PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-22 07:29:01 +00:00
Code Issues Projects Releases Wiki Activity
4,860 Commits 2 Branches 0 Tags
43d1a0516b639f48e79232616c5b3eeeb37a9d1c
Commit Graph

4860 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
david
88676e1c53 svn:ignore libpcap.*.dylib, which appears on OS X. 2010-08-23 02:45:15 +00:00
fyodor
a1d18aaba2 Add couple little tasks 2010-08-22 03:30:13 +00:00
patrik
8cd97c4103 added additional documentation regarding the Error object 2010-08-20 17:58:13 +00:00
david
3f1ec7b628 Add missing NOLUA guards around the prototypes for printscriptresults 
and printhostscriptresults.
 2010-08-20 16:34:59 +00:00
alex
5eeca041f8 Removed references to MD2, as OpenSSL 1.x.x doesn't support it anymore 2010-08-20 06:05:08 +00:00
david
b61286dc2c Add #ifdef guards around two uses of AF_LINK (there was already a guard 
around the third use). Vlatko submitted this patch to compile on
Android.
 2010-08-20 04:50:19 +00:00
fyodor
37aa66a2de note Bacula has officially registered port 9102 even though HP jetdirect uses it :( 2010-08-19 23:46:22 +00:00
patrik
af76c5dad7 o [NSE] Added GIOP library and a small script that makes use of it: 
- giop-info Queries the CORBA naming server for a list of objects
  [Patrik]
 2010-08-19 23:14:39 +00:00
patrik
87109b5670 o [NSE] Added a Oracle TNS library and two new scripts that make use of it. 
The scripts are:
  - oracle-brute uses the brute and tns library to perform password guessing
  - oracle-enum-users attempts to determine valid Oracle user names
  [Patrik]
 2010-08-19 23:09:32 +00:00
patrik
e80b196d2e o [NSE] Added a smallish Lotus Domino rpc library (nrpc.lua) and some Lotus 
Domino oriented scripts:
  - domino-enum-users.nse guesses users and attempts to download ID files by
                          exploiting (CVE-2006-5835).
  - domino-enum-passwords attempts to download Internet passwords and ID files
                          from the web server.
  - domcon-brute performs password guessing against the remote console.
  - domcon-cmd adds support for running custom remote console commands.
  [Patrik]
 2010-08-19 23:02:58 +00:00
patrik
73b01af10a o [NSE] Added an Informix library and three scripts that make use of it: 
- informix-brute uses the brute framework to perform password guessing
  - informix-query add support for running SQL queries against Informix
  - informix-tables lists table- and column-names for a given database
  [Patrik]
 2010-08-19 22:47:52 +00:00
patrik
b5f645c2c7 Added more documentation regarding the Account and Error object. 2010-08-19 22:08:08 +00:00
patrik
527c5b2959 Modified the Domino Console match to separate out domain and include additional server info 2010-08-19 21:37:56 +00:00
patrik
a2c2a3f84c o [NSE] Added two new scripts http-brute.nse and http-form-brute that attempt 
to perform password guessing against web servers and applications. [Patrik]
 2010-08-19 20:53:40 +00:00
kris
a0d89f20d6 Set {NDIFF,NPING,ZENMAP}DIR in configure.ac and substitute it in the Makefile 
instead of having the directory names in Makefile.in.  This is how most
everything else works: Ncat (NCATDIR), liblua (LIBLUADIR), etc.
 2010-08-19 16:38:54 +00:00
luis
ec89b48a7b Updated with latest changes, after discussion with Fyodor 2010-08-18 21:42:08 +00:00
patrik
a946f11791 o [NSE] Added svn-brute, which attempts to perform password guessing against 
the subversion service. [Patrik]
 2010-08-18 20:50:51 +00:00
david
f1ea488753 Add better error checking to http.read_auth_challenge; bail out if 
read_token or read_token_or_quoted_string fails.
 2010-08-18 18:22:03 +00:00
david
d275f88183 Fix two bugs in http.read_auth_challenge reported by Tom Sellers. The 
first was that pos was declared as a local variable and shadowed the pos
parameter. The second was that when multiple WWW-Authenticate headers
were present, the wrong pos would be returned after reading the first
one. The arrow shows the pos it was returning:

Digest realm="My Site", domain="/", Basic realm="My Site"
                                          ^

It now returns this correct pos, ready to read the next challenge:

Digest realm="My Site", domain="/", Basic realm="My Site"
                                    ^

This was a problem I had already solved for Ncat but I copied the logic
imperfectly to http.lua.
 2010-08-18 18:16:22 +00:00
david
de90361073 Fix a bug in header parsing in http.lua. After reading a block of 
non-whitespace characters, the position counter was advanced one past
where it was supposed to be. This didn't have any bad effect when the
server used CRLF to separate header fields, because it ate the CR and
still recognized LF as ending the field. But it concatenated multiple
header fields when the server only used LF to separate them.
 2010-08-18 17:55:27 +00:00
david
66e1254649 Require -d2 to print out each guess in brute.lua, not just -d1. 2010-08-18 17:13:57 +00:00
david
018c6c5171 Remove the brute.emptypass script argument. We already include the 
empty password in our password list. If you want to turn it off, it
would be better to provide an interface that allows an iterator to throw
out certain passwords.
 2010-08-18 16:01:00 +00:00
david
f7b4d9146c Revise NSEDoc in brute.lua. 2010-08-18 15:52:32 +00:00
fyodor
ddf4544113 changes from discussion w/David -- lots of finished tasks\! 2010-08-17 23:53:59 +00:00
bmenrigh
10a51ff45d Fixed a usage of log_vwrite() that bit-masked several log destinations 
at once.  log_vwrite() only supports one destination at a time.
 2010-08-17 23:45:00 +00:00
david
9cbfbbaadc Remove a script.db entry for an uncommitted script I am working on, 
ovs-agent-version.nse.
 2010-08-17 22:44:28 +00:00
david
9ac9fbdd94 Add a "VULNERABLE" banner to the output of wdb-version.nse. 2010-08-17 22:30:43 +00:00
david
644e60c84c Put wdb-version in the "default" category. 2010-08-17 22:19:15 +00:00
david
bdec4ae901 Change the error message referring to SOCK_PACKET on Linux so it refers to 
PACKET instead. That appears to be the current option name as reported by Colin
Beckingham. I checked just now with "make menuconfig" in 2.6.34.1.
 2010-08-17 17:17:44 +00:00
djalal
9849be68a9 Use the new get_script_args() function to parse script arguments and clean some whitespaces. 2010-08-17 01:58:47 +00:00
fyodor
e52e6935d6 Add the nse broadcast socket support idea discussed on nmap-dev 2010-08-16 23:35:59 +00:00
djalal
f3e08e85a0 Merge r19753,r19755,r19756,r19776,r19783 changes from nmap-exp/djalal/nmap-add-targets. The changes introduce a new stdnse function 'get_script_args()' to parse script arguments. 2010-08-16 22:06:49 +00:00
david
3c89e089fc Change calls in these forms: 
socket:connect(host.ip, port.number)
socket:connect(host.ip, port.number, port.protocol)

to this:

socket:connect(host, port)

connect can take host and port tables now, and the default protocol is
taken from the port table if possible.
 2010-08-16 18:59:30 +00:00
david
bfffa53616 When nmap.connect gets a port table, let port.protocol be the default 
protocol (instead of always "tcp"). You can still override it by
providing an explicit protocol after the table.
 2010-08-16 18:09:04 +00:00
david
abbe5324bd Pass host and port tables instead of host.ip and port.number in http.lua 
and comm.lua.
 2010-08-16 17:41:57 +00:00
david
0e3c861ea0 Let nmap.connect take a host table and port table in place of a string 
and an integer. This is going to be used to easily support Server Name
Indication for SSL connections.
 2010-08-16 17:35:20 +00:00
david
a314b5b7d7 Don't print unknown hashes in http-php-version.nse unless high verbosity 
is used, otherwise you get hashes printed for sites that don't even use
PHP. Patch by Ange Gutek.
 2010-08-16 16:09:56 +00:00
david
230f5d662b Add reference links to wdb-version.nse. 2010-08-16 15:57:36 +00:00
david
12e699e001 Change the portrule of wdb-version to use port number 17185 instead of 
0x54321. 0x54321 worked, probably due to integer truncation somewhere.
 2010-08-16 14:40:59 +00:00
david
dbd99b59f6 Add the wdb-version script from Daniel Miller. 2010-08-16 14:39:13 +00:00
fyodor
c2a038bbfb Add Wind River Debugger RPC number from Daniel Miller 2010-08-15 20:26:18 +00:00
david
7cf99e1e4e Use a std::vector<bool> instead of std::bitset in traceroute.cc. bitset isn't 
available on Android.
 2010-08-15 03:40:54 +00:00
patrik
40a66945bb changed so that the error message of the Error object is returned when a 
script signals the engine to abort.
 2010-08-14 17:14:32 +00:00
patrik
ce0de70ae8 o [NSE] Added one script (vnc-brute) that performs password guessing against 
VNC using the new brute library and another (vnc-info) that lists supported
  security mechanisms. [Patrik]
 2010-08-14 15:13:15 +00:00
patrik
5f58469ba7 o [NSE] Added a new brute library that provides a basic framework and logic 
for password guessing scripts. [Patrik]
 2010-08-14 14:56:40 +00:00
patrik
aa49c23224 moved hostname from the info to the hostname field for Informix probes 2010-08-14 12:42:16 +00:00
patrik
2c874c0ba2 changed portrule to include both ibm-db2 and drda 
updated script.db and removed old db2- scripts and added the new ones
changed error message returned by helper class in drda for incorrect logins
 2010-08-14 11:52:18 +00:00
patrik
e570925c37 o [NSE] Renamed db2-info and db2-brute scripts to drda-*. Updated script 
and library to reflect name change. Added support other DRDA based
  databases such as IBM Informix Dynamic Server and Apache Derby.
  [Patrik]
 2010-08-14 08:33:16 +00:00
patrik
2b44c74187 renamed db2 scripts to drda and added the old ones for removal [Patrik] 2010-08-14 08:28:56 +00:00
david
e8ecc904b8 Call nsi_set_hostname in service_scan.cc. 2010-08-13 21:47:09 +00:00