PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-17 11:59:04 +00:00
Code Issues Projects Releases Wiki Activity
6,716 Commits 2 Branches 0 Tags
cdcc9da0d8fd1d388ca991c8ea50d0d34f8daece
Commit Graph

6716 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
david
90a2819a04 o [NSE] Added scripts by Toni Ruotto communicating with the NetBus 
remote administration/backdoor program.
  - netbus-info: gets configuration information.
  - netbus-brute: guesses passwords.
  - netbus-version: distinguishes NetBus from NetBuster, a program
    that mimics the protocol but doesn't actually allow any
    operations.
  - netbus-auth-bypass: Checks for a bug in the server that allows
    connecting without a password.
 2010-12-13 18:00:02 +00:00
david
a7e80b4cf3 Update script.db. 2010-12-13 17:30:08 +00:00
david
ccd901f918 Put realvnc-auth-bypass.nse in "auth" category. 2010-12-13 17:30:06 +00:00
ron
3ded2339e8 Fixed an issue in script dependencies that caused the later scripts to begin without waiting for the earlier scripts to finish. Patch written by Patrick Donneley. 2010-12-13 16:22:14 +00:00
david
00652cb231 o [NSE] Added stuxnet-detect.nse by Mak Kolybabi, which detects 
infections of the Stuxnet worm and can optionally download the
  Stuxnet executable.
 2010-12-12 22:40:42 +00:00
david
a9e4947411 Make msrpc.call_function a public function. stuxnet-detect.nse is about 
to need this, and Dražen had to do it too while he was working on the
NDR library.
 2010-12-12 22:40:41 +00:00
patrik
b484d08cfa Merged Martin Swende's patch to domino-enum-passwords that splits output 
based on different hash types.
 2010-12-11 06:47:49 +00:00
david
d93415029f Add a few more OS fingerprints from someone who got back to me. 2010-12-11 00:11:11 +00:00
patrik
46cdf28fce o [NSE] Added a new iSCSI library and the two scripts iscsi-info and 
iscsi-brute. [Patrik]
 2010-12-10 23:20:59 +00:00
david
f45c1c3968 83 OS corrections. 2010-12-10 23:19:40 +00:00
patrik
38a21c4d17 o [NSE] Add new script broadcast-ms-sql-discover and removed broadcast 
support from ms-sql-info. [Patrik]
 2010-12-10 23:12:27 +00:00
david
f422529759 Last 152 OS submissions. 2010-12-10 22:09:29 +00:00
david
dd0b80c3ef 200 OS submissions. 2010-12-10 20:14:04 +00:00
robert
eedd069c9e Added the new hash for PHP 5.3.4 credits and extended the elephant logo hash to include this new version. 2010-12-10 12:14:25 +00:00
david
7133bc1e38 200 OS submissions. 2010-12-10 01:55:38 +00:00
david
cc31b38861 200 OS submissions. 2010-12-10 00:03:12 +00:00
david
756e6e8e8c 200 OS submissions. 2010-12-08 23:04:00 +00:00
david
6c62fe9e0f 200 OS submissions. 2010-12-08 23:03:57 +00:00
batrick
47e6012b15 remove old commented code 2010-12-08 14:19:08 +00:00
batrick
86993d74d5 Use better construction for iterating lines. 2010-12-08 14:18:45 +00:00
batrick
bfa052c2f3 Changed (commented) debug statements to use stdnse.print_debug instead of 
io.write.
 2010-12-08 14:17:11 +00:00
batrick
47e3a20aa8 use better construction to iterate lines of a file 2010-12-08 14:11:48 +00:00
batrick
6fb600782f Don't use io.write to print error information. 2010-12-08 14:08:35 +00:00
fyodor
e9697cb936 Remove an excess space in output 2010-12-08 08:02:22 +00:00
david
44c37eb3d2 200 OS submissions. 2010-12-08 06:49:09 +00:00
david
92d4f185a3 200 OS submissions. 2010-12-08 06:49:05 +00:00
david
528681c04a Take out "other" in "X other hosts had status Y" in http-vhosts.nse. It 
looks funny when it's the only line and I think it still looks fine this
way when there are multiple lines.
 2010-12-08 00:54:46 +00:00
david
e947e5dedf Patch to http-vhosts.nse from Carlos Pantelides: collapse multiple 
responses bearing the same code into one line.
 2010-12-08 00:54:45 +00:00
david
722fd3a89a Fix script argument name. ftp-proftpd-backdoor.cmd 
instead of ftp-proftp-backdoor.cmd.
 2010-12-07 22:44:06 +00:00
david
4744f6b747 Patch from Mak Kolybabi: let ftp-proftpd-backdoor bail out early if 
version detection has been done and doesn't show a potentially
backdoored version. Also update strings to match the new script name.
 2010-12-07 22:44:04 +00:00
david
3f35888405 Fix a service match line on information from Corey Quinn. I found the 
"Connection too fast, throttled" message in the source code of ratbox,
charybdis, and ircd-seven, but not Unreal ircd.
 2010-12-07 22:36:50 +00:00
david
2c16870941 100 OS submissions. 2010-12-07 07:51:33 +00:00
david
adc460fc22 o [NSE] Added the ftp-proftpd-backdoor.nse script by mak Kolybabi, 
which checks for a backdoor in ProFTPD 1.3.3c.
 2010-12-07 00:22:01 +00:00
david
ee0cca5f07 200 OS submissions. 2010-12-07 00:13:11 +00:00
david
f8530814ab o [NSE] Added http-vhosts.nse from Carlos Pantelides. This script 
brute-forces virtual hosts by sending different Host headers to the
  same server.
 2010-12-06 05:19:35 +00:00
kris
39ac0e4eda relatively large ip_is_reserved() update: 5/8, 23/8, 37/8 and 100/8 allocated 2010-12-04 00:16:38 +00:00
david
c822f62d84 Typo fix. 2010-12-03 21:29:59 +00:00
david
bc55d41b9a Add a comment explaining why we can unconditionally set the id and seq 
fields in build_icmp_raw, even though not all ICMP types have them. All
the types handled by the function do have them, and in the same place.
 2010-12-02 22:46:56 +00:00
fyodor
c1daed771c Some changes from chat w/David 2010-11-30 22:43:47 +00:00
robert
e43a866bea Tweaked the versions slightly (removed 4.3.1 from the bunny hash as it looks wrong and hasn't been corroborated), based on 0php.com data. 2010-11-30 09:25:04 +00:00
david
b8346c1d82 o [Ncat] Ncat now uses case-insensitive string comparison when 
checking authentication schemes and parameters. Florian Roth found a
  server offering "BASIC" instead of "Basic", and the HTTP RFC
  requires case-insensitive comparisons in most places. [David]
 2010-11-30 09:06:28 +00:00
fyodor
6c62ce69e8 note some of the information obtained from hddtemp service 2010-11-30 01:56:39 +00:00
batrick
03c7e9d00e Have stdnse.make_buffer read chunks instead of lines [1] so we do not implicitly 
buffer based on the presence of new lines.

[1] http://seclists.org/nmap-dev/2010/q4/554
 2010-11-29 22:51:51 +00:00
david
33f3645ecd Don't define HAVE_SYS_SOCKET_H in dnet_winconfig.h. That it was wrongly 
defined was noticed by Gisle Vanem. It makes no difference because this
macro isn't used in any source files for Windows (or any platform).
 2010-11-29 20:30:52 +00:00
david
77a4235fc4 Fixes to firewalk.nse from Henri Doreau: "The first one was due to my 
ignorance that the first index of lua arrays is 1 (and not 0). Because
of that, I was setting a too high ttl value when retrieving it from
traceroute results. The second one was a syntax error on a
nmap.log_write() call."
 2010-11-29 19:16:49 +00:00
david
f8b17ae441 o [NSE] Added the hddtemp-info script from Toni Ruotto, which gets 
hard drive temperatures from the hddtemp service.
 2010-11-29 19:00:11 +00:00
robert
a92eacec1d Added all missing PHP 5.x hashes and tidied up the output (grouped ranges and made it consistently use a dash). 
Hashes are now arranged in order, to make it easier to find manually.

For a list of all the PHP 5 hashes I generated see: http://seclists.org/nmap-dev/2010/q4/518
 2010-11-27 11:21:36 +00:00
david
26636d3cf7 Remember the forward DNS name and non-scanned addresses for IPv6, just 
as for IPv4. This makes the output more uniform and gives NSE access to
host.targetname for IPv6 hosts.

This is what IPv4 output looks like:

$ nmap -sL www.kame.net
Nmap scan report for www.kame.net (203.178.141.194)
rDNS record for 203.178.141.194: orange.kame.net
Nmap done: 1 IP address (0 hosts up) scanned in 0.16 seconds

$ nmap -sL www.debian.org
Nmap scan report for www.debian.org (128.31.0.51)
Other addresses for www.debian.org (not scanned): 206.12.19.7
rDNS record for 128.31.0.51: senfl.debian.org
Nmap done: 1 IP address (0 hosts up) scanned in 0.17 seconds

Here is the output before this change. Notice that the target name is
missing and there is no separate "rDNS" line.

$ nmap -6 -sL www.kame.net
Nmap scan report for 2001:200:dff:fff1:216:3eff:feb1:44d7
Nmap done: 1 IP address (0 hosts up) scanned in 0.04 seconds

$ nmap -6 -sL www.debian.org
Nmap scan report for bellini.debian.org (2607:f8f0:610:4000:211:25ff:fec4:5b28)
Nmap done: 1 IP address (0 hosts up) scanned in 0.11 seconds

Here is the output after this change:

$ ./nmap -6 -sL www.kame.net
Nmap scan report for www.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7)
Nmap done: 1 IP address (0 hosts up) scanned in 1.04 seconds

$ ./nmap -6 -sL www.debian.org
Nmap scan report for www.debian.org (2607:f8f0:610:4000:211:25ff:fec4:5b28)
rDNS record for 2607:f8f0:610:4000:211:25ff:fec4:5b28: bellini.debian.org
Nmap done: 1 IP address (0 hosts up) scanned in 0.07 seconds
 2010-11-26 04:06:25 +00:00
david
1f333be278 Fix compilation with --without-liblua. This was reported by Nuno 
Gonçalves and Henri Doreau.
 2010-11-24 23:37:42 +00:00
batrick
4b481939b3 Reverting 21172, it was actually correct. 2010-11-24 21:10:20 +00:00