o [NSE] Improved smtp-commands.nse to work against more mail servers,
made it take an smtp-commands.domain script argument, and rewrote it
in the style of other smtp scripts. [Jason DePriest]
qscan.delay
dns-fuzz.timelimit
mssql.timelimit
A side effect is that the default units for qscan.delay are seconds, not
milliseconds. 0 is now the magic value to disable the time limit in
dns-fuzz.
It has scoped args in the straight form of "ftp-bounce.<arg>" which is
apparently how this works now (at least what other scripts seem to use) instead
of using actual subtables like in http://seclists.org/nmap-dev/2008/q2/567
scripts are:
- ms-sql-brute.nse uses the unpwdb library to guess credentials for MSSQL
- ms-sql-config retrieves various configuration details from the server
- ms-sql-empty-password checks if the sa account has an empty password
- ms-sql-hasdbaccess lists database access per user
- ms-sql-query add support for running custom queries against the database
- ms-sql-tables lists databases, tables, columns and datatypes with optional
keyword filtering
- ms-sql-xp-cmdshell adds support for OS command execution to privileged
users
[Patrik]
dns-recursion.nse
snmp-brute.nse
daytime.nse
x11-access.nse
smb-enum-domains.nse
dns-random-txid.nse
p2p-conficker.nse
jdwp-version.nse
dns-random-srcport.nse
sshv1.nse
ms-sql-info.nse
Some of these just needed fixed NSEDoc syntax.
addresses, and other configuration information from an AFP server.
The script, and a patch to the afp library, were originally
contributed by Andrew Orr and were subsequently enhanced by Patrik
and David.
I added an @output section to the script and made it hex-encode a binary
string for the sever signature (previous versions of the afp patch did
the hex-encoding in the library, but I thought it was better to do it in
the script.)
authentication support. Updated the afp-showmount script and added two new
scripts:
- afp-brute attempts to guess passwords against the AFP service
- afp-path-vuln detects the AFP directory traversal vulnerability
CVE-2010-0533
[Patrik]
smtp-enum-users.method script argument was changed to
smtp-enum-users.methods and now takes an array. 252 and 550 error codes
are handled now. In verbose mode, the method used is included in the
output.
slower one-at-a-time enumeration method that has proved to be more
robust. Other changes:
- Fixes the "malformed packet" bug.
- Treats RSTs as rejections, not fatal errors.
- Adds some obsolete ciphers that were requested.
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
- SSL_RSA_FIPS_WITH_DES_CBC_SHA
- Adds some other cipher definitions.
- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
- TLS_DHE_DSS_WITH_RC4_128_SHA
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
- TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
- TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
gather round-trip times for each port. The script then uses these
times to group together ports with statistically equivalent RTTs.
Ports in different groups could be the result of things such as port
forwarding to hosts behind a NAT. This is based on work by Doug
Hoyte. [Kris]
nfs-showmount scripts to use the new library. The new scripts are:
- nfs-acls shows the owner and directory mode of NFS exports
- nfs-dirlist lists the contents of NFS exports
- nfs-statfs shows file system statistics for NFS exports
[Patrik]
