PenTest/nmap - nmap - Ols Gitea: How about a cup of tea while we code?

mirror of https://github.com/nmap/nmap.git synced 2026-01-30 01:59:02 +00:00

Author	SHA1	Message	Date
david	a58e6d0f33	-Adds digest support to basic login method. -Adds detection entry for Digital Sprite 2 ( Digital recorder ) Originally committed by paulino but recommitted by david after recovery from backup.	2013-04-12 17:29:26 +00:00
patrik	56ef8fad06	fix flipped ip in BROWSER decoder	2013-03-16 03:18:35 +00:00
patrik	429b030c3d	add BROWSER protocol support	2013-03-16 03:18:32 +00:00
patrik	b6492f96af	add LLMNR support and cleaned up some result output	2013-03-16 03:18:28 +00:00
patrik	675000afe8	change debug level for missing decoders, more indent cleanup	2013-03-16 03:18:24 +00:00
patrik	560c97923b	refactor MDNS code and add ipv6 to Generic table	2013-03-16 03:18:21 +00:00
patrik	bf24a53487	split Netbios up in Queries and Registrations	2013-03-16 03:18:18 +00:00
patrik	66335c6902	add support for decoding MacBooks from DDNS, support for DHCPv6 and CUPS	2013-03-16 03:18:15 +00:00
patrik	4ecb3e55d8	add support to parse and decode fqdn option	2013-03-16 03:18:11 +00:00
patrik	ddbc5d7297	indentation cleanup	2013-03-16 03:18:07 +00:00
dmiller	ab098ef4d2	Don't crash on stdnse.parse_timespec(nil)	2013-03-06 04:36:09 +00:00
david	1ebb9bfe20	Don't include a port number in the Host header. We never intend to ask for a service on a port other than the one we connect to. By my reading of RFC 2616 section 14.23, we can leave the port number off in this case. Robin Wood reported that https://twitter.com/ gives you a redirect instead of a page if you send it Host: twitter.com:443 rather than Host: twitter.com http://seclists.org/nmap-dev/2013/q1/267	2013-03-02 01:05:32 +00:00
david	a1a106defe	Allow CRLF line endings in upnp.lua Only LF was supported before. Reported by kaito. http://seclists.org/nmap-dev/2013/q1/221	2013-02-24 04:55:40 +00:00
paulino	666cda3048	Adds entry to detect several vulnerable versions of JCE Joomla extension. (Remote command exec) Fingerprint taken from http://www.bugreport.ir/78/exploit.htm	2013-02-21 04:53:49 +00:00
david	842f9e6804	Revert "Lower-case scheme comparisons." Handle it at the url.parse level.	2013-02-07 23:43:50 +00:00
david	4fb61350d8	url.parse should convert all schemes to lower case. RFC 3986 section 3.1: Although schemes are case-insensitive, the canonical form is lowercase and documents that specify schemes must do so with lowercase letters. An implementation should accept uppercase letters as equivalent to lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the sake of robustness but should only produce lowercase scheme names for consistency.	2013-02-07 23:43:47 +00:00
david	5273567981	Lower-case scheme comparisons. I'm seeing redirects to "HTTP://example.com/".	2013-02-07 23:37:48 +00:00
david	9434dd7d2f	parse_redirect: fill in port number even if authority but not scheme is present. For example "//example.com/en/": the function needs to return with u.port set, just as it would with "http://example.com/en/".	2013-02-07 23:12:41 +00:00
david	a210d38769	Allow empty path in url.parse. I got a redirect of "?p=indisponible" and url.parse returned {query="p=indisponible"}. Now it returns {path="", query="p=indisponible"}.	2013-02-07 22:37:38 +00:00
david	4cdb5301dd	300 and 303 are also HTTP redirects.	2013-02-07 22:28:10 +00:00
david	ac5a479a73	Treat empty port in URL the same as absent. RFC 3986 says that these URLs are equivalent: http://example.com/ http://example.com:/ url.parse was returning port="" for the latter. Make it instead return port=nil like the former.	2013-02-07 03:06:30 +00:00
david	1c7c414fbb	URL ports have to be decimal digits. RFC 3986 section 3.2.3.	2013-02-07 03:06:29 +00:00
david	45b5d92f3d	Don't treat an empty string as an invalid URL. To me, this is a relative URL with a path of "". I.e., it refers to the same document as wherever the URL appeared, like when people do <form action="" enctype="multipart/form-data" method="POST">	2013-02-07 02:28:23 +00:00
david	7c7ffdb756	Typo.	2013-02-02 01:41:50 +00:00
paulino	913fbac6d1	Adds entry to detect SCADA SIMATIC S7. Signature taken from Jose Ramon Palanco's script https://github.com/drainware/nmap-scada/blob/master/SIEMENS-Simatic-HMI-miniweb.nse	2013-01-31 18:04:40 +00:00
paulino	b3d3553330	Adds entry to detect SCADA Siemens PCS7. Signature taken from Jose Ramon Palanco's script https://github.com/drainware/nmap-scada/blob/master/Siemens-PCS7.nse	2013-01-31 18:00:11 +00:00
david	570a77b414	Use binary strings, not hex strings, internally in ike-version. Patch by Jesper Kückelhahn. http://seclists.org/nmap-dev/2013/q1/152	2013-01-30 06:25:32 +00:00
patrik	d79e431e7a	nse_check_globals cleanup	2013-01-28 04:28:38 +00:00
david	37ab88e840	Change 'VPN' to 'security-misc' in ike-fingerprints. We don't have a 'VPN' device type. http://nmap.org/book/osdetect-device-types.html	2013-01-28 03:11:21 +00:00
david	710b460ac1	Add ike-version and ike library by Jesper Kückelhahn. http://seclists.org/nmap-dev/2013/q1/49	2013-01-28 03:06:39 +00:00
djalal	6f5cf53780	o [NSE] Made the vulnerability library able to preserve vulnerability information across multiple ports of the same host.	2013-01-19 19:00:11 +00:00
paulino	76d4889eea	Adds entry for Oracle GlassFish	2013-01-15 07:06:24 +00:00
david	e03dcf3d8a	Do a connect on rpc-grind UDP sockets to invoke socket_lock. This connect should be side effect–free except for calling socket_lock, which prevents the creation of an excessive number of sockets. Not using the lock was causing "Too many open files" errors. We should have a cleaner general solution for this, and not require scripts to "connect" their unconnected UDP sockets. I seem to remember that there was a good reason for not enforcing the lock on socket creation, but only on connect, as we do. http://seclists.org/nmap-dev/2012/q4/435	2012-12-31 19:06:33 +00:00
patrik	16d50c48da	Squashed commit of the following: commit fb1fa9373592e81ee004b99cf813e07bf253fbe1 Author: Patrik Karlsson <patrik@cqure.net> Date: Sun Dec 16 11:49:36 2012 -0500 Fix bug where brute library failed to report error on invalid iterators	2012-12-16 16:51:47 +00:00
david	ab802a6f21	Update some more headers.	2012-12-06 02:25:46 +00:00
david	ec53dc049a	Update with new mailing list addresses.	2012-12-06 02:23:34 +00:00
patrik	38ad563a8f	Fix missing export _ENV in gps library	2012-12-02 16:15:59 +00:00
david	4c9a3ef4de	Add multicast group name output to broadcast-igmp-discovery. Patch by Vasily Kulikov. http://seclists.org/nmap-dev/2012/q4/350	2012-11-29 19:58:30 +00:00
david	b15d8825a3	Whitespace in http-fingerprints.	2012-11-21 00:47:30 +00:00
david	4c6253d544	New http-fingerprints. Contributed by Jesper Kückelhahn. Sitecore, Moodle, typo3, SquirrelMail, RoundCube. http://seclists.org/nmap-dev/2012/q4/287	2012-11-21 00:47:29 +00:00
fyodor	abc16cc78f	Spell out rdp acronym	2012-11-16 02:25:08 +00:00
fyodor	5272dd5a82	spell out OSPF acronym	2012-11-16 02:24:02 +00:00
fyodor	dccd153b72	Spell out jdwp acronym	2012-11-16 02:15:00 +00:00
fyodor	755e7cdfb3	add author name to Patrik's IPP library	2012-11-16 02:13:27 +00:00
david	4c298e6e67	Add support for ECDSA to ssh-hostkey.nse. Patch by Adam Števko. http://seclists.org/nmap-dev/2012/q4/181	2012-10-31 17:57:26 +00:00
patrik	6c4a1ff1ab	more code cleanup	2012-10-25 20:05:15 +00:00
patrik	165a8c0929	code cleanup, removed buffered DB2Socket class and replace with receive_buf	2012-10-25 19:41:53 +00:00
henri	16ea382e9b	Added a maximum number of retries to mitigate a remote DoS in the RPC packets parsing code. The number was chosen high to avoid decreasing accuracy. It's just about having an upper limit.	2012-10-20 14:59:53 +00:00
robert	8430ba2792	Added support for SQL Server 2012 (tested against RTM and fully patched), and added version numbers for latest service packs on older versions of SQL Server (as they've not been updated for far too long).	2012-10-18 06:45:47 +00:00
patrik	855a82fbc3	refactoring and code cleanup	2012-10-14 19:15:39 +00:00

1 2 3 4 5 ...

1041 Commits