PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-02-06 05:26:34 +00:00
Code Issues Projects Releases Wiki Activity

Normalize NSEDoc documentation of scripts.

Browse Source 
I made every script follow a standard form: it starts with the id, followed by
the description. The description is contained in [[ ]] delimiters. The
description is in the global description variable, not in a LuaDoc comment.
Other LuaDoc information such as @args and @usage follows the description in a
comment.

The first paragraph of each description is a a short summary of what the script
does. More detailed information, if any, is given in following paragraphs.

I also improved some wording and formatting in a few cases.
This commit is contained in:
david
2008-10-14 20:52:50 +00:00
parent 1508da5acc
commit 8bd71aaf43
53 changed files with 634 additions and 573 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
scripts/SQLInject.nse
View File

@@ -1,26 +1,24 @@
--[[
Experimental SQL injection spider
---------------------------------
Spiders a http server looking for URLs containing queries.
It then proceeds to combine crafted sql commands with
susceptible urls in order to obtain errors. The errors
id = "sql-inject"
description = [[
Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL
injection attack.
\n\n
The script spiders an HTTP server looking for URLs containing queries.
It then proceeds to combine crafted SQL commands with
susceptible URLs in order to obtain errors. The errors
are analysed to see if the url is vulnerable to attack.
This uses the most basic form of SQL injection but anything
more complication is more suited to a stand alone tool.
Both meta and http redirects are supported.
Both meta and HTTP redirects are supported.
\n\n
It is not advisable to run this against unknown hosts.
NOTES
-----
\n\n
NOTES\n
* We may not have access to the servers true hostname.
This means we cannot access virtually hosted sites and
cannot follow absolute links when the hostname is
different from the resolved ip address
--]]
]]
require('url')
require('shortport')
@@ -28,10 +26,7 @@ require('stdnse')
require('strbuf')
require('listop')
id = "sql-inject"
author = "Eddie Bell <ejlbell@gmail.com>"
description = "spiders a http server looking for URLs containing queries \
and tries to determines if they are vulnerable to injection attack"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"intrusive", "vuln"}
runlevel = 1.0