PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-31 20:09:02 +00:00
Code Issues Projects Releases Wiki Activity
5,019 Commits 2 Branches 0 Tags
3f15b93e98a6905853d1271594c45b51eb669fe0
Commit Graph

5019 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
david
b82d3c7327 Document new "broadcast" category in CHANGELOG. 2011-01-13 06:39:43 +00:00
david
291ab7488d Document the "broadcast" script category. 2011-01-13 06:21:55 +00:00
david
a0f2fdbdb3 Move all broadcast-* scripts from the "discovery" category to 
"broadcast" (new category).
 2011-01-13 06:21:53 +00:00
david
f2e16f494d Split out OPENSSL_LIBS in Makefile.in to allow overriding it 
specifically.
 2011-01-13 01:28:52 +00:00
luis
56c152fd81 There should be a comma before 'and' when the list consists of complex items. 2011-01-12 18:57:26 +00:00
fyodor
0074b626cc o Integrated cracked passwords from the Gawker.com compromise 
(http://seclists.org/nmap-dev/2010/q4/674) into
  Nmap's top-5000 password database. A team of Nmap developers, lead
  by Brandon Enright has cracked 635,546 out of 748,081 password
  hashes so far (85%). Gawker users' top passwords are are "123456",
  "password", "12345678", "lifehack", "qwerty", "abc123", "12345",
  "monkey", "111111", "consumer", and "letmein".
 2011-01-12 08:38:39 +00:00
fyodor
05f7c6ae07 Remove minecraft-auth for now -- see http://seclists.org/nmap-dev/2011/q1/85 2011-01-12 07:51:30 +00:00
fyodor
cdbd5e6c7b some changes from a meeting with David today 2011-01-12 06:48:52 +00:00
david
32ef95e22f TODO typo. 2011-01-11 20:32:23 +00:00
david
044defdcda Only override OpenSSL detection for Nping, and force linking against the 
static libraries when running make.
 2011-01-11 19:57:50 +00:00
fyodor
485707d373 Note a current issue relating to using our RPMs on Fedora 12+ and maybe other recent Linux distros 2011-01-10 09:25:43 +00:00
david
42c14f507e Take minecraft-auth out of "vuln" and put it in "auth". From reading the 
Tumblr post, this sounds more like a way for people to set up a private
server on a LAN among trusted users than a vulnerability. Also link the
Tumblr post in the description.
 2011-01-10 01:14:16 +00:00
david
68ac93f69a o [NSE] Added minecraft-auth.nse by Toni Ruotto. It checks for 
Minecraft game servers that don't check usernames against a master
  server.
 2011-01-10 01:14:15 +00:00
david
4fa142de14 Use the local read (which obeys the "lines" and "bytes" options) intead 
of sd:receive in comm.opencon, which is used by comm.get_banner.
 2011-01-10 00:25:14 +00:00
david
64ccea886b Whitespace in comm.lua. 2011-01-10 00:25:12 +00:00
ron
4e5f8799e1 Added a bunch of CMS checks for http-enum.nse submitted to me by Robert Rowley 2011-01-09 18:51:03 +00:00
luis
7f18a3a280 Fix simple grammar error 2011-01-09 18:21:07 +00:00
david
2592194732 Add nrpe-enum.nse by Mak Kolybabi. 2011-01-09 03:43:41 +00:00
david
4e6c276db8 Remove nmap-services comments that simply duplicate the service name. 2011-01-09 03:17:22 +00:00
david
274e3c6ae3 Merge port names from http://www.iana.org/assignments/port-numbers. 2011-01-09 03:09:40 +00:00
david
acffcdfc82 Move banners announcing the start of a script scan phase out of the 
threads_iter function.
 2011-01-08 07:20:42 +00:00
david
9857411032 Pre-prime the first list of CONCURRENCY_LIMIT threads, and bail out 
early if there are none to be run. This avoids printing
ScanProgressMeter messages.
 2011-01-08 07:20:40 +00:00
david
1392faf5d4 Remove runlevel_scripts, which had become just a wrapper around ipairs. 2011-01-08 07:20:39 +00:00
david
303123205e Updates to gopher-ls.nse from Toni Ruotto: 
* Added gopher-ls.maxfiles script argument.
* Included file descriptions.
 2011-01-08 05:12:01 +00:00
david
1ef55b81d1 Add a Quake3_master_getservers service probe from Toni Ruotto. 2011-01-08 05:03:44 +00:00
ron
fa5725ed05 Fixed a typo in the documentation 2011-01-08 00:25:48 +00:00
batrick
8475399cd3 Removed unused variable (compiler warning). 2011-01-07 23:51:43 +00:00
batrick
1e0b42bf57 Replace safe_realloc use with userdata for better error handling. 2011-01-07 23:48:39 +00:00
batrick
b62c80f070 Removed dnet userdata "interface" field which is an integer 
key in the Lua Registry for a string interface value. It
is apparently not used anywhere so no point keeping it.
 2011-01-07 23:28:21 +00:00
robert
063e780e1f Updated the hash information to include PHP/5.2.17 (released yesterday). 2011-01-07 10:24:59 +00:00
david
6d89ccdab6 Link against the MacPorts-install openssl to get EVP_sha256. 2011-01-06 18:36:11 +00:00
david
244b5dad3d Remove definition of OPENSSL_FIPS. I included this in an attempt to get 
EVP_sha256 on OS X with the 10.4u SDK, but apparently FIPS support isn't
there and instead everything builds without OpenSSL.
 2011-01-06 17:08:14 +00:00
robert
d8ddf59203 Updated the hash information to include PHP/5.3.5 (released today). 2011-01-06 15:39:35 +00:00
david
f3a8bb7d7a Check for EVP_PKEY_EC before using it. It isn't present in the 
MacOSX10.4u SDK.
 2011-01-05 06:07:19 +00:00
fyodor
e0c2754e29 some changes from chat w/David 2011-01-05 03:11:46 +00:00
fyodor
8e823f915c Add a task to remove some NSE verbosity 2011-01-05 02:11:52 +00:00
djalal
6f390be198 Separate NFS Export entries with newlines. 2011-01-04 20:09:43 +00:00
ron
1dadea9407 added documentation for new script-arg 2011-01-03 03:51:11 +00:00
ron
229f118fdd Added a 'category' script-arg to http-enum.nse, which lets the user filter the fingerprints they want. This was requested by a user. 2011-01-03 03:48:48 +00:00
david
6ef0d9624a Whitespace, documentation, style in tab.lua. 2010-12-30 21:08:27 +00:00
david
a9a5869173 Normalize tab.lua usage so that a call to tab.nextrow comes after (not 
before) each group of tab.add, and there is no tab.nextrow before or
after tab.addrow. Also remove manual indenting that was accomplished by
padding the first column with spaces; this is done by
stdnse.format_output now.
 2010-12-30 21:08:25 +00:00
david
04210ef88f When an entry in stdnse.format_output has multiple lines, insert the 
indent and prefix before each line, not just at the beginning. If the
indent was ">>>>", then formatting the line "AB\nCD" would result in

| >>>>  AB
|_CD

Now it will be

| >>>>  AB
|_>>>>  CD

Some script were working around this by relying on an invisible blank
first line and manually indenting following lines.
 2010-12-30 21:08:24 +00:00
david
190ca31c6c Don't pad the last item in each row in tab.lua. This prevents one long 
line from making all other lines wrap with blanks.
 2010-12-30 21:08:22 +00:00
david
974d6061b3 Change t['rows'] to t.current_row, because it may not be equal to the 
number of rows that are actually in the table (may be one greater).
 2010-12-30 21:08:21 +00:00
david
1ee0fae3d1 Insert an empty row table when tab.nextrow is called and there is 
nothing in the current row yet. This allows using #t or ipairs to get
the number of rows that have been filled by the user. t.rows is the
index number of the next row that will be filled in, or the one that is
currently being filled in if something has already been entered.
t.rows == #t + 1 means that we've finished with the previous row, but we
don't want to count a new (blank) row until we've started filling
something in.
 2010-12-30 21:08:19 +00:00
david
357c15a165 Remove the "cols" parameter from calls to tab.new. 2010-12-30 21:08:18 +00:00
david
396481c1b8 Remove the "cols" attribute of tab.lua tables. Just calculate it 
dynamically when dumping.
 2010-12-30 21:08:17 +00:00
david
086b043cde Remove the single-string special case in stdnse.format_output. 
This should be handled by the generic case, and I don't think it was
used anyway because the logic was wrong:

if(indent == nil and #data == 1 and type(data) == 'string' and not(data['name']) and not(data['warning'])) then
  return data[1]
end

This seems to be checking for a one-element table whose single element
is a string. But the test "#data == 1 and type(data) == 'string'" is
actually testing for a one-byte string. I think this is supposed to be
"type(data[1]) == 'string'", but anyway it should be handled by the
generic case.
 2010-12-30 21:08:15 +00:00
david
d9d47eb93d Use sock:receive when neither the "lines" nor "bytes" option is given to 
comm.exchange. Previously it was acting as if it got bytes=1, which
could return as few as one bytes. sock:receive will read until timeout
or EOF.
 2010-12-29 22:44:03 +00:00
david
1046dcab57 Patch to hddtemp-info by Toni Ruotto that keeps reading past the first 
byte if there's a delay and supports different separator characters.
 2010-12-29 22:37:20 +00:00