djalal
6bb9ad1e80
Added the print_hex() fix CHANGELOG entry.
2011-07-25 23:18:51 +00:00
djalal
3ce7d52800
o [NSE] Improved the NSEDoc of the print_hex() function. [Chris Woodbury]
2011-07-25 23:12:51 +00:00
djalal
47345ac696
o [NSE] Do not print an empty line if there are no remaining characters.
...
This patch was contributed by Chris Woodbury.
2011-07-25 23:09:24 +00:00
djalal
950e435921
o [NSE] Make smb-security-mode run by default.
2011-07-25 21:40:31 +00:00
fyodor
f721f56852
latest task updates
2011-07-25 21:14:42 +00:00
luis
660c91ee57
Minor style changes
2011-07-25 18:39:54 +00:00
luis
80a8a8a418
Change explicit definition of struct osscan_timing_vals to a typedef in the header file
2011-07-25 18:36:05 +00:00
luis
35ef43f711
Change explicit definition of os_scan_performance_vars to a typedef in the header file
2011-07-25 18:34:03 +00:00
luis
4faf19f738
Move constant definitions to the osscan2 header file
2011-07-25 18:30:05 +00:00
patrik
5e954c65a9
Added support for comments in the credential_iterator [Patrik]
2011-07-25 17:59:05 +00:00
paulino
a8df084c1f
Adds http default ports for LiteSpeed Web Server.
2011-07-24 21:26:37 +00:00
paulino
a6c86e4769
Adds entry about http-litespeed-sourcecode-download and http-axis2-dir-traversal
2011-07-24 21:16:15 +00:00
paulino
d4054187e4
Adds http-axis2-dir-traversal:
...
http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
2011-07-24 21:10:04 +00:00
paulino
c43e0bb970
Added http-litespeed-sourcecode-download:
...
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).
If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
* <code>/index.php\00.txt</code>
References:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
* http://www.exploit-db.com/exploits/13850/
2011-07-24 20:13:42 +00:00
shinnok
e2fcc14fe2
Update my TODO file.
2011-07-22 21:55:18 +00:00
shinnok
a83e27c0fb
Update CHANGELOG with the Ncat blocking ssl handshakes fix.
2011-07-22 21:43:24 +00:00
djalal
bd6d08232d
Added the '--script-help' option to the Nmap usage.
2011-07-22 10:59:07 +00:00
batrick
4d27d83f62
Fix to make SCRIPT_NAME not have a filename extension in certain situations.
...
See [1].
[1] http://seclists.org/nmap-dev/2011/q3/304
2011-07-21 18:26:11 +00:00
batrick
9d7ce06a96
better error message when script fails to load (now includes traceback of the script)
2011-07-21 17:46:16 +00:00
patrik
cbf959aecc
o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover
...
message to the broadcast address and collects and reports the network
information received from the DHCP server. [Patrik]
2011-07-21 11:56:15 +00:00
patrik
29c973befa
Add imap-brute as I missed it in the earlier commit [Patrik]
2011-07-21 10:04:30 +00:00
patrik
ee7e069e63
o [NSE] Added the script smtp-brute that performs brute force password
...
auditing against SMTP servers. [Patrik]
o [NSE] Updated SMTP library to support authentication using both plain-text
and the SASL library. [Patrik]
2011-07-21 06:16:20 +00:00
patrik
0453f89779
o [NSE] Added the script imap-brute that performs brute force password
...
auditing against IMAP servers. [Patrik]
o [NSE] Updated IMAP library to support authentication using both plain-text
and the SASL library. [Patrik]
2011-07-21 06:14:02 +00:00
patrik
222e8b9e42
o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson
...
providing common code for "Simple Authentication and Security Layer" to
services supporting it. The algorithms supported by the library are:
PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]
2011-07-21 06:07:02 +00:00
patrik
c3f94727ad
o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs
...
library. The cvs-brute-repository script allows for guessing possible
repository names needed in order to perform password guessing using the
cvs-brute.nse script. [Patrik]
2011-07-21 06:01:19 +00:00
patrik
2faca7aed1
Added support for scripts to report invalid (non-existing) accounts back
...
to the brute library. This way, they're removed from further guessing.
[Patrik]
2011-07-21 05:56:58 +00:00
fyodor
4c03e43d2f
Fix a typo in category name
2011-07-21 05:12:33 +00:00
weilin
586b8464b2
Reverted the unintended changes on nselib/packet.lua@25009.
2011-07-21 02:32:47 +00:00
colin
fd59f6f8d2
Updated changelog with zenmap crash reporter changes
2011-07-20 19:18:53 +00:00
weilin
e889dead91
o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4
...
ARP scan. It is the default ping type for local IPv6 networks.
2011-07-20 08:29:02 +00:00
david
c32d196ce2
Remove the nonexistent include/config.h from the build configuration.
...
With this present, the project always appeared out of date. Visual C++
would always prompt to rebuild the project when starting to debug, for
example.
2011-07-20 07:16:05 +00:00
david
6cf428d8c6
Fix some "and" -> "&&".
2011-07-19 23:42:33 +00:00
david
1646813162
Whitespace and formatting in osscan.cc.
2011-07-19 22:00:13 +00:00
david
9a64d66a1e
Clarify an ambiguous if/else.
2011-07-19 21:40:32 +00:00
david
75cd409ba5
Fix some [-Wunused-but-set-variable] warnings.
2011-07-19 21:40:32 +00:00
fyodor
532eab87e7
Add a small bug/misfeature task
2011-07-19 18:55:03 +00:00
weilin
1dcf652410
Added ND ping for local IPv6 nets, merging from /nmap-exp/weilin/nmap-nd.
2011-07-19 02:31:54 +00:00
fyodor
737035118a
Note some done stuff
2011-07-19 02:06:39 +00:00
david
e2bb7cc271
Fix an indexing bug in http-vhosts.nse. Found by Daniel Miller.
2011-07-18 20:44:22 +00:00
david
bbf254d90e
Fix incorrect (broken) return value in p2p-conficker.nse. Spotted by
...
Daniel Miller.
2011-07-18 20:40:47 +00:00
david
f57b87a010
Capitalization in service probe.
2011-07-18 16:29:40 +00:00
david
6d371adee8
Formatting.
2011-07-18 16:29:38 +00:00
david
a2314b2041
Add port 9050, tor-socks, to the portrule for socks-open-proxy.nse.
2011-07-18 16:29:37 +00:00
djalal
01f4cdd83e
o [NSE] Small improvements on the smtp-vuln-cve2011-1764 script:
...
- Check the port.version.product in the portrule to see if it matches
the 'Exim smtpd'
- If the script was not able to confirm the vulnerability but the Exim
version is between 4.70 and 4.75, then report: "LIKELY VULNERABLE".
2011-07-18 11:42:41 +00:00
djalal
2c7cad079b
o [NSE] Added smtp-vuln-cve2011-1764 script, which checks the Exim DKIM
...
Format String vulnerability (CVE-2011-1764).
2011-07-18 10:21:01 +00:00
djalal
cc062e2e1e
o [NSE] Remove the mac-geolocation script entries since the it was deleted.
...
- Update the script.db file.
- Add the script name to the 'OLD_SCRIPT_NAMES' variable in the Makefile.in file.
2011-07-18 09:58:50 +00:00
djalal
30bd1681b0
o [NSE] Made the following scripts in the default category:
...
giop-info.nse
vnc-info.nse
ncp-serverinfo.nse
afp-serverinfo.nse
2011-07-18 09:50:18 +00:00
gorjan
1f9479a161
Removing the mac-geolocation script which used the no longer available Google Geolocation API service
2011-07-17 17:26:59 +00:00
gorjan
d780448af7
Updating the script to use an API key supplied by the user throught the script-args.
2011-07-17 17:22:58 +00:00
paulino
8215c3420f
Fixes the way of creating the request line by changing string.format for regular string concatenation to allow null bytes in the requests.
2011-07-15 23:48:00 +00:00
