PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity
9,334 Commits 2 Branches 0 Tags
0351db35b9fb6ec08b11f2cba41971b59f587812
Commit Graph

2118 Commits

Author SHA1 Message Date
dmiller
327496d50c Relax http.parse_form to allow forms without an action 
Patch from nnposter: http://seclists.org/nmap-dev/2014/q3/384
 2014-09-18 03:38:23 +00:00
dmiller
d518e2dbcb Use http.parse_redirect and allow arbitrary verbs in http-form-brute 
There's no reason we can't use other verbs besides GET and POST. Other
verbs are handled like GET requests (parameters in the URI string). Any
redirect responses will be followed with GET requests, though.
 2014-09-17 21:57:59 +00:00
dmiller
5c9d6a3a75 Let http-form-brute use GET in addition to POST 
Patch from nnposter. http://seclists.org/nmap-dev/2014/q3/262
 2014-09-17 21:57:56 +00:00
dmiller
3c5137e7e7 Update 14 scripts with XML structured output 2014-09-08 04:35:49 +00:00
dmiller
6d421b2e67 Correct CVE number for ssl-ccs-injection 2014-09-06 03:09:37 +00:00
dmiller
9936bf6a47 Update smb-enum-shares to use structured output 2014-09-05 20:07:44 +00:00
dmiller
4a9cd8af7d Update smb-enum-groups to structured output 2014-09-05 13:08:13 +00:00
dmiller
a41685fd33 Correct some wrong output sections (old-style) 2014-09-05 13:08:11 +00:00
dmiller
b6e59efb4b Add stdnse.keys() for extracting keys from a table 2014-09-05 13:08:09 +00:00
dmiller
5c11f46bf0 Update dhcp-discover and broadcast-dhcp-discover to XML output 2014-09-05 02:54:40 +00:00
dmiller
33adefaab6 Update several scripts and libraries to use stdnse.format_time 2014-09-05 02:54:39 +00:00
dmiller
b913b23d58 Structured output for nat-pmp-info, sip-methods, smb-security-mode 2014-09-04 18:35:20 +00:00
dmiller
adc213d536 Update hadoop-namenode-info and hadoop-tasktracker-info with XML output 2014-09-04 18:35:19 +00:00
dmiller
92cf943482 Update ms-sql-info with structured output 2014-09-04 02:37:32 +00:00
dmiller
e7e530ccd0 Update hadoop-jobtracker-info with XML output 2014-09-03 22:07:32 +00:00
dmiller
327e0ab4cd Update hbase-master-info with XML output 2014-09-03 22:07:31 +00:00
dmiller
34ea28f869 Update epmd-info 
Added structured output
Simplified building of probe (now just a string)
Added a timeout
 2014-09-03 21:39:33 +00:00
dmiller
1bd3e1e85c Convert snmp-win32-* to XML output 2014-09-03 19:50:03 +00:00
dmiller
5365095c7b Convert netbus-info to XML output 2014-09-03 19:50:00 +00:00
dmiller
40f36a4e3e Some string optimizations in NSE 
Changes fall into these categories:

1. Avoid pathological string building. Loops over x = x .. "foo" can
become very slow. Instead, use strbuf.lua, table.concat, or just one
continuous concatenation; a = x .. y .. z is one operation, better than
a = x .. y; a = a .. z

2. Use hex-escaped strings instead of string.char. I find this more
readable in many cases, and it avoids a table lookup and function call.

3. Don't duplicate code. A few libraries and scripts had re-implemented
stdnse.generate_random_string or openssl.rand_bytes.
 2014-09-03 04:49:54 +00:00
dmiller
55da3727b6 Fix an error in iax2-version 
The logic:

    byte12 == ("03" or "04")

is the same as:

    byte12 == "03"

so the second comparison was never able to succeed.

Additionally, some expressions were simplified, such as not formatting
numbers into strings in order to compare them.
 2014-09-03 04:49:47 +00:00
sophron
ced66e5b3f [NSE] Refactored get_admin_cookie method in http-adobe-coldfusion-apsa1301. Patch by nnposter. 2014-08-30 15:48:12 +00:00
sophron
17d115d469 [NSE] http-adobe-coldfusion-apsa1301 missed a sanity check. 2014-08-29 16:31:37 +00:00
dmiller
a4d51ff8d6 Handle 'foo=,' case in ntp-info 2014-08-27 19:41:32 +00:00
dmiller
062b780a48 Relax ntp mode 7 key-value parsing 
http://seclists.org/nmap-dev/2014/q3/372
 2014-08-27 02:23:08 +00:00
dmiller
8f609b060d Move lpeg/utility.lua up a directory to fix installation issues 2014-08-25 22:22:15 +00:00
dmiller
c633079123 Use lpeg parsing in ntp-info to handle escape-quoted strings 2014-08-23 20:47:49 +00:00
dmiller
f8917a59a3 Compatibility changes for ntp-info 
http://seclists.org/nmap-dev/2014/q3/222
 2014-08-23 20:47:46 +00:00
batrick
de27812fe4 Revert libssh2 branch, for now. 
$ svn merge -r r33518:r33513 .

and removed added scripts to the script.db.

The branch needs further refinement/testing for Windows and Mac before merging
into the trunk. There is also the latent EOF bug which is giving performance
issues.

Further work on the branch will continue in Devin's latest branch:

/nmap-exp/devin/nmap-libssh2
 2014-08-18 03:12:00 +00:00
paulino
0343eabd69 Updated script.db. 2014-08-18 02:03:24 +00:00
paulino
942151eefd Adds supermicro-ipmi-conf.nse. Nominated for a Pwnie for Best Server-Side Bug at BH. 2014-08-18 01:55:06 +00:00
devin
42c1444e60 Switched to using silent require for libssh2 in ssh-auth-methods 2014-08-14 16:40:48 +00:00
devin
3beac0c854 Fixed categories on ssh-auth-methods 2014-08-14 03:14:50 +00:00
devin
63f997ed28 Merged libssh2-integration branch 2014-08-14 02:09:00 +00:00
dmiller
b8d37a32da Update documentation 2014-08-12 02:38:20 +00:00
dmiller
5395676f2e Handle weird behavior rejecting handshakes with multiple compressors offered 2014-08-12 02:38:19 +00:00
dmiller
1622edabc2 Unify logging with protocol prefix 2014-08-12 02:38:17 +00:00
dmiller
29b614ccca Increase default timeout, but allow discovered timeouts, too. 2014-08-12 02:38:16 +00:00
dmiller
31de5b9b9b Offer ciphers and compressors in the same order every time 2014-08-12 02:38:15 +00:00
dmiller
aadd8d864c Documentation for the cipher ordering feature 2014-08-12 02:38:13 +00:00
dmiller
a61755699f Handle servers which offer ciphers we didn't request 
Code from David.
 2014-08-12 02:38:12 +00:00
dmiller
d538cc81cd Sort ciphers according to server preference, when available 
David's code, adapted to current script.
 2014-08-12 02:38:10 +00:00
dmiller
2df9a5f678 Factor out cipher selection for chunks 
It will be handy later to have a find_ciphers_group function that
doesn't know anything about chunking.
 2014-08-12 02:38:09 +00:00
dmiller
38ab5861d5 Report server's cipher ordering algorithm 
Old code from David, modified to fit the current script.
 2014-08-12 02:38:07 +00:00
claudiu
15692e18c3 Removed print 2014-08-11 23:32:56 +00:00
claudiu
73d69527ab Fix false positive on socket timeout 2014-08-11 23:29:32 +00:00
dmiller
d7d991477a Move http-form-brute docs from @usage to description 2014-08-10 12:34:55 +00:00
jay
b281e0bf1d Get rid of unnecessary spaces at the end of lines 2014-08-09 19:09:06 +00:00
dmiller
a8d34b7635 Prevent address-info from crashing when the IPv6 address is "not interesting" 2014-08-08 14:43:10 +00:00
batrick
d48e21eb3e fix comment 2014-08-03 01:18:57 +00:00