PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 05:01:29 +00:00
Code Issues Projects Releases Wiki Activity
8,521 Commits 2 Branches 0 Tags
82df82b5fd2af1565bef8203d8e33e5ed115d112
Commit Graph

1874 Commits

Author SHA1 Message Date
david
82df82b5fd Do base64-encoding of the SSH key before returning, not after. 
Not all SSH key formats use base64 encoding, for example SSH1 keys looks
different. So we can't blindly base64-encode the raw strings that we
receive. Attempt to return keys in the same format as is used by the
known_hosts file.
 2013-08-11 05:36:45 +00:00
sophron
623991eb82 Updated script.db. 2013-08-10 20:07:29 +00:00
sophron
cd23b07f9f [NSE] Removed facebook's domain name as an example. 2013-08-10 19:47:56 +00:00
sophron
1907693c35 [NSE] Added http-useragent-tester.nse. 2013-08-10 19:36:12 +00:00
sophron
b01bbdf733 [NSE] Added http-mobileversion-checker.nse. 2013-08-10 19:32:05 +00:00
sophron
fa64f0bc50 [NSE] Added http-dombased-xss.nse. 2013-08-10 19:30:56 +00:00
fyodor
71033d2812 o [NSE] Update dns-cache-snoop script to use a new list of top 50 
domains rather than a 2010 list. [Nicolle Neulist]
 2013-08-09 04:02:41 +00:00
david
4773f745d8 Add qconn-exec script by Brendan Coles. 
http://seclists.org/nmap-dev/2013/q3/153
 2013-08-09 03:23:40 +00:00
david
de460c242e Fix the test for an unmatched service in skypev2-version.nse. 
Marin Maržić noticed that port.service is set even for unmatched
services. We want this script to run especially for ports 80 and 443.
http://seclists.org/nmap-dev/2012/q4/490
 2013-08-05 23:52:57 +00:00
sophron
b6435bd19b Fixed an argument's name. 2013-08-03 16:10:21 +00:00
david
85b6312590 Use fetchfile to look for GeoLiteCity.dat. 
Apparently it only worked before when you were running from an Nmap
source directory, where nselib was in the current directory.

Roy Woods reported the problem.
http://seclists.org/nmap-dev/2013/q3/48
 2013-08-01 02:01:09 +00:00
david
3e1334b5de Allow the file open error message to propagate upward. 
The error message from io.open includes the file name and strerror.
 2013-08-01 01:36:01 +00:00
sophron
d3cb3dfa37 Fixed category's name in the description of http-default-accounts.nse. 2013-07-29 22:19:59 +00:00
fyodor
f79a11aeeb o [NSE] Oops, there was a vulnerability in one of our 437 NSE scripts. 
If you ran the (fortunately non-default) http-domino-enum-passwords
  script with the (fortunately also non-default)
  domino-enum-passwords.idpath parameter against a malicious server,
  it could cause an arbitrarily named file to to be written to the
  client system.  Thanks to Trustwave researcher Piotr Duszynski for
  discovering and reporting the problem.  We've fixed that script, and
  also updated several other scripts to use a new
  stdnse.filename_escape function for extra safety.  This breaks our
  record of never having a vulnerability in the 16 years that Nmap has
  existed, but that's still a fairly good run. [David, Fyodor]
 2013-07-29 06:19:24 +00:00
fyodor
b01fd55cb6 Change version number to 6.41SVN and regenerate auto-generated files such as man page, script.db, etc. 2013-07-29 06:00:07 +00:00
sophron
7e0ac25756 Added documentation and comments. 2013-07-25 15:42:16 +00:00
sophron
1fb88abed9 Corrected arguments name on the documentation of the script. 2013-07-25 01:59:07 +00:00
sophron
1f6467d8b6 [NSE] Added whois-domain.nse and renamed whois.nse to whois-ip.nse 2013-07-25 00:57:28 +00:00
sophron
42942a3331 [NSE] Added http-referer-checker that informs about cross-domain include of scripts. 2013-07-18 14:55:16 +00:00
sophron
9c6d376bfc Allowed absolute paths to 'hostnames' argument. 2013-07-18 13:51:11 +00:00
sophron
b14d393918 Fixed syntax mistake. 2013-07-18 13:45:53 +00:00
sophron
f5e084197a [NSE] Added http-xssed that searches the xssed.com database for any previously reported vulnerabilities and outputs the result. 2013-07-18 13:31:27 +00:00
paulino
c5b1fe6cf2 -Adds NSE script to exploit APSA13-01 in Adobe Coldfusion. 2013-07-15 16:40:09 +00:00
sophron
ce43922143 [NSE] Added http-stored-xss that identifies potential stored XSS vulnerabilities. 2013-07-06 14:39:47 +00:00
david
4af2a3c24e Add teamspeak2-version script by Marin Maržić. 
http://seclists.org/nmap-dev/2013/q2/413.
 2013-07-01 09:07:13 +00:00
david
118ee645b1 Run ventrilo-info only once for TCP and UDP. 
Patch by Marin Maržić. http://seclists.org/nmap-dev/2013/q2/413.
 2013-07-01 09:07:06 +00:00
david
9bd47a0129 Run murmur-version only once for TCP and UDP. 
Patch by Marin Maržić. http://seclists.org/nmap-dev/2013/q2/413.
 2013-07-01 09:07:01 +00:00
henri
1ebe659bd5 Prevent script from crashing when running against ::1. 
This case wasn't properly handled. Simply return nil.

It could also return 127.0.0.1 or 127.0.0.0/8 instead
of early exit though I doubt it makes that much sense
for user.
 2013-06-29 18:36:24 +00:00
henri
b45f3e89f5 Indentation fix. 2013-06-29 18:36:16 +00:00
dmiller
0a8463b77a Remove undefined NSEdoc tag @xml-output from hostmap-ip2hosts 2013-06-26 16:54:54 +00:00
david
e7f22c5aed Actually show the error message from ReceivePacket failure. 2013-06-19 23:53:37 +00:00
dmiller
18bbf3e714 Update script.db for new http scripts 2013-06-18 18:14:32 +00:00
david
83c8e1a9d0 Retab ssl-cert.nse. 2013-06-18 03:58:47 +00:00
sophron
1614b7f594 [NSE] Added http-comments-displayer that extract HTML comments from HTTP responses. 2013-06-18 00:48:01 +00:00
sophron
9b4368e253 [NSE] Added http-fileupload-exploiter that exploits insecure file upload forms in web applications using various techniques. 2013-06-18 00:42:59 +00:00
david
8a01ce5a57 Allow "/" netmask syntax in dns-ip6-arpa-scan.nse. 
Based on a patch like Indula Nayanamith.
http://seclists.org/nmap-dev/2013/q2/218
 2013-06-13 03:53:40 +00:00
david
8be62726e5 Add http-phpmyadmin-dir-traversal by Alexey Meshcheryakov. 
http://seclists.org/nmap-dev/2013/q1/372
 2013-05-31 19:59:30 +00:00
dmiller
ba4097af38 os.date format string cleanup 
Removed some non-ANSI-C strftime format strings ("%F") and
locale-dependent formats ("%c") from NSE scripts and libraries.
C99-specified %F was noticed by Alex Weber
(http://seclists.org/nmap-dev/2013/q2/300)
 2013-05-16 14:59:48 +00:00
henri
76db6d8de3 Indentation fixes. 2013-05-10 07:59:43 +00:00
paulino
ea4c589f54 - Adds http-coldfusion-subzero.nse. This exploit grabs the credentials file, version and install path of vulnerable Coldfusion 9 and 10. 2013-05-10 04:52:02 +00:00
dmiller
612b1c11ea Structured output for address-info 2013-05-07 15:56:41 +00:00
dmiller
0622eb4d03 Structured output for sslv2, s/cypher/cipher/ 2013-05-07 02:01:27 +00:00
dmiller
2cb0cfc936 @xmloutput NSEdoc sections for wdb-version and xmpp-info 2013-05-06 21:40:02 +00:00
dmiller
1ff56f08f8 Structured XML output for irc-info 2013-05-06 21:40:00 +00:00
henri
2a03c65519 Fixes (tested against redis v2.9.9) 2013-05-06 21:11:44 +00:00
henri
a25a1824d6 Redis (at least v2.9.9) returns -NOAUTH to unauthenticated commands. 2013-05-06 21:00:45 +00:00
dmiller
0f47a16746 Structured XML output for wdb-version 
Also added a call to WDB_TARGET_DISCONNECT, recommended by @hdm because
some agents will continue sending data until they receive this call or
reboot.
 2013-05-06 20:47:02 +00:00
dmiller
3abd1232da Structured XML output for xmpp-info 
This involves some reordering and renaming of fields from the previous
output, but hopefully more readable (less vertical whitespace). This
commit depends on the changes to stdnse.output_table to ignore assigning
new keys to nil and to use the __call metamethod to mean has_contents()
 2013-05-06 18:39:55 +00:00
dmiller
dbbf2671ba XML output for rpcinfo.nse 2013-05-04 23:12:36 +00:00
dmiller
47eaecef5a XML output for socks-open-proxy 
Also fixed some spelling and documentation issues.

Script now notifies if proxy is 1. open, 2. redirecting, or 3. allowing
SOCKS clients but not matching expected patterns.
 2013-05-04 21:26:49 +00:00