PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-20 22:49:01 +00:00
Code Issues Projects Releases Wiki Activity
9,911 Commits 2 Branches 0 Tags
ba873c28c04ca32c53b050eaebd79a5303e4417c
Commit Graph

9911 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
d33tah
e142958581 Note a TODO. 2014-08-09 22:30:36 +00:00
jay
b281e0bf1d Get rid of unnecessary spaces at the end of lines 2014-08-09 19:09:06 +00:00
jay
03dd80d280 Convert to unix line endings using dos2unix 2014-08-09 18:06:14 +00:00
jay
1756416ec6 Further reduce Zenmap's Topology Noise 2014-08-09 17:56:29 +00:00
jay
5f346ca88c Document nmap.version_intensity() 2014-08-09 17:49:11 +00:00
dmiller
a7a7229105 Revert r32979, superseded by script-intensity 2014-08-08 14:43:11 +00:00
dmiller
a8d34b7635 Prevent address-info from crashing when the IPv6 address is "not interesting" 2014-08-08 14:43:10 +00:00
jay
b58913befa Document --exclude-ports 2014-08-08 13:27:35 +00:00
dmiller
35045fd839 Removed a troublesome OS fingerprint that matched too many firewalled systems 2014-08-07 19:53:11 +00:00
jay
df4f23eec0 Change all statements of the form 'return BOOLEAN_EXPRESSION ? false : true;' to 'return !BOOLEAN_EXPRESSION;' 2014-08-03 04:25:18 +00:00
jay
68659157f6 Change all statements of the form 'return BOOLEAN_EXPRESSION ? true : false;' to 'return BOOLEAN_EXPRESSION;' 2014-08-03 04:22:02 +00:00
jay
3c38c2099b If a version script is called by name (eg: '-sV --script skypev2-version'), then set version_intensity() to 9 for that script; thus guaranteeing that it will run 2014-08-03 04:16:13 +00:00
batrick
1d77f352ed Fix doc. 2014-08-03 01:19:31 +00:00
batrick
d48e21eb3e fix comment 2014-08-03 01:18:57 +00:00
batrick
5fee541da7 typo 2014-08-03 01:18:13 +00:00
batrick
4b9f1c6766 nselib stdnse.print_debug -> stdnse.debug 
Manual fixes.
 2014-08-03 01:17:09 +00:00
batrick
ee6622aea4 nselib stdnse.print_debug -> stdnse.debug 
$ f() { find -name \*.lua -exec /bin/echo sed -i "$1" {} \; ; }
$ f 's/stdnse.print_debug( *\([0-9]*\) *, */stdnse.debug\1(/'
$ f 's/stdnse.print_debug( *"\(.*\))/stdnse.debug1("\1)/'
 2014-08-03 00:56:45 +00:00
batrick
a809f52d5d level should be a number 2014-08-03 00:43:03 +00:00
batrick
1cec0a305b Run rule functions in the main loop. 
This allows usage of verbose/debug in portrule/hostrule and access to all
functionality of NSE, including sockets. So for example, we can now do:

function portrule (host, port)
  local response = http.get(host, port, "/");
  stdnse.debug1(response.body)
  ...
end

The verbose/debug function did not work in rule functions because the
introspection API (getid, gettid, etc.) only work when NSE is in the main loop.
The main loop sets the required internal variable current needed by the API.

List of changes:

stdnse.lua:

  o debug/verbose check the debugging/verbosity level much earlier to allow
    returning if nothing will be printed.

  o Simplified debug/verbose logic to handle the optional first argument
    better.

  o made debug/verbose local functions to avoid using globals and allow self
    tail calls

nse_main.lua:

  o The logic for adding threads via a rule function is simplified. So long as
    the script has the desired rule function, a thread is always returned.
    Evaluation of the rule function is done while NSE is in the main loop (i.e.
    not in script:new_thread()). The rule function only determines if the action
    function is run.

  o [Not a change:] If the action function will be run or was run then we see
    the usual "Starting X" and "Finished X" messages from NSE.

  o Use Lua 5.2's pack function instead of the slightly more expensive
    {n = select("#", ...), ...} idiom.

  o New stdnse.getinfo introspection function which is used by stdnse.debug.
 2014-08-02 21:18:08 +00:00
jay
078f3fe108 Fix a typo in nmap.cc 2014-08-02 19:35:31 +00:00
jay
70d6d637f9 Missed the COPYING file in the last commit :P 2014-08-02 19:32:53 +00:00
jay
d4cf544df6 Fix a missing bracket at the end of the IMPORTANT NMAP LICENSE TERMS part in each file 2014-08-02 19:29:50 +00:00
batrick
a19c9eb461 stdnse.print_verbose -> stdnse.verbose1 
$ sed -i 's/stdnse.print_verbose( *\([0-9]*\) *, *" *%s *:* *\([^"]*\)" *, *SCRIPT_NAME/stdnse.verbose\1("\2"/' *.nse
$ sed -i 's/stdnse.print_verbose( *" *%s *:* *\([^"]*\)" *, *SCRIPT_NAME/stdnse.verbose1("\1"/' *.nse

and some manual corrections.
 2014-08-02 18:32:26 +00:00
dmiller
9bf8974b38 Let nsock use /bin/sh instead of Bash for testing 2014-08-02 04:38:04 +00:00
dmiller
e7cd3a7f1e Fix ncat tests 
google.com can resolve to a different set of addresses each time you
resolve it, which makes the addrset tests fail. Use scanme.nmap.org
instead, since (at least for now) that has only one address assigned.
 2014-08-02 04:38:02 +00:00
batrick
59562d1c50 stdnse.print_debug -> stdnse.debug 2014-08-02 03:46:13 +00:00
batrick
4201aa8eac Fix stdnse undeclared variable warning. 
Also fixes a typo:

-function debug3 (...) return stdnse.debug(4, ...) end
+function debug4 (...) return _ENV.debug(4, ...) end
 2014-08-02 03:37:29 +00:00
batrick
91a106e7d5 more stdnse.print_debug -> stdnse.debug 
Manual corrections.
 2014-08-02 03:15:44 +00:00
batrick
6e3bde5de5 debug6 -> debug5 2014-08-02 02:56:31 +00:00
batrick
aeb5908481 more stdnse.print_debug -> stdnse.debug 
Manual corrections.
 2014-08-02 02:54:47 +00:00
batrick
810f7d4803 more stdnse.print_debug -> stdnse.debug 
This is a catchall pattern with a few exclusions.

$ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *\(.*\))/stdnse.debug\1(\2)/' *.nse
$ sed -i 's/stdnse.print_debug(\(.*\))/stdnse.debug1(\1)/' *.nse

Excluded:
$ svn revert db2-das-info.nse
$ svn revert flume-master-info.nse
$ svn revert http-headers.nse
$ svn revert http-methods.nse
$ svn revert http-unsafe-output-escaping.nse
$ svn revert http-userdir-enum.nse
$ svn revert http-vuln-cve2011-3192.nse
$ svn revert http-vuln-wnr1000-creds.nse
$ svn revert http-wordpress-plugins.nse
$ svn revert telnet-brute.nse
 2014-08-02 02:46:16 +00:00
batrick
5e9a8d0777 more stdnse.print_debug -> stdnse.debug 
This one also fixes format string bugs:

stdnse.print_debug(foo) --> stdnse.debug1("%s", foo)

$ sed -i 's/stdnse.print_debug( *\([a-zA-Z0-9][a-zA-Z0-9_]*\) *)/stdnse.debug1("%s", \1)/' *.nse
$ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *\([a-zA-Z0-9][a-zA-Z0-9_]*\) *)/stdnse.debug\1("%s", \2)/' *.nse
 2014-08-02 02:18:48 +00:00
batrick
5d4c5a659c more stdnse.print_debug -> stdnse.debug 
$ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *SCRIPT_NAME *.. *" *:* *\([^"]*\)"/stdnse.debug\1("\2"/' *.nse
$ sed -i 's/stdnse.print_debug( *SCRIPT_NAME *.. *" *:* *\([^"]*\)"/stdnse.debug1("\1"/' *.nse
 2014-08-02 02:13:12 +00:00
batrick
d47acf9f5e more stdnse.print_debug -> stdnse.debug 
$ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *" *%s *:* *\([^"]*\)" *, *SCRIPT_NAME/stdnse.debug\1("\2"/' *.nse
$ sed -i 's/stdnse.print_debug( *" *%s *:* *\([^"]*\)" *, *SCRIPT_NAME/stdnse.debug1("\1"/' *.nse
 2014-08-02 02:08:12 +00:00
fyodor
a763dc81a8 Updated MAC Address prefixes from IEEE data 2014-08-02 01:19:55 +00:00
batrick
536075d3af stdnse.print_debug -> stdnse.debug 
$ sed -i 's/stdnse.print_debug("[-a-z0-9]*:\s*\([^"]*\)"/stdnse.debug1("\1"/' *.nse
$ sed -i 's/stdnse.print_debug(\([0-9]*\),\s*"[-a-z0-9]*:\s*\([^"]*\)"/stdnse.debug\1("\2"/' *.nse

Except:
  o eap-info.nse
  o oracle-brute.nse

Modified:
  o couchdb-databases.nse
  o couchdb-stats.nse
  o http-open-redirect.nse
 2014-08-01 23:04:55 +00:00
dmiller
d23c46f3ac Remove unnecessary SCRIPT_NAME from stdnse.debug calls 2014-08-01 22:00:04 +00:00
dmiller
718c83f367 Check for actually-random TLS random instead of date in ssl-date 
Patch from nnposter here: http://seclists.org/nmap-dev/2014/q3/194
 2014-08-01 21:57:04 +00:00
batrick
2a8c81c4f6 stdnse.print_debug -> stdnse.debug1 
$ sed -i 's/stdnse.print_debug("%s \([^"]*\)", SCRIPT_NAME/stdnse.debug1("\1"/' *.nse
 2014-08-01 21:35:56 +00:00
batrick
c94d5970ff stdnse.print_debug -> stdnse.debug1 
sed -i 's/stdnse.print_debug("%s: \([^"]*\)", SCRIPT_NAME/stdnse.debug1("\1"/' *.nse
 2014-08-01 21:31:04 +00:00
batrick
5161b8642a stdnse.print_debug -> stdnse.debug1 
$ sed -i 's/stdnse.print_debug(1, "%s: \([^"]*\)", SCRIPT_NAME/stdnse.debug1("\1"/' *.nse
 2014-08-01 21:29:42 +00:00
dmiller
b7485a6e7f Add some missing NSEdoc params to re.lua 2014-07-31 19:18:04 +00:00
dmiller
7eb678a893 Move NSEdoc for unittest.run to unittest.nse 
This prevents unittest.run from being included in the Script Arguments
section of every script that includes a unittest-compatible library.
 2014-07-31 18:06:14 +00:00
dmiller
775ca4463f Add @usage to fcrdns.nse 2014-07-31 14:42:37 +00:00
dmiller
e8cfd3abe2 Add NSEdoc to re.lua 
NSE libs must have @class and @name elements, or must have an NSEdoc
block preceding a call to stdnse.seeall, otherwise NSEdoc generation
breaks.
 2014-07-31 14:39:35 +00:00
d33tah
fd3b2c79d3 Don't write to XML output directly in nmap.cc. Spotted and fixed by 
Michal Hrusecki (http://seclists.org/nmap-dev/2014/q3/180).
 2014-07-31 14:28:20 +00:00
dmiller
21ab5d78bd New NSE script: fcrdns 
Performs Forward-confirmed reverse DNS lookup of the target, a.k.a.
Full-circle reverse DNS, double-reverse DNS, or iprev.
 2014-07-31 05:34:19 +00:00
dmiller
fa65ff04d0 Restore verbosity boost for by-name scripts, broken in r33104 2014-07-31 05:34:17 +00:00
devin
e441e2a81d Applied Fabian Affolter's patch to make generator entry more generic 2014-07-30 22:16:32 +00:00
dmiller
0e24910267 New http-enum fingerprint for Metasploit's reverse_hop_http stager 2014-07-30 13:33:21 +00:00