PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-18 12:19:02 +00:00
Code Issues Projects Releases Wiki Activity
10,148 Commits 2 Branches 0 Tags
2702b4d030bbc4997bd80098d5b173b0c3bd40d7
Commit Graph

10148 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dmiller
2f2b99c941 Fix some service matches with 0-length captures 
http://seclists.org/nmap-dev/2014/q2/105

This is only a temporary fix, since this restriction is hard to enforce.
We should really clean up the matching/substitution code to handle
0-length captures.
 2014-04-16 13:29:44 +00:00
tomsellers
cacf764754 Change to citrixxml.lua to improve performance of citrixlua library when handling large XML responses containing application lists. Large responses were causing the script to consume 100% CPU for extended periods of time. 
Reference:
http://seclists.org/nmap-dev/2014/q2/74
 2014-04-16 11:56:21 +00:00
dmiller
a343ea24cd Extend ssl-heartbleed to use every TLS cipher, prevent false negatives 2014-04-14 19:42:59 +00:00
fyodor
1d4fdaf2b3 Add another ndiff-related task 2014-04-13 07:10:09 +00:00
patrik
3dbe66e9be Change heartbeat request size from 0x0fe9 to 0x4000 2014-04-12 21:31:08 +00:00
fyodor
52dc994b05 regenerate man pages and resort nmap-os-db 2014-04-12 08:12:04 +00:00
fyodor
d7ab6f2001 I think INSTALL_LIB should be set to None by default so it is only used if the installer has set it to something specific. Otherwise I run into issues on Windows 2014-04-12 06:12:01 +00:00
fyodor
f83f67ccb9 add a note that our make uninstall should uninstall ndiff too (probably similar to how we do it for Zenmap) 2014-04-12 01:43:59 +00:00
fyodor
96eb55e419 Add some features from Zenmap's setup.pl to ndiff one. The main feature is adding the ndiff.py Python module install directory to ndiff script so it can always (we hope) be found even if the dir isn't in the user's PYTHONPATH. 2014-04-12 01:24:32 +00:00
fyodor
93e857ee81 Add code (taken from Zenmap) to make sure the install location of the Ndiff module can be found by the ndiff script 2014-04-12 00:16:30 +00:00
fyodor
1fc67280f7 Add "AutoReqProv:no" because automatic dependency calculation was adding "python(abi) = 2.4" even though our setup.py takes care of adjusting sys.path to point to wherever the modules were installed. We use this same approach for Zemap. Hopefully this doesn't cause problems. There were the dependencies before this change: 
$ rpm -qpR nmap-6.45-1.x86_64.rpm
/usr/bin/python
libc.so.6()(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libc.so.6(GLIBC_2.3.2)(64bit)
libc.so.6(GLIBC_2.3.4)(64bit)
libdl.so.2()(64bit)
libdl.so.2(GLIBC_2.2.5)(64bit)
libgcc_s.so.1()(64bit)
libgcc_s.so.1(GCC_3.0)(64bit)
libm.so.6()(64bit)
libm.so.6(GLIBC_2.2.5)(64bit)
libstdc++.so.6()(64bit)
libstdc++.so.6(CXXABI_1.3)(64bit)
libstdc++.so.6(GLIBCXX_3.4)(64bit)
libsvn_client-1.so.0()(64bit)
python >= 2.4
python(abi) = 2.4
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)

And here they are after:
$ rpm -qpR nmap-6.45-1.x86_64.rpm
python >= 2.4
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(CompressedFileNames) <= 3.0.4-1
 2014-04-11 23:12:35 +00:00
fyodor
9bbf495448 Update 6.45 release date to today 2014-04-11 19:34:34 +00:00
dmiller
100ff6f238 Let sslcert do STARTTLS based on service, not just port number 2014-04-11 16:42:29 +00:00
dmiller
7170837c8b Add @usage nsedoc to UDP scripts (default is missing -sU in this case) 2014-04-11 16:42:26 +00:00
dmiller
54caea26b4 Unify comm.lua's is_ssl and shortport.ssl 
Heuristic detection of SSL ports was previously done in 2 different
places, leading to a divergence: shortport.ssl would return true for
more services than comm.tryssl would try, since comm.is_ssl was checking
a shorter list of port numbers and was ignoring
port.version.service_tunnel and port.version.name. Now any changes to
shortport.ssl will affect both libraries.
 2014-04-11 15:22:42 +00:00
david
3f3fafbbec Update MacPorts-ports.diff to remove pkgconfig dependency on libiconv. 2014-04-11 05:36:00 +00:00
david
31e4350dba Make the argument to checked_fd_isset non-const. 
I got this error compiling on OS X 10.6:
In file included from netutil.cc:132:
../nbase/nbase.h: In function 'int checked_fd_isset(int, const fd_set*)':
../nbase/nbase.h:385: error: invalid conversion from 'const fd_set*' to 'fd_set*'
../nbase/nbase.h:385: error:   initializing argument 2 of 'int __darwin_fd_isset(int, fd_set*)'
netutil.cc: In function 'int send_ipv6_ip(const sockaddr_in6*, const unsigned char*, size_t)':
netutil.cc:3846: warning: unused variable 'tclass'
make[2]: *** [netutil.o] Error 1
make[1]: *** [netutil_build] Error 2
 2014-04-11 05:08:30 +00:00
fyodor
f83dc2c6c2 Since ndiff is now module-based, add some code to the spec file to hopefully allow it to find the site-packages/ndiff* and ^Cild the RPM 2014-04-11 04:04:42 +00:00
fyodor
6bf513b42a Update Nmap version number from 6.41SVN to 6.45 and rebuild docs 2014-04-11 02:59:07 +00:00
fyodor
8be0cb3f5e Update to latest Mac prefix (vendor) list from IEEE 2014-04-11 02:56:08 +00:00
dmiller
b3b0bf2389 Handle multiple messages in a single record (ssl-heartbleed) 2014-04-10 20:53:14 +00:00
dmiller
353291aeba Remove hardcoded TLSv1.1 from heartbeat message build 2014-04-10 20:53:12 +00:00
dmiller
3fd18f7752 Use tls.lua functions to build messages in ssl-heartbleed 2014-04-10 15:14:14 +00:00
dmiller
582afb7746 Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746 2014-04-10 15:14:12 +00:00
dmiller
e8d81eb8b4 Alert on missing tls library, better diagnostics for not-vulnerable sites 2014-04-10 15:14:10 +00:00
dmiller
80ea0d5f10 Don't try ssl-heartbleed on protocol mismatch 2014-04-09 21:54:27 +00:00
dmiller
233b1fca71 STARTTLS support for ssl-enum-ciphers 2014-04-09 18:02:01 +00:00
dmiller
c69afa24aa Enable ssl-heartbleed to connect to STARTTLS services 2014-04-09 17:34:39 +00:00
dmiller
d1a86b7f57 Remove unnecessary pcall and unsupported SSL 3.0 from ssl-heartbleed 2014-04-09 16:49:18 +00:00
patrik
c0078965e9 add TLS 1.0, 1.1 and 1.2 support and some error checking 2014-04-09 16:16:22 +00:00
dmiller
e38d9618a3 Adjust heartbleed payload size to minimum required to trigger 2014-04-09 15:58:09 +00:00
dmiller
cd0ed4ff7f Expand the binary blobs in ssl-hearbleed to allow tweaking 2014-04-09 14:37:35 +00:00
dmiller
9b93706cf3 Whitespace/indentation fixes for ssl-heartbleed 2014-04-09 13:51:57 +00:00
dmiller
f07e623835 Fix some globals in ssl-heartbleed.nse 2014-04-09 13:51:55 +00:00
patrik
20eb77d6d2 o [NSE] Add ssl-heartbleed script to detect the Heartbleed bug in OpenSSL 
CVE-2014-0160 [Patrik Karlsson]
 2014-04-09 01:49:29 +00:00
dmiller
9e601256c6 Add parsing support for TLS heartbeat ContentType 2014-04-08 20:12:22 +00:00
dmiller
c87a4f1b3f Fix an off-by-one bug in TLS record parsing 2014-04-08 20:12:21 +00:00
henri
ac863d6b10 Added an item for a new design of nsock SSL 2014-04-08 19:59:13 +00:00
henri
df4f3e77b8 Added TLS heartbeat Content Type, which everyone is needing today 2014-04-08 13:21:31 +00:00
dmiller
162a30b3cf Fix TLS SNI extension, by nnposter 2014-04-08 02:46:20 +00:00
dmiller
413bbf6e96 Revert r32789 in favor of lib-level fixes 
nmap.new_try() shouldn't be used in libraries. It results in Lua errors
being thrown that the script can't recover from without resorting to
pcall(). It has been replaced in proxy.lua with proper error handling
which did not require any changes to the scripts (http-open-proxy and
socks-open-proxy) that used it.
 2014-04-07 18:10:10 +00:00
dmiller
1332949c3d Fix bug in socks-open-proxy, TIMEOUT or EOF when SOCKS5 not supported 2014-04-04 21:46:21 +00:00
fyodor
18a770fd22 Note that we should update OpenSSL binaries we use for Windows at some point. We have 1.01c now and OpenSSL group has released up to 1.01f 2014-04-04 04:43:47 +00:00
dmiller
f081cf31bb Allow numeric TLS extensions for unassigned ExtensionTypes 2014-04-03 18:29:07 +00:00
dmiller
64ef503f5b Remove debug leftover from ssl-enum-ciphers 2014-03-31 14:35:50 +00:00
fyodor
8661c8a519 Improved ntp-info script to handle underscores in returned data. [nnposter] 2014-03-27 05:49:14 +00:00
dmiller
6c2ab1e289 Add missing TLS extension types registered with IANA 2014-03-21 20:49:35 +00:00
dmiller
c4a541ac1e Fix IPID sequence detection in the case of Random 
Reported by Lior Levinsky. As part of r32469, which added IPv6 IPID
sequnce detection, the logic to detect all-zero IPID sequences was
split. get_diffs was returning IPID_SEQ_UNKNOWN, IPID_SEQ_RD, or
1 for all-zeros, but the get_ipid_sequence_* functions were treating
every non-zero return value as indicating all-zeros, which meant that
IPID sequence detection was broken.

http://seclists.org/nmap-dev/2014/q1/287
 2014-03-15 12:37:54 +00:00
dmiller
573f9c1a73 Fix a libpcap dependency flag in nsock test suite 2014-03-14 22:08:51 +00:00
dmiller
58aa610671 Use a generic transcode function to implement utf16to8 etc. 2014-03-13 21:43:09 +00:00