This should speed up crawling certain sites. In the case of http-email-harvest it should reduce some of the false positives generated by running the RegEx against binary data. The only script that this appears likely to have affected the results of would have been http-sitemap-generator and that script specifically disables the blacklist.
Updated the type table to include the latest from
http://www.bind9.net/dns-parameters (18 June 2012). Fixed a bug in WKS
parser. Added parsers for NSAP, NSAP-PTR, PX, GPOS, ATMA, KX, A6, DNAME,
SINK (partial), SSHFP, and SPF.
http://seclists.org/nmap-dev/2012/q3/56. r29134 already addressed the issue but
was incomplete.
This replaces r29134 with an engine-agnostic approach, and additionally enforces
the reset of IOD flags before use or re-use.
New types: MD, MF, MB, MG, MR, WKS, HINFO, MINFO, RP, AFSDB, X25, ISDN,
RT, NAPTR. Several of these are obsolete/experimental. RP, AFSDB, and
NAPTR can be tested against zonetransfer.me. WKS (Well Known Services)
is very interesting, but little used, and not tested.
Some scripts that had been previously modified were updated so that the debug output was consistent.
A few scripts were calling identify_404 with host.ip as opposed to the proper host object. This has been adjusted as well.
./scripts/http-vhosts.nse:502: attempt to concatenate local 'domain' (a
nil value)
stack traceback:
./scripts/http-vhosts.nse:502: in function 'makeTargetName'
./scripts/http-vhosts.nse:542: in function
<./scripts/http-vhosts.nse:532>
(...tail calls...)
that were internally closed and replaced by other ones. This happened during
reconnect attempts.
--
When reconnecting with SSL_OP_NO_SSLv2 (nsock_core.c:472), the libary closes the
fd of the current IOD, and replaces it by a new one.
The man page for epoll_ctl states that a close() on a fd makes it removed from
any epoll set it was in. Therefore, if epoll_ctl(EPOLL_CTL_MOD, ...) returns
ENOENT, we retry with EPOLL_CTL_ADD.
- Always format function name without parens at the beginning of a message.
- Added a nsi_new notification message.
- Only trace the first call to nsi_delete() of a given IOD (i.e. don't log the
calls issued from the resulting callbacks).
Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d.
http-backup-finder.nse:107: attempt to index field 'path' (a nil value)
stack traceback:
Addressed this by setting nil .path values to '/'. Tested with sites with and without backup files. Verified that duplicate results were not returned.
Implemented a check to if the target is returning 200 to all requests.
Also implemented additional logic on line 84 to verify that the Server header value is not nil. This is just in case we run into another case where a response is 200 but the Server header does not exist.
Barracuda HTTP filter - adjustment to match more versions
GlobalScape CuteFTP sshd - additional match line
Cisco ASA WebVPN - additional match line
VMware View - additional match line
Bomgar Remote Access - new product detection
Sybase SQLAnywhere httpd - new product detection, version string
