PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
3,556 Commits 2 Branches 0 Tags
046c637bb16a7556c78ec4f8d329a658d785476e
Commit Graph

495 Commits

Author SHA1 Message Date
ron
046c637bb1 Fixed a typo and a circular dependency in smb-check-vulns.nse. 2010-01-04 17:00:40 +00:00
batrick
610bd0a55b Merge from Dependencies branch (nmap-exp/patrick/dependencies) 
with modifications from [2].

** Short description from [1] **

I have created a patch to NSE that replaces runlevels with a table of
dependencies that clearly outlines what other scripts the script
depends on. The table is of the form:

dependences = {"script1", script2", ...}

Runlevels become an internal representation of the order of scripts
that are generated by the dependencies. Dependencies only enforce
an execution order and not a requirement for execution.

[1] http://seclists.org/nmap-dev/2009/q4/295
[2] http://seclists.org/nmap-dev/2009/q4/446
 2009-12-30 02:34:05 +00:00
david
671167227f Add the oracle-sid-brute script from Patrik Karlsson. 2009-12-28 17:35:46 +00:00
david
c25165def2 Add a default timeout of 5000 ms to the ntp-info script, and don't try 
sending the second probe if the first caused an error. This is based on
the results of a test by Richard Sammet showing that the default timeout
of 30 s is too long when scanning many open|filtered ports that are in
fact filtered.
 2009-12-21 20:24:45 +00:00
tomsellers
9f0e11f035 Set port product and state when a DB2 database service is positively matched. 
Previously just set port.version.name and confidence.
 2009-12-19 16:30:57 +00:00
tomsellers
2615dbbca1 Enhance error reporting to include script name and port protocol. 
Correct internal revision date (its not 2010 yet!)
 2009-12-19 13:43:32 +00:00
david
ae1d8e23ea Move citrix-enum-apps.nse out of the intrusive category and into safe. 2009-12-14 16:28:29 +00:00
ron
50f8718389 Added some extra information to an error message -- I realized the current error wasn't descriptive enough 2009-12-14 16:27:05 +00:00
david
f2ae05968b Add the scripts 
citrix-brute-xml
  citrix-enum-apps
  citrix-enum-apps-xml
  citrix-enum-servers
  citrix-enum-servers-xml
and the citrixxml modules, all by Patrik Karlsson.
 2009-12-14 07:30:38 +00:00
david
f9fc544e32 Add retrieval of the current time to ntp-info.nse. This is adapted from 
code submitted by Richard Sammet.
 2009-12-12 23:27:23 +00:00
david
24e0dceb8e Show all variables in ntp-info with verbosity. 2009-12-12 22:53:33 +00:00
david
6a57dd876a Add the ntp-info script from Richard Sammet. This version is modified 
from the one he submitted in the thread at
http://seclists.org/nmap-dev/2009/q4/550. It doesn't yet include the
time retrieval he posted in a later message.
 2009-12-12 22:42:39 +00:00
ron
96a390203c Updated http-iis-webdav-vuln.nse to run against SSL-enabled servers 2009-12-08 17:29:43 +00:00
tomsellers
c5c2b3220e ms-sql-info.nse commented version bump. 2009-12-07 00:44:45 +00:00
tomsellers
29014d1118 Updated ms-sql-info.nse to support Microsoft SQL Server 2008 
detection.
 2009-12-07 00:43:27 +00:00
fyodor
c272e68cf3 Use a looser match pattern for retrieving the owner out of the identd response. This patch was from Richard Sammet - http://seclists.org/nmap-dev/2009/q4/549 2009-11-30 05:58:01 +00:00
david
971a11f3fe Add the nfs-showmount script by Patrik Karlsson. 2009-11-26 16:52:30 +00:00
fyodor
77ab5c4305 Remove email addresses from scripts as discussed in this thread: http://seclists.org/nmap-dev/2009/q4/466 2009-11-24 08:49:02 +00:00
ron
b1739c929f Fixed a small error in smb-psexec -- if it can't find a share to upload to, it would try to access a non-existent variable and die 2009-11-20 16:19:40 +00:00
ron
08da8db7f0 Importing changes from my branch. There are two major updates: 
1) I wrote a function that formats output from scripts in a consistent way. Although we haven't really come to a concensus on how it should look yet, it's easy to change when we do. 
2) New script: smb-enum-groups.nse. Enumerate the local groups on a system and their membership.
 2009-11-20 16:05:06 +00:00
fyodor
745d34af47 Just remove an unnecessary comma 2009-11-20 04:52:47 +00:00
fyodor
2b7acf87e3 Improve the description slightly 2009-11-20 04:51:20 +00:00
fyodor
1bfe2201ca Expand the description to note that this script can now look at html link rel elements and also to clarify better what this script does 2009-11-20 04:46:58 +00:00
fyodor
f8f550fd47 Updates for the generated files 2009-11-17 20:05:07 +00:00
tomsellers
1f9a3e2fba Updating script.db, this was neglected during the db2-info.nse 
commit.  [Tom]
 2009-11-17 01:35:33 +00:00
tomsellers
b5444fa390 Add a new script, db2-info.nse, that enhances DB2 database instance detection. 
The script provides detection when version probes fail, but will default to 
the value provided the version probes if that value is more precise. The 
script also detects the server platform and database instance name. 
[Tom]
 2009-11-12 11:44:02 +00:00
ron
7d67b08e66 Merged in my changes from nmap-smb. The primary changes are: 
* Updated the way authentication works on smb -- it's significantly cleaner now
* smb-enum-shares.nse gives significantly better output now (it checks if shares are writable)
* Added a script that checks if smbv2 is enabled on a server
* Added smb-psexec, a script for executing commands on a remote Windows server. I also included some default scripts, a compiled .exe to run everything, and a ton of documentation (in the form of NSEDoc)
* Added 'override' parameters to some of the functions in smb.lua, which lets the programmer override any field in an outgoing SMB packet without modifying smb.lua. 
* Lots of random code cleanups in the smb-* scripts/libraries
 2009-11-08 21:31:06 +00:00
ron
b733248462 Updated telnet-brute.nse to use unpwdb instead of a hardcoded list of accounts 2009-11-05 14:50:54 +00:00
tomsellers
c5d1fe5590 Minor change to ssl-cert.nse to bring display of certificate 
fingerprints (MD5/SHA) in line with documentation which indicates
that they are not displayed unless verbose output is requested.
 2009-10-13 03:01:51 +00:00
tomsellers
3b4fa34257 [NSE] Modified NSE script ssl-cert.nse to support TLS negotiation 
against SMTP ports that support it. Depends on Patrick's addition the
  of the reconnect_ssl method.  [Tom Sellers, David]
 2009-10-13 01:19:33 +00:00
david
cca80f0304 Fix a typo in smtp-open-relay.nse. 2009-10-11 21:10:27 +00:00
batrick
b356ce2580 Added smb-check-vulns.nse to the vuln category. 2009-10-06 12:04:35 +00:00
fyodor
8cfe264522 regenerate script.db after the updates to the safe/intrusive categories 2009-10-01 19:08:33 +00:00
fyodor
fea1ab7c39 Moved a bunch of scripts to the "safe" category, and some others to "intrusive" after 
discussion on nmap-dev about how best to handle these.  I also updated the docs and
am about to regenerate script.db.  See this thread for more info:
http://seclists.org/nmap-dev/2009/q3/1008.html
 2009-10-01 19:07:16 +00:00
ron
390ce42616 Removed the default limit of usernames/passwords, and updated the comments accordingly. Users can still limit by passing script-args. 2009-09-19 05:42:07 +00:00
ron
88d5050fd1 Totally overhaulted the ftp-brute.nse script. I opened this script to see about certain changes, and discovered that it was only actually checking a single account (xampp/default). So I hooked it into unpwdb, but discovered that, at least against my test server, it was _extremely_ slow. For that reason, I limited it to the first 10 usernames/passwords for now. 2009-09-18 19:48:45 +00:00
ron
86e7a63bf6 Added a script called http-malware-host.nse. Its future intention is to discover hosts that are serving malware (for example, that are compromised and have malicious code inserted). At the moment, it checks for one specific attack discussed here: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/ 2009-09-16 14:15:13 +00:00
ron
32d9c9fe98 Added a check for a SMBv2 vulnerability (CVE-2009-3103) to smb-check-vulns. Due to its nature (it performs a DoS, then checks if the system is still online), the script isn't run by default and requires a special script-arg to work. 2009-09-14 15:23:06 +00:00
david
0a479a45fa Fix a typo in dhcp-discover.nse. 2009-09-10 14:18:02 +00:00
ron
9465a839c1 Added dhcp-discover script 2009-09-10 03:26:53 +00:00
bmenrigh
a0bf12e674 Fixed a typo where quad-A records (AAAA) were listed as AAAAA. Thanks 
to Jeron Massar for the report.
 2009-09-08 22:32:45 +00:00
ron
f4458c1917 Added the ability (off by defaultk, since it generates 20x requests) for http-enum.nse to generate variants of each file. This would probably be more useful to use after running a spider script than here, but the code should be essentially the same. I'm hoping it'll be used somewhere more appropriate, eventually. 
Also added a couple fingerprints.
 2009-09-08 19:51:53 +00:00
david
da8903dad9 Remove some verbosity in the output of http-favicon.nse. There's no need 
to say "Found favicon from". Only print out the digest of an
unrecognized icon with some verbosity.
 2009-08-31 23:42:42 +00:00
david
1cdf49547c Have http-favicon.nse look for favicon-db in nselib/data like the other 
scripts look for their data files.
 2009-08-31 23:22:06 +00:00
david
e53657b4c8 Move favicon-db into nselib/scripts. 2009-08-31 23:21:26 +00:00
ron
46d95b5913 Added a 'path' argument to http-enum.nse. Also added the ability to give an array of fingerprints files or an array of paths to search 2009-08-29 15:34:09 +00:00
ron
5136ad0668 Fixed a NSEDoc comment on http-header.nse 2009-08-29 14:46:57 +00:00
joao
6375cf3759 Added argument related comments 2009-08-28 22:46:09 +00:00
joao
ec6be741b4 Added extra description to some invalid favicons 2009-08-28 22:40:03 +00:00
joao
5457ecf54e Fixing some indentation. 2009-08-28 22:26:56 +00:00