PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-13 18:09:02 +00:00
Code Issues Projects Releases Wiki Activity
10,167 Commits 2 Branches 0 Tags
11683228495ae57acab820cfd3c19db59d5a40ac
Commit Graph

1376 Commits

Author SHA1 Message Date
dmiller
97163a3052 Fingerprint for WebSphere console by Vlatko Kosturjak 2016-01-14 21:08:28 +00:00
dmiller
43dedd7b0e Extract optional OS version info from NTLM challenge message 2016-01-07 20:43:19 +00:00
dmiller
68599ce140 Solve "unexpected signature" message in SMB extended session setup (NTLM type 2 message only sent once) 2016-01-07 20:33:10 +00:00
dmiller
bb507ac7bf Add RomPager CVE-2014-4019 check to http-fingerprints 2016-01-06 20:47:06 +00:00
dmiller
f405d71296 Avoid a script crash when pppoe.Comm.recv returns failure without error message 2016-01-04 16:48:08 +00:00
dmiller
74bd78267a http cookie and form parsing updates 
1. getattr now decodes html entities in attributes (useful for & in href
   attributes, for instance)
2. Cookie validation allows max-age, httponly, and secure attributes
3. Use table concatenation instead of repeated string concatenation to build
   cookie string.
 2015-12-31 15:50:25 +00:00
dmiller
5243f4f049 Alter output formatting of multicast.lua 2015-12-19 17:47:15 +00:00
dmiller
a11db08325 Every ipOps function validates IP addresses, so no need to do it explicitly 2015-12-19 15:25:43 +00:00
dmiller
0f99596555 Fix a few bugs in targets-ipv6-multicast-mld. http://seclists.org/nmap-dev/2015/q2/250 2015-12-16 17:07:40 +00:00
tomsellers
58f00324eb NSE: Prevent http.identify_404 from following HTTP redirects, standardize calls to it. Closes #251 2015-12-05 10:16:51 +00:00
dmiller
8d418d4962 Document some script args in NSEdoc 2015-11-22 13:58:21 +00:00
dmiller
e83078fdcc Fix stun mode parameter, NSEdoc 
The value for the mode parameter passed to Helper.new was always
overridden by either the stun.mode script-arg or "modern". Now, the
script-supplied option is used, falling back to the script-arg or
modern if neither is present. Also documented the script-arg.
 2015-11-22 13:58:20 +00:00
dmiller
2eca808281 Add NSEdoc stub for lpeg library 2015-11-17 04:58:56 +00:00
dmiller
5c425fa6fd Add Miller-Rabin primality tests to NSE. Closes #190 2015-11-11 21:19:06 +00:00
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
dmiller
521226cd63 Fix a bug with declaring parse_set_cookie local twice 2015-11-04 03:57:17 +00:00
dmiller
7f5a75ce5c Fix a few NSEdoc issues 2015-11-02 16:02:51 +00:00
dmiller
5e2bb7ad86 Fix parsing of Set-Cookie headers. Closes #229 2015-11-02 16:02:50 +00:00
dmiller
bbee119188 Support fragmented TLS records. Closes #194 2015-10-29 22:18:32 +00:00
dmiller
a9320c57eb Add a few http services to shortport.http 2015-10-19 15:57:08 +00:00
dmiller
0146739b87 Fix http.get_url with https. http://seclists.org/nmap-dev/2015/q3/336 2015-09-21 19:05:38 +00:00
dmiller
9840973b60 Fix format string argument mismatches 
Cases where the format string does not contain any placeholders, but
values are given anyway. Cases where string.format is used without any
placeholders or arguments.
 2015-09-18 12:40:32 +00:00
dmiller
a954950b5a Remove some unneeded local declarations of loop variables 2015-09-18 12:40:30 +00:00
dmiller
6752546ef5 Fixes #212 http.get_url with https 2015-09-18 03:54:59 +00:00
dmiller
ddc5762ca9 Fix reporting of DH and ECDH param sizes 
Finite-field (traditional) DH parameter strength should be reported in
bits. ECDH key strength is the size (log base 2) of the order of the
base point G (see NIST SP 800-57 rev 3 section 5.6.1)
 2015-09-16 04:51:49 +00:00
dmiller
dd4b840be0 Catch socket errors in iscsi scripts 2015-09-12 03:31:14 +00:00
paulino
d1a2bf1d60 Fixes #195: Fixes XML output overwrite when reporting multiple vulnerabilities from the same script. Patch submitted by jgajek 2015-09-10 05:59:37 +00:00
paulino
40cfbdb0f3 Fixes #195: Fixes XML output overwrite when reporting multiple vulnerabilities from the same script. Patch submitted by jgajek 2015-09-10 05:57:29 +00:00
dmiller
829fbef715 Fix human-readable sizes in ls.lua 
First, enforce significant digits when converting, e.g. 1.1K to bytes.
Next, use the server-returned human-readable format instead of
converting to bytes by default. The conversion to bytes is still done to
get total byte count.

Also changed how boolean options work to better match existing
convention: --script-args ls.human or --script-args ls.human=1 now work.
You must explicitly say "false", "no", or "0" to make a boolean flag
false (or just leave it out).
 2015-09-04 14:23:14 +00:00
dmiller
998da3d070 Fix an assertion error in ls.lua: size is a number, not a string 2015-09-04 12:52:09 +00:00
dmiller
087fadf2a9 Add ls.lua library. Closes #106 2015-09-04 12:52:08 +00:00
gio
569e954a96 nselb/creds: Fix #159, Add support for credential multitag 2015-08-20 20:05:28 +00:00
gyani
695edff47e I made the unescape function public. This function can be used 
to convert html entities to their normal forms. For exmaple
lt; to <.
 2015-08-14 11:24:30 +00:00
gyani
ba873c28c0 http-drupal-enum replaces http-drupal-modules. 
The script now supports drupal theme listing as well.
Updated drupal-modules.lst and added drupal-themes.lst.
 2015-08-13 11:58:44 +00:00
dmiller
7c08cf9c4f Clean up nested list in nsedoc 2015-08-04 14:21:48 +00:00
paulino
c24322ff9a Adds globalcatssl port to LIKELY_SSL_PORTS. Closes #179 2015-07-20 04:07:41 +00:00
gyani
759d944397 Modified the debug string that is passed when ssl is not present to 
include ntlm.
 2015-07-04 08:22:08 +00:00
gyani
3d2a008cef Modified smbauth.lua to create ntlmv2 session response. 
http.lua now allows NTLM authentication.
 2015-07-04 08:19:17 +00:00
gyani
e5b3f98611 Applied Jacob Gajek's patch that allows a list of tables to be passed 
to fields in the vuln report table.
 2015-07-04 07:25:54 +00:00
dmiller
f846e7c818 Allow make nse_check to pass when configured --without-openssl 2015-06-25 14:00:53 +00:00
dmiller
6a38678b56 re-sync TLS ciphersuite names that changed in r34683 2015-06-23 00:08:58 +00:00
gyani
3ef7d71863 Merge branch 'fingerprints' 2015-06-20 17:27:22 +00:00
gyani
eba83f60af The utf8_enc function had a missing referrence to the unicode library. 
Fixed that.
 2015-06-20 06:40:13 +00:00
dmiller
ba38345c32 Mark some TLS ciphersuites as draft 2015-06-19 21:36:53 +00:00
dmiller
9c99b80d73 New RTSP urls for Logitech WiLife cameras [Dustin Miller] 2015-06-19 21:36:52 +00:00
dmiller
ce9eb6b0f3 Fix DH parameter extraction in tls.lua (Jacob Gajek) 2015-06-17 21:17:43 +00:00
gyani
5550411330 Messed up the author field in the last commit. Fixed that. Hopefully that last slaxml.lua commit for the the day. Sorry for the multiple commits 2015-06-14 06:47:36 +00:00
gyani
21f8b14798 Added better indentation 2015-06-14 06:41:25 +00:00
gyani
ce84a003a4 Added documentation for parseDOM. Fixed a few typos in the original documentation 2015-06-14 06:20:06 +00:00
gyani
be7e57f80d Removed WhiteSpace 2015-06-14 05:55:58 +00:00