PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-25 07:39:02 +00:00
Code Issues Projects Releases Wiki Activity
6,266 Commits 2 Branches 0 Tags
4cd625f089af14c19348fa5574bc071b5d2e6b9f
Commit Graph

1285 Commits

Author SHA1 Message Date
patrik
d3797510ee o [NSE] Added path argument to the http-auth script and changed so that script 
output was returned using stdnse.format_output [Duarte Silva, Patrik]
 2011-12-19 18:39:18 +00:00
patrik
f93b31373a o [NSE] Fixed bug in the http library that would fail parsing authentication 
headers if no parameters were present. [Patrik]
 2011-12-19 18:35:32 +00:00
patrik
c7231cf96f Reverted previous http-auth patch. [Patrik] 2011-12-19 06:57:51 +00:00
patrik
b6a56e9fa0 o [NSE] Modified http-auth to support multiple authentication mechanism and to 
allow for a path to be specified as an argument. [Patrik]
 2011-12-18 19:25:24 +00:00
patrik
215f697171 o Added new fingerprints to http-enum for Subversion, CVS and Apache Archiva 
[Duarte Silva]
 2011-12-18 19:11:24 +00:00
patrik
ca63146635 o [NSE] Added the script http-open-redirect that finds web pages that do not 
properly validate parameters used for HTTP redirects. [Martin Swende]
 2011-12-18 12:58:56 +00:00
patrik
3f50f9c95c o [NSE] Added the script broadcast-pc-anywhere that discovers host running the 
PC-Anywhere remote control software on the LAN. [Patrik]

o [NSE] Added the script broadcast-pc-duo that discovers hosts running the
  PC-Duo remote control software on the LAN. [Patrik]

o Added probes for discovering PC-Duo and PC-Anywhere hosts. [Patrik]
 2011-12-18 09:33:38 +00:00
patrik
2197116d18 o [NSE] Added support for forcing scripts to run agains certain ports by adding 
a plus in front of the script name. [Martin Swende]
 2011-12-16 20:37:46 +00:00
patrik
f749c7cd45 o [NSE] Added the script broadcast-wake-on-lan that wakes systems from sleep 
by sending a Wake On Lan packet. [Patrik]
 2011-12-16 18:00:34 +00:00
patrik
844929ce64 o [NSE] Added the script http-unsafe-output-escaping that checks if parameter 
contents are reflected in responses, aiding in discovering potential XSS
  vulnerabilities. [Martin Swende]
 2011-12-15 06:19:20 +00:00
david
cc4812bac3 Add a training semicolon to categories in .desktop files. 
This was contributed by Frederik Schwarzer and avoids this warning:

kbuildsycoca4(21865) KConfigGroup::readXdgListEntry: List entry Categories in "/usr/share/applications/zenmap.desktop" is not compliant with XDG standard (missing trailing semicolon).
 2011-12-12 09:05:48 +00:00
patrik
4214307364 o [NSE] Added the script http-grep that attempts to match web pages and urls 
against a given pattern. [Patrik]
 2011-12-11 19:44:26 +00:00
patrik
74b53a6a14 o [NSE] Added stop function to crawler so that scripts can properly shutdown 
the crawler in case they want to end early. [Patrik]
 2011-12-11 10:59:35 +00:00
patrik
3e8440f5f6 o [NSE] Fixed issue in path encoding in the http-backup-finder script. [Patrik] 2011-12-11 09:17:21 +00:00
patrik
5183478e8c o [NSE] Added the script http-backup-finder that searches for backup copies 
of files discovered by crawling a website. [Patrik]
 2011-12-10 10:32:18 +00:00
patrik
8254da793e o [NSE] Added getLimitations function to httpspider that returns any 
limitations imposed on the crawler. [Patrik]
 2011-12-10 10:11:56 +00:00
patrik
e20a1b5174 o [NSE] Modified the httpspider library to prefetch links in the queue and 
change how script arguments are processed. Script and library arguments are
  now processed from within the library. [Patrik]
 2011-12-09 15:48:19 +00:00
david
6cbd5a9a58 Allow --exclude and --excludefile together. 2011-12-08 23:16:57 +00:00
patrik
9d5875e245 o [NSE] Added the script http-apache-negotiation that detects if the Apache 
module mod_negotiate is enabled. [Hani Benhabiles]
 2011-12-08 20:50:12 +00:00
patrik
25a54f58cb o [NSE] Applied patch that corrects an issue where the http-method-tamper 
script would fail to properly detect JBoss servers vulnerable to the
  CVE-2010-0738 vulnerability. [Hani Benhabiles]
 2011-12-08 19:04:42 +00:00
patrik
682a9a746b o [NSE] Added a new httpspider library and the script http-email-harvest that 
collects e-mail addresses by spidering a website. [Patrik]
 2011-12-06 22:47:11 +00:00
patrik
34db78528a o [NSE] Added support for detecting whether a http connection was established 
using SSL or not by the http.lua library [Patrik]
 2011-12-06 22:24:58 +00:00
patrik
acb1455874 o [NSE] Applied patch that replaces a number of GET requests to HEAD in http- 
fingerprints.lua where no matching was performed on the returned contents.
  [Hani Benhabiles]
 2011-12-06 15:57:21 +00:00
patrik
0340c7321c o [NSE] Applied patch to the ssl-cert script that adds support for getting SSL 
certificates from FTP servers. [Matt Selsky]
 2011-12-06 15:49:36 +00:00
patrik
171c917b37 o [NSE] Added the a Vuze library, port probe and the script vuze-dht-info. The 
script connects to a Vuze node and gets protocol, vendor and network
  information. [Patrik]
 2011-12-03 09:18:58 +00:00
colin
d3fd9bda66 Updated changelog and todo list for nping --safe-payloads defaulting. 2011-11-30 03:12:55 +00:00
patrik
4c525b584d o [NSE] Added the script reverse-index that creates creates a reverse index 
showing which hosts run a particular service rather than the services for
  each host. [Patrik]
 2011-11-29 00:48:59 +00:00
patrik
b2513a2aaf o [NSE] Added whitelist capabilities to the unusual-port script to be able 
to handle legitimate services on dynamic ports and discrepancies between
  names of services. [Patrik]
 2011-11-29 00:41:07 +00:00
patrik
95af3f1937 o [NSE] Added the script unusual-port that compares a detected service on a 
port against the expected service listed in nmap-services [Patrik]
 2011-11-25 21:09:19 +00:00
patrik
36445c0dba revised changelog message 2011-11-20 12:35:00 +00:00
patrik
510ebe0eb7 o [NSE] Added the script broadcast-sybase-asa-discover that discovers Sybase 
SQL Anywhere servers on the local LAN. [Patrik]
 2011-11-20 12:33:53 +00:00
patrik
01ccd79c34 o Added a probe for Sybase SQL Anywhere. [Patrik] 2011-11-20 11:03:06 +00:00
patrik
9b2d03d633 o [NSE] Added maxdb-info script that tries to enumerate version and database 
information from a SAP MaxDB database [Patrik]
 2011-11-17 22:12:59 +00:00
patrik
4c0ed27d89 o [NSE] Added nexpose-brute a script that performs password auditing against 
the Nexpose vulnerability scanner. [Vlatko Kosturjak]
 2011-11-17 19:46:42 +00:00
patrik
4b64da4f14 o [NSE] Added http-vuln-cve2011-3368 a script that attempts to detect whether 
the remote web server is vulnerable to the Apache reverse proxy bypass
  vulnerability CVE-2011-3368. [Ange Gutek, Patrik]
 2011-11-17 19:33:19 +00:00
patrik
4edf096715 o [NSE] Added new functionality and fixed some bugs in the brute library: 
- Added support for restricting the amount of guesses performed by the
    brute library against users, to prevent account lockouts.
  - Added support to guess the username as password as incorrectly
    suggested as default behavior by the documentation.
  - Added support to guess an empty string as password if not present
    in the dictionary. [Patrik]
 2011-11-13 09:51:15 +00:00
patrik
2db31ad9f5 o Added a probe for the MongoDB service [Martin Holst Swende] 2011-11-11 20:29:55 +00:00
patrik
a8f57064fd o Added a probe for the Metasploit XMLRPC service [Vlatko Kosturjak] 2011-11-11 06:42:01 +00:00
patrik
1aa3e7c456 o [NSE] Re-enabled support for guessing the username in addition to password 
that was incorrectly removed from the metasploit-xmlrpc-brute in previous
  commit. [Patrik]
 2011-11-11 05:52:52 +00:00
patrik
8ec7da89c8 o [NSE] Added the script metasploit-xmlrpc-brute that performs password 
auditing against the Metasploit XMLRPC service. [Vlatko Kosturjak]
 2011-11-10 21:43:54 +00:00
patrik
352efc6ded o [NSE] Added the script openvas-otp-brute that performs password auditing 
against the OpenVas service. [Vlatko Kosturjak]
 2011-11-10 20:50:04 +00:00
patrik
77380bd9b0 o [NSE] Fixed bug that would prevent brute scripts from running if no service 
field was present in the port table. [Patrik]
 2011-11-10 20:42:47 +00:00
patrik
7b43d1cafb o [NSE] Added the scripts bitcoin-info, bitcoin-getaddr and a supporting 
Bitcoin library. The script bitcoin-info retrieves information about the
  remote server, while the bitcoin-getaddr script retrieves a list of
  discovered remote Bitcoin nodes. [Patrik]
 2011-11-09 18:56:16 +00:00
djalal
08b1160c87 Updated some of the vulnerability scripts to use the new vulnerability library. 2011-11-09 10:08:19 +00:00
david
4757dadd11 Add irc-botnet-channels.nse. 2011-11-09 01:42:03 +00:00
patrik
465594fa87 o [NSE] Added the http-method-tamper script that detects authentication bypass 
vulnerabilities using the http HEAD method as reported in CVE-2010-738.
  [Hani Benhabiles]
 2011-11-08 21:18:22 +00:00
david
fddfd9b0e6 Use promiscuous mode in targets-sniffer.nse. 2011-11-08 16:10:35 +00:00
david
ab447ef92c CHANGELOG for Hadoop and HBase scripts. 2011-11-08 16:00:18 +00:00
patrik
b66a4849c4 o [NSE] Modified the http library to support servers that don't return valid 
chunked encoded data, such as the Citrix XML service. [Patrik]
 2011-11-07 06:04:13 +00:00
fyodor
c12d343ccc fix a typo 2011-11-07 04:51:42 +00:00