Third-party open source software and libraries used by NmapInsecure.Com LLC2016-08-17T21:15:002022-03-22T12:25:36.1809595932016-08-17T21:19:0025PT23H5M18SLibreOffice/6.4.7.2$Linux_X86_64 LibreOffice_project/40$Build-2FALSE0RealEstate4RealEstate4IR1:481112.1 24229 0 22666 31219 true false view2 15134 47129 0 24229 22664 55446 3 0 false 159 false false false false false true true true true true false 0 false false true true false false false false true true true false false false true false true false true false true false false true false true 0 1 true high-resolution true false false true false true true false true ja JP !%),.:;?]}¢°’”‰′″℃、。々〉》」』】〕゛゜ゝゞ・ヽヾ！％），．：；？］｝｡｣､･ﾞﾟ￠ $([\{£¥‘“〈《「『【〔＄（［｛｢￡￥ true 4045258 true false true 0 false false false false false true true true false false true false false false false false true true false false false false false true 365532 false false false false false true false true true 5 Third-party Software Components Used by Nmap The Nmap Security Scanner (https://nmap.org) leverages other software components for various functions. All except for Npcap are open source with BSD-style licenses that allow royalty-free redistribution within other software (including commercial/proprietary software). Some include a warranty disclaimer (relating to the original authors) and require a small amount of acknowledgment text be added to the documentation of any software which includes them (including indirectly through Nmap). The Npcap Windows packet capturing library is a special case because it’s not third party or open source, but it’s documented here as an important component for Nmap on Windows. This document is mostly for our Nmap OEM program customers who license Nmap OEM for redistribution within their commercial software. Some of these software components are only needed on certain platforms (such as Windows or Mac) or to enable optional functionality. These details are discussed in the sections below for each dependency. If 3rd party dependency software is included, than its license must be followed. This is the case whether the licensed product calls the library functions directly, incorporates Nmap source code that calls the functions, or bundles an Nmap executable which links to or includes source code of the given library or dependency. The next section includes sample acknowledgment text to help comply with 3rd party license requirements. This document only covers 3rd party open source software and libraries used by Nmap proper. It does not cover our related tools such as Zenmap, Ncat, Nping, or Ndiff because those are generally not included in the Nmap OEM Licenses we sell. We do track the components of those for our own license compliance purposes in a separate XML document. Please note that all Nmap OEM support, warranties and indemnification that we (Nmap Software LLC) offer to commercial customers apply to these third-party components and all other Npcap code. The warranty disclaimers in their license text just mean that the original library authors and maintainers aren’t responsible for that support you buy from us instead. This document covers Nmap 7.92. Licensees or potential licensees who want this information for a different Nmap release should contact sales@nmap.com. Anyone may redistribute this document in whole or part, including incorporating it into larger documents. In particular, Nmap OEM customers may want to redistribute this document along with Nmap OEM to help comply with attribution and warranty disclaimer clauses of the software component licenses detailed herein. Suggested Acknowledgment Text To give credit where due and also comply with attribution clauses of the various 3rd party software component licenses detailed in this document, we suggest that Nmap OEM customers licensed to redistribute Nmap within their products include this document itself with their software and also include a statement like the one below in their documentation: This product contains the Nmap Security Scanner OEM Edition (https://nmap.org/oem) pursuant to a license agreement with Nmap Software LLC. Depending on configuration, Nmap OEM may contain some or all of the following software: Npcap Windows packet capture and transmission driver (https://npcap.com) Libpcap raw packet capture library (https://tcpdump.org) Libdnet raw networking library (http://libdnet.sourceforge.net) LibPCRE Perl Compatible Regular Expressions Library (https://pcre.org) Lua Programming Language (https://lua.org) Lua extension libraries: SLAXML (an XML parsing library), LuaFileSystem (for filesystem operations), LPeg (Lua Parsing Expression Grammars), lzlib for accessing Zlib compression library functions, and Base3264 for base 32 and 64 encoding and decoding OpenSSL SSL encryption library (https://openssl.org) LIBLINEAR Linear Classification Library (https://www.csie.ntu.edu.tw/~cjlin/liblinear/) Ike-scan Fingerprint Data (http://www.nta-monitor.com/wiki/index.php/Ike-scan_program_notes) LibSSH2 (https://www.libssh2.org/) Zlib (https://zlib.net) Further usage and license details on all of these components are available in the Nmap-Thid-Party-Open-Source.pdf file included with this program and/or available from https://nmap.org/svn/docs/Nmap-Third-Party-Open-Source.pdf. Third party components of Npcap are detailed in Npcap-Third-Party-Open-Source.pdf instead. That file is included with this program and/or available from https://npcap.com/src/docs/Npcap-Third-Party-Open-Source.pdf. Npcap Windows Packet Library Description: Npcap is used by Nmap for capturing and sending raw packets on the Microsoft Windows platform. It is not needed or used on any other platforms. It is produced by Nmap Software LLC, which is the same company that oversees Nmap. While it is not technically “open source” since it does not allow free redistribution, the source code is available and the Npcap license has been tailored to work well with Nmap. Software URL: https://npcap.com Version used: 1.50 License Summary: The free version of Npcap comes with the official Nmap Windows binaries and allows for unlimited usage with Nmap, but not external redistribution. The commercial Npcap OEM Edition enables automated deployment, commercial support, greater internal-use rights for non-Nmap software, and even rights to redistribute Npcap OEM within a company’s own products. The Nmap Security Scanner OEM Edition (Nmap OEM) includes the Npcap OEM packet capturing software so that Nmap OEM customers don’t need to buy Npcap too. Npcap includes 3 open source software components whose BSD-style licenses also must be respected. They all allow free redistribution within commercial software and are detailed in Npcap-Third-Party-Open-Source.pdf. License Text Location: Free license: https://npcap.com/license; Commercial license: https://npcap.com/oem Libpcap Raw Packet Capture Library Description: Libpcap is used by Nmap on UNIX for raw packet reading during host discovery, port scanning, and OS detection. It is bundled with the Nmap Security Scanner in the libpcap subdirectory. Libpcap is also used on Windows as part of the Npcap library (which has its own section in this document). Software URL: https://tcpdump.org Version used: 1.9.1 (source and Linux binaries) or 1.10 (Npcap on Windows) License Summary: Modified BSD license (3-clause) License Text Location: BSD-modified.txt Libdnet Raw Networking Library Description: Libdnet is bundled with Nmap and is required on all platforms for low-level tasks such as sending raw Ethernet frames. We have made many changes and so it is important that our version (distributed with Nmap) be used. Software URL: http://libdnet.sourceforge.net/ Version used: 1.12 Copyright: Dug Song License Summary: Modified BSD license (3-clause) License Text Location: Libdnet-license.txt LibPCRE Perl Compatible Regular Expressions Library Description: LibPCRE is used for regular expression matching as part of Nmap version detection. It is bundled with Nmap in the libpcre subdirectory. Software URL: https://pcre.org Version used: 7.6 License Summary: Modified BSD license (3-clause) License Text Location: PCRE-license.txt Lua Programming Language Description: The LUA programming language may optionally be embedded into Nmap as part of the Nmap Scripting Engine functionality. LUA will not be included if the –without-liblua configuration option is given. If Lua is included, Nmap also includes some LUA libraries which also fall under the free LUA license (they have their own section in this document). Software URL: https://lua.org Version used: 5.3.5 License Summary: MIT license License Text Location: Lua-license.txt Lua Libraries Description: If Lua is included in an Nmap build, four 3rd party Lua libraries are included as well. They are SLAXML (an XML parsing library), LuaFileSystem (for filesystem operations), LPeg (Lua Parsing Expression Grammars), lzlib for accessing Zlib compression library functions, and Base3264 for base 32 and 64 encoding and decoding. They are all under the Lua license (which is the MIT license) although the copyright statement referred to by the license is different because they were created by different authors. All four of those libraries are included in this section SLAXML URL: https://github.com/Phrogz/SLAXML SLAXML Version: 0.7 SLAXML Copyright Statement: Copyright (c) 2013 Gavin Kistner LuaFileSystem URL: https://keplerproject.github.io/luafilesystem/ LuaFileSystem Version: 1.2 LuaFileSystem Copyright Statement: Copyright © 2003 Kepler Project. LPeg URL: http://www.inf.puc-rio.br/~roberto/lpeg/lpeg.html LPeg Version: 0.12 LPeg Copyright Statement: Copyright © 2007-2015 Lua.org, PUC-Rio. lzlib URL: http://luaforge.net/projects/lzlib/ lzlib Version: 0.4-work3 lzlib Copyright Statement: Copyright Tiago Dionizio (tiago.dionizio@gmail.com) Base3264 URL: https://nmap.org/nsedoc/lib/base32.html https://nmap.org/nsedoc/lib/base64.html Base3264 Version: Unversioned Base3264 Copyright Statement: Copyright (c) 2016 Patrick Joseph Donnelly (batrick@batbytes.com) License Summary: All packages use the Lua license (MIT license) with the copyright statements listed above License Text Location: Lua-license.txt OpenSSL SSL Encryption Library Description: OpenSSL can optionally be used by Nmap Service Detection to communicate with SSL-enabled protocols such as https, pop3-s, imaps, etc. It is not included in the Nmap source tree, but you can choose to link to it when compiling Nmap (and we do so for the binaries we distribute). Software URL: https://openssl.org Version used: 1.1.1k in the binaries we distribute. If you build Nmap yourself and include OpenSSL, you supply your own preferred version. License Summary: 4-clause BSD style License Text Location: OpenSSL-license.txt LIBLINEAR Linear Classification Library Description: LIBLINEAR is used as part of Nmap’s machine-learning based IPv6 OS detection system. It’s included in the “liblinear” directory in the Nmap source tree. Software URL: https://www.csie.ntu.edu.tw/~cjlin/liblinear/ Version used: 1.7 License Summary: Modified BSD license (3-clause) License Text Location: LIBLINEAR-license.txt Ike-scan Fingerprinting Data Description: This is a small data file used by an obscure Nmap NSE script named ike-version. The contents were provided to us under a BSD license by the author of a tool named Ike-scan. Software URL: http://www.nta-monitor.com/wiki/index.php/Ike-scan_program_notes Version used: Unversioned License Summary: Simplified (2-clause) BSD license License Text Location: BSD-simplified LibSSH2 Secure Shell Communication Library Description: This library is used to provide Secure Shell (SSH) communication capability to NSE. Software URL: https://www.libssh2.org/ Version used: 1.9.0 License Summary: Modified BSD license (3-clause) License Text Location: libssh2-license.txt Zlib Data Compression Library Description: Zlib is a data compression library linked by LibSSH2, and may also be linked directly by NSE. Software URL: https://zlib.net/ Version used: 1.2.11 License Summary: Zlib license (allows free commercial use and redistribution) License Text Location: zlib-license.txt