PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity
4,399 Commits 2 Branches 0 Tags
68fd970ec1a49c96f9c93b16744f64b51ee59990
Commit Graph

673 Commits

Author SHA1 Message Date
fyodor
1bfe2201ca Expand the description to note that this script can now look at html link rel elements and also to clarify better what this script does 2009-11-20 04:46:58 +00:00
fyodor
f8f550fd47 Updates for the generated files 2009-11-17 20:05:07 +00:00
tomsellers
1f9a3e2fba Updating script.db, this was neglected during the db2-info.nse 
commit.  [Tom]
 2009-11-17 01:35:33 +00:00
tomsellers
b5444fa390 Add a new script, db2-info.nse, that enhances DB2 database instance detection. 
The script provides detection when version probes fail, but will default to 
the value provided the version probes if that value is more precise. The 
script also detects the server platform and database instance name. 
[Tom]
 2009-11-12 11:44:02 +00:00
ron
7d67b08e66 Merged in my changes from nmap-smb. The primary changes are: 
* Updated the way authentication works on smb -- it's significantly cleaner now
* smb-enum-shares.nse gives significantly better output now (it checks if shares are writable)
* Added a script that checks if smbv2 is enabled on a server
* Added smb-psexec, a script for executing commands on a remote Windows server. I also included some default scripts, a compiled .exe to run everything, and a ton of documentation (in the form of NSEDoc)
* Added 'override' parameters to some of the functions in smb.lua, which lets the programmer override any field in an outgoing SMB packet without modifying smb.lua. 
* Lots of random code cleanups in the smb-* scripts/libraries
 2009-11-08 21:31:06 +00:00
ron
b733248462 Updated telnet-brute.nse to use unpwdb instead of a hardcoded list of accounts 2009-11-05 14:50:54 +00:00
tomsellers
c5d1fe5590 Minor change to ssl-cert.nse to bring display of certificate 
fingerprints (MD5/SHA) in line with documentation which indicates
that they are not displayed unless verbose output is requested.
 2009-10-13 03:01:51 +00:00
tomsellers
3b4fa34257 [NSE] Modified NSE script ssl-cert.nse to support TLS negotiation 
against SMTP ports that support it. Depends on Patrick's addition the
  of the reconnect_ssl method.  [Tom Sellers, David]
 2009-10-13 01:19:33 +00:00
david
cca80f0304 Fix a typo in smtp-open-relay.nse. 2009-10-11 21:10:27 +00:00
batrick
b356ce2580 Added smb-check-vulns.nse to the vuln category. 2009-10-06 12:04:35 +00:00
fyodor
8cfe264522 regenerate script.db after the updates to the safe/intrusive categories 2009-10-01 19:08:33 +00:00
fyodor
fea1ab7c39 Moved a bunch of scripts to the "safe" category, and some others to "intrusive" after 
discussion on nmap-dev about how best to handle these.  I also updated the docs and
am about to regenerate script.db.  See this thread for more info:
http://seclists.org/nmap-dev/2009/q3/1008.html
 2009-10-01 19:07:16 +00:00
ron
390ce42616 Removed the default limit of usernames/passwords, and updated the comments accordingly. Users can still limit by passing script-args. 2009-09-19 05:42:07 +00:00
ron
88d5050fd1 Totally overhaulted the ftp-brute.nse script. I opened this script to see about certain changes, and discovered that it was only actually checking a single account (xampp/default). So I hooked it into unpwdb, but discovered that, at least against my test server, it was _extremely_ slow. For that reason, I limited it to the first 10 usernames/passwords for now. 2009-09-18 19:48:45 +00:00
ron
86e7a63bf6 Added a script called http-malware-host.nse. Its future intention is to discover hosts that are serving malware (for example, that are compromised and have malicious code inserted). At the moment, it checks for one specific attack discussed here: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/ 2009-09-16 14:15:13 +00:00
ron
32d9c9fe98 Added a check for a SMBv2 vulnerability (CVE-2009-3103) to smb-check-vulns. Due to its nature (it performs a DoS, then checks if the system is still online), the script isn't run by default and requires a special script-arg to work. 2009-09-14 15:23:06 +00:00
david
0a479a45fa Fix a typo in dhcp-discover.nse. 2009-09-10 14:18:02 +00:00
ron
9465a839c1 Added dhcp-discover script 2009-09-10 03:26:53 +00:00
bmenrigh
a0bf12e674 Fixed a typo where quad-A records (AAAA) were listed as AAAAA. Thanks 
to Jeron Massar for the report.
 2009-09-08 22:32:45 +00:00
ron
f4458c1917 Added the ability (off by defaultk, since it generates 20x requests) for http-enum.nse to generate variants of each file. This would probably be more useful to use after running a spider script than here, but the code should be essentially the same. I'm hoping it'll be used somewhere more appropriate, eventually. 
Also added a couple fingerprints.
 2009-09-08 19:51:53 +00:00
david
da8903dad9 Remove some verbosity in the output of http-favicon.nse. There's no need 
to say "Found favicon from". Only print out the digest of an
unrecognized icon with some verbosity.
 2009-08-31 23:42:42 +00:00
david
1cdf49547c Have http-favicon.nse look for favicon-db in nselib/data like the other 
scripts look for their data files.
 2009-08-31 23:22:06 +00:00
david
e53657b4c8 Move favicon-db into nselib/scripts. 2009-08-31 23:21:26 +00:00
ron
46d95b5913 Added a 'path' argument to http-enum.nse. Also added the ability to give an array of fingerprints files or an array of paths to search 2009-08-29 15:34:09 +00:00
ron
5136ad0668 Fixed a NSEDoc comment on http-header.nse 2009-08-29 14:46:57 +00:00
joao
6375cf3759 Added argument related comments 2009-08-28 22:46:09 +00:00
joao
ec6be741b4 Added extra description to some invalid favicons 2009-08-28 22:40:03 +00:00
joao
5457ecf54e Fixing some indentation. 2009-08-28 22:26:56 +00:00
joao
9789a1c6a4 Adding http-favicon script. Also adding the script database with the 50 very common favicons. 
Updated script.db
 2009-08-28 22:22:14 +00:00
ron
37507349a3 Changed 'pairs' to 'ipairs' when looping through the header (thanks to Patrick for pointing this out) 2009-08-27 21:35:52 +00:00
ron
7da313e8ac Added the status code to the rawheaders as well (so it's displayed in http-headers.nse). Also updated the @output in the nsedoc. 2009-08-27 15:47:10 +00:00
ron
62dedb9dc1 Added a 'path' script-arg to http-headers.nse. Changed it to use 'HEAD' by default, and fail to using 'GET' the same way other scripts do (also added a 'useget' script-arg to turn it off). Also fixed some print_debugs in http.lua that were prefixed with 'http-enum.nse:'. 2009-08-27 15:39:17 +00:00
ron
fc2b575fba Added 'rawheader' when parsing http requests. It saves the header fields, in order, preserving the case. Change http-headers.nse to read this instead of the processed headers. 2009-08-27 15:24:09 +00:00
ron
5da8f8199e Added http-headers.nse script to database 2009-08-26 00:23:26 +00:00
ron
91518a5222 Added a script-arg to http-enum.nse allowing the user to give a custom fingerprint file. Also changed script to use straight nmap.fetchfile(filename) then to use nmap.fetchfile('nselib/data/' .. filename) to find the fingerprints file, which lets a user give his fingerprints file in the current folder. 
It might be better to give priority the other way, though, I'm not really sure.
 2009-08-25 23:55:05 +00:00
ron
c1d48010a1 Added caching for the HTTP fingerprint files. It mimics similar code from http-usedir-enum.nse, storing the fingerprints in the registry and checking if it exists before reading them. 2009-08-25 23:45:48 +00:00
ron
0ed14b10b1 Added a script designed to display HTTP headers. 2009-08-25 23:36:49 +00:00
ron
fbf2c3d6a7 Print the http status along with the result, if it isn't 200 OK. This was the original behaviour, but it got lost along the way. 2009-08-23 16:58:53 +00:00
ron
fbc8e180ca Converted http-userdir-enum.nse to use my http-enum.nse logic (from http.lua). Also moved the 'displayall' script-arg back into the script, not http.lua, because http-userdir-enum.nse actually wants to find non-200 pages (403 Access Denied, for instance). 2009-08-23 00:43:46 +00:00
ron
cf33de55f3 Moved the definition for the 'displayall' argument into http.lua. 2009-08-23 00:24:23 +00:00
ron
77e7738545 Moved the meat of the http-enum.nse code (the 404-detection, HEAD-detection, etc) into http.lua. It may be a better idea to use http-helper.lua or something similar, but for now http.lua works. I'm open to suggestiosn. 2009-08-23 00:22:20 +00:00
ron
4616e62760 Fix some tabs 2009-08-22 23:55:43 +00:00
ron
a546ebc84f Clean up a lot of the http-enum.nse code; add some comments; abstract the 'is this a 404?' logic into a function (so it can eventually used by other scripts 2009-08-22 23:54:27 +00:00
ron
c9a62acf31 A major overhaul of the http-enum.nse script: 
* Cleaned up and function-ized the code. Planning to move the functions to http.lua or similar to let other scripts (like http-userdir-enum.nse) use them. 
* Better support for different HTTP error codes
* Significantly improved detection of 404 pages to prevent false positives. Some of the techniques used:
  - Request a non-existent page and check the status code
    - If it's 200, try to remove anything that may change (times, URI, filenames, etc), md5 it if ssl is available, and store it. Request a second 404 page and do the same. If they don't match, abort. 
    - If it's any other error code, store it, and look for it in addition to 404 Not Found
  - Request the root folder, /
    - If it returns a 301 Move Permanently or 401 Authentication Required, abort
* Abstracted the fingerprints into files in the nselib/data directory:
  - http-fingerprints: common files/folders
  - yokoso-fingerprints: common applications (from the Yokoso project, by InGuardians -- used under the Nmap license with pemission from Kevin Johnson -- http://seclists.org/nmap-dev/2009/q3/0685.html)
* Added a script-arg that can display all output (except known 404s), instead of just 200 OK and 401 Authentication Required
* Added a lot of debugging messages
 2009-08-22 23:19:16 +00:00
fyodor
cc0081340a update script.db now that apache-userdir-enum has been renamed to http-userdir-enum 2009-08-22 22:31:40 +00:00
jah
e0572ea362 Renamed apache-userdir-enum.nse to http-userdir-enum.nse to better indicate its 
function which is to test http services - not only apache ones.
 2009-08-22 22:04:32 +00:00
jah
4830a3ea29 Removed the restriction in the portrule that would prevent this script from 
running against non-Apache (or non-Apache based) services.  Updated the comments
to reflect this change.
 2009-08-17 22:50:19 +00:00
david
537e938378 Fix a typo in smb-system-info.nse. 2009-08-17 20:31:26 +00:00
batrick
5e362ac43d Changed a global variable to a local to avoid an error from the strict 
module.
 2009-08-15 14:57:52 +00:00
david
3cc4ec9939 Add the ssl-cert.nse script, which retrieves the server SSL certificate. 2009-08-13 23:38:05 +00:00