PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
7,199 Commits 2 Branches 0 Tags
0968973b4a221dc95770f95d9466a0542531ab7d
Commit Graph

1572 Commits

Author SHA1 Message Date
aca
0968973b4a Merged metasploit-info from my dev branch 2012-07-08 10:34:41 +00:00
dmiller
fd6d41e30a Merge branch 'ssl-known-key-sslcert' 2012-07-08 04:12:25 +00:00
dmiller
cdf30c1233 Avoid using http cache for http-form-fuzzer 2012-07-07 22:06:56 +00:00
kroosec
b7cc883a0f Added tls-nextprotoneg, a script that enumerates a TLS server's supported protocols by using the next protocol negotiation extension. 2012-07-07 14:38:56 +00:00
dmiller
96d48d861c Fix error in http-vhosts when domain is nil 
./scripts/http-vhosts.nse:502: attempt to concatenate local 'domain' (a
nil value)
stack traceback:
        ./scripts/http-vhosts.nse:502: in function 'makeTargetName'
        ./scripts/http-vhosts.nse:542: in function
<./scripts/http-vhosts.nse:532>
        (...tail calls...)
 2012-07-06 14:16:26 +00:00
paulino
e707b6305a Adds http-phpself-xss : NSE to detect PHP files vulnerable to reflected cross site scripting via $_SERVER["PHP_SELF"] 2012-07-05 18:18:56 +00:00
paulino
783825f087 Adds http-tplink-dir-traversal.nse in the "exploit" and "vuln" category: NSE to exploit a path traversal vulnerability in the web administration panel of several TP-Link routers. 2012-07-04 20:33:10 +00:00
paulino
6b5d38ca8a Adds additional debug message when it fails to hint users about what happened. It also adds another check for web servers that return more than one 404 page. 2012-07-04 19:56:37 +00:00
tomsellers
e3787f2a37 Handle exception generated when the spider process hands http-backup-finder a URL that is only a hostname. When url.parse processes this value on line 107 of http-backup-finder it returns nil for the .path property. 
http-backup-finder.nse:107: attempt to index field 'path' (a nil value)
stack traceback:

Addressed this by setting nil .path values to '/'.  Tested with sites with and without backup files.  Verified that duplicate results were not returned.
 2012-07-04 18:54:38 +00:00
tomsellers
99c192cd1d Fix exception thrown in reverse-index when it is run again a host with no open ports. 
/reverse-index.nse:112: bad argument #1 to 'pairs' (table expected, got nil)
 2012-07-04 17:58:21 +00:00
paulino
bc3eb43f72 Fixes false positive when dealing with web servers returning status 200 for all reqs 2012-07-04 17:57:22 +00:00
tomsellers
97a22758f6 membase-http-info updated to reflect new server header found in current versions of the Couchbase HTTP admin port. Explanation email sent to list. 2012-07-04 15:56:48 +00:00
tomsellers
71439bcfac Patch to fix script issue when scanning HTTP servers that return 200 to every request. This causes the sanity check on line 88 to fail to trigger because the header value Server is nil. 
Implemented a check to if the target is returning 200 to all requests.

Also implemented additional logic on line 84 to verify that the Server header value is not nil.  This is just in case we run into another case where a response is 200 but the Server header does not exist.
 2012-07-04 15:16:46 +00:00
patrik
b4caa8ea8c Added category external to http-icloud* scripts 2012-07-04 07:32:08 +00:00
tomsellers
1db5621470 Patch to address false positive generated when the target's httpd responds with a HTTP 200 for every request. Committing after email exchange with Paulino C. 2012-07-04 02:30:18 +00:00
perdo
e41d4a4e7e Added http-sitemap-generator script which spiders a webserver and displays its directory structure along with number and types of files in each folder. 2012-07-01 09:55:47 +00:00
perdo
9c8bc94c11 Fixed a missing require in http-sql-injection. 2012-07-01 09:48:06 +00:00
perdo
a00b104f43 Modified http-sql-injection to load the error strings to search for from a file. 2012-06-30 12:30:41 +00:00
aca
4030bf6c1a Added metasploit-msgrpc-brute to trunk 2012-06-30 12:02:54 +00:00
kroosec
95f7d0d74a Added firewall-bypass script. 2012-06-30 09:42:12 +00:00
dmiller
5fdc8b5609 Add mcafee-epo-agent.nse version script 
Script to get version and other information from a McAfee (formerly
Network Associates) ePolicy Orchestrator Agent.
http://seclists.org/nmap-dev/2012/q2/870
 2012-06-29 19:18:14 +00:00
kroosec
7ca5589659 sip-brute: Added TCP support. 2012-06-28 09:20:43 +00:00
kroosec
c28ec08836 Added TCP support. Cleaned redundant code. 2012-06-28 09:00:36 +00:00
david
173719e174 --script-updatedb. 2012-06-23 14:08:33 +00:00
perdo
95df6230ca Added forms handling capability to http-sql-injection. Also, modified the output structure a bit and fixed some trailing whitespaces. 2012-06-23 13:51:19 +00:00
perdo
f626ca04f2 Renamed sql-injection.nse to http-sql-injection.nse. 2012-06-23 13:47:48 +00:00
david
b6f66fba81 Fix for http-wordpress-plugins by Daniel Miller. 
http://seclists.org/nmap-dev/2012/q2/887
 2012-06-22 18:58:53 +00:00
aca
e2356ce887 Typo... 2012-06-22 10:57:53 +00:00
kroosec
d6015faec5 Added intensive mode and Naxsi fingerprints to http-waf-fingerprint. 2012-06-20 20:04:08 +00:00
david
360ba052e9 AUTH_UNIX support for rpc.lua. 
http://seclists.org/nmap-dev/2012/q2/54

This patch is from Daniel Miller. He writes:

I've just finished enhancing the nfs-ls, nfs-statfs, and nfs-showmount
scripts so that they can run based on version detection information,
for cases where the portmapper is firewalled. For nfs-ls and
nfs-statfs, this required making a hostrule to check that both a
mountd service and a nfs service were detected. In the process, I
ended up adding the AUTH_UNIX flavor to rpc.lua, since the RFC states
that AUTH_NULL can only be used for the NULL procedure (and my Linux
nfs-kernel-server was enforcing that).

Other minor changes:

* If running privileged, attempt to bind to a reserved port. Many NFS
servers refuse to talk to source ports >1024, as a "security measure"
* handle an odd case in nfs-ls where READDIRPLUS does not return file
attributes. Chose to use all ?'s, but in the future maybe a direct
GETATTR call?
* remove reference to nfs.dirlist argument from nfs-ls doc, since it is unused
 2012-06-20 02:12:58 +00:00
david
bc72a02afa Update http-title @output. 2012-06-19 01:55:15 +00:00
aca
7e47c6507d Added pcanywhere-brute script 2012-06-18 18:16:50 +00:00
aca
5c2db9d06f Few variables were not declared as locals. This fixes it. 2012-06-18 14:44:55 +00:00
kroosec
1bfc65312a Small @usage fix in sip-enum-users. 2012-06-17 22:56:30 +00:00
patrik
fefb5f8445 fixed parsing failure resulting in empty results due to additional whitespace 
issue in regex of http-robtex-shared-ns.nse.
 2012-06-17 18:10:34 +00:00
robert
33e9bf8d7b Updated the hash information in http-php-version to include PHP/5.4.4 and 5.3.14. 2012-06-16 21:41:46 +00:00
patrik
7d01a00cfc bug fix in db2-das-info for error in replacement string; 
invalid use of '%' in replacement string
 2012-06-16 19:58:45 +00:00
aca
8ad2c789b9 Added missing library requirements to dns-nsec3-enum 2012-06-15 23:37:29 +00:00
perdo
b10119bd9f Added http-rfi-spider script that spiders webservers in search of RFI vulnerabilities. 2012-06-15 22:37:33 +00:00
patrik
be0ebe8859 Fixed a bug that would make the smb-system-info script fail, due to a trailing 
zero terminator in the processor count, resulting in a failure to convert the
string to a number.
 2012-06-15 21:43:41 +00:00
patrik
bb359adaa1 Played a round of nse_check_globals and fixed a bunch of reported problems. 2012-06-15 19:32:36 +00:00
patrik
38b26d0ccc fixed a bug in the pop3-capabilities script that would fail parsing the 
response from some servers.
 2012-06-15 18:32:40 +00:00
patrik
a0a50e9f47 Commited a patch to dns-zone-transfer by Dan Miller with a slight change. 
Unhandled records are returned as hex strings, rather than being url escaped;
http://seclists.org/nmap-dev/2012/q2/558
 2012-06-15 14:58:32 +00:00
aca
14e9c1b66d Wrong @usage descriptions fix 2012-06-15 13:24:51 +00:00
aca
2564f0bf03 added Daniel's patch 2012-06-14 17:19:03 +00:00
kroosec
00f48c547f http-waf-fingerprint: small change to ouput syntax. 2012-06-14 11:42:49 +00:00
paulino
36363d904b Adds mysql-vuln-cve2012-2122.nse. This script exploits the authentication bypass vulnerability in Mysql/MariaDB (CVE2012-2122). 2012-06-13 06:12:13 +00:00
david
4e816c82f5 Oracle OVSAgentServer is actually Oracle Virtual Server Agent. 2012-06-13 03:01:58 +00:00
kroosec
461b5d5a9e http-waf-fingerprint: Added credit to wafw00f and w3af in description field. 2012-06-12 23:26:24 +00:00
aca
f747ad8084 removed .exe, added info to Changelog 2012-06-12 20:33:34 +00:00