PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
7,189 Commits 2 Branches 0 Tags
469e6ca5ca55866312cd6ffed4b4e7a79b070219
Commit Graph

137 Commits

Author SHA1 Message Date
paulino
469e6ca5ca Fixes crash when using identify_404() that happened when the status response changes in the second or third request and the return value is the string "<unknown>". 
Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d.
 2012-07-04 20:21:08 +00:00
fyodor
288a4dc4ad suggest http.max-cache-size argument for consistency rather than http-max-cache-size (both work) 2012-07-03 19:48:23 +00:00
patrik
709fce67b1 Applied patches from Dan Miller to fix bugs in http and sslcert libraries; 
http://seclists.org/nmap-dev/2012/q2/696
 2012-06-15 10:07:32 +00:00
patrik
b96ffc0e14 fixed a global variable in http.lua 2012-06-11 21:02:41 +00:00
perdo
106c529dd6 While extracting forms from websites, field names are no longer converted to lowercase (the error was reported by Paulino). 2012-06-11 09:41:58 +00:00
perdo
8a049498d3 Added html forms 'parsing' routines to http.lua 2012-06-10 23:01:29 +00:00
patrik
55572542ef Fix for bug in cookie parsing code reported by Ron Bowes; 
http.lua:757: attempt to perform arithmetic on local 'pos' (a nil value)
 2012-06-07 16:06:58 +00:00
david
aa6717eb1f Lua 5.2 fixed from Daniel Miller. 
http://seclists.org/nmap-dev/2012/q2/525
 2012-05-29 20:11:39 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
batrick
b2f3139284 remove unnecessary escape 2012-03-30 03:14:31 +00:00
patrik
1d2c5cb735 Added additional http redirect documentation to the http library 2012-03-15 06:30:06 +00:00
david
d7f56c9f4c Typo. 2012-03-03 05:57:24 +00:00
patrik
fccccff960 * bugfixes to several http scripts related to new redirect code in http 
library
* added option to httpspider that allows passing the redirect_ok closure to
  the http library
[Patrik]
 2012-02-11 22:37:14 +00:00
patrik
e8dad669ef Fixed bug in redirection code reported by David. The redirect_ok function 
would fail validating a location if the port passed to http.get or http.head
was a number and not a table. [Patrik]
 2012-02-11 17:50:48 +00:00
patrik
48423a8a88 o [NSE] Added redirect support to the http library. All calls to http.get and 
http.head now transparently handle any HTTP redirects. [Patrik]
 2012-02-11 13:37:40 +00:00
henri
78a606b0b7 Fixed typo in comments: 
* respones -> responses
 2012-01-19 22:23:44 +00:00
henri
6f95d9fabe Fixed typos in comments: 
* Thse -> These
  * retunred -> returned
  * pipeling -> pipelining
 2012-01-19 22:22:10 +00:00
patrik
f93b31373a o [NSE] Fixed bug in the http library that would fail parsing authentication 
headers if no parameters were present. [Patrik]
 2011-12-19 18:35:32 +00:00
patrik
34db78528a o [NSE] Added support for detecting whether a http connection was established 
using SSL or not by the http.lua library [Patrik]
 2011-12-06 22:24:58 +00:00
patrik
b66a4849c4 o [NSE] Modified the http library to support servers that don't return valid 
chunked encoded data, such as the Citrix XML service. [Patrik]
 2011-11-07 06:04:13 +00:00
patrik
005322c8d4 o [NSE] Added a new script http-put.nse that allows uploading of local files 
to remote web servers using the HTTP PUT method. Added HTTP PUT support to
  the http library. [Patrik]
 2011-10-20 02:32:51 +00:00
paulino
8215c3420f Fixes the way of creating the request line by changing string.format for regular string concatenation to allow null bytes in the requests. 2011-07-15 23:48:00 +00:00
paulino
47a338c85a * Adds note about a desired feature: cache system for http pipelines 
* Adds note about the new signatures added to http-enum
 2011-07-01 20:45:28 +00:00
paulino
390eb9e4ab * Fixes bug when parsing script-args. The script was only using the value from the argument 'pipeline' but not from 'http-enum.pipeline'. 
* Makes clean_404 a public function. This function is used in the NSE script http-waf-detect to remove text that changes.
 2011-07-01 20:34:01 +00:00
batrick
4444071f03 use # length operator instead of string.len (canonicalize) 
Used this perl command:

$ # perl -pi -e 's/string\.len\((.*?)\)/#\1/g' *.lua

Also fixed one instance where the above command didn't correctly
translate the intended code (string.len(a .. b .. c)).
 2011-05-11 15:08:55 +00:00
patrik
b844caa6cd Changed the way cookie table fields are created in http.lua. This change 
ensures that attribute names are always treated as lower case. [Patrik]
 2011-03-15 21:42:49 +00:00
david
61543b681e Fix to http.validate_options from Sebastian Prengel: The cookies table 
was being iterated over incorrectly.

Also from Sebastian: add "expires" to the list of handled keys in
validate_options.
 2011-02-24 20:16:06 +00:00
batrick
47e6012b15 remove old commented code 2010-12-08 14:19:08 +00:00
patrik
e26eef6533 fixed typo intead -> instead [Patrik] 2010-11-05 10:10:36 +00:00
ron
fef25e6a42 Made some big style changes to clean up HTTP library. Primarily focused on improving the interface, NSEDoc, and pipline support 2010-11-02 02:07:01 +00:00
ron
13bb98b8b8 Bring in changes from my experimental brange, nmap-http 2010-10-27 03:08:08 +00:00
ron
2608bae6ca Rollback the changes to the HTTP library I accidentally commited in the last revision 2010-10-18 21:23:24 +00:00
ron
b8e712ceeb Added a couple shares to the list of common ones (requested on IRC by kraigus) 2010-10-18 21:16:48 +00:00
david
53bd35c9cd Increase the debug level required to print out the http.lua cache size. 2010-09-27 18:51:04 +00:00
david
92362b2d24 Move special request body handling out of http.post and into http.generic_request. 2010-09-27 01:21:45 +00:00
david
600848c268 Fix NSEDoc (@param not @arg). 2010-09-14 02:02:50 +00:00
david
f1ea488753 Add better error checking to http.read_auth_challenge; bail out if 
read_token or read_token_or_quoted_string fails.
 2010-08-18 18:22:03 +00:00
david
d275f88183 Fix two bugs in http.read_auth_challenge reported by Tom Sellers. The 
first was that pos was declared as a local variable and shadowed the pos
parameter. The second was that when multiple WWW-Authenticate headers
were present, the wrong pos would be returned after reading the first
one. The arrow shows the pos it was returning:

Digest realm="My Site", domain="/", Basic realm="My Site"
                                          ^

It now returns this correct pos, ready to read the next challenge:

Digest realm="My Site", domain="/", Basic realm="My Site"
                                    ^

This was a problem I had already solved for Ncat but I copied the logic
imperfectly to http.lua.
 2010-08-18 18:16:22 +00:00
david
de90361073 Fix a bug in header parsing in http.lua. After reading a block of 
non-whitespace characters, the position counter was advanced one past
where it was supposed to be. This didn't have any bad effect when the
server used CRLF to separate header fields, because it ate the CR and
still recognized LF as ending the field. But it concatenated multiple
header fields when the server only used LF to separate them.
 2010-08-18 17:55:27 +00:00
david
abbe5324bd Pass host and port tables instead of host.ip and port.number in http.lua 
and comm.lua.
 2010-08-16 17:41:57 +00:00
batrick
47bbbfdcea Fixed some local declarations. 2010-08-13 18:40:00 +00:00
batrick
7c7c30fc24 [NSE] (Global fix.) This fixes a spelling error. 2010-08-10 16:32:48 +00:00
david
1e54009fb9 Change the "namevals" key in the return value of 
http.read_auth_challenge to "params" to match RFC 2617.
 2010-07-25 17:33:35 +00:00
david
bb1119e199 Make the indentation of new auth-related http function match that of the 
rest of the file.
 2010-07-25 17:30:32 +00:00
david
bd0f13c9a0 Move the http.get_default_timeout function out of the section for 
parsing header values. get_default_timeout seems to be completely
unused, so I've moved it right to the end until someone can check on
that.
 2010-07-25 17:29:36 +00:00
david
d053e1a6cc Add RFC section references to the new http auth-related functions. 2010-07-25 17:26:46 +00:00
david
42a1bd99ab Merge from /nmap-exp/david/nmap-http-brute. This adds Basic 
authentication support for http requests.
 2010-07-25 17:12:52 +00:00
david
acd64e2921 Fix HTTP caching; every lookup was a cache miss. The problem was r16435, 
where I added a check to make sure that a GET request would hit a cache
entry for a HEAD request and vice versa. Because of a misnamed
identifier, the test was always false.
 2010-07-21 20:36:03 +00:00
david
7d0c08a097 Brief copyediting of NSEDoc for modules. 2010-07-12 19:42:43 +00:00
jah
e651aced8c Strip newlines from the the portion of the http status line starting after a 
space.
 2010-07-02 11:35:18 +00:00