diff options
Diffstat (limited to 'docs/legal-notices.xml')
| -rw-r--r-- | docs/legal-notices.xml | 196 |
1 files changed, 196 insertions, 0 deletions
diff --git a/docs/legal-notices.xml b/docs/legal-notices.xml new file mode 100644 index 0000000..575f100 --- /dev/null +++ b/docs/legal-notices.xml @@ -0,0 +1,196 @@ +<title>Legal Notices</title> + +<refsect2 id="nmap-copyright"> + <title>Nmap Copyright and Licensing</title> + <indexterm><primary>copyright</primary></indexterm> + <indexterm><primary>GNU General Public License</primary></indexterm> + + +<para>The Nmap Security Scanner is (C) 1996–2022 Nmap Software +LLC ("The Nmap Project"). Nmap is also a registered trademark of the +Nmap Project. It is published under the <ulink +url="https://nmap.org/npsl">Nmap Public Source License</ulink>. This +generally allows end users to download and use Nmap for free. It +doesn't allow Nmap to be used and redistributed within commercial +software or hardware products (including appliances, virtual machines, +and traditional applications). We fund the project by selling a +special Nmap OEM Edition for this purpose, as described at <ulink +url="https://nmap.org/oem"/>. Hundreds of large and small software +vendors have already purchased OEM licenses to embed Nmap technology +such as host discovery, port scanning, OS detection, version +detection, and the Nmap Scripting Engine within their products.</para> + +<para> +The Nmap Project has permission to redistribute Npcap, a packet +capturing driver and library for the Microsoft Windows platform. +Npcap is a separate work with it's own license rather than this Nmap +license. Since the Npcap license does not permit redistribution +without special permission, our Nmap Windows binary packages which +contain Npcap may not be redistributed without special +permission.</para> + +<para> +Even though the NPSL is based on GPLv2, it contains different +provisions and is not directly compatible. It is incompatible with +some other open source licenses as well. In some cases we can +relicense portions of Nmap or grant special permissions to use it in +other open source software. Please contact fyodor@nmap.org with any +such requests. Similarly, we don't incorporate incompatible open +source software into Nmap without special permission from the +copyright holders. +</para> + +<para>If you have received a written license agreement or contract for +Nmap (such as an <ulink url="https://nmap.org/oem/">Nmap OEM +license</ulink>) stating terms other than these, you may choose to use +and redistribute Nmap under those terms instead.</para> + +</refsect2> + +<refsect2 id="man-copyright"> + <title>Creative Commons License for this Nmap Guide</title> + <para>This <citetitle>Nmap Reference Guide</citetitle> is (C) + 2005–2022 Nmap Software LLC. It is + hereby placed under version 3.0 of the <ulink + url="http://creativecommons.org/licenses/by/3.0/">Creative Commons + Attribution License</ulink>. This allows you redistribute and modify + the work as you desire, as long as you credit the original source. + Alternatively, you may choose to treat this document as falling under + the same license as Nmap itself (discussed previously).</para> +</refsect2> + +<refsect2 id="source-contrib"> + <title>Source Code Availability and Community Contributions</title> + +<para>Source is provided to this software because we believe users +have a right to know exactly what a program is going to do before they +run it. This also allows you to audit the software for security holes.</para> + +<para>Source code also allows you to port Nmap to new platforms, fix +bugs, and add new features. You are highly encouraged to submit your +changes as Github Pull Requests (PR) or send them to +<email>dev@nmap.org</email> for possible incorporation into the main +distribution. By submitting such changes, it is assumed that you are +offering the Nmap Project the unlimited, non-exclusive right to reuse, +modify, and relicense the code. This is important because the +inability to relicense code has caused devastating problems for other +Free Software projects (such as KDE and NASM). We also sell commercial +licenses to <ulink url="https://nmap.org/oem">Nmap OEM</ulink>. If you +wish to specify special license conditions of your contributions, just +say so when you send them.</para> + +</refsect2> + +<refsect2 id="no-warranty"><title>No Warranty<indexterm><primary>warranty (lack of)</primary></indexterm></title> + +<para>This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.</para> + +<para>It should also be noted that Nmap has occasionally been known to crash +poorly written applications, TCP/IP stacks, and even operating +systems.<indexterm><primary>crashing targets</primary></indexterm> +While this is extremely rare, it is important to keep in +mind. <emphasis>Nmap should never be run against mission +critical systems</emphasis> unless you are prepared to suffer +downtime. We acknowledge here that Nmap may crash your systems or +networks and we disclaim all liability for any damage or problems Nmap +could cause.</para> +</refsect2> + +<refsect2 id="inappropriate-usage"><title>Inappropriate Usage</title> +<para>Because of the slight risk of crashes and because a few black +hats like to use Nmap for reconnaissance prior to attacking systems, +there are administrators who become upset and may complain when their +system is scanned. Thus, it is often advisable to request permission +before doing even a light scan of a network.</para> + +<para>Nmap should never be installed with special privileges +(e.g. suid root).<indexterm><primary>setuid, why Nmap shouldn't be</primary></indexterm><indexterm><primary>suid</primary><see>setuid</see></indexterm> +That would open up a major security vulnerability as other users on the +system (or attackers) could use it for privilege escalation. +</para> + +<para>Nmap is not designed, manufactured, or intended for use in +hazardous environments requiring fail- safe performance where the +failure of the software could lead directly to death, personal injury, +or significant physical or environmental damage.</para> + +</refsect2> + +<refsect2 id="third-party-soft"><title>Third-Party Software and Funding Notices</title> + +<para>This product includes software developed by +the <ulink role="hidepdf" url="https://www.apache.org">Apache Software +Foundation</ulink>. A modified version of the <ulink role="hidepdf" +url="https://www.tcpdump.org">Libpcap portable packet capture +library</ulink><indexterm><primary>libpcap</primary></indexterm> +is distributed along with Nmap. +The Windows version of Nmap utilizes the Libpcap-derived +<ulink role="hidepdf" url="https://npcap.com">Ncap library</ulink><indexterm><primary>Npcap</primary></indexterm> +instead. +Regular expression support is provided by the +<ulink role="hidepdf" url="https://pcre.org">PCRE library</ulink>,<indexterm><primary>Perl Compatible Regular Expressions (PCRE)</primary></indexterm> +which is open-source software, written by Philip Hazel.<indexterm><primary>Hazel, Philip</primary></indexterm> +Certain raw networking functions use the +<ulink role="hidepdf" url="http://libdnet.sourceforge.net">Libdnet</ulink><indexterm><primary>libdnet</primary></indexterm> +networking library, which was written by Dug Song.<indexterm><primary>Song, Dug</primary></indexterm> +A modified version is distributed with Nmap. +Nmap can optionally link with the +<ulink role="hidepdf" url="https://openssl.org">OpenSSL +cryptography toolkit</ulink><indexterm><primary>OpenSSL</primary></indexterm> +for SSL version detection support. +The Nmap Scripting Engine uses an embedded version of +the <ulink role="hidepdf" url="https://lua.org">Lua programming +language</ulink>.<indexterm><primary>Lua programming +language</primary></indexterm> The <ulink role="hidepdf" url="https://www.csie.ntu.edu.tw/~cjlin/liblinear/">Liblinear +linear classification library</ulink> is used for our +<man> +<ulink +url="https://nmap.org/book/osdetect-guess.html#osdetect-guess-ipv6">IPv6 +OS detection machine learning techniques</ulink>. +</man> +<notman> +IPv6 OS detection machine +learning techniques (see <xref linkend="osdetect-guess-ipv6"/>). +</notman> +All of the third-party software described in this paragraph is freely +redistributable under BSD-style software licenses.</para> + +<para> +Binary packages for Windows and Mac OS X include support libraries +necessary to run Zenmap and Ndiff with Python and PyGTK. (Unix platforms +commonly make these libraries easy to install, so they are not part of +the packages.) A listing of these support libraries and their licenses +is included in the <filename>LICENSES</filename> files. +</para> + +<para> +This software was supported in part through the <ulink url="https://nmap.org/soc/">Google Summer of Code</ulink> and the <ulink role="hidepdf" url="https://www.fbo.gov/index?s=opportunity&mode=form&id=585e02a51f77af5cb3c9e06b9cc82c48&tab=core&_cview=1">DARPA CINDER program</ulink> (DARPA-BAA-10-84). +</para> + +</refsect2> + +<refsect2 id="us-export"><title>United States Export Control<indexterm><primary>export control</primary></indexterm></title> + +<para>Nmap only uses encryption when compiled with the optional +OpenSSL support and linked with OpenSSL. When compiled without +OpenSSL support, the Nmap Project believes that Nmap is not subject to +U.S. <ulink +url="https://www.bis.doc.gov/index.php/regulations/export-administration-regulations-ear">Export +Administration Regulations (EAR)</ulink> export control. As such, +there is no applicable ECCN (export control classification number) and +exportation does not require any special license, permit, or other +governmental authorization.</para> + +<para>When compiled with OpenSSL support or distributed as source +code, the Nmap Project believes that Nmap falls under +U.S. ECCN +<ulink url="https://www.bis.doc.gov/index.php/documents/regulations-docs/federal-register-notices/federal-register-2014/951-ccl5-pt2/file">5D002</ulink> +(<quote>Information Security Software</quote>). We distribute Nmap +under the TSU exception for publicly available encryption +software defined +in <ulink url="https://www.bis.doc.gov/index.php/documents/regulations-docs/2341-740-2/file">EAR +740.13(e)</ulink>.</para> + +</refsect2> |