PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
10,392 Commits 2 Branches 0 Tags
0d12307030f79b27d3ad5aed25fbfb45c3a2dc75
Commit Graph

2440 Commits

Author SHA1 Message Date
dmiller
0d12307030 Improve parsing and request building in sslv2. Part of #365 2016-06-30 17:01:21 +00:00
dmiller
9c42f852c7 Fix incorrectly labeled prime in ssl-dh-params. Closes #347 2016-06-30 14:25:59 +00:00
dmiller
26fb5d6f99 Return NOT_VULN report instead of 'false' in http-frontpage-login 2016-06-26 04:15:17 +00:00
dmiller
c6be42d88b Avoid blank output from http-fileupload-exploiter 2016-06-26 04:15:16 +00:00
dmiller
822b2d593a Don't run tor-consensus-checker on private/reserved IPs 2016-06-26 04:15:15 +00:00
dmiller
dc4c9927d9 Fix a format string crash (missing formatted value) in targets-ipv6-map4to6 2016-06-25 20:22:01 +00:00
dmiller
91c379fa92 Avoid an error in imap-ntlm-info when starttls fails 2016-06-25 19:43:31 +00:00
dmiller
1c16a55227 New script: http-mcmp. Closes #304 2016-06-25 19:23:26 +00:00
paulino
bff2dc4563 Adds clamav-exec.nse to detect ClamAV servers vulnerable to remote clamav command execution 2016-06-20 05:50:04 +00:00
dmiller
a2ed5c4a30 Lua strings are 1-indexed. This is not a bug for now, but is incorrect. 2016-06-18 15:49:18 +00:00
paulino
540494a92d Adds http-aspnet-debug to detect ASP.NET applications with debugging enabled. 2016-06-18 14:51:03 +00:00
dmiller
60a1c85a93 Properly cache enterprise numbers for snmp-info (was parsing for every target) 2016-06-17 16:11:33 +00:00
dmiller
cb4b46bd53 Canonicalize authors as tables instead of comma-separated strings 2016-06-09 22:46:42 +00:00
batrick
b3a88696ef Revert "NSE: make minor adjustments to script" 
This reverts commit 317eb0de31f40454cd213296e6cee71c1f78e006.

This commit started as a way to fix perceived problems but eventually I found
the script worked correctly (I had a misunderstanding of the purpose). I kept
the small changes but ended up breaking the script anyway. So let's just revert
this.
 2016-06-09 12:25:19 +00:00
dmiller
39018e3e91 Check for RSA exponent of 1, resulting in F score 2016-06-09 04:36:09 +00:00
batrick
baef5e0c08 Merge branch 'http-internal-ip-disclosure' 
* http-internal-ip-disclosure:
  NSE: make minor adjustments to script
  NSE: add new script http-internal-ip-disclosure
  http-internal-ip-disclosure branch
 2016-06-08 23:18:47 +00:00
paulino
51c6260f85 Fixes usage documentation 2016-06-05 20:06:25 +00:00
fyodor
37095358e0 Fix the @usage to correct form 2016-05-30 06:39:31 +00:00
dmiller
7203767031 Fix nsedoc (hanging indent dropped some characters) for http-fetch 2016-05-26 13:47:04 +00:00
dmiller
0896c64bae Add xml output to resolveall, improve warnings 2016-05-25 20:14:13 +00:00
abhishek
168ac74f40 Closes #366 2016-05-23 15:32:24 +00:00
dmiller
0c6a3a6256 Alow bare "wpad" name to be resolved 
Previously, if a host had not domain set, the script would crash when
trying to get the domain portion of the reverse-DNS name. Now, it adds
the blank string and tries to resolve the bare hostname "wpad".
 2016-05-23 04:30:06 +00:00
dmiller
9450cb725a Avoid boolean tautologies of the form 'not x == y' 
Lua operator 'not' has higher precedence than '==', so the statement

    not x == "something"

is equivalent to:

    (not x) == "something"

which will always be false, since the value of 'not x' will be either
'true' or 'false' and the string "something" is not the boolean 'true'
or 'false'. This is usually resolved by using the '~=' operator.
 2016-05-23 04:30:06 +00:00
dmiller
5be0ac591b Avoid a crash when host has no domain configured 2016-05-23 04:30:05 +00:00
paulino
363397b948 Fixes #379. Script was not reporting the NOT_VULN state correctly 2016-05-16 15:11:32 +00:00
dmiller
2b77e83abb Avoid output when ssl-date fails (e.g. non-STARTTLS SMTP) 2016-05-02 16:09:28 +00:00
dmiller
fb6d2a5567 Deprecate SHA-1 certs in ssl-enum-ciphers. Closes #370 2016-05-02 13:55:17 +00:00
dmiller
b341915722 Deprecate RC4 ciphersuites 2016-05-02 13:55:16 +00:00
dmiller
fbdd7f53d9 Don't crash when portmapper reports non-tcp/udp transports. Fixes #363 2016-04-18 05:11:57 +00:00
dmiller
20d6d17c2c Support (unlikely) TLS NPN checking for STARTTLS-type services 2016-04-11 20:42:03 +00:00
dmiller
a24006e0b7 Check the appropriate functions in portrules for SSL/TLS 2016-04-11 20:42:02 +00:00
tomsellers
0699edbe05 NSE: ldap-rootdse.nse improve error handling 2016-04-11 18:04:53 +00:00
tomsellers
12e9af5b1b Adjust indentation on rpcinfo.nse, no fuctionality changes 2016-04-10 14:19:51 +00:00
tomsellers
ee4ed66956 Added support for LDAP over udp to ldap-rootdse.nse. 
Also added version detection and information extraction to match the
new LDAP LDAPSearchReq and LDAPSearchReqUDP probes. Closes #362
 2016-04-09 21:33:26 +00:00
dmiller
4b341c4311 Clarify vnc handshake/login process and correctly send chosen security type 2016-04-04 04:47:37 +00:00
dmiller
6c7655c24f Add Tight VNC auth type 2016-04-02 15:22:30 +00:00
dmiller
41de3b1d60 New script vnc-title 2016-04-01 22:29:40 +00:00
dmiller
3af66a0445 VNC revamp and extension 2016-04-01 22:29:39 +00:00
tomsellers
e2cfda9dc0 Change to smb-os-discovery to enable it to augment SMB version detection. Closes #348 2016-03-31 10:56:29 +00:00
dmiller
81bb435ad9 Add TLS auth support to vnc.lua and vnc-brute 2016-03-28 16:46:32 +00:00
paulino
9b53acb1c0 Fixes bad indexed global 2016-03-26 19:52:37 +00:00
dmiller
6a0c3e8219 Allow ascii values in cert fields (broke in r35714) 2016-03-25 14:02:02 +00:00
dmiller
b76257d14b fix a NSE bug when http-cross-domain-policy has no output. Closes #343 2016-03-21 22:04:42 +00:00
dmiller
7a430d154b Auto-detect UTF-16 fields in certificates and transcode to UTF-8 2016-03-19 20:44:32 +00:00
dmiller
663271f95d New shodan-api script for querying Shodan internet scan data 2016-03-16 05:47:58 +00:00
dmiller
c7892e365f Let http.lua functions optionally connect via any address family 
Sometimes (e.g. when using an external API), a script wants to connect
by name to a server and doesn't care whether IPv4 or IPv6 is used. By
passing the "any_af" option, the first resolved address of any address
family will be used, allowing external-category scripts which used to
fail with -6 to succeed.
 2016-03-16 05:07:59 +00:00
dmiller
4135ec518f Add rpcinfo to version category, see previous commit 2016-03-14 20:42:52 +00:00
dmiller
0bb036cda2 Allow rpcinfo.nse to set version info 
The rpcinfo script can now set version info just like rpc-grind. Since
this requires considerably less traffic than rpc-grind, I made rpc-grind
depend on rpcinfo so that it will avoid running if we can get the
version information this way instead.

Also changed rpcinfo to only run on port 111, not on "rpcbind" service
since that's what -sV labels any detected RPC service.
 2016-03-14 20:42:51 +00:00
dmiller
5843cd95a4 Add rusers script 2016-03-14 16:03:47 +00:00
dmiller
5729d3844e Only run http-apache-server-status on Apache or unknown http servers. Add version info. 2016-03-14 03:41:38 +00:00