PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-08 21:51:28 +00:00
Code Issues Projects Releases Wiki Activity

Remove ip-geolocation-quova -- it include an API key which apparently required agreeing to the Quova terms of service to obtain (http://developer.quova.com/apps/tos). And those seem to pretty clearly ban this sort of use. So we can only use this script if we get permission from Quova (best option), or we make it so that user is required to pass a key as nsearg

Browse Source
This commit is contained in:
fyodor
2011-06-29 03:34:47 +00:00
parent 53b61dac59
commit 9a2b80c34d
3 changed files with 1 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG
View File

@@ -2,7 +2,7 @@
Nmap 5.59BETA1 [2011-06-29] Nmap 5.59BETA1 [2011-06-29]
o [NSE] Added 41 scripts, bringing the total to 218! You can learn o [NSE] Added 40 scripts, bringing the total to 217! You can learn
more about any of them at http://nmap.org/nsedoc/. Here are the new more about any of them at http://nmap.org/nsedoc/. Here are the new
ones (authors listed in brackets): ones (authors listed in brackets):
@@ -84,10 +84,6 @@ o [NSE] Added 41 scripts, bringing the total to 218! You can learn
an IP address using a Geolocation Maxmind database file (available an IP address using a Geolocation Maxmind database file (available
from http://www.maxmind.com/app/ip-location). [Gorjan Petrovski] from http://www.maxmind.com/app/ip-location). [Gorjan Petrovski]
+ ip-geolocation-quova: Tries to identify the physical location of an
IP address using the Quova geolocation web service
(http://www.quova.com/). [Gorjan Petrovski]
+ ldap-novell-getpass: Attempts to retrieve the Novell Universal + ldap-novell-getpass: Attempts to retrieve the Novell Universal
Password for a user. You must already have (and include in script Password for a user. You must already have (and include in script
arguments) the username and password for an eDirectory server arguments) the username and password for an eDirectory server

89
scripts/ip-geolocation-quova.nse
View File

@@ -1,89 +0,0 @@
description = [[
Tries to identify the physical location of an IP address using the
Quova geolocation web service (http://www.quova.com/).
It uses three API keys obtained through a free registration. The limit
on lookups is 1000 per API key per day, and 2 per API key per second.
]]
---
-- @usage
-- nmap --script ip-geolocation-quova <target>
--
-- @output
-- | ip-geolocation-quova:
-- | 74.207.244.221 (scanme.nmap.org)
-- | coordinates (lat,lon): 37.56699,-121.98266
-- |_ city: fremont, california, united states
--
author = "Gorjan Petrovski"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery","external","safe"}
require "stdnse"
require "ipOps"
require "json"
require "http"
require "openssl"
hostrule = function(host)
local is_private, err = ipOps.isPrivate( host.ip )
if is_private == nil then
stdnse.print_debug( "%s Error in Hostrule: %s.", SCRIPT_NAME, err )
return false
end
return not is_private
end
-- A free registration for an API key is required. Limit is 1000 requests per
-- API per day, 2 requests per API per second
local quova = function(ip)
local api_keys = {"100.9fjahzuxgtwmzfdztd8g","100.t9e4u6pgtdpf84xenv2y","100.8pf9xxzxt4sxuu7ephdn"}
local secret_codes = {"2YY39UGm", "haBZaVfj", "MtFMZuHH"}
local secret = nil
local timestamp = nil
local sig = nil
local response = nil
for i,api_key in ipairs(api_keys) do
timestamp = os.time(os.date("!*t"))
secret = secret_codes[i]
sig = stdnse.tohex(openssl.md5(api_key .. secret .. timestamp))
response = http.get("api.quova.com", 80, "/v1/ipinfo/" .. ip .. "?apikey=" ..api_key.."&sig="..sig.."&format=json", nil)
if response.status == 200 then break end
if response.status ~= 403 then
stdnse.print_debug("Quova API is malfunctioning.")
return nil
end
if response.status == 403 and response.header["x-mashery-error-code"]~= "ERR_403_DEVELOPER_OVER_QPS" then
return nil
end
end
local stat,obj_json = json.parse(response.body)
if not stat then return nil end
loc = obj_json.ipinfo.Location
local output = {}
table.insert(output,"coordinates (lat,lon): "..loc.latitude..","..loc.longitude)
table.insert(output,"city: ".. loc.CityData.city..", ".. loc.StateData.state..", ".. loc.CountryData.country)
return output
end
action = function(host,port)
local output = quova(host.ip)
if output and(#output~=0) then
output.name = host.ip
if host.targetname then
output.name = output.name.." ("..host.targetname..")"
end
return stdnse.format_output(true,output)
end
end

1
scripts/script.db
View File

@@ -92,7 +92,6 @@ Entry { filename = "ip-geolocation-geobytes.nse", categories = { "discovery", "e
Entry { filename = "ip-geolocation-geoplugin.nse", categories = { "discovery", "external", "safe", } } Entry { filename = "ip-geolocation-geoplugin.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ip-geolocation-ipinfodb.nse", categories = { "discovery", "external", "safe", } } Entry { filename = "ip-geolocation-ipinfodb.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ip-geolocation-maxmind.nse", categories = { "discovery", "external", "safe", } } Entry { filename = "ip-geolocation-maxmind.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ip-geolocation-quova.nse", categories = { "discovery", "external", "safe", } }
Entry { filename = "ipidseq.nse", categories = { "discovery", "safe", } } Entry { filename = "ipidseq.nse", categories = { "discovery", "safe", } }
Entry { filename = "irc-info.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "irc-info.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "irc-unrealircd-backdoor.nse", categories = { "safe", "vuln", } } Entry { filename = "irc-unrealircd-backdoor.nse", categories = { "safe", "vuln", } }