PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 19:59:02 +00:00
Code Issues Projects Releases Wiki Activity
3,257 Commits 2 Branches 0 Tags
b0346e22b90505105a23b6b8ff676144a31bcd7c
Commit Graph

458 Commits

Author SHA1 Message Date
ron
32d9c9fe98 Added a check for a SMBv2 vulnerability (CVE-2009-3103) to smb-check-vulns. Due to its nature (it performs a DoS, then checks if the system is still online), the script isn't run by default and requires a special script-arg to work. 2009-09-14 15:23:06 +00:00
david
0a479a45fa Fix a typo in dhcp-discover.nse. 2009-09-10 14:18:02 +00:00
ron
9465a839c1 Added dhcp-discover script 2009-09-10 03:26:53 +00:00
bmenrigh
a0bf12e674 Fixed a typo where quad-A records (AAAA) were listed as AAAAA. Thanks 
to Jeron Massar for the report.
 2009-09-08 22:32:45 +00:00
ron
f4458c1917 Added the ability (off by defaultk, since it generates 20x requests) for http-enum.nse to generate variants of each file. This would probably be more useful to use after running a spider script than here, but the code should be essentially the same. I'm hoping it'll be used somewhere more appropriate, eventually. 
Also added a couple fingerprints.
 2009-09-08 19:51:53 +00:00
david
da8903dad9 Remove some verbosity in the output of http-favicon.nse. There's no need 
to say "Found favicon from". Only print out the digest of an
unrecognized icon with some verbosity.
 2009-08-31 23:42:42 +00:00
david
1cdf49547c Have http-favicon.nse look for favicon-db in nselib/data like the other 
scripts look for their data files.
 2009-08-31 23:22:06 +00:00
david
e53657b4c8 Move favicon-db into nselib/scripts. 2009-08-31 23:21:26 +00:00
ron
46d95b5913 Added a 'path' argument to http-enum.nse. Also added the ability to give an array of fingerprints files or an array of paths to search 2009-08-29 15:34:09 +00:00
ron
5136ad0668 Fixed a NSEDoc comment on http-header.nse 2009-08-29 14:46:57 +00:00
joao
6375cf3759 Added argument related comments 2009-08-28 22:46:09 +00:00
joao
ec6be741b4 Added extra description to some invalid favicons 2009-08-28 22:40:03 +00:00
joao
5457ecf54e Fixing some indentation. 2009-08-28 22:26:56 +00:00
joao
9789a1c6a4 Adding http-favicon script. Also adding the script database with the 50 very common favicons. 
Updated script.db
 2009-08-28 22:22:14 +00:00
ron
37507349a3 Changed 'pairs' to 'ipairs' when looping through the header (thanks to Patrick for pointing this out) 2009-08-27 21:35:52 +00:00
ron
7da313e8ac Added the status code to the rawheaders as well (so it's displayed in http-headers.nse). Also updated the @output in the nsedoc. 2009-08-27 15:47:10 +00:00
ron
62dedb9dc1 Added a 'path' script-arg to http-headers.nse. Changed it to use 'HEAD' by default, and fail to using 'GET' the same way other scripts do (also added a 'useget' script-arg to turn it off). Also fixed some print_debugs in http.lua that were prefixed with 'http-enum.nse:'. 2009-08-27 15:39:17 +00:00
ron
fc2b575fba Added 'rawheader' when parsing http requests. It saves the header fields, in order, preserving the case. Change http-headers.nse to read this instead of the processed headers. 2009-08-27 15:24:09 +00:00
ron
5da8f8199e Added http-headers.nse script to database 2009-08-26 00:23:26 +00:00
ron
91518a5222 Added a script-arg to http-enum.nse allowing the user to give a custom fingerprint file. Also changed script to use straight nmap.fetchfile(filename) then to use nmap.fetchfile('nselib/data/' .. filename) to find the fingerprints file, which lets a user give his fingerprints file in the current folder. 
It might be better to give priority the other way, though, I'm not really sure.
 2009-08-25 23:55:05 +00:00
ron
c1d48010a1 Added caching for the HTTP fingerprint files. It mimics similar code from http-usedir-enum.nse, storing the fingerprints in the registry and checking if it exists before reading them. 2009-08-25 23:45:48 +00:00
ron
0ed14b10b1 Added a script designed to display HTTP headers. 2009-08-25 23:36:49 +00:00
ron
fbf2c3d6a7 Print the http status along with the result, if it isn't 200 OK. This was the original behaviour, but it got lost along the way. 2009-08-23 16:58:53 +00:00
ron
fbc8e180ca Converted http-userdir-enum.nse to use my http-enum.nse logic (from http.lua). Also moved the 'displayall' script-arg back into the script, not http.lua, because http-userdir-enum.nse actually wants to find non-200 pages (403 Access Denied, for instance). 2009-08-23 00:43:46 +00:00
ron
cf33de55f3 Moved the definition for the 'displayall' argument into http.lua. 2009-08-23 00:24:23 +00:00
ron
77e7738545 Moved the meat of the http-enum.nse code (the 404-detection, HEAD-detection, etc) into http.lua. It may be a better idea to use http-helper.lua or something similar, but for now http.lua works. I'm open to suggestiosn. 2009-08-23 00:22:20 +00:00
ron
4616e62760 Fix some tabs 2009-08-22 23:55:43 +00:00
ron
a546ebc84f Clean up a lot of the http-enum.nse code; add some comments; abstract the 'is this a 404?' logic into a function (so it can eventually used by other scripts 2009-08-22 23:54:27 +00:00
ron
c9a62acf31 A major overhaul of the http-enum.nse script: 
* Cleaned up and function-ized the code. Planning to move the functions to http.lua or similar to let other scripts (like http-userdir-enum.nse) use them. 
* Better support for different HTTP error codes
* Significantly improved detection of 404 pages to prevent false positives. Some of the techniques used:
  - Request a non-existent page and check the status code
    - If it's 200, try to remove anything that may change (times, URI, filenames, etc), md5 it if ssl is available, and store it. Request a second 404 page and do the same. If they don't match, abort. 
    - If it's any other error code, store it, and look for it in addition to 404 Not Found
  - Request the root folder, /
    - If it returns a 301 Move Permanently or 401 Authentication Required, abort
* Abstracted the fingerprints into files in the nselib/data directory:
  - http-fingerprints: common files/folders
  - yokoso-fingerprints: common applications (from the Yokoso project, by InGuardians -- used under the Nmap license with pemission from Kevin Johnson -- http://seclists.org/nmap-dev/2009/q3/0685.html)
* Added a script-arg that can display all output (except known 404s), instead of just 200 OK and 401 Authentication Required
* Added a lot of debugging messages
 2009-08-22 23:19:16 +00:00
fyodor
cc0081340a update script.db now that apache-userdir-enum has been renamed to http-userdir-enum 2009-08-22 22:31:40 +00:00
jah
e0572ea362 Renamed apache-userdir-enum.nse to http-userdir-enum.nse to better indicate its 
function which is to test http services - not only apache ones.
 2009-08-22 22:04:32 +00:00
jah
4830a3ea29 Removed the restriction in the portrule that would prevent this script from 
running against non-Apache (or non-Apache based) services.  Updated the comments
to reflect this change.
 2009-08-17 22:50:19 +00:00
david
537e938378 Fix a typo in smb-system-info.nse. 2009-08-17 20:31:26 +00:00
batrick
5e362ac43d Changed a global variable to a local to avoid an error from the strict 
module.
 2009-08-15 14:57:52 +00:00
david
3cc4ec9939 Add the ssl-cert.nse script, which retrieves the server SSL certificate. 2009-08-13 23:38:05 +00:00
joao
bf4599385e Added pipeline support to http-enum.nse 2009-08-12 01:52:03 +00:00
joao
ecaf3e90a9 sql-injection with pipeline support and with two new arguments: 
sql-injection.start (to define start crawling url)
sql-injection.maxdepth (to set maximum depth to crawling)
 2009-08-12 01:46:46 +00:00
jah
0847535287 Apologies, the previous commit changed all the line-endings. Changing them back. 2009-08-11 01:40:37 +00:00
jah
4c3c2b770e Include apache-userdir-enum.nse 2009-08-11 01:33:20 +00:00
jah
00fd828d17 apache-userdir-enum attempts to enumerate valid usernames on webservers 
running with the mod_userdir module enabled.
 2009-08-11 01:24:43 +00:00
joao
8e145d6994 Fixing script categories 2009-08-10 11:17:52 +00:00
joao
bcce197537 Fixed http-enum.nse categories 2009-08-10 11:17:28 +00:00
david
9e244b05af Put x11-access in the "auth" category. 2009-08-08 20:06:38 +00:00
david
ffa9178f2b One more whitespace change in x11-access.nse. 2009-08-08 20:03:45 +00:00
david
7002052746 Normalize whitespace in x11-access.nse. 2009-08-08 20:02:47 +00:00
david
1df23cd859 In x11-access.nse, make the portrule run the script if the port number 
is 6000-6009 *or* the service starts with "X11". In this case it didn't
matter because those ports do start with "X11" in nmap-services, but
this better matches the shortport.port_or_service model.
 2009-08-08 20:01:18 +00:00
david
2f54cb191f Add the x11-access.nse script by vladz. See 
http://seclists.org/nmap-dev/2009/q3/0479.html.
 2009-08-08 19:49:05 +00:00
jah
8341de219a Exit the script cleanly rather than throwing an error when attempting to 
receive_bytes() from a portmapper service which fails to respond with data.
 2009-08-08 01:51:32 +00:00
jah
990db60861 Prevent an error ocuring when --script-arg snmplist is not supplied. 
snmplist is not a required arg since a default list of community strings is
provided.
 2009-08-06 09:56:07 +00:00
jah
7971081999 Remove unused and undeclared variable name "method". 2009-08-06 09:50:36 +00:00