a) Lowercase path (a login page)
b) Paths containing uppercase (becomes a '400 Unknown Error' that indicates a corrupt harddrive)
c) Paths containing a path and no uppercase (the same login page as (a) is displayed, except the font changes colour
The server itself returns that it's 'ACOS HTTPD/1.1.4', and the telnet port says it's 'Lingo VoIP config telnetd'. OS guesses seem to indicate a Telephony device of some sort. In any case, this patch detects these conditions and doesn't bother checking the device if it cannot tell these errors apart
http.head (in revision . Because many scripts tend to request the same object,
this helps to prevent sending duplicate requests that consume network
resources needlessly.
The cache is transparent to the script writer in that it will return a cached
result if present when http.get/http.head is called. How the cache is used may
be controlled by options table (described in [1]) passed to the http functions.
Three new boolean values are present:
o bypass_cache -- The contents of the cache is ignored for the request
(method == "GET" or "HEAD")
o no_cache -- The result of the request is not saved in the cache
(method == "GET" or "HEAD")
o no_cache_body -- The body of the request is not saved in the cache
(method == "GET" or "HEAD")
The size of the cache is by default 1 MB. The size can be changed using the
script arg (--script-args) http-max-cache-size (e.g. --script-args
http-max-cache-size=1e8).
[1] http://nmap.org/nsedoc/lib/http.html#request
1) Re-add 443 to the common ssl ports (it was accidentally removed in an earlier patch)
2) If the header doesn't return the number of pipelined requests to perform, default to 40 instead of leaving it nil
- Cookie Support
- Pipelining Support
- New lib modularization (previously, single functions were taking care of too many tasks, we have splitted these tasks for better code reuse)
parses an HTTP date in any of three possible formats.
http-date.nse gets the Date: header field value from and HTTP server,
then displays it with how much it differs from local time.
http.lua. Previously the code was not careful about checking its input,
and would loop forever if it got something non-hex where it expected a
hex chunk-size. See http://seclists.org/nmap-dev/2009/q3/0013.html.
This code raises an error whenever decoding fails for whatever reason.
It also handles chunk extensions. The reference is section 3.6.1 of
RFC 2616.
fields passed to it and adds them to the request. Previously it ignored them,
relying on http.get to concatentate the header fields into a string for it.
Modified http.request() to connect using ssl for the https-alt service.
html-title.nse can now deal with a redirect which changes the url scheme
as long as a port is present in the url and it is the port being scanned.
Now http.request() returns nil if port.protocol is not 'tcp'.
Changed the portrule in html-title.nse to accept only TCP ports.
Fixed a redirect rule in html-title.nse which was comparing the string url.port with
the number port.number - which would always be false.
license" to "Same as Nmap--See http://nmap.org/book/man-legal.html" like
scripts commonly use. I added the field to some modules I know to be under the
Nmap license: bin, datafiles, dns, nmap, unpwdb. I left alone bin, bit, pcre,
and url, which come from outside sources.
http, ipOps, listop, and match. This is mainly merging the best documentation
from the module source and scripting.xml into the module, with the aim of
making the source code the canonical source for module documentation.
It is unnecessary to prefer targetname over the ip in the request()
function since host is only passed to socket:connect() which would have to
resolve the targetname back to the ip.
I've rewritten the header/body separation to use a single regex which
should do the same as your code and since the first match is non-greedy
should always prefer the shorter version.
I've done something similar for the header splitting.
I've removed the type checks for header and body since they are always
strings.
give the error: SCRIPT ENGINE: C:\Program
Files\Nmap\nselib/http.lua:77: attempt to call field 'parse' (a nil
value) [Jah]
Also added Win2K dependencies section to nmap-install (I should have
done a separate checkin for that)
