PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-08 05:31:31 +00:00
Code Issues Projects Releases Wiki Activity

o Removed showSSHVersion.nse. Its only real claim to fame was the

Browse Source 
ability to trick some SSH servers (including at least OpenSSH
  4.3p2-9etch3) into not logging the connection.  This trick doesn't
  seem to work with newer versions of OpenSSH, as my
  openssh-server-4.7p1-4.fc8 does log the connection. Without the
  stealth advantage, the script has no real benefit over version
  detection or the upcoming banner grabbing script. [Fyodor]
This commit is contained in:
fyodor
2008-11-04 05:04:12 +00:00
parent e0a3c5c64f
commit c22c9ca885
3 changed files with 102 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG
View File

@@ -1,5 +1,13 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o Removed showSSHVersion.nse. Its only real claim to fame was the
ability to trick some SSH servers (including at least OpenSSH
4.3p2-9etch3) into not logging the connection. This trick doesn't
seem to work with newer versions of OpenSSH, as my
openssh-server-4.7p1-4.fc8 does log the connection. Without the
stealth advantage, the script has no real benefit over version
detection or the upcoming banner grabbing script. [Fyodor]
o NSE scripts that require a list of DNS servers (currently only o NSE scripts that require a list of DNS servers (currently only
ASN.nse) now work when IPv6 scanning. Previously it gave an error ASN.nse) now work when IPv6 scanning. Previously it gave an error
message: "Failed to send dns query. Response from dns.query(): 9". message: "Failed to send dns query. Response from dns.query(): 9".

189
scripts/script.db
View File

@@ -1,107 +1,106 @@
Entry{ category = "default", filename = "showOwner.nse" }
Entry{ category = "safe", filename = "showOwner.nse" }
Entry{ category = "discovery", filename = "daytimeTest.nse" }
Entry{ category = "default", filename = "RealVNC_auth_bypass.nse" }
Entry{ category = "vuln", filename = "RealVNC_auth_bypass.nse" }
Entry{ category = "intrusive", filename = "SQLInject.nse" }
Entry{ category = "vuln", filename = "SQLInject.nse" }
Entry{ category = "auth", filename = "bruteTelnet.nse" }
Entry{ category = "intrusive", filename = "bruteTelnet.nse" }
Entry{ category = "discovery", filename = "HTTPtrace.nse" }
Entry{ category = "demo", filename = "SMTP_openrelay_test.nse" }
Entry{ category = "default", filename = "HTTPAuth.nse" }
Entry{ category = "auth", filename = "HTTPAuth.nse" }
Entry{ category = "intrusive", filename = "HTTPAuth.nse" }
Entry{ category = "default", filename = "dns-test-open-recursion.nse" } Entry{ category = "default", filename = "dns-test-open-recursion.nse" }
Entry{ category = "intrusive", filename = "dns-test-open-recursion.nse" } Entry{ category = "intrusive", filename = "dns-test-open-recursion.nse" }
Entry{ category = "default", filename = "showHTMLTitle.nse" } Entry{ category = "default", filename = "RealVNC_auth_bypass.nse" }
Entry{ category = "safe", filename = "showHTMLTitle.nse" } Entry{ category = "vuln", filename = "RealVNC_auth_bypass.nse" }
Entry{ category = "default", filename = "SMTPcommands.nse" } Entry{ category = "external", filename = "dns-safe-recursion-port.nse" }
Entry{ category = "discovery", filename = "SMTPcommands.nse" } Entry{ category = "intrusive", filename = "dns-safe-recursion-port.nse" }
Entry{ category = "safe", filename = "SMTPcommands.nse" } Entry{ category = "discovery", filename = "smb-enumusers.nse" }
Entry{ category = "default", filename = "MSSQLm.nse" } Entry{ category = "intrusive", filename = "smb-enumusers.nse" }
Entry{ category = "discovery", filename = "MSSQLm.nse" } Entry{ category = "intrusive", filename = "SNMPcommunitybrute.nse" }
Entry{ category = "intrusive", filename = "MSSQLm.nse" } Entry{ category = "auth", filename = "SNMPcommunitybrute.nse" }
Entry{ category = "default", filename = "SSHv1-support.nse" } Entry{ category = "default", filename = "showOwner.nse" }
Entry{ category = "safe", filename = "SSHv1-support.nse" } Entry{ category = "safe", filename = "showOwner.nse" }
Entry{ category = "default", filename = "MySQLinfo.nse" }
Entry{ category = "discovery", filename = "MySQLinfo.nse" }
Entry{ category = "safe", filename = "MySQLinfo.nse" }
Entry{ category = "auth", filename = "xamppDefaultPass.nse" }
Entry{ category = "vuln", filename = "xamppDefaultPass.nse" }
Entry{ category = "default", filename = "SSLv2-support.nse" } Entry{ category = "default", filename = "SSLv2-support.nse" }
Entry{ category = "safe", filename = "SSLv2-support.nse" } Entry{ category = "safe", filename = "SSLv2-support.nse" }
Entry{ category = "default", filename = "zoneTrans.nse" } Entry{ category = "malware", filename = "ircZombieTest.nse" }
Entry{ category = "intrusive", filename = "zoneTrans.nse" } Entry{ category = "discovery", filename = "smb-systeminfo.nse" }
Entry{ category = "discovery", filename = "zoneTrans.nse" } Entry{ category = "intrusive", filename = "smb-systeminfo.nse" }
Entry{ category = "default", filename = "ftpbounce.nse" }
Entry{ category = "intrusive", filename = "ftpbounce.nse" }
Entry{ category = "version", filename = "skype_v2-version.nse" } Entry{ category = "version", filename = "skype_v2-version.nse" }
Entry{ category = "discovery", filename = "promiscuous.nse" } Entry{ category = "discovery", filename = "HTTPtrace.nse" }
Entry{ category = "default", filename = "SNMPsysdescr.nse" } Entry{ category = "default", filename = "UPnP-info.nse" }
Entry{ category = "discovery", filename = "SNMPsysdescr.nse" } Entry{ category = "safe", filename = "UPnP-info.nse" }
Entry{ category = "safe", filename = "SNMPsysdescr.nse" }
Entry{ category = "discovery", filename = "ASN.nse" }
Entry{ category = "external", filename = "ASN.nse" }
Entry{ category = "default", filename = "nbstat.nse" }
Entry{ category = "discovery", filename = "nbstat.nse" }
Entry{ category = "safe", filename = "nbstat.nse" }
Entry{ category = "version", filename = "iax2Detect.nse" }
Entry{ category = "default", filename = "rpcinfo.nse" } Entry{ category = "default", filename = "rpcinfo.nse" }
Entry{ category = "safe", filename = "rpcinfo.nse" } Entry{ category = "safe", filename = "rpcinfo.nse" }
Entry{ category = "discovery", filename = "rpcinfo.nse" } Entry{ category = "discovery", filename = "rpcinfo.nse" }
Entry{ category = "auth", filename = "bruteTelnet.nse" }
Entry{ category = "intrusive", filename = "bruteTelnet.nse" }
Entry{ category = "external", filename = "dns-safe-recursion-txid.nse" }
Entry{ category = "intrusive", filename = "dns-safe-recursion-txid.nse" }
Entry{ category = "default", filename = "SMTPcommands.nse" }
Entry{ category = "discovery", filename = "SMTPcommands.nse" }
Entry{ category = "safe", filename = "SMTPcommands.nse" }
Entry{ category = "default", filename = "robots.nse" }
Entry{ category = "safe", filename = "robots.nse" }
Entry{ category = "default", filename = "zoneTrans.nse" }
Entry{ category = "intrusive", filename = "zoneTrans.nse" }
Entry{ category = "discovery", filename = "zoneTrans.nse" }
Entry{ category = "discovery", filename = "whois.nse" }
Entry{ category = "external", filename = "whois.nse" }
Entry{ category = "safe", filename = "whois.nse" }
Entry{ category = "default", filename = "smb-os-discovery.nse" }
Entry{ category = "discovery", filename = "smb-os-discovery.nse" }
Entry{ category = "safe", filename = "smb-os-discovery.nse" }
Entry{ category = "discovery", filename = "ripeQuery.nse" }
Entry{ category = "external", filename = "ripeQuery.nse" }
Entry{ category = "malware", filename = "strangeSMTPport.nse" }
Entry{ category = "version", filename = "iax2Detect.nse" }
Entry{ category = "discovery", filename = "smb-security-mode.nse" }
Entry{ category = "safe", filename = "smb-security-mode.nse" }
Entry{ category = "discovery", filename = "smb-enumsessions.nse" }
Entry{ category = "intrusive", filename = "smb-enumsessions.nse" }
Entry{ category = "discovery", filename = "ASN.nse" }
Entry{ category = "external", filename = "ASN.nse" }
Entry{ category = "default", filename = "showHTMLTitle.nse" }
Entry{ category = "safe", filename = "showHTMLTitle.nse" }
Entry{ category = "discovery", filename = "promiscuous.nse" }
Entry{ category = "discovery", filename = "smb-enumshares.nse" }
Entry{ category = "intrusive", filename = "smb-enumshares.nse" }
Entry{ category = "default", filename = "anonFTP.nse" }
Entry{ category = "auth", filename = "anonFTP.nse" }
Entry{ category = "intrusive", filename = "anonFTP.nse" }
Entry{ category = "intrusive", filename = "SQLInject.nse" }
Entry{ category = "vuln", filename = "SQLInject.nse" }
Entry{ category = "demo", filename = "SMTP_openrelay_test.nse" }
Entry{ category = "default", filename = "nbstat.nse" }
Entry{ category = "discovery", filename = "nbstat.nse" }
Entry{ category = "safe", filename = "nbstat.nse" }
Entry{ category = "default", filename = "HTTPAuth.nse" }
Entry{ category = "auth", filename = "HTTPAuth.nse" }
Entry{ category = "intrusive", filename = "HTTPAuth.nse" }
Entry{ category = "default", filename = "finger.nse" }
Entry{ category = "discovery", filename = "finger.nse" }
Entry{ category = "default", filename = "SSHv1-support.nse" }
Entry{ category = "safe", filename = "SSHv1-support.nse" }
Entry{ category = "default", filename = "popcapa.nse" }
Entry{ category = "default", filename = "SNMPsysdescr.nse" }
Entry{ category = "discovery", filename = "SNMPsysdescr.nse" }
Entry{ category = "safe", filename = "SNMPsysdescr.nse" }
Entry{ category = "safe", filename = "SSH-hostkey.nse" }
Entry{ category = "default", filename = "SSH-hostkey.nse" }
Entry{ category = "intrusive", filename = "SSH-hostkey.nse" }
Entry{ category = "intrusive", filename = "brutePOP3.nse" }
Entry{ category = "auth", filename = "brutePOP3.nse" }
Entry{ category = "default", filename = "MySQLinfo.nse" }
Entry{ category = "discovery", filename = "MySQLinfo.nse" }
Entry{ category = "safe", filename = "MySQLinfo.nse" }
Entry{ category = "default", filename = "ftpbounce.nse" }
Entry{ category = "intrusive", filename = "ftpbounce.nse" }
Entry{ category = "auth", filename = "xamppDefaultPass.nse" }
Entry{ category = "vuln", filename = "xamppDefaultPass.nse" }
Entry{ category = "discovery", filename = "smb-enumdomains.nse" }
Entry{ category = "intrusive", filename = "smb-enumdomains.nse" }
Entry{ category = "intrusive", filename = "HTTPpasswd.nse" }
Entry{ category = "vuln", filename = "HTTPpasswd.nse" }
Entry{ category = "discovery", filename = "smb-serverstats.nse" }
Entry{ category = "intrusive", filename = "smb-serverstats.nse" }
Entry{ category = "version", filename = "PPTPversion.nse" }
Entry{ category = "default", filename = "ircServerInfo.nse" }
Entry{ category = "discovery", filename = "ircServerInfo.nse" }
Entry{ category = "default", filename = "MSSQLm.nse" }
Entry{ category = "discovery", filename = "MSSQLm.nse" }
Entry{ category = "intrusive", filename = "MSSQLm.nse" }
Entry{ category = "default", filename = "HTTP_open_proxy.nse" } Entry{ category = "default", filename = "HTTP_open_proxy.nse" }
Entry{ category = "discovery", filename = "HTTP_open_proxy.nse" } Entry{ category = "discovery", filename = "HTTP_open_proxy.nse" }
Entry{ category = "external", filename = "HTTP_open_proxy.nse" } Entry{ category = "external", filename = "HTTP_open_proxy.nse" }
Entry{ category = "intrusive", filename = "HTTP_open_proxy.nse" } Entry{ category = "intrusive", filename = "HTTP_open_proxy.nse" }
Entry{ category = "intrusive", filename = "HTTPpasswd.nse" } Entry{ category = "discovery", filename = "daytimeTest.nse" }
Entry{ category = "vuln", filename = "HTTPpasswd.nse" }
Entry{ category = "demo", filename = "showSSHVersion.nse" }
Entry{ category = "default", filename = "anonFTP.nse" }
Entry{ category = "auth", filename = "anonFTP.nse" }
Entry{ category = "intrusive", filename = "anonFTP.nse" }
Entry{ category = "discovery", filename = "whois.nse" }
Entry{ category = "external", filename = "whois.nse" }
Entry{ category = "safe", filename = "whois.nse" }
Entry{ category = "default", filename = "robots.nse" }
Entry{ category = "safe", filename = "robots.nse" }
Entry{ category = "default", filename = "finger.nse" }
Entry{ category = "discovery", filename = "finger.nse" }
Entry{ category = "default", filename = "UPnP-info.nse" }
Entry{ category = "safe", filename = "UPnP-info.nse" }
Entry{ category = "malware", filename = "strangeSMTPport.nse" }
Entry{ category = "default", filename = "ircServerInfo.nse" }
Entry{ category = "discovery", filename = "ircServerInfo.nse" }
Entry{ category = "malware", filename = "ircZombieTest.nse" }
Entry{ category = "discovery", filename = "ripeQuery.nse" }
Entry{ category = "external", filename = "ripeQuery.nse" }
Entry{ category = "default", filename = "smb-os-discovery.nse" }
Entry{ category = "discovery", filename = "smb-os-discovery.nse" }
Entry{ category = "safe", filename = "smb-os-discovery.nse" }
Entry{ category = "version", filename = "PPTPversion.nse" }
Entry{ category = "intrusive", filename = "brutePOP3.nse" }
Entry{ category = "auth", filename = "brutePOP3.nse" }
Entry{ category = "default", filename = "popcapa.nse" }
Entry{ category = "intrusive", filename = "SNMPcommunitybrute.nse" }
Entry{ category = "auth", filename = "SNMPcommunitybrute.nse" }
Entry{ category = "safe", filename = "SSH-hostkey.nse" }
Entry{ category = "default", filename = "SSH-hostkey.nse" }
Entry{ category = "intrusive", filename = "SSH-hostkey.nse" }
Entry{ category = "external", filename = "dns-safe-recursion-txid.nse" }
Entry{ category = "intrusive", filename = "dns-safe-recursion-txid.nse" }
Entry{ category = "external", filename = "dns-safe-recursion-port.nse" }
Entry{ category = "intrusive", filename = "dns-safe-recursion-port.nse" }
Entry{ category = "discovery", filename = "smb-security-mode.nse" }
Entry{ category = "safe", filename = "smb-security-mode.nse" }
Entry{ category = "discovery", filename = "smb-serverstats.nse" }
Entry{ category = "intrusive", filename = "smb-serverstats.nse" }
Entry{ category = "discovery", filename = "smb-enumusers.nse" }
Entry{ category = "intrusive", filename = "smb-enumusers.nse" }
Entry{ category = "discovery", filename = "smb-enumshares.nse" }
Entry{ category = "intrusive", filename = "smb-enumshares.nse" }
Entry{ category = "discovery", filename = "smb-enumdomains.nse" }
Entry{ category = "intrusive", filename = "smb-enumdomains.nse" }
Entry{ category = "discovery", filename = "smb-enumsessions.nse" }
Entry{ category = "intrusive", filename = "smb-enumsessions.nse" }
Entry{ category = "discovery", filename = "smb-systeminfo.nse" }
Entry{ category = "intrusive", filename = "smb-systeminfo.nse" }

43
scripts/showSSHVersion.nse
View File

@@ -1,43 +0,0 @@
id = "Stealth SSH version"
description = [[
Connects to an SSH server and retrieves the version banner.
This typically does not result in any logs of the connection being made.
]]
---
-- @output
-- 22/tcp open ssh
-- |_ Stealth SSH version: SSH-2.0-OpenSSH_3.9p1
author = "Diman Todorov <diman.todorov@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"demo"}
require "shortport"
portrule = shortport.service("ssh")
action = function(host, port)
local result, socket
local catch = function()
socket:close()
end
local try = nmap.new_try(catch)
result = ""
socket = nmap.new_socket()
try(socket:connect(host.ip, port.number))
result = try(socket:receive_lines(1));
try(socket:send(result))
try(socket:close())
return (string.gsub(result, "\n", ""))
end