PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Add @output sections to realvnc-auth-bypass.nse and sql-injection.nse

Browse Source 
from Gutek. Also documents the @args of sql-injection.nse.
This commit is contained in:
david
2010-04-02 15:31:24 +00:00
parent 619311bca7
commit baeb2e8f98
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/realvnc-auth-bypass.nse
View File

@@ -5,6 +5,12 @@ Checks if a VNC server is vulnerable to the RealVNC authentication bypass
author = "Brandon Enright" author = "Brandon Enright"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
---
-- @output
-- PORT STATE SERVICE VERSION
-- 5900/tcp open vnc VNC (protocol 3.8)
-- |_realvnc-auth-bypass: Vulnerable
categories = {"default", "vuln", "safe"} categories = {"default", "vuln", "safe"}
require "shortport" require "shortport"

12
scripts/sql-injection.nse
View File

@@ -26,6 +26,18 @@ author = "Eddie Bell"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"intrusive", "vuln"} categories = {"intrusive", "vuln"}
---
-- @args sql-injection.start The path at which to start spidering; default <code>/</code>.
-- @args sql-injection.maxdepth The maximum depth to spider; default 10.
--
-- @output
-- PORT STATE SERVICE
-- 80/tcp open http
-- | sql-injection: Host might be vulnerable
-- | /a_index.php?id_str=1'%20OR%20sqlspider
-- | /a_index.php?id_str=1'%20OR%20sqlspider
-- | /a_index.php?id_str=2'%20OR%20sqlspider
-- Change this to increase depth of crawl -- Change this to increase depth of crawl
local maxdepth = 10 local maxdepth = 10
local get_page_from_host local get_page_from_host