PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-13 03:09:02 +00:00
Code Issues Projects Releases Wiki Activity
5,952 Commits 2 Branches 0 Tags
31f12a071c35fdf521ea120a07258e7888903607
Commit Graph

1154 Commits

Author SHA1 Message Date
gorjan
653cf8fcbd Update address-info to show MAC address related manufacturer. 2011-09-26 22:42:08 +00:00
gorjan
d5b0b9bf43 Adding the lltd-discovery script, which enables the user to discover hosts on local networks using the Microsoft LLTD protocol. 2011-09-26 22:20:08 +00:00
david
c41f53b3b1 --script-updatedb 2011-09-26 20:56:46 +00:00
david
a48b91852c Add version detection to quake3-info.nse, from Toni Ruottu. 2011-09-26 20:56:45 +00:00
david
54dfb2a909 Update ovs-agent-version.nse with a signature from version 3.0.1. 2011-09-23 21:42:06 +00:00
henri
9dbef5ab6e Added ssl-google-cert-catalog.nse by Vasiliy Kulikov 2011-09-22 18:37:48 +00:00
henri
b7df13296e Fix a bug in dns.lua: ensure that dns.query() always return two values (status and response). 
Update asn-query.nse accordingly.
 2011-09-22 18:00:44 +00:00
david
feb691f534 Only show the "other options" in quake3-info with -v. 2011-09-21 22:50:01 +00:00
david
d8dd542bba Get rid of some blank lines in quake3-info. 2011-09-21 22:50:00 +00:00
david
423beece60 o [NSE] Added quake3-info.nse by Toni Ruottu. This script gets 
information about games and settings for a Quake 3 (or derived game)
  server.
 2011-09-21 22:49:59 +00:00
david
22ebd46baa o [NSE] Made irc-info.nse handle the case where the MOTD is missing. 
Patch by Sebastian Dragomir.
 2011-09-21 05:09:26 +00:00
david
613527e7e2 Add @usage to snmp-sysdescr. 
The auto-generated usage doesn't work for this script. Eugene Varnavsky
contributed the fix.
 2011-09-20 16:12:07 +00:00
david
fe9510187f Make nping-brute work with IPv6 again. 
Patch by Toni Ruottu. IPv6 hosts now have bin_ip, which previously was
taken as being an IPv4 address only.
 2011-09-20 16:12:07 +00:00
david
1a56b09beb Don't redundantly list the NULL compressor in ssl-num-ciphers.nse. 
This can happen when we ask for a different compressor but the server
replies with NULL instead. Patch by Matt Selsky in
http://seclists.org/nmap-dev/2011/q2/1236.
 2011-09-14 18:21:23 +00:00
david
49be2a7c61 Fix compressor names in ssl-enum-ciphers.nse. 
patch from Matt Selsky in http://seclists.org/nmap-dev/2011/q2/1235.
 2011-09-14 18:14:52 +00:00
david
2990c68107 Whitespace in ssl-enum-ciphers. 2011-09-14 17:57:49 +00:00
david
3cf16f31c3 Update output and NSEDoc for ssl-enum-ciphers. 2011-09-14 17:57:48 +00:00
david
44fcc2f455 ssl-enum-ciphers update for cipher strength from Gabriel Lawrence. 2011-09-14 17:57:47 +00:00
henri
cc4310b6d0 Cosmetic fix: consistently return 'false' in the hostrule 2011-09-14 10:03:41 +00:00
tomsellers
b841ee37b7 a couple more adjustments to account status handling in brute scripts. 
Revert wording in oracle-brute.nse, add support for new category in ldap-brute.nse and reflect new wording in examples in afp-brute.nse
 2011-09-13 01:44:30 +00:00
fyodor
5743a26565 trivial nsedoc change 2011-09-12 21:07:57 +00:00
david
c0acb48951 In ms-sql-info, change the hostrule conditions 
state ~= "closed"
into
	state == "open" or state == "open|filtered"

(state ~= "closed") matches "filtered", so the script was running
against hosts that had all the relevant ports filtered.
 2011-09-12 16:36:06 +00:00
david
d2bce72bee Doc typo in address-info.nse. 2011-09-11 21:05:57 +00:00
fyodor
2ff08a24a1 Update some script nsedoc descriptions for consistency. The description should almost always start with an active verb and never with the script name or 'this script'. Admittedly that makes the first sentence a fragment. The first sentence should be capitalized 2011-09-11 20:50:56 +00:00
fyodor
a5d81c3b35 Improve some NSEDoc descriptions 2011-09-11 20:44:07 +00:00
fyodor
bff90f3d55 minor updates to the nsedoc descriptions for some scripts 2011-09-11 18:26:37 +00:00
tomsellers
03e49171dd Added ms-sql-brute.brute-windows-accounts to script documentation. Adjusted existing documentation to improve rendered result on NSEDOC web page. 2011-09-11 14:14:08 +00:00
tomsellers
035ae9e9b1 Updated account status text in brute force password discovery scripts in an effort to make the reporting more consistent across all scripts. This will have an impact on any code that parses these values. 
In the case of a few of these scripts the only thing that was updated was the example text as the scripts relied on the creds library which handles the strings internally.
 2011-09-11 12:13:13 +00:00
tomsellers
1c92c03401 Add a few scripts to the "broadcast" script category based on traffic behavior. 2011-09-11 11:58:18 +00:00
tomsellers
2c8d24b557 Added error handling to catch and gracefully handle error when script was called via category instead of explicitly. The error was due to the backorifice-brute.ports script arg not being specified and the script trying to concat the value (nil). 2011-09-11 11:49:28 +00:00
tomsellers
ee676fab14 Added support for specifying a UPN suffix to be appended to usernames when brute forcing Microsoft Active Directory accounts. This should provide more reliable tests against domains that have been heavily organized into OUs or have child domains with a single UPN suffix. The UPN suffix can guessed or found via a null LDAP bind by ldap-rootdse.nse. 2011-09-09 23:57:21 +00:00
david
4d0a8a27b1 Show a visible error when targets-ipv6-* are run without an interface. 2011-09-08 16:11:21 +00:00
fyodor
8b88d901a9 Remove 3 vuln scripts from default category as discussed at http://seclists.org/nmap-dev/2011/q3/732 2011-09-07 20:40:51 +00:00
tomsellers
3dec74248f Add support for saving search results to a CSV file via a new script argument 'ldap.savesearch'. 2011-09-05 22:50:27 +00:00
david
7ad3893ad1 NSEDoc fixes in oracle-brute. 2011-09-05 17:00:48 +00:00
patrik
ae75aa7fd3 o [NSE] Added new default credential list for Oracle and modified the 
oracle-brute script to make use of it. [Patrik]
 2011-09-05 08:13:34 +00:00
henri
f2ff9bb728 Added xmpp-info.nse as a replacement for xmpp.nse (script from Vasily Kulikov). 2011-09-04 19:18:22 +00:00
tomsellers
e20ea237ef Added ability to save discovered credentials to a file via the creds nse library. 2011-09-04 18:01:45 +00:00
robert
9abdc958ed Added the new hash for PHP 5.3.7 and 5.3.8 credits and extended the elephant logo hash to include the new versions. PHP 5.3.7 contained a nasty bug (https://bugs.php.net/bug.php?id=55439) and was quickly replaced by 5.3.8 after a couple of days. 2011-09-04 14:41:53 +00:00
tomsellers
7205f00499 When combined with the previous commit to smb.lua these changes add support to smb-brute.nse for detecting valid credentials for accounts that have expired and time/logon host restrictions. 2011-09-03 17:11:04 +00:00
weilin
f1ef57e961 o [NSE] Check the link type of the interface before sending the multicast host discovery probe. 2011-09-03 12:57:37 +00:00
djalal
fbd74b9d46 o [NSE] Use nmap.get_interface_info() to retrieve the interface information. 2011-09-03 10:38:38 +00:00
tomsellers
5b512f0914 ldap-brute: Added feedback to -vv output when a valid 
user/password combination is found.
 2011-09-03 04:15:28 +00:00
david
d8ce681711 Simplify and document the invalid destination options header. 
The packet construction had a bug that made it more effective in at
least one case for me. Weilin had supplied a 16-byte destination options
buffer, including some random bytes from a packet capture. But the
length of buffer was set incorrectly in the packet, making it look like
it was 8 bytes instead of 16. Therefore the expected ICMPv6 packet
started in the middle of the buffer, making it appear to have a
type/code of 254/24 instead of 128/0 as expected.

I tried setting the proper length, while keeping the invalid destination
option, but then stopped getting a Parameter Problem response. I also
tried setting a proper destination options buffer with no invalid
options, followed by ICMPv6 with type/code of 128/0, and again got no
response. It appears that I get a response only when both of these
conditions are satisfied: 1) an invalid destination option exists, and
2) the ICMPv6 type is unknown. This is against OS X.

The probe was being effective by accident, but now I've simplified it
and documented these strange conditions.

This breaks any hosts that might have ignored the invalid destination
option (which they shouldn't do) and replied to the echo request. But we
have targets-ipv6-multicast-echo for that.
 2011-09-02 04:11:07 +00:00
david
64722d1b7b Better docs for targets-ipv6-* scripts. 2011-09-02 04:11:06 +00:00
david
c497fb37a7 Remove unconditional debugging output from targets-ipv6-* scripts. 2011-09-02 04:11:05 +00:00
david
8d715c7a48 Remove the ipv6.src script argument. 2011-09-02 04:11:03 +00:00
david
5f217dee0a Use the SCRIPT_NAME prefix on the "interface" arg. 2011-09-02 04:11:02 +00:00
david
a0e4664f21 Whitespace. 2011-09-02 04:11:01 +00:00
david
113ef12106 Add IPv6 multicast host discovery scripts from Weilin. 2011-09-02 04:11:00 +00:00