PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-23 07:59:03 +00:00
Code Issues Projects Releases Wiki Activity
10,291 Commits 2 Branches 0 Tags
af4b45947d4a5b07ef67a9968d4da25a2ec71448
Commit Graph

10291 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
henri
d13dab54c3 Replaced internal opaque types by structs. 2014-05-21 19:59:42 +00:00
henri
687d153378 Divide code cleanly between ssl and non-ssl versions 2014-05-21 19:59:29 +00:00
fyodor
73edd44d3f Add a task 2014-05-21 19:50:41 +00:00
dmiller
ba5f207d94 Fix NSEdoc generation problems due to block ordering 
Reported here: http://seclists.org/nmap-dev/2014/q2/258

Complicated parsing issue, but short version is this: The NSEdoc for
scripts must not be followed by a local declaration, or it will not be
accepted. Easiest way is to be sure the block with @usage, @output,
@args, @xmloutput, etc. comes right before the author line.
 2014-05-21 19:06:50 +00:00
jay
f2e162d224 Fixed a bug which caused Nmap to be unable to have any runtime interaction when called from sudo or from a shell script 2014-05-21 17:01:00 +00:00
dmiller
974b4430e2 Pass dates directly to format_timestamp, avoid timestamp overflow 
Should fix: http://seclists.org/nmap-dev/2014/q2/184
 2014-05-21 15:04:13 +00:00
dmiller
125d84fd67 Allow stdnse.format_timestamp to take a Lua date table 
This will allow formatting of timestamps beyond 2036, which currently
are limited by the wrapping of the 32-bit Unix timestamp.
 2014-05-21 15:04:12 +00:00
fyodor
8b88b60c49 Add a few more tasks 2014-05-21 07:08:55 +00:00
dmiller
2f23d996bd Prevent PyXML from importing, causing crashes 
http://seclists.org/nmap-dev/2014/q2/318

Essentially, we import the xml name, then override its search path,
stripping out the _xmlplus paths that PyXML uses. This leaves only the
Python 2 standard library path, which is what Zenmap was written for.
 2014-05-21 03:53:58 +00:00
robert
3f73a22db0 Added a few NSE scripts to OLD_SCRIPT_NAMES that have been removed/renamed over the last year or so. 2014-05-19 20:06:33 +00:00
sophron
efb73576e1 [NSE] A negative value should disable the maxpage limit according to NSEDoc. 2014-05-13 10:14:39 +00:00
fyodor
97a7470fc2 Add an infrastructure task 2014-05-13 02:34:00 +00:00
sophron
2f30c8f9db [NSE] Corrected file name for framework fingerprints. 2014-05-11 11:35:54 +00:00
david
f146bdc562 Add ENETUNREACH to the list of known error codes in service_scan. 
Nathan Stocks reported the crash:
Unexpected error in NSE_TYPE_READ callback.  Error code: 101 (Network is unreachable)
It was traced to a middlebox sending admin-prohibited messages, which
were surfacing in the socket API as ENETUNREACH.

Compare to r17488, which added EPROTO.
 2014-05-05 23:29:39 +00:00
robert
7a46025c86 Updated nmap-service-probes as I was getting an error (not entirely sure why). 2014-05-04 16:25:52 +00:00
robert
3beb66bfaa Updated script.db to include new and renamed scripts. 2014-05-04 15:49:21 +00:00
robert
02e00968f6 Added Paul Amar's NSE script that exploits a vulnerability in Netgear WNR1000v3 allowing credentials to be obtained. Note, it doesn't currently add the credentials to the creds database. 2014-05-04 15:43:30 +00:00
robert
d6ebcf74ea Added NetMotion Mobility VPN UDP probe submitted by Ben Campbell. 2014-05-04 15:20:45 +00:00
robert
926f3f7375 Tweaked the disclosure date in http-vuln-cve2012-1823 for consistency with other scripts that make use of the vulnerability library. 2014-05-04 15:13:57 +00:00
robert
32930ef6e6 Renamed the Zimbra LFI script to use the assigned CVE (and updated example output/usage). 2014-05-04 15:11:23 +00:00
robert
17ef614c49 Added Paul Amar's Webmin File Disclosure NSE script (CVE-2006-3392). 2014-05-04 15:00:06 +00:00
sophron
a64a785d79 [NSE] http-passwd should also send the payloads without appending NULL bytes. There are cases, (for example in PHP => 5.3.4) that include functions do not accept paths with NULL in them, hence all of the script's payloads would fail even if the app was vulnerable. 2014-05-02 12:49:40 +00:00
d33tah
eab18b4522 Get rid of stringisprintable() function - this wasn't used anywhere in the code, yet it was linked into the executable. 2014-04-29 10:56:28 +00:00
tomsellers
4e572fadb2 Change http-default-accounts.nse from safe to intrusive as it attempts to login to the target. 2014-04-27 12:33:10 +00:00
patrik
b440d9c064 fix redirect bug in head request where redirects would not be honored 2014-04-26 13:34:48 +00:00
dmiller
b09926a241 Fix crash in Zenmap DiffViewer 
http://seclists.org/nmap-dev/2014/q2/185
 2014-04-23 12:10:49 +00:00
fyodor
91645f1aee Change a couple files to unix line endings 2014-04-23 09:37:37 +00:00
fyodor
6ebff25d46 add another little issue 2014-04-22 07:41:02 +00:00
fyodor
afca0d3e58 Just add a little issue discussed on the mailing list 2014-04-22 07:35:50 +00:00
jah
c4fc2529a8 Update the way queries to ARIN are formed: from "+ <IP>" to "n + <IP>". 
Update CHANGELOG with recent improvements to whois-ip.nse.
 2014-04-21 14:20:36 +00:00
jah
338dca4cff Add a pattern for a "no match found" type of response from LACNIC. 2014-04-21 14:03:57 +00:00
jah
c47fff6fc2 Fix a problem which happens when a referred-to response cannot be understood, causing an unhandled error. 2014-04-21 13:59:46 +00:00
jah
0623907188 Fix some indentation which went awry in r32677 and r32704 and some which has always been less than ideal. 2014-04-21 13:22:12 +00:00
fyodor
2fb139161f Update categories of dns-update from discovery and safe to vuln and intrusive 2014-04-19 07:50:38 +00:00
fyodor
c5742668b7 just correcting an entry after some more experimentation 2014-04-18 06:42:06 +00:00
fyodor
b23000e08e Update Nmap version number from 6.45 to 6.46 and regen docs 2014-04-18 04:36:33 +00:00
fyodor
ac092cc153 Update CHANGELOG for upcoming 6.46 bugfix release 2014-04-18 04:34:49 +00:00
dmiller
b5e53fc1d8 Silence libc++ warnings, via Olli Hauer 2014-04-17 21:58:39 +00:00
dmiller
6bd9462dd6 Fix some CRLF line endings to LF 2014-04-17 19:50:24 +00:00
dmiller
9ca584d0b8 Make tls.record_read more strict about protocol correctness 2014-04-17 02:15:03 +00:00
patrik
91e1d21cc1 add nil checks to address bug discovered by Mike 
http://seclists.org/nmap-dev/2014/q2/120
 2014-04-17 01:00:01 +00:00
dmiller
d2009ab250 Prevent zenmapCore.NmapParser from looking up remote/system XML entities 2014-04-16 20:37:52 +00:00
dmiller
5087947a42 Prevent Ndiff from looking up remote/system entities 2014-04-16 20:37:50 +00:00
dmiller
2f2b99c941 Fix some service matches with 0-length captures 
http://seclists.org/nmap-dev/2014/q2/105

This is only a temporary fix, since this restriction is hard to enforce.
We should really clean up the matching/substitution code to handle
0-length captures.
 2014-04-16 13:29:44 +00:00
tomsellers
cacf764754 Change to citrixxml.lua to improve performance of citrixlua library when handling large XML responses containing application lists. Large responses were causing the script to consume 100% CPU for extended periods of time. 
Reference:
http://seclists.org/nmap-dev/2014/q2/74
 2014-04-16 11:56:21 +00:00
dmiller
a343ea24cd Extend ssl-heartbleed to use every TLS cipher, prevent false negatives 2014-04-14 19:42:59 +00:00
fyodor
1d4fdaf2b3 Add another ndiff-related task 2014-04-13 07:10:09 +00:00
patrik
3dbe66e9be Change heartbeat request size from 0x0fe9 to 0x4000 2014-04-12 21:31:08 +00:00
fyodor
52dc994b05 regenerate man pages and resort nmap-os-db 2014-04-12 08:12:04 +00:00
fyodor
d7ab6f2001 I think INSTALL_LIB should be set to None by default so it is only used if the installer has set it to something specific. Otherwise I run into issues on Windows 2014-04-12 06:12:01 +00:00