PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
5,700 Commits 2 Branches 0 Tags
bbda5dfd90b437299c3eb93c81ced776cc3e3cc8
Commit Graph

5700 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
luis
bbda5dfd90 Minor style fixes 2011-07-26 12:04:08 +00:00
luis
6defb790d2 Add some comments to the top of functions 2011-07-26 12:04:04 +00:00
luis
ad3e5dadc2 Add some comments and remove some unused code 2011-07-26 12:03:49 +00:00
luis
3f3fc7dc07 Replace some tabs with spaces, and some other minor style fixes 2011-07-26 12:03:44 +00:00
luis
2ccd8a60cb Add doc for get_initial_ttl_guess() 2011-07-26 12:03:40 +00:00
luis
46eeeb0b1e Minor comment fixes 2011-07-26 12:03:21 +00:00
luis
c9cefab5fc Reorganized source file so methods of the same class are grouped together 2011-07-26 12:03:18 +00:00
luis
da576f15bd Minor whitespace, indentation and style fixes 2011-07-26 12:03:15 +00:00
luis
2ea0f04494 Move class definitions to the header file 2011-07-26 12:03:12 +00:00
luis
68911fc5ad Move typedef to the header file 2011-07-26 12:03:09 +00:00
patrik
89d1f3b8d3 o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs 
brute force password auditing against XMPP (Jabber) servers. [Patrik]
 2011-07-26 06:54:19 +00:00
patrik
6714caede8 Fixed a bug that would prevent the script from displaying any output unless 
being run in debug mode. [Patrik]
 2011-07-26 06:46:12 +00:00
fyodor
c2c163b856 The *-brute scripts traditionally go in the auth category rather than brute. I think this was an accident, but creating a brute category might not be a bad idea 2011-07-26 01:06:42 +00:00
fyodor
5d7b067b66 Add credit for two funding souces (Google Summer of Code and DARPA CINDER program) 2011-07-26 00:58:06 +00:00
david
a652d29ac6 Whitespace. 2011-07-25 23:33:16 +00:00
david
f56c0d0f77 Make dummy struct operator() const. 
Solves a compile error with Visual C++ 2008.
 2011-07-25 23:31:17 +00:00
djalal
6bb9ad1e80 Added the print_hex() fix CHANGELOG entry. 2011-07-25 23:18:51 +00:00
djalal
3ce7d52800 o [NSE] Improved the NSEDoc of the print_hex() function. [Chris Woodbury] 2011-07-25 23:12:51 +00:00
djalal
47345ac696 o [NSE] Do not print an empty line if there are no remaining characters. 
This patch was contributed by Chris Woodbury.
 2011-07-25 23:09:24 +00:00
djalal
950e435921 o [NSE] Make smb-security-mode run by default. 2011-07-25 21:40:31 +00:00
fyodor
f721f56852 latest task updates 2011-07-25 21:14:42 +00:00
luis
660c91ee57 Minor style changes 2011-07-25 18:39:54 +00:00
luis
80a8a8a418 Change explicit definition of struct osscan_timing_vals to a typedef in the header file 2011-07-25 18:36:05 +00:00
luis
35ef43f711 Change explicit definition of os_scan_performance_vars to a typedef in the header file 2011-07-25 18:34:03 +00:00
luis
4faf19f738 Move constant definitions to the osscan2 header file 2011-07-25 18:30:05 +00:00
patrik
5e954c65a9 Added support for comments in the credential_iterator [Patrik] 2011-07-25 17:59:05 +00:00
paulino
a8df084c1f Adds http default ports for LiteSpeed Web Server. 2011-07-24 21:26:37 +00:00
paulino
a6c86e4769 Adds entry about http-litespeed-sourcecode-download and http-axis2-dir-traversal 2011-07-24 21:16:15 +00:00
paulino
d4054187e4 Adds http-axis2-dir-traversal: 
http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
 2011-07-24 21:10:04 +00:00
paulino
c43e0bb970 Added http-litespeed-sourcecode-download: 
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).

If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
* <code>/index.php\00.txt</code>

References:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
* http://www.exploit-db.com/exploits/13850/
 2011-07-24 20:13:42 +00:00
shinnok
e2fcc14fe2 Update my TODO file. 2011-07-22 21:55:18 +00:00
shinnok
a83e27c0fb Update CHANGELOG with the Ncat blocking ssl handshakes fix. 2011-07-22 21:43:24 +00:00
djalal
bd6d08232d Added the '--script-help' option to the Nmap usage. 2011-07-22 10:59:07 +00:00
batrick
4d27d83f62 Fix to make SCRIPT_NAME not have a filename extension in certain situations. 
See [1].

[1] http://seclists.org/nmap-dev/2011/q3/304
 2011-07-21 18:26:11 +00:00
batrick
9d7ce06a96 better error message when script fails to load (now includes traceback of the script) 2011-07-21 17:46:16 +00:00
patrik
cbf959aecc o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover 
message to the broadcast address and collects and reports the network
  information received from the DHCP server. [Patrik]
 2011-07-21 11:56:15 +00:00
patrik
29c973befa Add imap-brute as I missed it in the earlier commit [Patrik] 2011-07-21 10:04:30 +00:00
patrik
ee7e069e63 o [NSE] Added the script smtp-brute that performs brute force password 
auditing against SMTP servers. [Patrik]

o [NSE] Updated SMTP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:16:20 +00:00
patrik
0453f89779 o [NSE] Added the script imap-brute that performs brute force password 
auditing against IMAP servers. [Patrik]

o [NSE] Updated IMAP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:14:02 +00:00
patrik
222e8b9e42 o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson 
providing common code for "Simple Authentication and Security Layer" to
  services supporting it. The algorithms supported by the library are:
  PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]
 2011-07-21 06:07:02 +00:00
patrik
c3f94727ad o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs 
library. The cvs-brute-repository script allows for guessing possible
  repository names needed in order to perform password guessing using the
  cvs-brute.nse script. [Patrik]
 2011-07-21 06:01:19 +00:00
patrik
2faca7aed1 Added support for scripts to report invalid (non-existing) accounts back 
to the brute library. This way, they're removed from further guessing.
[Patrik]
 2011-07-21 05:56:58 +00:00
fyodor
4c03e43d2f Fix a typo in category name 2011-07-21 05:12:33 +00:00
weilin
586b8464b2 Reverted the unintended changes on nselib/packet.lua@25009. 2011-07-21 02:32:47 +00:00
colin
fd59f6f8d2 Updated changelog with zenmap crash reporter changes 2011-07-20 19:18:53 +00:00
weilin
e889dead91 o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4 
ARP scan. It is the default ping type for local IPv6 networks.
 2011-07-20 08:29:02 +00:00
david
c32d196ce2 Remove the nonexistent include/config.h from the build configuration. 
With this present, the project always appeared out of date. Visual C++
would always prompt to rebuild the project when starting to debug, for
example.
 2011-07-20 07:16:05 +00:00
david
6cf428d8c6 Fix some "and" -> "&&". 2011-07-19 23:42:33 +00:00
david
1646813162 Whitespace and formatting in osscan.cc. 2011-07-19 22:00:13 +00:00
david
9a64d66a1e Clarify an ambiguous if/else. 2011-07-19 21:40:32 +00:00