PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity
5,810 Commits 2 Branches 0 Tags
c20cc8331c8ca148eebd9d05d636ef511cd64211
Commit Graph

1104 Commits

Author SHA1 Message Date
henri
8687465372 Added a blank line after the @args section to ensure a correct formatting of the NSE Doc 2011-08-30 17:06:17 +00:00
henri
afc3d2059c Added http-vuln-cve2011-3192.nse from Duarte Silva. 2011-08-29 21:42:57 +00:00
fyodor
71a3724543 We don't currently have a brute category. I'm not at all against having one though. So if someone wishes to create one, just be sure you put all the *-brute scripts in it 2011-08-25 02:57:17 +00:00
gorjan
b12bb4fba2 Adding address-info.nse, which shows extra information about IP addresses. 2011-08-23 10:36:16 +00:00
paulino
b99a8bbd99 Adds http-awstatstotals-exec, http-joomla-brute, http-wordpress-brute and http-wp-enum. 2011-08-23 06:29:12 +00:00
gorjan
f46a8eb2de Output fix 2011-08-22 13:48:44 +00:00
fyodor
92ceb70071 Duarte Silva asked that his email address be updated in these scripts. 2011-08-22 00:58:19 +00:00
paulino
172bf91228 Adds http-waf-detect: 
Determines if a web server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or WAF (Web Application Firewall) by probing the web server with malicious payloads and detecting changes in the response code and body.
 2011-08-15 21:38:58 +00:00
gorjan
c6bf558a3c Updated NSEDoc usage. 2011-08-13 19:26:24 +00:00
patrik
a1d515e548 o [NSE] Added script broadcast-listener that attempts to discover hosts by 
passively listening to the network. It does so by decoding ethernet and IP
  broadcast and multicast messages. [Patrik]
 2011-08-10 16:46:55 +00:00
gorjan
4d4b6ed20f NSEDoc fix for the bittorrent-discovery script 2011-08-09 19:55:59 +00:00
gorjan
88e8647381 Adding the bittorrent library and bittorrent-discovery script which enables you to add bittorrent peers and DHT nodes as targets for scanning 2011-08-09 16:56:13 +00:00
tomsellers
e7b2ffe7c8 Tweaked ldap-brute.nse to work correctly when the target AD implementation is 2008 R2 and perhaps other sources. 
Added detection of accounts where the credentials are correct, but the account is expired, not allowed to log on at the time of the scan or has been limited to logging in from particular hosts.

Notes on these changes were sent to the mailing list.
 2011-08-08 00:26:02 +00:00
gorjan
d509ad055a Adding the optimized snmp-brute script, unpwdb library , snmpcommunities wordlist 2011-08-03 21:37:27 +00:00
gorjan
b9a1f0d49e Small fix for script output not to include the newtargets comment when no output is produced. 2011-08-02 03:45:59 +00:00
paulino
c8c2ef76d0 Fixes typo in default fingerprint file 2011-07-27 04:56:41 +00:00
paulino
26dc09ad43 Gets arguments with stdnse.get_script_args instead of reading them from nmap.registry 2011-07-27 03:28:13 +00:00
paulino
338ed74779 Gets arguments with stdnse.get_script_args instead of reading them from nmap.registry 2011-07-27 03:26:01 +00:00
paulino
0e9a3e994d Gets arguments with stdnse.get_script_args() instead of reading them from nmap.registry 2011-07-27 03:24:17 +00:00
fyodor
e165a0e39f Removed some comments which were causing the action function to be documented in a non-useful way on the web. It should have probably used just two dashes rather than starting with 3 and becoming an nsedoc comment. But since it just said MAIN, I simply removed the comment lines 2011-07-26 21:35:20 +00:00
patrik
89d1f3b8d3 o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs 
brute force password auditing against XMPP (Jabber) servers. [Patrik]
 2011-07-26 06:54:19 +00:00
patrik
6714caede8 Fixed a bug that would prevent the script from displaying any output unless 
being run in debug mode. [Patrik]
 2011-07-26 06:46:12 +00:00
fyodor
c2c163b856 The *-brute scripts traditionally go in the auth category rather than brute. I think this was an accident, but creating a brute category might not be a bad idea 2011-07-26 01:06:42 +00:00
david
a652d29ac6 Whitespace. 2011-07-25 23:33:16 +00:00
djalal
950e435921 o [NSE] Make smb-security-mode run by default. 2011-07-25 21:40:31 +00:00
paulino
d4054187e4 Adds http-axis2-dir-traversal: 
http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
 2011-07-24 21:10:04 +00:00
paulino
c43e0bb970 Added http-litespeed-sourcecode-download: 
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).

If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
* <code>/index.php\00.txt</code>

References:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
* http://www.exploit-db.com/exploits/13850/
 2011-07-24 20:13:42 +00:00
patrik
cbf959aecc o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover 
message to the broadcast address and collects and reports the network
  information received from the DHCP server. [Patrik]
 2011-07-21 11:56:15 +00:00
patrik
29c973befa Add imap-brute as I missed it in the earlier commit [Patrik] 2011-07-21 10:04:30 +00:00
patrik
ee7e069e63 o [NSE] Added the script smtp-brute that performs brute force password 
auditing against SMTP servers. [Patrik]

o [NSE] Updated SMTP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:16:20 +00:00
patrik
0453f89779 o [NSE] Added the script imap-brute that performs brute force password 
auditing against IMAP servers. [Patrik]

o [NSE] Updated IMAP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:14:02 +00:00
patrik
c3f94727ad o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs 
library. The cvs-brute-repository script allows for guessing possible
  repository names needed in order to perform password guessing using the
  cvs-brute.nse script. [Patrik]
 2011-07-21 06:01:19 +00:00
fyodor
4c03e43d2f Fix a typo in category name 2011-07-21 05:12:33 +00:00
david
e2bb7cc271 Fix an indexing bug in http-vhosts.nse. Found by Daniel Miller. 2011-07-18 20:44:22 +00:00
david
bbf254d90e Fix incorrect (broken) return value in p2p-conficker.nse. Spotted by 
Daniel Miller.
 2011-07-18 20:40:47 +00:00
david
6d371adee8 Formatting. 2011-07-18 16:29:38 +00:00
david
a2314b2041 Add port 9050, tor-socks, to the portrule for socks-open-proxy.nse. 2011-07-18 16:29:37 +00:00
djalal
01f4cdd83e o [NSE] Small improvements on the smtp-vuln-cve2011-1764 script: 
- Check the port.version.product in the portrule to see if it matches
    the 'Exim smtpd'
  - If the script was not able to confirm the vulnerability but the Exim
    version is between 4.70 and 4.75, then report: "LIKELY VULNERABLE".
 2011-07-18 11:42:41 +00:00
djalal
2c7cad079b o [NSE] Added smtp-vuln-cve2011-1764 script, which checks the Exim DKIM 
Format String vulnerability (CVE-2011-1764).
 2011-07-18 10:21:01 +00:00
djalal
cc062e2e1e o [NSE] Remove the mac-geolocation script entries since the it was deleted. 
- Update the script.db file.
  - Add the script name to the 'OLD_SCRIPT_NAMES' variable in the Makefile.in file.
 2011-07-18 09:58:50 +00:00
djalal
30bd1681b0 o [NSE] Made the following scripts in the default category: 
giop-info.nse
  vnc-info.nse
  ncp-serverinfo.nse
  afp-serverinfo.nse
 2011-07-18 09:50:18 +00:00
gorjan
1f9479a161 Removing the mac-geolocation script which used the no longer available Google Geolocation API service 2011-07-17 17:26:59 +00:00
gorjan
d780448af7 Updating the script to use an API key supplied by the user throught the script-args. 2011-07-17 17:22:58 +00:00
gorjan
9b7d310355 Adding the broadcast-ping script. 2011-07-13 09:38:40 +00:00
gorjan
5f3b402cf7 Putting back the old snmp-brute untill I'm finished writing the new one 2011-07-12 23:25:57 +00:00
patrik
23d2e0d31f o [NSE] Applied patch from Chris Woodbury that adds the following additional 
information to the output of smb-os-discovery:
  + Forest name
  + FQDN
  + NetBIOS computer name
  + NetBIOS domain name
 2011-07-12 06:08:43 +00:00
djalal
dbe7a27698 o [NSE] Updated the categories of the following scripts: 
irc-unrealircd-backdoor.nse
  iscsi-info.nse
  wdb-version.nse
  ftp-proftpd-backdoor.nse
  ssl-cert.nse
  ftp-vsftpd-backdoor.nse
  afp-path-vuln.nse
  targets-sniffer.nse
  broadcast-ms-sql-discover.nse
 2011-07-11 22:03:17 +00:00
djalal
bd78274b20 o [NSE] Updated ftp-vsftpd-backdoor documentation since CVE-2011-2523 was just 
assigned to this backdoor.
  Added a final 'exit' command to terminate the remote '/bin/sh', however I don't
  think that this is necessary since the backdoor was very simple: it did not
  fork(), and closing the stdin of the '/bin/sh' will terminate it.
 2011-07-11 19:28:02 +00:00
djalal
c098d5e679 Simplify returned message when ProFTPD is not vulnerable. 2011-07-11 17:10:05 +00:00
djalal
36b535eba2 Removed an extra unused string.format argument :) 2011-07-11 15:33:52 +00:00