PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-30 11:29:01 +00:00
Code Issues Projects Releases Wiki Activity
10,277 Commits 2 Branches 0 Tags
48a7155eccbfac93e8cc717d697c1f51a262bd90
Commit Graph

2401 Commits

Author SHA1 Message Date
dmiller
6139ed22e7 Replace host.ip, port.number with host, port 
In most cases (e.g. any of the nmap.socket operations), functions can
take full host and port tables instead of just host.ip and port.number.
This makes for cleaner-looking code and easier extensibility if we
decide to check for a protocol on both TCP and UDP, for instance.
 2015-02-18 14:38:42 +00:00
dmiller
9db8dfda1d Be more strict about NetBus protocol. Fixes false positives 
Had a report via service fingerprint correction of netbus-version
reporting an unrelated service as NetBuster. This would happen for any
service on port 12345 that responds with a banner containing less than 2
carriage returns, or which closes the connection after the first NetBus
protocol message. Now, all netbus-* scripts require the banner to begin
with "NetBus" before they will continue.
 2015-02-18 02:57:29 +00:00
dmiller
430f8a1f13 Save a request when running banner against unknown services 2015-02-12 20:04:28 +00:00
dmiller
9294365d9b Fix some NSE globals 2015-02-11 14:20:30 +00:00
jah
859ae15b9f Obtain whois remote assignments files over https. 2015-02-10 17:30:22 +00:00
jah
a26b28b635 Improve script output by removal of the empty line which follows two fields on 
the same line.
 2015-02-10 17:26:12 +00:00
dmiller
c37923f4e5 Use better packing to avoid excessive concatenations 2015-02-10 05:58:44 +00:00
dmiller
dd40ba14ea Remove data packing atrocities from broadcast-ping.nse 
Use of the "H" bin.unpack template should be discouraged, since it leads
to use of blobs of hex data without dissection. NSE scripts should be
self-documenting with regard to packet contents. Similarly, chaining
bin.pack and bin.unpack is usually an anti-pattern for some simpler
construct. In this case, converting a number to hex, padding it with
"0", and packing it is unnecessary, since the original number can be
packed directly with the proper endianness and width.
 2015-02-10 04:49:28 +00:00
paulino
c4eee98d07 Fixes documentation of script argument 2015-02-09 07:44:49 +00:00
paulino
40c806d50a Removes http-wordpress-plugins 2015-02-09 07:19:07 +00:00
paulino
617be2ea28 Renames the original http-wordpress-enum to http-wordpress-users and adds the new version of http-wordpress-enum which detects plugins and themes of Wordpress installations 2015-02-09 07:14:55 +00:00
dmiller
27bb53e295 Sanity check for ssh-hostkey to avoid many requests to tcpwrapped sshd 2015-02-06 19:50:26 +00:00
dmiller
d38b46e75c ssh-hostkey: don't print output if no keys found 2015-02-06 19:50:24 +00:00
dmiller
afc9f6f301 Remove unnecessarily-specific 'port.number' from comm.lua calls 2015-02-05 04:18:10 +00:00
dmiller
40652f215b Remove redundant 'proto=port.protocol' from comm.lua calls 2015-02-05 04:17:58 +00:00
dmiller
24f88f9b83 Let skypev2-version inspect service fingerprint 
Saves up to 2 requests per service for otherwise unmatched services
 2015-02-05 04:17:56 +00:00
dmiller
bf58512bec Move service fingerprint unwrapping code from scripts to lpeg-utility 2015-02-05 04:17:54 +00:00
batrick
e3b3deb7c8 Remove unnecessary string.format calls. 2015-01-31 05:35:26 +00:00
dmiller
179e42a9c6 Update http-slowloris-check 
Summary of changes:
* Clarified LIKELY_VULN status, since actual DoS may not be possible
  (false positive)
* Made worker threads closures to simplify/fix testing multiple servers
  at once.
* Added debug statements at script exit locations to clarify status when
  script terminates early.
* Added CVE reference.
 2015-01-23 15:37:09 +00:00
dmiller
137d2e3e94 The \z escape is Lua5.2 only, and NSEdoc portal uses 5.1, so this hack didn't work 2015-01-19 04:12:57 +00:00
paulino
563498f473 Adds http-shellshock.nse to detect web applications vulnerable to shellshock 2015-01-17 03:01:58 +00:00
dmiller
fb6e1f013c Fix some nsedoc issues with http-default-accounts 2015-01-15 19:50:13 +00:00
dmiller
9ffafe5334 Display empty server header as <empty> (#37) 2015-01-15 05:36:25 +00:00
dmiller
87fa397492 Let http-server-header handle an empty Server header 
Patch by nnposter. Fixes #37
 2015-01-15 05:36:23 +00:00
david
6c41e00a5f Link directly to the Team Cymru IP-to-ASN page. 2015-01-09 02:42:47 +00:00
dmiller
ee4b2dfe5d A TODO note for ssl-enum-ciphers 
We recently became dependent on OpenSSL for some of ssl-enum-ciphers's
functionality (parsing certificates). We should have a decent fallback
(e.g. don't parse the certificate, issue a warning, and use a dummy
score).

[ci skip] This tells Travis to skip the CI build when this commit is
pushed, useful for documentation changes that don't affect the build.
 2015-01-01 21:09:05 +00:00
tomsellers
10822d1633 More script updates to change Metasploit Redmine 
references to valid Github URLs
 2015-01-01 15:13:13 +00:00
tomsellers
d2622c0396 Fix reference in rmi-vuln-classloader.nse to point to Metasploit 
Github repo as Metasploit Redmine is deprecated and requires
auth.
 2015-01-01 14:59:35 +00:00
tomsellers
742444b87d Fix a typo in the regex that was truncating the version string. 2014-12-20 01:34:26 +00:00
tomsellers
d5af9560c3 Add the full ntpd version string, for example v4.2.4p4@1.1520-o, to the 
port's version attributes if the remote service provides it. Also capture
OS info as well as it can provide exact kernel versions in some cases.
 2014-12-20 01:14:34 +00:00
dmiller
9857aa6ac2 Service fingerprint lengths are in hex, not decimal 2014-12-18 03:29:20 +00:00
dmiller
425e407eb3 Use decoding instead of pattern match for protocol checking 2014-12-18 03:23:46 +00:00
dmiller
711f6d97c9 New script, snmp-info for querying snmpv3 services 2014-12-18 00:22:48 +00:00
dmiller
8e8935d2c0 Avoid comparing nil with an integer, potentially 2014-12-18 00:22:42 +00:00
tomsellers
845616623d Add support to 'citrix-enum-apps-xml' for reporting if published applications in the list are enforcing/requiring the level of ICA/session data encryption shown in the script result. This information was already in the XML provided by the server, this change just adds parsing for it. 2014-12-17 11:56:52 +00:00
dmiller
1653d846e6 Don't double-encode ssh key for XML output 2014-12-17 03:32:09 +00:00
dmiller
f9f2829e3c Switch to tail-recursion 2014-12-15 05:20:42 +00:00
dmiller
5f5af2d573 Add XML output to modbus-discover 2014-12-15 05:20:39 +00:00
dmiller
c3579c8b76 Another Raul Fuentes script: targets-ipv6-wordlist 2014-12-03 16:20:22 +00:00
dmiller
918d926913 Remove the unnecessary -recon portion of targets-ipv6 script 2014-12-03 16:02:16 +00:00
dmiller
5d6a024c7b Do a better job spelling people's names. Sorry, Raúl! 2014-12-02 18:36:15 +00:00
dmiller
bb96a09c16 Add one of Raul Fuentes's IPv6 recon scripts 2014-12-02 04:17:50 +00:00
dmiller
bfc9a00800 Let http-server-header send HTTP/1.1 request with Host header to elicit better response 2014-12-01 15:21:57 +00:00
dmiller
f90dd56021 Let tftp-enum substitute host's MAC address into filenames when known 2014-11-29 03:50:07 +00:00
dmiller
fc0337083e nnposter's ssl-date improvements http://seclists.org/nmap-dev/2014/q3/317 2014-11-18 03:53:25 +00:00
dmiller
c85bb0b54f Correct logic on checking for SHA1 certificate in ssl-enum-ciphers 2014-11-10 16:16:29 +00:00
dmiller
4e3baad093 Relax ssl-enum-ciphers' timeout to allow time for server processing 2014-11-10 16:16:27 +00:00
dmiller
e3024a6463 Documentation for new ssl-enum-ciphers rating system 2014-11-07 21:52:49 +00:00
dmiller
8f414cfc3a Correct conversion of DH key size to RSA bit strength equivalent 2014-11-07 21:41:38 +00:00
dmiller
222b2a009d Use internal cipher/handshake scoring system instead of static datafile 2014-11-07 16:39:26 +00:00