PenTest/nmap - nmap - Ols Gitea: How about a cup of tea while we code?

mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00

Author	SHA1	Message	Date
dmiller	65ec31cf6f	Fix some scoring/detection for TLSv1.3 in ssl-enum-ciphers	2025-06-02 14:31:42 +00:00
dmiller	74a88c0804	Let ssl-cert grab certs from DTLS services. Fix rules for TCP-only scripts	2024-06-03 19:00:33 +00:00
dmiller	7c61f7c9c3	TLS 1.3 support for NSE. Fixes #1691	2021-07-02 20:01:30 +00:00
nnposter	068e77a37f	Restore Supported Point Formats Extension. Fixes #1187 Some servers are not compliant with RFC 4492, section 4, and abort the handshake when the extension is missing.	2021-03-21 02:37:18 +00:00
dmiller	17416feb5e	New outlib library for output-related functions	2020-01-16 19:12:58 +00:00
dmiller	199c844d8a	Remove unneeded requires	2018-08-27 22:00:14 +00:00
dmiller	bc0935a51a	Warn if no ciphers support FS. See #1309	2018-08-27 15:02:48 +00:00
dmiller	073a3efb23	Let all ssl scripts check for SSL and cache/check SSL status. https://security.stackexchange.com/q/189268/9209	2018-07-11 05:03:13 +00:00
dmiller	cd3253f5a2	New script, https-redirect	2018-06-28 03:43:27 +00:00
dmiller	689ea0e05d	Spelling corrections. Fixes #1160	2018-03-26 14:59:41 +00:00
dmiller	41199b7eea	Use default EC curves instead of all throughout.	2017-10-31 04:26:59 +00:00
dmiller	ca91d27ae9	Add reference to SSL Labs Server Rating Guide	2017-10-18 20:26:41 +00:00
dmiller	75a873840c	Avoid edge case where cipher chunk size could be less than 1. See #945	2017-07-28 04:03:55 +00:00
dmiller	dc6d29371f	Avoid a crash when no compressors are listed. Closes #945	2017-07-27 03:17:42 +00:00
dmiller	a7c8d25c56	Consolidate error reporting	2017-02-26 03:49:07 +00:00
dmiller	233eb1d71c	Only send one protocol version in client hello instead of indicating a range of supported versions.	2017-02-24 16:28:33 +00:00
dmiller	91dade9325	Ignore protocol mismatch in some more cases.	2017-02-24 16:28:33 +00:00
dmiller	189e6ac201	Revert to older logic allowing rejection of protocol if server chooses a different one	2017-02-24 15:47:50 +00:00
dmiller	6f8ec39063	Don't consider protocol mismatch for alerts other than protocol_version to be a protocol rejection. http://serverfault.com/q/832207/112426	2017-02-24 15:47:48 +00:00
dmiller	1790c9476c	Note recommendation to use -sV with ssl-enum-ciphers	2017-02-01 14:03:19 +00:00
robert	8cc713e534	Resolved an "attempt to index a nil value (local 'certs')" error in find_ciphers_group that caused false negatives in script output.	2017-01-20 19:06:50 +00:00
dmiller	e4717fa068	Add tls.servername script-arg. Closes #540	2016-12-05 17:44:32 +00:00
dmiller	1bbd6c8e90	Fix a bug: forgot to pass in the protocol version	2016-08-31 02:32:25 +00:00
dmiller	8779c1e376	Fix a crash in ssl-enum-ciphers when parsing unsupported cert types	2016-08-30 16:07:08 +00:00
dmiller	d4ed90381f	Update @output for ssl-enum-ciphers to reflect 3DES changes	2016-08-24 16:12:40 +00:00
dmiller	9a21104bd6	Clarify kex weakness warning with actual kex info	2016-08-24 16:07:58 +00:00
dmiller	fc948c437b	Add warning for SWEET32 on CBC with block size <= 64 bits	2016-08-24 16:07:57 +00:00
nnposter	fb2fc62a0b	Penalizes 3DES for SWEET32 attack (CVE-2016-2183)	2016-08-24 14:56:25 +00:00
dmiller	66fb5fba22	Avoid an error thrown in ssl-enum-ciphers with connect problems	2016-08-20 00:07:58 +00:00
nnposter	aaa4508ceb	Updated @output and @xmloutput documentation sections in script ssl-enum-cpihers to be consistent. Fixes #475	2016-08-11 23:56:18 +00:00
nnposter	f3ee542683	Changed weak cipher strength threshold from 128 to 112 bits in script ssl-enum-ciphers. Fixes #474	2016-08-11 23:47:31 +00:00
dmiller	cb4b46bd53	Canonicalize authors as tables instead of comma-separated strings	2016-06-09 22:46:42 +00:00
dmiller	39018e3e91	Check for RSA exponent of 1, resulting in F score	2016-06-09 04:36:09 +00:00
dmiller	fb6d2a5567	Deprecate SHA-1 certs in ssl-enum-ciphers. Closes #370	2016-05-02 13:55:17 +00:00
dmiller	b341915722	Deprecate RC4 ciphersuites	2016-05-02 13:55:16 +00:00
dmiller	53d41055c7	Port r35354 changes to ssl-enum-ciphers internal probe	2015-12-07 17:45:55 +00:00
dmiller	f4619edece	Update http urls for nmap.org to https	2015-11-05 20:41:05 +00:00
dmiller	bbee119188	Support fragmented TLS records. Closes #194	2015-10-29 22:18:32 +00:00
dmiller	e2bbf289d4	Display EC curve name in ssl-enum-ciphers Closes #173. See http://seclists.org/nmap-dev/2015/q3/254	2015-09-17 13:00:23 +00:00
gyani	a59056e29e	Fixed a spelling mistake.	2015-07-10 17:06:28 +00:00
gyani	29f57ea556	Gracefully handles case of openssl being missing. Cipherscores of those ciphers that require openssl are marked unkown. Closes #115.	2015-07-04 07:34:14 +00:00
dmiller	2e74e48a2b	Work around long handshake intolerance in ssl-enum-ciphers https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance	2015-06-23 21:20:23 +00:00
dmiller	a881712e6b	Add valid TLS1.2 probe and move checks to rule in ssl-enum-ciphers (#168 )	2015-06-19 12:02:31 +00:00
dmiller	06e6062dba	Prevent ssl-enum-ciphers from running on detected-non-ssl services	2015-06-18 23:32:35 +00:00
dmiller	d93945ea5c	Let ssl-enum-ciphers run on any port when selected by name (#168 )	2015-06-18 21:27:39 +00:00
dmiller	04fee3d14c	Move TLSv1.2 signature_algorithms extension defaults into tls.lua	2015-03-25 02:29:25 +00:00
dmiller	ed86473b0c	Send supported signature algorithms for TLSv1.2	2015-03-24 23:22:19 +00:00
dmiller	4d106cbe23	Remove unneeded requires	2015-02-28 12:43:59 +00:00
dmiller	ee4b2dfe5d	A TODO note for ssl-enum-ciphers We recently became dependent on OpenSSL for some of ssl-enum-ciphers's functionality (parsing certificates). We should have a decent fallback (e.g. don't parse the certificate, issue a warning, and use a dummy score). [ci skip] This tells Travis to skip the CI build when this commit is pushed, useful for documentation changes that don't affect the build.	2015-01-01 21:09:05 +00:00
dmiller	c85bb0b54f	Correct logic on checking for SHA1 certificate in ssl-enum-ciphers	2014-11-10 16:16:29 +00:00

1 2 3

104 Commits