PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 22:21:29 +00:00
Code Issues Projects Releases Wiki Activity
6,322 Commits 2 Branches 0 Tags
20575e01b92192a37293a1ce0137a16103661295
Commit Graph

1287 Commits

Author SHA1 Message Date
david
44fcc2f455 ssl-enum-ciphers update for cipher strength from Gabriel Lawrence. 2011-09-14 17:57:47 +00:00
henri
cc4310b6d0 Cosmetic fix: consistently return 'false' in the hostrule 2011-09-14 10:03:41 +00:00
tomsellers
b841ee37b7 a couple more adjustments to account status handling in brute scripts. 
Revert wording in oracle-brute.nse, add support for new category in ldap-brute.nse and reflect new wording in examples in afp-brute.nse
 2011-09-13 01:44:30 +00:00
fyodor
5743a26565 trivial nsedoc change 2011-09-12 21:07:57 +00:00
david
c0acb48951 In ms-sql-info, change the hostrule conditions 
state ~= "closed"
into
	state == "open" or state == "open|filtered"

(state ~= "closed") matches "filtered", so the script was running
against hosts that had all the relevant ports filtered.
 2011-09-12 16:36:06 +00:00
david
d2bce72bee Doc typo in address-info.nse. 2011-09-11 21:05:57 +00:00
fyodor
2ff08a24a1 Update some script nsedoc descriptions for consistency. The description should almost always start with an active verb and never with the script name or 'this script'. Admittedly that makes the first sentence a fragment. The first sentence should be capitalized 2011-09-11 20:50:56 +00:00
fyodor
a5d81c3b35 Improve some NSEDoc descriptions 2011-09-11 20:44:07 +00:00
fyodor
bff90f3d55 minor updates to the nsedoc descriptions for some scripts 2011-09-11 18:26:37 +00:00
tomsellers
03e49171dd Added ms-sql-brute.brute-windows-accounts to script documentation. Adjusted existing documentation to improve rendered result on NSEDOC web page. 2011-09-11 14:14:08 +00:00
tomsellers
035ae9e9b1 Updated account status text in brute force password discovery scripts in an effort to make the reporting more consistent across all scripts. This will have an impact on any code that parses these values. 
In the case of a few of these scripts the only thing that was updated was the example text as the scripts relied on the creds library which handles the strings internally.
 2011-09-11 12:13:13 +00:00
tomsellers
1c92c03401 Add a few scripts to the "broadcast" script category based on traffic behavior. 2011-09-11 11:58:18 +00:00
tomsellers
2c8d24b557 Added error handling to catch and gracefully handle error when script was called via category instead of explicitly. The error was due to the backorifice-brute.ports script arg not being specified and the script trying to concat the value (nil). 2011-09-11 11:49:28 +00:00
tomsellers
ee676fab14 Added support for specifying a UPN suffix to be appended to usernames when brute forcing Microsoft Active Directory accounts. This should provide more reliable tests against domains that have been heavily organized into OUs or have child domains with a single UPN suffix. The UPN suffix can guessed or found via a null LDAP bind by ldap-rootdse.nse. 2011-09-09 23:57:21 +00:00
david
4d0a8a27b1 Show a visible error when targets-ipv6-* are run without an interface. 2011-09-08 16:11:21 +00:00
fyodor
8b88d901a9 Remove 3 vuln scripts from default category as discussed at http://seclists.org/nmap-dev/2011/q3/732 2011-09-07 20:40:51 +00:00
tomsellers
3dec74248f Add support for saving search results to a CSV file via a new script argument 'ldap.savesearch'. 2011-09-05 22:50:27 +00:00
david
7ad3893ad1 NSEDoc fixes in oracle-brute. 2011-09-05 17:00:48 +00:00
patrik
ae75aa7fd3 o [NSE] Added new default credential list for Oracle and modified the 
oracle-brute script to make use of it. [Patrik]
 2011-09-05 08:13:34 +00:00
henri
f2ff9bb728 Added xmpp-info.nse as a replacement for xmpp.nse (script from Vasily Kulikov). 2011-09-04 19:18:22 +00:00
tomsellers
e20ea237ef Added ability to save discovered credentials to a file via the creds nse library. 2011-09-04 18:01:45 +00:00
robert
9abdc958ed Added the new hash for PHP 5.3.7 and 5.3.8 credits and extended the elephant logo hash to include the new versions. PHP 5.3.7 contained a nasty bug (https://bugs.php.net/bug.php?id=55439) and was quickly replaced by 5.3.8 after a couple of days. 2011-09-04 14:41:53 +00:00
tomsellers
7205f00499 When combined with the previous commit to smb.lua these changes add support to smb-brute.nse for detecting valid credentials for accounts that have expired and time/logon host restrictions. 2011-09-03 17:11:04 +00:00
weilin
f1ef57e961 o [NSE] Check the link type of the interface before sending the multicast host discovery probe. 2011-09-03 12:57:37 +00:00
djalal
fbd74b9d46 o [NSE] Use nmap.get_interface_info() to retrieve the interface information. 2011-09-03 10:38:38 +00:00
tomsellers
5b512f0914 ldap-brute: Added feedback to -vv output when a valid 
user/password combination is found.
 2011-09-03 04:15:28 +00:00
david
d8ce681711 Simplify and document the invalid destination options header. 
The packet construction had a bug that made it more effective in at
least one case for me. Weilin had supplied a 16-byte destination options
buffer, including some random bytes from a packet capture. But the
length of buffer was set incorrectly in the packet, making it look like
it was 8 bytes instead of 16. Therefore the expected ICMPv6 packet
started in the middle of the buffer, making it appear to have a
type/code of 254/24 instead of 128/0 as expected.

I tried setting the proper length, while keeping the invalid destination
option, but then stopped getting a Parameter Problem response. I also
tried setting a proper destination options buffer with no invalid
options, followed by ICMPv6 with type/code of 128/0, and again got no
response. It appears that I get a response only when both of these
conditions are satisfied: 1) an invalid destination option exists, and
2) the ICMPv6 type is unknown. This is against OS X.

The probe was being effective by accident, but now I've simplified it
and documented these strange conditions.

This breaks any hosts that might have ignored the invalid destination
option (which they shouldn't do) and replied to the echo request. But we
have targets-ipv6-multicast-echo for that.
 2011-09-02 04:11:07 +00:00
david
64722d1b7b Better docs for targets-ipv6-* scripts. 2011-09-02 04:11:06 +00:00
david
c497fb37a7 Remove unconditional debugging output from targets-ipv6-* scripts. 2011-09-02 04:11:05 +00:00
david
8d715c7a48 Remove the ipv6.src script argument. 2011-09-02 04:11:03 +00:00
david
5f217dee0a Use the SCRIPT_NAME prefix on the "interface" arg. 2011-09-02 04:11:02 +00:00
david
a0e4664f21 Whitespace. 2011-09-02 04:11:01 +00:00
david
113ef12106 Add IPv6 multicast host discovery scripts from Weilin. 2011-09-02 04:11:00 +00:00
henri
8687465372 Added a blank line after the @args section to ensure a correct formatting of the NSE Doc 2011-08-30 17:06:17 +00:00
henri
afc3d2059c Added http-vuln-cve2011-3192.nse from Duarte Silva. 2011-08-29 21:42:57 +00:00
fyodor
71a3724543 We don't currently have a brute category. I'm not at all against having one though. So if someone wishes to create one, just be sure you put all the *-brute scripts in it 2011-08-25 02:57:17 +00:00
gorjan
b12bb4fba2 Adding address-info.nse, which shows extra information about IP addresses. 2011-08-23 10:36:16 +00:00
paulino
b99a8bbd99 Adds http-awstatstotals-exec, http-joomla-brute, http-wordpress-brute and http-wp-enum. 2011-08-23 06:29:12 +00:00
gorjan
f46a8eb2de Output fix 2011-08-22 13:48:44 +00:00
fyodor
92ceb70071 Duarte Silva asked that his email address be updated in these scripts. 2011-08-22 00:58:19 +00:00
paulino
172bf91228 Adds http-waf-detect: 
Determines if a web server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or WAF (Web Application Firewall) by probing the web server with malicious payloads and detecting changes in the response code and body.
 2011-08-15 21:38:58 +00:00
gorjan
c6bf558a3c Updated NSEDoc usage. 2011-08-13 19:26:24 +00:00
patrik
a1d515e548 o [NSE] Added script broadcast-listener that attempts to discover hosts by 
passively listening to the network. It does so by decoding ethernet and IP
  broadcast and multicast messages. [Patrik]
 2011-08-10 16:46:55 +00:00
gorjan
4d4b6ed20f NSEDoc fix for the bittorrent-discovery script 2011-08-09 19:55:59 +00:00
gorjan
88e8647381 Adding the bittorrent library and bittorrent-discovery script which enables you to add bittorrent peers and DHT nodes as targets for scanning 2011-08-09 16:56:13 +00:00
tomsellers
e7b2ffe7c8 Tweaked ldap-brute.nse to work correctly when the target AD implementation is 2008 R2 and perhaps other sources. 
Added detection of accounts where the credentials are correct, but the account is expired, not allowed to log on at the time of the scan or has been limited to logging in from particular hosts.

Notes on these changes were sent to the mailing list.
 2011-08-08 00:26:02 +00:00
gorjan
d509ad055a Adding the optimized snmp-brute script, unpwdb library , snmpcommunities wordlist 2011-08-03 21:37:27 +00:00
gorjan
b9a1f0d49e Small fix for script output not to include the newtargets comment when no output is produced. 2011-08-02 03:45:59 +00:00
paulino
c8c2ef76d0 Fixes typo in default fingerprint file 2011-07-27 04:56:41 +00:00
paulino
26dc09ad43 Gets arguments with stdnse.get_script_args instead of reading them from nmap.registry 2011-07-27 03:28:13 +00:00