PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 03:39:02 +00:00
Code Issues Projects Releases Wiki Activity
8,796 Commits 2 Branches 0 Tags
c70a7be88f176ff421e89ceeb3f570fc19aa3d15
Commit Graph

1941 Commits

Author SHA1 Message Date
dmiller
dc617c42f3 New unittest library and driver script for NSE testing 
Please read the documentation. This is a way to add unit testing to NSE
libraries (not scripts, yet). Please add tests to your libraries!
Examples to come in further commits.
 2014-01-03 21:10:01 +00:00
dmiller
395a91b026 Fix @output nsedoc for targets-asn 2014-01-03 21:09:57 +00:00
fyodor
8418f18274 Minor updates to comments. For example, wanted to clarify that the Nikto http-enum integration was done with cooperation/encouragement from Nikto folks 2013-12-27 03:45:53 +00:00
sophron
55e066c0e6 [NSE] Added a feature that integrates Nikto's large db to our http-fingerprint file on runtime. http://seclists.org/nmap-dev/2013/q4/292 2013-12-23 15:50:19 +00:00
sophron
0645d18764 [NSE] Renamed and fixed the script that detects Zimbra LFI. Patch by Ron Bowes. 2013-12-19 20:45:49 +00:00
dmiller
771a6a0793 Fix more Lua patterns with '-', see r32566 2013-12-19 20:34:46 +00:00
dmiller
45cd8091a4 Fix Lua patterns that contain - 
"-" in a Lua pattern means "ungreedy zero-or-more" and must be escaped
to match a literal "-". http://www.lua.org/manual/5.2/manual.html#6.4.1
 2013-12-19 20:05:09 +00:00
sophron
c52c5476de [NSE] Added a script that detects Zimbra zero-day LFI. Script written by Paul Amar. 2013-12-18 22:42:15 +00:00
sophron
f280a93538 [NSE] Added a detection method and the option to execute a payload. Patch by Paul Amar. 2013-12-09 15:54:43 +00:00
david
98bbff8b69 Remove unused local. 2013-12-05 23:41:21 +00:00
david
aa15467a3f Fix the off-by-one in ssl-enum-ciphers that I reintroduced. 2013-12-03 17:12:15 +00:00
david
126d424dec Simplify the chunk calculation. 2013-12-02 22:47:20 +00:00
david
6832c98454 Try only 64 ciphers at a time in ssl-enum-ciphers. 
An off-by-one error meant that we tried 65 at a time. The number 64 came
up in a discussion of limitations of running against IIS.
http://seclists.org/nmap-dev/2012/q3/167
 2013-12-02 22:47:09 +00:00
fyodor
0dafd86d22 Add AllSeeingEye (a protocol for querying status of certain games) script and service probe 2013-12-01 22:09:16 +00:00
david
8ab92b3214 Tabs to spaces in ssl-enum-ciphers. 2013-11-27 04:59:48 +00:00
patrik
9e075b8140 change incorrect parameter http-put.file to http-url.file based on bug report 2013-11-23 22:26:33 +00:00
fyodor
e6a0762764 o [NSE] Add freelancer-info to gather information about the Freelancer 
game server. Also added a related version detection probe and UDP
  protocol payload for detecting the service. [Marin Maržić]
 2013-11-20 04:31:31 +00:00
fyodor
e1932c2916 Regenerate script.db 2013-11-20 04:04:59 +00:00
dmiller
83e0ee1e70 Add ChaCha20-Poly1305 TLS cipher suites to ssl-ciphers 2013-11-14 20:41:09 +00:00
patrik
4152af8eb1 Fix nil value reference 2013-11-14 02:50:47 +00:00
dmiller
58d44f8437 Add .skip script-arg for http-server-header 
Because http-server-header grabs the server header and sets the service
version hardmatched, Nmap won't print a service fingerprint. This means
people might not submit as many fingerprints in the future, but we would
rather they did (speeds up scans by short-circuiting version probes).

Now http-server-header will print a messages suggesting the use of
--script-args http-server-header.skip for the purposes of submitting a
fingerprint. If this script-arg is set, the script will not run,
preserving Nmap's previous behavior.
 2013-11-12 18:35:17 +00:00
dmiller
fbf03995e0 Allow http-server-header to set http service even without Server header 2013-11-08 21:33:57 +00:00
dmiller
3e54536dab Add http-server-header as a last-ditch means to get httpd version 
See http://seclists.org/nmap-dev/2013/q3/599 for justification.
 2013-11-08 21:19:36 +00:00
dmiller
a02dd889d7 Add xmloutput for ssh2-enum-algos 2013-11-08 17:46:07 +00:00
dmiller
86c8703486 Let dns-brute read candidate SRV records from dns-srv-names instead of hard-coded list 2013-11-01 22:10:37 +00:00
dmiller
40e9fe4746 Refactor dns-brute for readability 2013-11-01 21:48:54 +00:00
dmiller
85a86ecf8e Let dns-brute read candidates from vhosts-default.lst instead of hard-coded list 2013-11-01 21:48:53 +00:00
dmiller
9f1d2c472d Replace print() calls with stdnse.print_debug() 
NSE scripts should not send data to stdout with print(). One exception
was not altered: url-snarf states in its documentation that urls are
sent to stdout by default, with a script-arg option to save to a file
instead.
 2013-11-01 17:01:18 +00:00
dmiller
84c944fb71 Add xmloutput for dns-brute 2013-11-01 17:01:16 +00:00
dmiller
920f07d843 Normalize author fields, changing "and" to comma-sep 2013-11-01 15:56:37 +00:00
paulino
127679d055 Fixes false positive. 2013-10-31 17:37:22 +00:00
sophron
f57b58d095 [NSE] Updated Robtex scripts to make them work again. Primarily, changed the addresses to https and corrected some wrong patterns. 2013-10-31 17:15:52 +00:00
dmiller
901e414927 Author field should be a string, not table 2013-10-31 14:46:45 +00:00
paulino
3340ac27ef Adds http-iis-short-name-brute.nse. The script detects Microsoft IIS servers vulnerable to a filename disclosure and denial of service vulnerability. 2013-10-31 04:04:45 +00:00
dmiller
af8874d66f New script weblogic-t3-info 
http://seclists.org/nmap-dev/2013/q4/74
 2013-10-30 15:10:00 +00:00
dmiller
82e6745fe5 Update script.db for rfc868-time 2013-10-23 17:48:37 +00:00
dmiller
9207e2eda1 Add rfc868-time.nse, queries a Time protocol server 2013-10-23 17:45:48 +00:00
dmiller
4bbb4366d2 Fix name_confidence use (0-10, not 0-100) 2013-10-23 16:36:26 +00:00
fyodor
3daeedd608 Minor rewording for clarity that someone suggested 2013-10-22 00:51:58 +00:00
dmiller
4209ec0e82 Remove redundant verbosity check 2013-10-18 18:47:01 +00:00
dmiller
507f0bc3ee Remove use of __call output_table hack in favor of length (#) 2013-10-18 18:35:07 +00:00
dmiller
34cd23e101 Add xmloutput for ntp-info.nse 2013-10-18 18:35:05 +00:00
dmiller
a69a7fb676 Add xmloutput to dns-nsid.nse 2013-10-18 18:35:02 +00:00
dmiller
33a8bc11c4 Add xmloutput to socks-auth-info.nse 2013-10-18 18:34:55 +00:00
dmiller
1b07c5ce54 Add xmloutput to tls-nextprotoneg.nse 2013-10-18 18:34:54 +00:00
dmiller
35dbe4fe37 Add xmloutput to vnc-info.nse 2013-10-18 16:05:48 +00:00
dmiller
95585e4008 Add xmloutput to smbv2-enabled.nse 2013-10-18 16:05:46 +00:00
dmiller
66569165ac Add xmloutput to x11-access.nse 2013-10-18 16:05:45 +00:00
dmiller
8ce3b65272 Add xmloutput to sshv1.nse 2013-10-18 16:05:44 +00:00
patrik
e97a5b9d5a Add http-dlink-backdoor script that detects DLink routers with firmware 
backdoor allowing admin access over HTTP interface.
 2013-10-17 23:41:12 +00:00