PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-10 16:39:04 +00:00
Code Issues Projects Releases Wiki Activity
8,697 Commits 2 Branches 0 Tags
84c944fb71fe0916bca6a94de1d619cd6931ece6
Commit Graph

8697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
sophron
a7b0fea687 [NSE] Added an enhancement to ssh-hostkey that makes a comparison with your known-hosts file. http://seclists.org/nmap-dev/2013/q3/587 2013-10-16 18:32:44 +00:00
david
27af1d09df Use 1-indexing for first char of Lua string. 
sub(0, 1) worked, but it's more clear to do sub(1, 1).
 2013-10-14 01:35:44 +00:00
henri
492ca905e2 Rephrased a broken sentence. 
(see the very end of the last sentence of the paragraph).
 2013-10-09 18:46:07 +00:00
henri
f420761f91 Updated my nsock todo list 
Reworked the nsock roadmap according to what my latest tests and (mostly not
convincing) experiments revealed.
 2013-10-09 18:45:59 +00:00
henri
20cf95553b Remove categories 2013-10-09 18:45:52 +00:00
david
fb27ac625f DB cannot be NULL here. 
I checked the history and it doesn't appear that DB was ever passed in
to this function, but always allocated locally.

Found using the STACK tool: http://css.csail.mit.edu/stack/.
 2013-10-08 21:50:47 +00:00
david
5657e7e00b Make test-environment.lua a bit more straightforward. 2013-10-04 22:42:13 +00:00
fyodor
35e118802b Add some fingerprints of problematic keys reportedly belonging to APT1. Contributed by Mariusz Ziulek. http://seclists.org/nmap-dev/2013/q3/638 2013-09-28 03:13:07 +00:00
fyodor
8505a92c17 Note a segfault in Ncat 2013-09-27 21:24:29 +00:00
david
d05d8acd93 Revert r32397, r32398, r32399 (tempnam to mkstemp). 
I had intended the unlink to appy only to unix domain sockets, but it
was being called for every kind of local address.

http://seclists.org/nmap-dev/2013/q3/647
 2013-09-27 15:30:18 +00:00
dmiller
db6f6ea069 s/tempnam/mkstemp/ in error message to reflect actual usage. 2013-09-27 14:43:26 +00:00
david
e18b25bccd Use tempfile in place of tempnam. 
To avoid new GCC warnings about tempnam:
ncat_connect.c:789: warning: the use of `tempnam' is dangerous, better use `mkstemp'

Doing things this way has the same race condition as tempnam did,
because we are unlinking the file before binding it. (The race window is
smaller now.) The file must not exist before binding the Unix socket, or
else you get an "address already in use" error. Unlinking before binding
is the same thing that netcat-openbsd does. See this earlier thread:
http://seclists.org/nmap-dev/2012/q4/336.
 2013-09-26 07:17:08 +00:00
david
e4af8d90d8 Add tempfile function. 2013-09-26 07:17:03 +00:00
dmiller
31bc2847bd Normalize script author fields 
Clean up some typos and differences. Most have been normalized to
whatever form of the name occurred in the largest number of scripts.
Paulino was contacted directly and requested his email be added to all
of his credits.
 2013-09-20 18:56:22 +00:00
fyodor
947682f961 Add a very small todo item 2013-09-19 20:21:04 +00:00
luis
f3d2874021 Add request from Jacek Wielemborek 2013-09-17 20:37:00 +00:00
d33tah
776ca64e28 Fix French man page for Nmap, corrections reported by Antoine MÉRIC. 2013-09-15 20:44:29 +00:00
d33tah
b7a5a6cfc3 Replace some of the rules with per-directory ones. 2013-09-15 20:17:14 +00:00
d33tah
5f7acbb103 Change the comment. 2013-09-15 20:17:08 +00:00
d33tah
8fa61605ba Reorder the checks a bit. 2013-09-15 20:17:03 +00:00
d33tah
800acc5ac1 Change the comment. 2013-09-15 20:16:58 +00:00
d33tah
29d07d7748 Disallow any backslashes. 2013-09-15 15:45:01 +00:00
d33tah
541d49980b Whitespace. 2013-09-15 15:44:56 +00:00
d33tah
f595259310 Replace the current list of checks with a is_valid_path function. 2013-09-15 15:44:51 +00:00
henri
4fd3cc2f10 Allow NSE_TYPE_CONNECT_SSL to be canceled. 
This fixes a really bad bug that seems to have been there for a while. Canceling
a nsock connect SSL operation fails with fatal(). I have never seen it in real
life though.

Added a corresponding unit test.
 2013-09-15 10:52:07 +00:00
d33tah
8654d12050 Update the httpd.lua comment, the "list the directory contents" is irrelevant. 2013-09-12 18:35:42 +00:00
d33tah
2fde134f36 fflush stderr in all messages sent by Ncat. This makes 
it more comfortable to test Ncat under Cygwin, which
doesn't fflush even if the message contains \n.
(At least not in my ssh+screen+zsh combination).
 2013-09-12 14:23:24 +00:00
david
28599f1567 Revert r32301..r32306. 
Committed accidentally.
 2013-09-12 08:20:13 +00:00
david
08e38545a3 Add connect-mode recv() and send() support. 2013-09-12 08:12:25 +00:00
david
bc96871709 Add null.lua, a filter meant for testing supersocket. 2013-09-12 08:12:20 +00:00
david
39fa14d614 Add script loading facilities. 2013-09-12 08:12:16 +00:00
david
8d796f8981 Add ncat_main.c facilities for -L. Currently still with the ugly 
o.script name.
 2013-09-12 08:12:11 +00:00
david
ecd7a45ec2 Restore the dump_stack routine, it's really useful for debugging. 2013-09-12 08:12:07 +00:00
david
42ce2bc9cc Apply my refactoring changes from r31989. 2013-09-12 08:12:03 +00:00
d33tah
ccd0c02a4c Add a lacking space in the license comment. The command I used to do this is: 
for file in `grep "* including the terms and conditions of this license text as well.       \*" * -r --files-with-match `; do sed "s/\* including the terms and conditions of this license text as well.       \*/* including the terms and conditions of this license text as well.        */g" -i $file; done
 2013-09-11 19:06:20 +00:00
d33tah
a0bd430087 Fix path traversal. Dots are escaped by % in Lua, not by \. 2013-09-10 23:42:59 +00:00
d33tah
5083b40527 Make the script detect \r\n correctly. 2013-09-10 23:24:09 +00:00
fyodor
080015cd24 Add an item noted on dev list 2013-09-08 07:45:54 +00:00
sophron
c084e2fd8d [NSE] Updated script.db. 2013-09-06 21:08:00 +00:00
david
502339c92c Revert to r32212. 
My recent changes are causing problems when I try to integrate them into
the ncat-sa-take2 branch.
 2013-09-06 06:16:13 +00:00
david
4fdde97639 Factor out lua_call_traceback. 
This does a lua_pcall with the standard traceback error handler.
 2013-09-05 22:10:15 +00:00
david
3ada0d56c3 Don't use global o.cmdexec in lua_setup. 
Pass the name of the file to read as a parameter.
 2013-09-05 20:35:50 +00:00
david
a16dd65503 Get rid of static lua-exec state. 
Have lua_setup return the state it creates. Store the state created from
--lua-exec in the global options table. Use a temporary local for
--lua-exec-internal.
 2013-09-05 20:35:49 +00:00
david
7ab4da3581 Get rid of the global traceback index. 
Just push the traceback function before lua_pcall. The now has to be
less meticulously maintained between lua_setup and lua_run.
 2013-09-05 20:35:48 +00:00
david
c38367b8c8 Remove obsolete comment. 2013-09-05 20:35:46 +00:00
sophron
27f241e20f [NSE] Added http-devframework (along with its fingerprints file) that tries to find out the technology behind the target website. 2013-09-05 19:31:40 +00:00
d33tah
ca3ceecbf3 Fix echo.lua bug related to how io.stdin:read(n) works. 2013-09-04 15:40:51 +00:00
d33tah
fad24ba53e Fix a typo. 2013-09-04 15:40:47 +00:00
d33tah
143a8acc8a Don't consider "\r" an end of line. 2013-09-04 15:40:41 +00:00
d33tah
4b07187873 Make conditional.lua use read_line too. 2013-09-04 14:33:39 +00:00