PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-08 13:41:29 +00:00
Code Issues Projects Releases Wiki Activity
3,615 Commits 2 Branches 0 Tags
69000c63f070e7eea5b708b5c2a2da36e3bf901b
Commit Graph

87 Commits

Author SHA1 Message Date
david
671167227f Add the oracle-sid-brute script from Patrik Karlsson. 2009-12-28 17:35:46 +00:00
david
ae1d8e23ea Move citrix-enum-apps.nse out of the intrusive category and into safe. 2009-12-14 16:28:29 +00:00
david
f2ae05968b Add the scripts 
citrix-brute-xml
  citrix-enum-apps
  citrix-enum-apps-xml
  citrix-enum-servers
  citrix-enum-servers-xml
and the citrixxml modules, all by Patrik Karlsson.
 2009-12-14 07:30:38 +00:00
david
6a57dd876a Add the ntp-info script from Richard Sammet. This version is modified 
from the one he submitted in the thread at
http://seclists.org/nmap-dev/2009/q4/550. It doesn't yet include the
time retrieval he posted in a later message.
 2009-12-12 22:42:39 +00:00
david
971a11f3fe Add the nfs-showmount script by Patrik Karlsson. 2009-11-26 16:52:30 +00:00
ron
08da8db7f0 Importing changes from my branch. There are two major updates: 
1) I wrote a function that formats output from scripts in a consistent way. Although we haven't really come to a concensus on how it should look yet, it's easy to change when we do. 
2) New script: smb-enum-groups.nse. Enumerate the local groups on a system and their membership.
 2009-11-20 16:05:06 +00:00
fyodor
f8f550fd47 Updates for the generated files 2009-11-17 20:05:07 +00:00
tomsellers
1f9a3e2fba Updating script.db, this was neglected during the db2-info.nse 
commit.  [Tom]
 2009-11-17 01:35:33 +00:00
ron
7d67b08e66 Merged in my changes from nmap-smb. The primary changes are: 
* Updated the way authentication works on smb -- it's significantly cleaner now
* smb-enum-shares.nse gives significantly better output now (it checks if shares are writable)
* Added a script that checks if smbv2 is enabled on a server
* Added smb-psexec, a script for executing commands on a remote Windows server. I also included some default scripts, a compiled .exe to run everything, and a ton of documentation (in the form of NSEDoc)
* Added 'override' parameters to some of the functions in smb.lua, which lets the programmer override any field in an outgoing SMB packet without modifying smb.lua. 
* Lots of random code cleanups in the smb-* scripts/libraries
 2009-11-08 21:31:06 +00:00
fyodor
8cfe264522 regenerate script.db after the updates to the safe/intrusive categories 2009-10-01 19:08:33 +00:00
ron
86e7a63bf6 Added a script called http-malware-host.nse. Its future intention is to discover hosts that are serving malware (for example, that are compromised and have malicious code inserted). At the moment, it checks for one specific attack discussed here: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/ 2009-09-16 14:15:13 +00:00
ron
32d9c9fe98 Added a check for a SMBv2 vulnerability (CVE-2009-3103) to smb-check-vulns. Due to its nature (it performs a DoS, then checks if the system is still online), the script isn't run by default and requires a special script-arg to work. 2009-09-14 15:23:06 +00:00
ron
9465a839c1 Added dhcp-discover script 2009-09-10 03:26:53 +00:00
joao
9789a1c6a4 Adding http-favicon script. Also adding the script database with the 50 very common favicons. 
Updated script.db
 2009-08-28 22:22:14 +00:00
ron
5da8f8199e Added http-headers.nse script to database 2009-08-26 00:23:26 +00:00
fyodor
cc0081340a update script.db now that apache-userdir-enum has been renamed to http-userdir-enum 2009-08-22 22:31:40 +00:00
david
3cc4ec9939 Add the ssl-cert.nse script, which retrieves the server SSL certificate. 2009-08-13 23:38:05 +00:00
jah
0847535287 Apologies, the previous commit changed all the line-endings. Changing them back. 2009-08-11 01:40:37 +00:00
jah
4c3c2b770e Include apache-userdir-enum.nse 2009-08-11 01:33:20 +00:00
joao
bcce197537 Fixed http-enum.nse categories 2009-08-10 11:17:28 +00:00
david
9e244b05af Put x11-access in the "auth" category. 2009-08-08 20:06:38 +00:00
david
2f54cb191f Add the x11-access.nse script by vladz. See 
http://seclists.org/nmap-dev/2009/q3/0479.html.
 2009-08-08 19:49:05 +00:00
fyodor
185aa2d402 Bump up SVN version number to 5.05BETA1 to reduce confusion, also regen scripts.db 2009-07-22 00:38:58 +00:00
fyodor
4e9d7c17a5 update Nmap version number to 4.90RC1, rebuild generated files, except for man pages which are problematic at the moment 2009-07-08 22:32:49 +00:00
joao
f39e109b64 Adding script for performing open socks proxy server discovery. 
Script was also included to script.db file.
 2009-06-12 23:23:54 +00:00
bmenrigh
7c63ab6bcd Adding the imap-capabilities script and supporting imap library. 
The imap-capabilities script is mostly feature-complete but I could
see adding some analysis code to warn users of non-SSL'd IMAP servers
that offer STARTTLS without NOLOGIN.

The imap "library" is really a joke.  It does the minimum required to
support getting capabilities and nothing more.  IMAP requires each
command to use a unique identifier like 000, 001, 002, etc.  Right now
the identifier is hardcoded to a001.  To make a real imap library that
supports logging in, and other IMAP features a state variable will
have to be maintained to change the command uid.  It would be nice to
see the library get updated so that IMAP brute-forcing could be
supported.
 2009-06-08 23:21:56 +00:00
fyodor
51981c07b1 Regenerated data files with 4.85BETA10 version number; that release is probably still 2-3 days away though, but I'm testing new build rules 2009-06-07 04:26:47 +00:00
fyodor
4599d9f4f5 rename http-webdav-unicode-bypass.nse to http-iis-webdav-vuln.nse and update script.db 2009-05-20 00:43:30 +00:00
batrick
79eaf3edc3 Updated script database to the new format required by NSE --script 
boolean operators.
 2009-04-30 05:56:00 +00:00
david
1b2e726629 Sort script.db, remove erroneous smb-check-vulns-2.nse entry. 2009-04-24 18:45:00 +00:00
ron
bc55de0c6e Adding new check for Conficker.C and up, using the peer-to-peer ports. 2009-04-21 18:30:40 +00:00
ron
45744eddc3 Merge in changes from my private branch, primarily smb-brute.nse and smb-pwdump.nse, among other smaller changes. 2009-03-05 02:03:29 +00:00
david
a5b73cf906 Rename the xampp-default-auth script to ftp-brute. Incorporate some code 
improvements in the script from Vlatko Kosturjak. Remove the nobody/e0e0e0e0
test credentials because I can't find a web source to substantiate them.
 2009-01-26 06:02:45 +00:00
ron
773000b65a Merging changes from my experimental branch; the new versions of this scripts, which have significant changes to their core functionality, managed to hold their own against Brandon's network. More testing would be very helpful, though, especially with credentials (most of Brandon's scans were anonymous). 2008-12-24 00:53:01 +00:00
david
c3ee93f056 Sort script.db entries by file name to make diffs comprehensible. Their 
previous unsorted state was due to their coming straight out of opendir.
 2008-11-15 00:58:36 +00:00
david
0d7243ad5a Add banner.nse to script.db. 2008-11-15 00:55:59 +00:00
david
dd586b90bd Remove smb-check-vulns.nse from the vuln category, leaving it in intrusive. 2008-11-11 00:48:48 +00:00
david
03c9145785 Take smb-check-vulns.nse out of discovery and put it in vuln. 2008-11-11 00:35:41 +00:00
ron
8e89a0e217 updated scriptdb/CHANGELOG, renamed smb-checkvulns.nse to nse-check-vulns.nse for consistency with the new naming standard 2008-11-10 19:06:50 +00:00
david
6fbc8868a9 Rename scripts (almost all of them) to make their names more consistent and 
make them look better in output. The full list of changes is
  anonFTP => ftp-anon
  ASN => asn-query
  brutePOP3 => pop3-brute
  bruteTelnet => telnet-brute
  daytimeTest => daytime
  dns-safe-recursion-port => dns-random-srcport
  dns-safe-recursion-txid => dns-random-txid
  dns-test-open-recursion => dns-recursion
  ftpbounce => ftp-bounce
  HTTPAuth => http-auth
  HTTP_open_proxy => http-open-proxy
  HTTPpasswd => http-passwd
  HTTPtrace => http-trace
  iax2Detect => iax2-version
  ircServerInfo => irc-info
  ircZombieTest => irc-zombie
  MSSQLm => ms-sql-info
  MySQLinfo => mysql-info
  popcapa => pop3-capabilities
  PPTPversion => pptp-version
  promiscuous => sniffer-detect
  RealVNC_auth_bypass => realvnc-auth-bypass
  robots => robots.txt
  showHTMLTitle => html-title
  showOwner => identd-owners
  skype_v2-version => skypev2-version
  smb-enumdomains => smb-enum-domains
  smb-enumsessions => smb-enum-sessions
  smb-enumshares => smb-enum-shares
  smb-enumusers => smb-enum-users
  smb-serverstats => smb-server-stats
  smb-systeminfo => smb-system-info
  SMTPcommands => smtp-commands
  SMTP_openrelay_test => smtp-open-relay
  SNMPcommunitybrute => snmp-brute
  SNMPsysdescr => snmp-sysdescr
  SQLInject => sql-injection
  SSH-hostkey => ssh-hostkey
  SSHv1-support => sshv1
  SSLv2-support => sslv2
  strangeSMTPport => smtp-strangeport
  UPnP-info => upnp-info
  xamppDefaultPass => xampp-default-auth
  zoneTrans => zone-transfer
 2008-11-06 02:52:59 +00:00
fyodor
ddf146cb30 o Removed ripeQuery.nse because we now have the much more robust 
whois.nse which handles all the major registries. [Fyodor]
 2008-11-06 01:09:05 +00:00
fyodor
c22c9ca885 o Removed showSSHVersion.nse. Its only real claim to fame was the 
ability to trick some SSH servers (including at least OpenSSH
  4.3p2-9etch3) into not logging the connection.  This trick doesn't
  seem to work with newer versions of OpenSSH, as my
  openssh-server-4.7p1-4.fc8 does log the connection. Without the
  stealth advantage, the script has no real benefit over version
  detection or the upcoming banner grabbing script. [Fyodor]
 2008-11-04 05:04:12 +00:00
david
78cc76e9f8 Update script.db. 2008-11-03 20:01:11 +00:00
david
15d0add1fe Remove RealVNC_auth_bypass.nse from the "malware" category. It doesn't have to 
do with any malware, just a security vulnerability. It remains in "default" and
"vuln". I think it was in "malware" because it used to be in the old "backdoor"
category.
 2008-10-24 22:04:30 +00:00
fyodor
f6fb4d971c o Removed some unecessary "demo" category NSE scripts: echoTest, 
chargenTest, showHTTPVersion, and showSMTPVersion.nse.  Moved
  daytimeTest from the "demo" category to "discovery".  Removed
  showHTMLTitle from the "demo" category, but it remains in the
  "default" and "safe" categories. This leaves just showSSHVersion and
  SMTP_openrelay in the undocumented "demo" category. [Fyodor]
 2008-10-20 22:54:43 +00:00
fyodor
7ead36a64e remove demo category from showHTMLTitle 2008-10-20 21:47:24 +00:00
david
2f1898fe49 Whoops, SSH-weak_key.nse isn't a merged script. I just had an unversioned copy in my scripts directory. Remove it from script.db. 2008-10-09 00:45:42 +00:00
david
cb00282519 --update-scriptdb to add SSH-hostkey.nse and SSH-weak_key.nse. 2008-10-08 23:10:33 +00:00
david
ae7455279e Add a new msrpc.lua module, plus new scripts smb-enumdomains.nse, 
smb-enumshares.nse, and smb-enumusers.nse. Also enhance the netbios.lua and
smb.lua modules. Remove the smb-enum.nse script. All these changes are from Ron
Bowes.
 2008-10-04 21:58:39 +00:00
david
f054d25d1f Adjust the categories of the new SMB scripts. Also fix a couple of 
documentation typos.

smb-os-discovery.nse
-categories = {"version","default"}
+categories = {"default", "discovery", "safe"}
 
smb-enum.nse
-categories = {"version","intrusive"}
+categories = {"discovery", "intrusive"}
 
smb-security-mode.nse
-categories = {"version"}
+categories = {"discovery", "safe"}
 2008-09-15 18:10:00 +00:00