PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-23 07:59:03 +00:00
Code Issues Projects Releases Wiki Activity
10,291 Commits 2 Branches 0 Tags
af4b45947d4a5b07ef67a9968d4da25a2ec71448
Commit Graph

10291 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
paulino
942151eefd Adds supermicro-ipmi-conf.nse. Nominated for a Pwnie for Best Server-Side Bug at BH. 2014-08-18 01:55:06 +00:00
claudiu
a7d5095309 Added silent_require import for openssl, to avoid missing module error 2014-08-16 10:06:22 +00:00
dmiller
5adfb3b1de Update copyright notice to 2014 2014-08-16 01:52:33 +00:00
jay
05772dd1e5 Change default output mode to show TTL info with --reason directly (no need of --reason -v). Also, remove TTL column and move TTL info to REASON column. See http://seclists.org/nmap-dev/2014/q3/289 for discussion on this 2014-08-15 14:07:25 +00:00
jay
8d5ec9e310 Reapply r33420, r33421. Fix a missing right parenthesis. https://xkcd.com/859/ 2014-08-15 12:09:22 +00:00
devin
42c1444e60 Switched to using silent require for libssh2 in ssh-auth-methods 2014-08-14 16:40:48 +00:00
dmiller
72255a9f82 Fix broken build on systems without libssh2 2014-08-14 12:46:43 +00:00
devin
3beac0c854 Fixed categories on ssh-auth-methods 2014-08-14 03:14:50 +00:00
devin
63f997ed28 Merged libssh2-integration branch 2014-08-14 02:09:00 +00:00
fyodor
f6f59a7cd7 Auto regeneration with latest template files, etc. 2014-08-13 22:57:43 +00:00
fyodor
21ba1a7d24 Remove claim about no security holes ever found in Nmap, since a tiny one was found last year. See http://seclists.org/nmap-dev/2014/q3/144 2014-08-13 22:42:58 +00:00
fyodor
f2d3c64245 Update -A documentation to note that OS detection and traceroute are only enabled if root access (or equiv) is available 2014-08-12 22:48:31 +00:00
dmiller
b8d37a32da Update documentation 2014-08-12 02:38:20 +00:00
dmiller
5395676f2e Handle weird behavior rejecting handshakes with multiple compressors offered 2014-08-12 02:38:19 +00:00
dmiller
1622edabc2 Unify logging with protocol prefix 2014-08-12 02:38:17 +00:00
dmiller
29b614ccca Increase default timeout, but allow discovered timeouts, too. 2014-08-12 02:38:16 +00:00
dmiller
31de5b9b9b Offer ciphers and compressors in the same order every time 2014-08-12 02:38:15 +00:00
dmiller
aadd8d864c Documentation for the cipher ordering feature 2014-08-12 02:38:13 +00:00
dmiller
a61755699f Handle servers which offer ciphers we didn't request 
Code from David.
 2014-08-12 02:38:12 +00:00
dmiller
d538cc81cd Sort ciphers according to server preference, when available 
David's code, adapted to current script.
 2014-08-12 02:38:10 +00:00
dmiller
2df9a5f678 Factor out cipher selection for chunks 
It will be handy later to have a find_ciphers_group function that
doesn't know anything about chunking.
 2014-08-12 02:38:09 +00:00
dmiller
38ab5861d5 Report server's cipher ordering algorithm 
Old code from David, modified to fit the current script.
 2014-08-12 02:38:07 +00:00
claudiu
15692e18c3 Removed print 2014-08-11 23:32:56 +00:00
claudiu
73d69527ab Fix false positive on socket timeout 2014-08-11 23:29:32 +00:00
jay
7fc846929d Move some todo items to done 2014-08-11 16:18:31 +00:00
henri
97103efdfb Try to trigger connection failure in a more portable way. 
The former one was hackish and didn't behave consistently
between operating systems.

Passing in a zero addrlen should reliably make connect(2) fail.
 2014-08-10 18:31:00 +00:00
henri
a913288efa Added missing variable declaration, as reported by Gisle Vanem 2014-08-10 13:22:09 +00:00
dmiller
d7d991477a Move http-form-brute docs from @usage to description 2014-08-10 12:34:55 +00:00
jay
4d5950cb42 Add (and document) host.reason and host.reason_ttl 2014-08-10 06:28:58 +00:00
jay
fc5cc15b2c Add port.reason_ttl 
Document port.reason and port.reason_ttl
 2014-08-10 06:14:00 +00:00
d33tah
e142958581 Note a TODO. 2014-08-09 22:30:36 +00:00
jay
b281e0bf1d Get rid of unnecessary spaces at the end of lines 2014-08-09 19:09:06 +00:00
jay
03dd80d280 Convert to unix line endings using dos2unix 2014-08-09 18:06:14 +00:00
jay
1756416ec6 Further reduce Zenmap's Topology Noise 2014-08-09 17:56:29 +00:00
jay
5f346ca88c Document nmap.version_intensity() 2014-08-09 17:49:11 +00:00
dmiller
a7a7229105 Revert r32979, superseded by script-intensity 2014-08-08 14:43:11 +00:00
dmiller
a8d34b7635 Prevent address-info from crashing when the IPv6 address is "not interesting" 2014-08-08 14:43:10 +00:00
jay
b58913befa Document --exclude-ports 2014-08-08 13:27:35 +00:00
dmiller
35045fd839 Removed a troublesome OS fingerprint that matched too many firewalled systems 2014-08-07 19:53:11 +00:00
jay
df4f23eec0 Change all statements of the form 'return BOOLEAN_EXPRESSION ? false : true;' to 'return !BOOLEAN_EXPRESSION;' 2014-08-03 04:25:18 +00:00
jay
68659157f6 Change all statements of the form 'return BOOLEAN_EXPRESSION ? true : false;' to 'return BOOLEAN_EXPRESSION;' 2014-08-03 04:22:02 +00:00
jay
3c38c2099b If a version script is called by name (eg: '-sV --script skypev2-version'), then set version_intensity() to 9 for that script; thus guaranteeing that it will run 2014-08-03 04:16:13 +00:00
batrick
1d77f352ed Fix doc. 2014-08-03 01:19:31 +00:00
batrick
d48e21eb3e fix comment 2014-08-03 01:18:57 +00:00
batrick
5fee541da7 typo 2014-08-03 01:18:13 +00:00
batrick
4b9f1c6766 nselib stdnse.print_debug -> stdnse.debug 
Manual fixes.
 2014-08-03 01:17:09 +00:00
batrick
ee6622aea4 nselib stdnse.print_debug -> stdnse.debug 
$ f() { find -name \*.lua -exec /bin/echo sed -i "$1" {} \; ; }
$ f 's/stdnse.print_debug( *\([0-9]*\) *, */stdnse.debug\1(/'
$ f 's/stdnse.print_debug( *"\(.*\))/stdnse.debug1("\1)/'
 2014-08-03 00:56:45 +00:00
batrick
a809f52d5d level should be a number 2014-08-03 00:43:03 +00:00
batrick
1cec0a305b Run rule functions in the main loop. 
This allows usage of verbose/debug in portrule/hostrule and access to all
functionality of NSE, including sockets. So for example, we can now do:

function portrule (host, port)
  local response = http.get(host, port, "/");
  stdnse.debug1(response.body)
  ...
end

The verbose/debug function did not work in rule functions because the
introspection API (getid, gettid, etc.) only work when NSE is in the main loop.
The main loop sets the required internal variable current needed by the API.

List of changes:

stdnse.lua:

  o debug/verbose check the debugging/verbosity level much earlier to allow
    returning if nothing will be printed.

  o Simplified debug/verbose logic to handle the optional first argument
    better.

  o made debug/verbose local functions to avoid using globals and allow self
    tail calls

nse_main.lua:

  o The logic for adding threads via a rule function is simplified. So long as
    the script has the desired rule function, a thread is always returned.
    Evaluation of the rule function is done while NSE is in the main loop (i.e.
    not in script:new_thread()). The rule function only determines if the action
    function is run.

  o [Not a change:] If the action function will be run or was run then we see
    the usual "Starting X" and "Finished X" messages from NSE.

  o Use Lua 5.2's pack function instead of the slightly more expensive
    {n = select("#", ...), ...} idiom.

  o New stdnse.getinfo introspection function which is used by stdnse.debug.
 2014-08-02 21:18:08 +00:00
jay
078f3fe108 Fix a typo in nmap.cc 2014-08-02 19:35:31 +00:00