PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-19 22:19:02 +00:00
Code Issues Projects Releases Wiki Activity
6,403 Commits 2 Branches 0 Tags
42c7c15c3f91f7238daab26bdd04847ea97ec1cc
Commit Graph

6403 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
david
13a31a8cb9 Make str2AVal not modify its argument. 
This is nice for its own sake, but it's really so that the error message
makes sense. The string had had a bunch of '\0' bytes inserted and the
string in the error message didn't match the argument.
 2011-07-26 20:48:03 +00:00
luis
08509380d6 Last set of minor style fixes 2011-07-26 12:04:21 +00:00
luis
ba25118e0e Make the file consistent: fix indentation replacing tabs with spaces 2011-07-26 12:04:12 +00:00
luis
bbda5dfd90 Minor style fixes 2011-07-26 12:04:08 +00:00
luis
6defb790d2 Add some comments to the top of functions 2011-07-26 12:04:04 +00:00
luis
ad3e5dadc2 Add some comments and remove some unused code 2011-07-26 12:03:49 +00:00
luis
3f3fc7dc07 Replace some tabs with spaces, and some other minor style fixes 2011-07-26 12:03:44 +00:00
luis
2ccd8a60cb Add doc for get_initial_ttl_guess() 2011-07-26 12:03:40 +00:00
luis
46eeeb0b1e Minor comment fixes 2011-07-26 12:03:21 +00:00
luis
c9cefab5fc Reorganized source file so methods of the same class are grouped together 2011-07-26 12:03:18 +00:00
luis
da576f15bd Minor whitespace, indentation and style fixes 2011-07-26 12:03:15 +00:00
luis
2ea0f04494 Move class definitions to the header file 2011-07-26 12:03:12 +00:00
luis
68911fc5ad Move typedef to the header file 2011-07-26 12:03:09 +00:00
patrik
89d1f3b8d3 o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs 
brute force password auditing against XMPP (Jabber) servers. [Patrik]
 2011-07-26 06:54:19 +00:00
patrik
6714caede8 Fixed a bug that would prevent the script from displaying any output unless 
being run in debug mode. [Patrik]
 2011-07-26 06:46:12 +00:00
fyodor
c2c163b856 The *-brute scripts traditionally go in the auth category rather than brute. I think this was an accident, but creating a brute category might not be a bad idea 2011-07-26 01:06:42 +00:00
fyodor
5d7b067b66 Add credit for two funding souces (Google Summer of Code and DARPA CINDER program) 2011-07-26 00:58:06 +00:00
david
a652d29ac6 Whitespace. 2011-07-25 23:33:16 +00:00
david
f56c0d0f77 Make dummy struct operator() const. 
Solves a compile error with Visual C++ 2008.
 2011-07-25 23:31:17 +00:00
djalal
6bb9ad1e80 Added the print_hex() fix CHANGELOG entry. 2011-07-25 23:18:51 +00:00
djalal
3ce7d52800 o [NSE] Improved the NSEDoc of the print_hex() function. [Chris Woodbury] 2011-07-25 23:12:51 +00:00
djalal
47345ac696 o [NSE] Do not print an empty line if there are no remaining characters. 
This patch was contributed by Chris Woodbury.
 2011-07-25 23:09:24 +00:00
djalal
950e435921 o [NSE] Make smb-security-mode run by default. 2011-07-25 21:40:31 +00:00
fyodor
f721f56852 latest task updates 2011-07-25 21:14:42 +00:00
luis
660c91ee57 Minor style changes 2011-07-25 18:39:54 +00:00
luis
80a8a8a418 Change explicit definition of struct osscan_timing_vals to a typedef in the header file 2011-07-25 18:36:05 +00:00
luis
35ef43f711 Change explicit definition of os_scan_performance_vars to a typedef in the header file 2011-07-25 18:34:03 +00:00
luis
4faf19f738 Move constant definitions to the osscan2 header file 2011-07-25 18:30:05 +00:00
patrik
5e954c65a9 Added support for comments in the credential_iterator [Patrik] 2011-07-25 17:59:05 +00:00
paulino
a8df084c1f Adds http default ports for LiteSpeed Web Server. 2011-07-24 21:26:37 +00:00
paulino
a6c86e4769 Adds entry about http-litespeed-sourcecode-download and http-axis2-dir-traversal 2011-07-24 21:16:15 +00:00
paulino
d4054187e4 Adds http-axis2-dir-traversal: 
http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
 2011-07-24 21:10:04 +00:00
paulino
c43e0bb970 Added http-litespeed-sourcecode-download: 
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).

If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
* <code>/index.php\00.txt</code>

References:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
* http://www.exploit-db.com/exploits/13850/
 2011-07-24 20:13:42 +00:00
shinnok
e2fcc14fe2 Update my TODO file. 2011-07-22 21:55:18 +00:00
shinnok
a83e27c0fb Update CHANGELOG with the Ncat blocking ssl handshakes fix. 2011-07-22 21:43:24 +00:00
djalal
bd6d08232d Added the '--script-help' option to the Nmap usage. 2011-07-22 10:59:07 +00:00
batrick
4d27d83f62 Fix to make SCRIPT_NAME not have a filename extension in certain situations. 
See [1].

[1] http://seclists.org/nmap-dev/2011/q3/304
 2011-07-21 18:26:11 +00:00
batrick
9d7ce06a96 better error message when script fails to load (now includes traceback of the script) 2011-07-21 17:46:16 +00:00
patrik
cbf959aecc o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover 
message to the broadcast address and collects and reports the network
  information received from the DHCP server. [Patrik]
 2011-07-21 11:56:15 +00:00
patrik
29c973befa Add imap-brute as I missed it in the earlier commit [Patrik] 2011-07-21 10:04:30 +00:00
patrik
ee7e069e63 o [NSE] Added the script smtp-brute that performs brute force password 
auditing against SMTP servers. [Patrik]

o [NSE] Updated SMTP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:16:20 +00:00
patrik
0453f89779 o [NSE] Added the script imap-brute that performs brute force password 
auditing against IMAP servers. [Patrik]

o [NSE] Updated IMAP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:14:02 +00:00
patrik
222e8b9e42 o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson 
providing common code for "Simple Authentication and Security Layer" to
  services supporting it. The algorithms supported by the library are:
  PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]
 2011-07-21 06:07:02 +00:00
patrik
c3f94727ad o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs 
library. The cvs-brute-repository script allows for guessing possible
  repository names needed in order to perform password guessing using the
  cvs-brute.nse script. [Patrik]
 2011-07-21 06:01:19 +00:00
patrik
2faca7aed1 Added support for scripts to report invalid (non-existing) accounts back 
to the brute library. This way, they're removed from further guessing.
[Patrik]
 2011-07-21 05:56:58 +00:00
fyodor
4c03e43d2f Fix a typo in category name 2011-07-21 05:12:33 +00:00
weilin
586b8464b2 Reverted the unintended changes on nselib/packet.lua@25009. 2011-07-21 02:32:47 +00:00
colin
fd59f6f8d2 Updated changelog with zenmap crash reporter changes 2011-07-20 19:18:53 +00:00
weilin
e889dead91 o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4 
ARP scan. It is the default ping type for local IPv6 networks.
 2011-07-20 08:29:02 +00:00
david
c32d196ce2 Remove the nonexistent include/config.h from the build configuration. 
With this present, the project always appeared out of date. Visual C++
would always prompt to rebuild the project when starting to debug, for
example.
 2011-07-20 07:16:05 +00:00