PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Removes trailing spaces in 69 files. Closes #971.

Browse Source
This commit is contained in:
rewanth
2017-08-23 08:52:40 +00:00
parent 1c8e232bb3
commit 6ee953a5ff
69 changed files with 409 additions and 409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -11,8 +11,8 @@ o [NSE][GH#892] New script http-bigip-cookie decodes unencrypted F5 BIG-IP
cookies and reports back the IP address and port of the actual server behind
the load-balancer. [Seth Jackson]
o [NSE] New script http-jsonp-detection Attempts to discover JSONP endpoints in
web servers. JSONP endpoints can be used to bypass Same-origin Policy
o [NSE] New script http-jsonp-detection Attempts to discover JSONP endpoints in
web servers. JSONP endpoints can be used to bypass Same-origin Policy
restrictions in web browsers. [Vinamra Bhatia]
o Nmap can now resolve and scan all IP addresses of a host. Instead of using

2
CONTRIBUTING.md
View File

@@ -1,6 +1,6 @@
# Table of Contents
---
* [Introduction](#intro)
* [Code Repository](#repo)
* [Bug Reports](#bug)

8
Makefile.in
View File

@@ -26,8 +26,8 @@ export LIBLINEAR_LIBS = @LIBLINEAR_LIBS@
export NCATDIR=@NCATDIR@
CC = @CC@
CXX = @CXX@
CCOPT =
DBGFLAGS =
CCOPT =
DBGFLAGS =
STRIP = @STRIP@
LIBPCAPDIR = @libpcapdir@
LIBSSH2DIR = @LIBSSH2DIR@
@@ -74,7 +74,7 @@ LINGUAS ?= $(ALL_LINGUAS)
# DESTDIR is used by some package maintainers to install Nmap under
# its usual directory structure into a different tree. See the
# its usual directory structure into a different tree. See the
# CHANGELOG for more info.
DESTDIR =
@@ -469,7 +469,7 @@ check-dns: tests/check_dns
check: @NCAT_CHECK@ @NSOCK_CHECK@ @ZENMAP_CHECK@ @NSE_CHECK@ @NDIFF_CHECK@ check-dns
${srcdir}/configure: configure.ac
${srcdir}/configure: configure.ac
cd ${srcdir} && autoconf
## autoheader might not change config.h.in, so touch a stamp file.

4
acinclude.m4
View File

@@ -40,7 +40,7 @@ extern char pcap_version[];
int main() {
int major, minor1, minor2;
sscanf(pcap_version,"%d.%d.%d", &major, &minor1, &minor2);
if (major > 0)
if (major > 0)
return 0;
if (minor1 < 9)
return 1;
@@ -227,7 +227,7 @@ AC_DEFUN([APR_FIND_APR], [
AC_MSG_CHECKING(for APR)
AC_ARG_WITH(apr,
[ --with-apr=PATH prefix for installed APR or the full path to
[ --with-apr=PATH prefix for installed APR or the full path to
apr-config],
[
if test "$withval" = "no" || test "$withval" = "yes"; then

4
libnetutil/ARPHeader.h
View File

@@ -209,7 +209,7 @@
#define OP_RESERVED 65535 /* Reserved [RFC5494] */
/* TODO @todo: getTargetIP() and getSenderIP() should either
/* TODO @todo: getTargetIP() and getSenderIP() should either
* return struct in_addr or IPAddress but not u32. */
class ARPHeader : public NetworkLayerElement {
@@ -217,7 +217,7 @@ class ARPHeader : public NetworkLayerElement {
private:
struct nping_arp_hdr{
u16 ar_hrd; /* Hardware Type. */
u16 ar_pro; /* Protocol Type. */
u8 ar_hln; /* Hardware Address Length. */

2
libnetutil/DestOptsHeader.h
View File

@@ -145,7 +145,7 @@ class DestOptsHeader : public HopByHopHeader {
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */
// Implemented in HopByHopHeader.h
// Implemented in HopByHopHeader.h
public:
DestOptsHeader();
~DestOptsHeader();

2
libnetutil/EthernetHeader.h
View File

@@ -180,7 +180,7 @@ class EthernetHeader : public DataLinkLayerElement {
nping_eth_hdr_t h;
public:
EthernetHeader();
~EthernetHeader();
void reset();

2
libnetutil/FragmentHeader.h
View File

@@ -154,7 +154,7 @@ class FragmentHeader : public IPv6ExtensionHeader {
typedef struct nping_ipv6_ext_fragment_hdr nping_ipv6_ext_fragment_hdr_t;
nping_ipv6_ext_fragment_hdr_t h;
public:
FragmentHeader();
~FragmentHeader();

2
libnetutil/HopByHopHeader.h
View File

@@ -170,7 +170,7 @@ class HopByHopHeader : public IPv6ExtensionHeader {
nping_ipv6_ext_hopbyhop_hdr_t h;
u8 *curr_option;
public:
HopByHopHeader();
~HopByHopHeader();

16
libnetutil/ICMPv4Header.cc
View File

@@ -380,7 +380,7 @@ bool ICMPv4Header::validateType(u8 val){
} /* End of validateType() */
/** Returns true if the type fields contains an RFC compliant ICMP message
/** Returns true if the type fields contains an RFC compliant ICMP message
* type. */
bool ICMPv4Header::validateType(){
return validateType( this->h.type );
@@ -500,13 +500,13 @@ int ICMPv4Header::setSum(){
u8 buffer[65535];
int total_len=0;
h.checksum = 0;
memcpy(buffer, &h, length);
if( this->getNextElement() != NULL)
total_len=next->dumpToBinaryBuffer(buffer+length, 65535-length);
total_len=next->dumpToBinaryBuffer(buffer+length, 65535-length);
total_len+=length;
h.checksum = in_cksum((unsigned short *)buffer, total_len);
return OP_SUCCESS;
@@ -636,7 +636,7 @@ u32 ICMPv4Header::getReserved() const {
* host byte order */
return (u32)ntohs(h_trc->unused);
break;
default:
return OP_FAILURE;
break;
@@ -1100,7 +1100,7 @@ int ICMPv4Header::getICMPHeaderLengthFromType( u8 type ) const {
case ICMP_TRACEROUTE:
return 20;
break;
case ICMP_DOMAINNAME:
case ICMP_DOMAINNAMEREPLY:
return 8;
@@ -1214,7 +1214,7 @@ const char *ICMPv4Header::type2string(int type, int code) const {
case ICMP_MASKREPLY:
return "Address mask reply";
break;
case ICMP_TRACEROUTE:
return "Traceroute";
break;

18
libnetutil/ICMPv4Header.h
View File

@@ -217,7 +217,7 @@ class ICMPv4Header : public ICMPHeader {
/**********************************************************************/
/* ICMPv4 MESSAGE SPECIFIC HEADERS */
/**********************************************************************/
/* Destination Unreachable Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -232,7 +232,7 @@ class ICMPv4Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct icmp4_dest_unreach_msg icmp4_dest_unreach_msg_t;
/* Time Exceeded Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -247,7 +247,7 @@ class ICMPv4Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct icmp4_time_exceeded_msg icmp4_time_exceeded_msg_t;
/* Parameter Problem Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -264,7 +264,7 @@ class ICMPv4Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct icmp4_parameter_problem_msg icmp4_parameter_problem_msg_t;
/* Source Quench Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -279,7 +279,7 @@ class ICMPv4Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct icmp4_source_quench_msg icmp4_source_quench_msg_t;
/* Redirect Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -294,7 +294,7 @@ class ICMPv4Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct icmp4_redirect_msg icmp4_redirect_msg_t;
/* Echo Request/Reply Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -345,7 +345,7 @@ class ICMPv4Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct icmp4_information_msg icmp4_information_msg_t;
/* ICMP Router Advertisement Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -458,7 +458,7 @@ class ICMPv4Header : public ICMPHeader {
u16 sequence;
}__attribute__((__packed__));
typedef struct icmp4_domain_name_request_msg icmp4_domain_name_request_msg_t;
/* ICMP Domain Name Reply Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -594,7 +594,7 @@ class ICMPv4Header : public ICMPHeader {
int getICMPHeaderLengthFromType( u8 type ) const;
const char *type2string(int type, int code) const;
bool isError() const;
}; /* End of class ICMPv4Header */

80
libnetutil/ICMPv6Header.cc
View File

@@ -179,7 +179,7 @@ u8 *ICMPv6Header::getBufferPointer(){
/** Stores supplied packet in the internal buffer so the information
* can be accessed using the standard get & set methods.
* @warning The ICMPv6Header class is able to hold a maximum of
* @warning The ICMPv6Header class is able to hold a maximum of
* sizeof(nping_icmpv6_hdr_t) bytes. If the supplied buffer is longer than
* that, only the first 1508 bytes will be stored in the internal buffer.
* @warning Supplied len MUST be at least 8 bytes (min ICMPv6 header length).
@@ -238,31 +238,31 @@ int ICMPv6Header::print(FILE *output, int detail) const {
fprintf(output, " (type=%u/code=%u)", type, code);
switch(type) {
case ICMPv6_UNREACH:
case ICMPv6_TIMXCEED:
if(detail>=PRINT_DETAIL_HIGH)
fprintf(output, " unused=%lu", (long unsigned int)this->getUnused());
break;
case ICMPv6_ROUTERSOLICIT:
if(detail>=PRINT_DETAIL_HIGH)
fprintf(output, " reserved=%lu", (long unsigned int)this->getReserved());
break;
case ICMPv6_PKTTOOBIG:
fprintf(output, " mtu=%lu", (long unsigned int)this->getMTU());
break;
case ICMPv6_PARAMPROB:
fprintf(output, " pointer=%lu", (long unsigned int)this->getPointer());
break;
case ICMPv6_ECHO:
case ICMPv6_ECHOREPLY:
fprintf(output, " id=%u seq=%u", this->getIdentifier(), this->getSequence());
break;
case ICMPv6_NODEINFOQUERY:
case ICMPv6_NODEINFORESP:
if(this->getNodeInfoFlags()!=0){
@@ -505,15 +505,15 @@ int ICMPv6Header::setReserved(u32 val){
case ICMPv6_UNREACH:
this->h_du->unused=htonl(val);
break;
case ICMPv6_TIMXCEED:
this->h_te->unused=htonl(val);
break;
case ICMPv6_ROUTERSOLICIT:
this->h_rs->reserved=htonl(val);
break;
case ICMPv6_NGHBRSOLICIT:
this->h_ns->reserved=htonl(val);
break;
@@ -536,7 +536,7 @@ int ICMPv6Header::setReserved(u32 val){
case ICMPv6_RTRRENUM:
this->h_rr->reserved=htonl(val);
break;
/* Types that don't have a reserved field */
case ICMPv6_ROUTERADVERT:
case ICMPv6_ECHO:
@@ -1283,10 +1283,10 @@ const char *ICMPv6Header::type2string(int type, int code) const {
case ICMPv6_UNREACH_REJECT_ROUTE: return "Reject route"; break;
default: return "Destination unreachable (unknown code)"; break;
}
break;
break;
case ICMPv6_PKTTOOBIG:
return "Packet too big";
return "Packet too big";
break;
case ICMPv6_TIMXCEED:
@@ -1296,7 +1296,7 @@ const char *ICMPv6Header::type2string(int type, int code) const {
default: return "Time exceeded (unknown code)"; break;
}
break;
case ICMPv6_PARAMPROB:
switch(code){
case ICMPv6_PARAMPROB_FIELD: return "Parameter problem (bad field)"; break;
@@ -1307,34 +1307,34 @@ const char *ICMPv6Header::type2string(int type, int code) const {
break;
case ICMPv6_ECHO:
return "Echo request";
return "Echo request";
break;
case ICMPv6_ECHOREPLY:
return "Echo reply";
return "Echo reply";
break;
case ICMPv6_GRPMEMBQUERY:
return "Group membership query";
return "Group membership query";
break;
case ICMPv6_GRPMEMBREP:
return "Group membership report";
return "Group membership report";
break;
case ICMPv6_GRPMEMBRED:
return "Group membership reduction";
return "Group membership reduction";
break;
case ICMPv6_ROUTERSOLICIT:
return "Router sol";
return "Router sol";
break;
case ICMPv6_ROUTERADVERT:
return "Router advert";
return "Router advert";
break;
case ICMPv6_NGHBRSOLICIT:
return "Neighbor sol";
return "Neighbor sol";
break;
case ICMPv6_NGHBRADVERT:
return "Neighbor advert";
return "Neighbor advert";
break;
case ICMPv6_REDIRECT:
return "Redirect";
return "Redirect";
break;
case ICMPv6_RTRRENUM:
switch(code){
@@ -1363,61 +1363,61 @@ const char *ICMPv6Header::type2string(int type, int code) const {
break;
case ICMPv6_INVNGHBRSOLICIT:
return "Inverse neighbor sol";
return "Inverse neighbor sol";
break;
case ICMPv6_INVNGHBRADVERT:
return "Inverse neighbor advert";
return "Inverse neighbor advert";
break;
case ICMPv6_MLDV2:
return "MLDv2 report";
return "MLDv2 report";
break;
case ICMPv6_AGENTDISCOVREQ:
return "Home agent request";
return "Home agent request";
break;
case ICMPv6_AGENTDISCOVREPLY:
return "Home agent reply";
return "Home agent reply";
break;
case ICMPv6_MOBPREFIXSOLICIT:
return "Prefix sol";
return "Prefix sol";
break;
case ICMPv6_MOBPREFIXADVERT:
return "Prefix advert";
return "Prefix advert";
break;
case ICMPv6_CERTPATHSOLICIT:
return "Cert path sol";
return "Cert path sol";
break;
case ICMPv6_CERTPATHADVERT:
return "Cert path advert";
return "Cert path advert";
break;
case ICMPv6_EXPMOBILITY:
return "Experimental mobility";
return "Experimental mobility";
break;
case ICMPv6_MRDADVERT:
return "Multicast router advert";
return "Multicast router advert";
break;
case ICMPv6_MRDSOLICIT:
return "Multicast router sol";
return "Multicast router sol";
break;
case ICMPv6_MRDTERMINATE:
return "Multicast router term";
return "Multicast router term";
break;
case ICMPv6_FMIPV6:
return "FMIPv6";
return "FMIPv6";
break;
default:
return "Unknown ICMPv6 type";
break;

30
libnetutil/ICMPv6Header.h
View File

@@ -155,24 +155,24 @@
*
* 1. Imagine we need to build an ICMP echo request message that includes some
* arbitrary data to be echoed. We could do the following:
*
*
* u8 final_packet[1024]; <-- Buffer to store the resulting packet
* u32 final_packet_len=0; <-- Length of the resulting packet
* ICMPv6Header header; <-- The ICMPv6 fixed-length part
* RawData data; <-- The data to append to the echo message
*
*
* header.setType(ICMPv6_ECHO); <-- Set ICMPv6 type to "Echo request"
* data.store("1234567890"); <-- Store data we need to send.
* header.setNextElement(&data); <-- Tell ICMPv6Header what's after it
* header.setSum(); <-- Compute the checksum
*
*
* final_packet_len=header.dumpToBinaryBuffer(fina_packet, 1024);
* send_packet(final_packet, final_packet_len)
*
* 2. If we are sending a parameter problem message and we need to include the
* invoking datagram, we can call setNextElement() passing an IPv6Header
* pointer.
*
*
* u8 final_packet[1024]; <-- Buffer to store the resulting packet
* u32 final_packet_len=0; <-- Length of the resulting packet
* ICMPv6Header header; <-- The ICMPv6 fixed-length part
@@ -186,7 +186,7 @@
*
* 3. If we are sending a router solicitation message, we'll call
* setNextElement() passing an IPv6Options Pointer.
*
*
* u8 final_packet[1024]; <-- Buffer to store the resulting packet
* u32 final_packet_len=0; <-- Length of the resulting packet
* ICMPv6Header header; <-- The ICMPv6 fixed-length part
@@ -217,11 +217,11 @@
* following IETF RFC documents: RFC 4443, RFC 2461, RFC 2894 */
/* ICMP types and codes.
* The following types and codes have been defined by IANA. A complete list
* The following types and codes have been defined by IANA. A complete list
* may be found at http://www.iana.org/assignments/icmpv6-parameters
*
* Definitions on the first level of indentation are ICMPv6 Types.
* Definitions on the second level of indentation (values enclosed in
* Definitions on the second level of indentation (values enclosed in
* parenthesis) are ICMPv6 Codes */
#define ICMPv6_UNREACH 1 /* Destination unreachable [RFC 2463, 4443] */
#define ICMPv6_UNREACH_NO_ROUTE (0) /* --> No route to destination */
@@ -335,7 +335,7 @@ class ICMPv6Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct nping_icmpv6_hdr nping_icmpv6_hdr_t;
/**********************************************************************/
/* ICMPv6 MESSAGE SPECIFIC HEADERS */
/**********************************************************************/
@@ -371,7 +371,7 @@ class ICMPv6Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct pkt_too_big_msg pkt_too_big_msg_t;
/* Time Exceeded Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -387,7 +387,7 @@ class ICMPv6Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct time_exceeded_msg time_exceeded_msg_t;
/* Parameter Problem Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -403,7 +403,7 @@ class ICMPv6Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct parameter_problem_msg parameter_problem_msg_t;
/* Echo Request/Response Messages
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -418,7 +418,7 @@ class ICMPv6Header : public ICMPHeader {
//u8 data[?];
}__attribute__((__packed__));
typedef struct echo_msg echo_msg_t;
/* Router Advertisement Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -441,7 +441,7 @@ class ICMPv6Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct router_advert_msg router_advert_msg_t;
/* Router Solicitation Message
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -538,7 +538,7 @@ class ICMPv6Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct redirect_msg redirect_msg_t;
/* Router Renumbering Header
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
@@ -612,7 +612,7 @@ class ICMPv6Header : public ICMPHeader {
}__attribute__((__packed__));
typedef struct mld_msg mld_msg_t;
nping_icmpv6_hdr_t h;
/* Helper pointers */

4
libnetutil/ICMPv6Option.cc
View File

@@ -371,7 +371,7 @@ int ICMPv6Option::getHeaderLengthFromType(u8 type){
case ICMPv6_OPTION_SRC_LINK_ADDR:
return ICMPv6_OPTION_SRC_LINK_ADDR_LEN;
break;
case ICMPv6_OPTION_TGT_LINK_ADDR:
return ICMPv6_OPTION_TGT_LINK_ADDR_LEN;
break;
@@ -388,7 +388,7 @@ int ICMPv6Option::getHeaderLengthFromType(u8 type){
return ICMPv6_OPTION_MTU_LEN;
break;
/* Packets with non RFC-Compliant option types will be represented as an
/* Packets with non RFC-Compliant option types will be represented as an
* 8-byte ICMPv6 option. */
default:
return ICMPv6_OPTION_MIN_HEADER_LEN;

2
libnetutil/IPv6ExtensionHeader.h
View File

@@ -145,7 +145,7 @@
#define EXTOPT_HOMEADDR 0xC9 /* Home Address (RFC 6275) */
class IPv6ExtensionHeader : public PacketElement {
};
#endif

18
libnetutil/IPv6Header.cc
View File

@@ -176,7 +176,7 @@ u8 *IPv6Header::getBufferPointer(){
* in the internal buffer.
* @warning Supplied len MUST be at least 40 bytes (IPv6 header length).
* @return OP_SUCCESS on success and OP_FAILURE in case of error */
int IPv6Header::storeRecvData(const u8 *buf, size_t len){
int IPv6Header::storeRecvData(const u8 *buf, size_t len){
if(buf==NULL || len<IPv6_HEADER_LEN){
return OP_FAILURE;
}else{
@@ -231,14 +231,14 @@ int IPv6Header::print(FILE *output, int detail) const {
if( detail == PRINT_DETAIL_LOW ){
Snprintf(ipinfo, sizeof(ipinfo), "hlim=%d", this->getHopLimit());
}else if( detail == PRINT_DETAIL_MED ){
Snprintf(ipinfo, sizeof(ipinfo), "hlim=%d tclass=%d flow=%d",
Snprintf(ipinfo, sizeof(ipinfo), "hlim=%d tclass=%d flow=%d",
this->getHopLimit(), this->getTrafficClass(), this->getFlowLabel() );
}else if( detail>=PRINT_DETAIL_HIGH ){
Snprintf(ipinfo, sizeof(ipinfo), "ver=%d hlim=%d tclass=%d flow=%d plen=%d nh=%d",
this->getVersion(), this->getHopLimit(), this->getTrafficClass(),
Snprintf(ipinfo, sizeof(ipinfo), "ver=%d hlim=%d tclass=%d flow=%d plen=%d nh=%d",
this->getVersion(), this->getHopLimit(), this->getTrafficClass(),
this->getFlowLabel(), this->getPayloadLength(), this->getNextHeader() );
}
fprintf(output, " %s]", ipinfo);
fprintf(output, " %s]", ipinfo);
if(this->next!=NULL){
print_separator(output, detail);
next->print(output, detail);
@@ -295,8 +295,8 @@ u8 IPv6Header::getVersion() const {
u8 fullbyte;
}header1stbyte;
header1stbyte.fullbyte = h.ip6_start[0];
return (u8)header1stbyte.halfbyte.ver;
header1stbyte.fullbyte = h.ip6_start[0];
return (u8)header1stbyte.halfbyte.ver;
} /* End of getVersion() */
@@ -337,7 +337,7 @@ int IPv6Header::setTrafficClass(u8 val){
/* Write the bytes back to the header */
h.ip6_start[0]=header1stbyte.fullbyte;
h.ip6_start[1]=header2ndbyte.fullbyte;
return OP_SUCCESS;
} /* End of setTrafficClass() */
@@ -489,7 +489,7 @@ int IPv6Header::setNextHeader(const char *p){
setNextHeader(58); /* 58=IANA number for proto ICMPv6 */
else
netutil_fatal("setNextProto(): Invalid protocol number\n");
return OP_SUCCESS;
return OP_SUCCESS;
} /* End of setNextHeader() */

20
libnetutil/IPv6Header.h
View File

@@ -146,7 +146,7 @@
class IPv6Header : public NetworkLayerElement {
private:
/* IPv6 Header Format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
@@ -172,14 +172,14 @@ class IPv6Header : public NetworkLayerElement {
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
struct nping_ipv6_hdr {
u8 ip6_start[4]; /* Version, Traffic and Flow */
u16 ip6_len; /* Payload length */
u8 ip6_nh; /* Next Header */
u8 ip6_hopl; /* Hop Limit */
u8 ip6_src[16]; /* Source IP Address */
u8 ip6_dst[16]; /* Destination IP Address */
u8 ip6_dst[16]; /* Destination IP Address */
}__attribute__((__packed__));
typedef struct nping_ipv6_hdr nping_ipv6_hdr_t;
@@ -187,7 +187,7 @@ class IPv6Header : public NetworkLayerElement {
nping_ipv6_hdr_t h;
public:
/* Misc */
IPv6Header();
~IPv6Header();
@@ -200,7 +200,7 @@ class IPv6Header : public NetworkLayerElement {
/* IP version */
int setVersion();
int setVersion(u8 val);
int setVersion(u8 val);
u8 getVersion() const;
/* Traffic class */
@@ -210,27 +210,27 @@ class IPv6Header : public NetworkLayerElement {
/* Flow Label */
int setFlowLabel(u32 val);
u32 getFlowLabel() const;
/* Payload Length */
int setPayloadLength(u16 val);
int setPayloadLength();
u16 getPayloadLength() const;
/* Next Header */
int setNextHeader(u8 val);
int setNextHeader(const char *p);
u8 getNextHeader() const;
/* Hop Limit */
int setHopLimit(u8 val);
u8 getHopLimit() const;
/* Source Address */
int setSourceAddress(u8 *val);
int setSourceAddress(struct in6_addr val);
const u8 *getSourceAddress() const;
struct in6_addr getSourceAddress(struct in6_addr *result) const;
/* Destination Address*/
int setDestinationAddress(u8 *val);
int setDestinationAddress(struct in6_addr val);

4
libnetutil/Makefile.in
View File

@@ -17,7 +17,7 @@ TARGET = libnetutil.a
SRCS = $(srcdir)/netutil.cc $(srcdir)/PacketElement.cc $(srcdir)/NetworkLayerElement.cc $(srcdir)/ARPHeader.cc $(srcdir)/PacketElement.cc $(srcdir)/NetworkLayerElement.cc $(srcdir)/TransportLayerElement.cc $(srcdir)/ARPHeader.cc $(srcdir)/EthernetHeader.cc $(srcdir)/ICMPv4Header.cc $(srcdir)/ICMPv6Header.cc $(srcdir)/IPv4Header.cc $(srcdir)/IPv6Header.cc $(srcdir)/TCPHeader.cc $(srcdir)/UDPHeader.cc $(srcdir)/RawData.cc $(srcdir)/HopByHopHeader.cc $(srcdir)/DestOptsHeader.cc $(srcdir)/FragmentHeader.cc $(srcdir)/RoutingHeader.cc $(srcdir)/PacketParser.cc
OBJS = netutil.o PacketElement.o NetworkLayerElement.o TransportLayerElement.o ARPHeader.o EthernetHeader.o ICMPv4Header.o ICMPv6Header.o IPv4Header.o IPv6Header.o TCPHeader.o UDPHeader.o RawData.o HopByHopHeader.o DestOptsHeader.o FragmentHeader.o RoutingHeader.o PacketParser.o
all: $(TARGET)
all: $(TARGET)
$(TARGET): $(OBJS)
rm -f $@
@@ -25,7 +25,7 @@ $(TARGET): $(OBJS)
$(RANLIB) $@
clean:
rm -f $(OBJS) $(TARGET)
rm -f $(OBJS) $(TARGET)
distclean: clean
rm -rf Makefile makefile.dep

2
libnetutil/PacketElement.h
View File

@@ -182,7 +182,7 @@ class PacketElement {
public:
PacketElement();
virtual ~PacketElement(){
} /* End of PacketElement destructor */

80
libnetutil/PacketParser.cc
View File

@@ -621,11 +621,11 @@ pkt_type_t *PacketParser::parse_packet(const u8 *pkt, size_t pktlen, bool eth_in
}else{ // next_layer==APPLICATION_LAYER
if(PKTPARSERDEBUG)puts("Next Layer=Application");
if(curr_pktlen>0){
/* If we get here it is possible that the packet is ARP but
* we have no access to the original Ethernet header. We
* determine if this header is ARP by checking its size
* and checking for some common values. */
/* If we get here it is possible that the packet is ARP but
* we have no access to the original Ethernet header. We
* determine if this header is ARP by checking its size
* and checking for some common values. */
if(arp.storeRecvData(curr_pkt, curr_pktlen)!=OP_FAILURE){
if( (arplen=arp.validate())!=OP_FAILURE){
if(arp.getHardwareType()==HDR_ETH10MB){
@@ -649,7 +649,7 @@ pkt_type_t *PacketParser::parse_packet(const u8 *pkt, size_t pktlen, bool eth_in
}
}
}
//if(expected==HEADER_TYPE_DNS){
//}else if(expected==HEADER_TYPE_HTTP){
//}... ETC
@@ -1035,9 +1035,9 @@ const char *PacketParser::test_packet_parser(PacketElement *test_pkt){
/* Returns true if the supplied "rcvd" packet is a response to the "sent" packet.
* This method currently handles IPv4, IPv6, ICMPv4, ICMPv6, TCP and UDP. Here
* This method currently handles IPv4, IPv6, ICMPv4, ICMPv6, TCP and UDP. Here
* some examples of what can be matched using it:
*
*
* Probe: TCP SYN -> Response TCP SYN|ACK
* Probe: TCP SYN -> Response TCP RST|ACK
* Probe: UDP:53 -> Response UDP from port 53.
@@ -1050,9 +1050,9 @@ const char *PacketParser::test_packet_parser(PacketElement *test_pkt){
*
* Note that ICMP error messages are matched against sent probes (e.g: an ICMP
* Parameter Problem generated as a result of an invalid TCP segment is matched
* positively with the original TCP segment). Therefore, the caller must ensure
* positively with the original TCP segment). Therefore, the caller must ensure
* that the received packet is what it expects before using it (e.g: the packet
* is an actual TCP packet, not an ICMP error).
* is an actual TCP packet, not an ICMP error).
*
* Warning: this method assumes that the probes you send are reasonably
* different from each other. Don't expect a 100% accuracy if you send a bunch
@@ -1063,8 +1063,8 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
if(sent==NULL || rcvd==NULL)
return false;
/* If any of the packets is encapsulated in an Ethernet frame, strip the
/* If any of the packets is encapsulated in an Ethernet frame, strip the
* link layer header before proceeding with the matching process. */
if(rcvd->protocol_id()==HEADER_TYPE_ETHERNET)
if( (rcvd=rcvd->getNextElement())==NULL)
@@ -1072,11 +1072,11 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
if(sent->protocol_id()==HEADER_TYPE_ETHERNET)
if( (sent=sent->getNextElement())==NULL)
return false;
/* Make sure both packets have the same network layer */
if(rcvd->protocol_id()!=sent->protocol_id())
return false;
/* The packet could be ARP */
if(rcvd->protocol_id()==HEADER_TYPE_ARP){
ARPHeader *sent_arp=(ARPHeader *)sent;
@@ -1084,7 +1084,7 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
switch(sent_arp->getOpCode()){
case OP_ARP_REQUEST:
if(rcvd_arp->getOpCode()==OP_ARP_REPLY){
/* TODO @todo: getTargetIP() and getSenderIP() should
/* TODO @todo: getTargetIP() and getSenderIP() should
* either return struct in_addr or IPAddress but not u32. */
if(sent_arp->getTargetIP()==rcvd_arp->getSenderIP())
if(sent_arp->getSenderIP()==rcvd_arp->getTargetIP())
@@ -1092,8 +1092,8 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
}
return false;
break;
/* We only support ARP, not RARP or other weird stuff. Also, if
/* We only support ARP, not RARP or other weird stuff. Also, if
* we didn't send a request, then we don't expect any response */
case OP_RARP_REQUEST:
case OP_DRARP_REQUEST:
@@ -1101,11 +1101,11 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
default:
return false;
break;
}
return false;
}
/* The packet is IPv4 or IPv6 */
if(rcvd->protocol_id()!=HEADER_TYPE_IPv6 && rcvd->protocol_id()!=HEADER_TYPE_IPv4)
return false;
@@ -1123,7 +1123,7 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
return false;
if(PKTPARSERDEBUG)printf("%s(): Src and Dst addresses make sense.\n", __func__);
/* Skip layers until we find ICMP or a transport protocol */
PacketElement *rcvd_layer4=rcvd_ip->getNextElement();
PacketElement *sent_layer4=sent_ip->getNextElement();
@@ -1145,34 +1145,34 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
}
if(rcvd_layer4==NULL || sent_layer4==NULL)
return false;
if(PKTPARSERDEBUG)printf("%s(): Layer 4 found for both packets.\n", __func__);
/* If we get here it means that both packets have a proper layer4 protocol
* header. Now we have to check which type are they and see if a probe-response
* relation can be established. */
if(sent_layer4->protocol_id()==HEADER_TYPE_ICMPv6 || sent_layer4->protocol_id()==HEADER_TYPE_ICMPv4){
if(PKTPARSERDEBUG)printf("%s(): Sent packet is ICMP.\n", __func__);
/* Make sure received packet is ICMP (we only expect ICMP responses for
* ICMP probes) */
if(rcvd_layer4->protocol_id()!=HEADER_TYPE_ICMPv6 && rcvd_layer4->protocol_id()!=HEADER_TYPE_ICMPv4 )
return false;
/* Make sure both packets have the same ICMP version */
if(sent_layer4->protocol_id()!=rcvd_layer4->protocol_id())
return false;
if(PKTPARSERDEBUG)printf("%s(): Received packet is ICMP too.\n", __func__);
if(PKTPARSERDEBUG)printf("%s(): Received packet is ICMP too.\n", __func__);
/* Check if the received ICMP is an error message. We don't care which kind
* of error message it is. The only important thing is that error messages
* contain a copy of the original datagram, and that's what we want to
* match against the sent probe. */
if( ((ICMPHeader *)rcvd_layer4)->isError() ){
NetworkLayerElement *iperror=(NetworkLayerElement *)rcvd_layer4->getNextElement();
if(PKTPARSERDEBUG)printf("%s(): Received ICMP is an error message.\n", __func__);
/* ICMP error message must contain the original datagram */
@@ -1426,9 +1426,9 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
return false; // Should never happen, though.
}
}else{ /* Received ICMP is informational. */
if(PKTPARSERDEBUG)printf("%s(): Received ICMP is an informational message.\n", __func__);
/* If we get here it means that we received an informational ICMPv6
* message. So now we have to check if the received message is the
* expected reply to the probe we sent (like an Echo reply for an Echo
@@ -1726,12 +1726,12 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
}
}
}else if(sent_layer4->protocol_id()==HEADER_TYPE_TCP || sent_layer4->protocol_id()==HEADER_TYPE_UDP){
if(PKTPARSERDEBUG)printf("%s(): Sent packet has a transport layer header.\n", __func__);
/* Both are TCP or both UDP */
if(sent_layer4->protocol_id()==rcvd_layer4->protocol_id()){
if(PKTPARSERDEBUG)printf("%s(): Received packet has a transport layer header too.\n", __func__);
/* Probe source port must equal response target port */
@@ -1744,9 +1744,9 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
/* If we sent TCP or UDP and got ICMP in response, we need to find a copy of our packet in the
* ICMP payload, providing it is an ICMP error message. */
}else if(rcvd_layer4->protocol_id()==HEADER_TYPE_ICMPv6 || rcvd_layer4->protocol_id()==HEADER_TYPE_ICMPv4){
if(PKTPARSERDEBUG)printf("%s(): Received packet does not have transport layer header but an ICMP header.\n", __func__);
/* We only expect ICMP error messages */
if( !(((ICMPHeader *)rcvd_layer4)->isError()) )
return false;
@@ -1810,17 +1810,17 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){
/* Tries to find a transport layer header in the supplied chain of
* protocol headers. On success it returns a pointer to a PacketElement
* of one of these types:
*
*
* HEADER_TYPE_TCP
* HEADER_TYPE_UDP
* HEADER_TYPE_ICMPv4
* HEADER_TYPE_ICMPv4
* HEADER_TYPE_ICMPv6
* HEADER_TYPE_SCTP
* HEADER_TYPE_ARP
*
*
* It returns NULL if no transport layer header is found.
*
* Note that this method onyl understands IPv4, IPv6 (and its
*
* Note that this method onyl understands IPv4, IPv6 (and its
* extension headers) and Ethernet. If the supplied packet contains
* something different before the tranport layer, NULL will be returned.
* */
@@ -1841,7 +1841,7 @@ PacketElement *PacketParser::find_transport_layer(PacketElement *chain){
case HEADER_TYPE_IPv6_MOBILE:
aux=aux->getNextElement();
break;
/* If we found the transport layer, return it. */
case HEADER_TYPE_TCP:
case HEADER_TYPE_UDP:
@@ -1851,9 +1851,9 @@ PacketElement *PacketParser::find_transport_layer(PacketElement *chain){
case HEADER_TYPE_ARP:
return aux;
break;
/* Otherwise, the packet contains headers we don't understand
* so we just return NULL to indicate that no valid transport
* so we just return NULL to indicate that no valid transport
* layer was found. */
default:
return NULL;

2
libnetutil/PacketParser.h
View File

@@ -178,7 +178,7 @@ typedef struct packet_type{
class PacketParser {
private:
public:
/* Misc */

2
libnetutil/RawData.cc
View File

@@ -165,7 +165,7 @@ u8 * RawData::getBufferPointer(){
} /* End of getBufferPointer() */
u8 * RawData::getBufferPointer(int *mylen){
u8 * RawData::getBufferPointer(int *mylen){
if(mylen!=NULL)
*mylen=this->length;
return this->data;

2
libnetutil/RoutingHeader.cc
View File

@@ -186,7 +186,7 @@ int RoutingHeader::storeRecvData(const u8 *buf, size_t len){
/* Type 0 has a variable length, but the value of its HdrExtLen
* field must be even (because it must be a multiple of the
* IPv6 address size). We also make sure that the received buffer
* has as many bytes as the HdrExtLen field says it has, and
* has as many bytes as the HdrExtLen field says it has, and
* that it doesn't exceed the maximum number of octets we
* can store in this object. */
if(this->h.len%2==1 || ((unsigned int)(this->h.len+1))*8 > len || (this->h.len+1)*8 > ROUTING_HEADER_MAX_LEN){

4
libnetutil/RoutingHeader.h
View File

@@ -191,7 +191,7 @@ class RoutingHeader : public IPv6ExtensionHeader {
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
3) Type 2 Routing header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -219,7 +219,7 @@ class RoutingHeader : public IPv6ExtensionHeader {
nping_ipv6_ext_routing_hdr_t h;
u8 *curr_addr;
public:
RoutingHeader();
~RoutingHeader();

10
libnetutil/TCPHeader.cc
View File

@@ -886,12 +886,12 @@ const u8 *TCPHeader::getOptions(size_t *optslen) const {
/* Returns the index-th option in the TCP header. On success it returns a
* structure filled with option information. If there is no index-th option,
* it returns a structure with st.value==NULL. Note that this function does
* not perform strict validity checking. It does check that the length claimed
* by the options does not exceed the available buffer but it does not check,
* for example, that the MSS option always contains a length of 4. Also,
* it returns a structure with st.value==NULL. Note that this function does
* not perform strict validity checking. It does check that the length claimed
* by the options does not exceed the available buffer but it does not check,
* for example, that the MSS option always contains a length of 4. Also,
* if the returned option type is TCPOPT_EOL or TCPOPT_NOOP, the len field
* would be set to zero and the "value" field should NOT be accessed, as it
* would be set to zero and the "value" field should NOT be accessed, as it
* will not contain reliable information. */
nping_tcp_opt_t TCPHeader::getOption(unsigned int index) const {
nping_tcp_opt_t *curr_opt=NULL;

2
libnetutil/TCPHeader.h
View File

@@ -256,7 +256,7 @@ class TCPHeader : public TransportLayerElement {
int protocol_id() const;
int validate();
int print(FILE *output, int detail) const;
int setSourcePort(u16 p);
u16 getSourcePort() const;

2
libnetutil/UDPHeader.h
View File

@@ -174,7 +174,7 @@ class UDPHeader : public TransportLayerElement {
int protocol_id() const;
int validate();
int print(FILE *output, int detail) const;
int setSourcePort(u16 p);
u16 getSourcePort() const;

82
libnetutil/netutil.cc
View File

@@ -195,7 +195,7 @@
#endif
#endif
#ifndef NETINET_IP_H /* This guarding is needed for at least some versions of OpenBSD */
#include <netinet/ip.h>
#include <netinet/ip.h>
#define NETINET_IP_H
#endif
#include <net/if_arp.h>
@@ -400,7 +400,7 @@ int parse_ip_options(const char *txt, u8 *data, int datalen, int* firsthopoff, i
*d++ = 0;*d++ = 0;*d++ = 0;*d++ = 0;
}else{
if(errstr) Snprintf(errstr, errstrlen, "When using source routing you must leave at least one slot for target's ip.");
return OP_FAILURE;
return OP_FAILURE;
}
}
if(s == RR)
@@ -527,7 +527,7 @@ int ip_is_reserved(struct in_addr *ip)
/* 169.254.0.0/16 is reserved for DHCP clients seeking addresses - RFC3927 */
if (i1 == 169 && i2 == 254)
return 1;
/* 203.0.113.0/24 is reserved for documentation (RFC5737) */
if (i1 == 203 && i2 == 0 && i3 == 113)
return 1;
@@ -1607,7 +1607,7 @@ int sockaddr_equal_zero(const struct sockaddr_storage *s) {
/* This is a helper for getsysroutes_dnet. Once the table of routes is in
place, this function assigns each to an interface and removes any routes
that can't be assigned. */
static struct dnet_collector_route_nfo *sysroutes_dnet_find_interfaces(struct dnet_collector_route_nfo *dcrn)
static struct dnet_collector_route_nfo *sysroutes_dnet_find_interfaces(struct dnet_collector_route_nfo *dcrn)
{
struct interface_info *ifaces;
int numifaces = 0;
@@ -1721,7 +1721,7 @@ static struct sys_route *getsysroutes_dnet(int *howmany, char *errstr, size_t er
dcrn.numifaces = 0;
assert(howmany);
route_t *dr = route_open();
if (!dr){
if(errstr) Snprintf(errstr, errstrlen, "%s: route_open() failed", __func__);
*howmany=-1;
@@ -1757,7 +1757,7 @@ struct sys_route *getsysroutes(int *howmany, char *errstr, size_t errstrlen) {
static struct sys_route *routes = NULL;
static int numroutes = 0;
assert(howmany);
if (routes != NULL) {
/* We have it cached. */
*howmany = numroutes;
@@ -1865,7 +1865,7 @@ memset(buffer, 0, 129);
switch(nextheader){
case 0:
case 0:
if(acronym)
strncpy(buffer, "HOPOPT", 128);
else
@@ -1873,7 +1873,7 @@ switch(nextheader){
break;
case 1:
case 1:
if(acronym)
strncpy(buffer, "ICMP", 128);
else
@@ -1881,7 +1881,7 @@ switch(nextheader){
break;
case 2:
case 2:
if(acronym)
strncpy(buffer, "IGMP", 128);
else
@@ -1889,7 +1889,7 @@ switch(nextheader){
break;
case 4:
case 4:
if(acronym)
strncpy(buffer, "IP", 128);
else
@@ -1897,7 +1897,7 @@ switch(nextheader){
break;
case 6:
case 6:
if(acronym)
strncpy(buffer, "TCP", 128);
else
@@ -1905,7 +1905,7 @@ switch(nextheader){
break;
case 8:
case 8:
if(acronym)
strncpy(buffer, "EGP", 128);
else
@@ -1913,7 +1913,7 @@ switch(nextheader){
break;
case 9:
case 9:
if(acronym)
strncpy(buffer, "IGP", 128);
else
@@ -1921,7 +1921,7 @@ switch(nextheader){
break;
case 17:
case 17:
if(acronym)
strncpy(buffer, "UDP", 128);
else
@@ -1929,7 +1929,7 @@ switch(nextheader){
break;
case 41:
case 41:
if(acronym)
strncpy(buffer, "IPv6", 128);
else
@@ -1937,7 +1937,7 @@ switch(nextheader){
break;
case 43:
case 43:
if(acronym)
strncpy(buffer, "IPv6-Route", 128);
else
@@ -1945,7 +1945,7 @@ switch(nextheader){
break;
case 44:
case 44:
if(acronym)
strncpy(buffer, "IPv6-Frag", 128);
else
@@ -1953,7 +1953,7 @@ switch(nextheader){
break;
case 50:
case 50:
if(acronym)
strncpy(buffer, "ESP", 128);
else
@@ -1961,7 +1961,7 @@ switch(nextheader){
break;
case 51:
case 51:
if(acronym)
strncpy(buffer, "AH", 128);
else
@@ -1969,7 +1969,7 @@ switch(nextheader){
break;
case 55:
case 55:
if(acronym)
strncpy(buffer, "MOBILE", 128);
else
@@ -1977,7 +1977,7 @@ switch(nextheader){
break;
case 58:
case 58:
if(acronym)
strncpy(buffer, "IPv6-ICMP", 128);
else
@@ -1985,7 +1985,7 @@ switch(nextheader){
break;
case 59:
case 59:
if(acronym)
strncpy(buffer, "IPv6-NoNxt", 128);
else
@@ -1993,7 +1993,7 @@ switch(nextheader){
break;
case 60:
case 60:
if(acronym)
strncpy(buffer, "IPv6-Opts", 128);
else
@@ -2001,7 +2001,7 @@ switch(nextheader){
break;
case 70:
case 70:
if(acronym)
strncpy(buffer, "VISA", 128);
else
@@ -2009,7 +2009,7 @@ switch(nextheader){
break;
case 88:
case 88:
if(acronym)
strncpy(buffer, "EIGRP", 128);
else
@@ -2017,7 +2017,7 @@ switch(nextheader){
break;
case 94:
case 94:
if(acronym)
strncpy(buffer, "IPIP", 128);
else
@@ -2025,7 +2025,7 @@ switch(nextheader){
break;
case 132:
case 132:
if(acronym)
strncpy(buffer, "SCTP", 128);
else
@@ -2033,7 +2033,7 @@ switch(nextheader){
break;
case 133:
case 133:
if(acronym)
strncpy(buffer, "FC", 128);
else
@@ -2041,7 +2041,7 @@ switch(nextheader){
break;
case 135:
case 135:
if(acronym)
strncpy(buffer, "MH", 128);
else
@@ -2052,7 +2052,7 @@ switch(nextheader){
return buffer;
} /* End of nexthdrtoa() */
@@ -2250,7 +2250,7 @@ char *format_ip_options(const u8* ipopt, int ipoptlen) {
STRAPP("}",NULL);
option_type = UNKNOWN;
}
} // while
} // while
if(option_type != UNKNOWN)
STRAPP("}");
@@ -3528,8 +3528,8 @@ static int route_dst_generic(const struct sockaddr_storage *dst,
* of the routing details. If the source address needs to be spoofed,
* it should be passed through "spoofss" (otherwise NULL should be
* specified), along with a suitable network device (parameter "device").
* Even if spoofss is NULL, if user specified a network device with -e,
* it should still be passed. Note that it's OK to pass either NULL or
* Even if spoofss is NULL, if user specified a network device with -e,
* it should still be passed. Note that it's OK to pass either NULL or
* an empty string as the "device", as long as spoofss==NULL. */
int route_dst(const struct sockaddr_storage *dst, struct route_nfo *rnfo,
const char *device, const struct sockaddr_storage *spoofss) {
@@ -3544,7 +3544,7 @@ int route_dst(const struct sockaddr_storage *dst, struct route_nfo *rnfo,
* the call fails. It also prints informational messages about the
* errors encountered. It returns the number of bytes sent or -1 in
* case of error. */
int Sendto(const char *functionname, int sd,
int Sendto(const char *functionname, int sd,
const unsigned char *packet, int len, unsigned int flags,
struct sockaddr *to, int tolen) {
@@ -3625,7 +3625,7 @@ int send_ip_packet_sd(int sd, const struct sockaddr_in *dst,
assert(sd >= 0);
sock = *dst;
/* It is bogus that I need the address and port info when sending a RAW IP
/* It is bogus that I need the address and port info when sending a RAW IP
packet, but it doesn't seem to work w/o them */
if (packetlen >= 20) {
if (ip->ip_p == IPPROTO_TCP
@@ -4260,7 +4260,7 @@ static int read_reply_pcap(pcap_t *pd, long to_usec,
// sent the packet (which is according to gettimeofday() in nbase). For now, I will sadly have to
// use gettimeofday() for Windows in this case
// Actually I now allow .05 discrepancy. So maybe this isn't needed. I'll comment out for now.
// Nope: it is still needed at least for Windows. Sometimes the time from he pcap header is a
// Nope: it is still needed at least for Windows. Sometimes the time from he pcap header is a
// COUPLE SECONDS before the gettimeofday() results :(.
#if defined(WIN32) || defined(__amigaos__)
gettimeofday(&tv_end, NULL);
@@ -4520,11 +4520,11 @@ bool doArp(const char *dev, const u8 *srcmac,
u8 *targetmac,
void (*traceArp_callback)(int, const u8 *, u32 , struct timeval *)
) {
/* timeouts in microseconds ... the first ones are retransmit times, while
/* timeouts in microseconds ... the first ones are retransmit times, while
the final one is when we give up */
int timeouts[] = { 100000, 400000, 800000 };
int max_sends = 3;
int num_sends = 0; // How many we have sent so far
int num_sends = 0; // How many we have sent so far
eth_t *ethsd;
u8 frame[ETH_HDR_LEN + ARP_HDR_LEN + ARP_ETHIP_LEN];
const struct sockaddr_in *targetsin = (struct sockaddr_in *) targetip;
@@ -4661,7 +4661,7 @@ const char *grab_next_host_spec(FILE *inputfd, bool random, int argc, const char
Strncpy(host_spec, inet_ntoa(ip), sizeof(host_spec));
} else if (!inputfd) {
return( (optind < argc)? argv[optind++] : NULL);
} else {
} else {
n = read_host_from_file(inputfd, host_spec, sizeof(host_spec));
if (n == 0)
return NULL;
@@ -4688,7 +4688,7 @@ int set_max_open_descriptors(int desired_max) {
int flag=0;
#if (defined(RLIMIT_OFILE) || defined(RLIMIT_NOFILE))
#ifdef RLIMIT_NOFILE
flag=RLIMIT_NOFILE; /* Linux */
#else
@@ -4728,7 +4728,7 @@ int get_max_open_descriptors() {
int flag=0;
#if (defined(RLIMIT_OFILE) || defined(RLIMIT_NOFILE))
#ifdef RLIMIT_NOFILE
flag=RLIMIT_NOFILE; /* Linux */
#else

2
libnetutil/netutil.h
View File

@@ -147,7 +147,7 @@ extern "C" {
#include "dnet.h"
#include <nbase.h>
/* It is VERY important to never change the value of these two constants.
/* It is VERY important to never change the value of these two constants.
* Specially, OP_FAILURE should never be positive, as some pieces of code take
* that for granted. */
enum { OP_FAILURE = -1, OP_SUCCESS = 0 };

2
missing
View File

@@ -3,7 +3,7 @@
scriptversion=2003-09-02.23
# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003
# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003
# Free Software Foundation, Inc.
# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.

10
ncat/ChangeLog
View File

@@ -70,17 +70,17 @@ o Added an HTTP proxy server feature, which creates a simple forking HTTP proxy
o The SOCKSv4 proxy option is now specified by "--proxy-type socks4" instead
of --socks4-proxy. This option also now takes the username from --proxy-auth
rather than the previous user@host:port syntax. [Kris]
o The HTTP proxy option is now specified by "--proxy-type http" instead of
--http-proxy. Also, the HTTP CONNECT request now uses CRLF for the EOL
instead of just LF. [Kris]
o Removed the SOCKS proxy server support because it was broken, didn't have
any support for SOCKSv5, and we now have an HTTP proxy server for a similar
purpose. [Kris]
o Fixed --proxy-auth which always caused a segmentation fault. [Kris]
o Fixed an issue which commonly occurred when using --proxy-type socks4 and
when reading from a piped or redirected stdin. The problem was that Ncat
was sending the data read from stdin across the network before it was fully
@@ -213,7 +213,7 @@ o Added support for ASCII logging.
o Added support for hexdump logging.
o Various bits of code cleaned up.
o Various bits of code cleaned up.
Ncat 0.06

4
ncat/Makefile.in
View File

@@ -69,9 +69,9 @@ CPPFLAGS += $(DEFS) $(INCLS)
SHTOOL = ../shtool
# DESTDIR can be used by package maintainers to install Ncat under its
# DESTDIR can be used by package maintainers to install Ncat under its
# usual directory structure into a different tree.
DESTDIR =
DESTDIR =
SRCS = ncat_main.c ncat_connect.c ncat_core.c ncat_posix.c ncat_listen.c ncat_proxy.c ncat_ssl.c base64.c http.c util.c sys_wrap.c
OBJS = ncat_main.o ncat_connect.o ncat_core.o ncat_posix.o ncat_listen.o ncat_proxy.o ncat_ssl.o base64.o http.o util.o sys_wrap.o

16
ncat/configure.ac
View File

@@ -67,7 +67,7 @@ AC_SEARCH_LIBS(dlopen, dl)
if test "$use_openssl" = "yes" -a -z "$specialssldir" ; then
AC_CHECK_HEADER(openssl/ssl.h,,
[ use_openssl="no"
AC_MSG_WARN([Failed to find openssl/ssl.h so OpenSSL will not be used.
AC_MSG_WARN([Failed to find openssl/ssl.h so OpenSSL will not be used.
If it is installed you can try the --with-openssl=DIR argument]) ])
if test "$use_openssl" = "yes"; then
@@ -91,12 +91,12 @@ if test "$use_openssl" = "yes" -a -z "$specialssldir" ; then
AC_MSG_WARN([Failed to find libcrypto so OpenSSL will not be used.
If it is installed you can try the --with-openssl=DIR argument]) ])
fi
if test "$use_openssl" = "yes"; then
AC_CHECK_LIB(ssl, SSL_new,
[ use_openssl="yes"],
[ use_openssl="no"
AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used.
AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used.
If it is installed you can try the --with-openssl=DIR argument]) ],
[ -lcrypto ])
fi
@@ -213,7 +213,7 @@ requested_included_lua=no
no_lua=no
# First we test whether they specified liblua explicitly
AC_ARG_WITH(liblua,
AC_ARG_WITH(liblua,
AC_HELP_STRING([--with-liblua=DIR], [Use an existing (compiled) lua lib from DIR/include and DIR/lib.])
AC_HELP_STRING([--with-liblua=included], [Use the liblua version included with Nmap])
AC_HELP_STRING([--without-liblua], [Compile without lua (this will exclude all of NSE from compilation)]),
@@ -228,7 +228,7 @@ AC_HELP_STRING([--without-liblua], [Compile without lua (this will exclude all o
LUA_CLEAN="clean-lua"
LUA_DIST_CLEAN="distclean-lua"
have_lua="yes"
;;
no)
no_lua="yes"
@@ -253,7 +253,7 @@ if test "$no_lua" = "yes"; then
LUA_DIST_CLEAN=""
INSTALLNSE=""
else
else
# If they didn't specify it, we try to find it
if test $have_lua != yes; then
@@ -279,7 +279,7 @@ else
# if we didn't find we use our own
if test $have_lua != yes; then
AC_MSG_RESULT(no)
AC_MSG_RESULT(no)
CPPFLAGS="-I\$(top_srcdir)/$LIBLUADIR $CPPFLAGS"
LIBLUA_LIBS="\$(top_srcdir)/$LIBLUADIR/liblua.a"
LUA_DEPENDS="\$(top_srcdir)/$LIBLUADIR/liblua.a"
@@ -288,7 +288,7 @@ else
LUA_DIST_CLEAN="distclean-lua"
AC_DEFINE(LUA_INCLUDED)
else
AC_MSG_RESULT(yes)
AC_MSG_RESULT(yes)
fi
INSTALLNSE="install-nse"

16
ncat/docs/README
View File

@@ -1,9 +1,9 @@
. .
. .
\`-"'"-'/
} 6 6 {
==. Y ,==
} 6 6 {
==. Y ,==
/^^^\ .
/ \ )
/ \ )
( )-( )/ _
-""---""--- /
/ Ncat \_/
@@ -11,7 +11,7 @@
\_.=|____E
README for Ncat
README for Ncat
---------------
Ncat is a reimplementation of the currently splintered and reasonably
@@ -86,7 +86,7 @@ to have SOCKS support in the application.
This also begs the question of, "What would happen if you decided you wanted
to pass the --udp flag in to the above command somewhere?"
In this case, you would have a TCP to UDP "gender changer".
In this case, you would have a TCP to UDP "gender changer".
If you have an application that only makes only TCP connections, for example,
you could spawn a Ncat process to listen on a the applications TCP port and
@@ -106,8 +106,8 @@ A single IP address, of the format:
EG: 192.168.10.1
A CIDR-style IP address range, of the format:
ip.ip.ip.ip/cidr
ip.ip.ip.ip/cidr
EG: 192.168.10.0/24

6
ncat/docs/THANKS
View File

@@ -1,8 +1,8 @@
Ncat Acknowledgements
=====================
This file is a short rambling of various "thank-you"'s to all
the very generous support and advice received from various
This file is a short rambling of various "thank-you"'s to all
the very generous support and advice received from various
parties.
First and foremost: Thanks go out to Fyodor for all the support
@@ -23,7 +23,7 @@ Thanks to all the people who've submitted bug reports, given me
ideas, helped me test Ncat or just given me general encouragement
over the previous years. It is most appreciated.
Finally, thanks to Hobbit for writing the original Netcat; it still
Finally, thanks to Hobbit for writing the original Netcat; it still
rocks.
--Chris Gibson, <chris@linuxops.net>

2
ncat/docs/examples/ipaccess
View File

@@ -7,7 +7,7 @@
# able to access your newly spawned SOCKS4
# server.
#
# Obviously, these IP addresses are pretty
# Obviously, these IP addresses are pretty
# useless to most people. It is an example
# afterall. :)
#

2
ncat/docs/examples/scripts/README
View File

@@ -2,5 +2,5 @@ These are various scripts that demonstrate some
potential usage for Ncat.
If you find a neat usage for Ncat and possibly
write a few lines of code to automate something,
write a few lines of code to automate something,
then please email them over to Chris Gibson (chris@linuxops.net)

4
ncat/docs/examples/scripts/http-scan/README
View File

@@ -2,7 +2,7 @@ HTTP-SCAN with Ncat
~~~~~~~~~~~~~~~~~~~
This is a simple exercise that uses a small amount of
scripted automation that will throw out the banner
scripted automation that will throw out the banner
information of n number of hosts listed in the file "iplist".
Ncat uses the "get.request" HTTP header to get the newly
@@ -10,5 +10,5 @@ connected webserver to tell you about itself.
Usage: ./scan-example
Variables to change: None, but you may want to change "iplist"
Variables to change: None, but you may want to change "iplist"
to other more informative hosts.

2
ncat/docs/ncat.xml
View File

@@ -1024,7 +1024,7 @@
<para>Ncat is (C) 2005&ndash;2012 Insecure.Com LLC. It is distributed
as free and open source software under the same license terms as our
Nmap software. Precise terms and further details are available
Nmap software. Precise terms and further details are available
<man>from <ulink url="https://nmap.org/man/man-legal.html"/>.</man>
<notman>in <xref linkend="nmap-copyright"/>.</notman></para>
</refsect2>

4
ncat/docs/ncatguide.xml
View File

@@ -207,7 +207,7 @@ Content-Type: text/html; charset=UTF-8
which replaces any line endings you type with CRLF. CRLF line
endings are required by many protocols, including HTTP, though many servers will accept a plain newline (LF) character.
</para>
<para>
<userinput>GET / HTTP/1.0</userinput> requests the root document of
the server; we are retrieving the same document named by the URL
@@ -992,7 +992,7 @@ Protocol mismatch.
<option>--proxy-auth</option> to make the server require
authentication with a specific username and password.
</para>
<para>
For HTTP, both the Basic<indexterm><primary>Basic authentication (HTTP)</primary></indexterm>
and Digest<indexterm><primary>Digest authentication (HTTP)</primary></indexterm>

2
ncat/ncat_listen.c
View File

@@ -337,7 +337,7 @@ static int ncat_listen_stream(int proto)
/* We pass these temporary descriptor sets to fselect, since fselect
modifies the sets it receives. */
fd_set readfds = master_readfds, writefds = master_writefds;
if (o.debug > 1)
logdebug("selecting, fdmax %d\n", client_fdlist.fdmax);

20
nmap-os-db
View File

@@ -3004,7 +3004,7 @@ T7(R=Y%DF=N%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=FA-104%TG=FF%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(DFI=N%T=FA-104%TG=FF%CD=S)
# APC Network Management Card AOS v3.5.5
# APC Network Management Card AOS v3.5.5
# APC aos v3.3.4, Date: 01/05/2007
# APC UPS device with a AP9619 network management card installed. The full AOS version number on this device is 3.5.5.
Fingerprint APC Network Management Card (AOS 3.3.4 - 3.5.5)
@@ -17832,7 +17832,7 @@ T7(R=Y%DF=N%T=FB-105%TG=FF%W=0%S=A%A=S%F=AR%RD=0)
U1(DF=N%T=FB-105%TG=FF%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(DFI=S%T=FB-105%TG=FF%CD=S)
# Cisco c7200 router running in GNS3 on Windows XP
# Cisco c7200 router running in GNS3 on Windows XP
Fingerprint Cisco C7200 router (IOS 15)
Class Cisco | IOS | 15.X | router
CPE cpe:/h:cisco:catalyst_7200
@@ -23483,7 +23483,7 @@ T7(R=N)
U1(DF=N%T=7B-85%TG=80%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=N)
# EMC Celerra SAN
# EMC Celerra SAN
Fingerprint EMC Celerra NAS device
Class EMC | embedded || storage-misc
SEQ(SP=C-16%GCD=FA00|1F400|2EE00|3E800|4E200%ISR=97-A1%TI=RI%TS=1|3)
@@ -29969,7 +29969,7 @@ T7(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(DF=N%T=3B-45%TG=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(DFI=N%T=3B-45%TG=40%CD=S)
# HTC ONE, HTC Sense-version 5.0, Android 4.2.2, Kernel-version 3.4.10-g445d072
# HTC ONE, HTC Sense-version 5.0, Android 4.2.2, Kernel-version 3.4.10-g445d072
Fingerprint Android 4.2.2 (Linux 3.4)
Class Google | Android | 4.2.X | phone
CPE cpe:/o:google:android:4.2.2
@@ -43060,7 +43060,7 @@ T7(R=Y%DF=N%T=FA-104%TG=FF%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
U1(DF=N%T=FA-104%TG=FF%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(DFI=N%T=FA-104%TG=FF%CD=S)
# Red Hat Linux 6.2 (Zoot) running 2.2.14-5 kernel
# Red Hat Linux 6.2 (Zoot) running 2.2.14-5 kernel
Fingerprint Linux 2.2.14 (Red Hat 6.2)
Class Linux | Linux | 2.2.X | general purpose
CPE cpe:/o:linux:linux_kernel:2.2.14
@@ -44208,7 +44208,7 @@ IE(DFI=N%T=3B-45%TG=40%CD=S)
# NetGear WG302 v1 Wireless Access Point
# DWL-G700AP, Firmware Version: v2.12
# Terayon BW3500 CMTS equipment
# Red Hat Linux 7.2 (Enigma), running 2.4.7-10 kernel
# Red Hat Linux 7.2 (Enigma), running 2.4.7-10 kernel
Fingerprint Linux 2.4.7
Class Linux | Linux | 2.4.X | general purpose
CPE cpe:/o:linux:linux_kernel:2.4.7
@@ -75909,7 +75909,7 @@ IE(DFI=S%T=7B-85%TG=80%CD=Z)
# Windows 5.1 (Build 2600.xpsp_sp3_gdr.090804-1435 : Service Pack 3)
# AT&T Uverse home DVR
# AT&T U-Verse Motorola set top boxes
# AT&T U-Verse Motorola set top boxes
# Media Receiver 300, Vendor: T-Home (Germany), CE 5.0
# XP64 with all available Windows updates
Fingerprint AT&T U-Verse set-top box (Windows CE 5.0)
@@ -83598,7 +83598,7 @@ T7(R=N)
U1(DF=N%T=FA-104%TG=FF%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(DFI=N%T=FA-104%TG=FF%CD=S)
#
#
Fingerprint NetApp FAS2040 NAS device (Data ONTAP)
Class NetApp | Data ONTAP | 7.X | storage-misc
CPE cpe:/o:netapp:data_ontap:7 auto
@@ -89943,7 +89943,7 @@ IE(DFI=N%T=3B-45%TG=40%CD=S)
# QNAP TS-859 running QTS 4.0.3
# QNAP TS-439 running QTS 4.0.7, TS-439 is an oldish NAS appliance.
# QTS 4.2.0
# QTS 4.2.0
Fingerprint QNAP QTS 4.0 - 4.2
Class QNAP | QTS | 4.X | storage-misc
CPE cpe:/o:qnap:qts:4 auto
@@ -91946,7 +91946,7 @@ T7(R=Y%DF=N%T=FA-104%TG=FF%W=0%S=Z%A=S+%F=R%RD=0)
U1(DF=N%T=3B-45%TG=40%IPL=138%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(DFI=S%T=3B-45%TG=40%CD=Z)
# Samsung i8910 HD phone, running Symbian 9.4, S60 5th Edition.
# Samsung i8910 HD phone, running Symbian 9.4, S60 5th Edition.
Fingerprint Samsung i8910 mobile phone (Symbian OS 9.4)
Class Samsung | Symbian OS | 9.X | phone
CPE cpe:/o:samsung:symbian_os:9.4 auto

2
nmap-payloads
View File

@@ -71,7 +71,7 @@ udp 161
udp 177 "\x00\x01\x00\x02\x00\x01\x00"
# Connectionless LDAP - used by Microsoft Active Directory
udp 389
udp 389
"\x30\x84\x00\x00\x00\x2d\x02\x01\x07\x63\x84\x00\x00\x00\x24\x04\x00"
"\x0a\x01\x00\x0a\x01\x00\x02\x01\x00\x02\x01\x64\x01\x01\x00\x87\x0b"
"\x6f\x62\x6a\x65\x63\x74\x43\x6c\x61\x73\x73\x30\x84\x00\x00\x00\x00"

20
nmap-rpc
View File

@@ -96,16 +96,16 @@
#
#
# Program numbers are assigned in groups of 0x20000000 (decimal 536870912)
# according to the following chart:
# according to the following chart:
#
# 0x0 - 0x1fffffff Defined by IANA
# 0x20000000 - 0x3fffffff Defined by user
# 0x40000000 - 0x5fffffff Transient
# 0x60000000 - 0x7fffffff Reserved
# 0x80000000 - 0x9fffffff Reserved
# 0xa0000000 - 0xbfffffff Reserved
# 0xc0000000 - 0xdfffffff Reserved
# 0xe0000000 - 0xffffffff Reserved
# 0x20000000 - 0x3fffffff Defined by user
# 0x40000000 - 0x5fffffff Transient
# 0x60000000 - 0x7fffffff Reserved
# 0x80000000 - 0x9fffffff Reserved
# 0xa0000000 - 0xbfffffff Reserved
# 0xc0000000 - 0xdfffffff Reserved
# 0xe0000000 - 0xffffffff Reserved
#
# To obtain SUN Remote Procedure Call (RPC) numbers send an e-mail
# request to "rpc@sun.com".
@@ -683,7 +683,7 @@ bl_hwda 300296
filemon 300300
#
# AcuServer provides remote file access services to ACUCOBOL-85 and
# ACUCOBOL-GT applications.
# ACUCOBOL-GT applications.
#
acuserve 300301 acunetprog
#
@@ -1562,7 +1562,7 @@ ife-dbmgr 395172
ife-testmgr 395173
atrium_server 395174
#
# Compaq TruCluster - Available Server Environment
# Compaq TruCluster - Available Server Environment
#
asedirector 395175 asedirector ase_director # ASE Director Daemon
aseagent 395176 aseagent ase_agent # ASE Agent Daemon

2
nmap.cc
View File

@@ -2737,7 +2737,7 @@ static void display_nmap_version() {
#else
without.push_back("libz");
#endif
#ifdef PCRE_INCLUDED
with.push_back(std::string("nmap-libpcre-") + get_word_or_quote(pcre_version(), 0));
#else

4
nmap.spec.in
View File

@@ -85,7 +85,7 @@ gzip $RPM_BUILD_ROOT%{_mandir}/man1/* || :
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%files
%files
%defattr(-,root,root)
%doc COPYING
%doc docs/README
@@ -96,7 +96,7 @@ gzip $RPM_BUILD_ROOT%{_mandir}/man1/* || :
%{_datadir}/nmap
%{_bindir}/ndiff
# Ndiff is now a module and has e.g. /usr/lib/python2.4/site-packages/ndiff.py, /usr/lib/python2.4/site-packages/ndiff.pyc
# Ndiff is now a module and has e.g. /usr/lib/python2.4/site-packages/ndiff.py, /usr/lib/python2.4/site-packages/ndiff.pyc
%{python_sitelib}/ndiff*
%doc %{_prefix}/share/man/man1/ndiff.1.gz

4
nselib/data/favicon-db
View File

@@ -85,7 +85,7 @@ FA339F101F0C0D65EE46CB96A06C8F45: Sidearm athletics CMS
# 68B329DA9893E34099C7D8AD5CB9C940: newline
AF999538CD3D4D0370F3EA92E0A6070F: H-Sphere Control Panel
10BD6AD7B318DF92D9E9BD03104D9B80: Plone CMS
A34DEA4BD04BDB816BEA176619C29063: Parallels Confixx Control Panel
A34DEA4BD04BDB816BEA176619C29063: Parallels Confixx Control Panel
EC49973C1991BF39FCDB53260467F39F: Parallels Control Panel
292B586171617B56E77EE694485B1052: hover domain forwarding
4644F2D45601037B8423D45E13194C93: Apache Tomcat
@@ -106,6 +106,6 @@ A8FE5B8AE2C445A33AC41B33CCC9A120: Arris Touchstone Device
70625A6E60529A85CC51AD7DA2D5580D: sslstrip
B4EF6B5F343C8DF8FEA454C04B2FD614: Sourcefire http admin
# Cakephp's favicon.ico
# Cakephp's favicon.ico
C0533AE5D0ED638BA3FB3485D8250A28: CakePHP 1.1.x application
66B3119D379AEE26BA668FEF49188DD3: CakePHP 1.2.x-1.3.x Application

20
nselib/data/jdwp-class/JDWPExecCmd.java
View File

@@ -1,27 +1,27 @@
import java.io.*;
/* This is the JDWPExecCmd source used for jdwp-exec script to execute
* a command on the remote system.
/* This is the JDWPExecCmd source used for jdwp-exec script to execute
* a command on the remote system.
*
* It just executes the shell command passed as string argument to
* run() function and returns its output.
*
*
* Compile simply with:
* javac JDWPExecCmd.java (should be in the nselib/data/ directory).
*
* author = "Aleksandar Nikolic"
* author = "Aleksandar Nikolic"
* license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
*/
public class JDWPExecCmd {
public static String run(String cmd) {
String result = cmd + " output:\n";
String result = cmd + " output:\n";
try{
Process p = Runtime.getRuntime().exec(cmd);
BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line = null;
while ((line = in.readLine()) != null) {
result += line.trim()+"\n";
Process p = Runtime.getRuntime().exec(cmd);
BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line = null;
while ((line = in.readLine()) != null) {
result += line.trim()+"\n";
}
result += "\n";
}catch(Exception ex){

22
nselib/data/jdwp-class/JDWPSystemInfo.java
View File

@@ -1,18 +1,18 @@
import java.io.*;
import java.util.Date;
/* This is the JDWPSystemInfo source used for jdwp-info script to get remote
/* This is the JDWPSystemInfo source used for jdwp-info script to get remote
* system information.
*
* Compile simply with:
* javac JDWPSystemInfo.java (should be in the nselib/data/jdwp-class directory).
*
* author = "Aleksandar Nikolic"
* author = "Aleksandar Nikolic"
* license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
*/
public class JDWPSystemInfo {
public static String run() {
String result = "";
String result = "";
result += "Available processors: " + Runtime.getRuntime().availableProcessors() + "\n";
result += "Free memory: " + Runtime.getRuntime().freeMemory() + "\n";
File[] roots = File.listRoots();
@@ -24,18 +24,18 @@ public class JDWPSystemInfo {
result += "Name of the OS: " + System.getProperty("os.name") + "\n";
result += "OS Version : " + System.getProperty("os.version") + "\n";
result += "OS patch level : " + System.getProperty("sun.os.patch.level") + "\n";
result += "OS Architecture: " + System.getProperty("os.arch") + "\n";
result += "Java version: " + System.getProperty("java.version") + "\n";
result += "Username: " + System.getProperty("user.name") + "\n";
result += "User home: " + System.getProperty("user.home") + "\n";
result += "OS Architecture: " + System.getProperty("os.arch") + "\n";
result += "Java version: " + System.getProperty("java.version") + "\n";
result += "Username: " + System.getProperty("user.name") + "\n";
result += "User home: " + System.getProperty("user.home") + "\n";
Date dateNow = new Date();
result += "System time: " + dateNow + "\n";
result += "System time: " + dateNow + "\n";
return result;
}
public static void main(String[] args){
System.out.println(run());
}
}

14
nselib/data/jdwp-class/README.txt
View File

@@ -1,12 +1,12 @@
This directory contains sources and compiled classes
used by jdwp-* scripts.
All classes must have run() method defined which is
expected to return a string.
All classes must have run() method defined which is
expected to return a string.
Method run() can have arguments, but then the scripts
would need to be modified to add those arguments when
class is injected. As JDWPExecCmd has a run() method
which accepts a string as its argument, see
which accepts a string as its argument, see
jdwp-exec script for details of passing the
arguments to a method via JDWP.
Arguments need to be tagged with their respective type.
@@ -17,10 +17,10 @@ Example from jdwp-exec:
status,cmdID = jdwp.createString(socket,0,cmd)
local runArgs = bin.pack(">CL",0x4c,cmdID) -- 0x4c is object type tag
-- invoke run method
local result
status, result = jdwp.invokeObjectMethod(socket,0,injectedClass.instance,injectedClass.thread,injectedClass.id,runMethodID,1,runArgs)
local result
status, result = jdwp.invokeObjectMethod(socket,0,injectedClass.instance,injectedClass.thread,injectedClass.id,runMethodID,1,runArgs)
To compile these sources:
# javac *.java
# javac *.java

18
nselib/data/psexec/README
View File

@@ -1,22 +1,22 @@
The files in this directory are the data files required for smb-psexec.nse.
The files in this directory are the data files required for smb-psexec.nse.
The .lua files are configurations. Each of these defines a profile for a
psexec execution.
The .lua files are configurations. Each of these defines a profile for a
psexec execution.
nmap_service.exe is a program that facilitates the operation of smb-psexec.nse.
nmap_service.exe is a program that facilitates the operation of smb-psexec.nse.
It is uploaded to the remote host and runs the programs it's directed to run,
redirecting their output to a file. This file is then downloaded by the
script and displayed to the user.
redirecting their output to a file. This file is then downloaded by the
script and displayed to the user.
When Nmap released version 5.20, it was discovered that some over-zealous
antivirus software tagged this program as spyware[1]. For that reason, when
stored on the host machine, it is now encoded by xoring every byte of the
file with 0xFF. When uploaded to a target machine, it is decoded in-stream.
file with 0xFF. When uploaded to a target machine, it is decoded in-stream.
This prevents programs on the host machine from tagging it as malicious, but
does not prevent the target from detecting it (which is arguably a good thing).
does not prevent the target from detecting it (which is arguably a good thing).
The encoder.c program reads a program from stdin, encodes it by xoring with
0xFF, and writes it to stdout.
0xFF, and writes it to stdout.
[1] http://seclists.org/nmap-dev/2010/q1/198

86
nselib/data/psexec/nmap_service.c
View File

@@ -1,28 +1,28 @@
/**This is the program that's uploaded to a Windows machine when psexec is run. It acts as a Windows
* service, since that's what Windows expects. When it is started, it's passed a list of programs to
* run. These programs are all expected to be at the indicated path (whether they were uploaded or
* they were always present makes no difference).
*
* run. These programs are all expected to be at the indicated path (whether they were uploaded or
* they were always present makes no difference).
*
* After running the programs, the output from each of them is ciphered with a simple xor encryption
* (the encryption key is passed as a parameter; because it crosses the wire, it isn't really a
* (the encryption key is passed as a parameter; because it crosses the wire, it isn't really a
* security feature, more of validation/obfuscation to prevent sniffers from grabbing the output. This
* output is placed in a temp file. When the cipher is complete, the output is moved into a new file.
* output is placed in a temp file. When the cipher is complete, the output is moved into a new file.
* When Nmap detects the presence of this new file, it is downloaded, then all files, temp files, and
* the service (this program) is deleted.
* the service (this program) is deleted.
*
* One interesting note is that executable files don't require a specific extension to be used by this
* program. By default, at the time of this writing, Nmap appends a .txt extension to the file.
* program. By default, at the time of this writing, Nmap appends a .txt extension to the file.
*
* @args argv[1] The final filename where the ciphered output will go.
* @args argv[1] The final filename where the ciphered output will go.
* @args argv[2] The temporary file where output is sent before being renamed; this is sent as a parameter
* so we can delete it later (if, say, the script fails).
* so we can delete it later (if, say, the script fails).
* @args argv[3] The number of programs that are going to be run.
* @args argv[4] Logging: a boolean value (1 to enable logging, 0 to disable).
* @args argv[4] Logging: a boolean value (1 to enable logging, 0 to disable).
* @args argv[5] An 'encryption' key for simple 'xor' encryption. This string can be as long or as short
* as you want, but a longer string will be more secure (although this algorithm should
* as you want, but a longer string will be more secure (although this algorithm should
* *never* really be considered secure).
* @args Remaining There are two arguments for each program to run: a path (including arguments) and
* environmental variables.
* @args Remaining There are two arguments for each program to run: a path (including arguments) and
* environmental variables.
*
* @auther Ron Bowes
* @copyright Ron Bowes
@@ -49,7 +49,7 @@ static void log_message(char *format, ...)
enabled = 0;
DeleteFile("c:\\nmap-log.txt");
}
if(enabled)
{
@@ -58,7 +58,7 @@ static void log_message(char *format, ...)
fopen_s(&file, "c:\\nmap-log.txt", "a");
if(file != NULL)
if(file != NULL)
{
va_start(argp, format);
vfprintf(file, format, argp);
@@ -198,7 +198,7 @@ static void go(int num, char *lpAppPath, char *env, int headless, int include_st
{
char buf[1024];
int count;
count = fread(buf, 1, 1024, read);
while(count)
{
@@ -220,28 +220,28 @@ static void go(int num, char *lpAppPath, char *env, int headless, int include_st
}
// Control handler function
static void ControlHandler(DWORD request)
{
switch(request)
{
case SERVICE_CONTROL_STOP:
static void ControlHandler(DWORD request)
{
switch(request)
{
case SERVICE_CONTROL_STOP:
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCurrentState = SERVICE_STOPPED;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCurrentState = SERVICE_STOPPED;
SetServiceStatus (hStatus, &ServiceStatus);
return;
case SERVICE_CONTROL_SHUTDOWN:
return;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCurrentState = SERVICE_STOPPED;
case SERVICE_CONTROL_SHUTDOWN:
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCurrentState = SERVICE_STOPPED;
SetServiceStatus (hStatus, &ServiceStatus);
return;
return;
default:
break;
}
}
SetServiceStatus(hStatus, &ServiceStatus);
}
@@ -255,7 +255,7 @@ static void die(int err)
SetServiceStatus(hStatus, &ServiceStatus);
}
static void ServiceMain(int argc, char** argv)
static void ServiceMain(int argc, char** argv)
{
char *outfile_name;
char *tempfile_name;
@@ -267,7 +267,7 @@ static void ServiceMain(int argc, char** argv)
/* Make sure we got the minimum number of arguments. */
if(argc < 6)
return;
return;
/* Read the arguments. */
outfile_name = argv[1];
@@ -293,22 +293,22 @@ static void ServiceMain(int argc, char** argv)
log_message("Argument %d: %s", i, argv[i]);
/* Set up the service. Likely unnecessary for what we're doing, but it doesn't hurt. */
ServiceStatus.dwServiceType = SERVICE_WIN32;
ServiceStatus.dwCurrentState = SERVICE_RUNNING;
ServiceStatus.dwServiceType = SERVICE_WIN32;
ServiceStatus.dwCurrentState = SERVICE_RUNNING;
ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwServiceSpecificExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
hStatus = RegisterServiceCtrlHandler("", (LPHANDLER_FUNCTION)ControlHandler);
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwServiceSpecificExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
hStatus = RegisterServiceCtrlHandler("", (LPHANDLER_FUNCTION)ControlHandler);
SetServiceStatus(hStatus, &ServiceStatus);
/* Registering Control Handler failed (this is a bit late, but eh?) */
if(hStatus == (SERVICE_STATUS_HANDLE)0)
if(hStatus == (SERVICE_STATUS_HANDLE)0)
{
log_message("Service failed to start");
die(-1);
return;
return;
}
/* Set the current directory. */

2
nselib/http.lua
View File

@@ -2746,7 +2746,7 @@ function save_path(host, port, path, status, links_to, linked_from, contenttype)
-- contains both query and fragment
parsed['raw_querystring'] = parsed['query']
if parsed['fragment'] then
parsed['raw_querystring'] = ( parsed['raw_querystring'] or "" ) .. '#' .. parsed['fragment']
end

12
nselib/libssh2.luadoc
View File

@@ -30,7 +30,7 @@ function hostkey_hash(session, hashtype)
--- Sets timeout of libssh2 session
-- @param session Connected libssh2 session.
-- @param timeout Timeout for session in milliseconds.
-- @param timeout Timeout for session in milliseconds.
function set_timeout(session, timeout)
--- Returns list of authentication methods supported by the server
@@ -41,7 +41,7 @@ function userauth_list(session)
--- Attempts to authenicate libssh2 session using provided credentials
-- @param username Username to authenicate as.
-- @param password Password to authenicate with.
-- @return true/false, depending on success
-- @return true/false, depending on success
function userauth_password(session, username, password)
--- Attempts to authenticate libssh2 session using provided publickey
@@ -49,7 +49,7 @@ function userauth_password(session, username, password)
-- @param username Username to authenicate as
-- @param privatekeyfile File containing privatekey
-- @param passphrase Passphrase for privatekey
-- @param publickeyfile File containing publickey. Not necessary if libssh2 is
-- @param publickeyfile File containing publickey. Not necessary if libssh2 is
-- compiled against OpenSSL
-- @return true/false, depending on success
function userauth_publickey(session, username, privatekeyfile, passphrase publickeyfile)
@@ -67,7 +67,7 @@ function read_publickey(publickeyfile)
-- @return true/false, depending on whether user can authenticate with given key
function publickey_canauth(session, username, publickeydata)
--- Opens channel on authenticated ssh2 session and sets it to pseudo
--- Opens channel on authenticated ssh2 session and sets it to pseudo
-- terminal mode.
-- @param session Authenticated libssh2 session
-- @return libssh2 channel
@@ -76,7 +76,7 @@ function open_channel(session)
--- Reads data from stdin on libssh2 channel.
-- @param session Authenticated libssh2 session
-- @param channel Open libssh2 channel
-- @return string containing data read from channel
-- @return string containing data read from channel
function channel_read(session, channel)
--- Reads data from stderr on libssh2 channel.
@@ -89,7 +89,7 @@ function channel_read_stderr(session, channel)
-- @param session Authenticated libssh2 session
-- @param channel Open libssh2 channel
-- @param buffer String containing data to be written
-- @return Number of bytes written to channel
-- @return Number of bytes written to channel
function channel_write(session, channel, buffer)
--- Executes command on libssh2 channel and returns output

2
nselib/msrpc.lua
View File

@@ -4710,7 +4710,7 @@ function get_share_info(host, name)
end
-- Call NetShareGetInfo
local status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 2)
stdnse.debug2("NetShareGetInfo status:%s result:%s", status, netsharegetinfo_result)
if(status == false) then

10
nselib/smb.lua
View File

@@ -945,7 +945,7 @@ end
---
-- Negotiates SMBv1 connections
--
--
-- Sends the following:
-- * List of known protocols
--
@@ -1121,7 +1121,7 @@ function negotiate_protocol(smb, overrides)
status, dialect = negotiate_v1(smb, overrides)
if status then
return true
else
else
stdnse.debug1("Couldn't negotiate a SMBv1 connection:%s", dialect)
return false, string.format("Could not negotiate a connection:%s", dialect)
end
@@ -1137,7 +1137,7 @@ end
function list_dialects(host, overrides)
local smb2_dialects = {0x0202, 0x0210, 0x0300, 0x0302, 0x0311}
local supported_dialects = {}
local status, smb1_dialects
local status, smb1_dialects
local smbstate
-- Check for SMBv1 first
@@ -1146,7 +1146,7 @@ function list_dialects(host, overrides)
if(status == false) then
return false, smbstate
end
status, smb1_dialects = negotiate_v1(smbstate, overrides)
if status then --Add SMBv1 as a dialect
table.insert(supported_dialects, smb1_dialects)
@@ -1172,7 +1172,7 @@ function list_dialects(host, overrides)
--clean smb connection
stop(smbstate)
status = false
end
end
return true, supported_dialects
end

2
nsock/examples/Makefile
View File

@@ -1,6 +1,6 @@
CC = gcc
CCOPT =
DEFS =
DEFS =
NBASEDIR=../../nbase
NSOCKLIB=../src/libnsock.a
NBASELIB=$(NBASEDIR)/libnbase.a

10
nsock/src/Makefile.in
View File

@@ -10,7 +10,7 @@ datarootdir = @datarootdir@
CC = @CC@
AR = ar
RANLIB = @RANLIB@
CCOPT =
CCOPT =
DEFS = @DEFS@ -DNSOCK_VERSION=\"$(NSOCK_VERSION)\"
# With GCC, add extra security checks to source code.
DEFS += -D_FORTIFY_SOURCE=2
@@ -18,9 +18,9 @@ INCLS = -I../include
CFLAGS = @CFLAGS@ $(CCOPT)
# CFLAGS = -g -Wall $(DEFS) $(INCLS)
CPPFLAGS = @CPPFLAGS@ $(DEFS) $(INCLS)
STATIC =
STATIC =
SHTOOL = ./shtool
INSTALL = $(SHTOOL) install
INSTALL = $(SHTOOL) install
MAKEDEPEND = @MAKEDEPEND@
RPMTDIR=$(HOME)/rpmdir
NBASEDIR=@NBASEDIR@
@@ -47,7 +47,7 @@ DEPS = error.h filespace.h gh_list.h nsock_internal.h netutils.h nsock_pcap.h \
.c.o:
$(CC) -c $(CPPFLAGS) $(CFLAGS) $< -o $@
all: $(TARGET)
all: $(TARGET)
$(TARGET): $(DEPS) $(OBJS)
rm -f $@
@@ -72,7 +72,7 @@ depend:
check:
cd $(NSOCKTESTDIR) && $(MAKE) && ./run_tests.sh
${srcdir}/configure: configure.ac
${srcdir}/configure: configure.ac
cd ${srcdir} && autoconf
# autoheader might not change config.h.in, so touch a stamp file.

2
nsock/src/configure.ac
View File

@@ -48,7 +48,7 @@ case "$host" in
# Solaris 11 and later use BPF packet capture rather than DLPI.
AC_DEFINE(SOLARIS_BPF_PCAP_CAPTURE)
;;
*-solaris2.0*)
*-solaris2.0*)
AC_DEFINE(SOLARIS)
;;
*-solaris2.[[1-9]][[0-9]]*)

4
nsock/src/engine_iocp.c
View File

@@ -344,7 +344,7 @@ int iocp_loop(struct npool *nsp, int msec_timeout) {
nsock_log_error("nsock_loop error %d: %s", sock_err, socket_strerror(sock_err));
nsp->errnum = sock_err;
return -1;
}
}
}
iterate_through_event_lists(nsp);
@@ -379,7 +379,7 @@ void iterate_through_event_lists(struct npool *nsp) {
if (!HasOverlappedIoCompleted((OVERLAPPED *)iinfo->eov))
continue;
struct niod *nsi = iinfo->eov->nse->iod;
struct nevent *nse = iinfo->eov->nse;
gh_list_t *evlist = NULL;

2
nsock/src/nsock_internal.h
View File

@@ -361,7 +361,7 @@ struct nevent {
* that other crap */
unsigned int event_done: 1;
unsigned int eof: 1;
#if HAVE_IOCP
struct extended_overlapped *eov;
#endif

2
nsock/src/nsock_iod.c
View File

@@ -68,7 +68,7 @@
#endif
#include <string.h>
/* nsock_iod is like a "file descriptor" for the nsock library. You use it to
* request events. And here is how you create an nsock_iod. nsock_iod_new returns

2
nsock/src/nsock_proxy.h
View File

@@ -124,7 +124,7 @@ struct proxy_chain_context {
/* Nodes iterator in px_chain->nodes */
struct proxy_node *px_current;
/* Current node connection state. */
enum nsock_proxy_state px_state;

2
nsock/src/nsock_timers.c
View File

@@ -74,7 +74,7 @@ nsock_event_id nsock_timer_create(nsock_pool ms_pool, nsock_ev_handler handler,
nse->id);
nsock_pool_add_event(nsp, nse);
return nse->id;
}

4
output.cc
View File

@@ -718,7 +718,7 @@ void printportoutput(Target *currenths, PortList *plist) {
first = 0;
if (o.reason) {
if (current->reason.ttl)
Tbl->addItemFormatted(rowno, reasoncol, false, "%s ttl %d",
Tbl->addItemFormatted(rowno, reasoncol, false, "%s ttl %d",
port_reason_str(current->reason), current->reason.ttl);
else
Tbl->addItem(rowno, reasoncol, true, port_reason_str(current->reason));
@@ -783,7 +783,7 @@ void printportoutput(Target *currenths, PortList *plist) {
Tbl->addItem(rowno, servicecol, true, serviceinfo);
if (o.reason) {
if (current->reason.ttl)
Tbl->addItemFormatted(rowno, reasoncol, false, "%s ttl %d",
Tbl->addItemFormatted(rowno, reasoncol, false, "%s ttl %d",
port_reason_str(current->reason), current->reason.ttl);
else
Tbl->addItem(rowno, reasoncol, true, port_reason_str(current->reason));

2
scan_engine.cc
View File

@@ -782,7 +782,7 @@ UltraScanInfo::~UltraScanInfo() {
for (hostI = completedHosts.begin(); hostI != completedHosts.end(); hostI++) {
delete *hostI;
}
incompleteHosts.clear();
completedHosts.clear();

48
scripts/http-security-headers.nse
View File

@@ -7,7 +7,7 @@ local string = require "string"
description = [[
Checks for the HTTP response headers related to security given in OWASP Secure Headers Project
and gives a brief description of the header and its configuration value.
The script requests the server for the header with http.head and parses it to list headers founds with their
configurations. The script checks for HSTS(HTTP Strict Transport Security), HPKP(HTTP Public Key Pins),
X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Content-Security-Policy,
@@ -24,31 +24,31 @@ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
--
-- @output
-- 80/tcp open http syn-ack
-- | http-security-headers:
-- | Strict_Transport_Security:
-- | http-security-headers:
-- | Strict_Transport_Security:
-- | Header: Strict-Transport-Security: max-age=15552000; preload
-- | Public_Key_Pins_Report_Only:
-- | Public_Key_Pins_Report_Only:
-- | Header: Public-Key-Pins-Report-Only: max-age=500; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/"
-- | X_Frame_Options:
-- | X_Frame_Options:
-- | Header: X-Frame-Options: DENY
-- | Description: The browser must not display this content in any frame.
-- | X_XSS_Protection:
-- | X_XSS_Protection:
-- | Header: X-XSS-Protection: 0
-- | Description: The XSS filter is disabled.
-- | X_Content_Type_Options:
-- | X_Content_Type_Options:
-- | Header: X-Content-Type-Options: nosniff
-- | Will prevent the browser from MIME-sniffing a response away from the declared content-type.
-- | Will prevent the browser from MIME-sniffing a response away from the declared content-type.
-- | Content-Security-Policy:
-- | Header: Content-Security-Policy: script-src 'self'
-- | Description: Loading policy for all resources type in case of a resource type dedicated directive is not defined (fallback).
-- | X-Permitted-Cross-Domain-Policies:
-- | Header: X-Permitted-Cross-Domain-Policies: none
-- | Description : No policy files are allowed anywhere on the target server, including this master policy file.
-- | Cache_Control:
-- | Header: X-Permitted-Cross-Domain-Policies: none
-- | Description : No policy files are allowed anywhere on the target server, including this master policy file.
-- | Cache_Control:
-- | Header: Cache-Control: private, no-cache, no-store, must-revalidate
-- | Pragma:
-- | Pragma:
-- | Header: Pragma: no-cache
-- | Expires:
-- | Expires:
-- |_ Header: Expires: Sat, 01 Jan 2000 00:00:00 GMT
--
--
@@ -104,14 +104,14 @@ action = function(host, port)
local path = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/"
local response
local output_info = {}
local hsts_header
local hpkp_header
local xframe_header
local x_xss_header
local x_content_type_header
local hsts_header
local hpkp_header
local xframe_header
local x_xss_header
local x_content_type_header
local csp_header
local x_cross_domain_header
local cookie
local x_cross_domain_header
local cookie
local req_opt = {redirect_ok=function(host,port)
local c = 2
return function(uri)
@@ -153,7 +153,7 @@ action = function(host, port)
xframe_header = string.lower(response.header['x-frame-options'])
if string.match(xframe_header,'deny') then
table.insert(output_info.X_Frame_Options, "Description: The browser must not display this content in any frame.")
elseif string.match(xframe_header,'sameorigin') then
elseif string.match(xframe_header,'sameorigin') then
table.insert(output_info.X_Frame_Options, "Description: The browser must not display this content in any frame from a page of different origin than the content itself.")
elseif string.match(xframe_header,'allow.from') then
table.insert(output_info.X_Frame_Options, "Description: The browser must not display this content in a frame from any page with a top-level browsing context of different origin than the specified origin.")
@@ -168,7 +168,7 @@ action = function(host, port)
x_xss_header = string.lower(response.header['x-xss-protection'])
if string.match(x_xss_header,'block') then
table.insert(output_info.X_XSS_Protection, "Description: The browser will prevent the rendering of the page when XSS is detected.")
elseif string.match(x_xss_header,'report') then
elseif string.match(x_xss_header,'report') then
table.insert(output_info.X_XSS_Protection, "Description: The browser will sanitize the page and report the violation if XSS is detected.")
elseif string.match(x_xss_header,'0') then
table.insert(output_info.X_XSS_Protection, "Description: The XSS filter is disabled.")
@@ -261,13 +261,13 @@ action = function(host, port)
if string.match(csp_header,'report.to') then
table.insert(output_info.Content_Security_Policy, "Description: Specifies a group (defined in Report-To header) to which the user agent sends reports about policy violation. ")
end
end
if response.header['x-permitted-cross-domain-policies'] then
output_info.X_Permitted_Cross_Domain_Policies = {}
table.insert(output_info.X_Permitted_Cross_Domain_Policies, "Header: X-Permitted-Cross-Domain-Policies: " .. response.header['x-permitted-cross-domain-policies'])
x_cross_domain_header = string.lower(response.header['x-permitted-cross-domain-policies'])
if string.match(x_cross_domain_header,'none') then
table.insert(output_info.X_Permitted_Cross_Domain_Policies, "Description: No policy files are allowed anywhere on the target server, including this master policy file. ")

14
scripts/http-vuln-cve2017-5689.nse
View File

@@ -1,8 +1,8 @@
description = [[
Detects if a system with Intel Active Management Technology is vulnerable to the INTEL-SA-00075
Detects if a system with Intel Active Management Technology is vulnerable to the INTEL-SA-00075
privilege escalation vulnerability (CVE2017-5689).
This script determines if a target is vulnerable by attempting to perform digest authentication
This script determines if a target is vulnerable by attempting to perform digest authentication
with a blank response parameter. If the authentication succeeds, a HTTP 200 response is received.
References:
@@ -53,7 +53,7 @@ local stdnse = require "stdnse"
-- <elem key="CVSSv2">10.0 (HIGH) (AV:N/AC:L/AU:N/C:C/I:C/A:C)</elem>
-- </table>
-- <table key="description">
-- <elem>Intel Active Management Technology is vulnerable to an authentication bypass that&#xa;can be
-- <elem>Intel Active Management Technology is vulnerable to an authentication bypass that&#xa;can be
-- exploited by performing digest authentication and sending a blank response&#xa;digest parameter.&#xa;
-- </elem>
-- </table>
@@ -108,11 +108,11 @@ digest parameter.
local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
local response = http.get(host, port, '/index.htm')
if response.header['server'] and response.header['server']:find('Intel(R)', 1, true)
if response.header['server'] and response.header['server']:find('Intel(R)', 1, true)
and response.status and response.status == 401 then
local www_authenticate = http.parse_www_authenticate(response.header['www-authenticate'])
if www_authenticate[1]['params'] and www_authenticate[1]['params']['realm'] and www_authenticate[1]['params']['nonce'] then
local auth_header = string.format("Digest username=\"admin\", realm=\"%s\", nonce=\"%s\", uri=\"index.htm\"," ..
if www_authenticate[1]['params'] and www_authenticate[1]['params']['realm'] and www_authenticate[1]['params']['nonce'] then
local auth_header = string.format("Digest username=\"admin\", realm=\"%s\", nonce=\"%s\", uri=\"index.htm\"," ..
"cnonce=\"%s\", nc=1, qop=\"auth\", response=\"\"", www_authenticate[1]['params']['realm'],
www_authenticate[1]['params']['nonce'], stdnse.generate_random_string(10))
local opt = { header = { ['Authorization'] = auth_header } }
@@ -121,7 +121,7 @@ digest parameter.
vuln.state = vulns.STATE.VULN
end
end
end
end
return vuln_report:make_output(vuln)
end

4
scripts/smb2-time.nse
View File

@@ -11,10 +11,10 @@ Attempts to obtain the current system date and the start date of a SMB2 server.
--
-- @output
-- Host script results:
-- | smb2-time:
-- | smb2-time:
-- | date: 2017-07-28 03:06:34
-- |_ start_date: 2017-07-20 09:29:49
--
--
-- @xmloutput
-- <elem key="date">2017-07-28 03:07:57</elem>
-- <elem key="start_date">2017-07-20 09:29:49</elem>