PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-10 07:01:32 +00:00
Code Issues Projects Releases Wiki Activity
10,676 Commits 2 Branches 0 Tags
06a25384b65205bc8cad1421922b72e6567a04b3
Commit Graph

192 Commits

Author SHA1 Message Date
nnposter
06a25384b6 Fixes additional stale pipeline_go references 2016-09-27 16:01:39 +00:00
nnposter
88f6ddc596 Corrects handling of empty pipelines, expressed as nil. Fixes #538 2016-09-12 16:14:33 +00:00
dmiller
3c7fe1e452 Remove some unused functions 2016-09-08 13:31:24 +00:00
nnposter
45ba24dfe2 Corrects another stale http.pipeline_go() reference 2016-09-02 14:03:21 +00:00
nnposter
f1443b3e78 Replaces deprecated function name with its current equivalent in http.lua documentation example 2016-09-02 12:36:00 +00:00
dmiller
92f52de958 Remove trailing whitespace 2016-08-29 20:30:26 +00:00
dmiller
ee481851f5 Silence warnings about the new any_af request option 2016-03-16 05:47:57 +00:00
dmiller
c7892e365f Let http.lua functions optionally connect via any address family 
Sometimes (e.g. when using an external API), a script wants to connect
by name to a server and doesn't care whether IPv4 or IPv6 is used. By
passing the "any_af" option, the first resolved address of any address
family will be used, allowing external-category scripts which used to
fail with -6 to succeed.
 2016-03-16 05:07:59 +00:00
dmiller
74bd78267a http cookie and form parsing updates 
1. getattr now decodes html entities in attributes (useful for & in href
   attributes, for instance)
2. Cookie validation allows max-age, httponly, and secure attributes
3. Use table concatenation instead of repeated string concatenation to build
   cookie string.
 2015-12-31 15:50:25 +00:00
tomsellers
58f00324eb NSE: Prevent http.identify_404 from following HTTP redirects, standardize calls to it. Closes #251 2015-12-05 10:16:51 +00:00
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
dmiller
521226cd63 Fix a bug with declaring parse_set_cookie local twice 2015-11-04 03:57:17 +00:00
dmiller
5e2bb7ad86 Fix parsing of Set-Cookie headers. Closes #229 2015-11-02 16:02:50 +00:00
dmiller
0146739b87 Fix http.get_url with https. http://seclists.org/nmap-dev/2015/q3/336 2015-09-21 19:05:38 +00:00
dmiller
9840973b60 Fix format string argument mismatches 
Cases where the format string does not contain any placeholders, but
values are given anyway. Cases where string.format is used without any
placeholders or arguments.
 2015-09-18 12:40:32 +00:00
dmiller
6752546ef5 Fixes #212 http.get_url with https 2015-09-18 03:54:59 +00:00
dmiller
7c08cf9c4f Clean up nested list in nsedoc 2015-08-04 14:21:48 +00:00
gyani
759d944397 Modified the debug string that is passed when ssl is not present to 
include ntlm.
 2015-07-04 08:22:08 +00:00
gyani
3d2a008cef Modified smbauth.lua to create ntlmv2 session response. 
http.lua now allows NTLM authentication.
 2015-07-04 08:19:17 +00:00
dmiller
54543b303c Clean up some documentation regarding http redirects 2015-04-10 12:56:05 +00:00
dmiller
2e55f5d3b8 Allow redirect_ok to be a number of redirects to follow (http.lua) 2015-04-10 03:42:44 +00:00
dmiller
99cc5102c3 Correct a typo: tables don't work like strings 2014-09-23 13:41:58 +00:00
dmiller
a101e58a4c Abstract case-insensititive html tag searching 2014-09-20 14:49:57 +00:00
dmiller
ed9ecc54ea Improve html form parsing, patch from nnposter 
http://seclists.org/nmap-dev/2014/q3/418
 2014-09-20 14:49:55 +00:00
dmiller
e8eddb6cfe Use comm.lua default timeouts for http.pipeline_go, remove unused get_default_timeout 2014-09-18 04:11:28 +00:00
dmiller
327496d50c Relax http.parse_form to allow forms without an action 
Patch from nnposter: http://seclists.org/nmap-dev/2014/q3/384
 2014-09-18 03:38:23 +00:00
dmiller
440ed59396 Export http.parse_redirect, a useful function 2014-09-17 21:57:57 +00:00
dmiller
667be96764 Fix some nsedoc 2014-08-29 19:58:15 +00:00
batrick
4b9f1c6766 nselib stdnse.print_debug -> stdnse.debug 
Manual fixes.
 2014-08-03 01:17:09 +00:00
batrick
ee6622aea4 nselib stdnse.print_debug -> stdnse.debug 
$ f() { find -name \*.lua -exec /bin/echo sed -i "$1" {} \; ; }
$ f 's/stdnse.print_debug( *\([0-9]*\) *, */stdnse.debug\1(/'
$ f 's/stdnse.print_debug( *"\(.*\))/stdnse.debug1("\1)/'
 2014-08-03 00:56:45 +00:00
patrik
b440d9c064 fix redirect bug in head request where redirects would not be honored 2014-04-26 13:34:48 +00:00
dmiller
17c3e9755e NSEdoc cleanup. 
1. The first paragraph of a function's NSEdoc is used as a short
summary. Some of these were very long, so I split off a shorter summary.

2. Use asterisks (*) to denote bulletted lists, not 'o'

3. Wrap lines at 80 columns

4. a couple other spelling and formatting fixes
 2014-03-10 19:01:19 +00:00
dmiller
1b71f75aad Spelling fixes for Lua files 
Mostly in documentation/comments, but a couple code bugs were caught,
including a call to stdnse.pirnt_debug and a mis-declared variable.
 2014-02-19 04:15:46 +00:00
dmiller
3b5b0ba154 Note that HTTPS is supported by http NSE library 2014-01-15 16:52:46 +00:00
jah
eaf171e7bd Add missing argument 'HEAD' to the example pipeline_add call in the library 
documentation.  Change to uppercase method names in the documentation for
pipeline_add.
 2013-11-03 22:56:04 +00:00
jah
78dc01d0e0 Remove some trailing whitespace. 2013-11-03 22:47:28 +00:00
jah
1237013fb0 Make a few minor whitespace changes. 2013-11-03 22:22:23 +00:00
sophron
8477e0586a [NSE] Updated parse_form function to support double quotes and return more attributes. 2013-08-16 20:04:12 +00:00
sophron
23457a77c0 Modifies the cookie header assembling logic to make it more compliant with RFC 6265, Section 4.2.1, which does not allow the trailing semicolon. Patch by nnposter. 2013-08-10 23:09:16 +00:00
sophron
4b8ed158cf Modifies interpretation of the cookie path in nselib/http.lua to make it more compliant with RFC 6265, Section 5.1.4. Patch by nnposter. 2013-08-10 23:02:40 +00:00
david
1ebb9bfe20 Don't include a port number in the Host header. 
We never intend to ask for a service on a port other than the one we
connect to. By my reading of RFC 2616 section 14.23, we can leave the
port number off in this case. Robin Wood reported that
https://twitter.com/ gives you a redirect instead of a page if you send
it
	Host: twitter.com:443
rather than
	Host: twitter.com

http://seclists.org/nmap-dev/2013/q1/267
 2013-03-02 01:05:32 +00:00
david
842f9e6804 Revert "Lower-case scheme comparisons." 
Handle it at the url.parse level.
 2013-02-07 23:43:50 +00:00
david
5273567981 Lower-case scheme comparisons. 
I'm seeing redirects to "HTTP://example.com/".
 2013-02-07 23:37:48 +00:00
david
9434dd7d2f parse_redirect: fill in port number even if authority but not scheme is present. 
For example "//example.com/en/": the function needs to return with
u.port set, just as it would with "http://example.com/en/".
 2013-02-07 23:12:41 +00:00
david
4cdb5301dd 300 and 303 are also HTTP redirects. 2013-02-07 22:28:10 +00:00
david
7c7ffdb756 Typo. 2013-02-02 01:41:50 +00:00
patrik
13411ab6d1 Fixed a bunch of errors related to inproper responses from webservers. 2012-08-31 15:17:14 +00:00
aca
fd32aec639 Merged http-slowloris-check 2012-08-24 09:19:30 +00:00
perdo
7781d39cdf Textarea's name should not be lowercased. 2012-08-05 22:39:05 +00:00
perdo
ba049718b0 Add digest auth support to http-brute (and to http library). Also fix whitespace in sasl.lua. 2012-08-05 22:23:54 +00:00