PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity
5,946 Commits 2 Branches 0 Tags
c41f53b3b1eaa6e1c14f4febe6109411bc4450a6
Commit Graph

242 Commits

Author SHA1 Message Date
david
c41f53b3b1 --script-updatedb 2011-09-26 20:56:46 +00:00
david
a48b91852c Add version detection to quake3-info.nse, from Toni Ruottu. 2011-09-26 20:56:45 +00:00
david
423beece60 o [NSE] Added quake3-info.nse by Toni Ruottu. This script gets 
information about games and settings for a Quake 3 (or derived game)
  server.
 2011-09-21 22:49:59 +00:00
tomsellers
1c92c03401 Add a few scripts to the "broadcast" script category based on traffic behavior. 2011-09-11 11:58:18 +00:00
fyodor
8b88d901a9 Remove 3 vuln scripts from default category as discussed at http://seclists.org/nmap-dev/2011/q3/732 2011-09-07 20:40:51 +00:00
henri
f2ff9bb728 Added xmpp-info.nse as a replacement for xmpp.nse (script from Vasily Kulikov). 2011-09-04 19:18:22 +00:00
david
113ef12106 Add IPv6 multicast host discovery scripts from Weilin. 2011-09-02 04:11:00 +00:00
henri
afc3d2059c Added http-vuln-cve2011-3192.nse from Duarte Silva. 2011-08-29 21:42:57 +00:00
fyodor
71a3724543 We don't currently have a brute category. I'm not at all against having one though. So if someone wishes to create one, just be sure you put all the *-brute scripts in it 2011-08-25 02:57:17 +00:00
gorjan
b12bb4fba2 Adding address-info.nse, which shows extra information about IP addresses. 2011-08-23 10:36:16 +00:00
paulino
b99a8bbd99 Adds http-awstatstotals-exec, http-joomla-brute, http-wordpress-brute and http-wp-enum. 2011-08-23 06:29:12 +00:00
paulino
172bf91228 Adds http-waf-detect: 
Determines if a web server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or WAF (Web Application Firewall) by probing the web server with malicious payloads and detecting changes in the response code and body.
 2011-08-15 21:38:58 +00:00
patrik
a1d515e548 o [NSE] Added script broadcast-listener that attempts to discover hosts by 
passively listening to the network. It does so by decoding ethernet and IP
  broadcast and multicast messages. [Patrik]
 2011-08-10 16:46:55 +00:00
patrik
89d1f3b8d3 o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs 
brute force password auditing against XMPP (Jabber) servers. [Patrik]
 2011-07-26 06:54:19 +00:00
fyodor
c2c163b856 The *-brute scripts traditionally go in the auth category rather than brute. I think this was an accident, but creating a brute category might not be a bad idea 2011-07-26 01:06:42 +00:00
djalal
950e435921 o [NSE] Make smb-security-mode run by default. 2011-07-25 21:40:31 +00:00
paulino
d4054187e4 Adds http-axis2-dir-traversal: 
http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
 2011-07-24 21:10:04 +00:00
paulino
c43e0bb970 Added http-litespeed-sourcecode-download: 
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).

If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
* <code>/index.php\00.txt</code>

References:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
* http://www.exploit-db.com/exploits/13850/
 2011-07-24 20:13:42 +00:00
patrik
cbf959aecc o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover 
message to the broadcast address and collects and reports the network
  information received from the DHCP server. [Patrik]
 2011-07-21 11:56:15 +00:00
patrik
ee7e069e63 o [NSE] Added the script smtp-brute that performs brute force password 
auditing against SMTP servers. [Patrik]

o [NSE] Updated SMTP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:16:20 +00:00
patrik
0453f89779 o [NSE] Added the script imap-brute that performs brute force password 
auditing against IMAP servers. [Patrik]

o [NSE] Updated IMAP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:14:02 +00:00
patrik
c3f94727ad o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs 
library. The cvs-brute-repository script allows for guessing possible
  repository names needed in order to perform password guessing using the
  cvs-brute.nse script. [Patrik]
 2011-07-21 06:01:19 +00:00
fyodor
4c03e43d2f Fix a typo in category name 2011-07-21 05:12:33 +00:00
djalal
2c7cad079b o [NSE] Added smtp-vuln-cve2011-1764 script, which checks the Exim DKIM 
Format String vulnerability (CVE-2011-1764).
 2011-07-18 10:21:01 +00:00
djalal
cc062e2e1e o [NSE] Remove the mac-geolocation script entries since the it was deleted. 
- Update the script.db file.
  - Add the script name to the 'OLD_SCRIPT_NAMES' variable in the Makefile.in file.
 2011-07-18 09:58:50 +00:00
djalal
30bd1681b0 o [NSE] Made the following scripts in the default category: 
giop-info.nse
  vnc-info.nse
  ncp-serverinfo.nse
  afp-serverinfo.nse
 2011-07-18 09:50:18 +00:00
gorjan
9b7d310355 Adding the broadcast-ping script. 2011-07-13 09:38:40 +00:00
djalal
dbe7a27698 o [NSE] Updated the categories of the following scripts: 
irc-unrealircd-backdoor.nse
  iscsi-info.nse
  wdb-version.nse
  ftp-proftpd-backdoor.nse
  ssl-cert.nse
  ftp-vsftpd-backdoor.nse
  afp-path-vuln.nse
  targets-sniffer.nse
  broadcast-ms-sql-discover.nse
 2011-07-11 22:03:17 +00:00
patrik
4de3601473 o [NSE] Added script db2-discover into the default category [Patrik Karlsson] 2011-07-10 08:04:52 +00:00
patrik
1feb1bd582 o [NSE] Split script db2-discover into two scripts, adding a new 
broadcast-db2-discover script. This script attempts to discover DB2
  database servers through broadcast requests. [Patrik Karlsson]
 2011-07-10 08:01:26 +00:00
paulino
52b7dbac5e Updates script.db to include http-google-malware: 2011-07-08 23:45:49 +00:00
djalal
7b0b7c3370 Added the ftp-vsftpd-backdoor entry to the script.db file. 2011-07-05 09:19:59 +00:00
paulino
82a68e02db Adds http-default-accounts - It tests for access with default credentials in a variety of web applications and devices. 
It works similar to http-enum, we detect applications by matching known paths and launching a login routine using default credentials when found.
This script depends on a fingerprint file containing the target's information: name, category, location paths, default credentials and login routine.
 2011-07-01 21:43:34 +00:00
djalal
1c3d400822 o [NSE] Added ftp-vuln-cve2010-4221 script which checks if the ProFTPD 
server is vulnerable to the Telnet IAC stack overflow CVE-2010-4221
  [Djalal].
 2011-06-30 22:21:25 +00:00
fyodor
9a2b80c34d Remove ip-geolocation-quova -- it include an API key which apparently required agreeing to the Quova terms of service to obtain (http://developer.quova.com/apps/tos). And those seem to pretty clearly ban this sort of use. So we can only use this script if we get permission from Quova (best option), or we make it so that user is required to pass a key as nsearg 2011-06-29 03:34:47 +00:00
paulino
651197768b Adds http-barracuda-dir-traversal - 
Attempts to retrieve the configuration settings from the MySQL database 
dump on a Barracuda Networks Spam & Virus Firewall device using the 
directory traversal vulnerability in the "locale" parameter of 
"/cgi-mod/view_help.cgi" or "/cgi-bin/view_help.cgi".

The web administration interface runs on port 8000 by default.

Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval
Original exploit by ShadowHatesYou <Shadow@SquatThis.net>
For more information, see:
http://seclists.org/fulldisclosure/2010/Oct/119
http://www.exploit-db.com/exploits/15130/
 2011-06-28 23:43:34 +00:00
patrik
55da9dc683 added the creds-summary.nse script [Patrik] 2011-06-27 21:21:15 +00:00
paulino
4f60960b29 Adds http-majordomo2-dir-traversal to the repository. This script exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. 2011-06-27 20:22:25 +00:00
djalal
49774ecf10 o [NSE] Added smtp-vuln-cve2010-4344 script that will check and exploit 
two vulnerabilities in the Exim SMTP Server:
  o CVE-2010-4344: A heap overflow vulnerability.
  o CVE-2010-4345: A privileges escalation vulnerability.
 2011-06-24 15:37:53 +00:00
gorjan
21ece8d864 Update script database for the ip-geolocation scripts 2011-06-20 12:56:34 +00:00
patrik
5558837091 o [NSE] Added two new scripts broadcast-netbios-master-browser and smb-mbenum: 
- broadcast-netbios-master-browser attempts to discover master browsers in
    the broadcast domain
  - smb-mbenum lists servers registered with the master browser
  [Patrik]
 2011-06-19 18:47:19 +00:00
patrik
0a3bf95897 o [NSE] Added a MySQL audit script and a rulebase that supports auditing a 
subset of the MySQL CIS 1.0.2 Benchmark. [Patrik]
 2011-06-17 06:12:01 +00:00
patrik
cf873707cd o [NSE] Added minimal Service Location Protocol (SLP) library and the script 
broadcast-novell-locate that detects servers running eDirectory. [Patrik]
 2011-06-15 06:23:30 +00:00
fyodor
9f04bd554b regen the script.db (there was no entry for mac-geolocation) 2011-06-08 06:06:07 +00:00
patrik
873cf47611 o [NSE] Added the Netware Core Protocol (NCP) library and the scripts 
ncp-serverinfo and ncp-enum-users. [Patrik]
 2011-05-28 09:01:31 +00:00
patrik
8b78ccf469 o [NSE] Added ldap-novell-getpass, a script that provides support for 
retrieving Universal Passwords in plain-text from Novell eDirectory.
[Patrik]
 2011-05-28 08:48:26 +00:00
paulino
1e0e438b09 Added http-cakephp-version.nse - NSE script for fingerprinting versions of CakePHP applications. 2011-05-20 09:25:22 +00:00
djalal
edda382a77 Add the smtp-vuln-cve2011-1720 script to the script.db file. 2011-05-19 18:31:34 +00:00
fyodor
20e03044bf Reran nmap --script-updatedb to catch new categories of smtp-check-vulns script 2011-05-17 17:43:35 +00:00
djalal
c1ba251135 o [NSE] Added smtp-check-vulns, which currently checks for the Postfix 
SMTP server Cyrus SASL authentication memory corruption (CVE-2011-1720).
 2011-05-15 15:57:10 +00:00