make use of it. Added 5 scripts that use the new libraries:
- snmp-netstat shows listening and connected sockets
- snmp-processes shows process information including name, pid, path and
parameters
- snmp-win32-services shows the names of running Windows services
- snmp-win32-shares shows the names and path of Windows shares
- snmp-win32-software shows a list of installed Windows software
- snmp-win32-users shows a list of local Windows users
checked that the internal buffer was not empty before a send; I changed
it to have an effect only when at least one byte has been written
already.
Formerly, zero-byte sends such as socket:send("") in NSE would crash
Nmap, for both UDP and TCP. I tested this change on Linux, and for UDP
it sends a zero-byte datagram, and for TCP it sends nothing at all.
o Removed the nmap_service.exe helper program for smb-psexec, as it
was still being flagged by malware detection even after the
bit-flipping in the next release. You can now download it from
http://nmap.org/psexec/nmap_service.exe. (The script will remind you
if it's not installed.)
the script indicating where to download it if it is not available. Make
the script check whether the file is the normal binary from 5.20 or
before, or the XOR-encoded binary from 5.21.
This script sends an HTTP OPTIONS request to get the methods
supported by the server, and optionally tests each method to see if
they are restricted by IP address or something similar.
it was returning an empty string, causing blank output entries for
scripts with no output:
80/tcp open http
|_citrix-enum-apps-xml:
|_citrix-enum-servers-xml:
| http-headers:
| Date: Sun, 31 Jan 2010 19:28:13 GMT
| Server: Apache/2.2.3 (CentOS)
| Accept-Ranges: bytes
| Content-Length: 739
| Connection: close
| Content-Type: text/html; charset=UTF-8
|
|_ (Request type: HEAD)
|_http-date: Sun, 31 Jan 2010 19:28:14 GMT; +1s from local time.
|_html-title: Go ahead and ScanMe!
Holst Swende. mongodb-info gets information like the version number,
memory use, and operating system. mongodb-databases lists the
databases and their size on disk.
o [Ncat] Added support for HTTP Digest authentication of proxies, as
both client and server. Previously only the less secure Basic was
supported. [Venkat, David]
in order to keep the script from running against the actual database instances.
Also modified the debugging output so that the bulk of the information is
generated at -d 4 or higher.
ncat_proxy.c: In function `ncat_http_server':
ncat_proxy.c:163: warning: dereferencing type-punned pointer will break strict-aliasing rules
nmap_dns.cc: In function `void parse_resolvdotconf()':
nmap_dns.cc:951: warning: unsigned int format, different type arg (arg 4)
traceroute.cc: In member function `void TracerouteState::read_replies(long int)':
traceroute.cc:1031: warning: 'header_len' might be used uninitialized in this function
on TCP or UDP port 523 and exports the server profile. No authentication is required for
this request. The script will also set the port product and version if a version scan is
requested. [Patrik Karlsson, Tom Sellers]
o [NSE] Restored the ability of http.head to return a body if the
server returns one. This was lost in the http.lua overhaul from
5.20. [David]
o [NSE] Fixed the use of our strict.lua library on distributions that
install their own strict.lua. The error message was
nse_main.lua:97: attempt to call a boolean value
It was reported by Onur K. [Patrick]
o [NSE] Corrected a behavior change in http.request that was
accidentally made in 5.20: it could return nil instead of a table
indicating failure. [David]
o [NSE] Fixed the use of an undefined variable in smb-enum-sessions,
reported by Brandon. [Ron]
o Fixed a compiler error when --without-liblua is used. [Brandon]
o [NSE] Did some simple bit-flipping on the nmap_service.exe program
used by the smb-psexec script, to avoid its being falsely detected
as malware. [Ron]
o [NSE] Fixed an error with running http-enum.nse along with the
--datadir option. The script would report the error
http-enum.nse:198: bad argument #1 to 'lines'
(nselib/data/http-fingerprints: No such file or directory)
The error was reported by Ron Meldau and Brandon. [Kris]
acommonate IPv6 addresses) and make the sscanf format size match the
buffer size (to avoid smashing the stack). The format string is
constructed dynamically to the size of the buffer with Snprintf. Gunnar
Lindberg reported this problem; discussion starts at
http://seclists.org/nmap-dev/2010/q1/250.
