PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 12:19:02 +00:00
Code Issues Projects Releases Wiki Activity
8,874 Commits 2 Branches 0 Tags
96c1a4f46b9ec168e6b3485c5586b8032fde7052
Commit Graph

1968 Commits

Author SHA1 Message Date
dmiller
63db1bfd12 Replace inline tabs with spaces. 
Left some in the @output section, since libraries are apparently
emitting tab-separated tables (mysql or mssql)

https://secwiki.org/w/Nmap/Code_Standards
 2014-02-03 16:49:26 +00:00
dmiller
31a2c432e1 Final re-indent for scripts. 2014-02-02 15:33:39 +00:00
dmiller
d309fecd12 Re-indent some more scripts. Whitespace-only commit 
https://secwiki.org/w/Nmap/Code_Standards
 2014-02-02 15:33:29 +00:00
dmiller
c7d4f2ec96 Re-indent some scripts. Whitespace-only commit 
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-31 21:01:26 +00:00
dmiller
298be5bfaa Re-indent some scripts. Whitespace-only commit 
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-31 17:36:09 +00:00
dmiller
bcf991c128 Add missing require in redis-info 2014-01-31 17:36:02 +00:00
dmiller
078aa688c9 Reindent some scripts. Whitespace only. 
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-31 16:37:27 +00:00
dmiller
32936167c2 Fix dns-fuzz portrule (was defaulting to tcp) 2014-01-31 15:32:23 +00:00
dmiller
b4994505c3 Add TCP support to dns-fuzz. Also suggest -sU in usage 2014-01-31 15:28:54 +00:00
dmiller
972d799143 Add TCP support to dns.lua 
Slightly modified from patch from John Bond:
http://seclists.org/nmap-dev/2014/q1/118
 2014-01-31 15:14:31 +00:00
dmiller
d36c08dcf5 Re-indent some scripts. Whitespace-only commit 
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-31 13:02:29 +00:00
henri
bf872bf113 Extract and publish more information about redis. 
* Get OS
  * Get redis version (and set it to port.version)
  * Get architecture (and set it to port.extraversion)
  * Make and set an application CPE
 2014-01-30 18:35:25 +00:00
henri
1cb2aba30f Updated the redis scripts portrules. 2014-01-30 18:35:21 +00:00
dmiller
4eaa21e7cb Integrate David's ssl-enum-ciphers improvements 
From this thread: http://seclists.org/nmap-dev/2014/q1/105

* Extensions now better supported in tls.lua
* ssl-enum-ciphers sends all EC options to ensure servers reply with
  supported EC suites
* tls.lua supports multiple messages of a single type within 1 record
* tls.record_buffer will read an entire TLS record into a buffer
* ssl-date and tls-nextprotoneg updated to use tls.record_buffer
 2014-01-30 18:12:14 +00:00
dmiller
1d9fa6bea2 Fix some bugs in sstp-discover reported on IRC 2014-01-27 19:13:22 +00:00
dmiller
620f9fdb34 Remove trailing whitespace in lua files 
Whitespace is not significant, so this should not be a problem.
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-23 21:51:58 +00:00
dmiller
db1d82ad1f Fixed global assignments with nse_check_globals 
All fixes made by hand. A couple real bugs/errors fixed, due to
copy-paste of code from other scripts without changing variable names.
 2014-01-22 17:45:00 +00:00
dmiller
2ea4934bbf Add unittest.nse to 'safe' category 2014-01-21 22:17:13 +00:00
sophron
7b43ab1ff6 [NSE] Symbol '%' missing in the urls. 2014-01-20 14:44:45 +00:00
dmiller
726b259b20 Consolidate "contains" functions into stdnse.contains 
These implementations were all functionally identical. The replacement
has an extra feature of returning the index where the value was found,
currently unused.
 2014-01-16 22:57:33 +00:00
dmiller
197f28265f New function stdnse.format_mac 
This function will format a MAC address as colon-separated hex bytes.
It's really very simple: stdnse.tohex(mac, {separator=":"})

This commit updates all the instances I could find of the varying
convoluted attempts at performing this conversion.
 2014-01-16 21:50:30 +00:00
dmiller
b61d378d3a Update script.db 2014-01-16 19:09:13 +00:00
dmiller
a998d97216 Add sstp-discover NSE script from Niklaus Schiess 2014-01-16 19:07:43 +00:00
dmiller
645ef2a0bd Update ssl-date to use tls lib 2014-01-16 18:10:04 +00:00
dmiller
760da1788f Let tls-nextprotoneg use tls.lua library 
Required fixes to tls lib's extensions (did not previously support
extension data)
 2014-01-16 18:10:02 +00:00
dmiller
35148980ef Update ssl-enum-ciphers to use tls.lua 2014-01-16 18:09:59 +00:00
henri
0b2a445ddd Use strjoin() instead of '..' to concatenate strings. 
This significantly decreases CPU usage, that could reach
100% on large scans.
 2014-01-13 08:35:00 +00:00
dmiller
dc617c42f3 New unittest library and driver script for NSE testing 
Please read the documentation. This is a way to add unit testing to NSE
libraries (not scripts, yet). Please add tests to your libraries!
Examples to come in further commits.
 2014-01-03 21:10:01 +00:00
dmiller
395a91b026 Fix @output nsedoc for targets-asn 2014-01-03 21:09:57 +00:00
fyodor
8418f18274 Minor updates to comments. For example, wanted to clarify that the Nikto http-enum integration was done with cooperation/encouragement from Nikto folks 2013-12-27 03:45:53 +00:00
sophron
55e066c0e6 [NSE] Added a feature that integrates Nikto's large db to our http-fingerprint file on runtime. http://seclists.org/nmap-dev/2013/q4/292 2013-12-23 15:50:19 +00:00
sophron
0645d18764 [NSE] Renamed and fixed the script that detects Zimbra LFI. Patch by Ron Bowes. 2013-12-19 20:45:49 +00:00
dmiller
771a6a0793 Fix more Lua patterns with '-', see r32566 2013-12-19 20:34:46 +00:00
dmiller
45cd8091a4 Fix Lua patterns that contain - 
"-" in a Lua pattern means "ungreedy zero-or-more" and must be escaped
to match a literal "-". http://www.lua.org/manual/5.2/manual.html#6.4.1
 2013-12-19 20:05:09 +00:00
sophron
c52c5476de [NSE] Added a script that detects Zimbra zero-day LFI. Script written by Paul Amar. 2013-12-18 22:42:15 +00:00
sophron
f280a93538 [NSE] Added a detection method and the option to execute a payload. Patch by Paul Amar. 2013-12-09 15:54:43 +00:00
david
98bbff8b69 Remove unused local. 2013-12-05 23:41:21 +00:00
david
aa15467a3f Fix the off-by-one in ssl-enum-ciphers that I reintroduced. 2013-12-03 17:12:15 +00:00
david
126d424dec Simplify the chunk calculation. 2013-12-02 22:47:20 +00:00
david
6832c98454 Try only 64 ciphers at a time in ssl-enum-ciphers. 
An off-by-one error meant that we tried 65 at a time. The number 64 came
up in a discussion of limitations of running against IIS.
http://seclists.org/nmap-dev/2012/q3/167
 2013-12-02 22:47:09 +00:00
fyodor
0dafd86d22 Add AllSeeingEye (a protocol for querying status of certain games) script and service probe 2013-12-01 22:09:16 +00:00
david
8ab92b3214 Tabs to spaces in ssl-enum-ciphers. 2013-11-27 04:59:48 +00:00
patrik
9e075b8140 change incorrect parameter http-put.file to http-url.file based on bug report 2013-11-23 22:26:33 +00:00
fyodor
e6a0762764 o [NSE] Add freelancer-info to gather information about the Freelancer 
game server. Also added a related version detection probe and UDP
  protocol payload for detecting the service. [Marin Maržić]
 2013-11-20 04:31:31 +00:00
fyodor
e1932c2916 Regenerate script.db 2013-11-20 04:04:59 +00:00
dmiller
83e0ee1e70 Add ChaCha20-Poly1305 TLS cipher suites to ssl-ciphers 2013-11-14 20:41:09 +00:00
patrik
4152af8eb1 Fix nil value reference 2013-11-14 02:50:47 +00:00
dmiller
58d44f8437 Add .skip script-arg for http-server-header 
Because http-server-header grabs the server header and sets the service
version hardmatched, Nmap won't print a service fingerprint. This means
people might not submit as many fingerprints in the future, but we would
rather they did (speeds up scans by short-circuiting version probes).

Now http-server-header will print a messages suggesting the use of
--script-args http-server-header.skip for the purposes of submitting a
fingerprint. If this script-arg is set, the script will not run,
preserving Nmap's previous behavior.
 2013-11-12 18:35:17 +00:00
dmiller
fbf03995e0 Allow http-server-header to set http service even without Server header 2013-11-08 21:33:57 +00:00
dmiller
3e54536dab Add http-server-header as a last-ditch means to get httpd version 
See http://seclists.org/nmap-dev/2013/q3/599 for justification.
 2013-11-08 21:19:36 +00:00