PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
6,161 Commits 2 Branches 0 Tags
0340c7321c78cb2af1886c2b10a686c67d4a23f1
Commit Graph

1245 Commits

Author SHA1 Message Date
patrik
0340c7321c o [NSE] Applied patch to the ssl-cert script that adds support for getting SSL 
certificates from FTP servers. [Matt Selsky]
 2011-12-06 15:49:36 +00:00
david
30af606588 Light copyediting of NSEDoc in ssl-google-cert-catalog.nse. 2011-12-06 05:01:18 +00:00
david
028345e871 Improve the wording in the output of ssl-google-cert-catalog.nse. 2011-12-06 05:01:17 +00:00
patrik
171c917b37 o [NSE] Added the a Vuze library, port probe and the script vuze-dht-info. The 
script connects to a Vuze node and gets protocol, vendor and network
  information. [Patrik]
 2011-12-03 09:18:58 +00:00
patrik
4c525b584d o [NSE] Added the script reverse-index that creates creates a reverse index 
showing which hosts run a particular service rather than the services for
  each host. [Patrik]
 2011-11-29 00:48:59 +00:00
patrik
b2513a2aaf o [NSE] Added whitelist capabilities to the unusual-port script to be able 
to handle legitimate services on dynamic ports and discrepancies between
  names of services. [Patrik]
 2011-11-29 00:41:07 +00:00
patrik
95af3f1937 o [NSE] Added the script unusual-port that compares a detected service on a 
port against the expected service listed in nmap-services [Patrik]
 2011-11-25 21:09:19 +00:00
patrik
510ebe0eb7 o [NSE] Added the script broadcast-sybase-asa-discover that discovers Sybase 
SQL Anywhere servers on the local LAN. [Patrik]
 2011-11-20 12:33:53 +00:00
patrik
9b2d03d633 o [NSE] Added maxdb-info script that tries to enumerate version and database 
information from a SAP MaxDB database [Patrik]
 2011-11-17 22:12:59 +00:00
patrik
4c0ed27d89 o [NSE] Added nexpose-brute a script that performs password auditing against 
the Nexpose vulnerability scanner. [Vlatko Kosturjak]
 2011-11-17 19:46:42 +00:00
patrik
4b64da4f14 o [NSE] Added http-vuln-cve2011-3368 a script that attempts to detect whether 
the remote web server is vulnerable to the Apache reverse proxy bypass
  vulnerability CVE-2011-3368. [Ange Gutek, Patrik]
 2011-11-17 19:33:19 +00:00
patrik
ceb89b459f Removed e-mail address from author variable in rtsp-methods and irc-brute 
[Patrik]
 2011-11-11 15:31:50 +00:00
patrik
1aa3e7c456 o [NSE] Re-enabled support for guessing the username in addition to password 
that was incorrectly removed from the metasploit-xmlrpc-brute in previous
  commit. [Patrik]
 2011-11-11 05:52:52 +00:00
patrik
8ec7da89c8 o [NSE] Added the script metasploit-xmlrpc-brute that performs password 
auditing against the Metasploit XMLRPC service. [Vlatko Kosturjak]
 2011-11-10 21:43:54 +00:00
patrik
352efc6ded o [NSE] Added the script openvas-otp-brute that performs password auditing 
against the OpenVas service. [Vlatko Kosturjak]
 2011-11-10 20:50:04 +00:00
patrik
0fa0ef41d5 Added missing usage and output documentation [Patrik] 2011-11-09 19:15:17 +00:00
patrik
7b43d1cafb o [NSE] Added the scripts bitcoin-info, bitcoin-getaddr and a supporting 
Bitcoin library. The script bitcoin-info retrieves information about the
  remote server, while the bitcoin-getaddr script retrieves a list of
  discovered remote Bitcoin nodes. [Patrik]
 2011-11-09 18:56:16 +00:00
djalal
8a175d127d o [NSE] added a debug message in the prerule to show that some arguments are missing. 2011-11-09 12:39:01 +00:00
djalal
5ea6fe675d o [NSE] check script arguments in the prerule to avoid running the script if they are missing. 2011-11-09 12:31:48 +00:00
djalal
99781655ae o [NSE] Add a final note in the output about the 'newtargets' usage. 2011-11-09 12:29:14 +00:00
djalal
4cee81e323 o Check the 'resolveall.hosts' script argument in the prerule function to 
avoid loading the script if it is missing.
o Show all the returned IP addresses by default even if the 'newtargets'
  script argument was specified.
 2011-11-09 12:21:20 +00:00
djalal
5ac9edb7e1 Fix the vulnerability CVE ID in the documentation. 2011-11-09 10:21:08 +00:00
djalal
08b1160c87 Updated some of the vulnerability scripts to use the new vulnerability library. 2011-11-09 10:08:19 +00:00
david
4757dadd11 Add irc-botnet-channels.nse. 2011-11-09 01:42:03 +00:00
patrik
465594fa87 o [NSE] Added the http-method-tamper script that detects authentication bypass 
vulnerabilities using the http HEAD method as reported in CVE-2010-738.
  [Hani Benhabiles]
 2011-11-08 21:18:22 +00:00
david
fddfd9b0e6 Use promiscuous mode in targets-sniffer.nse. 2011-11-08 16:10:35 +00:00
david
ce9ac426e3 New Hadoop and HBase scripts by John Bond: 
hadoop-datanode-info.nse
hadoop-jobtracker-info.nse
hadoop-namenode-info.nse
hadoop-secondary-namenode-info.nse
hadoop-tasktracker-info.nse
hbase-master-info.nse
hbase-region-info.nse
 2011-11-08 16:00:16 +00:00
henri
f181470fac Whitespace fixes: removed trailing whitespaces, always use tabs for indentation. 2011-11-07 21:32:43 +00:00
fyodor
03a75885e7 Minor rewording 2011-11-07 06:00:07 +00:00
fyodor
f73e2b27d1 Update and canonicalize a bunch of script descriptions 2011-11-07 04:08:29 +00:00
patrik
dd32e88b66 o [NSE] Added brute scripts rlogin-brute and rexec-brute for the rlogin and 
rexec services [Patrik]
 2011-11-04 21:17:33 +00:00
patrik
fb3b019de4 Fixed small NSEDOC error in xmpp-brute.nse [Patrik] 2011-11-02 19:20:19 +00:00
david
d3c6976fca Change CRLF line endings to LF in ip-geolocation-*.nse. 2011-11-02 16:50:38 +00:00
david
aceb760703 Change CRLF line endings back to LF in dns-brute.nse. 2011-11-02 16:50:37 +00:00
patrik
fee0ddb527 o [NSE] Added broadcast-rip-discover which gets RIPv2 routers and their routing 
information by querying the multicast address [Patrik]
 2011-11-02 10:23:50 +00:00
paulino
ea31c702ad Minor modification to add the entry "direct" to the default host list. This is a common dns entry found in hosts protected by Cloudflare (www.cloudflare.com) It is Cloudflare's default dns name for the entry pointing to the real host ip. 2011-11-02 10:16:30 +00:00
patrik
c48bb3f3f9 Minor changes to the usage documentation of dns-zeustracker [Patrik] 2011-10-31 18:22:57 +00:00
patrik
ad28a527dc o [NSE] Added dns-zeustracker, which checks whether an IP is part of the Zeus 
botnet. [Mikael Keri]
 2011-10-31 18:11:54 +00:00
tomsellers
41145a414c Added support for the LDAP extensibleMatch filter to ldap.lua. LDAP searches using this take the following format: 
attributename:ruleOID:=value

for example the following finds AD Domain controllers:

(userAccountControl:1.2.840.113556.1.4.803:=8192)

Also added the above as a quickfilter (ad_dcs) to ldap-search.nse to serve as a code example.

Added documentation to explain the values used in some field.
 2011-10-31 00:27:03 +00:00
david
57fc9a5545 Add ipv6-node-info. 2011-10-29 19:40:21 +00:00
david
622e2e08a7 Standardize on ip6_nhdr in packet.lua. 
Some places were using ip6_nxt_hdr and some were using ip6_nhdr.
ip6_nhdr seemed to be the prevailing usage.
 2011-10-29 19:40:14 +00:00
tomsellers
bca60ba8de Added support for LDAP substring searches to ldap.lua. These can now be performed alone or in conjunction with other LDAP query types. 
Added a new quick filter (qfilter) to ldap-search.nse that allows the user to specify, on the command line, an attribute and corresponding value to search the LDAP directory for.  The use of the asterisk '*' as a wildcard is permitted in the value parameter.

Updated asn1.lua with some minor notes on a hex value that was used.
 2011-10-29 10:18:52 +00:00
patrik
05187ede6f o [NSE] Added the script irc-brute that performs password guessing against 
password protected IRC servers. [Patrik]
 2011-10-26 21:55:35 +00:00
patrik
1ab0544ab8 o [NSE] Added the script nessus-brute that performs password guessing against 
Nessus using the NTP 1.2 protocol. [Patrik]
 2011-10-26 21:45:33 +00:00
patrik
0270368e69 o [NSE] Added the scripts rtsp-url-brute, rtsp-methods and the supporting rtsp 
library. The scripts check the supported RTSP methods and attempt to brute
  force valid RTSP urls. [Patrik]
 2011-10-26 21:36:37 +00:00
patrik
c9888b6596 o [NSE] Added the http-robtex-reverse-ip script that uses the Robtex service to 
perform a reverse lookup in order to discover all names associated with the
  IP. [riemann]
 2011-10-26 20:52:56 +00:00
patrik
c055b316b0 o [NSE] Updated script.db to correct some of the category changes made 
previously and to remove the accidental addition of non-existing snmp-brute2
  script. [Patrik]
 2011-10-26 20:40:54 +00:00
patrik
3d01895e83 o [NSE] Added the missing broadcast category to the broadcast-listener script. 
[Jason DePriest]
 2011-10-24 16:21:59 +00:00
patrik
2e8519fd6a o [NSE] Made changes to the categories of the following scripts. Their new 
categories are:
    - http-userdir-enum.nse (auth,intrusive)
    - mysql-users.nse (auth,intrusive)
    - http-wordpress-enum.nse (auth,intrusive,vuln)
    - krb5-enum-users.nse (auth,intrusive)
    - snmp-win32-users.nse (default,auth,safe)
    - smtp-enum-users.nse (auth,external,intrusive)
    - ncp-enum-users.nse (auth,safe)
    - smb-enum-users.nse (auth,intrusive)
  [Duarte Silva]
 2011-10-22 19:00:33 +00:00
patrik
e543894b99 Updated code style, and changed categories of http-put [Patrik] 2011-10-20 11:18:24 +00:00