PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity
12,896 Commits 2 Branches 0 Tags
96dcf4e9ed933c95da02ff77fb3cd387b174553b
Commit Graph

62 Commits

Author SHA1 Message Date
nnposter
96dcf4e9ed Remove various "the the" repeats. Closes #2804 2024-03-16 01:16:34 +00:00
dmiller
e11ff107de Update service matches for predictable values [ci skip] 2022-08-30 22:35:10 +00:00
dmiller
e8df904e7e Handle unknown/unexpected tokens in login. See #1554 2022-01-04 20:36:43 +00:00
dmiller
c3d54f1fac Change how ms-sql NSE scripts run 
MS SQL NSE scripts run on database instances, which can be TCP or named
pipes. With this change, all TCP instances on scanned ports will have
script output attached under the port as a portrule script. Named pipe
instances and TCP instances on unscanned ports will be displayed in the
hostrule script output at the end of the host's output. Utility function
mssql.Helper.InitScript makes it easy to write scripts that just work on
a per-instance basis, without bothering where to put the output.
Discovery will be done once per host, regardless of how many scripts are
run, and can be guaranteed to be done before the script's action takes
place.
 2022-01-03 21:08:52 +00:00
dmiller
3cf836c9b5 Register mssql instances found in port scan. See #927 2021-12-15 23:44:43 +00:00
dmiller
6a2260aea0 Fix mssql's SetVersionNumber to consider subbuild (not used currently) 2021-12-15 23:44:42 +00:00
dmiller
02c0354744 Avoid TOCTOU by checking discovery state in mssql.Discover 
A script might check WasDiscoveryPerformed and get a negative response,
then call Discover, during which time another script already called
Discover. Instead, check the condition *after* acquiring the mutex.
 2021-12-15 23:44:41 +00:00
dmiller
0b7dc80349 Fix TDS7 password encoding. Fixes #2388. 2021-12-14 22:35:57 +00:00
dmiller
d4bf034df9 Fix TDS7/mssql login packet for non-ascii usernames. See #2056 2021-02-08 22:49:19 +00:00
nnposter
a0172dff48 MS SQL build map true-up 2020-12-04 03:16:33 +00:00
dmiller
b9bb2ec387 Fix (again) the Windows date representation problem. 2020-10-10 13:37:03 +00:00
dmiller
50bef20b92 Handle date formatting for Windows for years earlier than 1970. See #2136 2020-10-08 23:09:21 +00:00
nnposter
5ff407be40 Increases SQL Server version resolution 2020-07-28 01:07:35 +00:00
dmiller
a87b0ca133 Add version info for MS SQL 2017 and 2019 2020-01-06 18:39:54 +00:00
nnposter
dd75a8fec6 Refreshed service pack versions; added MS SQL 2017. Fixes #1411 2018-12-13 21:47:15 +00:00
dmiller
0500811f5a Move string utility functions to stringaux.lua 2018-10-18 01:08:19 +00:00
dmiller
867e9b3fec Remove bin.lua from mssql.lua 2018-09-19 05:16:45 +00:00
dmiller
b5ab73d44d Replace a couple of conversion functions with transcoders from unicode.lua 2018-09-19 04:09:54 +00:00
dmiller
f540c58e3f Remove last uses of 'H' bin packing format, equivalent to stdnse.tohex/fromhex 2018-09-17 15:29:57 +00:00
dmiller
d84ddbe3fd Remove bit library from a few more libs 2018-08-28 03:52:55 +00:00
nnposter
9e77964022 Removes redundant error check 2018-08-20 01:10:32 +00:00
nnposter
0500b2ce42 Converts FromBytes routine from bin.unpack to string.unpack for internal consistency 2018-08-20 01:08:55 +00:00
nnposter
19693c334c More string.sub vs. string.byte optimizations 2018-08-19 01:49:08 +00:00
dmiller
edfc5e3835 Remove useless bin.pack('A') calls (equivalent to tostring) 2017-03-14 02:51:06 +00:00
dmiller
cc0661fb34 Fix more non-explicit endianness things 2017-02-14 05:46:40 +00:00
dmiller
f20589ca09 Use explicit endianness in pack/unpack. 2017-02-14 03:47:49 +00:00
dmiller
81c9062d61 Update mssql.lua with latest service packs and SQL Server 2016 2016-12-18 03:47:34 +00:00
dmiller
cb4b46bd53 Canonicalize authors as tables instead of comma-separated strings 2016-06-09 22:46:42 +00:00
robert
ea7c0bd92b Added SQL Server 2012 SP3 version number and updated SQL Server 2012 SP1 version from the original 4050 release that was pulled and replaced by 4100. 2016-04-02 18:24:39 +00:00
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
robert
fe63fe2662 Added support for SQL Server 2014, and added version numbers for service packs from the last couple of years. 2015-06-02 09:43:34 +00:00
dmiller
ea58c6bebb Replace chained concatenation reassignment with simple concatenation 
Example:

x = y
x = x .. z

Fixed:

x = y
.. z

This simple fix would save 1 string creation/deletion. Most changes
involve many more than this.
 2015-03-02 13:47:42 +00:00
dmiller
0e74dd7a35 Replace some string.char and bin.pack calls with literals 2015-02-27 19:42:56 +00:00
dmiller
e275a96c72 Use string.gsub instead of looped concat to modify strings 2015-02-27 14:55:29 +00:00
dmiller
40f36a4e3e Some string optimizations in NSE 
Changes fall into these categories:

1. Avoid pathological string building. Loops over x = x .. "foo" can
become very slow. Instead, use strbuf.lua, table.concat, or just one
continuous concatenation; a = x .. y .. z is one operation, better than
a = x .. y; a = a .. z

2. Use hex-escaped strings instead of string.char. I find this more
readable in many cases, and it avoids a table lookup and function call.

3. Don't duplicate code. A few libraries and scripts had re-implemented
stdnse.generate_random_string or openssl.rand_bytes.
 2014-09-03 04:49:54 +00:00
batrick
ee6622aea4 nselib stdnse.print_debug -> stdnse.debug 
$ f() { find -name \*.lua -exec /bin/echo sed -i "$1" {} \; ; }
$ f 's/stdnse.print_debug( *\([0-9]*\) *, */stdnse.debug\1(/'
$ f 's/stdnse.print_debug( *"\(.*\))/stdnse.debug1("\1)/'
 2014-08-03 00:56:45 +00:00
dmiller
17c3e9755e NSEdoc cleanup. 
1. The first paragraph of a function's NSEdoc is used as a short
summary. Some of these were very long, so I split off a shorter summary.

2. Use asterisks (*) to denote bulletted lists, not 'o'

3. Wrap lines at 80 columns

4. a couple other spelling and formatting fixes
 2014-03-10 19:01:19 +00:00
dmiller
1b71f75aad Spelling fixes for Lua files 
Mostly in documentation/comments, but a couple code bugs were caught,
including a call to stdnse.pirnt_debug and a mis-declared variable.
 2014-02-19 04:15:46 +00:00
dmiller
69e343f0aa Reindent the last of the NSE libraries. 
https://secwiki.org/w/Nmap/Code_Standards
 2014-02-04 19:47:26 +00:00
dmiller
620f9fdb34 Remove trailing whitespace in lua files 
Whitespace is not significant, so this should not be a problem.
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-23 21:51:58 +00:00
robert
8430ba2792 Added support for SQL Server 2012 (tested against RTM and fully patched), and added version numbers for latest service packs on older versions of SQL Server (as they've not been updated for far too long). 2012-10-18 06:45:47 +00:00
patrik
6c97e0721d nse-check-globals cleanup 2012-08-29 05:42:27 +00:00
tomsellers
5ba2007d69 Added or enhanced support for the following data types: 
SQLTEXT       = 0x23 - text
GUIDTYPE      = 0x24 - uniqueidentifier
NTEXTTYPE     = 0x63 - unicode text (ntext)
BITNTYPE      = 0x68 - boolean
DECIMALNTYPE  = 0x6A - decimal
NUMERICNTYPE  = 0x6C - numeric
FLTNTYPE      = 0x6D - float/real/double
MONEYNTYPE    = 0x6E - money / smallmoeny
BIGBINARYTYPE = 0xAD - binary
BIGCHARTYPE   = 0xAF - char
SQLNCHAR      = 0xEF - unicode char (nchar)

Added detection and handling of null values when processing query responses from the server.
Added DoneProc response token support
Reordered ColumnData and ColumnInfo parsers by data type code to make updates easier.
 2012-08-24 10:32:44 +00:00
patrik
7e85545ea3 Fixed bug in return values for openssl pcall in libraries mssql and smbauth 2012-08-06 00:18:55 +00:00
patrik
6f43ac38b2 SSL overhaul fixing OpenSSL related problems when SSL has not been compiled in 
* replace require function calls with stndse.silent_require
* fixed a bug in nse_main that would fail creating scripts.db when a script
  fails to load
* reworked some code to provide limited functionality even though SSL is not
  present
 2012-08-05 12:05:07 +00:00
david
a2c2863531 Remove "hardmatched" argument from calls to nmap.set_port_version. 
This is the default and can be omitted. Seeing as the value of this
argument was "hardmatched" in 100% of cases, we're better off pretending
the parameter doesn't exist.
 2012-07-30 18:58:32 +00:00
patrik
9236196d42 o [NSE] Added ms-sql-dac script which queries the Microsoft SQL Browser service 
for the DAC (Dedicated Admin Connection) port. [Patrik Karlsson]
 2012-07-10 09:50:51 +00:00
david
aa6717eb1f Lua 5.2 fixed from Daniel Miller. 
http://seclists.org/nmap-dev/2012/q2/525
 2012-05-29 20:11:39 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
tomsellers
4cb024c21d Corrected a numeric type related to version detection against MS SQL 2008 R2 RTM. Added detection version number for MS SQL 2008 R2 SP1 2012-02-08 02:41:53 +00:00