PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 22:21:29 +00:00
Code Issues Projects Releases Wiki Activity
6,161 Commits 2 Branches 0 Tags
0340c7321c78cb2af1886c2b10a686c67d4a23f1
Commit Graph

1245 Commits

Author SHA1 Message Date
gorjan
04b4baa747 Missing require('creds') 2011-07-06 21:58:16 +00:00
djalal
a3c15ce071 Force the ProFTPD banner check. 2011-07-06 15:12:03 +00:00
djalal
bc6155de59 o [NSE] Added a message to let the users know if the backdoor was already triggered. 2011-07-05 16:09:39 +00:00
djalal
e7d45910d9 o [NSE] Clean indentation and make some variables local. 2011-07-05 16:01:03 +00:00
djalal
21abe501ea o [NSE] Added a special function to check if the vsFTPd was backdoored. 
Added a first check to see if the backdoor was already triggered.
  Cleaned the script.
 2011-07-05 15:55:16 +00:00
djalal
7b0b7c3370 Added the ftp-vsftpd-backdoor entry to the script.db file. 2011-07-05 09:19:59 +00:00
henri
7e1e29ac4f Added ftp-vsftpd-backdoor, which detects a backdoor that was introduced 
into vsftpd-2.3.4 source code distributions. [Daniel Miller]
 2011-07-05 07:16:55 +00:00
paulino
89bf1d1661 Fixes bug when adding credentials using creds library. 2011-07-04 20:55:39 +00:00
patrik
d1fbee17df changed so that nping-brute uses silent_require rather than require for openssl 
[patrik]
 2011-07-02 18:02:54 +00:00
paulino
82a68e02db Adds http-default-accounts - It tests for access with default credentials in a variety of web applications and devices. 
It works similar to http-enum, we detect applications by matching known paths and launching a login routine using default credentials when found.
This script depends on a fingerprint file containing the target's information: name, category, location paths, default credentials and login routine.
 2011-07-01 21:43:34 +00:00
djalal
b4f865179b o [NSE] Added another missing check that will report that the server is not vulnerable. 2011-06-30 23:11:11 +00:00
djalal
1c3d400822 o [NSE] Added ftp-vuln-cve2010-4221 script which checks if the ProFTPD 
server is vulnerable to the Telnet IAC stack overflow CVE-2010-4221
  [Djalal].
 2011-06-30 22:21:25 +00:00
gorjan
789977d8df Adding a dependency for backorifice-brute to backorifice-info 2011-06-30 15:47:32 +00:00
gorjan
88b994a451 Small fix 2011-06-30 15:46:50 +00:00
fyodor
1c702ffad3 trivial nsedoc change 2011-06-30 09:11:57 +00:00
fyodor
8d8d16ec80 trivial nsedoc change 2011-06-30 08:59:30 +00:00
fyodor
e27ff18e56 trivial nsedoc change -- define NCP 2011-06-30 08:58:12 +00:00
fyodor
130e417be9 fix a small nsedoc typo noted by Henri Doreau 2011-06-29 09:05:03 +00:00
fyodor
9a2b80c34d Remove ip-geolocation-quova -- it include an API key which apparently required agreeing to the Quova terms of service to obtain (http://developer.quova.com/apps/tos). And those seem to pretty clearly ban this sort of use. So we can only use this script if we get permission from Quova (best option), or we make it so that user is required to pass a key as nsearg 2011-06-29 03:34:47 +00:00
fyodor
a683b6ae69 just added a word to the description 2011-06-29 01:36:34 +00:00
fyodor
511adcb497 Move the brief summary of both vulns into the summary sentence so people see them at a glance from the nsedoc script lists 2011-06-29 01:34:24 +00:00
fyodor
536e00ea42 Went through all the new (since 5.51) scripts and improved (I hope) the nsedoc descriptions a bit and made some other very minor cleanups 2011-06-29 01:29:14 +00:00
paulino
651197768b Adds http-barracuda-dir-traversal - 
Attempts to retrieve the configuration settings from the MySQL database 
dump on a Barracuda Networks Spam & Virus Firewall device using the 
directory traversal vulnerability in the "locale" parameter of 
"/cgi-mod/view_help.cgi" or "/cgi-bin/view_help.cgi".

The web administration interface runs on port 8000 by default.

Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval
Original exploit by ShadowHatesYou <Shadow@SquatThis.net>
For more information, see:
http://seclists.org/fulldisclosure/2010/Oct/119
http://www.exploit-db.com/exploits/15130/
 2011-06-28 23:43:34 +00:00
djalal
b9237eac33 If sending the big body message fails, then just assume that this is 
a network error, we are sending more than 50MB, but check and count
the result of the final "<CRLF>.<CRLF>" message.
 2011-06-27 22:24:13 +00:00
patrik
55da9dc683 added the creds-summary.nse script [Patrik] 2011-06-27 21:21:15 +00:00
paulino
f2bbb0f9e8 Adds to "vuln" category 2011-06-27 20:40:19 +00:00
paulino
5effe4c770 New version of http-trace. It addresses issues discussed: 
* http://seclists.org/nmap-dev/2010/q2/295
    * http://seclists.org/nmap-dev/2007/q3/327
    * http://seclists.org/nmap-dev/2007/q4/610

    Features:
* This version will always show you if TRACE is enabled (Current http-trace only shows headers that are different from the original response causing confusion in cases where TRACE is not reported as enabled because the host did not return any additional headers)
    * Supports redirects.
 2011-06-27 20:38:59 +00:00
paulino
4f60960b29 Adds http-majordomo2-dir-traversal to the repository. This script exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. 2011-06-27 20:22:25 +00:00
djalal
a1eb090664 Changed the script argument 'smtp-vuln-cve2010-4344.command' to 
'smtp-vuln-cve2010-4344.cmd' for consistency reasons.
 2011-06-26 19:01:09 +00:00
djalal
49774ecf10 o [NSE] Added smtp-vuln-cve2010-4344 script that will check and exploit 
two vulnerabilities in the Exim SMTP Server:
  o CVE-2010-4344: A heap overflow vulnerability.
  o CVE-2010-4345: A privileges escalation vulnerability.
 2011-06-24 15:37:53 +00:00
patrik
af03ca03a2 Removed prerule from script [Patrik] 2011-06-23 11:28:14 +00:00
patrik
67bac23e97 Added MS error code to error messages returned from the script [Patrik] 2011-06-21 22:52:40 +00:00
david
3b202e4597 Use java-rmi for the the Java RMI service name. Suggested by martin 
Swende.
 2011-06-21 00:03:16 +00:00
henri
a8f9bd8d35 trailing whitespace 2011-06-20 21:09:42 +00:00
henri
b2d1ac7580 Avoid bloating the registry by using variables to transfer information from 
the hostrule to the action function.
 2011-06-20 21:06:14 +00:00
gorjan
21ece8d864 Update script database for the ip-geolocation scripts 2011-06-20 12:56:34 +00:00
gorjan
f832a41301 IP based geolocation using the IPInfoDB web service 2011-06-20 01:45:35 +00:00
gorjan
6fad986e3a IP based geolocation using the Geoplugin web service 2011-06-20 01:44:10 +00:00
gorjan
9920668943 IP based geolocation using the Geobytes web service 2011-06-20 01:43:44 +00:00
gorjan
2e45420bed IP based geolocation using the Quova web service 2011-06-20 01:43:17 +00:00
gorjan
a616334868 IP based geolocation using a Maxmind database 2011-06-20 01:42:21 +00:00
patrik
5558837091 o [NSE] Added two new scripts broadcast-netbios-master-browser and smb-mbenum: 
- broadcast-netbios-master-browser attempts to discover master browsers in
    the broadcast domain
  - smb-mbenum lists servers registered with the master browser
  [Patrik]
 2011-06-19 18:47:19 +00:00
patrik
f4bf440b14 o [NSE] Added credential storage library (creds.lua) and modified the brute 
library and scripts to make use of it. [Patrik]
 2011-06-19 17:18:29 +00:00
patrik
0a3bf95897 o [NSE] Added a MySQL audit script and a rulebase that supports auditing a 
subset of the MySQL CIS 1.0.2 Benchmark. [Patrik]
 2011-06-17 06:12:01 +00:00
patrik
1d7b0c0d98 o [NSE] Added ipv6 support to the wsdd, dnssd and upnp libraries. Applied 
patch from Dan Miller that fixes errors in processing and sorting ipv6
  addresses in scripts using these libraries. [Daniel Miller, Patrik]
 2011-06-16 05:29:42 +00:00
david
010c8200e8 Standardize on the name rmiregistry for port 1099/tcp. 
This is the name used in nmap-services. It affects nmap-service-probes
and rmi-dumpregistry.nse. The inconsistency was noted by Gabriel
Lawrence.
 2011-06-15 19:14:46 +00:00
patrik
cf873707cd o [NSE] Added minimal Service Location Protocol (SLP) library and the script 
broadcast-novell-locate that detects servers running eDirectory. [Patrik]
 2011-06-15 06:23:30 +00:00
batrick
dc9a35bc9d New system for silent require errors. Use the new function 
stdnse.silent_require. The Lua require function is back in its usual spot
(_G.require).
 2011-06-13 23:38:35 +00:00
djalal
caadf952e3 o [NSE] Updated the SMTP scripts to use the new SMTP Lua library. 2011-06-13 13:19:26 +00:00
patrik
5f00edd310 Re-worked the http-form-brute script, the changes include: 
- autodetecting form fields is now a bit more robust
- only the password field is mandatory
- HTTP re-directs are followed in case they're detected
- the detection of incorrect login attempts has been changed and supports
  two new arguments (onsucces, onfailure)
[Patrik]
 2011-06-12 18:52:51 +00:00