PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 04:09:01 +00:00
Code Issues Projects Releases Wiki Activity
7,104 Commits 2 Branches 0 Tags
6eb37db01bcd61333d02cc024d7f508ef8ef5e94
Commit Graph

1544 Commits

Author SHA1 Message Date
kroosec
d6015faec5 Added intensive mode and Naxsi fingerprints to http-waf-fingerprint. 2012-06-20 20:04:08 +00:00
david
360ba052e9 AUTH_UNIX support for rpc.lua. 
http://seclists.org/nmap-dev/2012/q2/54

This patch is from Daniel Miller. He writes:

I've just finished enhancing the nfs-ls, nfs-statfs, and nfs-showmount
scripts so that they can run based on version detection information,
for cases where the portmapper is firewalled. For nfs-ls and
nfs-statfs, this required making a hostrule to check that both a
mountd service and a nfs service were detected. In the process, I
ended up adding the AUTH_UNIX flavor to rpc.lua, since the RFC states
that AUTH_NULL can only be used for the NULL procedure (and my Linux
nfs-kernel-server was enforcing that).

Other minor changes:

* If running privileged, attempt to bind to a reserved port. Many NFS
servers refuse to talk to source ports >1024, as a "security measure"
* handle an odd case in nfs-ls where READDIRPLUS does not return file
attributes. Chose to use all ?'s, but in the future maybe a direct
GETATTR call?
* remove reference to nfs.dirlist argument from nfs-ls doc, since it is unused
 2012-06-20 02:12:58 +00:00
david
bc72a02afa Update http-title @output. 2012-06-19 01:55:15 +00:00
aca
7e47c6507d Added pcanywhere-brute script 2012-06-18 18:16:50 +00:00
aca
5c2db9d06f Few variables were not declared as locals. This fixes it. 2012-06-18 14:44:55 +00:00
kroosec
1bfc65312a Small @usage fix in sip-enum-users. 2012-06-17 22:56:30 +00:00
patrik
fefb5f8445 fixed parsing failure resulting in empty results due to additional whitespace 
issue in regex of http-robtex-shared-ns.nse.
 2012-06-17 18:10:34 +00:00
robert
33e9bf8d7b Updated the hash information in http-php-version to include PHP/5.4.4 and 5.3.14. 2012-06-16 21:41:46 +00:00
patrik
7d01a00cfc bug fix in db2-das-info for error in replacement string; 
invalid use of '%' in replacement string
 2012-06-16 19:58:45 +00:00
aca
8ad2c789b9 Added missing library requirements to dns-nsec3-enum 2012-06-15 23:37:29 +00:00
perdo
b10119bd9f Added http-rfi-spider script that spiders webservers in search of RFI vulnerabilities. 2012-06-15 22:37:33 +00:00
patrik
be0ebe8859 Fixed a bug that would make the smb-system-info script fail, due to a trailing 
zero terminator in the processor count, resulting in a failure to convert the
string to a number.
 2012-06-15 21:43:41 +00:00
patrik
bb359adaa1 Played a round of nse_check_globals and fixed a bunch of reported problems. 2012-06-15 19:32:36 +00:00
patrik
38b26d0ccc fixed a bug in the pop3-capabilities script that would fail parsing the 
response from some servers.
 2012-06-15 18:32:40 +00:00
patrik
a0a50e9f47 Commited a patch to dns-zone-transfer by Dan Miller with a slight change. 
Unhandled records are returned as hex strings, rather than being url escaped;
http://seclists.org/nmap-dev/2012/q2/558
 2012-06-15 14:58:32 +00:00
aca
14e9c1b66d Wrong @usage descriptions fix 2012-06-15 13:24:51 +00:00
aca
2564f0bf03 added Daniel's patch 2012-06-14 17:19:03 +00:00
kroosec
00f48c547f http-waf-fingerprint: small change to ouput syntax. 2012-06-14 11:42:49 +00:00
paulino
36363d904b Adds mysql-vuln-cve2012-2122.nse. This script exploits the authentication bypass vulnerability in Mysql/MariaDB (CVE2012-2122). 2012-06-13 06:12:13 +00:00
david
4e816c82f5 Oracle OVSAgentServer is actually Oracle Virtual Server Agent. 2012-06-13 03:01:58 +00:00
kroosec
461b5d5a9e http-waf-fingerprint: Added credit to wafw00f and w3af in description field. 2012-06-12 23:26:24 +00:00
aca
f747ad8084 removed .exe, added info to Changelog 2012-06-12 20:33:34 +00:00
david
2be8b1832e Comment update in ovs-agent-version.nse. 2012-06-12 14:41:51 +00:00
david
3012e3354b Join up NSEDoc in ganglia-info. 
http://seclists.org/nmap-dev/2012/q2/670
 2012-06-12 14:41:49 +00:00
kroosec
d8ccfa31a6 Added the script http-waf-fingerprint which tries to detect the presence of a web application firewall and its type and version. 2012-06-12 10:41:19 +00:00
patrik
8fdda62255 Added check to p2p-conficker to prevent it from running against ipv6. 2012-06-11 14:38:57 +00:00
perdo
fe5c4c7bad Added http-form-fuzzer script that fuzzes forms it finds on websites. 2012-06-10 23:05:42 +00:00
patrik
71e26189f6 o [NSE] More Windows 7 and Windows 2008 fixes for the smb library and smb-ls 
scripts. [Patrik Karlsson]
 2012-06-10 22:40:02 +00:00
aca
78c48319cf Merged dns-nsec3-enum to trunk 2012-06-09 18:44:46 +00:00
aca
858606f754 Commited http-frontpage-login to main branch 2012-06-09 18:28:50 +00:00
patrik
bbc423734e Fixed bug that would make the script crash with the following error if the 
latitude and longitude for an IP could not be determined:
attempt to concatenate field 'longitude' (a table value)
 2012-06-07 18:08:18 +00:00
fyodor
7b6b1f691c A couple more minor description updates that I forgot to checkin last time 2012-06-07 09:15:39 +00:00
perdo
5ac6c7d64a Fixed errors found by nse_check_globals. 2012-06-06 22:23:02 +00:00
batrick
14dc780226 Applied a patch by John Bond to remove unused script-arg. 2012-06-06 22:15:14 +00:00
patrik
b7f648bcac Fixed a bunch of errors reported by Ron Bowes; 
http://seclists.org/nmap-dev/2012/q2/639
 2012-06-06 22:11:02 +00:00
batrick
ceaa65a0f4 Move last remnants of Lua 5.0 "arg' table. 2012-06-06 22:08:01 +00:00
patrik
721ac80024 reverted previous commit, due to unfinnished changes in smb, asn1 and smbauth 
libraries.
 2012-06-06 22:04:28 +00:00
patrik
c4617f8d31 Fixed a bunch of errors reported by Ron Bowes; 
http://seclists.org/nmap-dev/2012/q2/639
 2012-06-06 21:57:00 +00:00
patrik
731e8b5302 Fixed error message in redis-brute 2012-06-06 21:36:52 +00:00
batrick
2dcb08a590 Fix location of try/catch. The pcap/dnet variables were not in scope. 2012-06-06 21:36:02 +00:00
batrick
a83ed012fd Use "response" as error message. 2012-06-06 21:32:02 +00:00
batrick
1ac2728821 Correct location of rules declaration. 2012-06-06 21:29:48 +00:00
batrick
a20ea34d38 Fix error strings and remove "path" parameter that has no apparent meaning 2012-06-06 21:27:39 +00:00
fyodor
60baeb09b0 Cleaning up the descriptions for 28 scripts for consistency 2012-06-06 20:44:18 +00:00
david
31b628f994 ipOps capitalization. 
http://seclists.org/nmap-dev/2012/q2/602
 2012-06-05 21:16:23 +00:00
david
7f0c9fa9a2 Identifier typo. 
http://seclists.org/nmap-dev/2012/q2/618
 2012-06-05 20:33:09 +00:00
batrick
be0af7b304 Add some missing library requires. Patch generated by 
$ nse_check_globals --patch

with some modifications for format consistency.
 2012-06-05 15:21:54 +00:00
kris
3444074ea1 doc typo/consistency fixes 2012-06-04 21:05:36 +00:00
fyodor
1f8c689ea1 o [NSE] Changed http-brute so that it works against the root path 
("/") by default rather than always requiring the http-brute.path
  script argument.

I also upgraded it to use get_script_args function rather than access registry.args directly
 2012-06-04 19:49:21 +00:00
patrik
b683234f45 o [NSE] Applied patch from Daniel Miller that fixes bug in several scripts and 
libraries http://seclists.org/nmap-dev/2012/q2/593 [Daniel Miller]
 2012-06-04 04:37:29 +00:00