PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
10,153 Commits 2 Branches 0 Tags
1accb103d13e16dcd48cef12d93041756b1bcd29
Commit Graph

2366 Commits

Author SHA1 Message Date
dmiller
1accb103d1 New script: nntp-ntlm-info 2016-01-08 16:17:12 +00:00
dmiller
5a1e018803 New script: pop3-ntlm-info 2016-01-08 16:06:37 +00:00
dmiller
82be9b48ee New script: telnet-ntlm-info 2016-01-08 15:54:53 +00:00
dmiller
1f74fc2550 New script: smtp-ntlm-info 2016-01-08 15:29:54 +00:00
dmiller
70798c2468 New script: imap-ntlm-info 2016-01-08 03:08:26 +00:00
dmiller
2702b4d030 Let http-ntlm-info use smbauth functions for generating and parsing NTLM blobs 2016-01-08 02:57:24 +00:00
dmiller
e43e6fc278 Fix a crash on dns.query failure in dns-client-subnet-scan. Fixes #93 2016-01-07 05:45:48 +00:00
dmiller
b2d67c470f http-vuln-cve2013-6786 RomPager XSS script 2016-01-06 20:47:07 +00:00
dmiller
226a05af31 Replace some deprecated print_verbose with verbose1 calls 2016-01-04 16:48:08 +00:00
dmiller
1a205842fd Reformat ordered lists in NSEdoc 2016-01-02 05:08:05 +00:00
dmiller
1863fd84d3 Update NSEdoc for http-form-brute 2016-01-02 04:52:15 +00:00
dmiller
4e23e6dfde Major upgrade to http-form-brute 
Now can correctly handle complex token-based CSRF protections by grabbing all
fields from the login form and using session cookies from the form request.
These cookies are sent with subsequent redirect-following requests for better
failure detection. On success, cookies are cleared and re-acquired.

A database of known web apps' login forms is used for form detection, helpful
for those whose username and password fields do not begin with "user" and
"pass". Form mangling (to remove cookie checks in one instance) and custom
onsuccess functions are also supported. Tested: django, wordpress, mediawiki.

This *may* be a replacement (upon suitable testing) for http-wordpress-brute and
http-joomla-brute.
 2015-12-31 16:21:03 +00:00
dmiller
e1cf78d57e Fix some issues with http-wordpress-brute 
1. When the hostname script-arg was used, the script would try to
*connect* to that host instead of the target. Now the argument is used
*only* for the Host: header.

2. The http options table is reused for each request, significantly
reducing the load on the garbage collector over many requests.

3. Do not use both creds.Credentials:new() and creds.Account:new(),
since this results in double-reporting found credentials.
 2015-12-29 17:14:37 +00:00
dmiller
8a28707b32 Fix loading devframework fingerprints from script-arg 2015-12-28 17:07:37 +00:00
dmiller
82b765f6fe Fix bad output when rmi.Registry.list fails. Closes #262 2015-12-19 18:01:11 +00:00
dmiller
0b0955994d Add Alex Geana's multicast IPv6 listener script 2015-12-19 15:50:08 +00:00
dmiller
e5871dcc83 Clarify some @usage, fix double --script-args in telnet-brute 2015-12-19 15:25:44 +00:00
dmiller
a11db08325 Every ipOps function validates IP addresses, so no need to do it explicitly 2015-12-19 15:25:43 +00:00
dmiller
566120ca58 Fix some output formatting and a crash 2015-12-18 21:48:44 +00:00
dmiller
0f99596555 Fix a few bugs in targets-ipv6-multicast-mld. http://seclists.org/nmap-dev/2015/q2/250 2015-12-16 17:07:40 +00:00
dmiller
c199828a49 Remove intrusive category from hostmap-bfk 2015-12-15 16:40:01 +00:00
dmiller
73ad899d30 Update hostmap-robtex to current page layout 2015-12-15 16:40:00 +00:00
dmiller
bb07040e21 Add http-vuln-cve2014-3704 'Drupalgeddon'. Closes #226 2015-12-14 21:29:30 +00:00
dmiller
a8f0daaf38 Fix a crash in snmp-interfaces: http://seclists.org/nmap-dev/2015/q4/218 2015-12-13 21:39:48 +00:00
tomsellers
dd503ae2e5 Update script name in help of http-userdir-enum, update CHANGELOG to reflect last commit. 2015-12-13 20:25:50 +00:00
tomsellers
25c891d570 NSE: http-backup-finder.nse Address 3 sources of false positives. Closes #242 2015-12-13 20:18:17 +00:00
dmiller
53d41055c7 Port r35354 changes to ssl-enum-ciphers internal probe 2015-12-07 17:45:55 +00:00
tomsellers
58f00324eb NSE: Prevent http.identify_404 from following HTTP redirects, standardize calls to it. Closes #251 2015-12-05 10:16:51 +00:00
tomsellers
1bba7d4b80 NSE: http-cakephp-version - fix false positive caused by following HTTP redirects. Update call to identify_404 to improve results. 2015-12-04 01:28:11 +00:00
tomsellers
25a27252ec NSE: hnap-info minor code quality improvement 2015-12-04 01:05:28 +00:00
tomsellers
c662f9cbd1 Address false positive in hnap-info.nse Closes #241 2015-12-03 12:16:24 +00:00
dmiller
d2d5a78399 Avoid error output on non-HTTP and non-XMLRPC services. Closes #244 2015-11-29 16:34:33 +00:00
dmiller
818ca94616 Add further validation to SSNs in http-grep 2015-11-27 20:02:09 +00:00
dmiller
856b90337a Document some undocumented script-args. 2015-11-25 03:01:29 +00:00
dmiller
46388d28db Fix a crash in http-grep: https://twitter.com/grymoire/status/669320242154381312 2015-11-25 03:01:27 +00:00
dmiller
c10597a7b4 Prevent ipv6-node-info from producing empty output. 2015-11-19 04:53:27 +00:00
tomsellers
18f42a9391 Correct script names in NSEDoc usage sections. 2015-11-18 11:53:22 +00:00
dmiller
fa2527fd34 Add NSEdoc signal '---' to some scripts 2015-11-17 19:12:03 +00:00
dmiller
fe4a01d570 Remove an incorrect script.db line (uncommitted script) [ci skip] 2015-11-16 13:59:18 +00:00
dmiller
a9cf4c0b0f Add targets-xml for inputting targets from Nmap XML files 2015-11-15 05:39:20 +00:00
dmiller
06e04e9ea7 Add ssl-dh-params. Closes #232 2015-11-13 23:26:57 +00:00
dmiller
cb7bd4f560 Add nje-node-brute. http://seclists.org/nmap-dev/2015/q4/117 2015-11-11 17:10:15 +00:00
dmiller
9c0a0b1ce3 Add broadcast-sonicwall-discover. Closes #165 2015-11-11 17:02:29 +00:00
dmiller
8db897d635 Add http-vuln-cve2014-8877. Closes #38. 2015-11-11 17:02:28 +00:00
dmiller
60baf397e1 Let mcafee-epo-agent match newer agent replies with looser pattern 2015-11-06 19:40:07 +00:00
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
dmiller
c06e50b703 Let dns-update run on TCP or UDP, add examples & warning about test, xmloutput 2015-11-05 03:20:16 +00:00
dmiller
fa3080e79d Clarify script args for dns-update.nse 2015-11-05 02:42:36 +00:00
dmiller
474add9160 Allow http-ls to work when openssl not present (checksum feature not available) 2015-11-04 03:57:18 +00:00
dmiller
8029a3186b New script ip-https-discover http://seclists.org/nmap-dev/2015/q4/82 2015-11-03 13:53:20 +00:00