PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-29 10:59:02 +00:00
Code Issues Projects Releases Wiki Activity
7,033 Commits 2 Branches 0 Tags
54e73d555a03388a99aad1557d4e79c06b51ad6b
Commit Graph

7033 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
david
a161ba5fff Update zenmap.pot. 2012-05-22 20:13:14 +00:00
patrik
49edb164d2 renamed distcc-CVE-2004-2687.nse to distcc-cve2004-2687.nse 2012-05-22 19:53:19 +00:00
david
7cd074f02e Add Japanese Zenmap translation by Yuji Tounai a.k.a. Yousuke Yamamoto. 2012-05-22 19:52:38 +00:00
patrik
a1c7c9d31c Added thread support to the ssl-enum-ciphers script which dramatically improves 
performance. [Patrik Karlsson]
 2012-05-22 19:44:27 +00:00
patrik
61501038d2 o [NSE] Added the script icap-info, which tries to identify common ICAP 
service names and list service and tag information. [Patrik Karlsson]
 2012-05-22 18:34:25 +00:00
patrik
cbf901c195 added coded to stop spidering if the base coroutine is dead. 2012-05-22 18:22:18 +00:00
jah
b47d946195 Fixed KeyError: 'osmatches', reported separately by Thomas Neumayer and Jan Reister. 2012-05-22 18:14:48 +00:00
patrik
84c3de36fc Applied patch from Daniel Miller to fix two bugs in the httpspider library: 
* First bug, the LinkExtractor portion of httpspider doesn't check for a negative
    maxdepth (indicating no limit), and rejects all links.
  * Second bug, the withinhost and withindomain matching functions would throw an error
    when presented with a URL without a host portion. 

In addition the validate_link function was moved out to a separate function in the
LinkExtractor Class. [Daniel Miller]
 2012-05-22 17:26:12 +00:00
fyodor
22c7faa94b move the svn version number up to 6.01 and rebuild 2012-05-22 09:51:42 +00:00
fyodor
51e01bc14a Reword the script description slightly 2012-05-22 09:49:36 +00:00
fyodor
7d65a2d801 latest todo updates 2012-05-21 22:49:46 +00:00
henri
15f7ad8f3c Fixed typo. 2012-05-21 15:44:25 +00:00
kroosec
b95ed1812e Fixed @usage for http-traceroute. 2012-05-21 14:37:45 +00:00
kroosec
fd98061754 Fixed a small typo (--script-arg ) in 5 scripts. 2012-05-20 16:05:55 +00:00
kroosec
855bdbd289 Added http-traceroute script which exploits Max-Forwards HTTP header to detect reverse proxies. 2012-05-20 15:42:33 +00:00
patrik
d9b67a884b Added missing author and licensing information. 2012-05-20 14:45:16 +00:00
david
df516bc398 Fix typo when self.root is not None. 2012-05-19 19:31:10 +00:00
patrik
322ed971a2 o Added the script distcc-CVE-2004-2687 that checks and exploits a remote 
command execution vulnerability in distcc. [Patrik Karlsson]
 2012-05-19 17:39:53 +00:00
patrik
af950450b7 o Added two new scripts mysql-query and mysql-dump-hashes, which add support 
for performing custom MySQL queries and dump MySQL password hashes. [Patrik
  Karlsson]
 2012-05-19 17:33:41 +00:00
aca
c6341d2245 Fixed a typo in the description. 2012-05-19 16:36:59 +00:00
patrik
425ced35ab o Improved the mysql library to handle multiple columns with the same name, 
added a formatResultset function to format a query response to a table
  suitable for script output. [Patrik Karlsson]
 2012-05-19 12:23:41 +00:00
fyodor
660cb42825 fix a tiny typo 2012-05-19 08:37:25 +00:00
david
b33dd2d1da Don't use getuid and getgid on Windows. 2012-05-19 01:15:36 +00:00
david
402960a2a7 Friendlier error message when Zenmap modules can't be imported. 2012-05-18 16:41:37 +00:00
david
0283d41798 Replace INSTALL_LIB on installation. 
This restores code removed in r28342, which rewrites sys.path to include
the directory in which the Zenmap modules are installed. This is needed
to run the program without changes to PYTHONPATH when the installation
directory is not among the Python interpreter's default search paths.
(/usr/local/lib/python2.7/site-packages/ or a user's home directory are
common cases.) A difference is that now we make sure that the directory
we are adding is not writable by any other users, to avoid installation
mistakes like Debian bug #663217.
 2012-05-18 16:34:40 +00:00
david
263f57e87b Placeholder for sys.path augmentation. 2012-05-18 16:34:39 +00:00
david
a177d86601 add is_secure_dir function. 2012-05-18 16:34:38 +00:00
batrick
3498086354 Corrected buggy formatting from lua-format. David had used the Lua formatter in 
r28582.
 2012-05-18 03:59:14 +00:00
fyodor
5efa8bccee Improve the nsedoc for duplicates script slightly. The attempt to make a list wasn't rendered as one by nsedoc, so I just switched it to a comma-separated list for now 2012-05-18 02:48:13 +00:00
david
b838110933 Add more rationale for not installing suid root. 2012-05-18 01:27:15 +00:00
david
8d621f91aa Show a warning if we are running setuid or setgid. 2012-05-18 01:27:14 +00:00
david
824834bbf3 Expand an OS fingerprint. 2012-05-17 22:51:25 +00:00
david
37d623d070 Limit the errors that cause Sendto to sleep and retry. 
Sendto has logic to automatically sleep and retry a send if it fails.
Fyodor tells me that it was once necessary because of some transient
buffer shortage, though we can't remember the exact error it was in
response to.

The retry looks as though it has been slowly growing a list of
exceptional error codes for which sleeping is not done:
	EPERM EACCES EMSGSIZE EADDRNOTAVAIL EINVAL
The latest was EMSGSIZE in r19378.

I changed this to only sleep on specific errors. Not knowing what the
original error was, I have guessed
	ENOBUFS ENOMEM
 2012-05-17 22:04:13 +00:00
kroosec
9d37d8bdca Added fallback to GET + body grepping for servers that return non 404 status codes for inexisting files. 2012-05-17 11:46:00 +00:00
david
70d728ffcf Make "failed to determine route" a warning, not a fatal error. 2012-05-16 23:50:03 +00:00
kroosec
1e936a2eda Added http-drupal-modules.nse to script.db 2012-05-16 08:10:27 +00:00
fyodor
0e73946e9b Add an entry about our awesome Summer of Code team 2012-05-16 07:57:16 +00:00
fyodor
29f4bb2f34 Add a trivial task 2012-05-16 07:44:47 +00:00
kroosec
1baf0077b0 CHANGELOG for http-drupal-modules.nse 2012-05-16 00:18:57 +00:00
kroosec
ced6a8cc01 o [NSE] Added the script http-drupal-modules, which enumerates the installed 
Drupal modules using drupal-modules.lst. [Hani Benhabiles]
 2012-05-16 00:14:16 +00:00
fyodor
affa202a75 Add a todo entry about fixing NSE pipelining 2012-05-15 21:16:49 +00:00
david
16334a19f6 Reindent http-fingerprints.lua using lua-format. 
lua-format is Patrick's script and the reformatted file was done by
stripes.
 2012-05-15 04:00:57 +00:00
david
fba5e4307a Fix backslash escapes in Windows paths in http-fingerprints.lua. 
With the luac from Lua 5.2.0 I got this error:
luac: http-fingerprints.lua:2781: invalid escape sequence near '\.'
 2012-05-15 03:24:35 +00:00
david
ab293593f1 CHANGELOG for http-vuln-cve2012-1823.nse. 2012-05-15 00:08:32 +00:00
fyodor
0eae74e0c0 add a task about detecting suid operation and printing a warning, and also note a finished task 2012-05-14 21:57:11 +00:00
aca
85066093de Rewrite of ftp-brute.nse script 
Rewriten original ftp-brute.nse script to use 
brute library to perform password guessing.
 2012-05-14 21:53:37 +00:00
patrik
60c62a3514 o [NSE] Added the script dict-info, which retrieves information from a 
DICT server, by issuing the SHOW SERVER command. [Patrik Karlsson]
 2012-05-14 21:37:39 +00:00
patrik
b1fa1f567c o [NSE] Added the script gkrellm-info, which displays information retrieved 
from the GKRellm monitoring service. [Patrik Karlsson]
 2012-05-14 21:34:01 +00:00
patrik
2a3a2520fa o [NSE] Added the script ajp-request, which adds support for creating custom 
Apache JServer Protocol requests. [Patrik Karlsson]

o [NSE] Added the script ajp-brute, which enables password brute force auditing
  against the Apache JServ Protocol service. [Patrik Karlsson]
 2012-05-14 21:30:24 +00:00
patrik
aeb0cbb546 Added more AJP methods 2012-05-14 21:23:06 +00:00