PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
5,019 Commits 2 Branches 0 Tags
3f15b93e98a6905853d1271594c45b51eb669fe0
Commit Graph

855 Commits

Author SHA1 Message Date
fyodor
6f22390e45 Remove Jah's email address from two scripts to match what he uses in the other three (If he wants the email addresses, he is welcome to put them on all five--I'm just shooting for consistency 2010-07-24 05:30:36 +00:00
kris
cc33a59ca4 Add nmap.clock() for providing scripts with the current time in floating 
point seconds since the epoch, and add clock_ms() and clock_us() to stdnse
for convenience (millisecond and microsecond).

qscan.nse now provides microsecond resolution.
 2010-07-23 19:49:42 +00:00
kris
ee3c89afe4 o [NSE] When receiving raw packets from Pcap, the packet capture time 
is now available to scripts as an additional return value from
  pcap_receive().  It is returned as the floating point number of
  seconds since the epoch.  The qscan.nse script was updated to use
  this more accurate data instead of using the clock_ms() function
  (which returns the current time). [Kris]
 2010-07-23 10:43:04 +00:00
david
3df554de64 Spell-check NSEDoc. 2010-07-19 16:29:48 +00:00
david
156952fbf8 Do index canonicalization in scripting.xml. Remove ".nse" where not 
needed.
 2010-07-18 20:31:32 +00:00
david
8811bdb6cc Reflow NSEDoc for PDF inclusion. 2010-07-18 19:41:04 +00:00
david
5f035c6a61 Break a long line in auth-owners.nse for PDF inclusion. 2010-07-18 17:41:26 +00:00
david
bccb8ead89 Edit some script descriptions for better line breaks when rendered as 
PDF. Some long URLs were replaced by short redirects under
http://nmap.org/r/.
 2010-07-17 16:47:31 +00:00
patrik
db0093ccd0 fixed bug with empty contexts not returning any data from ldap servers 
add objectClass person to qfilter users so that users are properly shown
add error msg for invalid credentials
[patrik]
 2010-07-16 21:59:27 +00:00
david
934836d776 Adjust documentation capitalization in snmp-win32-users.nse. 2010-07-16 15:15:27 +00:00
fyodor
9b4b172045 Update generated content for new release 2010-07-16 00:43:59 +00:00
david
7d0c08a097 Brief copyediting of NSEDoc for modules. 2010-07-12 19:42:43 +00:00
david
1ff1a4f892 First-pass copyediting on the remaining scripts. 2010-07-12 17:19:26 +00:00
david
4cdc50e95d Do copyediting of NSEDoc up through pgsql-brute. 2010-07-12 06:21:03 +00:00
david
b9633ed69b Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell. 2010-07-09 23:32:18 +00:00
david
0e7f78bcd0 Break off a comment in afp-brute.nse so it doesn't appear as part of the 
@output.
 2010-07-09 17:48:10 +00:00
djalal
98cf1dd7c4 Remove nfs-acls and nfs-dirlist scripts, all their features are supported by nfs-ls.nse script. 2010-07-06 00:56:41 +00:00
djalal
53b2b629dc Merge r18534:r18591 from nmap-exp/djalal/nse-nfs/ 2010-07-06 00:29:54 +00:00
david
5c85f224c0 Accuracy and speed improvements to irc-unrealircd-backdoor.nse. The main 
problem was that the timer was including the time taken by the server to
do reverse-DNS resolution and an ident lookup, before it handled the
magic "AB" sleep command. So if a server took 10 seconds to time out the
ident lookup, the time recorded would be 10 seconds greater than it
should have been. If the timeout was long enough, as server would be
reported as vulnerable even if not. To compensate for this, the delay
was set high, but false positives were still possible and this slowed
down the script.

First, remove the mutex that allowed only one instance of the script to
run at a time. The mutex was meant to provide more accurate timing, but
it wasn't really needed because scritp parallelism wasn't the cause of
inaccuracy.

Next, make sure the server is done sending its initialization messages
(and hence is done with its timeouts) before sending the magic "AB"
sleep command and starting the timer. This is done by sending an
innocuous TIME command immediately upon connection. This is partly
because comm.tryssl has to send something, and partly because we can
detect when the server has processed the TIME command by looking for a
message like ":hostname 451 TIME :You have not registered". Once this is
done, we start the timer and send the "AB" command. If we haven't gotten
a response to TIME in 60 seconds, go ahead and send the "AB" command
anyway.

Finally, reduce the delay to 8 seconds from 25. The delay only has to be
long enough to overcome any network delay, now that confounding timeouts
have been eliminated. In a test of around 600 hosts, the only times I
recorded were 0, 1, 8, and 9 seconds, so this looks like a good enough
safety margin.
 2010-07-01 00:11:59 +00:00
djalal
72a06a3b5c Merge r18160:18278 from nmap-exp/djalal/nmap-nse/ to fix NSE not honoring the exclude directive bug. 2010-06-29 21:56:59 +00:00
djalal
329d9e3c2b Merge r18144:18422 from nmap-exp/djalal/nse-nfs/scripts 2010-06-29 21:06:07 +00:00
ron
4105ee3379 Initial import of irc-unrealircd-backdoor, used to detect Trojanned UnrealIRCd servers. This script still has reliability problems, due to the method of detection. 2010-06-25 20:05:54 +00:00
david
32c8ee9f1f Fix some NSEDoc. 2010-06-24 17:01:55 +00:00
david
acb92d0494 Add Gutek's modifications to http-passwd.nse that enable it to check for 
boot.ini.
 2010-06-23 02:29:24 +00:00
david
5b4e171444 o [NSE] Added ftp-libopie.nse by Gutek. This script checks for an 
off-by-one stack overflow vulnerability in libopie by giving the FTP
  service an overlong name. See
  http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc for
  details.
 2010-06-21 20:25:11 +00:00
david
c50c7a2c0b o Added http-php-version.nse from Gutek. This script retrieves 
version-specific pages through a couple of magic PHP queries, which
  can identify the PHP version even when a server doesn't advertise
  it.
 2010-06-18 22:12:17 +00:00
patrik
b6744a3b6c Fixes crash when attempting to sort services that have no port. 2010-06-15 18:18:09 +00:00
fyodor
fabe05eae6 Change the term 'stolen from' in comments to 'inspired by', which sounds a little less felonious :) 2010-06-15 08:05:28 +00:00
fyodor
1428a1644b We generally put scripts in either safe or intrusive categories, but not both. So I removed intrusive. I also added discovery, as that seems to fit the ssh-hostkey script 2010-06-15 07:49:45 +00:00
drazen
124b4ef13c Merge from /nmap-exp/drazen/nmap-msrpc. This adds checks for MS06-025 and MS07-029 to smb-check-vulns.nse. 2010-06-14 18:42:54 +00:00
drazen
88a1653d72 Revert r18104. This was a broken merge that still had conflict markers. 2010-06-14 17:32:22 +00:00
drazen
79c14d935c Merged smb-check-vulns from my branch to trunk. 2010-06-14 17:03:15 +00:00
drazen
a99aa3b53b Added a check for the MS07-029 vulnerability within "smb-check-vulns". 
Made some small changes to the function descriptions.
 2010-06-13 02:55:26 +00:00
djalal
2ad517622b Add the nfs-ls script entry to the script.db 2010-06-12 23:53:20 +00:00
djalal
921f052f0b Merge r17766:18060 from /nmap-exp/djalal/nselib and nmap-exp/djalal/scripts contains new scripts nfs-ls.nse and lot of new code to the rpc.lua library to check files type and attributes to marshall/unmarshall file attributes and some new high level functions to manipulate NFS objects. 2010-06-12 23:45:59 +00:00
drazen
48ead20324 Added a NOTUP notification if the target service is down (not started). 2010-06-12 22:13:30 +00:00
drazen
0f4d199b1e Fixed a simple bad gameplay in which I attempt to close 
an already closed SMB session.
 2010-06-12 21:45:16 +00:00
drazen
62c2d97f93 MS06-025: 
-- Finished, tested and merged into smb-check-vulns
	-- msrpc.lua contains the code required to interface with the RASRPC interface
 2010-06-12 19:32:50 +00:00
david
e4162e6771 o [NSE] Added dns-cache-snoop.nse by Eugene Alexeev. This script does 
cache snooping by either sending non-recursive queries or by measuring
  response times.
 2010-06-12 02:25:44 +00:00
fyodor
35a28ea343 canonicalize some license text that differed in whitespace or quote character or line-ending or (in a couple cases) the slightly older wording 2010-06-11 06:54:56 +00:00
fyodor
3ceb44b4f7 Moved some information from the license field of these two scripts to the description field. I felt this was a better place since the URL leads to a description of the service rather than license information 2010-06-11 06:49:15 +00:00
fyodor
46a819b034 changed a URL to use %28 and %29 rather than ( and ) to fix an nsedoc parsing issue noted by Jason DePriest 2010-06-10 05:36:39 +00:00
robert
565d6a524d Improved anonymous ftp detection. Now supports ACCT and has improved parsing of server responses. 2010-06-05 12:37:39 +00:00
kris
3a0aa06db1 Fix a bug in qscan.nse which kept a confidence level of 0.9995 from working; 
Marcin Hoffmann reported the problem.
 2010-06-05 00:46:48 +00:00
jah
722f10670a Some improvements based on a review by David: comments, less convoluted code and 
a silly mistake. Also removed some length checks for Mode 7 implementation 2
data which are no longer used.
 2010-06-04 10:05:32 +00:00
jah
cb879a313f Update script.db with added ntp-monlist.nse 2010-06-03 12:37:05 +00:00
jah
5bdc8cda93 ntp-monlist discovers NTP server, peer and client hosts associated with a 
scanned target by sending NTPv2 Private Mode 'monitor' and 'peers' commands to
the target.
 2010-06-03 12:14:15 +00:00
patrik
e411e35fc6 Fixed a bug that would prevent the rpcinfo script from returning any results 
if the rpc program could not be matched to a name.
 2010-06-01 14:09:58 +00:00
fyodor
fb943a04f6 Move some script description text out of the script output section and into the user summary 2010-05-24 03:21:49 +00:00
jah
e307ee691e IANA have moved the IPv4 and IPv6 assignments tables and slightly altered their 
content.
 2010-05-20 19:17:43 +00:00