PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity
4,860 Commits 2 Branches 0 Tags
43d1a0516b639f48e79232616c5b3eeeb37a9d1c
Commit Graph

809 Commits

Author SHA1 Message Date
robert
c2305f23a5 Added hashes for PHP 5.2.15 and 5.2.16. 2010-12-26 13:48:06 +00:00
david
87d8a793f3 Use stdnse.get_script_args for modbus-discover.aggressive. 2010-12-16 08:59:19 +00:00
david
41a81e1789 Documentation and whitespace in modbus-discover.nse. 2010-12-16 08:59:18 +00:00
david
ad40df2c9b Add modbus-discover.nse from Alexander Rudakov. 2010-12-16 08:59:16 +00:00
david
ddf05d7e1f Whitespace in lexmark-config.nse. 2010-12-15 18:57:22 +00:00
patrik
c9ba464c28 Renamed domino-enum-passwords script to http-domino-enum-passwords 2010-12-15 08:52:31 +00:00
david
fffe597ece Typo fix. 2010-12-13 18:16:06 +00:00
david
008a43e7e0 User shortport.version_port_or_service instead of just 
shortport.port_or_service in netbus-version.nse.
 2010-12-13 18:00:07 +00:00
david
573088f99c Change categories of netbus-auth-bypass from {"default", "vuln", "safe"} 
to {"auth", "intrusive", "vuln"}. The first categories are the same as
in realvnc-auth-bypass, which would seems to be a very similar script,
but netbus-auth-bypass can have the additional side effect of breaking
future authentication attempts for all users, which is solidly
intrusive.
 2010-12-13 18:00:06 +00:00
david
d6a89a6674 Fix capitalization of NetBuster. 2010-12-13 18:00:04 +00:00
david
90a2819a04 o [NSE] Added scripts by Toni Ruotto communicating with the NetBus 
remote administration/backdoor program.
  - netbus-info: gets configuration information.
  - netbus-brute: guesses passwords.
  - netbus-version: distinguishes NetBus from NetBuster, a program
    that mimics the protocol but doesn't actually allow any
    operations.
  - netbus-auth-bypass: Checks for a bug in the server that allows
    connecting without a password.
 2010-12-13 18:00:02 +00:00
david
a7e80b4cf3 Update script.db. 2010-12-13 17:30:08 +00:00
david
ccd901f918 Put realvnc-auth-bypass.nse in "auth" category. 2010-12-13 17:30:06 +00:00
david
00652cb231 o [NSE] Added stuxnet-detect.nse by Mak Kolybabi, which detects 
infections of the Stuxnet worm and can optionally download the
  Stuxnet executable.
 2010-12-12 22:40:42 +00:00
patrik
b484d08cfa Merged Martin Swende's patch to domino-enum-passwords that splits output 
based on different hash types.
 2010-12-11 06:47:49 +00:00
patrik
46cdf28fce o [NSE] Added a new iSCSI library and the two scripts iscsi-info and 
iscsi-brute. [Patrik]
 2010-12-10 23:20:59 +00:00
patrik
38a21c4d17 o [NSE] Add new script broadcast-ms-sql-discover and removed broadcast 
support from ms-sql-info. [Patrik]
 2010-12-10 23:12:27 +00:00
robert
eedd069c9e Added the new hash for PHP 5.3.4 credits and extended the elephant logo hash to include this new version. 2010-12-10 12:14:25 +00:00
david
528681c04a Take out "other" in "X other hosts had status Y" in http-vhosts.nse. It 
looks funny when it's the only line and I think it still looks fine this
way when there are multiple lines.
 2010-12-08 00:54:46 +00:00
david
e947e5dedf Patch to http-vhosts.nse from Carlos Pantelides: collapse multiple 
responses bearing the same code into one line.
 2010-12-08 00:54:45 +00:00
david
722fd3a89a Fix script argument name. ftp-proftpd-backdoor.cmd 
instead of ftp-proftp-backdoor.cmd.
 2010-12-07 22:44:06 +00:00
david
4744f6b747 Patch from Mak Kolybabi: let ftp-proftpd-backdoor bail out early if 
version detection has been done and doesn't show a potentially
backdoored version. Also update strings to match the new script name.
 2010-12-07 22:44:04 +00:00
david
adc460fc22 o [NSE] Added the ftp-proftpd-backdoor.nse script by mak Kolybabi, 
which checks for a backdoor in ProFTPD 1.3.3c.
 2010-12-07 00:22:01 +00:00
david
f8530814ab o [NSE] Added http-vhosts.nse from Carlos Pantelides. This script 
brute-forces virtual hosts by sending different Host headers to the
  same server.
 2010-12-06 05:19:35 +00:00
robert
e43a866bea Tweaked the versions slightly (removed 4.3.1 from the bunny hash as it looks wrong and hasn't been corroborated), based on 0php.com data. 2010-11-30 09:25:04 +00:00
fyodor
6c62ce69e8 note some of the information obtained from hddtemp service 2010-11-30 01:56:39 +00:00
david
77a4235fc4 Fixes to firewalk.nse from Henri Doreau: "The first one was due to my 
ignorance that the first index of lua arrays is 1 (and not 0). Because
of that, I was setting a too high ttl value when retrieving it from
traceroute results. The second one was a syntax error on a
nmap.log_write() call."
 2010-11-29 19:16:49 +00:00
david
f8b17ae441 o [NSE] Added the hddtemp-info script from Toni Ruotto, which gets 
hard drive temperatures from the hddtemp service.
 2010-11-29 19:00:11 +00:00
robert
a92eacec1d Added all missing PHP 5.x hashes and tidied up the output (grouped ranges and made it consistently use a dash). 
Hashes are now arranged in order, to make it easier to find manually.

For a list of all the PHP 5 hashes I generated see: http://seclists.org/nmap-dev/2010/q4/518
 2010-11-27 11:21:36 +00:00
patrik
a8efdad527 fixed usage typo. change port number from 5900 to 1352. 2010-11-24 20:56:43 +00:00
robert
485ee4aded Added a new credits hash for PHP/5.2.2 based on testing with php-5.2.2-Win32.zip. 2010-11-24 15:51:39 +00:00
david
21d0324c5b Updates to rmi-dumpregistry.nse and rmi.lua from Martin Holst Swende. 2010-11-23 17:45:58 +00:00
fyodor
3652bd6939 Rename a couple http scripts to make it more clear that they use the http protocol and for consistency with other script names 2010-11-20 04:22:51 +00:00
fyodor
ddcc972443 Update some text in scripts in preparation for rename of these two scripts 2010-11-20 04:19:16 +00:00
fyodor
10d85c1a6b Removed broadcast-upnp-info and broadcast-dns-service-discovery from the default category. With these running by default, I was getting a bunch of information about printers and stuff on my LAN. Which is great info, and I love the scripts, but that's not what I'm really looking for when just trying to scan scanme.nmap.org 2010-11-20 02:04:00 +00:00
patrik
68643a2946 applied patch from Thomas Buchanan containing bugfixes and some re-factoring 
http://seclists.org/nmap-dev/2010/q4/447
 2010-11-19 19:31:50 +00:00
david
c0b8514b4d In realvnc-auth-bypass, check the status in socket receive operations 
instead of checking for result == "TIMEOUT".
 2010-11-18 22:54:16 +00:00
david
1766507ecf Add a new http-php-version.nse version from a server that said: 
X-Powered-By: PHP/5.1.6
 2010-11-17 22:05:04 +00:00
ron
f4769f75e9 Fixed a bug in http-userdir-enum (was missing an argument to http.pipeline_add()) 2010-11-17 20:24:48 +00:00
david
fb0aa3f1e3 Add more http-passwd payloads from Ange Gutek. 2010-11-11 19:02:17 +00:00
patrik
734f938b04 o [NSE] Added a new Web Service Dynamic Discovery library (wsdd) and the two 
scripts broadcast-wsdd-discover and wsdd-discover. [Patrik]
 2010-11-10 22:35:13 +00:00
david
a92f1cb8a4 Update to firewalk.nse from Henri Doreau to use a more polymorphic style 
of supporting multiple protocols.
 2010-11-06 01:54:30 +00:00
david
ccce86a1a7 Add an http-passwd.root script argument. Patch by Ange Gutek. 2010-11-05 21:18:23 +00:00
batrick
ca56c00d33 removed some unnecessary locals 2010-11-05 14:25:44 +00:00
patrik
f61358ab28 fixed the following error: 
./scripts/domino-enum-users.nse:113: variable 'filename' is not declared
stack traceback:
	[C]: in function 'error'
	./nselib/strict.lua:69: in function <./nselib/strict.lua:60>
	./scripts/domino-enum-users.nse:113: in function <./scripts/domino-enum-users.nse:66>
	(tail call): ?
[Patrik]
 2010-11-05 10:07:50 +00:00
patrik
356c1e12a9 fixed the following bug reported by Ron 
./scripts/ldap-brute.nse:75: attempt to get length of local 'contexts' (a nil value)
stack traceback:
       ./scripts/ldap-brute.nse:75: in function 'get_naming_context'
       ./scripts/ldap-brute.nse:121: in function <./scripts/ldap-brute.nse:95>
       (tail call): ?
 2010-11-04 18:53:56 +00:00
ron
b7a802bce8 Removed some more errant newlines from the output 2010-11-03 19:53:58 +00:00
ron
c5a111c5b9 Removed an errant '\n' that was causing blank lines 2010-11-03 19:50:25 +00:00
patrik
92b6fa9038 o [NSE] Added a new library upnp that provides UPnP support to the scripts 
upnp-info and broadcast-upnp-info. The library is largely based on code
  taken from Thomas Buchanan's upnp-info script. [Patrik]
 2010-11-02 19:05:19 +00:00
david
80605e3e09 In firewalk.nse, bail out if we have neither of the scripts args 
firewalk.ttl and firewalk.gateway. Otherwise we would get a nil
dereference when running with
	--script=firewalk --traceroute
Ron reported this.
 2010-11-02 19:03:35 +00:00