PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity
6,463 Commits 2 Branches 0 Tags
6f95d9fabe8b18c220b9dd29e23cda632d77a91a
Commit Graph

6463 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
patrik
34db78528a o [NSE] Added support for detecting whether a http connection was established 
using SSL or not by the http.lua library [Patrik]
 2011-12-06 22:24:58 +00:00
patrik
acb1455874 o [NSE] Applied patch that replaces a number of GET requests to HEAD in http- 
fingerprints.lua where no matching was performed on the returned contents.
  [Hani Benhabiles]
 2011-12-06 15:57:21 +00:00
patrik
0340c7321c o [NSE] Applied patch to the ssl-cert script that adds support for getting SSL 
certificates from FTP servers. [Matt Selsky]
 2011-12-06 15:49:36 +00:00
david
30af606588 Light copyediting of NSEDoc in ssl-google-cert-catalog.nse. 2011-12-06 05:01:18 +00:00
david
028345e871 Improve the wording in the output of ssl-google-cert-catalog.nse. 2011-12-06 05:01:17 +00:00
patrik
171c917b37 o [NSE] Added the a Vuze library, port probe and the script vuze-dht-info. The 
script connects to a Vuze node and gets protocol, vendor and network
  information. [Patrik]
 2011-12-03 09:18:58 +00:00
david
e0ca50b976 Remove executable bit from scripts. 2011-12-02 19:34:04 +00:00
david
46bcc85069 Add some more JBoss fingerprints. 
These are from a talk I saw recently (page 19).
http://www.matasano.com/research/OWASP3011_Luca.pdf
 2011-12-02 19:28:54 +00:00
david
38f6e7dcef Clearer documentation and missing delimiter in xml.cc. 2011-12-02 18:12:42 +00:00
colin
d3fd9bda66 Updated changelog and todo list for nping --safe-payloads defaulting. 2011-11-30 03:12:55 +00:00
colin
5724d88eac [Nping] Make --safe-payloads default, add --include-payloads 
Resolving item from todo list:
o [Nping] The --safe-payloads option should be default (though we
  should keep it for backward compatability).  We could then introduce
    --include-payloads for cases where they are desired.

-Documentation has not been updated.
 2011-11-30 03:09:04 +00:00
fyodor
f103db01f8 Rename auth service to ident for consistency with our version detection results 2011-11-30 02:51:27 +00:00
david
8aeff3dd59 Another job for sv-tidy. 
o Warn when a match template contains '.' but not the 's' flag.
    (Maybe only when there are non-ASCII literal characters in the
    template.)
 2011-11-29 20:47:39 +00:00
patrik
4c525b584d o [NSE] Added the script reverse-index that creates creates a reverse index 
showing which hosts run a particular service rather than the services for
  each host. [Patrik]
 2011-11-29 00:48:59 +00:00
patrik
b2513a2aaf o [NSE] Added whitelist capabilities to the unusual-port script to be able 
to handle legitimate services on dynamic ports and discrepancies between
  names of services. [Patrik]
 2011-11-29 00:41:07 +00:00
david
02ff5e83b6 Comment typo. 2011-11-27 19:50:17 +00:00
patrik
95af3f1937 o [NSE] Added the script unusual-port that compares a detected service on a 
port against the expected service listed in nmap-services [Patrik]
 2011-11-25 21:09:19 +00:00
patrik
36445c0dba revised changelog message 2011-11-20 12:35:00 +00:00
patrik
510ebe0eb7 o [NSE] Added the script broadcast-sybase-asa-discover that discovers Sybase 
SQL Anywhere servers on the local LAN. [Patrik]
 2011-11-20 12:33:53 +00:00
patrik
01ccd79c34 o Added a probe for Sybase SQL Anywhere. [Patrik] 2011-11-20 11:03:06 +00:00
fyodor
3eecc35627 note some done things 2011-11-18 23:09:29 +00:00
henri
77465c37df Proper method call with ":" instead of "." 
This fixes broadcast-listener.nse failure:
/home/henri/nmap/nselib/packet.lua:521: attempt to index local 'self' (a number value)
 2011-11-18 15:42:09 +00:00
patrik
9b2d03d633 o [NSE] Added maxdb-info script that tries to enumerate version and database 
information from a SAP MaxDB database [Patrik]
 2011-11-17 22:12:59 +00:00
patrik
4c0ed27d89 o [NSE] Added nexpose-brute a script that performs password auditing against 
the Nexpose vulnerability scanner. [Vlatko Kosturjak]
 2011-11-17 19:46:42 +00:00
patrik
4b64da4f14 o [NSE] Added http-vuln-cve2011-3368 a script that attempts to detect whether 
the remote web server is vulnerable to the Apache reverse proxy bypass
  vulnerability CVE-2011-3368. [Ange Gutek, Patrik]
 2011-11-17 19:33:19 +00:00
david
e52cb742b8 On second thought restore README-EXTERNALS. 
My test checkout seemed to update all the way to the latest revision
before complaining about the former external directories, so
README-EXTERNALS was already gone. We'll leave it in place while it's
still likely to be causing people trouble.
 2011-11-16 21:54:09 +00:00
david
1791bdaca4 Remove README-EXTERNALS. 2011-11-16 21:50:09 +00:00
david
ed2ba4e168 Copy nping, nsock, nbase, zenmap, ncat from their homes in /. 
If you have trouble updating after this revision you need to follow
these instructions. You have probably just seen an error like this:

svn: URL 'svn://svn.insecure.org/nping' of existing directory 'nping'
does not match expected URL 'svn://svn.insecure.org/nmap/nping'

This is caused by the replacement of SVN externals.

Here's what you need to do. First, save any local changes you might have
in the nping, nsock, nbase, ncat, and zenmap directories. (For example
by running "cd nping; svn diff > ../nping.diff".) If you don't have any
local changes you can skip this step.

Then run these commands:

rm -rf nping/ nsock/ nbase/ ncat/ zenmap/
svn update
svn cleanup

If all else fails, you can just delete your whole working directory and
check out anew:

svn co --username guest --password "" svn://svn.insecure.org/nmap

There may be further discussion in the mailing list thread at
http://seclists.org/nmap-dev/2011/q4/303.
 2011-11-16 21:49:44 +00:00
david
4dabecf3b8 Remove externals. 2011-11-16 21:48:10 +00:00
david
ed961420a4 Add README-EXTERNALS with instructions for fixing checkouts after the 
impending externals merge.
 2011-11-16 21:47:23 +00:00
fyodor
308650bbdb Update version num, sort nmap-os-db, etc. 2011-11-14 22:23:24 +00:00
patrik
8728f181d2 Reverting commit r27082 due to incompatibility with Lua 5.2 [Patrik] 2011-11-13 13:11:39 +00:00
patrik
776a11146e Added code to brute library that picks up the executing SCRIPT_NAME using getfenv [Patrik] 2011-11-13 12:56:29 +00:00
patrik
4edf096715 o [NSE] Added new functionality and fixed some bugs in the brute library: 
- Added support for restricting the amount of guesses performed by the
    brute library against users, to prevent account lockouts.
  - Added support to guess the username as password as incorrectly
    suggested as default behavior by the documentation.
  - Added support to guess an empty string as password if not present
    in the dictionary. [Patrik]
 2011-11-13 09:51:15 +00:00
david
f235c4c071 FPmodel -> FPModel for uniformity. 2011-11-12 10:06:21 +00:00
david
7d638997db Regen FPmodel. 2011-11-12 06:00:56 +00:00
fyodor
20105cb903 Removed the note that Nmap always useses its included libpcap in preference to system installed one on Linux. I did a quick scan of configure.ac and pcap_is_suitable in acinclude.m4 and I don't think that is still true. 2011-11-11 22:45:30 +00:00
patrik
2db31ad9f5 o Added a probe for the MongoDB service [Martin Holst Swende] 2011-11-11 20:29:55 +00:00
patrik
ceb89b459f Removed e-mail address from author variable in rtsp-methods and irc-brute 
[Patrik]
 2011-11-11 15:31:50 +00:00
patrik
a8f57064fd o Added a probe for the Metasploit XMLRPC service [Vlatko Kosturjak] 2011-11-11 06:42:01 +00:00
patrik
1aa3e7c456 o [NSE] Re-enabled support for guessing the username in addition to password 
that was incorrectly removed from the metasploit-xmlrpc-brute in previous
  commit. [Patrik]
 2011-11-11 05:52:52 +00:00
patrik
8ec7da89c8 o [NSE] Added the script metasploit-xmlrpc-brute that performs password 
auditing against the Metasploit XMLRPC service. [Vlatko Kosturjak]
 2011-11-10 21:43:54 +00:00
patrik
352efc6ded o [NSE] Added the script openvas-otp-brute that performs password auditing 
against the OpenVas service. [Vlatko Kosturjak]
 2011-11-10 20:50:04 +00:00
patrik
77380bd9b0 o [NSE] Fixed bug that would prevent brute scripts from running if no service 
field was present in the port table. [Patrik]
 2011-11-10 20:42:47 +00:00
david
5698259a1b sv-tidy softmatch lines too. 2011-11-10 07:02:43 +00:00
david
110e9421cc sv-tidy nmap-service-probes. 
This is a new program to tidy/canonicalize nmap-service-probes. It did
this:
 * Removed excess whitespace.
 * Sorted templates in the order m p v i d o h cpe:.
 * Canonicalized template delimiters in the order / | % = @ #.
 2011-11-10 06:57:27 +00:00
david
7586073399 Add service match for Oracle OVM Manager. 2011-11-10 03:13:57 +00:00
patrik
0fa0ef41d5 Added missing usage and output documentation [Patrik] 2011-11-09 19:15:17 +00:00
patrik
7b43d1cafb o [NSE] Added the scripts bitcoin-info, bitcoin-getaddr and a supporting 
Bitcoin library. The script bitcoin-info retrieves information about the
  remote server, while the bitcoin-getaddr script retrieves a list of
  discovered remote Bitcoin nodes. [Patrik]
 2011-11-09 18:56:16 +00:00
djalal
8a175d127d o [NSE] added a debug message in the prerule to show that some arguments are missing. 2011-11-09 12:39:01 +00:00