PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-02-12 08:26:33 +00:00
Code Issues Projects Releases Wiki Activity
9,588 Commits 2 Branches 0 Tags
6cfde8a6d35cfdfb9ffb02ac9cd3ec48969d2145
Commit Graph

1281 Commits

Author SHA1 Message Date
dmiller
498f0c3371 fix some string-building in dns.lua 2015-02-10 05:58:46 +00:00
paulino
617be2ea28 Renames the original http-wordpress-enum to http-wordpress-users and adds the new version of http-wordpress-enum which detects plugins and themes of Wordpress installations 2015-02-09 07:14:55 +00:00
paulino
f160b590aa Adds a popular FrontPage extension file to http-enum 2015-02-08 19:15:11 +00:00
dmiller
bf58512bec Move service fingerprint unwrapping code from scripts to lpeg-utility 2015-02-05 04:17:54 +00:00
dmiller
e985053c6d Add check for Cisco ASA version disclosure, CVE-2014-3398 2015-02-02 18:25:53 +00:00
dmiller
d1e429f42b Don't crash when an NSE library (e.g. sasl) calls stdnse.debug during require 2015-01-01 21:09:03 +00:00
paulino
f819655677 Adds fingerprint to detect the administration console of Oracle WebLogic Servers 2014-12-19 00:21:15 +00:00
dmiller
711f6d97c9 New script, snmp-info for querying snmpv3 services 2014-12-18 00:22:48 +00:00
dmiller
d9cf8adf04 New ipOps.str_to_ip function 2014-12-18 00:22:46 +00:00
dmiller
5aca2bd4f1 Correct some NSEdoc regarding datafiles.parse_file return values 2014-12-18 00:22:44 +00:00
dmiller
31ba95b918 Don't override port.protocol in comm.lua; socket.connect already defaults to tcp 2014-12-18 00:22:41 +00:00
tomsellers
845616623d Add support to 'citrix-enum-apps-xml' for reporting if published applications in the list are enforcing/requiring the level of ICA/session data encryption shown in the script result. This information was already in the XML provided by the server, this change just adds parsing for it. 2014-12-17 11:56:52 +00:00
dmiller
9fb374c743 Make ssh1 and ssh2 fetch_host_key return the same structure 
This was indirectly causing the crash reported here:
http://seclists.org/nmap-dev/2014/q4/332

ssh1.fetch_host_key now returns a table with the full_key value
containing a key as it would be output by ssh-keygen. The previous value
named full_key is now named "key".
 2014-12-17 03:32:11 +00:00
dmiller
c3579c8b76 Another Raul Fuentes script: targets-ipv6-wordlist 2014-12-03 16:20:22 +00:00
dmiller
b1c8c3f224 Handle the case of half-byte hex string in ipOps.hex_to_bin 2014-12-03 04:15:09 +00:00
dmiller
08709b41dc Replace ipOps.hex_to_bin with a simpler implementation. 2014-12-03 04:15:08 +00:00
dmiller
e50e802c4b Remove incomplete certificate_request parser in tls.record_read 2014-12-02 18:36:17 +00:00
dmiller
ea31702b2d Updated tftp-enum file list 
New filenames credit Chris McNab.

Also converted some into templates that can be filled with the target's
MAC address when known.
 2014-11-29 03:50:08 +00:00
dmiller
140846aca1 Remove a leftover debug from stdnse.format_time 2014-11-18 03:53:24 +00:00
fyodor
e806585cdd o [NSE] Updated our Wordpress plugin list to improve the 
http-wordpress-plugins NSE script. We can now detect 34,077 plugins,
  up from 18,570. [Danila Poyarkov]
 2014-11-10 05:37:39 +00:00
dmiller
8f414cfc3a Correct conversion of DH key size to RSA bit strength equivalent 2014-11-07 21:41:38 +00:00
dmiller
8101fa65e0 Remove ssl-ciphers data file 2014-11-07 18:05:10 +00:00
dmiller
222b2a009d Use internal cipher/handshake scoring system instead of static datafile 2014-11-07 16:39:26 +00:00
dmiller
f365b81c23 Add server certificate message parsing to tls.lua 2014-11-05 05:55:54 +00:00
dmiller
2871ba3e6c New function, sslcert.parse_ssl_certificate 
For reasons, the function is exported from nse_ssl_cert.cc into
nmap.socket, then included and documented in sslcert.lua because it fits
better there.
 2014-11-05 05:55:52 +00:00
dmiller
040b813986 tls.lua: get info about a cipher suite by parsing its name 2014-11-03 21:29:31 +00:00
sophron
52589ae6d1 [NSE] Added sanity check in data/http-devframework-fingerprints.lua 2014-11-02 11:49:56 +00:00
tomsellers
ea749d785b Fixed a bug in the sslcert.lua library that was triggered against certain services when version detection was used. 
http://seclists.org/nmap-dev/2014/q4/110
 2014-10-25 18:38:17 +00:00
dmiller
9cb2800c97 Revert r33755 (broken fix) 2014-10-25 12:18:15 +00:00
dmiller
553e827110 sslcert: if -sV detects ssl, then no STARTTLS is needed 2014-10-25 12:09:55 +00:00
dmiller
e9354a4793 Add TLS_FALLBACK_SCSV checking to ssl-poodle 2014-10-22 17:01:19 +00:00
paulino
4ea5456251 Patch to vulns.Report:make_output() now uses stdnse.output_table() to return output. 
Over 40 scripts using the library 'vulns' now support XML structured output.
 2014-10-19 20:53:04 +00:00
paulino
97c56e3e57 Adds fingerprints for ASUS RT-N10U and motorola RF switch 2014-10-18 04:09:05 +00:00
dmiller
5952b9745b Move url-encoding to url.build_query 
patch from nnposter: http://seclists.org/nmap-dev/2014/q3/427
 2014-10-15 18:12:58 +00:00
dmiller
58f1b845d6 Let lpeg-utility.escaped_quote only remove escaped escapes and quotes 2014-10-01 17:56:19 +00:00
dmiller
f9abb3108c Streamline starttls functions for smtp, pop3, and imap 2014-09-24 20:31:47 +00:00
dmiller
3e2ac00e55 Leverage ftp and comm libs in sslcert.lua 
This should result in faster (comm.lua's timeouts) and more reliable
(ftp.lua's response processing) STARTTLS for FTP
 2014-09-24 20:31:45 +00:00
dmiller
278450ce94 Fix a script crash when comm.opencon was called without opts 2014-09-24 20:31:44 +00:00
dmiller
99cc5102c3 Correct a typo: tables don't work like strings 2014-09-23 13:41:58 +00:00
dmiller
e42409be93 XML structured output for brute.lua and creds.lua 
The @xmloutput section documentation is not done, and I'm not sure how
to best do it, since it will be the same for all brute.lua scripts. This
is how it looks:

metasploit-msgrpc-brute:
<table key="Accounts">
  <table>
    <elem key="username">root</elem>
    <elem key="state">Valid credentials</elem>
    <elem key="password">root</elem>
  </table>
</table>
<elem key="Statistics">Performed 3 guesses in 4 seconds, average tps: 0</elem>

creds-summary:
<table key="127.0.0.1">
  <table key="9929/nping-echo">
    <table>
      <elem key="password">123456</elem>
      <elem key="state">Valid credentials</elem>
    </table>
  </table>
  <table key="55553/unknown">
    <table>
      <elem key="username">root</elem>
      <elem key="state">Valid credentials</elem>
      <elem key="password">root</elem>
    </table>
  </table>
</table>
 2014-09-23 05:23:19 +00:00
dmiller
aaf7838b10 Improve error handling in comm.opencon and tryssl 2014-09-23 05:23:17 +00:00
dmiller
b8d2327c5e Correct some field typos in creds.Account 2014-09-23 05:23:16 +00:00
dmiller
f37ac44380 Move brute.Account to creds.Account 
In addition to fitting better (brute library is the verb, creds library
is the noun), this will allow creds.lua to use creds.Account internally
where necessary (see subsequent commits)

Also change old references to string argument "OPEN" into
creds.State.VALID.
 2014-09-23 05:23:13 +00:00
dmiller
379759d539 Avoid __pairs metamethod in stdnse.keys 
This allows stdnse.keys to be used in a __pairs metamethod to, for
instance, yield keys in sorted order. Using next() bypasses the __pairs
metamethod that would be called when pairs() was used. Otherwise,
infinite recursion was possible.
 2014-09-23 05:23:06 +00:00
dmiller
a101e58a4c Abstract case-insensititive html tag searching 2014-09-20 14:49:57 +00:00
dmiller
ed9ecc54ea Improve html form parsing, patch from nnposter 
http://seclists.org/nmap-dev/2014/q3/418
 2014-09-20 14:49:55 +00:00
dmiller
791566faf0 Let imap and pop3 use shorter connect timeouts 2014-09-19 03:10:10 +00:00
dmiller
45ff211483 Refactor smtp.connect to use comm.opencon 2014-09-19 03:10:09 +00:00
dmiller
004851bb06 Reindent comm.lua (whitespace-only) 2014-09-19 03:10:07 +00:00
dmiller
77a1c5c79c Some comm.lua internal changes 
1. export the comm.opencon function. Does all the connect/request
timeout, recv_before, and first data payload stuff that tryssl does, but
without trying SSL. Ought to save some boilerplate in some scripts

2. Make opencon use setup_connect instead of duplicating code.

3. Move a debug message about tryssl to tryssl from opencon

4. Transparently handle UDP in tryssl, in case someone does that. Debug
message about DTLS not being supported is printed, but otherwise just
connects with opencon. Previously, doing this would result in a
connection to the TCP version of the port, even if you passed in a port
table with port.protocol=="udp".
 2014-09-19 03:10:06 +00:00