PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity
2,107 Commits 2 Branches 0 Tags
bb8be37ecea8d11f5093e085bd637afbe7029cc3
Commit Graph

58 Commits

Author SHA1 Message Date
david
a4f6dc6b6e Merge from /nmap-exp/david/nmap-os. 
This brings in four discrete changes:

1. The widening of ranges for T test expressions in nmap-os-db. Any expressions
   that were not already ranges were expanded to cover plus and minus five of
   their original values.
2. The normalization of TG expressions in nmap-os-db. Nmap is only capable of
   outputting 0x20, 0x40, 0x80, and 0xFF for a TG value, but many fingerprints
   had values other than these. They have all been rounded to their nearest
   likely value.
3. The elimination of the U1.TOS and IE.TOSI tests (both having to do with type
   of service). This was effected by setting their MatchPoints to 0.
4. A cleanup and refactoring of OS fingerprint output code. This should not
   have any impact on output, except in one case: when debugging is non-zero or
   verbosity is greater than one, and at least one perfect match was found,
   Nmap used to print "OS Fingerprint:" before the fingerprint. Now it prints
   "TCP/IP fingerprint:" in this case like in all the others.
 2008-10-31 22:46:07 +00:00
fyodor
2c650269ec o Fixed a bug which caused Nmap to infer an improper distance against 
some hosts when performaing OS detection against a group whose
  distance varies between members. [David, Fyodor]
 2008-10-17 21:20:52 +00:00
kris
83ed199791 Adding packet validity checking to readip_pcap() so the caller can assume the 
packet is OK from the get-go rather than running basic checks of it's own.

In a nutshell this patch checks to make sure:

1) there is enough room for an IP header in the amount of bytes read
2) the IP version number is correct
3) the IP length fields are at least as big as the standard header
4) the IP packet received isn't a fragment, or is the initial fragment
5) that next level headers seem reasonable

For TCP, this checks that there is enough room for the header in the number
of bytes read, and that any option lengths are correct.  The options checked
are MSS, WScale, SackOK, Sack, and Timestamp.

This also fixes a bug I discovered while testing.  Since the Ethernet CRC
(and other datalink-layer data) could be read and counted, it was being
returned that there was more IP packet than there really was.  This didn't
cause an overrun of the buffer or anything, just that garbage data could have
easily been read instead of real packet data.  Now, if validity is checked for
and the number of total bytes read is larger than the IP's length, the length
is set to the IP header's total length field.

This seems to work great after doing what testing I could.  It's been out on
nmap-dev for a couple of weeks without any bad reports (none at all for that
matter).  I reviewed this patch again before committing and it looks good as
well.
 2008-06-30 23:55:19 +00:00
kris
47bc9d4c4f Fixing more bugs reported by Ilja, mostly bounds checking 2008-06-14 06:59:11 +00:00
michael
6692822a34 The information pretaining to the U1.RID probe for OS scans wasnt being properly converted to/from network byte order. This has resulted in several erronious entries in nmap-os-db and the failure of OS scan to perfectly detect some hosts (most of them are printers). 2008-05-31 01:41:13 +00:00
fyodor
779b96a197 trivial copyright text tweak: filename nmap-os-fingerprints has changed to nmap-os-db 2008-05-22 20:45:32 +00:00
fyodor
10b54b773b minor license template updates from Kris--fix gnu.org link to GPLv2 (moved) and openssl license filename (COPYING.OpenSSL) 2008-05-05 04:10:00 +00:00
fyodor
5551c5a311 o Fixed a bunch of code to avoid compilation warning messages (at 
least on some Linux machines) [Andrew J. Bennieston]
 2008-04-09 02:11:20 +00:00
fyodor
d5f3f3610e improve the tcp options comment even more to ensure is inline with tcp options actually used 2008-03-13 05:34:17 +00:00
fyodor
a71b4d2528 update a comment which lists tcp options used in os scan 2008-03-13 05:25:54 +00:00
fyodor
1accc12fb2 fix typo in legal header found by Leigh Zhao (missing word: of) 2008-02-28 18:52:06 +00:00
fyodor
29c912f394 URL change from http://insecure.org/nmap/* to http://nmap.org/* 2008-01-17 07:22:03 +00:00
fyodor
8220c8a42f update copyright line at the top of files from 1996-2006 to 1996-2008 2007-12-22 06:32:03 +00:00
fyodor
09512ff092 o Fix a bunch of warning/error messages which contained an extra 
newline.  Thanks to Brandon Enright for the patch.
 2007-12-21 03:38:04 +00:00
kris
242744baaa Avoid negative array index (-1). Found with Coverity, CID 11 2007-11-16 00:17:23 +00:00
david
50c4981934 Remove the first-generation OS detection and nmap-os-fingerprints. 2007-11-03 01:31:02 +00:00
kris
0b50c16b38 Adding Snprintf() and Vsnprintf() to nbase/nbase_str.c. This is because of Windows' stupid implementation where it doesn't write a NULL byte at the end of the buffer if the result is truncated. I would've just #defined snprintf and vsnprintf to some wrapper function for Windows, but this doesn't work as libdnet and libpcap (and libpcap includes under mswin32) define snprintf to _snprintf and vsnprintf to _vsnprintf like we do, and through the many defines they end up being available in the Nmap sources. Vsnprintf() uses vsnprintf() (and writes a NULL byte at the end if truncated), and Snprintf uses Vsnprintf(). 2007-08-14 06:46:54 +00:00
fyodor
03b4dc0ec5 merge soc07 r5233 - Changed perror()s with hardcoded function names to Nmap's gh_perror() and __func__, changed perror()s followed by exit()s to Nmap's pfatal(), and removed newlines from perror()s because it breaks the line after that and before the colon and error string, which doesn't make sense 2007-08-11 05:57:54 +00:00
fyodor
6c06f51bd7 merge soc07 r5100 - Changing fprintf(stderr, )'s to error()'s (or fatal() if followed by and exit()). Besides providing consistency, this also allows more errors to actually be logged with --log-errors. 2007-08-11 05:16:56 +00:00
fyodor
8dc9673928 merge soc07 r5085 - Changing bare printf()s to log_write(LOG_PLAIN,)s because these were always printed even when things like XML and greppable output were sent to stdout (e.g. -oX -). This also adds o.scriptTrace() to make --script-trace behave more like --packet-trace and --version-trace. Nsock tracing was done unconditionally in NSE, and that has been changed to only be done when o.scriptTrace() is true. 2007-08-11 05:13:16 +00:00
fyodor
90a0087bb4 merge soc07 r5081 - changed close to 100 occurrences of LOG_NORMAL|LOG_SKID|LOG_STDOUT (and combinations) to LOG_PLAIN, and moved LOG_PLAIN definition to output.h from traceroute.h 2007-08-11 05:11:47 +00:00
fyodor
abc402ebe7 merge soc07 r4959 - Put <extrareasons> inside <extraports> as this should really simplify XML parsers' jobs because they won't have to keep track of what states and reasons go together 2007-08-11 04:30:24 +00:00
fyodor
8a3b378695 merge soc07 r4947:4953 - os fingerprinting system improvements, trivial traceroute.cc grammar tweak 2007-08-11 04:29:03 +00:00
fyodor
8d74bbcd8a merge soc07 r4871:4884 and r4888 - renaming __FUNCTION__ to __func__ and changing hardcoded func names to __func__ 2007-08-11 04:06:09 +00:00
fyodor
58522c59f6 merge soc07 r4822 - Reduce the number of build dependencies. 2007-08-11 03:35:46 +00:00
fyodor
f5e32d305f merge soc07 r4780 - Moved OSScan warning message (may not be reliable because could not find 1 open and 1 closed port) so it is printed along with the OSScan results instead of above it 2007-08-11 03:24:04 +00:00
fyodor
94b77b4980 trivial grammar fix 2007-03-16 08:47:13 +00:00
fyodor
a6d033e218 improve timestamp frequency classification 2007-03-12 00:00:14 +00:00
kris
b8b7e2c47a Tiny change: icmp_hun.ih_void -> icmp_void in osscan2.cc. icmp_void is #define'd to that ugly thing 2007-01-24 19:09:04 +00:00
kris
69754e8311 Use dnet headers for TCP and UDP. This allows us to remove netinet tcp.h and udp.h references, the udphdr_bsd stuff, and the TH_ECE/TH_CWR #defines in tcpip.h. That was easy, but we (Fyodor and I) came to the conclusion that IP and ICMP aren't worth the hassle to switch (I was testing TCP, UDP and IP in my branch). The struct icmp_hdr in dnet isn't setup anything like what we're using now. Then, struct ip_hdr uses ip_addr_t (typedef'd to uint32_t in that ip.h) instead of struct in_addr for the IP addresses, and that would require some dnet modifying to work right. We might be able to come up with some elegant solution for IP, but probably not for ICMP. For now, they're still left up to netinet (or tcpip.h). 2007-01-23 05:29:59 +00:00
fyodor
8e2de50dd3 Kris Katterjohn patches for code clean up, iana ip assignment update, fixe fileexistsandisreadable 2006-12-12 09:56:15 +00:00
fyodor
1308928e29 Nmap 4.20, woohoo 2006-12-08 03:01:08 +00:00
fyodor
508e674ce4 fix Mac OS X pcap problem, I hope 2006-11-19 09:35:26 +00:00
fyodor
e4ee4d5e4c getting closer to 4.20ALPHA9 2006-10-14 01:25:43 +00:00
fyodor
25bbd2983d New dynamic number of OS tries, and --max-os-tries option 2006-10-02 03:21:40 +00:00
fyodor
02aaa51e19 starting to make major updates to nmap-os-db, various fixes to the related tools 2006-09-12 10:46:50 +00:00
fyodor
10ffae41cf spellcheck patch 2006-09-05 08:39:32 +00:00
fyodor
6af66cd954 Nmap 4.20ALPHA6 2006-09-03 01:15:17 +00:00
fyodor
521184fdc8 Fix some Windows compilation errors 2006-08-31 05:28:59 +00:00
fyodor
3768236c47 More OS detection changes. We're really getting close now 2006-08-30 07:38:30 +00:00
fyodor
0eb6303487 fixed a major os detection bug with computation of the ISR test result. Am in the process of updating the DB 2006-08-29 07:02:35 +00:00
fyodor
9cbae88f44 Add -ip-options support 2006-08-29 03:26:00 +00:00
fyodor
87c4dbdf39 Added new SEQ.ISR element, removed SEQ.CL, changed calculation of SEQ.SP 2006-08-27 02:43:44 +00:00
fyodor
b28d51167c Minor source code header improvements 2006-08-25 01:47:49 +00:00
fyodor
a403864351 Replace file headers, mostly to update copyright to 2006 2006-08-24 04:43:50 +00:00
fyodor
db7e28aa8e Update OS detection verbose output 2006-08-24 04:38:51 +00:00
fyodor
739807972b Allow fingerprints to be shown even if target host is many hops away, remove some excess verbiage that should use ScanProgressMeter anyway 2006-08-24 04:15:00 +00:00
fyodor
a15e1e0f05 OS detection changes to improve timing/reliability, print fprint in more cases, etc. Also some tiny changes from Kris Katterjohn 2006-08-24 04:06:08 +00:00
fyodor
29b1d58389 Some minor misc. fixes from Marek Majkowski and Kris Katterjohn 2006-08-22 21:31:37 +00:00
fyodor
1da53c8366 Added Zhao changes which cause packet-trace to print tcp ops, slight changes to new os detection, and update fingerfix.pl for recent os detection changes 2006-08-20 18:17:03 +00:00