spaces. Reported on Windows by Adriel Desautels. [Daniel Miller] 

Nmap 7.70 [2018-03-20] §

    [Windows] We made a ton of improvements to our Npcap Windows packet capturing library (https://nmap.org/npcap/) for greater performance and stability, as well as smoother installer and better 802.11 raw frame capturing support. Nmap 7.70 updates the bundled Npcap from version 0.93 to 0.99-r2, including all these changes from the last seven Npcap releases: https://nmap.org/npcap/changelog
    Integrated all of your service/version detection fingerprints submitted from March 2017 to August 2017 (728 of them). The signature count went up 1.02% to 11,672, including 26 new softmatches. We now detect 1224 protocols from filenet-pch, lscp, and netassistant to sharp-remote, urbackup, and watchguard. We will try to integrate the remaining submissions in the next release.
    Integrated all of your IPv4 OS fingerprint submissions from September 2016 to August 2017 (667 of them). Added 298 fingerprints, bringing the new total to 5,652. Additions include iOS 11, macOS Sierra, Linux 4.14, Android 7, and more.
    Integrated all 33 of your IPv6 OS fingerprint submissions from September 2016 to August 2017. New groups for OpenBSD 6.0 and FreeBSD 11.0 were added, as well as strengthened groups for Linux and OS X.
    Added the --resolve-all option to resolve and scan all IP addresses of a host. This essentially replaces the resolveall NSE script. [Daniel Miller]
    [NSE][SECURITY] Nmap developer nnposter found a security flaw (directory traversal vulnerability) in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. Existing files couldn't be overwritten. We fixed http-fetch, audited our other scripts to ensure they didn't make this mistake, and updated the httpspider library API to protect against this by default. [nnposter, Daniel Miller]
    [NSE] Added 9 NSE scripts, from 8 authors, bringing the total up to 588! They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
        deluge-rpc-brute performs brute-force credential testing against Deluge BitTorrent RPC services, using the new zlib library. [Claudiu Perta]
        hostmap-crtsh lists subdomains by querying Google's Certificate Transparency logs. [Paulino Calderon]
        [GH#892] http-bigip-cookie decodes unencrypted F5 BIG-IP cookies and reports back the IP address and port of the actual server behind the load-balancer. [Seth Jackson]
        http-jsonp-detection Attempts to discover JSONP endpoints in web servers. JSONP endpoints can be used to bypass Same-origin Policy restrictions in web browsers. [Vinamra Bhatia]
        http-trane-info obtains information from Trane Tracer SC controllers and connected HVAC devices. [Pedro Joaquin]
        [GH#609] nbd-info uses the new nbd.lua library to query Network Block Devices for protocol and file export information. [Mak Kolybabi]
        rsa-vuln-roca checks for RSA keys generated by Infineon TPMs vulnerable to Return Of Coppersmith Attack (ROCA) (CVE-2017-15361). Checks SSH and TLS services. [Daniel Miller]
        [GH#987] smb-enum-services retrieves the list of services running on a remote Windows machine. Modern Windows systems requires a privileged domain account in order to list the services. [Rewanth Cool]
        tls-alpn checks TLS servers for Application Layer Protocol Negotiation (ALPN) support and reports supported protocols. ALPN largely replaces NPN, which tls-nextprotoneg was written for. [Daniel Miller] 
    [GH#978] Fixed Nsock on Windows giving errors when selecting on STDIN. This was causing Ncat 7.60 in connect mode to quit with error: libnsock select_loop(): nsock_loop error 10038: An operation was attempted on something that is not a socket. [nnposter]
    [Ncat][GH#197][GH#1049] Fix --ssl connections from dropping on renegotiation, the same issue that was partially fixed for server mode in [GH#773]. Reported on Windows with -e by pkreuzt and vinod272. [Daniel Miller]
    [NSE][GH#1062][GH#1149] Some changes to brute.lua to better handle misbehaving or rate-limiting services. Most significantly, brute.killstagnated now defaults to true. Thanks to xp3s and Adamtimtim for reporing infinite loops and proposing changes.
    [NSE] VNC scripts now support Apple Remote Desktop authentication (auth type 30) [Daniel Miller]
    [NSE][GH#1111] Fix a script crash in ftp.lua when PASV connection timed out. [Aniket Pandey]
    [NSE][GH#1114] Update bitcoin-getaddr to receive more than one response message, since the first message usually only has one address in it. [h43z]
    [Ncat][GH#1139] Ncat now selects the correct default port for a given proxy type. [Pavel Zhukov]
    [NSE] memcached-info can now gather information from the UDP memcached service in addition to the TCP service. The UDP service is frequently used as a DDoS reflector and amplifier. [Daniel Miller]
    [NSE][GH#1129] Changed url.absolute() behavior with respect to dot and dot-dot path segments to comply with RFC 3986, section 5.2. [nnposter]
    Removed deprecated and undocumented aliases for several long options that used underscores instead of hyphens, such as --max_retries. [Daniel Miller]
    Improved service scan's treatment of soft matches in two ways. First of all, any probes that could result in a full match with the soft matched service will now be sent, regardless of rarity. This improves the chances of matching unusual services on non-standard ports. Second, probes are now skipped if they don't contain any signatures for the soft matched service. Previously the probes would still be run as long as the target port number matched the probe's specification. Together, these changes should make service/version detection faster and more accurate. For more details on how it works, see https://nmap.org/book/vscan.html. [Daniel Miller]
    --version-all now turns off the soft match optimization, ensuring that all probes really are sent, even if there aren't any existing match lines for the softmatched service. This is slower, but gives the most comprehensive results and produces better fingerprints for submission. [Daniel Miller]
    [NSE][GH#1083] New set of Telnet softmatches for version detection based on Telnet DO/DON'T options offered, covering a wide variety of devices and operating systems. [D Roberson]
    [GH#1112] Resolved crash opportunities caused by unexpected libpcap version string format. [Gisle Vanem, nnposter]
    [NSE][GH#1090] Fix false positives in rexec-brute by checking responses for indications of login failure. [Daniel Miller]
    [NSE][GH#1099] Fix http-fetch to keep downloaded files in separate destination directories. [Aniket Pandey]
    [NSE] Added new fingerprints to http-default-accounts:
        Hikvision DS-XXX Network Camera and NUOO DVR [Paulino Calderon]
        [GH#1074] ActiveMQ, Purestorage, and Axis Network Cameras [Rob Fitzpatrick, Paulino Calderon]
    Added a new service detection match for WatchGuard Authentication Gateway. [Paulino Calderon]
    [NSE][GH#1038][GH#1037] Script qscan was not observing interpacket delays (parameter qscan.delay). [nnposter]
    [NSE][GH#1046] Script http-headers now fails properly if the target does not return a valid HTTP response. [spacewander]
    [Ncat][Nsock][GH#972] Remove RC4 from the list of TLS ciphers used by default, in accordance with RFC 7465. [Codarren Velvindron]
    [NSE][GH#1022] Fix a false positive condition in ipmi-cipher-zero caused by not checking the error code in responses. Implementations which return an error are not vulnerable. [Juho Jokelainen]
    [NSE][GH#958] Two new libraries for NSE.
        idna - Support for internationalized domain names in applications (IDNA)
        punycode (a transfer encoding syntax used in IDNA)
    [Rewanth Cool]
    [NSE] New fingerprints for http-enum:
        [GH#954] Telerik UI CVE-2017-9248 [Harrison Neal]
        [GH#767] Many WordPress version detections [Rewanth Cool]
    [GH#981][GH#984][GH#996][GH#975] Fixed Ncat proxy authentication issues:
        Usernames and/or passwords could not be empty
        Passwords could not contain colons
        SOCKS5 authentication was not properly documented
        SOCKS5 authentication had a memory leak
    [nnposter]
    [GH#1009][GH#1013] Fixes to autoconf header files to allow autoreconf to be run. [Lukas Schwaighofer]
    [GH#977] Improved DNS service version detection coverage and consistency by using data from a Project Sonar Internet wide survey. Numerouse false positives were removed and reliable softmatches added. Match lines for version.bind responses were also conslidated using the technique below. [Tom Sellers]
    [GH#977] Changed version probe fallbacks so as to work cross protocol (TCP/UDP). This enables consolidating match lines for services where the responses on TCP and UDP are similar. [Tom Sellers]
    [NSE][GH#532] Added the zlib library for NSE so scripts can easily handle compression. This work started during GSOC 2014, so we're particularly pleased to finally integrate it! [Claudiu Perta, Daniel Miller]
    [NSE][GH#1004] Fixed handling of brute.retries variable. It was being treated as the number of tries, not retries, and a value of 0 would result in infinite retries. Instead, it is now the number of retries, defaulting to 2 (3 total tries), with no option for infinite retries.
    [NSE] http-devframework-fingerprints.lua supports Jenkins server detection and returns extra information when Jenkins is detected [Vinamra Bhatia]
    [GH#926] The rarity level of MS SQL's service detection probe was decreased. Now we can find MS SQL in odd ports without increasing version intensity. [Paulino Calderon]
    [GH#957] Fix reporting of zlib and libssh2 versions in "nmap --version". We were always reporting the version number of the included source, even when a different version was actually linked. [Pavel Zhukov]
    Add a new helper function for nmap-service-probes match lines: $I(1,">") will unpack an unsigned big-endian integer value up to 8 bytes wide from capture 1. The second option can be "<" for little-endian. [Daniel Miller]