PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-21 15:09:02 +00:00
Code Issues Projects Releases Wiki Activity
4,860 Commits 2 Branches 0 Tags
43d1a0516b639f48e79232616c5b3eeeb37a9d1c
Commit Graph

4860 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
patrik
b484d08cfa Merged Martin Swende's patch to domino-enum-passwords that splits output 
based on different hash types.
 2010-12-11 06:47:49 +00:00
david
d93415029f Add a few more OS fingerprints from someone who got back to me. 2010-12-11 00:11:11 +00:00
patrik
46cdf28fce o [NSE] Added a new iSCSI library and the two scripts iscsi-info and 
iscsi-brute. [Patrik]
 2010-12-10 23:20:59 +00:00
david
f45c1c3968 83 OS corrections. 2010-12-10 23:19:40 +00:00
patrik
38a21c4d17 o [NSE] Add new script broadcast-ms-sql-discover and removed broadcast 
support from ms-sql-info. [Patrik]
 2010-12-10 23:12:27 +00:00
david
f422529759 Last 152 OS submissions. 2010-12-10 22:09:29 +00:00
david
dd0b80c3ef 200 OS submissions. 2010-12-10 20:14:04 +00:00
robert
eedd069c9e Added the new hash for PHP 5.3.4 credits and extended the elephant logo hash to include this new version. 2010-12-10 12:14:25 +00:00
david
7133bc1e38 200 OS submissions. 2010-12-10 01:55:38 +00:00
david
cc31b38861 200 OS submissions. 2010-12-10 00:03:12 +00:00
david
756e6e8e8c 200 OS submissions. 2010-12-08 23:04:00 +00:00
david
6c62fe9e0f 200 OS submissions. 2010-12-08 23:03:57 +00:00
batrick
47e6012b15 remove old commented code 2010-12-08 14:19:08 +00:00
batrick
86993d74d5 Use better construction for iterating lines. 2010-12-08 14:18:45 +00:00
batrick
bfa052c2f3 Changed (commented) debug statements to use stdnse.print_debug instead of 
io.write.
 2010-12-08 14:17:11 +00:00
batrick
47e3a20aa8 use better construction to iterate lines of a file 2010-12-08 14:11:48 +00:00
batrick
6fb600782f Don't use io.write to print error information. 2010-12-08 14:08:35 +00:00
fyodor
e9697cb936 Remove an excess space in output 2010-12-08 08:02:22 +00:00
david
44c37eb3d2 200 OS submissions. 2010-12-08 06:49:09 +00:00
david
92d4f185a3 200 OS submissions. 2010-12-08 06:49:05 +00:00
david
528681c04a Take out "other" in "X other hosts had status Y" in http-vhosts.nse. It 
looks funny when it's the only line and I think it still looks fine this
way when there are multiple lines.
 2010-12-08 00:54:46 +00:00
david
e947e5dedf Patch to http-vhosts.nse from Carlos Pantelides: collapse multiple 
responses bearing the same code into one line.
 2010-12-08 00:54:45 +00:00
david
722fd3a89a Fix script argument name. ftp-proftpd-backdoor.cmd 
instead of ftp-proftp-backdoor.cmd.
 2010-12-07 22:44:06 +00:00
david
4744f6b747 Patch from Mak Kolybabi: let ftp-proftpd-backdoor bail out early if 
version detection has been done and doesn't show a potentially
backdoored version. Also update strings to match the new script name.
 2010-12-07 22:44:04 +00:00
david
3f35888405 Fix a service match line on information from Corey Quinn. I found the 
"Connection too fast, throttled" message in the source code of ratbox,
charybdis, and ircd-seven, but not Unreal ircd.
 2010-12-07 22:36:50 +00:00
david
2c16870941 100 OS submissions. 2010-12-07 07:51:33 +00:00
david
adc460fc22 o [NSE] Added the ftp-proftpd-backdoor.nse script by mak Kolybabi, 
which checks for a backdoor in ProFTPD 1.3.3c.
 2010-12-07 00:22:01 +00:00
david
ee0cca5f07 200 OS submissions. 2010-12-07 00:13:11 +00:00
david
f8530814ab o [NSE] Added http-vhosts.nse from Carlos Pantelides. This script 
brute-forces virtual hosts by sending different Host headers to the
  same server.
 2010-12-06 05:19:35 +00:00
kris
39ac0e4eda relatively large ip_is_reserved() update: 5/8, 23/8, 37/8 and 100/8 allocated 2010-12-04 00:16:38 +00:00
david
c822f62d84 Typo fix. 2010-12-03 21:29:59 +00:00
david
bc55d41b9a Add a comment explaining why we can unconditionally set the id and seq 
fields in build_icmp_raw, even though not all ICMP types have them. All
the types handled by the function do have them, and in the same place.
 2010-12-02 22:46:56 +00:00
fyodor
c1daed771c Some changes from chat w/David 2010-11-30 22:43:47 +00:00
robert
e43a866bea Tweaked the versions slightly (removed 4.3.1 from the bunny hash as it looks wrong and hasn't been corroborated), based on 0php.com data. 2010-11-30 09:25:04 +00:00
david
b8346c1d82 o [Ncat] Ncat now uses case-insensitive string comparison when 
checking authentication schemes and parameters. Florian Roth found a
  server offering "BASIC" instead of "Basic", and the HTTP RFC
  requires case-insensitive comparisons in most places. [David]
 2010-11-30 09:06:28 +00:00
fyodor
6c62ce69e8 note some of the information obtained from hddtemp service 2010-11-30 01:56:39 +00:00
batrick
03c7e9d00e Have stdnse.make_buffer read chunks instead of lines [1] so we do not implicitly 
buffer based on the presence of new lines.

[1] http://seclists.org/nmap-dev/2010/q4/554
 2010-11-29 22:51:51 +00:00
david
33f3645ecd Don't define HAVE_SYS_SOCKET_H in dnet_winconfig.h. That it was wrongly 
defined was noticed by Gisle Vanem. It makes no difference because this
macro isn't used in any source files for Windows (or any platform).
 2010-11-29 20:30:52 +00:00
david
77a4235fc4 Fixes to firewalk.nse from Henri Doreau: "The first one was due to my 
ignorance that the first index of lua arrays is 1 (and not 0). Because
of that, I was setting a too high ttl value when retrieving it from
traceroute results. The second one was a syntax error on a
nmap.log_write() call."
 2010-11-29 19:16:49 +00:00
david
f8b17ae441 o [NSE] Added the hddtemp-info script from Toni Ruotto, which gets 
hard drive temperatures from the hddtemp service.
 2010-11-29 19:00:11 +00:00
robert
a92eacec1d Added all missing PHP 5.x hashes and tidied up the output (grouped ranges and made it consistently use a dash). 
Hashes are now arranged in order, to make it easier to find manually.

For a list of all the PHP 5 hashes I generated see: http://seclists.org/nmap-dev/2010/q4/518
 2010-11-27 11:21:36 +00:00
david
26636d3cf7 Remember the forward DNS name and non-scanned addresses for IPv6, just 
as for IPv4. This makes the output more uniform and gives NSE access to
host.targetname for IPv6 hosts.

This is what IPv4 output looks like:

$ nmap -sL www.kame.net
Nmap scan report for www.kame.net (203.178.141.194)
rDNS record for 203.178.141.194: orange.kame.net
Nmap done: 1 IP address (0 hosts up) scanned in 0.16 seconds

$ nmap -sL www.debian.org
Nmap scan report for www.debian.org (128.31.0.51)
Other addresses for www.debian.org (not scanned): 206.12.19.7
rDNS record for 128.31.0.51: senfl.debian.org
Nmap done: 1 IP address (0 hosts up) scanned in 0.17 seconds

Here is the output before this change. Notice that the target name is
missing and there is no separate "rDNS" line.

$ nmap -6 -sL www.kame.net
Nmap scan report for 2001:200:dff:fff1:216:3eff:feb1:44d7
Nmap done: 1 IP address (0 hosts up) scanned in 0.04 seconds

$ nmap -6 -sL www.debian.org
Nmap scan report for bellini.debian.org (2607:f8f0:610:4000:211:25ff:fec4:5b28)
Nmap done: 1 IP address (0 hosts up) scanned in 0.11 seconds

Here is the output after this change:

$ ./nmap -6 -sL www.kame.net
Nmap scan report for www.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7)
Nmap done: 1 IP address (0 hosts up) scanned in 1.04 seconds

$ ./nmap -6 -sL www.debian.org
Nmap scan report for www.debian.org (2607:f8f0:610:4000:211:25ff:fec4:5b28)
rDNS record for 2607:f8f0:610:4000:211:25ff:fec4:5b28: bellini.debian.org
Nmap done: 1 IP address (0 hosts up) scanned in 0.07 seconds
 2010-11-26 04:06:25 +00:00
david
1f333be278 Fix compilation with --without-liblua. This was reported by Nuno 
Gonçalves and Henri Doreau.
 2010-11-24 23:37:42 +00:00
batrick
4b481939b3 Reverting 21172, it was actually correct. 2010-11-24 21:10:20 +00:00
batrick
ce8c422f7d Fixed debug format. 2010-11-24 21:05:13 +00:00
patrik
a8efdad527 fixed usage typo. change port number from 5900 to 1352. 2010-11-24 20:56:43 +00:00
robert
485ee4aded Added a new credits hash for PHP/5.2.2 based on testing with php-5.2.2-Win32.zip. 2010-11-24 15:51:39 +00:00
david
21d0324c5b Updates to rmi-dumpregistry.nse and rmi.lua from Martin Holst Swende. 2010-11-23 17:45:58 +00:00
patrik
f3641ee649 lowered the timeout from 30 seconds to 5 for new connections 
add new functionality for discovering servers using the MSSQL Browser service
add new functionality to decode version data received from the browser service
[Patrik]
 2010-11-20 18:54:50 +00:00
ron
f14a179b44 Fixed a bug in stdnse.format_output() where the 'name' attribute of the top-most table wouldn't display 2010-11-20 16:18:18 +00:00