PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
2,800 Commits 2 Branches 0 Tags
68bf664db6988af2b516d79fc2a28f4f6c6061e5
Commit Graph

370 Commits

Author SHA1 Message Date
fyodor
c5fcfefbea Further improvements to the output format. It now always prints the vuln table if an infection is found, but it no longer prints anything for clean machines unless verbosity is 2+ 2009-06-04 19:39:24 +00:00
ron
05a8b54511 Reduced the amount of output that p2p-conficker.nse gives unless verbosity 2 or higher is given. 2009-06-04 13:10:00 +00:00
batrick
3eba69f9f8 Removed packet.hextobin and packet.bintohex. Both are unnecessary 
with the struct (bin) library available:

function hextobin(str) return bin.pack("H", str) end
function bintohex(str) return bin.unpack("H", str) end

Also removed a commented copy that was in the sniffer-detect.nse script.
 2009-05-28 03:59:02 +00:00
fyodor
d971be11a8 Add links to some other sources of information on the vulnerability and this script 2009-05-22 19:59:07 +00:00
ron
bfd3c5b3df Fixed the 'usage' section -- thanks to Raul Siles for pointing out the mistake 2009-05-22 12:35:59 +00:00
ron
db4b1df6d1 Fixed a nil-reference bug in the WebDAV code 2009-05-21 19:49:53 +00:00
ron
4d38f8c8c5 Fixed a spelling mistake on print_debug ('pring_debug') 2009-05-21 14:35:23 +00:00
ron
9f21ec234c Applied a patch to WebDAV checks created by Andrew Orr: 
1) Checks if the root folder is protected and aborts if it is (we can't scan folders if the root folder is protected)
2) Checks if WebDAV is enabled on the server and aborts if it isn't. The check works on IIS 5, 5.1, and 6.0 (hasn't been tested on others)
3) Added support for finding the vulnerability on IIS 5.1 (Windows XP) -- 5.0 doesn't appear to be vulnerable in our tests
 2009-05-20 18:44:01 +00:00
fyodor
d3e623bf00 change the categories to vuln and intrusive 2009-05-20 00:51:54 +00:00
fyodor
4599d9f4f5 rename http-webdav-unicode-bypass.nse to http-iis-webdav-vuln.nse and update script.db 2009-05-20 00:43:30 +00:00
bmenrigh
f6eba7c5f1 Fixed Metasplit -> Metasploit typo 2009-05-20 00:05:37 +00:00
fyodor
60b4f7913c remove an apostrophe which was causing us nsedoc generation problems 2009-05-20 00:01:41 +00:00
ron
7382e29cb0 Updated documentation 2009-05-19 23:56:05 +00:00
ron
2d8862524d Gave credit to my friend (well, minion) who wrote the script with me 2009-05-19 23:27:31 +00:00
ron
51b9dd426b Added a check at the start for a password-protected root folder. Prevents checking if we can't get useful results. 2009-05-19 21:27:05 +00:00
ron
571145d92a Improved the script's ability to check subfolders by moving where the 'exploit' unicode characters (%c0%af) are to the beginning of the string. 2009-05-19 21:21:55 +00:00
ron
c213cc97b1 Added an initial WebDAV vulnerability-detection attempt for testing 2009-05-19 20:56:07 +00:00
jah
55ded906f2 Fix a problem, reported by David, which resulted in an error arising from an 
unexpected value for the "data" table after repeating queries at the same
service for the same IP (which should not ever happen).
 2009-05-01 23:35:44 +00:00
batrick
79eaf3edc3 Updated script database to the new format required by NSE --script 
boolean operators.
 2009-04-30 05:56:00 +00:00
david
22a77a865c Use host.ip, not just (undefined) ip in whois.nse exception error 
messages. Instead of handling an error nicely, it caused a format string
error of its own:
./nselib/stdnse.lua:61: bad argument #3 to 'format' (string expected, got nil)
It seems that a deadlock happens immediately after one of these errors
occurs. This change doesn't fix the deadlock but allows the underlying
error message to be printed.
 2009-04-29 23:33:44 +00:00
david
1b2e726629 Sort script.db, remove erroneous smb-check-vulns-2.nse entry. 2009-04-24 18:45:00 +00:00
ron
3882988f7a Removed some debug code 2009-04-21 19:41:02 +00:00
ron
3b11c8696f Fixed a small bug that caused 'checkall' to not actually check all 2009-04-21 19:40:08 +00:00
ron
7793572bc2 Updated the @usage yet again 2009-04-21 19:25:49 +00:00
ron
73b43aed51 Updated 'usage' section again 2009-04-21 19:22:46 +00:00
ron
0df410fb14 Updated the 'usage' section 2009-04-21 19:12:06 +00:00
ron
bc55de0c6e Adding new check for Conficker.C and up, using the peer-to-peer ports. 2009-04-21 18:30:40 +00:00
ron
1fbc9e62cf defaulted to basic login for smb-check-vulns (the test infected box I found doens't like extended logins, not sure whether it's because of Conficker or if it was random chance 2009-04-17 01:13:57 +00:00
ron
dd9f063b1f Updated Conficker.D-detection code 2009-04-17 01:09:29 +00:00
ron
14f2c0c6db Added experimental checks for Conficker.D/E 2009-04-17 00:34:13 +00:00
batrick
918a3955d5 Fixed banner.nse to remove surrounding whitespace in the banner. 
For example, this removed SSH greetings final two characters: carriage return
and newline.
 2009-04-06 16:00:18 +00:00
ron
80b53d8ffa Fixed a comment -- said 'windows 2003' where it should have been 'windows 2000' 2009-04-03 13:29:04 +00:00
david
7e2b32e6ed Fix an error with smb-check-vulns.nse Conficker error help. I was catching the 
error at the wrong level, so not all possible errors were being run through the
help table. Specifically, errors returned msrpc.start_smb and msrpc.bind, which
included at least NT_STATUS_OBJECT_NAME_NOT_FOUND, didn't get the explanatory
text. I made a mistake in testing the error reporting the first time around.
 2009-04-02 17:26:04 +00:00
david
09762c4d85 Add helpful text for the two most common errors seen in the Conficker 
check in smb-check-vulns.nse: NT_STATUS_OBJECT_NAME_NOT_FOUND and
NT_STATUS_ACCESS_DENIED. Ron and I found the best explanations for these
that we could. There is another error, NT_STATUS_NOT_SUPPORTED, which is
less common than these but has been observed. We still don't have a clue
as to the cause of that one.
 2009-04-02 02:27:47 +00:00
ron
dde55ed602 Added a change to eliminate possible false negatives 2009-04-01 12:23:21 +00:00
ron
f157387be1 Changed message when checks are disabled (it seemed to be confusing people) 2009-04-01 03:31:13 +00:00
ron
cf73d9eb03 Fixed a bug where every host showed up as 'infected'.. oops\! 2009-03-31 15:18:03 +00:00
ron
70275c69c3 Fixed a small output bug in smb-check-vulns where it would print 'PATCHED' if an error occurred (in addition to the error message) 2009-03-31 15:04:10 +00:00
ron
f4575514af Updated Conficker detection: change some constants, better error checking for MS08-067 patch (tell the user if the system has a jury-rigged patch instead of a cryptic error) 2009-03-31 14:14:24 +00:00
kris
97028d6a6f wrap a couple of long doc lines 2009-03-30 20:35:38 +00:00
kris
f6f61ecf83 typos in docs/comments: if->is and alse->false 2009-03-30 20:25:45 +00:00
ron
9948b1d7f4 Print Connficker error messages always 2009-03-30 19:16:55 +00:00
ron
67a6886318 Changed spelling of 'Connficker' to 'Conficker' 2009-03-30 15:24:36 +00:00
ron
9060d2fadd Modified smb-check-vulns.nse to check for Connficker infections. Got permission from authors of simple connficker scanner (scs.zip) to post this 2009-03-30 14:46:58 +00:00
jah
de922ab69c Now works for udp again. The port table has a "protocol" field, not "proto". 2009-03-13 03:41:28 +00:00
ron
80591c9cc6 Cleaned up output of smb-server-stats.nse 2009-03-12 14:56:23 +00:00
ron
bb30932c0d Wrapped a long line 2009-03-11 14:13:17 +00:00
ron
45744eddc3 Merge in changes from my private branch, primarily smb-brute.nse and smb-pwdump.nse, among other smaller changes. 2009-03-05 02:03:29 +00:00
david
62aa04c11a In dns-zone-transfer.nse, return "<parse error>" in case domain decoding fails. 
otherwise there is an assertion failure trying to insert a nil into an output
table in tab.lua. Increase the maximum number of message compression pointers
we will follow in dns.lua from 3 to 10, because Brandon found a server that
used 4..
 2009-02-27 20:16:29 +00:00
david
dde083e900 Fix the formatting of the uptime in snmp-ssydescr.nse so it looks like 
"0:03:02.72 (18272 timeticks)", not "0:3:2.72 (18272 timeticks)" (note padding
zeroes).
 2009-02-12 04:23:41 +00:00