PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-19 22:19:02 +00:00
Code Issues Projects Releases Wiki Activity
6,864 Commits 2 Branches 0 Tags
cac71422e8968a97a070fce8646bf274328e63c1
Commit Graph

1449 Commits

Author SHA1 Message Date
david
90a2819a04 o [NSE] Added scripts by Toni Ruotto communicating with the NetBus 
remote administration/backdoor program.
  - netbus-info: gets configuration information.
  - netbus-brute: guesses passwords.
  - netbus-version: distinguishes NetBus from NetBuster, a program
    that mimics the protocol but doesn't actually allow any
    operations.
  - netbus-auth-bypass: Checks for a bug in the server that allows
    connecting without a password.
 2010-12-13 18:00:02 +00:00
david
a7e80b4cf3 Update script.db. 2010-12-13 17:30:08 +00:00
david
ccd901f918 Put realvnc-auth-bypass.nse in "auth" category. 2010-12-13 17:30:06 +00:00
david
00652cb231 o [NSE] Added stuxnet-detect.nse by Mak Kolybabi, which detects 
infections of the Stuxnet worm and can optionally download the
  Stuxnet executable.
 2010-12-12 22:40:42 +00:00
patrik
b484d08cfa Merged Martin Swende's patch to domino-enum-passwords that splits output 
based on different hash types.
 2010-12-11 06:47:49 +00:00
patrik
46cdf28fce o [NSE] Added a new iSCSI library and the two scripts iscsi-info and 
iscsi-brute. [Patrik]
 2010-12-10 23:20:59 +00:00
patrik
38a21c4d17 o [NSE] Add new script broadcast-ms-sql-discover and removed broadcast 
support from ms-sql-info. [Patrik]
 2010-12-10 23:12:27 +00:00
robert
eedd069c9e Added the new hash for PHP 5.3.4 credits and extended the elephant logo hash to include this new version. 2010-12-10 12:14:25 +00:00
david
528681c04a Take out "other" in "X other hosts had status Y" in http-vhosts.nse. It 
looks funny when it's the only line and I think it still looks fine this
way when there are multiple lines.
 2010-12-08 00:54:46 +00:00
david
e947e5dedf Patch to http-vhosts.nse from Carlos Pantelides: collapse multiple 
responses bearing the same code into one line.
 2010-12-08 00:54:45 +00:00
david
722fd3a89a Fix script argument name. ftp-proftpd-backdoor.cmd 
instead of ftp-proftp-backdoor.cmd.
 2010-12-07 22:44:06 +00:00
david
4744f6b747 Patch from Mak Kolybabi: let ftp-proftpd-backdoor bail out early if 
version detection has been done and doesn't show a potentially
backdoored version. Also update strings to match the new script name.
 2010-12-07 22:44:04 +00:00
david
adc460fc22 o [NSE] Added the ftp-proftpd-backdoor.nse script by mak Kolybabi, 
which checks for a backdoor in ProFTPD 1.3.3c.
 2010-12-07 00:22:01 +00:00
david
f8530814ab o [NSE] Added http-vhosts.nse from Carlos Pantelides. This script 
brute-forces virtual hosts by sending different Host headers to the
  same server.
 2010-12-06 05:19:35 +00:00
robert
e43a866bea Tweaked the versions slightly (removed 4.3.1 from the bunny hash as it looks wrong and hasn't been corroborated), based on 0php.com data. 2010-11-30 09:25:04 +00:00
fyodor
6c62ce69e8 note some of the information obtained from hddtemp service 2010-11-30 01:56:39 +00:00
david
77a4235fc4 Fixes to firewalk.nse from Henri Doreau: "The first one was due to my 
ignorance that the first index of lua arrays is 1 (and not 0). Because
of that, I was setting a too high ttl value when retrieving it from
traceroute results. The second one was a syntax error on a
nmap.log_write() call."
 2010-11-29 19:16:49 +00:00
david
f8b17ae441 o [NSE] Added the hddtemp-info script from Toni Ruotto, which gets 
hard drive temperatures from the hddtemp service.
 2010-11-29 19:00:11 +00:00
robert
a92eacec1d Added all missing PHP 5.x hashes and tidied up the output (grouped ranges and made it consistently use a dash). 
Hashes are now arranged in order, to make it easier to find manually.

For a list of all the PHP 5 hashes I generated see: http://seclists.org/nmap-dev/2010/q4/518
 2010-11-27 11:21:36 +00:00
patrik
a8efdad527 fixed usage typo. change port number from 5900 to 1352. 2010-11-24 20:56:43 +00:00
robert
485ee4aded Added a new credits hash for PHP/5.2.2 based on testing with php-5.2.2-Win32.zip. 2010-11-24 15:51:39 +00:00
david
21d0324c5b Updates to rmi-dumpregistry.nse and rmi.lua from Martin Holst Swende. 2010-11-23 17:45:58 +00:00
fyodor
3652bd6939 Rename a couple http scripts to make it more clear that they use the http protocol and for consistency with other script names 2010-11-20 04:22:51 +00:00
fyodor
ddcc972443 Update some text in scripts in preparation for rename of these two scripts 2010-11-20 04:19:16 +00:00
fyodor
10d85c1a6b Removed broadcast-upnp-info and broadcast-dns-service-discovery from the default category. With these running by default, I was getting a bunch of information about printers and stuff on my LAN. Which is great info, and I love the scripts, but that's not what I'm really looking for when just trying to scan scanme.nmap.org 2010-11-20 02:04:00 +00:00
patrik
68643a2946 applied patch from Thomas Buchanan containing bugfixes and some re-factoring 
http://seclists.org/nmap-dev/2010/q4/447
 2010-11-19 19:31:50 +00:00
david
c0b8514b4d In realvnc-auth-bypass, check the status in socket receive operations 
instead of checking for result == "TIMEOUT".
 2010-11-18 22:54:16 +00:00
david
1766507ecf Add a new http-php-version.nse version from a server that said: 
X-Powered-By: PHP/5.1.6
 2010-11-17 22:05:04 +00:00
ron
f4769f75e9 Fixed a bug in http-userdir-enum (was missing an argument to http.pipeline_add()) 2010-11-17 20:24:48 +00:00
david
fb0aa3f1e3 Add more http-passwd payloads from Ange Gutek. 2010-11-11 19:02:17 +00:00
patrik
734f938b04 o [NSE] Added a new Web Service Dynamic Discovery library (wsdd) and the two 
scripts broadcast-wsdd-discover and wsdd-discover. [Patrik]
 2010-11-10 22:35:13 +00:00
david
a92f1cb8a4 Update to firewalk.nse from Henri Doreau to use a more polymorphic style 
of supporting multiple protocols.
 2010-11-06 01:54:30 +00:00
david
ccce86a1a7 Add an http-passwd.root script argument. Patch by Ange Gutek. 2010-11-05 21:18:23 +00:00
batrick
ca56c00d33 removed some unnecessary locals 2010-11-05 14:25:44 +00:00
patrik
f61358ab28 fixed the following error: 
./scripts/domino-enum-users.nse:113: variable 'filename' is not declared
stack traceback:
	[C]: in function 'error'
	./nselib/strict.lua:69: in function <./nselib/strict.lua:60>
	./scripts/domino-enum-users.nse:113: in function <./scripts/domino-enum-users.nse:66>
	(tail call): ?
[Patrik]
 2010-11-05 10:07:50 +00:00
patrik
356c1e12a9 fixed the following bug reported by Ron 
./scripts/ldap-brute.nse:75: attempt to get length of local 'contexts' (a nil value)
stack traceback:
       ./scripts/ldap-brute.nse:75: in function 'get_naming_context'
       ./scripts/ldap-brute.nse:121: in function <./scripts/ldap-brute.nse:95>
       (tail call): ?
 2010-11-04 18:53:56 +00:00
ron
b7a802bce8 Removed some more errant newlines from the output 2010-11-03 19:53:58 +00:00
ron
c5a111c5b9 Removed an errant '\n' that was causing blank lines 2010-11-03 19:50:25 +00:00
patrik
92b6fa9038 o [NSE] Added a new library upnp that provides UPnP support to the scripts 
upnp-info and broadcast-upnp-info. The library is largely based on code
  taken from Thomas Buchanan's upnp-info script. [Patrik]
 2010-11-02 19:05:19 +00:00
david
80605e3e09 In firewalk.nse, bail out if we have neither of the scripts args 
firewalk.ttl and firewalk.gateway. Otherwise we would get a nil
dereference when running with
	--script=firewalk --traceroute
Ron reported this.
 2010-11-02 19:03:35 +00:00
david
f8714ae9ff Fix some documentation typos in rmi-dumpregistry.nse, split the first 
paragraph so the summary is shorter.
 2010-11-02 17:46:41 +00:00
david
d4007d43e5 Make rmi-dumpregistry.nse default. 2010-11-02 17:45:07 +00:00
patrik
7b2b7bd227 o [NSE] Added a new library dnssd with supporting functions for DNS Service 
Discovery. Moved multicast prerule from dns-service-discovery to a new
  script called broadcast-dns-service-discovery. [Patrik]
 2010-11-02 17:22:38 +00:00
ron
fef25e6a42 Made some big style changes to clean up HTTP library. Primarily focused on improving the interface, NSEDoc, and pipline support 2010-11-02 02:07:01 +00:00
david
3040659465 Add the rmi.lua library and rmi-dumpregistry.nse script by Martin Holst Swende. 2010-11-01 20:47:48 +00:00
djalal
e4edb08571 Move the script argument checks to the rule functions. 2010-10-31 22:52:46 +00:00
djalal
3744d4c0ac Small code cleaning. 2010-10-31 21:37:06 +00:00
kris
b69d93e2ab o [NSE] Added the ssh2-enum-algos script which reports the number of 
algorithms the target SSH2 server supports, by type. If verbosity
  is set, then the offered algorithms are listed. Output is reduced
  for identical "client to server" and "server to client" lists by
  using a single combined list. [Kris]
 2010-10-29 14:30:00 +00:00
ron
13bb98b8b8 Bring in changes from my experimental brange, nmap-http 2010-10-27 03:08:08 +00:00
djalal
7b9b094ea5 Make the script able to add new discovered DNS records onto Nmap scanning queue. 2010-10-20 15:47:54 +00:00