dmiller
8cb2b0ea2a
Add or fix See Also links between scripts
2018-10-24 19:36:04 +00:00
dmiller
8fef7f7df5
Compatibility hack for older Nmap versions
2018-10-24 16:35:33 +00:00
ron
1419b86e13
Added a pair of modules for finding and exploiting 'WebExec', a vulnerability in Cisco's WebEx
2018-10-24 16:14:43 +00:00
dmiller
d03b10ea36
Deprecate/disable -PR option as it was not really being checked.
...
Fixes #1361
2018-10-24 03:55:42 +00:00
dmiller
9a6f9c5abe
Replace redundant checks with a call to o.RawScan()
2018-10-24 03:55:41 +00:00
fyodor
aa867cf1b7
Apply patch from Brandon Enright to handle underscores in part of the libssh banner. According to David Fifield's research, libssh switched to underscores in 2017, version 0.7.4
2018-10-23 20:09:52 +00:00
dmiller
14705cd417
ultrascan: bail early if there are no probes in the current scan
...
This shouldn't ever happen, but it currently does for host discovery
scans using -PR where the target is not directly connected. See #1361
2018-10-22 20:12:45 +00:00
ron
467b06008e
Add permissions to openscmanagerw() in msrpc.lua, allowing the caller to specify the permissions they need.
2018-10-22 17:29:49 +00:00
dmiller
ac2052f62b
Print in verbose mode if unpwdb.timelimit exceeded.
2018-10-22 01:45:58 +00:00
dmiller
68ed57c3d9
Remove an untracked file from zlib that we shouldn't have included
2018-10-19 20:31:25 +00:00
dmiller
e6d63e65a3
Correct a false comment
2018-10-19 20:31:24 +00:00
paulino
63bdb220bf
Removes extra word from old description
2018-10-19 05:04:23 +00:00
paulino
de2b08e27a
Adds http-sap-netweaver-leak to detect SAP instances with the Knowledge Management unit enabled with anonymous access. Closes #1243 .
2018-10-19 05:00:46 +00:00
dmiller
4df58cca22
Upgrade included zlib to 1.2.11
2018-10-18 04:49:21 +00:00
dmiller
cf58b6160e
Add version checks for libssh2 and zlib to checklibs.sh
2018-10-18 03:49:35 +00:00
dmiller
d8c1d935f1
Move Npcap headers and lib stuff to nmap-mswin32-aux
2018-10-18 03:28:39 +00:00
dmiller
a7638f57c8
Add missing libs to make check
2018-10-18 01:10:57 +00:00
dmiller
0500811f5a
Move string utility functions to stringaux.lua
2018-10-18 01:08:19 +00:00
dmiller
39cfbdf4e2
Use an iterator instead of building an intermediate table for format_output
2018-10-18 01:08:11 +00:00
dmiller
93edeefa3c
Fix false positive in http-phpmyadmin-dir-traversal. Closes #1359
2018-10-17 20:21:05 +00:00
dmiller
02b00238a2
Add a new vulns state, UNKNOWN, for cases where vulnerability cannot be ruled out.
2018-10-17 20:21:04 +00:00
dmiller
e93c2b4328
Don't run openssl-requiring tests if openssl isn't present.
2018-10-17 19:58:33 +00:00
dmiller
a7495ac6c7
Fix an error when OpenSSL not present.
2018-10-17 19:58:32 +00:00
dmiller
dcc0e3ed7e
New tableaux library containing table auxiliary functions.
2018-10-17 15:34:30 +00:00
dmiller
c76424deb7
Cache the alpha charset for random_alpha to avoid regenerating it every time.
2018-10-17 00:30:16 +00:00
dmiller
37384c2225
Expose nbase's get_random_bytes as an alternative random source for NSE, via rand.random_string
2018-10-17 00:30:15 +00:00
dmiller
73715b15b5
Update included Lua to 5.3.5
2018-10-17 00:30:14 +00:00
dmiller
36e9588d5e
Update cert store used by Ncat on some platforms
2018-10-16 14:47:28 +00:00
dmiller
33dd005714
Similar improvements to finding Lua for Ncat
2018-10-16 14:34:39 +00:00
dmiller
a0f55317f3
Fix inclusion of Lua headers. See #1355
...
We will need to do something similar for Ncat.
2018-10-16 05:18:31 +00:00
dmiller
f836c164e0
Define LUA_INCLUDED when configuring --with-liblua=included
2018-10-16 05:18:29 +00:00
dmiller
daa48fdfb8
Warn about a known bug in Lua 5.3.2 and earlier.
2018-10-16 05:18:29 +00:00
dmiller
2e98e2081a
Fix build with OpenSSL API 1.1.0, which doesn't have RAND_pseudo_bytes
2018-10-12 21:03:01 +00:00
dmiller
bf0ad07e59
Fix a typo: modify the correct variable
2018-10-12 17:29:22 +00:00
dmiller
03639761c3
Move in_port_range to shortport.port_range, expand portnumber to match ranges
2018-10-11 05:11:13 +00:00
dmiller
8c0880836c
Fix a couple of typos.
2018-10-11 04:50:02 +00:00
dmiller
13c70a9bfd
Avoid double-printing stats-every in an effort to 'catch up'
2018-10-11 04:47:21 +00:00
dmiller
dc238cf08b
Print a partial taskprogress when perc_done is less than 1%. Fixes #1351
2018-10-11 04:47:20 +00:00
dmiller
53f5f5652e
Fix naming of Java RMI, which is not always the Registry
...
Added explanatory comments and links. The client endpoint identifier is
not the hostname (h// template) of the target. This could be any RMI
endpoint, such as `rmid` and not `rmiregistry`, so using "java-rmi"
instead of "rmiregistry" for the service name. Added port 10990
(rmiaux) based on IANA assignment.
Fixes #1342
2018-10-10 03:52:56 +00:00
dmiller
1ded1f082d
Fix service names for Java Obj Serialization, which is not RMI. See #1342
2018-10-10 03:52:55 +00:00
dmiller
cc1b5fdaae
Let rmi-vuln-classloader run against any java-rmi service, not just rmiregistry, as many are vulnerable
2018-10-10 03:52:54 +00:00
dmiller
bd67aa3672
Fix some http->https urls
2018-10-09 17:06:03 +00:00
dmiller
009957693d
Don't clobber version info in rmi-dumpregistry. See #1342
2018-10-09 17:06:02 +00:00
nnposter
74f1b37ff2
Adds protection against incomplete GeoPlugin results, such as 92.123.145.37. Fixes #1331
2018-10-09 00:15:07 +00:00
dmiller
466bf8ff65
Limit -v and -d to 10 max.
2018-10-08 20:49:20 +00:00
dmiller
e48361523b
Fix the check for pcap_set_immediate_mode, which was failing every time.
2018-10-04 17:35:53 +00:00
dmiller
30db709755
Optimistically revert mutex that was needed with WinPcap. Npcap likely is unaffected.
2018-10-03 16:57:54 +00:00
dmiller
5a505b9fc9
Use consistent matching between NSEdoc and Zenmap parsers. Bad example: creds.[service]
2018-10-03 16:57:53 +00:00
dmiller
356831b129
Add a requested feature
2018-10-01 19:32:10 +00:00
dmiller
c7b929995b
Move pcap_setmintocopy call where it belongs, as alternative to pcap_set_immediate_mode
2018-10-01 02:35:10 +00:00
