PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity
10,101 Commits 2 Branches 0 Tags
58f00324eb56fe0dd6704255b5db72006d9852a1
Commit Graph

183 Commits

Author SHA1 Message Date
tomsellers
58f00324eb NSE: Prevent http.identify_404 from following HTTP redirects, standardize calls to it. Closes #251 2015-12-05 10:16:51 +00:00
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
dmiller
521226cd63 Fix a bug with declaring parse_set_cookie local twice 2015-11-04 03:57:17 +00:00
dmiller
5e2bb7ad86 Fix parsing of Set-Cookie headers. Closes #229 2015-11-02 16:02:50 +00:00
dmiller
0146739b87 Fix http.get_url with https. http://seclists.org/nmap-dev/2015/q3/336 2015-09-21 19:05:38 +00:00
dmiller
9840973b60 Fix format string argument mismatches 
Cases where the format string does not contain any placeholders, but
values are given anyway. Cases where string.format is used without any
placeholders or arguments.
 2015-09-18 12:40:32 +00:00
dmiller
6752546ef5 Fixes #212 http.get_url with https 2015-09-18 03:54:59 +00:00
dmiller
7c08cf9c4f Clean up nested list in nsedoc 2015-08-04 14:21:48 +00:00
gyani
759d944397 Modified the debug string that is passed when ssl is not present to 
include ntlm.
 2015-07-04 08:22:08 +00:00
gyani
3d2a008cef Modified smbauth.lua to create ntlmv2 session response. 
http.lua now allows NTLM authentication.
 2015-07-04 08:19:17 +00:00
dmiller
54543b303c Clean up some documentation regarding http redirects 2015-04-10 12:56:05 +00:00
dmiller
2e55f5d3b8 Allow redirect_ok to be a number of redirects to follow (http.lua) 2015-04-10 03:42:44 +00:00
dmiller
99cc5102c3 Correct a typo: tables don't work like strings 2014-09-23 13:41:58 +00:00
dmiller
a101e58a4c Abstract case-insensititive html tag searching 2014-09-20 14:49:57 +00:00
dmiller
ed9ecc54ea Improve html form parsing, patch from nnposter 
http://seclists.org/nmap-dev/2014/q3/418
 2014-09-20 14:49:55 +00:00
dmiller
e8eddb6cfe Use comm.lua default timeouts for http.pipeline_go, remove unused get_default_timeout 2014-09-18 04:11:28 +00:00
dmiller
327496d50c Relax http.parse_form to allow forms without an action 
Patch from nnposter: http://seclists.org/nmap-dev/2014/q3/384
 2014-09-18 03:38:23 +00:00
dmiller
440ed59396 Export http.parse_redirect, a useful function 2014-09-17 21:57:57 +00:00
dmiller
667be96764 Fix some nsedoc 2014-08-29 19:58:15 +00:00
batrick
4b9f1c6766 nselib stdnse.print_debug -> stdnse.debug 
Manual fixes.
 2014-08-03 01:17:09 +00:00
batrick
ee6622aea4 nselib stdnse.print_debug -> stdnse.debug 
$ f() { find -name \*.lua -exec /bin/echo sed -i "$1" {} \; ; }
$ f 's/stdnse.print_debug( *\([0-9]*\) *, */stdnse.debug\1(/'
$ f 's/stdnse.print_debug( *"\(.*\))/stdnse.debug1("\1)/'
 2014-08-03 00:56:45 +00:00
patrik
b440d9c064 fix redirect bug in head request where redirects would not be honored 2014-04-26 13:34:48 +00:00
dmiller
17c3e9755e NSEdoc cleanup. 
1. The first paragraph of a function's NSEdoc is used as a short
summary. Some of these were very long, so I split off a shorter summary.

2. Use asterisks (*) to denote bulletted lists, not 'o'

3. Wrap lines at 80 columns

4. a couple other spelling and formatting fixes
 2014-03-10 19:01:19 +00:00
dmiller
1b71f75aad Spelling fixes for Lua files 
Mostly in documentation/comments, but a couple code bugs were caught,
including a call to stdnse.pirnt_debug and a mis-declared variable.
 2014-02-19 04:15:46 +00:00
dmiller
3b5b0ba154 Note that HTTPS is supported by http NSE library 2014-01-15 16:52:46 +00:00
jah
eaf171e7bd Add missing argument 'HEAD' to the example pipeline_add call in the library 
documentation.  Change to uppercase method names in the documentation for
pipeline_add.
 2013-11-03 22:56:04 +00:00
jah
78dc01d0e0 Remove some trailing whitespace. 2013-11-03 22:47:28 +00:00
jah
1237013fb0 Make a few minor whitespace changes. 2013-11-03 22:22:23 +00:00
sophron
8477e0586a [NSE] Updated parse_form function to support double quotes and return more attributes. 2013-08-16 20:04:12 +00:00
sophron
23457a77c0 Modifies the cookie header assembling logic to make it more compliant with RFC 6265, Section 4.2.1, which does not allow the trailing semicolon. Patch by nnposter. 2013-08-10 23:09:16 +00:00
sophron
4b8ed158cf Modifies interpretation of the cookie path in nselib/http.lua to make it more compliant with RFC 6265, Section 5.1.4. Patch by nnposter. 2013-08-10 23:02:40 +00:00
david
1ebb9bfe20 Don't include a port number in the Host header. 
We never intend to ask for a service on a port other than the one we
connect to. By my reading of RFC 2616 section 14.23, we can leave the
port number off in this case. Robin Wood reported that
https://twitter.com/ gives you a redirect instead of a page if you send
it
	Host: twitter.com:443
rather than
	Host: twitter.com

http://seclists.org/nmap-dev/2013/q1/267
 2013-03-02 01:05:32 +00:00
david
842f9e6804 Revert "Lower-case scheme comparisons." 
Handle it at the url.parse level.
 2013-02-07 23:43:50 +00:00
david
5273567981 Lower-case scheme comparisons. 
I'm seeing redirects to "HTTP://example.com/".
 2013-02-07 23:37:48 +00:00
david
9434dd7d2f parse_redirect: fill in port number even if authority but not scheme is present. 
For example "//example.com/en/": the function needs to return with
u.port set, just as it would with "http://example.com/en/".
 2013-02-07 23:12:41 +00:00
david
4cdb5301dd 300 and 303 are also HTTP redirects. 2013-02-07 22:28:10 +00:00
david
7c7ffdb756 Typo. 2013-02-02 01:41:50 +00:00
patrik
13411ab6d1 Fixed a bunch of errors related to inproper responses from webservers. 2012-08-31 15:17:14 +00:00
aca
fd32aec639 Merged http-slowloris-check 2012-08-24 09:19:30 +00:00
perdo
7781d39cdf Textarea's name should not be lowercased. 2012-08-05 22:39:05 +00:00
perdo
ba049718b0 Add digest auth support to http-brute (and to http library). Also fix whitespace in sasl.lua. 2012-08-05 22:23:54 +00:00
patrik
6f43ac38b2 SSL overhaul fixing OpenSSL related problems when SSL has not been compiled in 
* replace require function calls with stndse.silent_require
* fixed a bug in nse_main that would fail creating scripts.db when a script
  fails to load
* reworked some code to provide limited functionality even though SSL is not
  present
 2012-08-05 12:05:07 +00:00
henri
d0e684735a Typo (identfy_404 -> identify_404). 2012-08-01 07:53:16 +00:00
perdo
8025ba5a5a Added some checks for http response's body being nil. 2012-07-23 22:47:11 +00:00
perdo
612ca59323 Modify pipelining implementation a bit, allow a user to specify size of the pipeline, fix some debugging messages. 2012-07-23 21:58:40 +00:00
perdo
614077f122 Functions from http library that make requests now always return a table. 2012-07-09 10:18:29 +00:00
paulino
469e6ca5ca Fixes crash when using identify_404() that happened when the status response changes in the second or third request and the return value is the string "<unknown>". 
Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d.
 2012-07-04 20:21:08 +00:00
fyodor
288a4dc4ad suggest http.max-cache-size argument for consistency rather than http-max-cache-size (both work) 2012-07-03 19:48:23 +00:00
patrik
709fce67b1 Applied patches from Dan Miller to fix bugs in http and sslcert libraries; 
http://seclists.org/nmap-dev/2012/q2/696
 2012-06-15 10:07:32 +00:00
patrik
b96ffc0e14 fixed a global variable in http.lua 2012-06-11 21:02:41 +00:00