PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-21 15:09:02 +00:00
Code Issues Projects Releases Wiki Activity
10,291 Commits 2 Branches 0 Tags
af4b45947d4a5b07ef67a9968d4da25a2ec71448
Commit Graph

10291 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dmiller
07bb3c4439 note a done task 2014-11-13 13:24:42 +00:00
dmiller
6271177458 Add an uninstall option to ndiff's setup.py 2014-11-13 13:24:41 +00:00
dmiller
ce340ba67b Fix a typo in Zenmap setup: sys.prefix, not self.prefix 2014-11-13 13:24:39 +00:00
dmiller
f0bfd5363c TODO: Add a response-only UDP scan mode 2014-11-13 13:24:37 +00:00
dmiller
a067bc25bc Let MSVC know about noreturn attribute to help with code analysis 2014-11-12 13:29:40 +00:00
dmiller
98b1467a48 Avoid null pointer deref when getting IPv4 header options 2014-11-12 13:29:37 +00:00
dmiller
df50e3091e Fix a constant conditional 2014-11-11 22:15:52 +00:00
dmiller
e4417d132e Fix a stack overrun in ncat's -g option 
Because of the postincrement and <= operators, the parsing could write
as many as 10 struct in_addr into an array allocated for only 8.
Execution would stop because of a later check. Instead, we use
preincrement and < operator to do bounds checking, and check for the
"too many specified" condition with another call to strtok (which should
return NULL if there were no more hops to parse)
 2014-11-11 22:15:50 +00:00
dmiller
877eee826c Fix compilation on VS2013 2014-11-11 18:56:06 +00:00
dmiller
680dd540eb Fix a compiler error on VS2013 2014-11-11 18:56:05 +00:00
dmiller
7797826e5d Silence a compiler warning on VS2013: not all code paths return a value 2014-11-11 06:06:46 +00:00
dmiller
16bbe3719c Fix undefined symbol error on Windows 2014-11-11 05:19:50 +00:00
dmiller
e5b1214a73 Note a done infrastructure task 2014-11-10 16:16:31 +00:00
dmiller
c85bb0b54f Correct logic on checking for SHA1 certificate in ssl-enum-ciphers 2014-11-10 16:16:29 +00:00
dmiller
4e3baad093 Relax ssl-enum-ciphers' timeout to allow time for server processing 2014-11-10 16:16:27 +00:00
fyodor
e806585cdd o [NSE] Updated our Wordpress plugin list to improve the 
http-wordpress-plugins NSE script. We can now detect 34,077 plugins,
  up from 18,570. [Danila Poyarkov]
 2014-11-10 05:37:39 +00:00
dmiller
c05d3704b7 Clarify documentation about -sn 
See http://unix.stackexchange.com/q/87935/16171
 2014-11-08 00:03:48 +00:00
dmiller
e3024a6463 Documentation for new ssl-enum-ciphers rating system 2014-11-07 21:52:49 +00:00
dmiller
8f414cfc3a Correct conversion of DH key size to RSA bit strength equivalent 2014-11-07 21:41:38 +00:00
dmiller
8101fa65e0 Remove ssl-ciphers data file 2014-11-07 18:05:10 +00:00
dmiller
222b2a009d Use internal cipher/handshake scoring system instead of static datafile 2014-11-07 16:39:26 +00:00
dmiller
e11a8609a7 Remove unnecessary vars and redistribute declarations 2014-11-07 16:39:24 +00:00
dmiller
111fbe4b41 Modify some offensive terminology in comments. 2014-11-05 15:02:09 +00:00
dmiller
b73dc0e762 Restructure try_params to return all recieved records 
No functional change to the script, but this allows callers to check for
various alerts or other handshake messages (certificate,
server_key_params, client_certificate_request, etc).
 2014-11-05 14:41:50 +00:00
dmiller
f365b81c23 Add server certificate message parsing to tls.lua 2014-11-05 05:55:54 +00:00
dmiller
2871ba3e6c New function, sslcert.parse_ssl_certificate 
For reasons, the function is exported from nse_ssl_cert.cc into
nmap.socket, then included and documented in sslcert.lua because it fits
better there.
 2014-11-05 05:55:52 +00:00
dmiller
aeae800545 Clean up line endings (stray \r) 2014-11-03 21:40:57 +00:00
dmiller
040b813986 tls.lua: get info about a cipher suite by parsing its name 2014-11-03 21:29:31 +00:00
dmiller
53f7a37b7d Add config.h entries for PCAP_NETMASK_UNKNOWN 2014-11-03 02:47:53 +00:00
dmiller
8107625fbb Integrate more service fingerprints 2014-11-02 13:35:08 +00:00
sophron
52589ae6d1 [NSE] Added sanity check in data/http-devframework-fingerprints.lua 2014-11-02 11:49:56 +00:00
dmiller
9f34a29778 Correct script-args docs for http-virustotal 2014-11-01 12:57:32 +00:00
dmiller
80f18a2bc7 Add configure test for PCAP_NETMASK_UNKNOWN 2014-10-31 13:28:12 +00:00
dmiller
f8ef3f48da Fix detection of CVE-2011-2523 
http://seclists.org/nmap-dev/2014/q4/130
 2014-10-30 13:14:02 +00:00
dmiller
413f8b5176 Remove standalone="yes" from xml output 
This is complicated: a validating parser needs to know how to handle
whitespace (as ignorable markup or as a whitespace node). The default is
to treat it as a whitespace node, and the standalone="yes" tells it that
the document can be handled as such, since there is no internal doctype
definition that says otherwise. But then, when we try to validate
against our DTD, the parser sees that some elements are defined with
element-only content, which conflicts with the standalone default.

References:
http://www.w3.org/TR/REC-xml/#sec-rmd
http://bytes.com/topic/net/answers/553902-standalone-yes
 2014-10-30 13:14:00 +00:00
dmiller
183566948f Update some xml.cc comments and add encoding and standalone declarations 
Explanatory comments within, but this came from reading the XML 1.0
spec. See some history:

http://seclists.org/nmap-dev/2013/q4/48 - Added DOCTYPE
http://seclists.org/nmap-dev/2014/q2/82 - broke Zenmap
http://seclists.org/nmap-dev/2014/q3/331 - reduced DOCTYPE
 2014-10-29 14:46:11 +00:00
dmiller
c7e5ad67b5 Do optimization of pcap filters via set_pcap_filter 
Optimizing reduces BPF instructions from 45 to 10 for large-scan case.

Also use PCAP_NETMASK_UNKNOWN instead of 0 since we don't provide a
netmask.
 2014-10-29 05:31:08 +00:00
dmiller
f9474cd0fd Fix a typo (minimum vs maximum) 2014-10-29 05:31:07 +00:00
fyodor
39e3463061 Note a done task 2014-10-27 18:12:58 +00:00
dmiller
27948e1588 Fix file permissions and missing require in http-avaya-ipoffice-users 2014-10-27 13:04:47 +00:00
dmiller
a1d984a66b Fix a couple off-by-one errors in parsing multiple TLS records 
Reported by Kent Fritz: http://seclists.org/nmap-dev/2014/q4/104
 2014-10-26 16:22:21 +00:00
dmiller
c4ad3ff4d6 Fix some error handling in ssl scripts 2014-10-25 18:58:18 +00:00
tomsellers
e11e03fa50 Add the signature algorithm that was used to sign the target port's x509 (TLS) certificate to the output of ssl-cert.nse 
http://seclists.org/nmap-dev/2014/q4/44
 2014-10-25 18:56:38 +00:00
tomsellers
ea749d785b Fixed a bug in the sslcert.lua library that was triggered against certain services when version detection was used. 
http://seclists.org/nmap-dev/2014/q4/110
 2014-10-25 18:38:17 +00:00
dmiller
9cb2800c97 Revert r33755 (broken fix) 2014-10-25 12:18:15 +00:00
dmiller
553e827110 sslcert: if -sV detects ssl, then no STARTTLS is needed 2014-10-25 12:09:55 +00:00
dmiller
a047985f19 Make SCSV check in ssl-poodle backwards-compatible 2014-10-23 16:01:03 +00:00
dmiller
a03556f7c4 Update .po files 2014-10-23 15:16:52 +00:00
dmiller
7f2853788e Regen de.mo 2014-10-23 15:16:49 +00:00
dmiller
edc715fd9f Update de.po (http://seclists.org/nmap-dev/2014/q4/47) 2014-10-23 15:16:47 +00:00