PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity
10,355 Commits 2 Branches 0 Tags
40dc52cfaa3f2341ae46b09a0a7fef4b5bffdb04
Commit Graph

2428 Commits

Author SHA1 Message Date
dmiller
cb4b46bd53 Canonicalize authors as tables instead of comma-separated strings 2016-06-09 22:46:42 +00:00
batrick
b3a88696ef Revert "NSE: make minor adjustments to script" 
This reverts commit 317eb0de31f40454cd213296e6cee71c1f78e006.

This commit started as a way to fix perceived problems but eventually I found
the script worked correctly (I had a misunderstanding of the purpose). I kept
the small changes but ended up breaking the script anyway. So let's just revert
this.
 2016-06-09 12:25:19 +00:00
dmiller
39018e3e91 Check for RSA exponent of 1, resulting in F score 2016-06-09 04:36:09 +00:00
batrick
baef5e0c08 Merge branch 'http-internal-ip-disclosure' 
* http-internal-ip-disclosure:
  NSE: make minor adjustments to script
  NSE: add new script http-internal-ip-disclosure
  http-internal-ip-disclosure branch
 2016-06-08 23:18:47 +00:00
paulino
51c6260f85 Fixes usage documentation 2016-06-05 20:06:25 +00:00
fyodor
37095358e0 Fix the @usage to correct form 2016-05-30 06:39:31 +00:00
dmiller
7203767031 Fix nsedoc (hanging indent dropped some characters) for http-fetch 2016-05-26 13:47:04 +00:00
dmiller
0896c64bae Add xml output to resolveall, improve warnings 2016-05-25 20:14:13 +00:00
abhishek
168ac74f40 Closes #366 2016-05-23 15:32:24 +00:00
dmiller
0c6a3a6256 Alow bare "wpad" name to be resolved 
Previously, if a host had not domain set, the script would crash when
trying to get the domain portion of the reverse-DNS name. Now, it adds
the blank string and tries to resolve the bare hostname "wpad".
 2016-05-23 04:30:06 +00:00
dmiller
9450cb725a Avoid boolean tautologies of the form 'not x == y' 
Lua operator 'not' has higher precedence than '==', so the statement

    not x == "something"

is equivalent to:

    (not x) == "something"

which will always be false, since the value of 'not x' will be either
'true' or 'false' and the string "something" is not the boolean 'true'
or 'false'. This is usually resolved by using the '~=' operator.
 2016-05-23 04:30:06 +00:00
dmiller
5be0ac591b Avoid a crash when host has no domain configured 2016-05-23 04:30:05 +00:00
paulino
363397b948 Fixes #379. Script was not reporting the NOT_VULN state correctly 2016-05-16 15:11:32 +00:00
dmiller
2b77e83abb Avoid output when ssl-date fails (e.g. non-STARTTLS SMTP) 2016-05-02 16:09:28 +00:00
dmiller
fb6d2a5567 Deprecate SHA-1 certs in ssl-enum-ciphers. Closes #370 2016-05-02 13:55:17 +00:00
dmiller
b341915722 Deprecate RC4 ciphersuites 2016-05-02 13:55:16 +00:00
dmiller
fbdd7f53d9 Don't crash when portmapper reports non-tcp/udp transports. Fixes #363 2016-04-18 05:11:57 +00:00
dmiller
20d6d17c2c Support (unlikely) TLS NPN checking for STARTTLS-type services 2016-04-11 20:42:03 +00:00
dmiller
a24006e0b7 Check the appropriate functions in portrules for SSL/TLS 2016-04-11 20:42:02 +00:00
tomsellers
0699edbe05 NSE: ldap-rootdse.nse improve error handling 2016-04-11 18:04:53 +00:00
tomsellers
12e9af5b1b Adjust indentation on rpcinfo.nse, no fuctionality changes 2016-04-10 14:19:51 +00:00
tomsellers
ee4ed66956 Added support for LDAP over udp to ldap-rootdse.nse. 
Also added version detection and information extraction to match the
new LDAP LDAPSearchReq and LDAPSearchReqUDP probes. Closes #362
 2016-04-09 21:33:26 +00:00
dmiller
4b341c4311 Clarify vnc handshake/login process and correctly send chosen security type 2016-04-04 04:47:37 +00:00
dmiller
6c7655c24f Add Tight VNC auth type 2016-04-02 15:22:30 +00:00
dmiller
41de3b1d60 New script vnc-title 2016-04-01 22:29:40 +00:00
dmiller
3af66a0445 VNC revamp and extension 2016-04-01 22:29:39 +00:00
tomsellers
e2cfda9dc0 Change to smb-os-discovery to enable it to augment SMB version detection. Closes #348 2016-03-31 10:56:29 +00:00
dmiller
81bb435ad9 Add TLS auth support to vnc.lua and vnc-brute 2016-03-28 16:46:32 +00:00
paulino
9b53acb1c0 Fixes bad indexed global 2016-03-26 19:52:37 +00:00
dmiller
6a0c3e8219 Allow ascii values in cert fields (broke in r35714) 2016-03-25 14:02:02 +00:00
dmiller
b76257d14b fix a NSE bug when http-cross-domain-policy has no output. Closes #343 2016-03-21 22:04:42 +00:00
dmiller
7a430d154b Auto-detect UTF-16 fields in certificates and transcode to UTF-8 2016-03-19 20:44:32 +00:00
dmiller
663271f95d New shodan-api script for querying Shodan internet scan data 2016-03-16 05:47:58 +00:00
dmiller
c7892e365f Let http.lua functions optionally connect via any address family 
Sometimes (e.g. when using an external API), a script wants to connect
by name to a server and doesn't care whether IPv4 or IPv6 is used. By
passing the "any_af" option, the first resolved address of any address
family will be used, allowing external-category scripts which used to
fail with -6 to succeed.
 2016-03-16 05:07:59 +00:00
dmiller
4135ec518f Add rpcinfo to version category, see previous commit 2016-03-14 20:42:52 +00:00
dmiller
0bb036cda2 Allow rpcinfo.nse to set version info 
The rpcinfo script can now set version info just like rpc-grind. Since
this requires considerably less traffic than rpc-grind, I made rpc-grind
depend on rpcinfo so that it will avoid running if we can get the
version information this way instead.

Also changed rpcinfo to only run on port 111, not on "rpcbind" service
since that's what -sV labels any detected RPC service.
 2016-03-14 20:42:51 +00:00
dmiller
5843cd95a4 Add rusers script 2016-03-14 16:03:47 +00:00
dmiller
5729d3844e Only run http-apache-server-status on Apache or unknown http servers. Add version info. 2016-03-14 03:41:38 +00:00
dmiller
2ec6eb5110 Only report unique VHosts in http-apache-server-status. Too much output otherwise. 2016-03-14 03:41:37 +00:00
dmiller
a4b81f39b6 Add http-apache-server-status. Closes #322 2016-03-14 03:41:36 +00:00
dmiller
7271efe963 Restore '%' deleted when http-vuln-cve2013-7091 was renamed. Closes #332 2016-03-13 20:29:11 +00:00
dmiller
b6778204cd Fix http-brute, munged by me in r35584. Closes #317 2016-03-12 20:45:53 +00:00
dmiller
b39e055e32 Fix crash when field doesn't exist. Closes #306 2016-03-03 17:15:12 +00:00
dmiller
5b5524d4ba Change names of SSLv2 ciphersuites to match draft specification. Closes #314. 2016-03-03 04:58:24 +00:00
tomsellers
318accba6e NSE add STARTTLS to sslv2 improving detection of SSLv2 and DROWN oracles. Closes #320 2016-03-03 02:06:05 +00:00
dmiller
abb827a759 Let http-title fetch different url via script-args 2016-02-21 14:28:09 +00:00
dmiller
ab79e7ad88 Fix a mistake in merging #36: append items instead of nesting lists 2016-02-17 13:26:29 +00:00
dmiller
0be412e50e Add XML output to http-rfi-spider (nnposter). See #36 2016-02-14 14:42:19 +00:00
dmiller
4da5cfebc7 Avoid blank output from broadcast-dhcp-discover 2016-02-11 23:50:48 +00:00
gyani
cf326ea74f Corrected a spelling. Had misspelt JSON as J0SON. 2016-02-10 20:07:35 +00:00