PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-30 03:19:02 +00:00
Code Issues Projects Releases Wiki Activity
7,195 Commits 2 Branches 0 Tags
5eca50f285bfccd655633ea71dd64746e6f40e0c
Commit Graph

7195 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
fyodor
5eca50f285 Add Henri to the commiters.txt list (he already was a committer) 2012-07-07 08:04:19 +00:00
dmiller
96d48d861c Fix error in http-vhosts when domain is nil 
./scripts/http-vhosts.nse:502: attempt to concatenate local 'domain' (a
nil value)
stack traceback:
        ./scripts/http-vhosts.nse:502: in function 'makeTargetName'
        ./scripts/http-vhosts.nse:542: in function
<./scripts/http-vhosts.nse:532>
        (...tail calls...)
 2012-07-06 14:16:26 +00:00
paulino
e707b6305a Adds http-phpself-xss : NSE to detect PHP files vulnerable to reflected cross site scripting via $_SERVER["PHP_SELF"] 2012-07-05 18:18:56 +00:00
henri
9baacdf9e3 [NSOCK] Fixed an epoll-engine-specific bug. The engine didn't recognized FDs 
that were internally closed and replaced by other ones. This happened during
reconnect attempts.

--

When reconnecting with SSL_OP_NO_SSLv2 (nsock_core.c:472), the libary closes the
fd of the current IOD, and replaces it by a new one.

The man page for epoll_ctl states that a close() on a fd makes it removed from
any epoll set it was in. Therefore, if epoll_ctl(EPOLL_CTL_MOD, ...) returns
ENOENT, we retry with EPOLL_CTL_ADD.
 2012-07-05 14:35:51 +00:00
henri
d86d3f68c2 Made nsock messages more consistent. 
- Always format function name without parens at the beginning of a message.
  - Added a nsi_new notification message.
  - Only trace the first call to nsi_delete() of a given IOD (i.e. don't log the
    calls issued from the resulting callbacks).
 2012-07-05 14:22:26 +00:00
paulino
783825f087 Adds http-tplink-dir-traversal.nse in the "exploit" and "vuln" category: NSE to exploit a path traversal vulnerability in the web administration panel of several TP-Link routers. 2012-07-04 20:33:10 +00:00
paulino
469e6ca5ca Fixes crash when using identify_404() that happened when the status response changes in the second or third request and the return value is the string "<unknown>". 
Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d.
 2012-07-04 20:21:08 +00:00
paulino
6b5d38ca8a Adds additional debug message when it fails to hint users about what happened. It also adds another check for web servers that return more than one 404 page. 2012-07-04 19:56:37 +00:00
tomsellers
e3787f2a37 Handle exception generated when the spider process hands http-backup-finder a URL that is only a hostname. When url.parse processes this value on line 107 of http-backup-finder it returns nil for the .path property. 
http-backup-finder.nse:107: attempt to index field 'path' (a nil value)
stack traceback:

Addressed this by setting nil .path values to '/'.  Tested with sites with and without backup files.  Verified that duplicate results were not returned.
 2012-07-04 18:54:38 +00:00
tomsellers
99c192cd1d Fix exception thrown in reverse-index when it is run again a host with no open ports. 
/reverse-index.nse:112: bad argument #1 to 'pairs' (table expected, got nil)
 2012-07-04 17:58:21 +00:00
paulino
bc3eb43f72 Fixes false positive when dealing with web servers returning status 200 for all reqs 2012-07-04 17:57:22 +00:00
robert
1e8babf64a Added Windows 8 to the list of Windows versions we recommend the WinPcap NPF service is started on startup. Our WinPcap installer appears to work fine on Windows 8 and Server 2012 build 8400. 2012-07-04 17:32:14 +00:00
tomsellers
22ae4ae108 Added couchbase matchline that does not require a database name. This is useful when the service response is so large that the database info is pushed outside the capture buffer. This was added *after* the matchline that captures the dbname if it is present. 
Also added space and a ':' to the database name capture character set to allow for when the database is on a windows server.
 2012-07-04 17:09:21 +00:00
tomsellers
97a22758f6 membase-http-info updated to reflect new server header found in current versions of the Couchbase HTTP admin port. Explanation email sent to list. 2012-07-04 15:56:48 +00:00
tomsellers
71439bcfac Patch to fix script issue when scanning HTTP servers that return 200 to every request. This causes the sanity check on line 88 to fail to trigger because the header value Server is nil. 
Implemented a check to if the target is returning 200 to all requests.

Also implemented additional logic on line 84 to verify that the Server header value is not nil.  This is just in case we run into another case where a response is 200 but the Server header does not exist.
 2012-07-04 15:16:46 +00:00
tomsellers
17fe702314 Service detection for Couchbase and Membase NoSQL server's web based administrative portal. By default this is on 8091 but can occur on any port. 2012-07-04 14:57:27 +00:00
patrik
b4caa8ea8c Added category external to http-icloud* scripts 2012-07-04 07:32:08 +00:00
tomsellers
1db5621470 Patch to address false positive generated when the target's httpd responds with a HTTP 200 for every request. Committing after email exchange with Paulino C. 2012-07-04 02:30:18 +00:00
perdo
7443db6f37 Hosts that differ only on the 'www' prefix are now treated as being equal. Also added some documentation for httpspider.useheadfornonwebfiles. 2012-07-03 21:48:26 +00:00
fyodor
288a4dc4ad suggest http.max-cache-size argument for consistency rather than http-max-cache-size (both work) 2012-07-03 19:48:23 +00:00
dmiller
fadfc6b71c Fix assertion failure when logtype==LOG_SKID_NOXLT 2012-07-03 17:22:47 +00:00
henri
f7ba1847cf Enforce proper variable initialization. 2012-07-03 12:19:24 +00:00
henri
1e422f344c Added support for log type bitmasks in log_vwrite(). Also replaced a fatal() 
statement by an assert(0) to get rid of a possible infinite call loop when
passed an invalid log type. [Henri Doreau]
 2012-07-03 11:44:24 +00:00
tomsellers
1c1b257c62 Version detection matchline updates: 
Barracuda HTTP filter    - adjustment to match more versions

GlobalScape CuteFTP sshd - additional match line
Cisco ASA WebVPN         - additional match line
VMware View              - additional match line

Bomgar Remote Access     - new product detection
Sybase SQLAnywhere httpd - new product detection, version string
 2012-07-03 03:47:41 +00:00
tomsellers
2a8f2f4f0d Update Microsoft Exchange detection string for pop3 and imap to indiciate that the current match string also matches Exchange 2010. 2012-07-02 23:58:41 +00:00
dmiller
5178fe236e Format CHANGELOG: wrap text at 80 and hanging indent 2012-07-02 15:39:35 +00:00
fyodor
e97449e062 define IPP 2012-07-02 08:32:51 +00:00
fyodor
6133b64d6c Add a short description of Versant so users know what it is 2012-07-01 23:29:58 +00:00
fyodor
ff73f20356 Add a bit more information about what the STUN protocol is 2012-07-01 23:25:26 +00:00
sean
6f910154b5 Added my name to the changelog to match the rest of the style. Also added a note about the error message WSAENETRESET. 2012-07-01 17:48:46 +00:00
sean
a62e7198f8 Added handling for WSAENETRESET (same as ENETRESET). Currently we just catch it and send the next probe. I wrapped the catch for ENETRESET in the #ifdef WIN32 incase we later want to different handling for WASENETREST and ENETRESET 2012-07-01 17:32:07 +00:00
perdo
e41d4a4e7e Added http-sitemap-generator script which spiders a webserver and displays its directory structure along with number and types of files in each folder. 2012-07-01 09:55:47 +00:00
perdo
9c8bc94c11 Fixed a missing require in http-sql-injection. 2012-07-01 09:48:06 +00:00
perdo
33c3838c45 Fixed a missing require in httpspider. 2012-07-01 09:45:14 +00:00
perdo
a00b104f43 Modified http-sql-injection to load the error strings to search for from a file. 2012-06-30 12:30:41 +00:00
perdo
3b8c88aac4 Added a list of common sql errors. 2012-06-30 12:28:15 +00:00
aca
4030bf6c1a Added metasploit-msgrpc-brute to trunk 2012-06-30 12:02:54 +00:00
kroosec
95f7d0d74a Added firewall-bypass script. 2012-06-30 09:42:12 +00:00
david
6a3295143e Reduced Port size two thirds, not one third. 2012-06-30 02:01:00 +00:00
sean
b8d65571b5 Moved my last change from the bottom to the top 2012-06-30 01:51:41 +00:00
david
a02382c2b8 Remove some redundant code now that --log-errors is gone. 2012-06-30 01:51:30 +00:00
sean
5c602916b8 Updated the changelog 2012-06-30 01:48:05 +00:00
sean
9b09390c52 Added a comment explaining the log-errors handling section 2012-06-30 01:45:10 +00:00
sean
0909f12308 Removed the log-errors option from the code, by treating it as if it was always true. This was done for the action item of o Remove Nmap's --log-errors feature and make its behavior the default. I also updated the docs/refguide.xml to reflect this change. I have not yet compiled the Dockbook.xml however. 2012-06-30 00:36:15 +00:00
david
6a0771f3b7 Add Metasploit remote API probe and matchline. 2012-06-29 23:21:52 +00:00
dmiller
5fdc8b5609 Add mcafee-epo-agent.nse version script 
Script to get version and other information from a McAfee (formerly
Network Associates) ePolicy Orchestrator Agent.
http://seclists.org/nmap-dev/2012/q2/870
 2012-06-29 19:18:14 +00:00
david
531dd2348c I'm guessing the dot in the kumo-server match should match '\n'. 2012-06-29 16:35:40 +00:00
david
f1b7b54da2 Get rid of useless trailing .* in matchline. 2012-06-29 16:35:38 +00:00
dmiller
3e71473630 Update scripting.xml to reflect Lua 5.2 
Changed links to Lua reference manual to point to appropriate sections
for 5.2. Books (Reference Manual and Programming in Lua, 2nd ed.) have
not been updated to 5.2 yet, so those were left alone.

Documented the change in API for linking C libs (luaL_newlib and
luaL_Reg vs luaL_register and luaL_reg).
 2012-06-28 20:09:36 +00:00
kroosec
7ca5589659 sip-brute: Added TCP support. 2012-06-28 09:20:43 +00:00