PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-10 00:19:02 +00:00
Code Issues Projects Releases Wiki Activity
7,189 Commits 2 Branches 0 Tags
469e6ca5ca55866312cd6ffed4b4e7a79b070219
Commit Graph

7189 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
paulino
469e6ca5ca Fixes crash when using identify_404() that happened when the status response changes in the second or third request and the return value is the string "<unknown>". 
Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d.
 2012-07-04 20:21:08 +00:00
paulino
6b5d38ca8a Adds additional debug message when it fails to hint users about what happened. It also adds another check for web servers that return more than one 404 page. 2012-07-04 19:56:37 +00:00
tomsellers
e3787f2a37 Handle exception generated when the spider process hands http-backup-finder a URL that is only a hostname. When url.parse processes this value on line 107 of http-backup-finder it returns nil for the .path property. 
http-backup-finder.nse:107: attempt to index field 'path' (a nil value)
stack traceback:

Addressed this by setting nil .path values to '/'.  Tested with sites with and without backup files.  Verified that duplicate results were not returned.
 2012-07-04 18:54:38 +00:00
tomsellers
99c192cd1d Fix exception thrown in reverse-index when it is run again a host with no open ports. 
/reverse-index.nse:112: bad argument #1 to 'pairs' (table expected, got nil)
 2012-07-04 17:58:21 +00:00
paulino
bc3eb43f72 Fixes false positive when dealing with web servers returning status 200 for all reqs 2012-07-04 17:57:22 +00:00
robert
1e8babf64a Added Windows 8 to the list of Windows versions we recommend the WinPcap NPF service is started on startup. Our WinPcap installer appears to work fine on Windows 8 and Server 2012 build 8400. 2012-07-04 17:32:14 +00:00
tomsellers
22ae4ae108 Added couchbase matchline that does not require a database name. This is useful when the service response is so large that the database info is pushed outside the capture buffer. This was added *after* the matchline that captures the dbname if it is present. 
Also added space and a ':' to the database name capture character set to allow for when the database is on a windows server.
 2012-07-04 17:09:21 +00:00
tomsellers
97a22758f6 membase-http-info updated to reflect new server header found in current versions of the Couchbase HTTP admin port. Explanation email sent to list. 2012-07-04 15:56:48 +00:00
tomsellers
71439bcfac Patch to fix script issue when scanning HTTP servers that return 200 to every request. This causes the sanity check on line 88 to fail to trigger because the header value Server is nil. 
Implemented a check to if the target is returning 200 to all requests.

Also implemented additional logic on line 84 to verify that the Server header value is not nil.  This is just in case we run into another case where a response is 200 but the Server header does not exist.
 2012-07-04 15:16:46 +00:00
tomsellers
17fe702314 Service detection for Couchbase and Membase NoSQL server's web based administrative portal. By default this is on 8091 but can occur on any port. 2012-07-04 14:57:27 +00:00
patrik
b4caa8ea8c Added category external to http-icloud* scripts 2012-07-04 07:32:08 +00:00
tomsellers
1db5621470 Patch to address false positive generated when the target's httpd responds with a HTTP 200 for every request. Committing after email exchange with Paulino C. 2012-07-04 02:30:18 +00:00
perdo
7443db6f37 Hosts that differ only on the 'www' prefix are now treated as being equal. Also added some documentation for httpspider.useheadfornonwebfiles. 2012-07-03 21:48:26 +00:00
fyodor
288a4dc4ad suggest http.max-cache-size argument for consistency rather than http-max-cache-size (both work) 2012-07-03 19:48:23 +00:00
dmiller
fadfc6b71c Fix assertion failure when logtype==LOG_SKID_NOXLT 2012-07-03 17:22:47 +00:00
henri
f7ba1847cf Enforce proper variable initialization. 2012-07-03 12:19:24 +00:00
henri
1e422f344c Added support for log type bitmasks in log_vwrite(). Also replaced a fatal() 
statement by an assert(0) to get rid of a possible infinite call loop when
passed an invalid log type. [Henri Doreau]
 2012-07-03 11:44:24 +00:00
tomsellers
1c1b257c62 Version detection matchline updates: 
Barracuda HTTP filter    - adjustment to match more versions

GlobalScape CuteFTP sshd - additional match line
Cisco ASA WebVPN         - additional match line
VMware View              - additional match line

Bomgar Remote Access     - new product detection
Sybase SQLAnywhere httpd - new product detection, version string
 2012-07-03 03:47:41 +00:00
tomsellers
2a8f2f4f0d Update Microsoft Exchange detection string for pop3 and imap to indiciate that the current match string also matches Exchange 2010. 2012-07-02 23:58:41 +00:00
dmiller
5178fe236e Format CHANGELOG: wrap text at 80 and hanging indent 2012-07-02 15:39:35 +00:00
fyodor
e97449e062 define IPP 2012-07-02 08:32:51 +00:00
fyodor
6133b64d6c Add a short description of Versant so users know what it is 2012-07-01 23:29:58 +00:00
fyodor
ff73f20356 Add a bit more information about what the STUN protocol is 2012-07-01 23:25:26 +00:00
sean
6f910154b5 Added my name to the changelog to match the rest of the style. Also added a note about the error message WSAENETRESET. 2012-07-01 17:48:46 +00:00
sean
a62e7198f8 Added handling for WSAENETRESET (same as ENETRESET). Currently we just catch it and send the next probe. I wrapped the catch for ENETRESET in the #ifdef WIN32 incase we later want to different handling for WASENETREST and ENETRESET 2012-07-01 17:32:07 +00:00
perdo
e41d4a4e7e Added http-sitemap-generator script which spiders a webserver and displays its directory structure along with number and types of files in each folder. 2012-07-01 09:55:47 +00:00
perdo
9c8bc94c11 Fixed a missing require in http-sql-injection. 2012-07-01 09:48:06 +00:00
perdo
33c3838c45 Fixed a missing require in httpspider. 2012-07-01 09:45:14 +00:00
perdo
a00b104f43 Modified http-sql-injection to load the error strings to search for from a file. 2012-06-30 12:30:41 +00:00
perdo
3b8c88aac4 Added a list of common sql errors. 2012-06-30 12:28:15 +00:00
aca
4030bf6c1a Added metasploit-msgrpc-brute to trunk 2012-06-30 12:02:54 +00:00
kroosec
95f7d0d74a Added firewall-bypass script. 2012-06-30 09:42:12 +00:00
david
6a3295143e Reduced Port size two thirds, not one third. 2012-06-30 02:01:00 +00:00
sean
b8d65571b5 Moved my last change from the bottom to the top 2012-06-30 01:51:41 +00:00
david
a02382c2b8 Remove some redundant code now that --log-errors is gone. 2012-06-30 01:51:30 +00:00
sean
5c602916b8 Updated the changelog 2012-06-30 01:48:05 +00:00
sean
9b09390c52 Added a comment explaining the log-errors handling section 2012-06-30 01:45:10 +00:00
sean
0909f12308 Removed the log-errors option from the code, by treating it as if it was always true. This was done for the action item of o Remove Nmap's --log-errors feature and make its behavior the default. I also updated the docs/refguide.xml to reflect this change. I have not yet compiled the Dockbook.xml however. 2012-06-30 00:36:15 +00:00
david
6a0771f3b7 Add Metasploit remote API probe and matchline. 2012-06-29 23:21:52 +00:00
dmiller
5fdc8b5609 Add mcafee-epo-agent.nse version script 
Script to get version and other information from a McAfee (formerly
Network Associates) ePolicy Orchestrator Agent.
http://seclists.org/nmap-dev/2012/q2/870
 2012-06-29 19:18:14 +00:00
david
531dd2348c I'm guessing the dot in the kumo-server match should match '\n'. 2012-06-29 16:35:40 +00:00
david
f1b7b54da2 Get rid of useless trailing .* in matchline. 2012-06-29 16:35:38 +00:00
dmiller
3e71473630 Update scripting.xml to reflect Lua 5.2 
Changed links to Lua reference manual to point to appropriate sections
for 5.2. Books (Reference Manual and Programming in Lua, 2nd ed.) have
not been updated to 5.2 yet, so those were left alone.

Documented the change in API for linking C libs (luaL_newlib and
luaL_Reg vs luaL_register and luaL_reg).
 2012-06-28 20:09:36 +00:00
kroosec
7ca5589659 sip-brute: Added TCP support. 2012-06-28 09:20:43 +00:00
kroosec
c28ec08836 Added TCP support. Cleaned redundant code. 2012-06-28 09:00:36 +00:00
kroosec
2dffec733e Allowed support of SIP over TCP and made adequate changes to sip.lua 2012-06-28 08:47:07 +00:00
fyodor
f3fd6b5b32 Congratulations to new Nmap committer Dan Miller\! 2012-06-28 00:22:03 +00:00
kroosec
886f64f1f9 Typo in changelog. 2012-06-27 15:46:00 +00:00
fyodor
d5af1f6940 rebuilt nmap-services to include memcachedb on 21201/tcp 2012-06-26 23:59:19 +00:00
fyodor
1f8d3ee033 Add a task note about considering whether to ship OpenSSL source with Nmap, so users who don't have it installed can still get the functionality in their Nmap 2012-06-26 20:06:59 +00:00