diff --git a/CHANGELOG b/CHANGELOG index aa70c957b..ad95a3149 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,12 @@ # Nmap Changelog ($Id$); -*-text-*- +o Removed some unecessary "demo" category NSE scripts: echoTest, + chargenTest, showHTTPVersion, and showSMTPVersion.nse. Moved + daytimeTest from the "demo" category to "discovery". Removed + showHTMLTitle from the "demo" category, but it remains in the + "default" and "safe" categories. This leaves just showSSHVersion and + SMTP_openrelay in the undocumented "demo" category. [Fyodor] + o A crash caused by an incorrect test condition was fixed. It would happen when running a ping scan other than a protocol ping, without debugging enabled, if an ICMP packet was received referring to a diff --git a/scripts/chargenTest.nse b/scripts/chargenTest.nse deleted file mode 100644 index d3a16f3ef..000000000 --- a/scripts/chargenTest.nse +++ /dev/null @@ -1,23 +0,0 @@ -id = "Chargen" -description = [[ -Tries to read bytes from the UDP chargen service. -]] - -author = "Diman Todorov " - -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" - -categories = {"demo"} - -require "comm" -require "shortport" - -portrule = shortport.port_or_service(19, "chargen", "udp") - -action = function(host, port) - local status, result = comm.exchange(host, port, "dummy", {lines=1, proto="udp"}) - - if status then - return "Chargen: success" - end -end diff --git a/scripts/daytimeTest.nse b/scripts/daytimeTest.nse index 63c3261ed..462e0f095 100644 --- a/scripts/daytimeTest.nse +++ b/scripts/daytimeTest.nse @@ -7,7 +7,7 @@ author = "Diman Todorov " license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"demo"} +categories = {"discovery"} require "comm" require "shortport" diff --git a/scripts/echoTest.nse b/scripts/echoTest.nse deleted file mode 100644 index a738a1a2d..000000000 --- a/scripts/echoTest.nse +++ /dev/null @@ -1,28 +0,0 @@ -id = "Echo" -description = [[ -Tests the UDP echo service. -\n\n -The script sends a string, then receives a string and reports success if the -two strings are equal. -]] - -author = "Diman Todorov " - -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" - -categories = {"demo"} - -require "comm" -require "shortport" - -portrule = shortport.port_or_service(7, "echo", "udp") - -action = function(host, port) - local echostr = "hello there" - - local status, result = comm.exchange(host, port, echostr, {lines=1, proto="udp"}) - - if (result == echostr) then - return "UDP Echo: correct response" - end -end diff --git a/scripts/script.db b/scripts/script.db index 6bab8224d..dd89345fb 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -16,7 +16,6 @@ Entry{ category = "safe", filename = "SSLv2-support.nse" } Entry{ category = "malware", filename = "ircZombieTest.nse" } Entry{ category = "version", filename = "skype_v2-version.nse" } Entry{ category = "discovery", filename = "HTTPtrace.nse" } -Entry{ category = "demo", filename = "echoTest.nse" } Entry{ category = "default", filename = "UPnP-info.nse" } Entry{ category = "safe", filename = "UPnP-info.nse" } Entry{ category = "default", filename = "rpcinfo.nse" } @@ -42,10 +41,8 @@ Entry{ category = "discovery", filename = "smb-os-discovery.nse" } Entry{ category = "safe", filename = "smb-os-discovery.nse" } Entry{ category = "discovery", filename = "ripeQuery.nse" } Entry{ category = "external", filename = "ripeQuery.nse" } -Entry{ category = "demo", filename = "chargenTest.nse" } Entry{ category = "malware", filename = "strangeSMTPport.nse" } Entry{ category = "version", filename = "iax2Detect.nse" } -Entry{ category = "demo", filename = "showSMTPVersion.nse" } Entry{ category = "discovery", filename = "smb-security-mode.nse" } Entry{ category = "safe", filename = "smb-security-mode.nse" } Entry{ category = "discovery", filename = "ASN.nse" } @@ -69,7 +66,6 @@ Entry{ category = "auth", filename = "HTTPAuth.nse" } Entry{ category = "intrusive", filename = "HTTPAuth.nse" } Entry{ category = "default", filename = "finger.nse" } Entry{ category = "discovery", filename = "finger.nse" } -Entry{ category = "demo", filename = "showHTTPVersion.nse" } Entry{ category = "default", filename = "SSHv1-support.nse" } Entry{ category = "safe", filename = "SSHv1-support.nse" } Entry{ category = "default", filename = "popcapa.nse" } @@ -103,4 +99,4 @@ Entry{ category = "default", filename = "HTTP_open_proxy.nse" } Entry{ category = "discovery", filename = "HTTP_open_proxy.nse" } Entry{ category = "external", filename = "HTTP_open_proxy.nse" } Entry{ category = "intrusive", filename = "HTTP_open_proxy.nse" } -Entry{ category = "demo", filename = "daytimeTest.nse" } +Entry{ category = "discovery", filename = "daytimeTest.nse" } diff --git a/scripts/showHTTPVersion.nse b/scripts/showHTTPVersion.nse deleted file mode 100644 index c195785c6..000000000 --- a/scripts/showHTTPVersion.nse +++ /dev/null @@ -1,94 +0,0 @@ -id = "HTTP version" -description = [[ -Detects the version of a web server. -\n\n -This is a demonstration script. Its function is done better by normal version -detection. -]] - -author = "Diman Todorov " - -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" - --- add this script to "version" if you really want to execute it --- keep in mind you can (and should) only execute it with -sV -categories = {"demo"} --- categories = {"version"} - -runlevel = 1.0 - -require "shortport" - -portrule = function(host, port) - - - if - -- remove next line if you really want to run this script - false and - ( port.number == 80 - or port.service == "http" ) - and port.protocol == "tcp" - and port.state == "open" - -- and host.name ~= nil - -- and string.match(host.name, "www.+") - then - return true - else - return false - end -end - --- portrule = shortport.port_or_service(80, "http") - -action = function(host, port) - - local query = "GET / HTTP/2.1\r\n" - query = query .. "Accept: */*\r\n" - query = query .. "Accept-Language: en\r\n" - query = query .. "User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)\r\n" - query = query .. "Host: " .. host.ip .. ":" .. port.number .. "\r\n\r\n" - - local socket = nmap.new_socket() - local catch = function() - socket:close() - end - - local try = nmap.new_try(catch) - - try(socket:connect(host.ip, port.number)) - try(socket:send(query)) - - local response = "" - local lines - local status - local value - - while true do - status, lines = socket:receive_lines(1) - - if not status or value then - break - end - - response = response .. lines - value = string.match(response, "Server: (.-)\n") - end - - try(socket:close()) - socket:close() - - if value then - port.version.name = "[Name]" - port.version.confidence = 10 - port.version.product = "[Product]" - port.version.version = "[Version]" - port.version.extrainfo = "[ExtraInfo]" - port.version.hostname = "[HostName]" - port.version.ostype = "[OSType]" - port.version.devicetype = "[DeviceType]" - - port.version.service_tunnel = "none" - port.version.fingerprint = nil - nmap.set_port_version(host, port, "hardmatched") - end -end diff --git a/scripts/showSMTPVersion.nse b/scripts/showSMTPVersion.nse deleted file mode 100644 index 804184418..000000000 --- a/scripts/showSMTPVersion.nse +++ /dev/null @@ -1,31 +0,0 @@ -id = "SMTP version" -description = [[ -Prints the version of an SMTP server. -]] - ---- --- @output --- 25/tcp open smtp\n --- |_ SMTP version: 220 mail.foo.com mx-2.bar.com ESMTP Exim 4.64\n - -author = "Diman Todorov " - -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" - -categories = {"demo"} - -require "comm" -require "shortport" - -portrule = shortport.port_or_service(25, "smtp") - -action = function(host, port) - local status, result = comm.get_banner(host, port, {lines=1}) - - if not status then - return - end - - return (string.gsub(result, "\r?\n", "")) -end -