PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity
3,167 Commits 2 Branches 0 Tags
85e7b4dd898ba46bd6c84aee8840b2d9cbba1a7c
Commit Graph

436 Commits

Author SHA1 Message Date
ron
fbf2c3d6a7 Print the http status along with the result, if it isn't 200 OK. This was the original behaviour, but it got lost along the way. 2009-08-23 16:58:53 +00:00
ron
fbc8e180ca Converted http-userdir-enum.nse to use my http-enum.nse logic (from http.lua). Also moved the 'displayall' script-arg back into the script, not http.lua, because http-userdir-enum.nse actually wants to find non-200 pages (403 Access Denied, for instance). 2009-08-23 00:43:46 +00:00
ron
cf33de55f3 Moved the definition for the 'displayall' argument into http.lua. 2009-08-23 00:24:23 +00:00
ron
77e7738545 Moved the meat of the http-enum.nse code (the 404-detection, HEAD-detection, etc) into http.lua. It may be a better idea to use http-helper.lua or something similar, but for now http.lua works. I'm open to suggestiosn. 2009-08-23 00:22:20 +00:00
ron
4616e62760 Fix some tabs 2009-08-22 23:55:43 +00:00
ron
a546ebc84f Clean up a lot of the http-enum.nse code; add some comments; abstract the 'is this a 404?' logic into a function (so it can eventually used by other scripts 2009-08-22 23:54:27 +00:00
ron
c9a62acf31 A major overhaul of the http-enum.nse script: 
* Cleaned up and function-ized the code. Planning to move the functions to http.lua or similar to let other scripts (like http-userdir-enum.nse) use them. 
* Better support for different HTTP error codes
* Significantly improved detection of 404 pages to prevent false positives. Some of the techniques used:
  - Request a non-existent page and check the status code
    - If it's 200, try to remove anything that may change (times, URI, filenames, etc), md5 it if ssl is available, and store it. Request a second 404 page and do the same. If they don't match, abort. 
    - If it's any other error code, store it, and look for it in addition to 404 Not Found
  - Request the root folder, /
    - If it returns a 301 Move Permanently or 401 Authentication Required, abort
* Abstracted the fingerprints into files in the nselib/data directory:
  - http-fingerprints: common files/folders
  - yokoso-fingerprints: common applications (from the Yokoso project, by InGuardians -- used under the Nmap license with pemission from Kevin Johnson -- http://seclists.org/nmap-dev/2009/q3/0685.html)
* Added a script-arg that can display all output (except known 404s), instead of just 200 OK and 401 Authentication Required
* Added a lot of debugging messages
 2009-08-22 23:19:16 +00:00
fyodor
cc0081340a update script.db now that apache-userdir-enum has been renamed to http-userdir-enum 2009-08-22 22:31:40 +00:00
jah
e0572ea362 Renamed apache-userdir-enum.nse to http-userdir-enum.nse to better indicate its 
function which is to test http services - not only apache ones.
 2009-08-22 22:04:32 +00:00
jah
4830a3ea29 Removed the restriction in the portrule that would prevent this script from 
running against non-Apache (or non-Apache based) services.  Updated the comments
to reflect this change.
 2009-08-17 22:50:19 +00:00
david
537e938378 Fix a typo in smb-system-info.nse. 2009-08-17 20:31:26 +00:00
batrick
5e362ac43d Changed a global variable to a local to avoid an error from the strict 
module.
 2009-08-15 14:57:52 +00:00
david
3cc4ec9939 Add the ssl-cert.nse script, which retrieves the server SSL certificate. 2009-08-13 23:38:05 +00:00
joao
bf4599385e Added pipeline support to http-enum.nse 2009-08-12 01:52:03 +00:00
joao
ecaf3e90a9 sql-injection with pipeline support and with two new arguments: 
sql-injection.start (to define start crawling url)
sql-injection.maxdepth (to set maximum depth to crawling)
 2009-08-12 01:46:46 +00:00
jah
0847535287 Apologies, the previous commit changed all the line-endings. Changing them back. 2009-08-11 01:40:37 +00:00
jah
4c3c2b770e Include apache-userdir-enum.nse 2009-08-11 01:33:20 +00:00
jah
00fd828d17 apache-userdir-enum attempts to enumerate valid usernames on webservers 
running with the mod_userdir module enabled.
 2009-08-11 01:24:43 +00:00
joao
8e145d6994 Fixing script categories 2009-08-10 11:17:52 +00:00
joao
bcce197537 Fixed http-enum.nse categories 2009-08-10 11:17:28 +00:00
david
9e244b05af Put x11-access in the "auth" category. 2009-08-08 20:06:38 +00:00
david
ffa9178f2b One more whitespace change in x11-access.nse. 2009-08-08 20:03:45 +00:00
david
7002052746 Normalize whitespace in x11-access.nse. 2009-08-08 20:02:47 +00:00
david
1df23cd859 In x11-access.nse, make the portrule run the script if the port number 
is 6000-6009 *or* the service starts with "X11". In this case it didn't
matter because those ports do start with "X11" in nmap-services, but
this better matches the shortport.port_or_service model.
 2009-08-08 20:01:18 +00:00
david
2f54cb191f Add the x11-access.nse script by vladz. See 
http://seclists.org/nmap-dev/2009/q3/0479.html.
 2009-08-08 19:49:05 +00:00
jah
8341de219a Exit the script cleanly rather than throwing an error when attempting to 
receive_bytes() from a portmapper service which fails to respond with data.
 2009-08-08 01:51:32 +00:00
jah
990db60861 Prevent an error ocuring when --script-arg snmplist is not supplied. 
snmplist is not a required arg since a default list of community strings is
provided.
 2009-08-06 09:56:07 +00:00
jah
7971081999 Remove unused and undeclared variable name "method". 2009-08-06 09:50:36 +00:00
joao
c24c728b5d Scripts now use fallback requests when valid codes are received but pattern was not found. 
Scripts now use the lib proxy.lua to perform similar tasks
 2009-07-30 02:08:55 +00:00
joao
53cefe9de0 Included Rob Nicholl's http-enum.nse script 2009-07-24 09:18:34 +00:00
david
5003d2096e In http-date.nse, don't pad the minutes with a 0 if there are no hours 
before it.
 2009-07-23 23:17:00 +00:00
jah
d0179addd1 Changed the handling of the values returned from dns.query() (changed in r14493) 2009-07-22 10:12:45 +00:00
jah
26709f8b3b Changed the handling of the values returned from dns.query() (changed in r14493) 2009-07-22 10:12:17 +00:00
jah
3bb8e6a7c0 Changed the handling of the values returned from dns.query() (changed in r14493) 2009-07-22 10:10:42 +00:00
fyodor
185aa2d402 Bump up SVN version number to 5.05BETA1 to reduce confusion, also regen scripts.db 2009-07-22 00:38:58 +00:00
jah
5a18633b33 Fix the indexing of Globals - found with the help of strict.lua 2009-07-17 22:34:27 +00:00
jah
d0b41b5cfc Fix the indexing of Globals - found with the help of strict.lua 2009-07-17 21:09:00 +00:00
david
5bd45a7642 pjl-ready-message.nse: Add more error checking, shorten the output to 
one line, and display the previous message also when the message is
changed.
 2009-07-16 23:24:42 +00:00
david
ccd54de33c Make some formatting changes in pjl-ready-message.nse. 2009-07-16 23:05:27 +00:00
joao
a14ab3c637 Fixing locals/globals on following scripts 
- telnet-brute.nse required a small refactoring to fix the use of a global variable called soc
 2009-07-16 22:54:38 +00:00
david
4d9094fb21 o Added the pjl-ready-message.nse script from Aaron Leininger. This 
script allows viewing and setting the message displayed by printers
  that support the Printer Job Language.
 2009-07-16 22:46:45 +00:00
batrick
0be861959f ssh-hostkey no longer looks for the action global which 
may not exist (and thus triggers an error from strict.lua). We instead
setup dummy portrule/action functions, print the debug error for why the script
will not run, and return.
 2009-07-16 03:41:36 +00:00
joao
4530194599 Fix global to local variables 2009-07-15 21:29:41 +00:00
joao
f0415b5393 Fix global to local variable loc 2009-07-15 21:21:19 +00:00
david
1961eed908 Use CRLF, not just LF, in auth-owners.nse. Send CRLF in the request and 
strip it from the response. Previously only LF was stripped from the
response so each user name had a CR at the end of it (invisible in the
terminal).
 2009-07-15 14:54:03 +00:00
david
7ce852170b Move format_difftime to after the action function where it belongs. 2009-07-13 22:49:50 +00:00
david
40b0f784e7 Make http-date.nse capable of printing time differences in years. A web 
server with a date in 2007 was producing the output

|_ http-date: Sun, 07 Jan 2007 08:17:36 GMT; -918d13h46m40s from local time.

Now it is

|_ http-date: Sun, 07 Jan 2007 09:01:44 GMT; -2y187d13h46m40s from local time.
 2009-07-13 22:48:53 +00:00
david
426ed74a8b Add the http-date.nse script. Also the function http.parse_date that 
parses an HTTP date in any of three possible formats.

http-date.nse gets the Date: header field value from and HTTP server,
then displays it with how much it differs from local time.
 2009-07-13 22:03:02 +00:00
fyodor
4e9d7c17a5 update Nmap version number to 4.90RC1, rebuild generated files, except for man pages which are problematic at the moment 2009-07-08 22:32:49 +00:00
joao
52bb4f7cd0 dns-zone-transfer.nse now accepts new syntax argument table 
comments updated
 2009-07-05 10:01:10 +00:00