PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity
7,281 Commits 2 Branches 0 Tags
6fec00655d679c20eaa777988ef82c96ccbe1c61
Commit Graph

401 Commits

Author SHA1 Message Date
david
90a2819a04 o [NSE] Added scripts by Toni Ruotto communicating with the NetBus 
remote administration/backdoor program.
  - netbus-info: gets configuration information.
  - netbus-brute: guesses passwords.
  - netbus-version: distinguishes NetBus from NetBuster, a program
    that mimics the protocol but doesn't actually allow any
    operations.
  - netbus-auth-bypass: Checks for a bug in the server that allows
    connecting without a password.
 2010-12-13 18:00:02 +00:00
david
a7e80b4cf3 Update script.db. 2010-12-13 17:30:08 +00:00
david
ccd901f918 Put realvnc-auth-bypass.nse in "auth" category. 2010-12-13 17:30:06 +00:00
patrik
46cdf28fce o [NSE] Added a new iSCSI library and the two scripts iscsi-info and 
iscsi-brute. [Patrik]
 2010-12-10 23:20:59 +00:00
patrik
38a21c4d17 o [NSE] Add new script broadcast-ms-sql-discover and removed broadcast 
support from ms-sql-info. [Patrik]
 2010-12-10 23:12:27 +00:00
david
adc460fc22 o [NSE] Added the ftp-proftpd-backdoor.nse script by mak Kolybabi, 
which checks for a backdoor in ProFTPD 1.3.3c.
 2010-12-07 00:22:01 +00:00
david
f8530814ab o [NSE] Added http-vhosts.nse from Carlos Pantelides. This script 
brute-forces virtual hosts by sending different Host headers to the
  same server.
 2010-12-06 05:19:35 +00:00
david
f8b17ae441 o [NSE] Added the hddtemp-info script from Toni Ruotto, which gets 
hard drive temperatures from the hddtemp service.
 2010-11-29 19:00:11 +00:00
fyodor
3652bd6939 Rename a couple http scripts to make it more clear that they use the http protocol and for consistency with other script names 2010-11-20 04:22:51 +00:00
fyodor
10d85c1a6b Removed broadcast-upnp-info and broadcast-dns-service-discovery from the default category. With these running by default, I was getting a bunch of information about printers and stuff on my LAN. Which is great info, and I love the scripts, but that's not what I'm really looking for when just trying to scan scanme.nmap.org 2010-11-20 02:04:00 +00:00
patrik
734f938b04 o [NSE] Added a new Web Service Dynamic Discovery library (wsdd) and the two 
scripts broadcast-wsdd-discover and wsdd-discover. [Patrik]
 2010-11-10 22:35:13 +00:00
patrik
92b6fa9038 o [NSE] Added a new library upnp that provides UPnP support to the scripts 
upnp-info and broadcast-upnp-info. The library is largely based on code
  taken from Thomas Buchanan's upnp-info script. [Patrik]
 2010-11-02 19:05:19 +00:00
david
d4007d43e5 Make rmi-dumpregistry.nse default. 2010-11-02 17:45:07 +00:00
patrik
7b2b7bd227 o [NSE] Added a new library dnssd with supporting functions for DNS Service 
Discovery. Moved multicast prerule from dns-service-discovery to a new
  script called broadcast-dns-service-discovery. [Patrik]
 2010-11-02 17:22:38 +00:00
david
3040659465 Add the rmi.lua library and rmi-dumpregistry.nse script by Martin Holst Swende. 2010-11-01 20:47:48 +00:00
kris
b69d93e2ab o [NSE] Added the ssh2-enum-algos script which reports the number of 
algorithms the target SSH2 server supports, by type. If verbosity
  is set, then the offered algorithms are listed. Output is reduced
  for identical "client to server" and "server to client" lists by
  using a single combined list. [Kris]
 2010-10-29 14:30:00 +00:00
fyodor
203d423d50 Added upnp-info to the discovery category 2010-10-16 21:45:08 +00:00
david
dd7a40b288 Add hostmap.nse from Ange Gutek. 2010-10-16 03:01:08 +00:00
david
d096dd7626 Update script.db. 2010-10-16 01:59:08 +00:00
kris
8d7d95ba57 update script.db 2010-10-13 00:06:39 +00:00
david
7dcd478487 Put nat-pmp-info.nse in the "default" category. Let the portrule match 
the service "nat-pmp". Set the service name "nat-pmp" on success.
 2010-09-28 22:30:18 +00:00
patrik
0ef84cf443 o [NSE] Added nat-pmp-info script that uses the nat-pmp service to 
discover the external IP address of a router. [Patrik]
 2010-09-28 19:43:06 +00:00
kris
29e6257541 Add the resolveall prerule script which takes a table of hosts and adds the 
resolved addresses to Nmap's target queue.
 2010-09-28 02:04:20 +00:00
djalal
15a0dc47b0 Added the targets-traceroute script, which inserts traceroute hops onto Nmap scanning queue. 2010-09-10 01:53:22 +00:00
david
7026f5fdbd o [NSE] Added the firewalk script, which tries to find whether a 
firewall blocks or forwards ports like the firewall tool does. [Henri
  Doreau]
 2010-08-28 16:03:20 +00:00
david
5731d55219 Revert r19993, the addition of firewalk.nse. This depends on an nselib 
change that isn't committed yet.
 2010-08-27 20:03:21 +00:00
david
79da626772 o [NSE] Added the firewalk script, which maps firewall rules in a way 
similar to the firewalk tool. [Henri Doreau]
 2010-08-27 20:01:09 +00:00
kris
57664a51cf Committing MTU-related changes: 
* Adding path-mtu.nse for Path MTU Discovery
* Nmap now stores the MTU for interfaces (from SIOCGIFMTU or libdnet)
* Scripts can access the MTU for host.interface via host.interface_mtu
* Nmap prints the MTU for interfaces in --iflist
 2010-08-24 01:47:12 +00:00
patrik
af76c5dad7 o [NSE] Added GIOP library and a small script that makes use of it: 
- giop-info Queries the CORBA naming server for a list of objects
  [Patrik]
 2010-08-19 23:14:39 +00:00
patrik
87109b5670 o [NSE] Added a Oracle TNS library and two new scripts that make use of it. 
The scripts are:
  - oracle-brute uses the brute and tns library to perform password guessing
  - oracle-enum-users attempts to determine valid Oracle user names
  [Patrik]
 2010-08-19 23:09:32 +00:00
patrik
e80b196d2e o [NSE] Added a smallish Lotus Domino rpc library (nrpc.lua) and some Lotus 
Domino oriented scripts:
  - domino-enum-users.nse guesses users and attempts to download ID files by
                          exploiting (CVE-2006-5835).
  - domino-enum-passwords attempts to download Internet passwords and ID files
                          from the web server.
  - domcon-brute performs password guessing against the remote console.
  - domcon-cmd adds support for running custom remote console commands.
  [Patrik]
 2010-08-19 23:02:58 +00:00
patrik
73b01af10a o [NSE] Added an Informix library and three scripts that make use of it: 
- informix-brute uses the brute framework to perform password guessing
  - informix-query add support for running SQL queries against Informix
  - informix-tables lists table- and column-names for a given database
  [Patrik]
 2010-08-19 22:47:52 +00:00
patrik
a2c2a3f84c o [NSE] Added two new scripts http-brute.nse and http-form-brute that attempt 
to perform password guessing against web servers and applications. [Patrik]
 2010-08-19 20:53:40 +00:00
david
9cbfbbaadc Remove a script.db entry for an uncommitted script I am working on, 
ovs-agent-version.nse.
 2010-08-17 22:44:28 +00:00
david
644e60c84c Put wdb-version in the "default" category. 2010-08-17 22:19:15 +00:00
patrik
ce0de70ae8 o [NSE] Added one script (vnc-brute) that performs password guessing against 
VNC using the new brute library and another (vnc-info) that lists supported
  security mechanisms. [Patrik]
 2010-08-14 15:13:15 +00:00
patrik
2c874c0ba2 changed portrule to include both ibm-db2 and drda 
updated script.db and removed old db2- scripts and added the new ones
changed error message returned by helper class in drda for incorrect logins
 2010-08-14 11:52:18 +00:00
fyodor
9b4b172045 Update generated content for new release 2010-07-16 00:43:59 +00:00
djalal
98cf1dd7c4 Remove nfs-acls and nfs-dirlist scripts, all their features are supported by nfs-ls.nse script. 2010-07-06 00:56:41 +00:00
david
5b4e171444 o [NSE] Added ftp-libopie.nse by Gutek. This script checks for an 
off-by-one stack overflow vulnerability in libopie by giving the FTP
  service an overlong name. See
  http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc for
  details.
 2010-06-21 20:25:11 +00:00
david
c50c7a2c0b o Added http-php-version.nse from Gutek. This script retrieves 
version-specific pages through a couple of magic PHP queries, which
  can identify the PHP version even when a server doesn't advertise
  it.
 2010-06-18 22:12:17 +00:00
fyodor
1428a1644b We generally put scripts in either safe or intrusive categories, but not both. So I removed intrusive. I also added discovery, as that seems to fit the ssh-hostkey script 2010-06-15 07:49:45 +00:00
djalal
2ad517622b Add the nfs-ls script entry to the script.db 2010-06-12 23:53:20 +00:00
david
e4162e6771 o [NSE] Added dns-cache-snoop.nse by Eugene Alexeev. This script does 
cache snooping by either sending non-recursive queries or by measuring
  response times.
 2010-06-12 02:25:44 +00:00
jah
cb879a313f Update script.db with added ntp-monlist.nse 2010-06-03 12:37:05 +00:00
patrik
b830a036ad o [NSE] Add new DB2 library and two scripts 
- db2-brute.nse uses the unpwdb library to guess credentials for DB2
  - db2-info.nse re-write of Tom Sellers script to use the new library
  [Patrik]
 2010-05-18 21:11:38 +00:00
david
3b34c84de7 Add dns-fuzz script from Michael Pattrick. 2010-04-04 13:41:32 +00:00
patrik
1d26975ede o [NSE] Added a library for Microsoft SQL Server and 7 new scripts. The new 
scripts are:
  - ms-sql-brute.nse uses the unpwdb library to guess credentials for MSSQL
  - ms-sql-config retrieves various configuration details from the server		
  - ms-sql-empty-password checks if the sa account has an empty password
  - ms-sql-hasdbaccess lists database access per user
  - ms-sql-query add support for running custom queries against the database
  - ms-sql-tables lists databases, tables, columns and datatypes with optional
    keyword filtering
  - ms-sql-xp-cmdshell adds support for OS command execution to privileged
    users
  [Patrik]
 2010-04-04 10:11:54 +00:00
david
3ef4f3f017 o [NSE] Added the afp-serverinfo script that gets a hostname, IP 
addresses, and other configuration information from an AFP server.
  The script, and a patch to the afp library, were originally
  contributed by Andrew Orr and were subsequently enhanced by Patrik
  and David.

I added an @output section to the script and made it hex-encode a binary
string for the sever signature (previous versions of the afp patch did
the hex-encoding in the library, but I thought it was better to do it in
the script.)
 2010-03-30 19:26:23 +00:00
david
65331759cc Remove afp-path-exploit.nse (which doesn't exist) from script.db. It was 
an earlier version of afp-path-vuln.nse.
 2010-03-29 17:53:32 +00:00