PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity
11,762 Commits 2 Branches 0 Tags
110d9b7adf657701f8336f406dd3d66ef5bf371d
Commit Graph

42 Commits

Author SHA1 Message Date
dmiller
110d9b7adf Fix wrong library typo 2018-11-06 15:07:01 +00:00
dmiller
0500811f5a Move string utility functions to stringaux.lua 2018-10-18 01:08:19 +00:00
dmiller
dcc0e3ed7e New tableaux library containing table auxiliary functions. 2018-10-17 15:34:30 +00:00
nnposter
8bc9473a55 Adds support for Ed25519 keys to script ssh-hostkey 2016-12-28 18:23:58 +00:00
dmiller
cb4b46bd53 Canonicalize authors as tables instead of comma-separated strings 2016-06-09 22:46:42 +00:00
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
dmiller
7f5a75ce5c Fix a few NSEdoc issues 2015-11-02 16:02:51 +00:00
dmiller
10dce0382c Clean up string concatenations 
Building a string with var = var .. "something" has miserable time
complexities. This commit cleans up a lot of that in scripts, focusing
on packing of data with bin.pack and concatenations within loops.
Additionally, a few instances were replaced with string.rep
 2015-02-25 19:58:42 +00:00
dmiller
27bb53e295 Sanity check for ssh-hostkey to avoid many requests to tcpwrapped sshd 2015-02-06 19:50:26 +00:00
dmiller
d38b46e75c ssh-hostkey: don't print output if no keys found 2015-02-06 19:50:24 +00:00
dmiller
1653d846e6 Don't double-encode ssh key for XML output 2014-12-17 03:32:09 +00:00
batrick
810f7d4803 more stdnse.print_debug -> stdnse.debug 
This is a catchall pattern with a few exclusions.

$ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *\(.*\))/stdnse.debug\1(\2)/' *.nse
$ sed -i 's/stdnse.print_debug(\(.*\))/stdnse.debug1(\1)/' *.nse

Excluded:
$ svn revert db2-das-info.nse
$ svn revert flume-master-info.nse
$ svn revert http-headers.nse
$ svn revert http-methods.nse
$ svn revert http-unsafe-output-escaping.nse
$ svn revert http-userdir-enum.nse
$ svn revert http-vuln-cve2011-3192.nse
$ svn revert http-vuln-wnr1000-creds.nse
$ svn revert http-wordpress-plugins.nse
$ svn revert telnet-brute.nse
 2014-08-02 02:46:16 +00:00
batrick
d47acf9f5e more stdnse.print_debug -> stdnse.debug 
$ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *" *%s *:* *\([^"]*\)" *, *SCRIPT_NAME/stdnse.debug\1("\2"/' *.nse
$ sed -i 's/stdnse.print_debug( *" *%s *:* *\([^"]*\)" *, *SCRIPT_NAME/stdnse.debug1("\1"/' *.nse
 2014-08-02 02:08:12 +00:00
dmiller
ad2c9874b3 NSE structured output for ssh-hostkey when checking known_hosts 2014-02-13 20:36:42 +00:00
dmiller
b73c3aa60f Wrap long lines in NSE (>200 columns) 
Mostly in documentation (the description field, for instance), but also
some long literal strings. Lua 5.2 introduces a string escape, "\z",
which escapes any amount of subsequent whitespace, including newlines.
This can be used to wrap string literals without upsetting indentation.
http://www.lua.org/manual/5.2/manual.html#3.1
 2014-02-13 15:47:35 +00:00
dmiller
fb67a6717e Re-indent some libs and scripts, change 4 to 2-space indent 
Mostly found with:

    for i in nselib/*.lua scripts/*.nse; do
      echo $(perl -lne 'BEGIN{$a=$p=0}next unless $_;/^(\s*)/;' \
        -e '$l=length$1;next if$l==$p;$a+=(abs($l-$p)-$a)/$.;' \
        -e '$p=$l;END{print$a}' $i) $i
    done | sort -nr

And indented with: https://gist.github.com/bonsaiviking/8845871

whois-ip.nse was particularly mangled (probably my fault due to using
vim's built-in indentation script, but it could be structured better)
 2014-02-06 23:25:28 +00:00
dmiller
620f9fdb34 Remove trailing whitespace in lua files 
Whitespace is not significant, so this should not be a problem.
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-23 21:51:58 +00:00
dmiller
db1d82ad1f Fixed global assignments with nse_check_globals 
All fixes made by hand. A couple real bugs/errors fixed, due to
copy-paste of code from other scripts without changing variable names.
 2014-01-22 17:45:00 +00:00
dmiller
726b259b20 Consolidate "contains" functions into stdnse.contains 
These implementations were all functionally identical. The replacement
has an extra feature of returning the index where the value was found,
currently unused.
 2014-01-16 22:57:33 +00:00
sophron
a7b0fea687 [NSE] Added an enhancement to ssh-hostkey that makes a comparison with your known-hosts file. http://seclists.org/nmap-dev/2013/q3/587 2013-10-16 18:32:44 +00:00
david
82df82b5fd Do base64-encoding of the SSH key before returning, not after. 
Not all SSH key formats use base64 encoding, for example SSH1 keys looks
different. So we can't blindly base64-encode the raw strings that we
receive. Attempt to return keys in the same format as is used by the
known_hosts file.
 2013-08-11 05:36:45 +00:00
david
4c298e6e67 Add support for ECDSA to ssh-hostkey.nse. 
Patch by Adam Števko. http://seclists.org/nmap-dev/2012/q4/181
 2012-10-31 17:57:26 +00:00
dmiller
74a2168a15 Use base64-encoded key, not double-encoded type and key 2012-08-16 14:46:40 +00:00
david
8206146d2a Put just the base64-encoded key in the ssh-hostkey "key" field. 
Previously it had the key type prepended (already available in the
"type" field).
 2012-08-16 11:59:02 +00:00
david
e96b7d55fb Use key "type" not "algorithm" in ssh-hostkey structured output. 
"algorithm" seems to be a mapping computed by our ssh2 library:
	ssh-rsa → RSA
	ssh-dss → DSA
"type" is just the string "ssh-rsa" or "ssh-dss". "Type" seems to be the
terminology used in the ssh-keygen man page.
 2012-08-16 11:58:40 +00:00
david
bd99ea17f8 Don't use colons in structured output digests. 2012-08-16 10:37:21 +00:00
david
aee57d6cdc Kill <script></script> around @xmloutput. 2012-08-16 10:12:08 +00:00
dmiller
a61a6a5918 Add @xmloutput nsedoc to ssh-hostkey, smb-os-discovery 2012-08-16 03:00:00 +00:00
dmiller
466d0895df Update ssh-hostkey to use structured output 2012-08-15 20:30:39 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
david
acaade017b Sort duplicates output in ssh-hostkey.nse. 2011-12-30 04:05:36 +00:00
batrick
dc9a35bc9d New system for silent require errors. Use the new function 
stdnse.silent_require. The Lua require function is back in its usual spot
(_G.require).
 2011-06-13 23:38:35 +00:00
batrick
7f66646636 Patch to make require errors silent and removed evil workarounds. 
Added new stdnse function stdnse.print_verbose (similar to print_debug).
 2011-05-04 21:06:53 +00:00
david
2b898d61f7 o [NSE] ssh-hostkey now additionally has a postrule that prints hosts 
that have the same hostkey. [Toni Ruottu]
 2011-03-27 22:04:13 +00:00
djalal
d1b34654b8 Fix a bug which caused some NSE scripts to fail, due to the absence of 
the NSE SCRIPT_NAME environment variable when the scripts are loaded.
Reported by Michael Pattrick.
 2011-01-30 23:31:57 +00:00
patrik
a139a26fd7 Fix for bug that would make Nmap fail to run when compile without SSL support. 
The wsdd library incorrectly assumed OpenSSL to always be available and the
ssh-hostkey used the undeclared SCRIPT_NAME in message when evaluating SSL
support. The bug was reported by Michael Pattrick on nmap-dev:
http://seclists.org/nmap-dev/2011/q1/312

[Patrik]
 2011-01-30 10:39:17 +00:00
djalal
f0c5e154c3 Merge r18689:r19511 from /nmap-exp/djalal/nse-rules. 
o Add two new Script scan phases:
  Script Pre-scanning phase: before any Nmap scan operation, activated by the new "prerule".
  Script Post-scanning phase: after all Nmap scan operations, activated by the new "postrule".
o New environment variables:
  SCRIPT_PATH
  SCRIPT_NAME
  SCRIPT_TYPE: the type of the rule that activated the script.
 2010-08-06 16:40:03 +00:00
fyodor
1428a1644b We generally put scripts in either safe or intrusive categories, but not both. So I removed intrusive. I also added discovery, as that seems to fit the ssh-hostkey script 2010-06-15 07:49:45 +00:00
fyodor
77ab5c4305 Remove email addresses from scripts as discussed in this thread: http://seclists.org/nmap-dev/2009/q4/466 2009-11-24 08:49:02 +00:00
batrick
0be861959f ssh-hostkey no longer looks for the action global which 
may not exist (and thus triggers an error from strict.lua). We instead
setup dummy portrule/action functions, print the debug error for why the script
will not run, and return.
 2009-07-16 03:41:36 +00:00
fyodor
989f48be6d mostly documentation cleanup, though I also moved ftp-anon into the safe category since I don't think it is any more intrusive than other scripts in that category 2008-11-07 04:35:22 +00:00
david
6fbc8868a9 Rename scripts (almost all of them) to make their names more consistent and 
make them look better in output. The full list of changes is
  anonFTP => ftp-anon
  ASN => asn-query
  brutePOP3 => pop3-brute
  bruteTelnet => telnet-brute
  daytimeTest => daytime
  dns-safe-recursion-port => dns-random-srcport
  dns-safe-recursion-txid => dns-random-txid
  dns-test-open-recursion => dns-recursion
  ftpbounce => ftp-bounce
  HTTPAuth => http-auth
  HTTP_open_proxy => http-open-proxy
  HTTPpasswd => http-passwd
  HTTPtrace => http-trace
  iax2Detect => iax2-version
  ircServerInfo => irc-info
  ircZombieTest => irc-zombie
  MSSQLm => ms-sql-info
  MySQLinfo => mysql-info
  popcapa => pop3-capabilities
  PPTPversion => pptp-version
  promiscuous => sniffer-detect
  RealVNC_auth_bypass => realvnc-auth-bypass
  robots => robots.txt
  showHTMLTitle => html-title
  showOwner => identd-owners
  skype_v2-version => skypev2-version
  smb-enumdomains => smb-enum-domains
  smb-enumsessions => smb-enum-sessions
  smb-enumshares => smb-enum-shares
  smb-enumusers => smb-enum-users
  smb-serverstats => smb-server-stats
  smb-systeminfo => smb-system-info
  SMTPcommands => smtp-commands
  SMTP_openrelay_test => smtp-open-relay
  SNMPcommunitybrute => snmp-brute
  SNMPsysdescr => snmp-sysdescr
  SQLInject => sql-injection
  SSH-hostkey => ssh-hostkey
  SSHv1-support => sshv1
  SSLv2-support => sslv2
  strangeSMTPport => smtp-strangeport
  UPnP-info => upnp-info
  xamppDefaultPass => xampp-default-auth
  zoneTrans => zone-transfer
 2008-11-06 02:52:59 +00:00