PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-04 05:39:01 +00:00
Code Issues Projects Releases Wiki Activity
4,719 Commits 2 Branches 0 Tags
7e8e4bf5b95bce7f67d9af78b6b77c7485079e66
Commit Graph

4719 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
david
7e8e4bf5b9 Update build instructions and build scripts for Python 2.7. 2010-11-10 03:00:01 +00:00
fyodor
6383d051d0 note a couple done tasks 2010-11-09 23:31:35 +00:00
david
69e1295384 Change the way ScriptResult::get_id and ScriptResult::get_output work to avoid 
referencing deallocated memory.

The class was defined basically as follows:

class ScriptResult
{
private:
	std::string output;
public:
	std::string get_output() const
	{
		return this->output;
	}
};

The problem was when it was used like this, as in our script output
routines:

const char *s = sr.get_output().c_str();
printf("%s\n", s);

The reason is that the temporary std::string returned by get_output goes
out of scope after the line containing it, which invalidates the memory
pointed to by c_str(). By the time of the printf, s may be pointing to
deallocated memory.

This could have been fixed by returning a const reference that would
remain valid as long as the ScriptResult's output member is valid:

	const std::string& get_output() const
	{
		return this->output;
	}

However I noticed that get_output() was always immediately followed by a
c_str(), so I just had get_output return that instead, which has the
same period of validity.

This problem became visiable when compiling with Visual C++ 2010. The
first four bytes of script output in normal output would be garbage
(probably some kind of free list pointer). It didn't happen in XML
output, because the get_output-returned string happened to remain in
scope during that.
 2010-11-09 19:47:18 +00:00
david
6f370e012d Whitespace. 2010-11-09 18:48:49 +00:00
david
9cfac77247 Typo and markup in nmap-install.xml. 2010-11-09 02:58:33 +00:00
fyodor
a31fd51bae Update the Windows section to more clearly note that you need 2010 version of Visual C++ and also describe how to do the build in this newer version (I don't even get a build menu in 2010 version). Also, discuss the option of checking out the source from svn rather than downloading a tarball 2010-11-08 23:44:57 +00:00
fyodor
396016b2cc Add an item for upgrading our Windows build systems to use Python 2.7 instead of 2.6 now that the dependency libraries seem to be available 2010-11-08 22:04:19 +00:00
david
40bce74299 Use the new gtk.Tooltip API instead of the deprecated gtk.Tooltips. This is 
adated from a patch by Rob Nicholls. Since gtk.Tooltip was only introduced in
PyGTK 2.12, wrap it in a function that checks if the necessary function is
available.
 2010-11-08 21:55:16 +00:00
robert
f91a6868c7 Updated the Nmap installer's description for "Nmap Core Files" to say Visual C++ 2010 instead of Visual C++ 2008 to match the included redistributable file. 2010-11-06 16:31:12 +00:00
ron
bfd642c6fb Removed a line that causes a lot of false positives 2010-11-06 07:34:32 +00:00
david
a92f1cb8a4 Update to firewalk.nse from Henri Doreau to use a more polymorphic style 
of supporting multiple protocols.
 2010-11-06 01:54:30 +00:00
david
ccce86a1a7 Add an http-passwd.root script argument. Patch by Ange Gutek. 2010-11-05 21:18:23 +00:00
robert
79ab71577a Updated the Visual C++ Redistributable package from 2008 to 2010 and modified the Windows installer to check the new registry keys that are created. This is to support David's update of the Nmap solution file to VC++ 2010. 2010-11-05 18:05:05 +00:00
ron
d73016e41f Added a bunch of fingerprints from @jhaddix 2010-11-05 16:16:54 +00:00
batrick
ca56c00d33 removed some unnecessary locals 2010-11-05 14:25:44 +00:00
batrick
c30cb92e81 Corrected and reformatted the raw packet I/O documentation. 2010-11-05 14:01:05 +00:00
patrik
e26eef6533 fixed typo intead -> instead [Patrik] 2010-11-05 10:10:36 +00:00
patrik
f61358ab28 fixed the following error: 
./scripts/domino-enum-users.nse:113: variable 'filename' is not declared
stack traceback:
	[C]: in function 'error'
	./nselib/strict.lua:69: in function <./nselib/strict.lua:60>
	./scripts/domino-enum-users.nse:113: in function <./scripts/domino-enum-users.nse:66>
	(tail call): ?
[Patrik]
 2010-11-05 10:07:50 +00:00
david
aca3abc84c Add to CHANGELOG: 
o Made everything build with Visual C++ 2010. Thanks to KX for
  providing instructions.
 2010-11-05 02:59:57 +00:00
david
134591c311 Update build docs to refer to Visual C++ Express 2010, not 2008. 2010-11-04 23:35:03 +00:00
david
d70d468881 Remove quotes around the OutputFile element contents in liblua for the Release 
configuration too (was previously only in Debug).
 2010-11-04 23:08:03 +00:00
david
d4e49f1075 Rearrange some headers to make sure that out nbase errno defines are seen early, 
avoiding warning about symbol redefinitions. This is mostly moving "nmap.h" to
the top of the list.
 2010-11-04 22:43:00 +00:00
david
fa320a9c16 Change the name of the "dnet" project to "libdnet-stripped". This was only a 
warning, not a build failure, but now it better matches the other projects
whose name matches their directory name.
 2010-11-04 20:27:30 +00:00
patrik
937b2df7dd changed the extractAttribute function to be case insensitive when retrieving 
attributes.
 2010-11-04 19:53:01 +00:00
david
e7a185eeea Make nmap depend on libnetutil. 2010-11-04 19:24:23 +00:00
david
a5aa37f9b4 More Visual C++ 2010 svn:ignore changes. 2010-11-04 19:23:46 +00:00
david
1a8ceeb0aa Remove quotes from the contents of the OutputFile element in liblua.vcxproj. 2010-11-04 19:11:48 +00:00
patrik
356c1e12a9 fixed the following bug reported by Ron 
./scripts/ldap-brute.nse:75: attempt to get length of local 'contexts' (a nil value)
stack traceback:
       ./scripts/ldap-brute.nse:75: in function 'get_naming_context'
       ./scripts/ldap-brute.nse:121: in function <./scripts/ldap-brute.nse:95>
       (tail call): ?
 2010-11-04 18:53:56 +00:00
david
8a060083b9 svn:ignore a couple of Visual C++ 2010 temporary files: 
nmap.sdf
nmap.opensdf
 2010-11-04 18:23:39 +00:00
david
6ce7c2e34d Upgrade the Windows build files using the Visual C++ 2010 Express conversion 
wizard. At this point the solution doesn't build.
 2010-11-04 18:16:40 +00:00
ron
b7a802bce8 Removed some more errant newlines from the output 2010-11-03 19:53:58 +00:00
ron
c5a111c5b9 Removed an errant '\n' that was causing blank lines 2010-11-03 19:50:25 +00:00
batrick
93528b984c Fixed bad global access. 2010-11-02 23:35:02 +00:00
fyodor
06a42da3ec note a done task 2010-11-02 22:01:33 +00:00
patrik
5093705244 Added check for already discovered devices in order to avoid duplicates as 
reported by David here: http://seclists.org/nmap-dev/2010/q4/257 [Patrik]
 2010-11-02 20:46:11 +00:00
patrik
92b6fa9038 o [NSE] Added a new library upnp that provides UPnP support to the scripts 
upnp-info and broadcast-upnp-info. The library is largely based on code
  taken from Thomas Buchanan's upnp-info script. [Patrik]
 2010-11-02 19:05:19 +00:00
david
80605e3e09 In firewalk.nse, bail out if we have neither of the scripts args 
firewalk.ttl and firewalk.gateway. Otherwise we would get a nil
dereference when running with
	--script=firewalk --traceroute
Ron reported this.
 2010-11-02 19:03:35 +00:00
david
f8714ae9ff Fix some documentation typos in rmi-dumpregistry.nse, split the first 
paragraph so the summary is shorter.
 2010-11-02 17:46:41 +00:00
david
d4007d43e5 Make rmi-dumpregistry.nse default. 2010-11-02 17:45:07 +00:00
patrik
7b2b7bd227 o [NSE] Added a new library dnssd with supporting functions for DNS Service 
Discovery. Moved multicast prerule from dns-service-discovery to a new
  script called broadcast-dns-service-discovery. [Patrik]
 2010-11-02 17:22:38 +00:00
ron
2957b4d733 Added http-fingerprint matches for Nessus's HTTP server 2010-11-02 15:42:28 +00:00
luis
d21024f87f Moved old item to the done section 2010-11-02 13:08:19 +00:00
ron
61ca42638d Merging changes from http-dns-cleanup branch. A few documentation changes, big improvement to main NSEDoc. 2010-11-02 02:15:39 +00:00
ron
fef25e6a42 Made some big style changes to clean up HTTP library. Primarily focused on improving the interface, NSEDoc, and pipline support 2010-11-02 02:07:01 +00:00
david
d7ab029c76 Fix a documentation typo in rmi.lua. 2010-11-02 01:17:52 +00:00
david
3040659465 Add the rmi.lua library and rmi-dumpregistry.nse script by Martin Holst Swende. 2010-11-01 20:47:48 +00:00
ron
7a1bc58133 It turns out that emacs likes to have the modeline at the very top, not bottom, so I changed the sample script to accommodate 2010-11-01 19:36:06 +00:00
ron
633bde3025 Improved sample-script.nse -- Added @args, cleared up how to process script-args, added usage, and added modeelines for vim/lua. 2010-11-01 19:13:15 +00:00
djalal
e4edb08571 Move the script argument checks to the rule functions. 2010-10-31 22:52:46 +00:00
djalal
3744d4c0ac Small code cleaning. 2010-10-31 21:37:06 +00:00