PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-30 19:39:07 +00:00
Code Issues Projects Releases Wiki Activity
6,161 Commits 2 Branches 0 Tags
0340c7321c78cb2af1886c2b10a686c67d4a23f1
Commit Graph

729 Commits

Author SHA1 Message Date
patrik
171c917b37 o [NSE] Added the a Vuze library, port probe and the script vuze-dht-info. The 
script connects to a Vuze node and gets protocol, vendor and network
  information. [Patrik]
 2011-12-03 09:18:58 +00:00
david
46bcc85069 Add some more JBoss fingerprints. 
These are from a talk I saw recently (page 19).
http://www.matasano.com/research/OWASP3011_Luca.pdf
 2011-12-02 19:28:54 +00:00
henri
77465c37df Proper method call with ":" instead of "." 
This fixes broadcast-listener.nse failure:
/home/henri/nmap/nselib/packet.lua:521: attempt to index local 'self' (a number value)
 2011-11-18 15:42:09 +00:00
patrik
8728f181d2 Reverting commit r27082 due to incompatibility with Lua 5.2 [Patrik] 2011-11-13 13:11:39 +00:00
patrik
776a11146e Added code to brute library that picks up the executing SCRIPT_NAME using getfenv [Patrik] 2011-11-13 12:56:29 +00:00
patrik
4edf096715 o [NSE] Added new functionality and fixed some bugs in the brute library: 
- Added support for restricting the amount of guesses performed by the
    brute library against users, to prevent account lockouts.
  - Added support to guess the username as password as incorrectly
    suggested as default behavior by the documentation.
  - Added support to guess an empty string as password if not present
    in the dictionary. [Patrik]
 2011-11-13 09:51:15 +00:00
patrik
77380bd9b0 o [NSE] Fixed bug that would prevent brute scripts from running if no service 
field was present in the port table. [Patrik]
 2011-11-10 20:42:47 +00:00
patrik
7b43d1cafb o [NSE] Added the scripts bitcoin-info, bitcoin-getaddr and a supporting 
Bitcoin library. The script bitcoin-info retrieves information about the
  remote server, while the bitcoin-getaddr script retrieves a list of
  discovered remote Bitcoin nodes. [Patrik]
 2011-11-09 18:56:16 +00:00
david
7c64868741 Fix logic errors in comm.opencon when data is not supplied. 
It looks like this code never worked, because the debug message was
using a nonexistent function (nsedebug.print_debug).
 2011-11-09 01:41:34 +00:00
patrik
b66a4849c4 o [NSE] Modified the http library to support servers that don't return valid 
chunked encoded data, such as the Citrix XML service. [Patrik]
 2011-11-07 06:04:13 +00:00
david
3c75f0f43c New Wordpress http fingerprint from Duarte Silva. 2011-11-06 22:37:22 +00:00
patrik
cbf71a1668 o [NSE] Fixed a bug where the brute library would not abort even after all 
retries were exhausted [Patrik]
 2011-11-02 09:48:33 +00:00
tomsellers
41145a414c Added support for the LDAP extensibleMatch filter to ldap.lua. LDAP searches using this take the following format: 
attributename:ruleOID:=value

for example the following finds AD Domain controllers:

(userAccountControl:1.2.840.113556.1.4.803:=8192)

Also added the above as a quickfilter (ad_dcs) to ldap-search.nse to serve as a code example.

Added documentation to explain the values used in some field.
 2011-10-31 00:27:03 +00:00
david
ef5dfd8479 Compress strings of zeros in packet.toipv6. 
I do this just by passing the uncompressed names through nmap.resolve.

Before:
fe80:0000:0000:0000:0000:0000:0000:0001, 2001:0470:1f05:155e:0000:0000:0000:0003
After:
fe80::1, 2001:470:1f05:155e::3
 2011-10-29 19:40:19 +00:00
david
622e2e08a7 Standardize on ip6_nhdr in packet.lua. 
Some places were using ip6_nxt_hdr and some were using ip6_nhdr.
ip6_nhdr seemed to be the prevailing usage.
 2011-10-29 19:40:14 +00:00
tomsellers
bca60ba8de Added support for LDAP substring searches to ldap.lua. These can now be performed alone or in conjunction with other LDAP query types. 
Added a new quick filter (qfilter) to ldap-search.nse that allows the user to specify, on the command line, an attribute and corresponding value to search the LDAP directory for.  The use of the asterisk '*' as a wildcard is permitted in the value parameter.

Updated asn1.lua with some minor notes on a hex value that was used.
 2011-10-29 10:18:52 +00:00
patrik
0270368e69 o [NSE] Added the scripts rtsp-url-brute, rtsp-methods and the supporting rtsp 
library. The scripts check the supported RTSP methods and attempt to brute
  force valid RTSP urls. [Patrik]
 2011-10-26 21:36:37 +00:00
patrik
188209bc62 o [NSE] Fixed an error in the mssql library that was causing the 
broadcast-ms-sql-discover script to fail when trying to update port version
  information. [Patrik]
 2011-10-24 16:42:02 +00:00
djalal
0d6051880b o [NSE] Added a vulnerability management library (vulns.lua) to store and to 
report discovered vulnerabilities.
 2011-10-22 08:40:08 +00:00
patrik
33333da283 Added a new function setStopOnError to the ASN1 library. The function allows 
the library to be set to a mode that will stop trying to decode a ASN1
structure as soon as it runs into a decoding error. [Patrik]
 2011-10-20 02:44:20 +00:00
patrik
005322c8d4 o [NSE] Added a new script http-put.nse that allows uploading of local files 
to remote web servers using the HTTP PUT method. Added HTTP PUT support to
  the http library. [Patrik]
 2011-10-20 02:32:51 +00:00
patrik
c5ee5ec365 o [NSE] Applied patch that fixes a nil table index bug discovered in the 
mongodb library. [Thomas Buchanan]
 2011-10-18 20:38:50 +00:00
patrik
68646bd590 Applied marshalling patch from Chris Woodbury to TNS library 
http://seclists.org/nmap-dev/2011/q4/29
 2011-10-07 01:32:01 +00:00
david
15d0871a5a Add XMPP support to ssl-cert by Vasiliy Kulikov. 2011-10-04 19:32:45 +00:00
paulino
859e35bc2e Adds entry for Easy Hosting Control Panel. There are a lot of vulnerable installations and an auth bypass vulnerability: 
http://www.1337day.com/exploits/17010
 2011-10-04 07:46:16 +00:00
david
dd2a2677c5 Add tftp-enum.nse by Alexander Rudakov. 2011-10-03 22:17:57 +00:00
david
43180f6154 Add amqp-info by Sebastian Dragomir. 2011-10-03 18:04:18 +00:00
henri
b7df13296e Fix a bug in dns.lua: ensure that dns.query() always return two values (status and response). 
Update asn-query.nse accordingly.
 2011-09-22 18:00:44 +00:00
batrick
2511cd1d2a fixed wrong (global) variable name 2011-09-16 18:33:52 +00:00
david
44fcc2f455 ssl-enum-ciphers update for cipher strength from Gabriel Lawrence. 2011-09-14 17:57:47 +00:00
djalal
0b20e734b4 Define 'State.DISABLED_VALID' value. 2011-09-12 14:21:21 +00:00
tomsellers
4e87a1df42 Added string for .PARAM account status, this will be useful later. 2011-09-11 21:28:28 +00:00
tomsellers
198fd3b3bb Changing account status strings for consistency. Adding two new account states, LOCKED_VALID & LOCKED_DISABLED. 2011-09-11 21:23:34 +00:00
fyodor
726022d23f Slightly improve the nsedoc for a couple libraries 2011-09-11 21:21:17 +00:00
batrick
c4d6d12be7 \x is not a valid escape sequence... 2011-09-09 19:08:13 +00:00
tomsellers
c193cadac7 Fix a typo 2011-09-05 22:44:08 +00:00
tomsellers
f6dc7a160d ldap.lua - added support for saving search results to CSV. 
Also added support for decoding certain time formats found in Microsoft AD such as lastLogon,pwdLastSet, etc
 2011-09-05 22:39:03 +00:00
patrik
ae75aa7fd3 o [NSE] Added new default credential list for Oracle and modified the 
oracle-brute script to make use of it. [Patrik]
 2011-09-05 08:13:34 +00:00
patrik
4e9265b883 fixed a bug that would prevent the library from authenticating against 
Oracle 10.2.0.1.0 XE [Patrik]
 2011-09-05 07:52:30 +00:00
tomsellers
5b6d151787 Add function saveToFile to allow scripts to save credential tables to a file. 
Extend the account state tables to include expired, host and time limited accounts.
 2011-09-04 17:43:42 +00:00
tomsellers
b5cb7a96fc Modified start_session_basic so as to return the 
status code text when the variable status is not
nil.  This mimics the behavior of start_session_extended.

This should provide more reliable results to smb-brute
concerning the nature of login failure reasons.

More detail has been sent to the mailing list.
 2011-09-03 17:01:13 +00:00
patrik
6c864bd9f8 Changed command line processing to assume cred mode if credfile was supplied 
and no mode was explicitly given [Patrik]
 2011-09-02 06:12:39 +00:00
david
2c45aa3b8a Add Weilin's patch to packet.lua to handle IPv6. 2011-09-02 04:10:59 +00:00
patrik
bce29f44cd Fixed typo in supported versions matrix in the TNS library [Patrik] 2011-08-27 08:12:59 +00:00
patrik
a52d443841 o [NSE] Fixed authentication problems in the TNS library that would prevent 
authentication from working against Oracle 11.2.0.2.0 XE [Chris Woodbury]
 2011-08-27 08:05:10 +00:00
djalal
02b7d6e563 o [NSE] Use a table to store the output results, and use table.concat() 
to concat data instead of classic concatenation. This can have a huge
  performance boost, check this thread:
  http://seclists.org/nmap-dev/2011/q3/623
 2011-08-23 09:26:06 +00:00
patrik
5e2f67ae2e o Fixed bugs that would prevent connections against certain versions 
o Improved support for 64-bit database servers
o Tested the code against a larger number of databases running on both
  32/64-bit Windows/Linux
o Improved library documentation
[patrik]
 2011-08-21 19:18:53 +00:00
gorjan
aec7e1ab94 Add the architecture description in the bittorrent.lua library. 2011-08-11 09:54:38 +00:00
patrik
00b72547cf Fixed bugs with empty resultsets returning data [Patrik] 2011-08-11 09:28:09 +00:00
patrik
b593d0778a o [NSE] Added basic query support to the Oracle TNS library making it possible 
for scripts to query the database server using SQL. [Patrik]
 2011-08-10 20:33:13 +00:00