PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 22:21:29 +00:00
Code Issues Projects Releases Wiki Activity
3,274 Commits 2 Branches 0 Tags
88d5050fd10cbfce6411f6ec90d63f3141e3b15c
Commit Graph

460 Commits

Author SHA1 Message Date
ron
88d5050fd1 Totally overhaulted the ftp-brute.nse script. I opened this script to see about certain changes, and discovered that it was only actually checking a single account (xampp/default). So I hooked it into unpwdb, but discovered that, at least against my test server, it was _extremely_ slow. For that reason, I limited it to the first 10 usernames/passwords for now. 2009-09-18 19:48:45 +00:00
ron
86e7a63bf6 Added a script called http-malware-host.nse. Its future intention is to discover hosts that are serving malware (for example, that are compromised and have malicious code inserted). At the moment, it checks for one specific attack discussed here: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/ 2009-09-16 14:15:13 +00:00
ron
32d9c9fe98 Added a check for a SMBv2 vulnerability (CVE-2009-3103) to smb-check-vulns. Due to its nature (it performs a DoS, then checks if the system is still online), the script isn't run by default and requires a special script-arg to work. 2009-09-14 15:23:06 +00:00
david
0a479a45fa Fix a typo in dhcp-discover.nse. 2009-09-10 14:18:02 +00:00
ron
9465a839c1 Added dhcp-discover script 2009-09-10 03:26:53 +00:00
bmenrigh
a0bf12e674 Fixed a typo where quad-A records (AAAA) were listed as AAAAA. Thanks 
to Jeron Massar for the report.
 2009-09-08 22:32:45 +00:00
ron
f4458c1917 Added the ability (off by defaultk, since it generates 20x requests) for http-enum.nse to generate variants of each file. This would probably be more useful to use after running a spider script than here, but the code should be essentially the same. I'm hoping it'll be used somewhere more appropriate, eventually. 
Also added a couple fingerprints.
 2009-09-08 19:51:53 +00:00
david
da8903dad9 Remove some verbosity in the output of http-favicon.nse. There's no need 
to say "Found favicon from". Only print out the digest of an
unrecognized icon with some verbosity.
 2009-08-31 23:42:42 +00:00
david
1cdf49547c Have http-favicon.nse look for favicon-db in nselib/data like the other 
scripts look for their data files.
 2009-08-31 23:22:06 +00:00
david
e53657b4c8 Move favicon-db into nselib/scripts. 2009-08-31 23:21:26 +00:00
ron
46d95b5913 Added a 'path' argument to http-enum.nse. Also added the ability to give an array of fingerprints files or an array of paths to search 2009-08-29 15:34:09 +00:00
ron
5136ad0668 Fixed a NSEDoc comment on http-header.nse 2009-08-29 14:46:57 +00:00
joao
6375cf3759 Added argument related comments 2009-08-28 22:46:09 +00:00
joao
ec6be741b4 Added extra description to some invalid favicons 2009-08-28 22:40:03 +00:00
joao
5457ecf54e Fixing some indentation. 2009-08-28 22:26:56 +00:00
joao
9789a1c6a4 Adding http-favicon script. Also adding the script database with the 50 very common favicons. 
Updated script.db
 2009-08-28 22:22:14 +00:00
ron
37507349a3 Changed 'pairs' to 'ipairs' when looping through the header (thanks to Patrick for pointing this out) 2009-08-27 21:35:52 +00:00
ron
7da313e8ac Added the status code to the rawheaders as well (so it's displayed in http-headers.nse). Also updated the @output in the nsedoc. 2009-08-27 15:47:10 +00:00
ron
62dedb9dc1 Added a 'path' script-arg to http-headers.nse. Changed it to use 'HEAD' by default, and fail to using 'GET' the same way other scripts do (also added a 'useget' script-arg to turn it off). Also fixed some print_debugs in http.lua that were prefixed with 'http-enum.nse:'. 2009-08-27 15:39:17 +00:00
ron
fc2b575fba Added 'rawheader' when parsing http requests. It saves the header fields, in order, preserving the case. Change http-headers.nse to read this instead of the processed headers. 2009-08-27 15:24:09 +00:00
ron
5da8f8199e Added http-headers.nse script to database 2009-08-26 00:23:26 +00:00
ron
91518a5222 Added a script-arg to http-enum.nse allowing the user to give a custom fingerprint file. Also changed script to use straight nmap.fetchfile(filename) then to use nmap.fetchfile('nselib/data/' .. filename) to find the fingerprints file, which lets a user give his fingerprints file in the current folder. 
It might be better to give priority the other way, though, I'm not really sure.
 2009-08-25 23:55:05 +00:00
ron
c1d48010a1 Added caching for the HTTP fingerprint files. It mimics similar code from http-usedir-enum.nse, storing the fingerprints in the registry and checking if it exists before reading them. 2009-08-25 23:45:48 +00:00
ron
0ed14b10b1 Added a script designed to display HTTP headers. 2009-08-25 23:36:49 +00:00
ron
fbf2c3d6a7 Print the http status along with the result, if it isn't 200 OK. This was the original behaviour, but it got lost along the way. 2009-08-23 16:58:53 +00:00
ron
fbc8e180ca Converted http-userdir-enum.nse to use my http-enum.nse logic (from http.lua). Also moved the 'displayall' script-arg back into the script, not http.lua, because http-userdir-enum.nse actually wants to find non-200 pages (403 Access Denied, for instance). 2009-08-23 00:43:46 +00:00
ron
cf33de55f3 Moved the definition for the 'displayall' argument into http.lua. 2009-08-23 00:24:23 +00:00
ron
77e7738545 Moved the meat of the http-enum.nse code (the 404-detection, HEAD-detection, etc) into http.lua. It may be a better idea to use http-helper.lua or something similar, but for now http.lua works. I'm open to suggestiosn. 2009-08-23 00:22:20 +00:00
ron
4616e62760 Fix some tabs 2009-08-22 23:55:43 +00:00
ron
a546ebc84f Clean up a lot of the http-enum.nse code; add some comments; abstract the 'is this a 404?' logic into a function (so it can eventually used by other scripts 2009-08-22 23:54:27 +00:00
ron
c9a62acf31 A major overhaul of the http-enum.nse script: 
* Cleaned up and function-ized the code. Planning to move the functions to http.lua or similar to let other scripts (like http-userdir-enum.nse) use them. 
* Better support for different HTTP error codes
* Significantly improved detection of 404 pages to prevent false positives. Some of the techniques used:
  - Request a non-existent page and check the status code
    - If it's 200, try to remove anything that may change (times, URI, filenames, etc), md5 it if ssl is available, and store it. Request a second 404 page and do the same. If they don't match, abort. 
    - If it's any other error code, store it, and look for it in addition to 404 Not Found
  - Request the root folder, /
    - If it returns a 301 Move Permanently or 401 Authentication Required, abort
* Abstracted the fingerprints into files in the nselib/data directory:
  - http-fingerprints: common files/folders
  - yokoso-fingerprints: common applications (from the Yokoso project, by InGuardians -- used under the Nmap license with pemission from Kevin Johnson -- http://seclists.org/nmap-dev/2009/q3/0685.html)
* Added a script-arg that can display all output (except known 404s), instead of just 200 OK and 401 Authentication Required
* Added a lot of debugging messages
 2009-08-22 23:19:16 +00:00
fyodor
cc0081340a update script.db now that apache-userdir-enum has been renamed to http-userdir-enum 2009-08-22 22:31:40 +00:00
jah
e0572ea362 Renamed apache-userdir-enum.nse to http-userdir-enum.nse to better indicate its 
function which is to test http services - not only apache ones.
 2009-08-22 22:04:32 +00:00
jah
4830a3ea29 Removed the restriction in the portrule that would prevent this script from 
running against non-Apache (or non-Apache based) services.  Updated the comments
to reflect this change.
 2009-08-17 22:50:19 +00:00
david
537e938378 Fix a typo in smb-system-info.nse. 2009-08-17 20:31:26 +00:00
batrick
5e362ac43d Changed a global variable to a local to avoid an error from the strict 
module.
 2009-08-15 14:57:52 +00:00
david
3cc4ec9939 Add the ssl-cert.nse script, which retrieves the server SSL certificate. 2009-08-13 23:38:05 +00:00
joao
bf4599385e Added pipeline support to http-enum.nse 2009-08-12 01:52:03 +00:00
joao
ecaf3e90a9 sql-injection with pipeline support and with two new arguments: 
sql-injection.start (to define start crawling url)
sql-injection.maxdepth (to set maximum depth to crawling)
 2009-08-12 01:46:46 +00:00
jah
0847535287 Apologies, the previous commit changed all the line-endings. Changing them back. 2009-08-11 01:40:37 +00:00
jah
4c3c2b770e Include apache-userdir-enum.nse 2009-08-11 01:33:20 +00:00
jah
00fd828d17 apache-userdir-enum attempts to enumerate valid usernames on webservers 
running with the mod_userdir module enabled.
 2009-08-11 01:24:43 +00:00
joao
8e145d6994 Fixing script categories 2009-08-10 11:17:52 +00:00
joao
bcce197537 Fixed http-enum.nse categories 2009-08-10 11:17:28 +00:00
david
9e244b05af Put x11-access in the "auth" category. 2009-08-08 20:06:38 +00:00
david
ffa9178f2b One more whitespace change in x11-access.nse. 2009-08-08 20:03:45 +00:00
david
7002052746 Normalize whitespace in x11-access.nse. 2009-08-08 20:02:47 +00:00
david
1df23cd859 In x11-access.nse, make the portrule run the script if the port number 
is 6000-6009 *or* the service starts with "X11". In this case it didn't
matter because those ports do start with "X11" in nmap-services, but
this better matches the shortport.port_or_service model.
 2009-08-08 20:01:18 +00:00
david
2f54cb191f Add the x11-access.nse script by vladz. See 
http://seclists.org/nmap-dev/2009/q3/0479.html.
 2009-08-08 19:49:05 +00:00
jah
8341de219a Exit the script cleanly rather than throwing an error when attempting to 
receive_bytes() from a portmapper service which fails to respond with data.
 2009-08-08 01:51:32 +00:00