Changes in version 0.3.3
------------------------

Update config.sub and config.guess.

Changes in version 0.3.2
------------------------

Allow compilation with additional GCC versions.

Fix a user-after-free bug in timeout handling.

Fix a long-standing bug in the deferred activities processing of the
epoll event queue which could cause doscan to crash or, potentially,
report incorrect results.

Changes in version 0.3.1
------------------------

Fix a bug which prevented reading some valid address files with the
--file option.

Changes in version 0.3.0
------------------------

Tenable has revoked the GPL on some of their Nessus plugins.  doscan
incorporated some protocol modules based on Nessus plugins, assuming
they were irrevocably licensed under the GPL.  These protocol modules
(ms_ms03-043, ms_ms04-007_http, ms_rpc_dcom, ms_rpc_dcom_old,
ms_windows) have been removed.

Changes in version 0.2.9
------------------------

In previous versions, the ms_rpc_dcom module module returned a false
positive for machines that run Windows XP Service Pack 2.  (Noticed
and fixed by Robbert Kouprie.)

Changes in version 0.2.8
------------------------

Clean-up release for Debian packaging.  No changes in functionality.

Changes in version 0.2.7
------------------------

This is the last release for a while.  See doc/design.txt.

Fix an unbounded memory allocation in the http_proxy module.  (A
malicious client could cause doscan to crash.)

Changes in version 0.2.6
------------------------

Added the ms_ms04-007_http module to scan for IIS web servers with the
ASN.1 parser vulnerability from Microsoft Security Bulletin MS04-007.

Changes in version 0.2.5
------------------------

Fixed compilation problems on FreeBSD.

Changes in version 0.2.4
------------------------

The ident_check protocol module has been implemented.  It is not
recommended to block incoming 113/TCP connections at packet filters
(especially if the filter is not capable of generating TCP RST
segments).  Internal hosts might use this hole to run unwanted
daemons, and this module can be used to detect them.

The protocol module http_proxy implements an HTTP client and server;
the client part probes hosts and tries to connect back to the server,
thus discovering open proxies.

A bug in the half-duplex TCP connection handler has been fixed which
could have resulted in lost data.

The ./configure check for gethostbyname() includes more header files,
hopefully fixing the FreeBSD build problem.

Changes in version 0.2.3
------------------------

The ms_ms03-043 protocol module now detects UNIX DCE RPC
implementations.

The meaning of the --timeout option for the ms_ms03-043 and udp
protocol modules has changed: Previously, --timeout controlled the
timeout between subsequent retries; now, --timeout specifies the total
timeout of all retries combined.

doscan now supports the --file option, to read a list of target
prefixes.

Thanks to Tobias Oetiker, doscan again compiles on Solaris.

Changes in version 0.2.2
------------------------

Some missing include directives were added.

Changes in version 0.2.1
------------------------

scan_udp_single now uses scan_trigger, which eliminates quite a bit of
code and adds the progress indicator to the UDP modules.

Linux epoll support has been added.  epoll support is detected during
run time.  If the kernel does not support it, we use poll, as before.
In one of our test cases using the ms_windows module, user/system time
drops from 4.5/217.1 seconds to 0.7/2.4 seconds.  (Real time is not
changed that much (minus 76 seconds), but you can have more
simultaneous connections.)

Not all protocol modules benefit from the epoll support.  So far, only
the tcp module (which is the default one) and the ms_windows module
are TCP-based and use the event queue facility (which in turn
interfaces to the kernel via epoll, if available).

More prefix lengths are now supported.

Changes in version 0.2.0
------------------------

Compiling doscan now requires a C++ compiler.

A UDP scanning module has been added.

An experimental module (ms_ms03-043) to discover hosts vulnerable to
MS03-043 has been added.  The ms_windows module can be used to query
Windows versions over DCE RPC.  Both are based on Nessus plugin 11890.

You can use "%N" in --output strings to print a newline character.

The makefile was changed; it now uses the file inventory from the
source code management system (or an automatically generated file for
distribution tarballs).

Changes in version 0.1.7
------------------------

Fixed a bug in Windows 98/Me detection in the MS03-039 scanner.  These
machines were detected correctly, but processing continued
nevertheless (and the system was reported vulnerable).

Changes in version 0.1.6
------------------------

The ms_rpc_dcom module reports false positives in some cases.  This
release fixes the known issues.  (It is a backport of the
corresponding change to the NASL script.)

Changes in version 0.1.5
------------------------

The ms_rpc_dcom module now dietetics the MS03-039 vulnerability
(MS03-026 support has been deprecated, as this bulletin has been
superseded by Microsoft).

CAVEAT: This version is highly experimental.  It might yield false
positives.  (However, Windows 9x/Me systems are now detected.)

Changes in version 0.1.4
------------------------

(Never released publicly.)

Add a missing include to src/results.c which caused compile errors on
OpenBSD (and probably other platforms).

Changes in version 0.1.3
------------------------

The --style option can be used to print hosts as they are scanned (and
thus disable sorting).

You can now use "%n" to include the host name in the output.

It was discovered that the Microsoft RPC/DCOM scanner flags Windows Me
systems as vulnerable.  The manual page has been updated accordingly.

Changes in version 0.1.2
------------------------

Added a Solaris 8 port (thanks to Jens Hektor for help).

doscan now signals an error if the network address of a prefix is
invalid (according to the prefix length).  Previously, the set bits
were silently discarded.

Internal changes allow for scanning modules for handling different
TCP-based protocols.  A generic framework for handling half-duplex
connections has been added.

Scanning for HTTP banners without regular expression hacking is now
supported (although this protocol module is mostly a demo for the
half-duplex connection framework).

An experimental module has been added which scans for hosts which are
vulnerable to CAN-2003-0352 (Microsoft Security Bulletin MS03-026,
"Buffer Overrun In RPC Interface Could Allow Code Execution").  This
module is based on a Nessus plugin by KK Liu.

Fixed a design error which caused doscan to open too many connections
at program start.

Changes in version 0.1.1
------------------------

You can now use the --output option to change the output format.

A buffer underflow in the banner receive routine was fixed.  Responses
consisting of multiple chunks were incorrectly processed.

Changes in version 0.1.0
------------------------

This version was the initial release.
