PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 04:09:01 +00:00
Code Issues Projects Releases Wiki Activity
5,643 Commits 2 Branches 0 Tags
6d371adee896ff81c44bc5a77c63a69bf82aa63e
Commit Graph

1069 Commits

Author SHA1 Message Date
david
6d371adee8 Formatting. 2011-07-18 16:29:38 +00:00
david
a2314b2041 Add port 9050, tor-socks, to the portrule for socks-open-proxy.nse. 2011-07-18 16:29:37 +00:00
djalal
01f4cdd83e o [NSE] Small improvements on the smtp-vuln-cve2011-1764 script: 
- Check the port.version.product in the portrule to see if it matches
    the 'Exim smtpd'
  - If the script was not able to confirm the vulnerability but the Exim
    version is between 4.70 and 4.75, then report: "LIKELY VULNERABLE".
 2011-07-18 11:42:41 +00:00
djalal
2c7cad079b o [NSE] Added smtp-vuln-cve2011-1764 script, which checks the Exim DKIM 
Format String vulnerability (CVE-2011-1764).
 2011-07-18 10:21:01 +00:00
djalal
cc062e2e1e o [NSE] Remove the mac-geolocation script entries since the it was deleted. 
- Update the script.db file.
  - Add the script name to the 'OLD_SCRIPT_NAMES' variable in the Makefile.in file.
 2011-07-18 09:58:50 +00:00
djalal
30bd1681b0 o [NSE] Made the following scripts in the default category: 
giop-info.nse
  vnc-info.nse
  ncp-serverinfo.nse
  afp-serverinfo.nse
 2011-07-18 09:50:18 +00:00
gorjan
1f9479a161 Removing the mac-geolocation script which used the no longer available Google Geolocation API service 2011-07-17 17:26:59 +00:00
gorjan
d780448af7 Updating the script to use an API key supplied by the user throught the script-args. 2011-07-17 17:22:58 +00:00
gorjan
9b7d310355 Adding the broadcast-ping script. 2011-07-13 09:38:40 +00:00
gorjan
5f3b402cf7 Putting back the old snmp-brute untill I'm finished writing the new one 2011-07-12 23:25:57 +00:00
patrik
23d2e0d31f o [NSE] Applied patch from Chris Woodbury that adds the following additional 
information to the output of smb-os-discovery:
  + Forest name
  + FQDN
  + NetBIOS computer name
  + NetBIOS domain name
 2011-07-12 06:08:43 +00:00
djalal
dbe7a27698 o [NSE] Updated the categories of the following scripts: 
irc-unrealircd-backdoor.nse
  iscsi-info.nse
  wdb-version.nse
  ftp-proftpd-backdoor.nse
  ssl-cert.nse
  ftp-vsftpd-backdoor.nse
  afp-path-vuln.nse
  targets-sniffer.nse
  broadcast-ms-sql-discover.nse
 2011-07-11 22:03:17 +00:00
djalal
bd78274b20 o [NSE] Updated ftp-vsftpd-backdoor documentation since CVE-2011-2523 was just 
assigned to this backdoor.
  Added a final 'exit' command to terminate the remote '/bin/sh', however I don't
  think that this is necessary since the backdoor was very simple: it did not
  fork(), and closing the stdin of the '/bin/sh' will terminate it.
 2011-07-11 19:28:02 +00:00
djalal
c098d5e679 Simplify returned message when ProFTPD is not vulnerable. 2011-07-11 17:10:05 +00:00
djalal
36b535eba2 Removed an extra unused string.format argument :) 2011-07-11 15:33:52 +00:00
patrik
4de3601473 o [NSE] Added script db2-discover into the default category [Patrik Karlsson] 2011-07-10 08:04:52 +00:00
patrik
1feb1bd582 o [NSE] Split script db2-discover into two scripts, adding a new 
broadcast-db2-discover script. This script attempts to discover DB2
  database servers through broadcast requests. [Patrik Karlsson]
 2011-07-10 08:01:26 +00:00
paulino
1d150dd875 Fix to use stdnse.get_script_args() instead of getting the arguments from the registry. 2011-07-09 19:59:13 +00:00
henri
5de4bf5793 Don't add a blank line at the top of the report. Other scripts don't. 2011-07-09 16:39:12 +00:00
paulino
52b7dbac5e Updates script.db to include http-google-malware: 2011-07-08 23:45:49 +00:00
paulino
458504c1ab Adds http-google-malware: 
description = [[
http-google-malware checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service.

To do this the script queries the Google's Safe Browsing service and you need to have your own API key to access Google's Safe Browsing Lookup services. Sign up for yours at http://code.google.com/apis/safebrowsing/key_signup.html

* To learn more about Google's Safe Browsing:
http://code.google.com/apis/safebrowsing/

* To register and get your personal API key: 
http://code.google.com/apis/safebrowsing/key_signup.html
]]

---
-- @usage
-- nmap -p80 --script http-google-malware <host>
--
-- @output
-- PORT   STATE SERVICE
-- 80/tcp open  http
-- |_http-google-malware.nse: Host is known for distributing malware.
--
-- @args http-google-malware.url URL to check. Default: <code>http/https</code>://<code>host</code> 
-- @args http-google-malware.api API key for Google's Safe Browsing Lookup service
---
 2011-07-08 18:45:49 +00:00
paulino
7c75967507 Quits iterating over probes when a valid login for that application has been found. If we don't quit we get the same valid credentials in different paths. 2011-07-08 18:43:51 +00:00
gorjan
4ca48ea450 FIX: Added require 'creds' where it was missing; Mostly where creds.State.<some_state> was used. 2011-07-07 16:22:57 +00:00
fyodor
c2ff573967 In r23085 (part of the silent require change), the require for ssh2 was accidentally deleted and that broke the script. Restored. 2011-07-07 08:15:08 +00:00
gorjan
04b4baa747 Missing require('creds') 2011-07-06 21:58:16 +00:00
djalal
a3c15ce071 Force the ProFTPD banner check. 2011-07-06 15:12:03 +00:00
djalal
bc6155de59 o [NSE] Added a message to let the users know if the backdoor was already triggered. 2011-07-05 16:09:39 +00:00
djalal
e7d45910d9 o [NSE] Clean indentation and make some variables local. 2011-07-05 16:01:03 +00:00
djalal
21abe501ea o [NSE] Added a special function to check if the vsFTPd was backdoored. 
Added a first check to see if the backdoor was already triggered.
  Cleaned the script.
 2011-07-05 15:55:16 +00:00
djalal
7b0b7c3370 Added the ftp-vsftpd-backdoor entry to the script.db file. 2011-07-05 09:19:59 +00:00
henri
7e1e29ac4f Added ftp-vsftpd-backdoor, which detects a backdoor that was introduced 
into vsftpd-2.3.4 source code distributions. [Daniel Miller]
 2011-07-05 07:16:55 +00:00
paulino
89bf1d1661 Fixes bug when adding credentials using creds library. 2011-07-04 20:55:39 +00:00
patrik
d1fbee17df changed so that nping-brute uses silent_require rather than require for openssl 
[patrik]
 2011-07-02 18:02:54 +00:00
paulino
82a68e02db Adds http-default-accounts - It tests for access with default credentials in a variety of web applications and devices. 
It works similar to http-enum, we detect applications by matching known paths and launching a login routine using default credentials when found.
This script depends on a fingerprint file containing the target's information: name, category, location paths, default credentials and login routine.
 2011-07-01 21:43:34 +00:00
djalal
b4f865179b o [NSE] Added another missing check that will report that the server is not vulnerable. 2011-06-30 23:11:11 +00:00
djalal
1c3d400822 o [NSE] Added ftp-vuln-cve2010-4221 script which checks if the ProFTPD 
server is vulnerable to the Telnet IAC stack overflow CVE-2010-4221
  [Djalal].
 2011-06-30 22:21:25 +00:00
gorjan
789977d8df Adding a dependency for backorifice-brute to backorifice-info 2011-06-30 15:47:32 +00:00
gorjan
88b994a451 Small fix 2011-06-30 15:46:50 +00:00
fyodor
1c702ffad3 trivial nsedoc change 2011-06-30 09:11:57 +00:00
fyodor
8d8d16ec80 trivial nsedoc change 2011-06-30 08:59:30 +00:00
fyodor
e27ff18e56 trivial nsedoc change -- define NCP 2011-06-30 08:58:12 +00:00
fyodor
130e417be9 fix a small nsedoc typo noted by Henri Doreau 2011-06-29 09:05:03 +00:00
fyodor
9a2b80c34d Remove ip-geolocation-quova -- it include an API key which apparently required agreeing to the Quova terms of service to obtain (http://developer.quova.com/apps/tos). And those seem to pretty clearly ban this sort of use. So we can only use this script if we get permission from Quova (best option), or we make it so that user is required to pass a key as nsearg 2011-06-29 03:34:47 +00:00
fyodor
a683b6ae69 just added a word to the description 2011-06-29 01:36:34 +00:00
fyodor
511adcb497 Move the brief summary of both vulns into the summary sentence so people see them at a glance from the nsedoc script lists 2011-06-29 01:34:24 +00:00
fyodor
536e00ea42 Went through all the new (since 5.51) scripts and improved (I hope) the nsedoc descriptions a bit and made some other very minor cleanups 2011-06-29 01:29:14 +00:00
paulino
651197768b Adds http-barracuda-dir-traversal - 
Attempts to retrieve the configuration settings from the MySQL database 
dump on a Barracuda Networks Spam & Virus Firewall device using the 
directory traversal vulnerability in the "locale" parameter of 
"/cgi-mod/view_help.cgi" or "/cgi-bin/view_help.cgi".

The web administration interface runs on port 8000 by default.

Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval
Original exploit by ShadowHatesYou <Shadow@SquatThis.net>
For more information, see:
http://seclists.org/fulldisclosure/2010/Oct/119
http://www.exploit-db.com/exploits/15130/
 2011-06-28 23:43:34 +00:00
djalal
b9237eac33 If sending the big body message fails, then just assume that this is 
a network error, we are sending more than 50MB, but check and count
the result of the final "<CRLF>.<CRLF>" message.
 2011-06-27 22:24:13 +00:00
patrik
55da9dc683 added the creds-summary.nse script [Patrik] 2011-06-27 21:21:15 +00:00
paulino
f2bbb0f9e8 Adds to "vuln" category 2011-06-27 20:40:19 +00:00