Friday, August 30, 2013

matriux-leandros-beta released

Matriux is a GNU/Linux, Debian based security distribution designed for penetration testing and cyber forensic investigations. It is a distribution designed for security enthusiasts and professionals, can also be used normally as your default OS.

Features

Faster interface
More than 300 tools powerful for penetration testing and forensics
Kernel 3.3.4-eccentric
high emphasis on forensics
greater hardware support
Comes with custom installer
supports USB persistence

Download matriux-leandros-beta relased on 29/08/2013

Download -

http://sourceforge.net/projects/matriux/files/matriux-leandros-beta/

Download stable version -

Download Matriux-Ec-Centric-v2.49b.iso (3.0 GB)

Download other versions

Source-

http://sourceforge.net/projects/matriux/

Parrot Security OS - Debian GNU/Linux mixed with Frozenbox OS and Kali linux

Parrot Security is an operating system based on Debian GNU/Linux mixed with Frozenbox OS and Kali linux in order to provide the best penetration and security testing experience

Download Parrot-0.5.1-i386.iso (2.2 GB)

Download other version

For more info -

http://os.frozenbox.org/parrot/

Source-

http://sourceforge.net/projects/parrotsecurity/

Tuesday, August 27, 2013

UPDATE NETWORK TOOL V-3.1

Netool.sh its a script in bash to automate frameworks like Metasploit, Nmap, Driftnet, SSLstrip, Ettercap, macchanger, webcrawler. This script makes it easy tasks such as SNIFFING, MITM, SSLsniff, Dns-spoofing, retrieve metadata, and DoS attacks inside the external/local network can also perform TCP/UDP packets manipulation using ettercap filters, search for target geolocation, the ‘webcrawler.py’ can search for admin login page, website directorys, webshells.php planted on website, common file upload vulns scanner (LFI), search forXSS vuln websites, and a colection of (metasploit) automated exploits

Features :

Ping remote target or web domain
Show Local Connections (see my machine connections)
Show my Ip address and arp cache
see/change macaddress
change my PC hostname
Scan Local network (search for live hosts inside local network)
search in external lan for hosts
Scan remote host (using nmap to perform a scan to target machine)
execute Nmap command (direct from shell)
Open router config page
search for target geo-location
Ip tracer whois (open website database whois and geo-location)
WebCrawler (open websecurify webcrawler website)
DDoS java Script (perform DDoS attacks external network)
Retrieve metadata (from a web-domain)
Config ettercap (etter.conf))
Launch MITM (using ettercap to perform MITM)
show URLs visited (by target machine under MITM)
Sniff remote pics (by target machine under MITM)
sniff SSL-HTTPS logins
Dns-Spoofing (redirect web-domains to another ip address)
DoS attack (local netwok)
Compile etter.filters
execute ettercap filter
make/encode payloads [metasplit]
edit/execute root3.rb on a meterpreter session open
start a listener [metasploit]
webcrawler
r00tsect0r priv8 automated exploits

How To Installation

Change v=3.2 :
Function
- added wordlist creator
- cupp.py (common user password profiler)

Download : opensource.tar.gz (1.8 MB)
Download other version
sources : http://sourceforge.net/projects/netoolsh

Operative Systems Suported are:
Linux-ubuntu, kali-linux, backtack-linux, freeBSD, Mac osx (un-continued)

netool.sh V3.1 Web Site

Monday, August 26, 2013

KAAIS - Kali Applications Automatic Installation Script (For Kali Linux Only)

KAAIS (Kali Applications Automatic Installer Script) Let's you easily install some applications which doesn't come by default with the Kali Linux distribution. It's user friendly and it incorporates some other things. It also gets updated regularly.

Features

Skype (VideoChat Application)
TeamViewer (Remote Desktop Support)
Ark (Zip/Rar Manager)
Zip/Unzip & Rar/Unrar
Audacious (Semi-lightweight audio player with a WinAmp/XMMS-like skinnable GUI)
Amarok (KDE audio player offering a wealth of features, yet intuitive to use)
Banshee (Music management and playback software for GNOME)
Sonata (Lightweight GTK+ music client)
Audacity (Digital audio editor)
Ardour (Digital audio workstation program)
Sweep (Audio editor and live playback tool)
xChat (IRC Chat Program)
FileZilla (An extremely popular cross-platform client)
gFTP (Multithreaded client providing both a command-line interface and GUI)
KFTPgrabber (Client for KDE)
Pinta (Microsoft's Paint like program)
GIMP (GNU Image Manipulation Program)
Inkscape (Vector-based drawing program)
GEdit (Small and lightweight text editor for the GNOME environment)
Geany (Small and lightweight Integrated Development Environment (IDE))
Emacs (Extensible, customizable, self-documenting text editor)
Joe (Terminal-based text editor for Unix systems)
Vim (Power of the editor 'Vi', with a more complete feature set)
gVim (Highly configurable text editor built to enable efficient text editing)
Nano (Clone of Pico, the editor of the Pine email client)
Leafpad (GTK+ based simple text editor)
Netool.sh (Security PenTesting tool by r00t-3xpl0it)
Flash Plugin (Updates Adobe Flash Player for Iceweasel)
Chrome (Popular Google's internet browser)
Chromium (Chrome clone to Linux systems)
Iceweasel (Updates Iceweasel to latest version)
Also gets updates with "apt-get update" and cleans packages on exit.

KAAIS Web Site

Download kaaisv2.sh (25.0 kB)

Source-

http://sourceforge.net/projects/kaais/

Snapshot-

OclHashcat-plus v0.15 released

OclHashcat-plus is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.

This version is the result of over 6 months of work, having modified 618,473 total lines of source code.

Before we go into the details of the changes, here’s a quick summary of the major changes:

Added support for cracking passwords longer than 15 characters
Added support for mask-files, which enables password policy-specific candidate generation using PACK
Added support for multiple dictionaries in attack modes other than straight mode
Rewrote workload dispatcher from scratch
Rewrote restore support from scratch
Rewrote kernel scheduler to reduce screen lags
Better handling of smaller workloads/dictionaries
Language-specific charset presets for use with masks

New supported algorithms:

TrueCrypt 5.0+
1Password
Lastpass
OpenLDAP {SSHA512}
AIX {SMD5} and {SSHA*}
SHA256(Unix) aka sha256crypt
MacOSX v10.8
Microsoft SQL Server 2012
Microsoft EPi Server v4+
Samsung Android Password/PIN
GRUB2
RipeMD160, Whirlpool, sha256-unicode, sha512-unicode, …

New supported GPUs:

NVidia:

All sm_35-based GPUs
GTX Titan
GTX 7xx
Tesla K20

AMD:

All Caicos, Oland, Bonaire, Kalindi and Hainan -based GPU/APU
hd77xx
hd8xxx

Download -

oclHashcat-plus v0.15

Source-

http://hashcat.net/oclhashcat-plus/

Screenshot -

Saturday, August 24, 2013

Sparty - MS Sharepoint and Frontpage Auditing Tool

Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

Version 0.1 - Functionality !

Sharepoint and Frontpage Version Detection!
Dumping Password from Exposed Configuration Files!
Exposed Sharepoint/Frontpage Services Scan!
Exposed Directory Check!
Installed File and Access Rights Check!
RPC Service Querying!
File Enumeration!
File Uploading Check!

Documentation - Usage Examples:

Detailed examples have been shown here: Sparty Usage.

Download !

Sparty Version 0.1

Installation !

Step 1: # gunzip sparty_v_0.1.tar.gz
Step 2: # tar -xvf sparty_v_0.1.tar
Avoid using : # tar zxvf sparty_v_0.1.tar.gz

Source-

http://sparty.secniche.org/

Friday, August 23, 2013

GoLismero - The Web Knife Version 2.0 beta Released

GoLismero is an Open Source security tools that can run their own security tests and manage a lot of well known security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...) take their results, feedback to the rest of tools and merge all of results. And all of this automatically.

GoLismero is a complete framework with a plugin system and integration with a lot of open source tools.

Why use GoLismero?

There many reasons to use GoLismero 2.0. The most interesting features of the framework and why you would like to use it are:
Is Open source
Real platform independence. Tested on Windows, Linux, *BSD and OS X.
No native library dependencies. All of the framework has been written in pure Python.
Good performance when compared with other frameworks written in Python and other scripting languages.
Very easy to use.
Plugin development is extremely simple.
The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester...
Integration with standards: CWE, CVE and OWASP.
Designed for cluster deployment in mind (not available yet).

Download from here

Source-

http://golismero-project.com/

Wednesday, August 21, 2013

ZMap v1.03 - Fast network scanner designed for Internet

ZMap is a fast network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes.

While previous network tools have been designed to scan small network segments, ZMap is specifically architected to scan the entire address space. It is built in a modular manner in order to allow incorporation with other network survey tools. ZMap operates on GNU/Linux and supports TCP SYN and ICMP echo request scanning out of the box.

Download - ZMap is a fast network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes.

While previous network tools have been designed to scan small network segments, ZMap is specifically architected to scan the entire address space. It is built in a modular manner in order to allow incorporation with other network survey tools. ZMap operates on GNU/Linux and supports TCP SYN and ICMP echo request scanning out of the box.

Download Zmap

Documentation

For more info:- https://zmap.io

Ubuntu WhiteHat edition

Based on Ubuntu 12.10.
32-bit
Kernel : 3.5.0-37-generic .
Login/pass : root/toor
compat-wireless-3.6.8-1-snpc patched for injection and Handshake capture.

Distro is not based on Kali, all the main pentest tools are in /opt directory and the rest of the executables are located in /usr/bin This will make most of the scripts run smooth and easily customisable. OS is filled with the latest and best security tools available on the net.

Last but not least , The Pentest menu is full of training resources , pdfs , documentations, online courses , briefings and lots more.

Download Link- https://docs.google.com/file/d/0B6CweuCfodlJLWxrVVFKN1BNSVU/edit?usp=sharing

Source-
http://top-hat-sec.com/forum/index.php?topic=3441.0

Tuesday, August 20, 2013

Nmap 6.40 Released with New scripts, new signatures, better performance!

Nmap 6.40 released.It includes 14 new NSE scripts, hundreds of new OS and service detection signatures, a new --lua-exec feature for scripting Ncat, initial support for NSE and version scanning through a chain of
proxies, improved target specification, many performance enhancements and bug fixes, and much more! So many improvements.

Nmap 6.40 source code and binary packages for Linux, Windows, and Mac are available for free download from:
http://nmap.org/download.html

If you find any bugs, please let us know on the Nmap dev list as described at http://nmap.org/book/man bugs.html.
Here are the mostimportant changes since 6.25:

o [Ncat] Added --lua-exec. This feature is basically the equivalent of 'ncat
--sh-exec "lua <scriptname>"' and allows you to run Lua scripts with Ncat,
redirecting all stdin and stdout operations to the socket connection. See
http://nmap.org/book/ncat-man-command-options.html [Jacek Wielemborek]

o Integrated all of your IPv4 OS fingerprint submissions since January
(1,300 of them). Added 91 fingerprints, bringing the new total to 4,118.
Additions include Linux 3.7, iOS 6.1, OpenBSD 5.3, AIX 7.1, and more.
Many existing fingerprints were improved. Highlights:
http://seclists.org/nmap-dev/2013/q2/519. [David Fifield]

o Integrated all of your service/version detection fingerprints submitted
since January (737 of them)! Our signature count jumped by 273 to 8,979.
We still detect 897 protocols, from extremely popular ones like http, ssh,
smtp and imap to the more obscure airdroid, gopher-proxy, and
enemyterritory. Highlights:
http://seclists.org/nmap-dev/2013/q3/80. [David Fifield]

o Integrated your latest IPv6 OS submissions and corrections. We're still
low on IPv6 fingerprints, so please scan any IPv6 systems you own or
administer and submit them to http://nmap.org/submit/. Both new
fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap
guesses wrong) are useful. [David Fifield]

o [Nsock] Added initial proxy support to Nsock. Nmap version detection
and NSE can now establish TCP connections through chains of one or
more CONNECT or SOCKS4 proxies. Use the Nmap --proxies option with a
chain of one or more proxies as the argument (example:
http://localhost:8080,socks4://someproxy.example.com). Note that
only version detection and NSE are supported so far (no port
scanning or host discovery), and there are other limitations
described in the man page. [Henri Doreau]

o [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 446.
They are all listed at http://nmap.org/nsedoc/, and the summaries are
below (authors are listed in brackets):

+ hostmap-ip2hosts finds hostnames that resolve to the target's IP address
by querying the online database at http://www.ip2hosts.com (uses Bing
search results) [Paulino Calderon]

+ http-adobe-coldfusion-apsa1301 attempts to exploit an authentication
bypass vulnerability in Adobe Coldfusion servers (APSA13-01:
http://www.adobe.com/support/security/advisories/apsa13-01.html) to
retrieve a valid administrator's session cookie. [Paulino Calderon]

+ http-coldfusion-subzero attempts to retrieve version, absolute path of
administration panel and the file 'password.properties' from vulnerable
installations of ColdFusion 9 and 10. [Paulino Calderon]

+ http-comments-displayer extracts and outputs HTML and JavaScript
comments from HTTP responses. [George Chatzisofroniou]

+ http-fileupload-exploiter exploits insecure file upload forms in web
applications using various techniques like changing the Content-type
header or creating valid image files containing the payload in the
comment. [George Chatzisofroniou]

+ http-phpmyadmin-dir-traversal exploits a directory traversal
vulnerability in phpMyAdmin 2.6.4-pl1 (and possibly other versions) to
retrieve remote files on the web server. [Alexey Meshcheryakov]

+ http-stored-xss posts specially crafted strings to every form it
encounters and then searches through the website for those strings to
determine whether the payloads were successful. [George Chatzisofroniou]

+ http-vuln-cve2013-0156 detects Ruby on Rails servers vulnerable to
object injection, remote command executions and denial of service
attacks. (CVE-2013-0156) [Paulino Calderon]

+ ike-version obtains information (such as vendor and device type where
available) from an IKE service by sending four packets to the host.
This scripts tests with both Main and Aggressive Mode and sends multiple
transforms per request. [Jesper Kueckelhahn]

+ murmur-version detects the Murmur service (server for the Mumble voice
communication client) versions 1.2.X. [Marin Maržić]

+ mysql-enum performs valid-user enumeration against MySQL server using a
bug discovered and published by Kingcope
(http://seclists.org/fulldisclosure/2012/Dec/9). [Aleksandar Nikolic]

+ teamspeak2-version detects the TeamSpeak 2 voice communication server
and attempts to determine version and configuration information. [Marin
Maržić]

+ ventrilo-info detects the Ventrilo voice communication server service
versions 2.1.2 and above and tries to determine version and
configuration information. [Marin Maržić]

o Updated the Nmap license agreement to close some loopholes and stop some
abusers. It's particularly targeted at companies which distribute
malware-laden Nmap installers as we caught Download.com doing last
year--http://insecure.org/news/download-com-fiasco.html. The updated
license is in the all the normal places, including
https://svn.nmap.org/nmap/COPYING.

o [NSE] Oops, there was a vulnerability in one of our 437 NSE scripts. If
you ran the (fortunately non-default) http-domino-enum-passwords script
with the (fortunately also non-default) domino-enum-passwords.idpath
parameter against a malicious server, it could cause an arbitrarily named
file to to be written to the client system. Thanks to Trustwave researcher
Piotr Duszynski for discovering and reporting the problem. We've fixed
that script, and also updated several other scripts to use a new
stdnse.filename_escape function for extra safety. This breaks our record
of never having a vulnerability in the 16 years that Nmap has existed, but
that's still a fairly good run! [David, Fyodor]

o Unicast CIDR-style IPv6 range scanning is now supported, so you can
specify targets such as en.wikipedia.org/120. Obviously it will take ages
if you specify a huge space. For example, a /64 contains
18,446,744,073,709,551,616 addresses. [David Fifield]

o It's now possible to mix IPv4 range notation with CIDR netmasks in target
specifications. For example, 192.168-170.4-100,200.5/16 is effectively the
same as 192.168.168-170.0-255.0-255. [David Fifield]

o Timeout script-args are now standardized to use the timespec that Nmap's
command-line arguments take (5s, 5000ms, 1h, etc.). Some scripts that
previously took an integer number of milliseconds will now treat that as a
number of seconds if not explicitly denoted as ms. [Daniel Miller]

o Nmap may now partially rearrange its target list for more efficient
host groups. Previously, a single target with a different interface,
or with an IP address the same as a that of a target already in the
group, would cause the group to be broken off at whatever size it
was. Now, we buffer a small number of such targets, and keep looking
through the input for more targets to fill out the current group.
[David Fifield]

o [Ncat] The -i option (idle timeout) now works in listen mode as well as
connect mode. [Tomas Hozza]

o [Ncat] Ncat now support chained certificates with the --ssl-cert
option. [Greg Bailey]

o [Nping] Nping now checks for a matching ICMP ID on echo replies, to avoid
receiving crosstalk from other ping programs running at the same
time. [David Fifield]

o [NSE] The ipOps.isPrivate library now considers the deprecated site-local
prefix fec0::/10 to be private. [Marek Majkowski]

o Nmap's routing table is now sorted first by netmask, then by metric.
Previously it was the other way around, which could cause a very general
route with a low metric to be preferred over a specific route with a
higher metric.

o Routes are now sorted to prefer those with a lower metric. Retrieval of
metrics is supported only on Linux and Windows. [David Fifield]

o Fixed a byte-ordering problem on little-endian architectures when doing
idle scan with a zombie that uses broken ID increments. [David Fifield]

o Stop parsing TCP options after reaching EOL in libnetutil. Bug reported by
Gustavo Moreira. [Henri Doreau]

o [NSE] The dns-ip6-arpa-scan script now optionally accepts "/" syntax for a
network mask. Based on a patch by Indula Nayanamith.

o [Ncat] Reduced the default --max-conns limit from 100 to 60 on Windows, to
stay within platform limitations. Suggested by Andrey Olkhin.

o Fixed IPv6 routing table alignment on NetBSD.

o Fixed our NSEDoc system so the author field uses UTF-8 and we can spell
people's name properly, even if they use crazy non-ASCII characters like
Marin Maržić. [David Fifield]

o UDP protocol payloads were added for detecting the Murmer service (a
server for the Mumble voice communication client) and TeamSpeak 2 VoIP
software.

o [NSE] Added http-phpmyadmin-dir-traversal by Alexey Meshcheryakov.

o Updated libdnet to not SIOCIFNETMASK before SIOCIFADDR on OpenBSD. This
was reported to break on -current as of May 2013. [Giovanni Bechis]

o Fixed address matching for SCTP (-PY) ping. [Marin Maržić]

o Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
C99-specified %F was noticed by Alex Weber. [Daniel Miller]

o [Zenmap] Improved internationalization support:
+ Added Polish translation by Jacek Wielemborek.
+ Updated the Italian translation. [Giacomo]

o [Zenmap] Fixed internationalization files. Running in a language other
than the default English would result in the error "ValueError: too many
values to unpack". [David Fifield]

o [NSE] Updated the included Liblua from version 5.2.1 to 5.2.2. [Patrick
Donnelly]

o [Nsock] Added a minimal regression test suite for Nsock. [Henri Doreau]

o [NSE] Updated the redis-brute and redis-info scripts to work against the
latest versions of redis server. [Henri Doreau]

o [Ncat] Fixed errors in connecting to IPv6 proxies. [Joachim Henke]

o [NSE] Updated hostmap-bfk to work with the latest version of their website
(bfk.de). [Paulino Calderon]

o [NSE] Added XML structured output support to:
+ xmpp-info, irc-info, sslv2, address-info [Daniel Miller]
+ hostmap-bfk, hostmap-robtex, hostmap-ip2hosts. [Paulino Calderon]
+ http-git.nse. [Alex Weber]

o Added new service probes for:
+ Erlang distribution nodes [Michael Schierl]
+ Minecraft servers. [Eric Davisson]
+ Hazelcast data grid. [Pavel Kankovsky]

o [NSE] Rewrote telnet-brute for better compatibility with a variety of
telnet servers. [nnposter]

o Fixed a regression that changed the number of delimiters in machine
output. [Daniel Miller]

o Fixed a regression in broadcast-dropbox-listener which prevented it from
producing output. [Daniel Miller]

o Handle ICMP type 11 (Time Exceeded) responses to port scan probes. Ports
will be reported as "filtered", to be consistent with existing Connect
scan results, and will have a reason of time-exceeded. DiabloHorn
reported this issue via IRC. [Daniel Miller]

o Add new decoders (BROWSER, DHCP6 and LLMNR) to broadcast-listener and
changed output of some of the decoders slightly. [Patrik Karlsson]

o The list of name servers on Windows now ignores those from inactive
interfaces. [David Fifield]

o Namespace the pipes used to communicate with subprocesses by PID, to avoid
multiple instances of Ncat from interfering with each other. Patch by
Andrey Olkhin.

o [NSE] Changed ip-geolocation-geoplugin to use the web service's new output
format. Reported by Robin Wood.

o Limited the number of open sockets in ultra_scan to FD_SETSIZE. Very fast
connect scans could write past the end of an fd_set and cause a variety of
crashes:
nmap: scan_engine.cc:978: bool ConnectScanInfo::clearSD(int):
Assertion `numSDs > 0' failed.
select failed in do_one_select_round(): Bad file descriptor (9)
[David Fifield]

o Fixed a bug that prevented Nmap from finding any interfaces when one of
them had the type ARP_HDR_APPLETALK; this was the case for AppleTalk
interfaces. However, This support is not complete since AppleTalk
interfaces use different size hardware addresses than Ethernet. Nmap IP
level scans should work without any problem, please refer to the
'--send-ip' switch and to the following thread:
http://seclists.org/nmap-dev/2013/q1/214. This bug was reported by Steven
Gregory Johnson. [Daniel Miller]

o [Nping] Nping on Windows now skips localhost targets for privileged pings
on (with an error message) because those generally don't work. [David
Fifield]

o [Ncat] Ncat now keeps running in connect mode after receiving EOF from the
remote socket, unless --recv-only is in effect. [Tomas Hozza]

o Packet trace of ICMP packets now include the ICMP ID and sequence number
by default. [David Fifield]

o [NSE] Fixed various NSEDoc bugs found by David Matousek.

o [Zenmap] Zenmap now understands the NMAP_PRIVILEGED and NMAP_UNPRIVILEGED
environment variables. [Tyler Wagner]

o Added an ncat_assert macro. This is similar to assert(), but remains even
if NDEBUG is defined. Replaced all Ncat asserts with this. We also moved
operation with side effects outside of asserts as yet another layer of
bug-prevention [David Fifield].

o Added nmap-fo.xsl, contributed by Tilik Ammon. This converts Nmap XML into
XSL-FO, which can be converted into PDF using tools suck as Apache FOP.

o Increased the number of slack file descriptors not used during connect
scan. Previously, the calculation did not consider the descriptors used by
various open log files. Connect scans using a lot of sockets could fail
with the message "Socket creation in sendConnectScanProbe: Too many open
files". [David Fifield]

o Changed the --webxml XSL stylesheet to point to the new location of
nmap.xsl in the new repository (https://svn.nmap.org/nmap/docs/nmap.xsl).
It still may not work in web browsers due to same origin policy (see
http://seclists.org/nmap-dev/2013/q1/58). [David Fifield, Simon John]

o [NSE] The vulnerability library can now preserve vulnerability information
across multiple ports of the same host. The bug was reported by
iphelix. [Djalal Harouni]

o Removed the undocumented -q option, which renamed the nmap process to
something like "pine".

o Moved the Japanese man page from man1/jp to man1/ja. JP is a country code
while JA is a language code. Reported by Christian Neukirchen.

o [Nsock] Reworked the logging infrastructure to make it more flexible and
consistent. Updated Nmap, Nping and Ncat accordingly. Nsock log level can
now be adjusted at runtime by pressing d/D in nmap. [Henri Doreau, David
Fifield]

o [NSE] Fixed scripts using unconnected UDP sockets. The bug was reported by
Dhiru Kholia at http://seclists.org/nmap-dev/2012/q4/422. [David Fifield]

o Made some changes to Ndiff to reduce parsing time when dealing with large
Nmap XML output files. [Henri Doreau]

o Clean up the source code a bit to resolve some false positive issues
identified by the Parfait static code analysis program. Oracle apparently
runs this on programs (including Nmap) that they ship with Solaris. See
http://seclists.org/nmap-dev/2012/q4/504. [David Fifield]

o [Zenmap] Fixed a crash that could be caused by opening the About dialog,
using the window manager to close it, and opening it again. This was
reported by Yashartha Chaturvedi and Jordan Schroeder. [David Fifield]

o [Ncat] Made test-addrset.sh exit with nonzero status if any tests
fail. This in turn causes "make check" to fail if any tests fail.
[Andreas Stieger]

o Fixed compilation with --without-liblua. The bug was reported by Rick
Farina, Nikos Chantziaras, and Alex Turbov. [David Fifield]

o Fixed CRC32c calculation (as used in SCTP scans) on 64-bit
platforms. [Pontus Andersson]

o [NSE] Added multicast group name output to
broadcast-igmp-discovery.nse. [Vasily Kulikov]

o [NSE] Added new fingerprints for http-enum: Sitecore, Moodle, typo3,
SquirrelMail, RoundCube. [Jesper Kückelhahn]

Source-
http://seclists.org/nmap-announce/2013/1