Sometimes (e.g. when using an external API), a script wants to connect
by name to a server and doesn't care whether IPv4 or IPv6 is used. By
passing the "any_af" option, the first resolved address of any address
family will be used, allowing external-category scripts which used to
fail with -6 to succeed.
The rpcinfo script can now set version info just like rpc-grind. Since
this requires considerably less traffic than rpc-grind, I made rpc-grind
depend on rpcinfo so that it will avoid running if we can get the
version information this way instead.
Also changed rpcinfo to only run on port 111, not on "rpcbind" service
since that's what -sV labels any detected RPC service.
so that whois-ip will not make HTTP requests to iana.org unless it is
permitted to write the remote resources to a local file and to
subsequently read from the local file.
A problem encountered while obtaining or locally caching a remote IANA
assignment file for one address family will not prevent the use of an
assignment file corresponding to a different address family.
Instead of hard-coding the many-years-invalid IP address of
scanme.nmap.org, look it up via DNS. Even better, you can override the
host used for this purpose, in case you don't want to tip your hand.
Now can correctly handle complex token-based CSRF protections by grabbing all
fields from the login form and using session cookies from the form request.
These cookies are sent with subsequent redirect-following requests for better
failure detection. On success, cookies are cleared and re-acquired.
A database of known web apps' login forms is used for form detection, helpful
for those whose username and password fields do not begin with "user" and
"pass". Form mangling (to remove cookie checks in one instance) and custom
onsuccess functions are also supported. Tested: django, wordpress, mediawiki.
This *may* be a replacement (upon suitable testing) for http-wordpress-brute and
http-joomla-brute.
1. When the hostname script-arg was used, the script would try to
*connect* to that host instead of the target. Now the argument is used
*only* for the Host: header.
2. The http options table is reused for each request, significantly
reducing the load on the garbage collector over many requests.
3. Do not use both creds.Credentials:new() and creds.Account:new(),
since this results in double-reporting found credentials.
