PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity
7,281 Commits 2 Branches 0 Tags
6fec00655d679c20eaa777988ef82c96ccbe1c61
Commit Graph

1609 Commits

Author SHA1 Message Date
aca
6fec00655d Added smb-ms10-054 vuln check script to trunk 2012-07-23 09:52:38 +00:00
patrik
977996e5fa o [NSE] Added rdp library and the script rdp-enum-encryption that enumerates 
both the Security Layer and Encryption level of the RDP service. [Patrik
  Karlsson]
 2012-07-21 21:24:14 +00:00
aca
096e40d470 Added different message in case we determine that DoS is not due to slowloris and fixed an issue with try_ssl 2012-07-21 16:33:44 +00:00
david
3f7db8b9d3 Add flume-master-info.nse by John Bond. 2012-07-21 08:07:49 +00:00
aca
4eb88d2cde Added ssl support to http-slowloris 2012-07-20 15:49:23 +00:00
ron
8b42180f31 Removed an errant call to ap(config) that ended up in the committed version of the script 2012-07-20 04:43:55 +00:00
david
72b0056fb5 Add http-get.nse by Alex Weber. 
http://seclists.org/nmap-dev/2012/q2/935
 2012-07-19 18:15:02 +00:00
david
89e93d6836 --script-updatedb. 2012-07-19 18:14:21 +00:00
jah
1c783a920e Fixed some problems which caused snmp-interfaces to always fail after obtaining info from the IF-MIB tree walk (invalid use of the percent escape char in the replacement param to gsub and other minor errors). 
Fixed a problem which caused snmp-interfaces to always fail in the pre-scanning phase (attempt to index the undefined host table).
 2012-07-19 17:21:55 +00:00
dmiller
1aeec5790e Add more ssl-ciphers strength ratings 
Ratings generated with this perl script:
https://gist.github.com/3130353
 2012-07-18 22:14:30 +00:00
kroosec
ab2caee812 Updated lltd-discovery for parsing hostnames and outputing the network card manufacturer. 2012-07-18 12:50:11 +00:00
kroosec
6023e253dc Changed sip-enum-users which now uses brute.lua for extensions enumeration and supports iteration over custom lists and numeric ranges. 2012-07-18 12:06:33 +00:00
aca
8c9d8f0bb9 Fixed an issue with wrong thread count, and the case when server crashes or is completly unavailable for some other reason 2012-07-17 19:26:18 +00:00
perdo
6b101769d7 Add a check to see if response from which we wish to extract links is not nil. 2012-07-17 18:06:44 +00:00
david
0288accd74 Copyedit http-slowloris docs. 2012-07-17 17:19:43 +00:00
perdo
2424c6d2a4 Add a check to see if reponse from which we wish to extract links is not nil. 2012-07-17 16:11:10 +00:00
paulino
7e9fff9dfb Temp fix to reduce the number of times this script gets executed. This change removes it from the category "version" 2012-07-17 01:37:55 +00:00
patrik
ea7da393f4 update script to work with changes made to robtex website 2012-07-16 19:46:43 +00:00
aca
1e6344541a Merged http-slowloris from my dev branch into trunk 2012-07-16 19:27:24 +00:00
henri
5df5c86029 Fixed inconsistent indentation, replaced spaces by tabs. 2012-07-13 23:07:06 +00:00
dmiller
4463296bf7 Modify ssl-enum-ciphers for speed and thoroughness 
Send large groups of ciphers and eliminate chosen ones until the server
gives up. This results in far fewer exchanges than trying every cipher
individually.

Also fixed a bug introduced in r26521 where failing to send NULL
compressor results in a rejected handshake, and updated the list of
ciphers from 213 to 359.

http://seclists.org/nmap-dev/2012/q3/156
 2012-07-13 22:40:00 +00:00
kroosec
e1793d5961 tls-nextprotoneg: Replaced hard fixed protocols search for a dynamic extraction one. 2012-07-13 10:29:35 +00:00
henri
51cf3b0df9 Fixed a false positive in http-vuln-cve2011-3192.nse, which detected Apache 
2.2.22 as vulnerable.

The corresponding ChangeLog entry for Apache 2.2.22 says:
"""
Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20:
A range of '0-' will now return 206 instead of 200.
"""
https://issues.apache.org/bugzilla/show_bug.cgi?id=51878
 2012-07-12 17:00:41 +00:00
aca
c6ed7023c4 Brute and unpwdb lib improvements that allow more flexible iterator specifications. Merge from my dev branch. 2012-07-10 16:35:48 +00:00
patrik
6dd99f410b removed the ms-sql-dac script from default and made the port discovery 
run in parallell against multiple database instances.
 2012-07-10 10:08:42 +00:00
patrik
9236196d42 o [NSE] Added ms-sql-dac script which queries the Microsoft SQL Browser service 
for the DAC (Dedicated Admin Connection) port. [Patrik Karlsson]
 2012-07-10 09:50:51 +00:00
dmiller
39b96782b4 Update dns-zone-transfer with more RR types 
Updated the type table to include the latest from
http://www.bind9.net/dns-parameters (18 June 2012). Fixed a bug in WKS
parser. Added parsers for NSAP, NSAP-PTR, PX, GPOS, ATMA, KX, A6, DNAME,
SINK (partial), SSHFP, and SPF.
 2012-07-09 21:15:43 +00:00
dmiller
f1a3c26b66 Fixed dns-zone-transfer support of WKS records (tested with Bind9) 2012-07-09 18:50:21 +00:00
henri
47d8b75fcf Cosmetic fixes: indentation and trailing whitespaces. 2012-07-09 16:33:58 +00:00
dmiller
8a4ebef626 Add more record types to dns-zone-transfer 
New types: MD, MF, MB, MG, MR, WKS, HINFO, MINFO, RP, AFSDB, X25, ISDN,
RT, NAPTR. Several of these are obsolete/experimental. RP, AFSDB, and
NAPTR can be tested against zonetransfer.me. WKS (Well Known Services)
is very interesting, but little used, and not tested.
 2012-07-09 16:02:28 +00:00
perdo
bcdb303a2b Added an unrequired library and fixed a typo. 2012-07-09 13:32:32 +00:00
perdo
1498f9ce7a Added irc-sasl-brute script which performs brute force password auditing against IRC servers supporting SASL authentication. 2012-07-09 12:51:07 +00:00
kroosec
eca8ab5563 Added sip-methods script which enumerates a SIP server's allowed methods. 2012-07-09 08:57:12 +00:00
kroosec
68a9a54f4c Added sip-call-spoof script which spoofs a call to a SIP phone and detects the action taken by the target. 2012-07-09 08:50:44 +00:00
kroosec
61a40609ce Reversed commit to lltd-discovery that went with one to tls-nextprotoneg. 2012-07-08 19:49:09 +00:00
kroosec
bc2b9a99b5 Added http1.1 to the list of known protocols. (Checked by Chromium) 2012-07-08 19:00:34 +00:00
tomsellers
644595d077 Modified multiple scripts that operated against HTTP based services so as to remove false positives that were generated when the target service answers with a 200 response to all requests. 
Some scripts that had been previously modified were updated so that the debug output was consistent.

A few scripts were calling identify_404 with host.ip as opposed to the proper host object.  This has been adjusted as well.
 2012-07-08 12:41:37 +00:00
aca
0968973b4a Merged metasploit-info from my dev branch 2012-07-08 10:34:41 +00:00
dmiller
fd6d41e30a Merge branch 'ssl-known-key-sslcert' 2012-07-08 04:12:25 +00:00
dmiller
cdf30c1233 Avoid using http cache for http-form-fuzzer 2012-07-07 22:06:56 +00:00
kroosec
b7cc883a0f Added tls-nextprotoneg, a script that enumerates a TLS server's supported protocols by using the next protocol negotiation extension. 2012-07-07 14:38:56 +00:00
dmiller
96d48d861c Fix error in http-vhosts when domain is nil 
./scripts/http-vhosts.nse:502: attempt to concatenate local 'domain' (a
nil value)
stack traceback:
        ./scripts/http-vhosts.nse:502: in function 'makeTargetName'
        ./scripts/http-vhosts.nse:542: in function
<./scripts/http-vhosts.nse:532>
        (...tail calls...)
 2012-07-06 14:16:26 +00:00
paulino
e707b6305a Adds http-phpself-xss : NSE to detect PHP files vulnerable to reflected cross site scripting via $_SERVER["PHP_SELF"] 2012-07-05 18:18:56 +00:00
paulino
783825f087 Adds http-tplink-dir-traversal.nse in the "exploit" and "vuln" category: NSE to exploit a path traversal vulnerability in the web administration panel of several TP-Link routers. 2012-07-04 20:33:10 +00:00
paulino
6b5d38ca8a Adds additional debug message when it fails to hint users about what happened. It also adds another check for web servers that return more than one 404 page. 2012-07-04 19:56:37 +00:00
tomsellers
e3787f2a37 Handle exception generated when the spider process hands http-backup-finder a URL that is only a hostname. When url.parse processes this value on line 107 of http-backup-finder it returns nil for the .path property. 
http-backup-finder.nse:107: attempt to index field 'path' (a nil value)
stack traceback:

Addressed this by setting nil .path values to '/'.  Tested with sites with and without backup files.  Verified that duplicate results were not returned.
 2012-07-04 18:54:38 +00:00
tomsellers
99c192cd1d Fix exception thrown in reverse-index when it is run again a host with no open ports. 
/reverse-index.nse:112: bad argument #1 to 'pairs' (table expected, got nil)
 2012-07-04 17:58:21 +00:00
paulino
bc3eb43f72 Fixes false positive when dealing with web servers returning status 200 for all reqs 2012-07-04 17:57:22 +00:00
tomsellers
97a22758f6 membase-http-info updated to reflect new server header found in current versions of the Couchbase HTTP admin port. Explanation email sent to list. 2012-07-04 15:56:48 +00:00
tomsellers
71439bcfac Patch to fix script issue when scanning HTTP servers that return 200 to every request. This causes the sanity check on line 88 to fail to trigger because the header value Server is nil. 
Implemented a check to if the target is returning 200 to all requests.

Also implemented additional logic on line 84 to verify that the Server header value is not nil.  This is just in case we run into another case where a response is 200 but the Server header does not exist.
 2012-07-04 15:16:46 +00:00