PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 05:01:29 +00:00
Code Issues Projects Releases Wiki Activity
6,161 Commits 2 Branches 0 Tags
0340c7321c78cb2af1886c2b10a686c67d4a23f1
Commit Graph

278 Commits

Author SHA1 Message Date
fyodor
8cfe264522 regenerate script.db after the updates to the safe/intrusive categories 2009-10-01 19:08:33 +00:00
ron
86e7a63bf6 Added a script called http-malware-host.nse. Its future intention is to discover hosts that are serving malware (for example, that are compromised and have malicious code inserted). At the moment, it checks for one specific attack discussed here: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/ 2009-09-16 14:15:13 +00:00
ron
32d9c9fe98 Added a check for a SMBv2 vulnerability (CVE-2009-3103) to smb-check-vulns. Due to its nature (it performs a DoS, then checks if the system is still online), the script isn't run by default and requires a special script-arg to work. 2009-09-14 15:23:06 +00:00
ron
9465a839c1 Added dhcp-discover script 2009-09-10 03:26:53 +00:00
joao
9789a1c6a4 Adding http-favicon script. Also adding the script database with the 50 very common favicons. 
Updated script.db
 2009-08-28 22:22:14 +00:00
ron
5da8f8199e Added http-headers.nse script to database 2009-08-26 00:23:26 +00:00
fyodor
cc0081340a update script.db now that apache-userdir-enum has been renamed to http-userdir-enum 2009-08-22 22:31:40 +00:00
david
3cc4ec9939 Add the ssl-cert.nse script, which retrieves the server SSL certificate. 2009-08-13 23:38:05 +00:00
jah
0847535287 Apologies, the previous commit changed all the line-endings. Changing them back. 2009-08-11 01:40:37 +00:00
jah
4c3c2b770e Include apache-userdir-enum.nse 2009-08-11 01:33:20 +00:00
joao
bcce197537 Fixed http-enum.nse categories 2009-08-10 11:17:28 +00:00
david
9e244b05af Put x11-access in the "auth" category. 2009-08-08 20:06:38 +00:00
david
2f54cb191f Add the x11-access.nse script by vladz. See 
http://seclists.org/nmap-dev/2009/q3/0479.html.
 2009-08-08 19:49:05 +00:00
fyodor
185aa2d402 Bump up SVN version number to 5.05BETA1 to reduce confusion, also regen scripts.db 2009-07-22 00:38:58 +00:00
fyodor
4e9d7c17a5 update Nmap version number to 4.90RC1, rebuild generated files, except for man pages which are problematic at the moment 2009-07-08 22:32:49 +00:00
joao
f39e109b64 Adding script for performing open socks proxy server discovery. 
Script was also included to script.db file.
 2009-06-12 23:23:54 +00:00
bmenrigh
7c63ab6bcd Adding the imap-capabilities script and supporting imap library. 
The imap-capabilities script is mostly feature-complete but I could
see adding some analysis code to warn users of non-SSL'd IMAP servers
that offer STARTTLS without NOLOGIN.

The imap "library" is really a joke.  It does the minimum required to
support getting capabilities and nothing more.  IMAP requires each
command to use a unique identifier like 000, 001, 002, etc.  Right now
the identifier is hardcoded to a001.  To make a real imap library that
supports logging in, and other IMAP features a state variable will
have to be maintained to change the command uid.  It would be nice to
see the library get updated so that IMAP brute-forcing could be
supported.
 2009-06-08 23:21:56 +00:00
fyodor
51981c07b1 Regenerated data files with 4.85BETA10 version number; that release is probably still 2-3 days away though, but I'm testing new build rules 2009-06-07 04:26:47 +00:00
fyodor
4599d9f4f5 rename http-webdav-unicode-bypass.nse to http-iis-webdav-vuln.nse and update script.db 2009-05-20 00:43:30 +00:00
batrick
79eaf3edc3 Updated script database to the new format required by NSE --script 
boolean operators.
 2009-04-30 05:56:00 +00:00
david
1b2e726629 Sort script.db, remove erroneous smb-check-vulns-2.nse entry. 2009-04-24 18:45:00 +00:00
ron
bc55de0c6e Adding new check for Conficker.C and up, using the peer-to-peer ports. 2009-04-21 18:30:40 +00:00
ron
45744eddc3 Merge in changes from my private branch, primarily smb-brute.nse and smb-pwdump.nse, among other smaller changes. 2009-03-05 02:03:29 +00:00
david
a5b73cf906 Rename the xampp-default-auth script to ftp-brute. Incorporate some code 
improvements in the script from Vlatko Kosturjak. Remove the nobody/e0e0e0e0
test credentials because I can't find a web source to substantiate them.
 2009-01-26 06:02:45 +00:00
ron
773000b65a Merging changes from my experimental branch; the new versions of this scripts, which have significant changes to their core functionality, managed to hold their own against Brandon's network. More testing would be very helpful, though, especially with credentials (most of Brandon's scans were anonymous). 2008-12-24 00:53:01 +00:00
david
c3ee93f056 Sort script.db entries by file name to make diffs comprehensible. Their 
previous unsorted state was due to their coming straight out of opendir.
 2008-11-15 00:58:36 +00:00
david
0d7243ad5a Add banner.nse to script.db. 2008-11-15 00:55:59 +00:00
david
dd586b90bd Remove smb-check-vulns.nse from the vuln category, leaving it in intrusive. 2008-11-11 00:48:48 +00:00
david
03c9145785 Take smb-check-vulns.nse out of discovery and put it in vuln. 2008-11-11 00:35:41 +00:00
ron
8e89a0e217 updated scriptdb/CHANGELOG, renamed smb-checkvulns.nse to nse-check-vulns.nse for consistency with the new naming standard 2008-11-10 19:06:50 +00:00
david
6fbc8868a9 Rename scripts (almost all of them) to make their names more consistent and 
make them look better in output. The full list of changes is
  anonFTP => ftp-anon
  ASN => asn-query
  brutePOP3 => pop3-brute
  bruteTelnet => telnet-brute
  daytimeTest => daytime
  dns-safe-recursion-port => dns-random-srcport
  dns-safe-recursion-txid => dns-random-txid
  dns-test-open-recursion => dns-recursion
  ftpbounce => ftp-bounce
  HTTPAuth => http-auth
  HTTP_open_proxy => http-open-proxy
  HTTPpasswd => http-passwd
  HTTPtrace => http-trace
  iax2Detect => iax2-version
  ircServerInfo => irc-info
  ircZombieTest => irc-zombie
  MSSQLm => ms-sql-info
  MySQLinfo => mysql-info
  popcapa => pop3-capabilities
  PPTPversion => pptp-version
  promiscuous => sniffer-detect
  RealVNC_auth_bypass => realvnc-auth-bypass
  robots => robots.txt
  showHTMLTitle => html-title
  showOwner => identd-owners
  skype_v2-version => skypev2-version
  smb-enumdomains => smb-enum-domains
  smb-enumsessions => smb-enum-sessions
  smb-enumshares => smb-enum-shares
  smb-enumusers => smb-enum-users
  smb-serverstats => smb-server-stats
  smb-systeminfo => smb-system-info
  SMTPcommands => smtp-commands
  SMTP_openrelay_test => smtp-open-relay
  SNMPcommunitybrute => snmp-brute
  SNMPsysdescr => snmp-sysdescr
  SQLInject => sql-injection
  SSH-hostkey => ssh-hostkey
  SSHv1-support => sshv1
  SSLv2-support => sslv2
  strangeSMTPport => smtp-strangeport
  UPnP-info => upnp-info
  xamppDefaultPass => xampp-default-auth
  zoneTrans => zone-transfer
 2008-11-06 02:52:59 +00:00
fyodor
ddf146cb30 o Removed ripeQuery.nse because we now have the much more robust 
whois.nse which handles all the major registries. [Fyodor]
 2008-11-06 01:09:05 +00:00
fyodor
c22c9ca885 o Removed showSSHVersion.nse. Its only real claim to fame was the 
ability to trick some SSH servers (including at least OpenSSH
  4.3p2-9etch3) into not logging the connection.  This trick doesn't
  seem to work with newer versions of OpenSSH, as my
  openssh-server-4.7p1-4.fc8 does log the connection. Without the
  stealth advantage, the script has no real benefit over version
  detection or the upcoming banner grabbing script. [Fyodor]
 2008-11-04 05:04:12 +00:00
david
78cc76e9f8 Update script.db. 2008-11-03 20:01:11 +00:00
david
15d0add1fe Remove RealVNC_auth_bypass.nse from the "malware" category. It doesn't have to 
do with any malware, just a security vulnerability. It remains in "default" and
"vuln". I think it was in "malware" because it used to be in the old "backdoor"
category.
 2008-10-24 22:04:30 +00:00
fyodor
f6fb4d971c o Removed some unecessary "demo" category NSE scripts: echoTest, 
chargenTest, showHTTPVersion, and showSMTPVersion.nse.  Moved
  daytimeTest from the "demo" category to "discovery".  Removed
  showHTMLTitle from the "demo" category, but it remains in the
  "default" and "safe" categories. This leaves just showSSHVersion and
  SMTP_openrelay in the undocumented "demo" category. [Fyodor]
 2008-10-20 22:54:43 +00:00
fyodor
7ead36a64e remove demo category from showHTMLTitle 2008-10-20 21:47:24 +00:00
david
2f1898fe49 Whoops, SSH-weak_key.nse isn't a merged script. I just had an unversioned copy in my scripts directory. Remove it from script.db. 2008-10-09 00:45:42 +00:00
david
cb00282519 --update-scriptdb to add SSH-hostkey.nse and SSH-weak_key.nse. 2008-10-08 23:10:33 +00:00
david
ae7455279e Add a new msrpc.lua module, plus new scripts smb-enumdomains.nse, 
smb-enumshares.nse, and smb-enumusers.nse. Also enhance the netbios.lua and
smb.lua modules. Remove the smb-enum.nse script. All these changes are from Ron
Bowes.
 2008-10-04 21:58:39 +00:00
david
f054d25d1f Adjust the categories of the new SMB scripts. Also fix a couple of 
documentation typos.

smb-os-discovery.nse
-categories = {"version","default"}
+categories = {"default", "discovery", "safe"}
 
smb-enum.nse
-categories = {"version","intrusive"}
+categories = {"discovery", "intrusive"}
 
smb-security-mode.nse
-categories = {"version"}
+categories = {"discovery", "safe"}
 2008-09-15 18:10:00 +00:00
david
9eff25bbc4 Add Ron Bowes's netbios and smb NSE modules and new scripts that use them. They 
were introduced in http://seclists.org/nmap-dev/2008/q3/0827.html.
 2008-09-15 17:58:38 +00:00
fyodor
c95a9935bb latest generated files 2008-09-12 08:22:09 +00:00
david
d6e3760151 Add HTTP_open_proxy.nse to the external script category, because it potentially 
involves traffic between the target and a third-party host. It's fairly
innocuous because there's no third-party traffic from the scanning computer, so
I left it in the default category.
 2008-09-09 17:10:45 +00:00
david
06c7264e2e Put the following scripts in the new "external" category: 
ASN.nse
dns-safe-recursion-port.nse
dns-safe-recursion-txid.nse
ripeQuery.nse
whois.nse
 2008-09-09 05:13:24 +00:00
fyodor
28df4b4416 change Nmap version number to 4.69BETA1 and regenerate files 2008-09-06 07:17:04 +00:00
david
205e7ab28b Add the latest ASN.nse script. This version uses the new Nmap-specific query 
servers, groups output intelligently, and supports IPv6. See sample output at
http://seclists.org/nmap-dev/2008/q3/0675.html.
 2008-09-06 02:47:46 +00:00
fyodor
dd1e76c2a7 o Added whois.nse, which queries the Regional Internet Registries 
(RIRs) to determine who the target IP addresses are assigned
  to. [Jah]
 2008-09-05 18:43:27 +00:00
fyodor
966b9fa0d2 rename SNMPsysdesr.nse to SNMPsysdescr.nse 2008-09-05 06:53:00 +00:00
fyodor
2ba3a3878d o Added dns-safe-recursion-port and dns-safe-recursion-txid (non 
default NSE scripts) which use the 3rd party dns-oarc.net to test
  the source port and transaction ID randomness of a discovered DNS
  server (assuming it allows recursion at all).  These scripts were
  contributed by Brandon Enright.
 2008-09-05 02:04:07 +00:00