PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
4,555 Commits 2 Branches 0 Tags
a477d142f106d3e385f1ba38bbf5e04724bd9f44
Commit Graph

721 Commits

Author SHA1 Message Date
ron
cfd0aaeabc Fixed a bug where a ternary operator meant to prevent a nil pointer exception was outside of a math.floor() call, making it totally worthless. I moved the math.floor() outside the operation, fixing it. 2010-09-24 01:33:01 +00:00
ron
3bc39efc4b Lots of little bugfixes throughout several smb scripts, mostly related to bad use of global variables 2010-09-24 00:31:12 +00:00
david
ed48818666 Remove the restriction to one thread in http-brute.lua, as the worker thread 
bug that required it has been fixed.
 2010-09-23 16:33:02 +00:00
david
15b5df36ff Add missing <code> tags. 2010-09-21 17:31:17 +00:00
david
0c8460e841 Put <code> tags around an option name. 2010-09-21 17:12:27 +00:00
kris
fa858e041b Remove unused and newly unrequired arguments to the pcap check functions (which 
replace the old callbacks) in scripts
 2010-09-19 02:15:19 +00:00
batrick
de4ba536de Merge from /nmap-exp/patrick/nse-nsock-maintenance. 
This is a maintenance fix for the NSE Nsock library binding. The patch focuses
on code correctness and simplicity. The patch also brings some initial updates
with an eye towards the upcoming Lua 5.2 release. See [1] for a post concerning
this branch.

[1] http://seclists.org/nmap-dev/2010/q3/710
 2010-09-18 20:35:09 +00:00
djalal
15a0dc47b0 Added the targets-traceroute script, which inserts traceroute hops onto Nmap scanning queue. 2010-09-10 01:53:22 +00:00
david
5f7d7fe252 Add status code 553 (Relaying Denied) to the list of NOTPERMITTED codes in 
smtp-enum-users.nse. Martin Holst Swende reported this.
 2010-09-07 20:15:41 +00:00
david
f7b4900eac Include a message in the output (and quit trying users with the current method) 
when smtp-enum-users hits an unhandled status code.
 2010-09-07 20:13:05 +00:00
david
90e2d1dacd Fix spelling of identifier name (NOTPERMITED) in smtp-enum-users.nse. 2010-09-07 19:54:44 +00:00
david
23908b40a8 Fix a typo in the @usage of smtp-enum-users.nse; it said smtp-open-relay. 2010-09-07 19:07:07 +00:00
patrik
c0d92223db Added missing error handling for connection timeouts 2010-08-31 13:38:50 +00:00
david
902b39517f Copyedit NSEDoc in firewalk.nse. 2010-08-31 04:05:31 +00:00
ron
73d8459565 Fixed a bug where http-headers.nse wasn't honouring the 'path' script-arg. 2010-08-29 01:18:08 +00:00
ron
89888ef6b3 Added DHCP library and re-wrote dhcp-discover.nse to use the new library. 2010-08-28 17:18:40 +00:00
david
7026f5fdbd o [NSE] Added the firewalk script, which tries to find whether a 
firewall blocks or forwards ports like the firewall tool does. [Henri
  Doreau]
 2010-08-28 16:03:20 +00:00
david
2dedb261d9 In ftp-anon.nse, note that ftp-anon.maxlist=0 disable directory listing. 2010-08-27 20:08:01 +00:00
david
5731d55219 Revert r19993, the addition of firewalk.nse. This depends on an nselib 
change that isn't committed yet.
 2010-08-27 20:03:21 +00:00
david
79da626772 o [NSE] Added the firewalk script, which maps firewall rules in a way 
similar to the firewalk tool. [Henri Doreau]
 2010-08-27 20:01:09 +00:00
david
e0918fedc4 Let ftp-anon.nse return a directory listing when anonymous login is 
allowed, and add a ftp-anon.maxlist argument to control the listing.
This is adapted from a patch by Gutek.
 2010-08-27 19:21:34 +00:00
jah
22b458476f fix a test of a return from reg_get_value which caused the following error when 
getting NT_STATUS_WERR_ACCESS_DENIED from winreg.openhkpd

smb-system-info.nse:131:
attempt to perform arithmetic on field 'number_of_processors' (a string value)
stack traceback:
        smb-system-info.nse:131: in function 'get_info_registry'
        smb-system-info.nse:182: in function <smb-system-info.nse:180>
        (tail call): ?
 2010-08-25 21:32:40 +00:00
kris
9be7cd7be0 Use host.times.timeout instead of a hardcoded read timeout in path-mtu.nse. I 
forgot to update this since I posted path-mtu before the host.times{} stuff.
 2010-08-24 23:22:01 +00:00
patrik
d4e0b179c1 Fixed a number of incorrect receives and replaced them with receive_bytes. 
Added some logic to make sure all data is read off the socket.
 2010-08-24 20:25:46 +00:00
kris
57664a51cf Committing MTU-related changes: 
* Adding path-mtu.nse for Path MTU Discovery
* Nmap now stores the MTU for interfaces (from SIOCGIFMTU or libdnet)
* Scripts can access the MTU for host.interface via host.interface_mtu
* Nmap prints the MTU for interfaces in --iflist
 2010-08-24 01:47:12 +00:00
patrik
c3a1ec9f02 typo fix, replace Oracle with Informix 2010-08-23 17:25:48 +00:00
patrik
af76c5dad7 o [NSE] Added GIOP library and a small script that makes use of it: 
- giop-info Queries the CORBA naming server for a list of objects
  [Patrik]
 2010-08-19 23:14:39 +00:00
patrik
87109b5670 o [NSE] Added a Oracle TNS library and two new scripts that make use of it. 
The scripts are:
  - oracle-brute uses the brute and tns library to perform password guessing
  - oracle-enum-users attempts to determine valid Oracle user names
  [Patrik]
 2010-08-19 23:09:32 +00:00
patrik
e80b196d2e o [NSE] Added a smallish Lotus Domino rpc library (nrpc.lua) and some Lotus 
Domino oriented scripts:
  - domino-enum-users.nse guesses users and attempts to download ID files by
                          exploiting (CVE-2006-5835).
  - domino-enum-passwords attempts to download Internet passwords and ID files
                          from the web server.
  - domcon-brute performs password guessing against the remote console.
  - domcon-cmd adds support for running custom remote console commands.
  [Patrik]
 2010-08-19 23:02:58 +00:00
patrik
73b01af10a o [NSE] Added an Informix library and three scripts that make use of it: 
- informix-brute uses the brute framework to perform password guessing
  - informix-query add support for running SQL queries against Informix
  - informix-tables lists table- and column-names for a given database
  [Patrik]
 2010-08-19 22:47:52 +00:00
patrik
a2c2a3f84c o [NSE] Added two new scripts http-brute.nse and http-form-brute that attempt 
to perform password guessing against web servers and applications. [Patrik]
 2010-08-19 20:53:40 +00:00
patrik
a946f11791 o [NSE] Added svn-brute, which attempts to perform password guessing against 
the subversion service. [Patrik]
 2010-08-18 20:50:51 +00:00
david
9cbfbbaadc Remove a script.db entry for an uncommitted script I am working on, 
ovs-agent-version.nse.
 2010-08-17 22:44:28 +00:00
david
9ac9fbdd94 Add a "VULNERABLE" banner to the output of wdb-version.nse. 2010-08-17 22:30:43 +00:00
david
644e60c84c Put wdb-version in the "default" category. 2010-08-17 22:19:15 +00:00
djalal
9849be68a9 Use the new get_script_args() function to parse script arguments and clean some whitespaces. 2010-08-17 01:58:47 +00:00
david
3c89e089fc Change calls in these forms: 
socket:connect(host.ip, port.number)
socket:connect(host.ip, port.number, port.protocol)

to this:

socket:connect(host, port)

connect can take host and port tables now, and the default protocol is
taken from the port table if possible.
 2010-08-16 18:59:30 +00:00
david
a314b5b7d7 Don't print unknown hashes in http-php-version.nse unless high verbosity 
is used, otherwise you get hashes printed for sites that don't even use
PHP. Patch by Ange Gutek.
 2010-08-16 16:09:56 +00:00
david
230f5d662b Add reference links to wdb-version.nse. 2010-08-16 15:57:36 +00:00
david
12e699e001 Change the portrule of wdb-version to use port number 17185 instead of 
0x54321. 0x54321 worked, probably due to integer truncation somewhere.
 2010-08-16 14:40:59 +00:00
david
dbd99b59f6 Add the wdb-version script from Daniel Miller. 2010-08-16 14:39:13 +00:00
patrik
ce0de70ae8 o [NSE] Added one script (vnc-brute) that performs password guessing against 
VNC using the new brute library and another (vnc-info) that lists supported
  security mechanisms. [Patrik]
 2010-08-14 15:13:15 +00:00
patrik
2c874c0ba2 changed portrule to include both ibm-db2 and drda 
updated script.db and removed old db2- scripts and added the new ones
changed error message returned by helper class in drda for incorrect logins
 2010-08-14 11:52:18 +00:00
patrik
e570925c37 o [NSE] Renamed db2-info and db2-brute scripts to drda-*. Updated script 
and library to reflect name change. Added support other DRDA based
  databases such as IBM Informix Dynamic Server and Apache Derby.
  [Patrik]
 2010-08-14 08:33:16 +00:00
patrik
2b44c74187 renamed db2 scripts to drda and added the old ones for removal [Patrik] 2010-08-14 08:28:56 +00:00
ron
39318fd843 Fixed the same small bug in smbv2-enabled.nse (was still using the wrong variable for an error message) 2010-08-13 20:39:20 +00:00
ron
af5d750a34 Fixed a small bug in smbv2-enabled.nse (was using the wrong variable for an error message) 2010-08-13 20:35:22 +00:00
david
1290fad780 o [NSE] Added default limits on the number of ports that qscan will 
scan. By default, it will do upt o 8 open ports and up to 1 closed
  port. These limits can be controlled with the qscan.numopen and
  qscan.numclosed script arguments. [David]
 2010-08-13 05:17:07 +00:00
djalal
28e9cf600b Add a missing require('stdnse') 2010-08-12 03:54:13 +00:00
david
d5edc49016 Add patch from Ange Gutek and Tom Sellers to make http-php-version only 
consider responses with a 200 status.
 2010-08-10 19:54:30 +00:00