PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
9,227 Commits 2 Branches 0 Tags
1622edabc27defd841fc7f453fec0b258793224d
Commit Graph

41 Commits

Author SHA1 Message Date
dmiller
1622edabc2 Unify logging with protocol prefix 2014-08-12 02:38:17 +00:00
dmiller
29b614ccca Increase default timeout, but allow discovered timeouts, too. 2014-08-12 02:38:16 +00:00
dmiller
31de5b9b9b Offer ciphers and compressors in the same order every time 2014-08-12 02:38:15 +00:00
dmiller
aadd8d864c Documentation for the cipher ordering feature 2014-08-12 02:38:13 +00:00
dmiller
a61755699f Handle servers which offer ciphers we didn't request 
Code from David.
 2014-08-12 02:38:12 +00:00
dmiller
d538cc81cd Sort ciphers according to server preference, when available 
David's code, adapted to current script.
 2014-08-12 02:38:10 +00:00
dmiller
2df9a5f678 Factor out cipher selection for chunks 
It will be handy later to have a find_ciphers_group function that
doesn't know anything about chunking.
 2014-08-12 02:38:09 +00:00
dmiller
38ab5861d5 Report server's cipher ordering algorithm 
Old code from David, modified to fit the current script.
 2014-08-12 02:38:07 +00:00
batrick
810f7d4803 more stdnse.print_debug -> stdnse.debug 
This is a catchall pattern with a few exclusions.

$ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *\(.*\))/stdnse.debug\1(\2)/' *.nse
$ sed -i 's/stdnse.print_debug(\(.*\))/stdnse.debug1(\1)/' *.nse

Excluded:
$ svn revert db2-das-info.nse
$ svn revert flume-master-info.nse
$ svn revert http-headers.nse
$ svn revert http-methods.nse
$ svn revert http-unsafe-output-escaping.nse
$ svn revert http-userdir-enum.nse
$ svn revert http-vuln-cve2011-3192.nse
$ svn revert http-vuln-wnr1000-creds.nse
$ svn revert http-wordpress-plugins.nse
$ svn revert telnet-brute.nse
 2014-08-02 02:46:16 +00:00
dmiller
233b1fca71 STARTTLS support for ssl-enum-ciphers 2014-04-09 18:02:01 +00:00
dmiller
64ef503f5b Remove debug leftover from ssl-enum-ciphers 2014-03-31 14:35:50 +00:00
dmiller
4eaa21e7cb Integrate David's ssl-enum-ciphers improvements 
From this thread: http://seclists.org/nmap-dev/2014/q1/105

* Extensions now better supported in tls.lua
* ssl-enum-ciphers sends all EC options to ensure servers reply with
  supported EC suites
* tls.lua supports multiple messages of a single type within 1 record
* tls.record_buffer will read an entire TLS record into a buffer
* ssl-date and tls-nextprotoneg updated to use tls.record_buffer
 2014-01-30 18:12:14 +00:00
dmiller
620f9fdb34 Remove trailing whitespace in lua files 
Whitespace is not significant, so this should not be a problem.
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-23 21:51:58 +00:00
dmiller
35148980ef Update ssl-enum-ciphers to use tls.lua 2014-01-16 18:09:59 +00:00
henri
0b2a445ddd Use strjoin() instead of '..' to concatenate strings. 
This significantly decreases CPU usage, that could reach
100% on large scans.
 2014-01-13 08:35:00 +00:00
david
98bbff8b69 Remove unused local. 2013-12-05 23:41:21 +00:00
david
aa15467a3f Fix the off-by-one in ssl-enum-ciphers that I reintroduced. 2013-12-03 17:12:15 +00:00
david
126d424dec Simplify the chunk calculation. 2013-12-02 22:47:20 +00:00
david
6832c98454 Try only 64 ciphers at a time in ssl-enum-ciphers. 
An off-by-one error meant that we tried 65 at a time. The number 64 came
up in a discussion of limitations of running against IIS.
http://seclists.org/nmap-dev/2012/q3/167
 2013-12-02 22:47:09 +00:00
david
8ab92b3214 Tabs to spaces in ssl-enum-ciphers. 2013-11-27 04:59:48 +00:00
dmiller
83e0ee1e70 Add ChaCha20-Poly1305 TLS cipher suites to ssl-ciphers 2013-11-14 20:41:09 +00:00
dmiller
f97c8db5e8 Correct output for ssl-enum-ciphers against non-ssl 
ssl-enum-ciphers was producing output against non-ssl services, listing
"least strength: strong" when there was no cipher matched. Fixed to
return nil in this case, and to clearly indicate when a protocol is
supported but does not support any of our ciphers (a very unlikely
situation! Had to artificially reduce attempted ciphers to test.)
 2012-09-14 21:06:46 +00:00
dmiller
f8335fc3f0 Update ssl-enum-ciphers to use structured output 
This includes a minor hack to stringify a structure with sorted keys.
This should probably be moved to a formatting library when one is
committed.
 2012-08-17 20:14:46 +00:00
dmiller
32dfcdc2e6 Fix bug in ssl-enum-ciphers: Strength not defined (broken) 2012-08-09 21:50:26 +00:00
patrik
217b27bace nse_check_globals cleanup 2012-07-24 10:08:43 +00:00
dmiller
1aeec5790e Add more ssl-ciphers strength ratings 
Ratings generated with this perl script:
https://gist.github.com/3130353
 2012-07-18 22:14:30 +00:00
dmiller
4463296bf7 Modify ssl-enum-ciphers for speed and thoroughness 
Send large groups of ciphers and eliminate chosen ones until the server
gives up. This results in far fewer exchanges than trying every cipher
individually.

Also fixed a bug introduced in r26521 where failing to send NULL
compressor results in a rejected handshake, and updated the list of
ciphers from 213 to 359.

http://seclists.org/nmap-dev/2012/q3/156
 2012-07-13 22:40:00 +00:00
perdo
5ac6c7d64a Fixed errors found by nse_check_globals. 2012-06-06 22:23:02 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
patrik
a1c7c9d31c Added thread support to the ssl-enum-ciphers script which dramatically improves 
performance. [Patrik Karlsson]
 2012-05-22 19:44:27 +00:00
david
ae5c653264 Fix to new ssl-enum-ciphers codes from Martyn Tovey. 2012-03-21 21:31:23 +00:00
david
3d9427a14c Add additional ciphers for ssl-enum-ciphers from Darren McDonald. 2012-03-21 17:48:50 +00:00
david
1a56b09beb Don't redundantly list the NULL compressor in ssl-num-ciphers.nse. 
This can happen when we ask for a different compressor but the server
replies with NULL instead. Patch by Matt Selsky in
http://seclists.org/nmap-dev/2011/q2/1236.
 2011-09-14 18:21:23 +00:00
david
49be2a7c61 Fix compressor names in ssl-enum-ciphers.nse. 
patch from Matt Selsky in http://seclists.org/nmap-dev/2011/q2/1235.
 2011-09-14 18:14:52 +00:00
david
2990c68107 Whitespace in ssl-enum-ciphers. 2011-09-14 17:57:49 +00:00
david
3cf16f31c3 Update output and NSEDoc for ssl-enum-ciphers. 2011-09-14 17:57:48 +00:00
david
44fcc2f455 ssl-enum-ciphers update for cipher strength from Gabriel Lawrence. 2011-09-14 17:57:47 +00:00
david
c3ab2d5ea4 Create a shortport.ssl function like shortport.http. Use it in ssl 
scripts.
 2011-02-22 00:46:28 +00:00
kris
e297c8de73 update script name in @output 2010-10-13 03:52:34 +00:00
david
c9e759fe0b Changes to ssl-enum-ciphers from Mak Kolybabi. This goes back to a 
slower one-at-a-time enumeration method that has proved to be more
robust. Other changes:
- Fixes the "malformed packet" bug.
- Treats RSTs as rejections, not fatal errors.
- Adds some obsolete ciphers that were requested.
  - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
  - SSL_RSA_FIPS_WITH_DES_CBC_SHA
- Adds some other cipher definitions.
  - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
  - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
  - TLS_DHE_DSS_WITH_RC4_128_SHA
  - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  - TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
  - TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
  - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
 2010-03-22 03:26:56 +00:00
david
bf612ba7c9 o [NSE] Added the ssl-enum-ciphers script from Mak Kolybabi. This 
script lists the ciphers and compressors supported by an SSL/TLS
  server.
 2010-02-24 01:33:16 +00:00