jah
338dca4cff
Add a pattern for a "no match found" type of response from LACNIC.
2014-04-21 14:03:57 +00:00
jah
c47fff6fc2
Fix a problem which happens when a referred-to response cannot be understood, causing an unhandled error.
2014-04-21 13:59:46 +00:00
jah
0623907188
Fix some indentation which went awry in r32677 and r32704 and some which has always been less than ideal.
2014-04-21 13:22:12 +00:00
fyodor
2fb139161f
Update categories of dns-update from discovery and safe to vuln and intrusive
2014-04-19 07:50:38 +00:00
fyodor
c5742668b7
just correcting an entry after some more experimentation
2014-04-18 06:42:06 +00:00
fyodor
b23000e08e
Update Nmap version number from 6.45 to 6.46 and regen docs
2014-04-18 04:36:33 +00:00
fyodor
ac092cc153
Update CHANGELOG for upcoming 6.46 bugfix release
2014-04-18 04:34:49 +00:00
dmiller
b5e53fc1d8
Silence libc++ warnings, via Olli Hauer
2014-04-17 21:58:39 +00:00
dmiller
6bd9462dd6
Fix some CRLF line endings to LF
2014-04-17 19:50:24 +00:00
dmiller
9ca584d0b8
Make tls.record_read more strict about protocol correctness
2014-04-17 02:15:03 +00:00
patrik
91e1d21cc1
add nil checks to address bug discovered by Mike
...
http://seclists.org/nmap-dev/2014/q2/120
2014-04-17 01:00:01 +00:00
dmiller
d2009ab250
Prevent zenmapCore.NmapParser from looking up remote/system XML entities
2014-04-16 20:37:52 +00:00
dmiller
5087947a42
Prevent Ndiff from looking up remote/system entities
2014-04-16 20:37:50 +00:00
dmiller
2f2b99c941
Fix some service matches with 0-length captures
...
http://seclists.org/nmap-dev/2014/q2/105
This is only a temporary fix, since this restriction is hard to enforce.
We should really clean up the matching/substitution code to handle
0-length captures.
2014-04-16 13:29:44 +00:00
tomsellers
cacf764754
Change to citrixxml.lua to improve performance of citrixlua library when handling large XML responses containing application lists. Large responses were causing the script to consume 100% CPU for extended periods of time.
...
Reference:
http://seclists.org/nmap-dev/2014/q2/74
2014-04-16 11:56:21 +00:00
dmiller
a343ea24cd
Extend ssl-heartbleed to use every TLS cipher, prevent false negatives
2014-04-14 19:42:59 +00:00
fyodor
1d4fdaf2b3
Add another ndiff-related task
2014-04-13 07:10:09 +00:00
patrik
3dbe66e9be
Change heartbeat request size from 0x0fe9 to 0x4000
2014-04-12 21:31:08 +00:00
fyodor
52dc994b05
regenerate man pages and resort nmap-os-db
2014-04-12 08:12:04 +00:00
fyodor
d7ab6f2001
I think INSTALL_LIB should be set to None by default so it is only used if the installer has set it to something specific. Otherwise I run into issues on Windows
2014-04-12 06:12:01 +00:00
fyodor
f83f67ccb9
add a note that our make uninstall should uninstall ndiff too (probably similar to how we do it for Zenmap)
2014-04-12 01:43:59 +00:00
fyodor
96eb55e419
Add some features from Zenmap's setup.pl to ndiff one. The main feature is adding the ndiff.py Python module install directory to ndiff script so it can always (we hope) be found even if the dir isn't in the user's PYTHONPATH.
2014-04-12 01:24:32 +00:00
fyodor
93e857ee81
Add code (taken from Zenmap) to make sure the install location of the Ndiff module can be found by the ndiff script
2014-04-12 00:16:30 +00:00
fyodor
1fc67280f7
Add "AutoReqProv:no" because automatic dependency calculation was adding "python(abi) = 2.4" even though our setup.py takes care of adjusting sys.path to point to wherever the modules were installed. We use this same approach for Zemap. Hopefully this doesn't cause problems. There were the dependencies before this change:
...
$ rpm -qpR nmap-6.45-1.x86_64.rpm
/usr/bin/python
libc.so.6()(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libc.so.6(GLIBC_2.3.2)(64bit)
libc.so.6(GLIBC_2.3.4)(64bit)
libdl.so.2()(64bit)
libdl.so.2(GLIBC_2.2.5)(64bit)
libgcc_s.so.1()(64bit)
libgcc_s.so.1(GCC_3.0)(64bit)
libm.so.6()(64bit)
libm.so.6(GLIBC_2.2.5)(64bit)
libstdc++.so.6()(64bit)
libstdc++.so.6(CXXABI_1.3)(64bit)
libstdc++.so.6(GLIBCXX_3.4)(64bit)
libsvn_client-1.so.0()(64bit)
python >= 2.4
python(abi) = 2.4
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)
And here they are after:
$ rpm -qpR nmap-6.45-1.x86_64.rpm
python >= 2.4
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(CompressedFileNames) <= 3.0.4-1
2014-04-11 23:12:35 +00:00
fyodor
9bbf495448
Update 6.45 release date to today
2014-04-11 19:34:34 +00:00
dmiller
100ff6f238
Let sslcert do STARTTLS based on service, not just port number
2014-04-11 16:42:29 +00:00
dmiller
7170837c8b
Add @usage nsedoc to UDP scripts (default is missing -sU in this case)
2014-04-11 16:42:26 +00:00
dmiller
54caea26b4
Unify comm.lua's is_ssl and shortport.ssl
...
Heuristic detection of SSL ports was previously done in 2 different
places, leading to a divergence: shortport.ssl would return true for
more services than comm.tryssl would try, since comm.is_ssl was checking
a shorter list of port numbers and was ignoring
port.version.service_tunnel and port.version.name. Now any changes to
shortport.ssl will affect both libraries.
2014-04-11 15:22:42 +00:00
david
3f3fafbbec
Update MacPorts-ports.diff to remove pkgconfig dependency on libiconv.
2014-04-11 05:36:00 +00:00
david
31e4350dba
Make the argument to checked_fd_isset non-const.
...
I got this error compiling on OS X 10.6:
In file included from netutil.cc:132:
../nbase/nbase.h: In function 'int checked_fd_isset(int, const fd_set*)':
../nbase/nbase.h:385: error: invalid conversion from 'const fd_set*' to 'fd_set*'
../nbase/nbase.h:385: error: initializing argument 2 of 'int __darwin_fd_isset(int, fd_set*)'
netutil.cc: In function 'int send_ipv6_ip(const sockaddr_in6*, const unsigned char*, size_t)':
netutil.cc:3846: warning: unused variable 'tclass'
make[2]: *** [netutil.o] Error 1
make[1]: *** [netutil_build] Error 2
2014-04-11 05:08:30 +00:00
fyodor
f83dc2c6c2
Since ndiff is now module-based, add some code to the spec file to hopefully allow it to find the site-packages/ndiff* and ^Cild the RPM
2014-04-11 04:04:42 +00:00
fyodor
6bf513b42a
Update Nmap version number from 6.41SVN to 6.45 and rebuild docs
2014-04-11 02:59:07 +00:00
fyodor
8be0cb3f5e
Update to latest Mac prefix (vendor) list from IEEE
2014-04-11 02:56:08 +00:00
dmiller
b3b0bf2389
Handle multiple messages in a single record (ssl-heartbleed)
2014-04-10 20:53:14 +00:00
dmiller
353291aeba
Remove hardcoded TLSv1.1 from heartbeat message build
2014-04-10 20:53:12 +00:00
dmiller
3fd18f7752
Use tls.lua functions to build messages in ssl-heartbleed
2014-04-10 15:14:14 +00:00
dmiller
582afb7746
Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746
2014-04-10 15:14:12 +00:00
dmiller
e8d81eb8b4
Alert on missing tls library, better diagnostics for not-vulnerable sites
2014-04-10 15:14:10 +00:00
dmiller
80ea0d5f10
Don't try ssl-heartbleed on protocol mismatch
2014-04-09 21:54:27 +00:00
dmiller
233b1fca71
STARTTLS support for ssl-enum-ciphers
2014-04-09 18:02:01 +00:00
dmiller
c69afa24aa
Enable ssl-heartbleed to connect to STARTTLS services
2014-04-09 17:34:39 +00:00
dmiller
d1a86b7f57
Remove unnecessary pcall and unsupported SSL 3.0 from ssl-heartbleed
2014-04-09 16:49:18 +00:00
patrik
c0078965e9
add TLS 1.0, 1.1 and 1.2 support and some error checking
2014-04-09 16:16:22 +00:00
dmiller
e38d9618a3
Adjust heartbleed payload size to minimum required to trigger
2014-04-09 15:58:09 +00:00
dmiller
cd0ed4ff7f
Expand the binary blobs in ssl-hearbleed to allow tweaking
2014-04-09 14:37:35 +00:00
dmiller
9b93706cf3
Whitespace/indentation fixes for ssl-heartbleed
2014-04-09 13:51:57 +00:00
dmiller
f07e623835
Fix some globals in ssl-heartbleed.nse
2014-04-09 13:51:55 +00:00
patrik
20eb77d6d2
o [NSE] Add ssl-heartbleed script to detect the Heartbleed bug in OpenSSL
...
CVE-2014-0160 [Patrik Karlsson]
2014-04-09 01:49:29 +00:00
dmiller
9e601256c6
Add parsing support for TLS heartbeat ContentType
2014-04-08 20:12:22 +00:00
dmiller
c87a4f1b3f
Fix an off-by-one bug in TLS record parsing
2014-04-08 20:12:21 +00:00
