PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
8,222 Commits 2 Branches 0 Tags
93eee124c2a13f34b64e970c8a26c8d4f80c93c9
Commit Graph

12 Commits

Author SHA1 Message Date
dmiller
8d28811522 Update scripts with millisecond timeouts to timespec 
Similar changes to r30653, but may break compatibility with people using
integer millisecond values, which are now treated as number of seconds.
To get same behavior, use ms after number, e.g. 5000 becomes 5000ms or
5s
 2013-03-06 15:14:20 +00:00
henri
b3361b56d0 Added HTTP status code 400 (Bad request) to the list of ignored codes in 
http-method-tamper.nse, which is the behavior of many servers (makes sense as
this is rather a client-side error).
 2012-10-12 12:25:45 +00:00
patrik
121cc35de6 nse_check_globals cleanup 2012-10-07 12:54:31 +00:00
paulino
ed65dd66d3 Removes the script from the "safe" category. 2012-09-07 23:44:58 +00:00
paulino
d7234e2582 Renames http-method-tamper to http-vuln-cve2010-0738 and adds the new version of http-method-tamper. 
The new version improves the detection mechanism to cover PHP environments with .htaccess files and adds spidering to locate password protected resources automatically.
 2012-09-07 23:42:39 +00:00
tomsellers
644595d077 Modified multiple scripts that operated against HTTP based services so as to remove false positives that were generated when the target service answers with a 200 response to all requests. 
Some scripts that had been previously modified were updated so that the debug output was consistent.

A few scripts were calling identify_404 with host.ip as opposed to the proper host object.  This has been adjusted as well.
 2012-07-08 12:41:37 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
fyodor
78033599ed Update the script descriptions/nsedoc a bit 2012-01-01 22:21:08 +00:00
fyodor
d13ae6cf25 Minor updates to description text 2011-12-29 10:54:55 +00:00
patrik
25a54f58cb o [NSE] Applied patch that corrects an issue where the http-method-tamper 
script would fail to properly detect JBoss servers vulnerable to the
  CVE-2010-0738 vulnerability. [Hani Benhabiles]
 2011-12-08 19:04:42 +00:00
djalal
5ac9edb7e1 Fix the vulnerability CVE ID in the documentation. 2011-11-09 10:21:08 +00:00
patrik
465594fa87 o [NSE] Added the http-method-tamper script that detects authentication bypass 
vulnerabilities using the http HEAD method as reported in CVE-2010-738.
  [Hani Benhabiles]
 2011-11-08 21:18:22 +00:00