Instead of hard-coding the many-years-invalid IP address of
scanme.nmap.org, look it up via DNS. Even better, you can override the
host used for this purpose, in case you don't want to tip your hand.
This was previously done for --script-args-file with a blind gsub of all
newlines with commas (","), which meant that quoted strings could not
contain newlines. Now they can.
Fixes#275.
This results in fewer casts and less subtraction than the previous
method, and should still be portable. Only division and subtraction and
difftime are performed on the value, so it will not overflow. And the
TCP timestamp itself is a 32-bit value, so it can't refer to a time
farther in the past than the 32-bit epoch. One explicit cast (to long
long) is used in order to ensure the format string can handle any
conceivable value according to the compiler and avoid a warning message.
Now can correctly handle complex token-based CSRF protections by grabbing all
fields from the login form and using session cookies from the form request.
These cookies are sent with subsequent redirect-following requests for better
failure detection. On success, cookies are cleared and re-acquired.
A database of known web apps' login forms is used for form detection, helpful
for those whose username and password fields do not begin with "user" and
"pass". Form mangling (to remove cookie checks in one instance) and custom
onsuccess functions are also supported. Tested: django, wordpress, mediawiki.
This *may* be a replacement (upon suitable testing) for http-wordpress-brute and
http-joomla-brute.
1. getattr now decodes html entities in attributes (useful for & in href
attributes, for instance)
2. Cookie validation allows max-age, httponly, and secure attributes
3. Use table concatenation instead of repeated string concatenation to build
cookie string.
1. When the hostname script-arg was used, the script would try to
*connect* to that host instead of the target. Now the argument is used
*only* for the Host: header.
2. The http options table is reused for each request, significantly
reducing the load on the garbage collector over many requests.
3. Do not use both creds.Credentials:new() and creds.Account:new(),
since this results in double-reporting found credentials.
