PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 04:09:01 +00:00
Code Issues Projects Releases Wiki Activity
8,025 Commits 2 Branches 0 Tags
9434dd7d2ff7e4fbe1eef82838d2eef3acaa0a95
Commit Graph

149 Commits

Author SHA1 Message Date
david
9434dd7d2f parse_redirect: fill in port number even if authority but not scheme is present. 
For example "//example.com/en/": the function needs to return with
u.port set, just as it would with "http://example.com/en/".
 2013-02-07 23:12:41 +00:00
david
4cdb5301dd 300 and 303 are also HTTP redirects. 2013-02-07 22:28:10 +00:00
david
7c7ffdb756 Typo. 2013-02-02 01:41:50 +00:00
patrik
13411ab6d1 Fixed a bunch of errors related to inproper responses from webservers. 2012-08-31 15:17:14 +00:00
aca
fd32aec639 Merged http-slowloris-check 2012-08-24 09:19:30 +00:00
perdo
7781d39cdf Textarea's name should not be lowercased. 2012-08-05 22:39:05 +00:00
perdo
ba049718b0 Add digest auth support to http-brute (and to http library). Also fix whitespace in sasl.lua. 2012-08-05 22:23:54 +00:00
patrik
6f43ac38b2 SSL overhaul fixing OpenSSL related problems when SSL has not been compiled in 
* replace require function calls with stndse.silent_require
* fixed a bug in nse_main that would fail creating scripts.db when a script
  fails to load
* reworked some code to provide limited functionality even though SSL is not
  present
 2012-08-05 12:05:07 +00:00
henri
d0e684735a Typo (identfy_404 -> identify_404). 2012-08-01 07:53:16 +00:00
perdo
8025ba5a5a Added some checks for http response's body being nil. 2012-07-23 22:47:11 +00:00
perdo
612ca59323 Modify pipelining implementation a bit, allow a user to specify size of the pipeline, fix some debugging messages. 2012-07-23 21:58:40 +00:00
perdo
614077f122 Functions from http library that make requests now always return a table. 2012-07-09 10:18:29 +00:00
paulino
469e6ca5ca Fixes crash when using identify_404() that happened when the status response changes in the second or third request and the return value is the string "<unknown>". 
Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d.
 2012-07-04 20:21:08 +00:00
fyodor
288a4dc4ad suggest http.max-cache-size argument for consistency rather than http-max-cache-size (both work) 2012-07-03 19:48:23 +00:00
patrik
709fce67b1 Applied patches from Dan Miller to fix bugs in http and sslcert libraries; 
http://seclists.org/nmap-dev/2012/q2/696
 2012-06-15 10:07:32 +00:00
patrik
b96ffc0e14 fixed a global variable in http.lua 2012-06-11 21:02:41 +00:00
perdo
106c529dd6 While extracting forms from websites, field names are no longer converted to lowercase (the error was reported by Paulino). 2012-06-11 09:41:58 +00:00
perdo
8a049498d3 Added html forms 'parsing' routines to http.lua 2012-06-10 23:01:29 +00:00
patrik
55572542ef Fix for bug in cookie parsing code reported by Ron Bowes; 
http.lua:757: attempt to perform arithmetic on local 'pos' (a nil value)
 2012-06-07 16:06:58 +00:00
david
aa6717eb1f Lua 5.2 fixed from Daniel Miller. 
http://seclists.org/nmap-dev/2012/q2/525
 2012-05-29 20:11:39 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
batrick
b2f3139284 remove unnecessary escape 2012-03-30 03:14:31 +00:00
patrik
1d2c5cb735 Added additional http redirect documentation to the http library 2012-03-15 06:30:06 +00:00
david
d7f56c9f4c Typo. 2012-03-03 05:57:24 +00:00
patrik
fccccff960 * bugfixes to several http scripts related to new redirect code in http 
library
* added option to httpspider that allows passing the redirect_ok closure to
  the http library
[Patrik]
 2012-02-11 22:37:14 +00:00
patrik
e8dad669ef Fixed bug in redirection code reported by David. The redirect_ok function 
would fail validating a location if the port passed to http.get or http.head
was a number and not a table. [Patrik]
 2012-02-11 17:50:48 +00:00
patrik
48423a8a88 o [NSE] Added redirect support to the http library. All calls to http.get and 
http.head now transparently handle any HTTP redirects. [Patrik]
 2012-02-11 13:37:40 +00:00
henri
78a606b0b7 Fixed typo in comments: 
* respones -> responses
 2012-01-19 22:23:44 +00:00
henri
6f95d9fabe Fixed typos in comments: 
* Thse -> These
  * retunred -> returned
  * pipeling -> pipelining
 2012-01-19 22:22:10 +00:00
patrik
f93b31373a o [NSE] Fixed bug in the http library that would fail parsing authentication 
headers if no parameters were present. [Patrik]
 2011-12-19 18:35:32 +00:00
patrik
34db78528a o [NSE] Added support for detecting whether a http connection was established 
using SSL or not by the http.lua library [Patrik]
 2011-12-06 22:24:58 +00:00
patrik
b66a4849c4 o [NSE] Modified the http library to support servers that don't return valid 
chunked encoded data, such as the Citrix XML service. [Patrik]
 2011-11-07 06:04:13 +00:00
patrik
005322c8d4 o [NSE] Added a new script http-put.nse that allows uploading of local files 
to remote web servers using the HTTP PUT method. Added HTTP PUT support to
  the http library. [Patrik]
 2011-10-20 02:32:51 +00:00
paulino
8215c3420f Fixes the way of creating the request line by changing string.format for regular string concatenation to allow null bytes in the requests. 2011-07-15 23:48:00 +00:00
paulino
47a338c85a * Adds note about a desired feature: cache system for http pipelines 
* Adds note about the new signatures added to http-enum
 2011-07-01 20:45:28 +00:00
paulino
390eb9e4ab * Fixes bug when parsing script-args. The script was only using the value from the argument 'pipeline' but not from 'http-enum.pipeline'. 
* Makes clean_404 a public function. This function is used in the NSE script http-waf-detect to remove text that changes.
 2011-07-01 20:34:01 +00:00
batrick
4444071f03 use # length operator instead of string.len (canonicalize) 
Used this perl command:

$ # perl -pi -e 's/string\.len\((.*?)\)/#\1/g' *.lua

Also fixed one instance where the above command didn't correctly
translate the intended code (string.len(a .. b .. c)).
 2011-05-11 15:08:55 +00:00
patrik
b844caa6cd Changed the way cookie table fields are created in http.lua. This change 
ensures that attribute names are always treated as lower case. [Patrik]
 2011-03-15 21:42:49 +00:00
david
61543b681e Fix to http.validate_options from Sebastian Prengel: The cookies table 
was being iterated over incorrectly.

Also from Sebastian: add "expires" to the list of handled keys in
validate_options.
 2011-02-24 20:16:06 +00:00
batrick
47e6012b15 remove old commented code 2010-12-08 14:19:08 +00:00
patrik
e26eef6533 fixed typo intead -> instead [Patrik] 2010-11-05 10:10:36 +00:00
ron
fef25e6a42 Made some big style changes to clean up HTTP library. Primarily focused on improving the interface, NSEDoc, and pipline support 2010-11-02 02:07:01 +00:00
ron
13bb98b8b8 Bring in changes from my experimental brange, nmap-http 2010-10-27 03:08:08 +00:00
ron
2608bae6ca Rollback the changes to the HTTP library I accidentally commited in the last revision 2010-10-18 21:23:24 +00:00
ron
b8e712ceeb Added a couple shares to the list of common ones (requested on IRC by kraigus) 2010-10-18 21:16:48 +00:00
david
53bd35c9cd Increase the debug level required to print out the http.lua cache size. 2010-09-27 18:51:04 +00:00
david
92362b2d24 Move special request body handling out of http.post and into http.generic_request. 2010-09-27 01:21:45 +00:00
david
600848c268 Fix NSEDoc (@param not @arg). 2010-09-14 02:02:50 +00:00
david
f1ea488753 Add better error checking to http.read_auth_challenge; bail out if 
read_token or read_token_or_quoted_string fails.
 2010-08-18 18:22:03 +00:00
david
d275f88183 Fix two bugs in http.read_auth_challenge reported by Tom Sellers. The 
first was that pos was declared as a local variable and shadowed the pos
parameter. The second was that when multiple WWW-Authenticate headers
were present, the wrong pos would be returned after reading the first
one. The arrow shows the pos it was returning:

Digest realm="My Site", domain="/", Basic realm="My Site"
                                          ^

It now returns this correct pos, ready to read the next challenge:

Digest realm="My Site", domain="/", Basic realm="My Site"
                                    ^

This was a problem I had already solved for Ncat but I copied the logic
imperfectly to http.lua.
 2010-08-18 18:16:22 +00:00