PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Get rid of unnecessary spaces at the end of lines

Browse Source
This commit is contained in:
jay
2014-08-09 19:09:06 +00:00
parent 03dd80d280
commit b281e0bf1d
16 changed files with 55 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lpeg.c
View File

@@ -145,7 +145,7 @@ typedef struct Charset {
#endif
/*
/*
** $Id: lptree.h,v 1.2 2013/03/24 13:51:12 roberto Exp $
*/
@@ -900,7 +900,7 @@ static int pushcapture (CapState *cs) {
/*
** Prepare a CapState structure and traverse the entire list of
** captures in the stack pushing its results. 's' is the subject
** string, 'r' is the final position of the match, and 'ptop'
** string, 'r' is the final position of the match, and 'ptop'
** the index in the stack where some useful values were pushed.
** Returns the number of results pushed. (If the list produces no
** results, push the final position of the match.)
@@ -1306,7 +1306,7 @@ static int needfollow (TTree *tree) {
case TSeq:
tree = sib2(tree); goto tailcall;
default: assert(0); return 0;
}
}
}
/* }====================================================== */
@@ -1327,7 +1327,7 @@ int sizei (const Instruction *i) {
switch((Opcode)i->i.code) {
case ISet: case ISpan: return CHARSETINSTSIZE;
case ITestSet: return CHARSETINSTSIZE + 1;
case ITestChar: case ITestAny: case IChoice: case IJmp:
case ITestChar: case ITestAny: case IChoice: case IJmp:
case ICall: case IOpenCall: case ICommit: case IPartialCommit:
case IBackCommit: return 2;
default: return 1;
@@ -1561,7 +1561,7 @@ static void codechoice (CompileState *compst, TTree *p1, TTree *p2, int opt,
int jmp = NOINST;
codegen(compst, p1, 0, test, fl);
if (!emptyp2)
jmp = addoffsetinst(compst, IJmp);
jmp = addoffsetinst(compst, IJmp);
jumptohere(compst, test);
codegen(compst, p2, opt, NOINST, fl);
jumptohere(compst, jmp);
@@ -1572,7 +1572,7 @@ static void codechoice (CompileState *compst, TTree *p1, TTree *p2, int opt,
codegen(compst, p1, 1, NOINST, fullset);
}
else {
/* <p1 / p2> ==
/* <p1 / p2> ==
test(fail(p1)) -> L1; choice L1; <p1>; commit L2; L1: <p2>; L2: */
int pcommit;
int test = codetestset(compst, &cs1, e1);
@@ -2144,7 +2144,7 @@ void printktable (lua_State *L, int idx) {
/* number of siblings for each tree */
const byte numsiblings[] = {
0, 0, 0, /* char, set, any */
0, 0, /* true, false */
0, 0, /* true, false */
1, /* rep */
2, 2, /* seq, choice */
1, 1, /* not, and */
@@ -3657,7 +3657,7 @@ const char *match (lua_State *L, const char *o, const char *s, const char *e,
capsize = 2 * captop;
}
/* add new captures to 'capture' list */
adddyncaptures(s, capture + captop - n - 2, n, fr);
adddyncaptures(s, capture + captop - n - 2, n, fr);
}
p++;
continue;

10
nse_main.lua
View File

@@ -736,7 +736,7 @@ local function get_chosen_scripts (rules)
local T = locale {
V "space"^0 * V "expression" * V "space"^0 * P(-1);
expression = V "disjunct" + V "conjunct" + V "value";
disjunct = (V "conjunct" + V "value") * V "space"^0 * K "or" * V "space"^0 * V "expression" / function (a, b) return a or b end;
conjunct = V "value" * V "space"^0 * K "and" * V "space"^0 * V "expression" / function (a, b) return a and b end;
@@ -746,7 +746,7 @@ local function get_chosen_scripts (rules)
K "false" * Cc(false) +
V "category" +
V "path";
category = K "all" * Cc(true); -- pseudo-category "all" matches everything
path = R("\033\039", "\042\126")^1 / match_script; -- all graphical characters not '(', ')'
};
@@ -1159,14 +1159,14 @@ end
nmap.registry.args = {};
do
local args = {};
if cnse.scriptargsfile then
local t, path = cnse.fetchfile_absolute(cnse.scriptargsfile)
assert(t == 'file', format("%s is not a file", path))
print_debug(1, "Loading script-args from file `%s'", cnse.scriptargsfile);
args[#args+1] = assert(assert(open(path, 'r')):read "*a"):gsub("\n", ","):gsub(",*$", "");
end
if cnse.scriptargs then -- Load script arguments (--script-args)
print_debug(1, "Arguments from CLI: %s", cnse.scriptargs);
args[#args+1] = cnse.scriptargs;
@@ -1209,7 +1209,7 @@ do
end
end
end
-- Update Missing Script Database?
if script_database_type ~= "file" then
print_verbose(1, "Script Database missing, will create new one.");

2
nse_nmaplib.cc
View File

@@ -666,7 +666,7 @@ static int l_get_version_intensity (lua_State *L)
if (is_script_intensity_set) {
if (script_intensity < 0 || script_intensity > 9)
error("Warning: Valid values of script arg script-intensity are between "
"0 and 9. Using %d nevertheless.\n", script_intensity);
"0 and 9. Using %d nevertheless.\n", script_intensity);
intensity = script_intensity;
} else {
intensity = o.version_intensity;

6
nselib/json.lua
View File

@@ -61,7 +61,7 @@ _M.NULL = NULL;
local function utf8_enc (cp)
local result = {};
local n, mask;
if cp % 1.0 ~= 0.0 or cp < 0 then
-- Only defined for nonnegative integers.
error("utf code point defined only for non-negative integers");
@@ -80,14 +80,14 @@ local function utf8_enc (cp)
else
assert(false);
end
while n > 1 do
result[n] = 0x80 + bit.band(cp, 0x3F);
cp = bit.rshift(cp, 6);
n = n - 1;
end
result[1] = mask + cp;
return string.char(unpack(result));
end

10
nselib/stdnse.lua
View File

@@ -78,7 +78,7 @@ local function debug (level, ...)
prefix = prefix .. ":" .. port.number
end
prefix = prefix .. "] "
if prefix ~= "[] " then
if prefix ~= "[] " then
nmap.log_write("stdout", prefix..format(...))
else
nmap.log_write("stdout", format(...))
@@ -96,7 +96,7 @@ end
-- arguments are processed with Lua's <code>string.format</code> function.
--
-- If known, the output includes some context based information: the script
-- identifier and the target ip/port (if there is one). If the debug level is
-- identifier and the target ip/port (if there is one). If the debug level is
-- at least 2, it also prints the base thread identifier and whether it is a
-- worker thread or the master thread.
--
@@ -115,7 +115,7 @@ function debug4 (...) return debug(4, ...) end
function debug5 (...) return debug(5, ...) end
---
-- Deprecated version of debug(), kept for now to prevent the script id from being
-- Deprecated version of debug(), kept for now to prevent the script id from being
-- printed twice. Scripts should use debug() and not pass SCRIPT_NAME
print_debug = function(level, fmt, ...)
local l, d = tonumber(level), nmap.debugging();
@@ -154,7 +154,7 @@ end
---
-- Prints a formatted verbosity message if the current verbosity level is greater
-- than or equal to a given level.
--
--
-- This is a convenience wrapper around <code>nmap.log_write</code>. The first
-- optional numeric argument, <code>level</code>, is used as the verbosity level
-- necessary to print the message (it defaults to 1 if omitted). All remaining
@@ -179,7 +179,7 @@ function verbose4 (...) return verbose(4, ...) end
function verbose5 (...) return verbose(5, ...) end
---
-- Deprecated version of verbose(), kept for now to prevent the script id from being
-- Deprecated version of verbose(), kept for now to prevent the script id from being
-- printed twice. Scripts should use verbose() and not pass SCRIPT_NAME
print_verbose = function(level, fmt, ...)
local l, d = tonumber(level), nmap.verbosity();

4
scripts/http-affiliate-id.nse
View File

@@ -95,14 +95,14 @@ portaction = function(host, port)
for shortener, pattern in pairs(URL_SHORTENERS) do
for i, shortened in ipairs(pattern:match(body)) do
stdnse.debug1("Found shortened Url: " .. shortened)
stdnse.debug1("Found shortened Url: " .. shortened)
local response = http.get(shortener, 80, shortened)
stdnse.debug1("status code: %d", response.status)
if (response.status == 301 or response.status == 302) and response.header['location'] then
followed[#followed + 1] = response.header['location']
end
end
end
end
followed = table.concat(followed, "\n")
-- Here goes affiliate matching

2
scripts/http-cisco-anyconnect.nse
View File

@@ -16,7 +16,7 @@ and tunnel information.
-- @output
-- PORT STATE SERVICE REASON
-- 443/tcp open https syn-ack
-- | http-cisco-anyconnect:
-- | http-cisco-anyconnect:
-- | version: 9.1(5)
-- | tunnel-group: VPN
-- | group-alias: vpn

2
scripts/http-generator.nse
View File

@@ -4,7 +4,7 @@ local stdnse = require "stdnse"
local string = require "string"
description = [[
Displays the contents of the "generator" meta tag of a web page (default: /)
Displays the contents of the "generator" meta tag of a web page (default: /)
if there is one.
]]

2
scripts/http-passwd.nse
View File

@@ -173,7 +173,7 @@ action = function(host, port)
-- Check for something that looks like a query referring to a file name, like
-- "index.php?page=next.php". Replace the query value with each of the test
-- vectors.
-- vectors.
local response = http.get(host, port, root)
if response.body then
local page_var = response.body:match ("[%?%&](%a-)=%a-%.%a")

10
scripts/http-vuln-cve2006-3392.nse
View File

@@ -8,7 +8,7 @@ description = [[
Exploits a file disclosure vulnerability in Webmin (CVE-2010-0738)
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML.
This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences
This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences
to bypass the removal of "../" directory traversal sequences.
]]
---
@@ -18,14 +18,14 @@ to bypass the removal of "../" directory traversal sequences.
-- @output
-- PORT STATE SERVICE REASON
-- 10000/tcp open webmin syn-ack
-- | http-vuln-cve2006-3392:
-- | http-vuln-cve2006-3392:
-- | VULNERABLE:
-- | Webmin File Disclosure
-- | State: VULNERABLE (Exploitable)
-- | IDs: CVE:CVE-2006-3392
-- | Description:
-- | Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML.
-- | This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences
-- | This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences
-- | to bypass the removal of "../" directory traversal sequences.
-- | Disclosure date: 2006
-- | Extra information:
@@ -52,7 +52,7 @@ action = function(host, port)
IDS = {CVE = 'CVE-2006-3392'},
description = [[
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML.
This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences
This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences
to bypass the removal of "../" directory traversal sequences.
]],
references = {
@@ -67,7 +67,7 @@ to bypass the removal of "../" directory traversal sequences.
local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
local url = "/unauthenticated/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01" .. file_var
stdnse.debug1("Getting " .. file_var)
stdnse.debug1("Getting " .. file_var)
local detection_session = http.get(host, port, url)

6
scripts/http-vuln-cve2014-2126.nse
View File

@@ -6,7 +6,7 @@ local sslcert = require('sslcert')
description = [[
Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA ASDM Privilege Escalation Vulnerability (CVE-2014-2126).
]]
]]
---
-- @usage
@@ -15,14 +15,14 @@ Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA ASDM Priv
-- @output
-- PORT STATE SERVICE
-- 443/tcp open https
-- | http-vuln-cve2014-2126:
-- | http-vuln-cve2014-2126:
-- | VULNERABLE:
-- | Cisco ASA ASDM Privilege Escalation Vulnerability
-- | State: VULNERABLE
-- | Risk factor: High CVSSv2: 8.5 (HIGH) (AV:N/AC:M/AU:S/C:C/I:C/A:C)
-- | Description:
-- | Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496.
-- |
-- |
-- | References:
-- | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
-- |_ http://cvedetails.com/cve/2014-2126/

6
scripts/http-vuln-cve2014-2127.nse
View File

@@ -6,7 +6,7 @@ local sslcert = require('sslcert')
description = [[
Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SSL VPN Privilege Escalation Vulnerability (CVE-2014-2127).
]]
]]
---
-- @usage
@@ -15,14 +15,14 @@ Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SSL VPN P
-- @output
-- PORT STATE SERVICE
-- 443/tcp open https
-- | http-vuln-cve2014-2127:
-- | http-vuln-cve2014-2127:
-- | VULNERABLE:
-- | Cisco ASA SSL VPN Privilege Escalation Vulnerability
-- | State: VULNERABLE
-- | Risk factor: High CVSSv2: 8.5 (HIGH) (AV:N/AC:M/AU:S/C:C/I:C/A:C)
-- | Description:
-- | Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.
-- |
-- |
-- | References:
-- | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
-- |_ http://cvedetails.com/cve/2014-2127/

4
scripts/http-vuln-cve2014-2128.nse
View File

@@ -15,14 +15,14 @@ Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SSL VPN A
-- @output
-- PORT STATE SERVICE
-- 443/tcp open https
-- | http-vuln-cve2014-2128:
-- | http-vuln-cve2014-2128:
-- | VULNERABLE:
-- | Cisco ASA SSL VPN Authentication Bypass Vulnerability
-- | State: VULNERABLE
-- | Risk factor: Medium CVSSv2: 5.0 (MEDIUM) (AV:N/AC:L/AU:N/C:P/I:N/A:N)
-- | Description:
-- | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555.
-- |
-- |
-- | References:
-- | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
-- |_ http://cvedetails.com/cve/2014-2128/

6
scripts/http-vuln-cve2014-2129.nse
View File

@@ -6,7 +6,7 @@ local sslcert = require('sslcert')
description = [[
Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SIP Denial of Service Vulnerability (CVE-2014-2129).
]]
]]
---
-- @usage
@@ -15,14 +15,14 @@ Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SIP Denia
-- @output
-- PORT STATE SERVICE
-- 443/tcp open https
-- | http-vuln-cve2014-2129:
-- | http-vuln-cve2014-2129:
-- | VULNERABLE:
-- | Cisco ASA SIP Denial of Service Vulnerability
-- | State: VULNERABLE
-- | Risk factor: High CVSSv2: 7.1 (HIGH) (AV:N/AC:M/AU:N/C:N/I:N/A:C)
-- | Description:
-- | The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
-- |
-- |
-- | References:
-- | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
-- |_ http://cvedetails.com/cve/2014-2129/

14
scripts/http-vuln-wnr1000-creds.nse
View File

@@ -5,8 +5,8 @@ local string = require "string"
local vulns = require "vulns"
description = [[
A vulnerability has been discovered in WNR 1000 series that allows an attacker
to retrieve administrator credentials with the router interface.
A vulnerability has been discovered in WNR 1000 series that allows an attacker
to retrieve administrator credentials with the router interface.
Tested On Firmware Version(s): V1.0.2.60_60.0.86 (Latest) and V1.0.2.54_60.0.82NA
Vulnerability discovered by c1ph04.
@@ -18,14 +18,14 @@ Vulnerability discovered by c1ph04.
-- @output
-- PORT STATE SERVICE REASON
-- 80/tcp open http syn-ack
-- | http-vuln-wnr1000-creds:
-- | http-vuln-wnr1000-creds:
-- | VULNERABLE:
-- | Netgear WNR1000v3 Credential Harvesting Exploit
-- | State: VULNERABLE (Exploitable)
-- | IDs: None, 0-day
-- | Description:
-- | A vulnerability has been discovered in WNR 1000 series that allows an attacker
-- | to retrieve administrator credentials with the router interface.
-- | A vulnerability has been discovered in WNR 1000 series that allows an attacker
-- | to retrieve administrator credentials with the router interface.
-- | Tested On Firmware Version(s): V1.0.2.60_60.0.86 (Latest) and V1.0.2.54_60.0.82NA
-- | Disclosure date: 26-01-2014
-- | References:
@@ -49,8 +49,8 @@ action = function(host, port)
title = 'Netgear WNR1000v3 Credential Harvesting Exploit',
state = vulns.STATE.NOT_VULN, -- default
description = [[
A vulnerability has been discovered in WNR 1000 series that allows an attacker
to retrieve administrator credentials with the router interface.
A vulnerability has been discovered in WNR 1000 series that allows an attacker
to retrieve administrator credentials with the router interface.
Tested On Firmware Version(s): V1.0.2.60_60.0.86 (Latest) and V1.0.2.54_60.0.82NA.
Vulnerability discovered by c1ph04.
]],

10
scripts/mikrotik-routeros-brute.nse
View File

@@ -8,7 +8,7 @@ Additional information:
---
-- @usage
-- nmap -p8728 --script mikrotik-routeros-brute <target>
--
--
-- @output
-- PORT STATE SERVICE REASON
-- 8728/tcp open unknown syn-ack
@@ -35,7 +35,7 @@ local openssl = stdnse.silent_require "openssl"
portrule = shortport.portnumber(8728, "tcp")
Driver =
Driver =
{
new = function(self, host, port, options )
local o = { host = host, port = port, options = options }
@@ -44,7 +44,7 @@ Driver =
o.emptypass = true
return o
end,
connect = function( self )
self.s = nmap.new_socket("tcp")
self.s:set_timeout(self.options['timeout'])
@@ -81,10 +81,10 @@ Driver =
end
return false, brute.Error:new( "Incorrect password" )
end,
disconnect = function( self )
return self.s:close()
end
end
}
action = function(host, port)