PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-22 15:39:03 +00:00
Code Issues Projects Releases Wiki Activity
9,911 Commits 2 Branches 0 Tags
ba873c28c04ca32c53b050eaebd79a5303e4417c
Commit Graph

9911 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
fyodor
fefb410a72 Sort nmap-os-db 2013-08-17 00:39:44 +00:00
fyodor
796c90ee0e Minor updates to the descriptions of some new scripts 2013-08-17 00:38:27 +00:00
david
1c0e86596e Split Windows/POSIX implementations of ncat_openlog. 
O_BINARY doesn't exist on POSIX.
 2013-08-16 21:33:41 +00:00
sophron
8477e0586a [NSE] Updated parse_form function to support double quotes and return more attributes. 2013-08-16 20:04:12 +00:00
david
f43781f3d9 XFAIL Unix domain socket tests on Windows. 2013-08-16 17:09:06 +00:00
david
b01285b8f3 Automatically XFAIL SCTP tests on Windows. 2013-08-16 17:09:03 +00:00
david
a6dafe881c Put test filehandles into binary mode. 2013-08-16 17:08:55 +00:00
david
ec311d78c5 Open log files in binary mode. 
This avoids CRLF translation on Windows.
 2013-08-16 17:08:46 +00:00
david
343e09c2fa Push c_ins so that they aren't automatically closed. 2013-08-16 08:03:22 +00:00
david
48058be247 Typo. 2013-08-16 08:03:20 +00:00
david
e373fd5a5c Must connect to "localhost" to match server cert. 2013-08-16 08:03:18 +00:00
david
91cce4c3d2 Connect to ::1 when -6 appears in the options. 2013-08-16 08:03:16 +00:00
david
623b3b9ae4 Close some sockets that ncat-test.pl open itself. 
I was getting intermittent "address already in use" errors.
 2013-08-16 08:03:14 +00:00
david
43f364de1a Typos. 2013-08-16 08:03:12 +00:00
david
70e96fb8ee Use 127.0.0.1 or ::1 where it counts. 2013-08-16 08:03:10 +00:00
david
b76967c325 Don't use a listen address by default. 2013-08-16 08:03:08 +00:00
david
1baf716fd0 Don't wait on server that doesn't listen. 2013-08-16 08:03:06 +00:00
david
02a7dc917f Clear up some more localhost/127.0.0.1 confusion. 2013-08-16 08:02:58 +00:00
david
f9f8937057 Remove hardcoded delay in favor of waiting for a LISTEN message. 2013-08-16 08:02:57 +00:00
david
f1cfaba9e2 Output a LISTEN test message when do_listen is successful. 2013-08-16 08:02:55 +00:00
david
e2f4833fd1 Add logtest function. 2013-08-16 08:02:52 +00:00
david
68dc04479d Add --test option. 
This will be used to control the printing of test messages that say when
a connection is ready to use, to reduce delays in ncat-test.
 2013-08-16 08:02:50 +00:00
david
70b7203d3f Listen on IPv4 by default explicitly. 2013-08-16 08:02:49 +00:00
david
929ade0b11 Autoflush ncat-test.pl output. 2013-08-16 01:34:39 +00:00
david
bbde6ff4b2 Consistency. 2013-08-16 01:34:37 +00:00
sophron
d93a4a21fe Replace the concatenation with a more uniform function call. 2013-08-15 17:36:21 +00:00
sophron
af81f31573 Correctly handle cases where the basepath consists of a single character other than "/". 2013-08-15 17:32:39 +00:00
david
1f372aa911 Make format string specifiers better match types. 
Suggested by Gisle Vanem.
http://seclists.org/nmap-dev/2013/q3/269
 2013-08-15 08:07:26 +00:00
david
4961ebf047 8-byte display for SCTP checksum. 2013-08-15 08:07:24 +00:00
david
ed237e8e19 Use %lu instead of %ul. 
Discovered by Gisle Vanem.
http://seclists.org/nmap-dev/2013/q3/269
 2013-08-15 08:07:21 +00:00
david
784b1ef4e8 Swap SCTP vtag and csum in HIGH_DETAIL output. 
Discovered by Gisle Vanem.
http://seclists.org/nmap-dev/2013/q3/269
 2013-08-15 08:07:14 +00:00
david
3728ece727 New revision of telnet-brute by nnposter. 
http://seclists.org/nmap-dev/2013/q3/249

- Multi-threaded (thanks to nselib/brute.lua)

- Can automatically reduce number of threads if it senses that the
  target supports less than what brute.lua wants to use. Without this
  feature the script tends to bail out because brute.lua default of 10
  threads is too much for a lot of telnet targets. This saves the user
  the trouble of finding out how much the target can take before
  launching the script.

- Uses connection pooling for sending multiple login attempts across
  the same connection. This significantly improves performance.

- Supports password-only logins.

Other changes:

- Fixed support for Windows telnet service.
  Added support for Netgear RM356.

- Improved accuracy of target state detection.

Tested on:

- Cisco IOS
- Linux telnetd
- Windows telnet service
- Digital Sprite 2
- Nortel Contivity
- Netgear RM356
- Hummingbird telnetd
 2013-08-15 07:11:08 +00:00
d33tah
c46f8f0ca4 Fix coding style in my code. 2013-08-13 19:54:09 +00:00
henri
61f6696ae3 Wrong inclusion path. 2013-08-13 17:55:36 +00:00
henri
456430c676 Windows compatibility fix. 
Initialize winsock before starting nsock test suite.
Initial patch from Gisle Vanem.
 2013-08-13 12:36:28 +00:00
henri
0054b3ff4f Windows compatibility fix. 
Initialize winsock in ncat addrset test.
Initial patch from Gisle Vanem.
 2013-08-13 12:36:19 +00:00
henri
64c706c260 Proper code alignment. 2013-08-13 12:36:08 +00:00
d33tah
6805376faf Fix an nsock build error under MSVC. 2013-08-11 20:52:15 +00:00
henri
b0abceec37 Make nsock test suite listeners listen on IPv4 
Do everything explicitely to avoid unexpected behaviors. IPv6 will be added
separately at some point.
 2013-08-11 08:31:39 +00:00
david
1154495aa3 Add a "key" element to the result of ssh1.fetch_host_key. 
ssh-hostkey.nse wanted this element to be present, but it was missing
from SSH1 keys. This caused a crash that was reported by Dan Farmer and
Florian Pelgrim.
http://seclists.org/nmap-dev/2013/q3/151
http://seclists.org/nmap-dev/2013/q3/155
 2013-08-11 05:36:48 +00:00
david
82df82b5fd Do base64-encoding of the SSH key before returning, not after. 
Not all SSH key formats use base64 encoding, for example SSH1 keys looks
different. So we can't blindly base64-encode the raw strings that we
receive. Attempt to return keys in the same format as is used by the
known_hosts file.
 2013-08-11 05:36:45 +00:00
henri
ea8995ebf7 Use a parameter to invoke `ncat' in run_tests.sh 
Run: `NCAT=/opt/something/ncat ./run_tests.sh' to invoke a specific binary.
 2013-08-11 00:11:21 +00:00
henri
853aaff586 Manage expiration times via a heap queue. 
This prevents nsock from iterating over the whole list of events at
each runloop, thus improving performance.

It made it necessary to have pointers from the msevents to the event
lists they belong to. The patch therefore also changes gh_list from
autonomous containers to embedded structures.

Added unit tests accordingly and cosmetic changes to make things look
more consistent.
 2013-08-10 23:59:30 +00:00
sophron
23457a77c0 Modifies the cookie header assembling logic to make it more compliant with RFC 6265, Section 4.2.1, which does not allow the trailing semicolon. Patch by nnposter. 2013-08-10 23:09:16 +00:00
sophron
4b8ed158cf Modifies interpretation of the cookie path in nselib/http.lua to make it more compliant with RFC 6265, Section 5.1.4. Patch by nnposter. 2013-08-10 23:02:40 +00:00
henri
170a85f677 Don't use ANSI color sequences on windows. 
Pointed out by Gisle Vanem. Fixed it in a way that makes it easy to disable on
other systems as well.
 2013-08-10 20:19:38 +00:00
henri
822d3e1da2 Fixed non-portable perror() statement. 
Replaced perror() by printf + socket_strerror(socket_errno()).
Reported by Gisle Vanem.
 2013-08-10 20:19:09 +00:00
sophron
623991eb82 Updated script.db. 2013-08-10 20:07:29 +00:00
sophron
cd23b07f9f [NSE] Removed facebook's domain name as an example. 2013-08-10 19:47:56 +00:00
sophron
1907693c35 [NSE] Added http-useragent-tester.nse. 2013-08-10 19:36:12 +00:00