PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-23 16:09:02 +00:00
Code Issues Projects Releases Wiki Activity
5,148 Commits 2 Branches 0 Tags
5a32f584d452efdce23d5ebbf80b958d01b51a94
Commit Graph

5148 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
patrik
527c5b2959 Modified the Domino Console match to separate out domain and include additional server info 2010-08-19 21:37:56 +00:00
patrik
a2c2a3f84c o [NSE] Added two new scripts http-brute.nse and http-form-brute that attempt 
to perform password guessing against web servers and applications. [Patrik]
 2010-08-19 20:53:40 +00:00
kris
a0d89f20d6 Set {NDIFF,NPING,ZENMAP}DIR in configure.ac and substitute it in the Makefile 
instead of having the directory names in Makefile.in.  This is how most
everything else works: Ncat (NCATDIR), liblua (LIBLUADIR), etc.
 2010-08-19 16:38:54 +00:00
luis
ec89b48a7b Updated with latest changes, after discussion with Fyodor 2010-08-18 21:42:08 +00:00
patrik
a946f11791 o [NSE] Added svn-brute, which attempts to perform password guessing against 
the subversion service. [Patrik]
 2010-08-18 20:50:51 +00:00
david
f1ea488753 Add better error checking to http.read_auth_challenge; bail out if 
read_token or read_token_or_quoted_string fails.
 2010-08-18 18:22:03 +00:00
david
d275f88183 Fix two bugs in http.read_auth_challenge reported by Tom Sellers. The 
first was that pos was declared as a local variable and shadowed the pos
parameter. The second was that when multiple WWW-Authenticate headers
were present, the wrong pos would be returned after reading the first
one. The arrow shows the pos it was returning:

Digest realm="My Site", domain="/", Basic realm="My Site"
                                          ^

It now returns this correct pos, ready to read the next challenge:

Digest realm="My Site", domain="/", Basic realm="My Site"
                                    ^

This was a problem I had already solved for Ncat but I copied the logic
imperfectly to http.lua.
 2010-08-18 18:16:22 +00:00
david
de90361073 Fix a bug in header parsing in http.lua. After reading a block of 
non-whitespace characters, the position counter was advanced one past
where it was supposed to be. This didn't have any bad effect when the
server used CRLF to separate header fields, because it ate the CR and
still recognized LF as ending the field. But it concatenated multiple
header fields when the server only used LF to separate them.
 2010-08-18 17:55:27 +00:00
david
66e1254649 Require -d2 to print out each guess in brute.lua, not just -d1. 2010-08-18 17:13:57 +00:00
david
018c6c5171 Remove the brute.emptypass script argument. We already include the 
empty password in our password list. If you want to turn it off, it
would be better to provide an interface that allows an iterator to throw
out certain passwords.
 2010-08-18 16:01:00 +00:00
david
f7b4d9146c Revise NSEDoc in brute.lua. 2010-08-18 15:52:32 +00:00
fyodor
ddf4544113 changes from discussion w/David -- lots of finished tasks\! 2010-08-17 23:53:59 +00:00
bmenrigh
10a51ff45d Fixed a usage of log_vwrite() that bit-masked several log destinations 
at once.  log_vwrite() only supports one destination at a time.
 2010-08-17 23:45:00 +00:00
david
9cbfbbaadc Remove a script.db entry for an uncommitted script I am working on, 
ovs-agent-version.nse.
 2010-08-17 22:44:28 +00:00
david
9ac9fbdd94 Add a "VULNERABLE" banner to the output of wdb-version.nse. 2010-08-17 22:30:43 +00:00
david
644e60c84c Put wdb-version in the "default" category. 2010-08-17 22:19:15 +00:00
david
bdec4ae901 Change the error message referring to SOCK_PACKET on Linux so it refers to 
PACKET instead. That appears to be the current option name as reported by Colin
Beckingham. I checked just now with "make menuconfig" in 2.6.34.1.
 2010-08-17 17:17:44 +00:00
djalal
9849be68a9 Use the new get_script_args() function to parse script arguments and clean some whitespaces. 2010-08-17 01:58:47 +00:00
fyodor
e52e6935d6 Add the nse broadcast socket support idea discussed on nmap-dev 2010-08-16 23:35:59 +00:00
djalal
f3e08e85a0 Merge r19753,r19755,r19756,r19776,r19783 changes from nmap-exp/djalal/nmap-add-targets. The changes introduce a new stdnse function 'get_script_args()' to parse script arguments. 2010-08-16 22:06:49 +00:00
david
3c89e089fc Change calls in these forms: 
socket:connect(host.ip, port.number)
socket:connect(host.ip, port.number, port.protocol)

to this:

socket:connect(host, port)

connect can take host and port tables now, and the default protocol is
taken from the port table if possible.
 2010-08-16 18:59:30 +00:00
david
bfffa53616 When nmap.connect gets a port table, let port.protocol be the default 
protocol (instead of always "tcp"). You can still override it by
providing an explicit protocol after the table.
 2010-08-16 18:09:04 +00:00
david
abbe5324bd Pass host and port tables instead of host.ip and port.number in http.lua 
and comm.lua.
 2010-08-16 17:41:57 +00:00
david
0e3c861ea0 Let nmap.connect take a host table and port table in place of a string 
and an integer. This is going to be used to easily support Server Name
Indication for SSL connections.
 2010-08-16 17:35:20 +00:00
david
a314b5b7d7 Don't print unknown hashes in http-php-version.nse unless high verbosity 
is used, otherwise you get hashes printed for sites that don't even use
PHP. Patch by Ange Gutek.
 2010-08-16 16:09:56 +00:00
david
230f5d662b Add reference links to wdb-version.nse. 2010-08-16 15:57:36 +00:00
david
12e699e001 Change the portrule of wdb-version to use port number 17185 instead of 
0x54321. 0x54321 worked, probably due to integer truncation somewhere.
 2010-08-16 14:40:59 +00:00
david
dbd99b59f6 Add the wdb-version script from Daniel Miller. 2010-08-16 14:39:13 +00:00
fyodor
c2a038bbfb Add Wind River Debugger RPC number from Daniel Miller 2010-08-15 20:26:18 +00:00
david
7cf99e1e4e Use a std::vector<bool> instead of std::bitset in traceroute.cc. bitset isn't 
available on Android.
 2010-08-15 03:40:54 +00:00
patrik
40a66945bb changed so that the error message of the Error object is returned when a 
script signals the engine to abort.
 2010-08-14 17:14:32 +00:00
patrik
ce0de70ae8 o [NSE] Added one script (vnc-brute) that performs password guessing against 
VNC using the new brute library and another (vnc-info) that lists supported
  security mechanisms. [Patrik]
 2010-08-14 15:13:15 +00:00
patrik
5f58469ba7 o [NSE] Added a new brute library that provides a basic framework and logic 
for password guessing scripts. [Patrik]
 2010-08-14 14:56:40 +00:00
patrik
aa49c23224 moved hostname from the info to the hostname field for Informix probes 2010-08-14 12:42:16 +00:00
patrik
2c874c0ba2 changed portrule to include both ibm-db2 and drda 
updated script.db and removed old db2- scripts and added the new ones
changed error message returned by helper class in drda for incorrect logins
 2010-08-14 11:52:18 +00:00
patrik
e570925c37 o [NSE] Renamed db2-info and db2-brute scripts to drda-*. Updated script 
and library to reflect name change. Added support other DRDA based
  databases such as IBM Informix Dynamic Server and Apache Derby.
  [Patrik]
 2010-08-14 08:33:16 +00:00
patrik
2b44c74187 renamed db2 scripts to drda and added the old ones for removal [Patrik] 2010-08-14 08:28:56 +00:00
david
e8ecc904b8 Call nsi_set_hostname in service_scan.cc. 2010-08-13 21:47:09 +00:00
david
aef511d890 o [Nsock] Added a new function, nsi_set_hostname, to set the intended 
hostname of the target. This allows the use of Server Name
  Indication in SSL connections. This was suggested by Nuno Goncalves.
 2010-08-13 21:35:20 +00:00
ron
39318fd843 Fixed the same small bug in smbv2-enabled.nse (was still using the wrong variable for an error message) 2010-08-13 20:39:20 +00:00
ron
af5d750a34 Fixed a small bug in smbv2-enabled.nse (was using the wrong variable for an error message) 2010-08-13 20:35:22 +00:00
fyodor
1ea691c4e3 regen man pages (there were some changes for nping to add echo mode) 2010-08-13 18:55:30 +00:00
fyodor
b3bef8f7a2 Fix some syntax errors (mostly misspelled tags and wrongly closed tags) in scripting.xml to get it to compile 2010-08-13 18:49:16 +00:00
batrick
47bbbfdcea Fixed some local declarations. 2010-08-13 18:40:00 +00:00
fyodor
cc5a8ee7fc Add an NSE script idea (new MSRPC bug) 2010-08-13 09:37:56 +00:00
fyodor
291d25bbb9 add openssl windows binary upgrade task 2010-08-13 05:56:01 +00:00
david
1290fad780 o [NSE] Added default limits on the number of ports that qscan will 
scan. By default, it will do upt o 8 open ports and up to 1 closed
  port. These limits can be controlled with the qscan.numopen and
  qscan.numclosed script arguments. [David]
 2010-08-13 05:17:07 +00:00
djalal
d056a97b10 Merge r19288:r19697 from nmap-exp/djalal/nse-rules-docs. This will update NSE doc to show the new prerules and postrules. 2010-08-13 00:41:54 +00:00
batrick
7b40aa34c5 formatting 2010-08-12 18:29:40 +00:00
kirubakaran
68fd970ec1 Adding comments to nmap debug print message 2010-08-12 15:18:58 +00:00