PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 19:59:02 +00:00
Code Issues Projects Releases Wiki Activity
7,705 Commits 2 Branches 0 Tags
cdfa6e711d92e294d76a6c36a73011b51b55c096
Commit Graph

7705 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
kroosec
eca8ab5563 Added sip-methods script which enumerates a SIP server's allowed methods. 2012-07-09 08:57:12 +00:00
kroosec
68a9a54f4c Added sip-call-spoof script which spoofs a call to a SIP phone and detects the action taken by the target. 2012-07-09 08:50:44 +00:00
tomsellers
c87a6b4b0a A change to matchline for Atmail IMAP4 server to make it more flexible when dealing with different capabilities configurations. 2012-07-09 02:05:06 +00:00
kroosec
61a40609ce Reversed commit to lltd-discovery that went with one to tls-nextprotoneg. 2012-07-08 19:49:09 +00:00
kroosec
bc2b9a99b5 Added http1.1 to the list of known protocols. (Checked by Chromium) 2012-07-08 19:00:34 +00:00
tomsellers
644595d077 Modified multiple scripts that operated against HTTP based services so as to remove false positives that were generated when the target service answers with a 200 response to all requests. 
Some scripts that had been previously modified were updated so that the debug output was consistent.

A few scripts were calling identify_404 with host.ip as opposed to the proper host object.  This has been adjusted as well.
 2012-07-08 12:41:37 +00:00
aca
0968973b4a Merged metasploit-info from my dev branch 2012-07-08 10:34:41 +00:00
dmiller
fd6d41e30a Merge branch 'ssl-known-key-sslcert' 2012-07-08 04:12:25 +00:00
dmiller
cdf30c1233 Avoid using http cache for http-form-fuzzer 2012-07-07 22:06:56 +00:00
kroosec
b7cc883a0f Added tls-nextprotoneg, a script that enumerates a TLS server's supported protocols by using the next protocol negotiation extension. 2012-07-07 14:38:56 +00:00
fyodor
5eca50f285 Add Henri to the commiters.txt list (he already was a committer) 2012-07-07 08:04:19 +00:00
dmiller
96d48d861c Fix error in http-vhosts when domain is nil 
./scripts/http-vhosts.nse:502: attempt to concatenate local 'domain' (a
nil value)
stack traceback:
        ./scripts/http-vhosts.nse:502: in function 'makeTargetName'
        ./scripts/http-vhosts.nse:542: in function
<./scripts/http-vhosts.nse:532>
        (...tail calls...)
 2012-07-06 14:16:26 +00:00
paulino
e707b6305a Adds http-phpself-xss : NSE to detect PHP files vulnerable to reflected cross site scripting via $_SERVER["PHP_SELF"] 2012-07-05 18:18:56 +00:00
henri
9baacdf9e3 [NSOCK] Fixed an epoll-engine-specific bug. The engine didn't recognized FDs 
that were internally closed and replaced by other ones. This happened during
reconnect attempts.

--

When reconnecting with SSL_OP_NO_SSLv2 (nsock_core.c:472), the libary closes the
fd of the current IOD, and replaces it by a new one.

The man page for epoll_ctl states that a close() on a fd makes it removed from
any epoll set it was in. Therefore, if epoll_ctl(EPOLL_CTL_MOD, ...) returns
ENOENT, we retry with EPOLL_CTL_ADD.
 2012-07-05 14:35:51 +00:00
henri
d86d3f68c2 Made nsock messages more consistent. 
- Always format function name without parens at the beginning of a message.
  - Added a nsi_new notification message.
  - Only trace the first call to nsi_delete() of a given IOD (i.e. don't log the
    calls issued from the resulting callbacks).
 2012-07-05 14:22:26 +00:00
paulino
783825f087 Adds http-tplink-dir-traversal.nse in the "exploit" and "vuln" category: NSE to exploit a path traversal vulnerability in the web administration panel of several TP-Link routers. 2012-07-04 20:33:10 +00:00
paulino
469e6ca5ca Fixes crash when using identify_404() that happened when the status response changes in the second or third request and the return value is the string "<unknown>". 
Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d.
 2012-07-04 20:21:08 +00:00
paulino
6b5d38ca8a Adds additional debug message when it fails to hint users about what happened. It also adds another check for web servers that return more than one 404 page. 2012-07-04 19:56:37 +00:00
tomsellers
e3787f2a37 Handle exception generated when the spider process hands http-backup-finder a URL that is only a hostname. When url.parse processes this value on line 107 of http-backup-finder it returns nil for the .path property. 
http-backup-finder.nse:107: attempt to index field 'path' (a nil value)
stack traceback:

Addressed this by setting nil .path values to '/'.  Tested with sites with and without backup files.  Verified that duplicate results were not returned.
 2012-07-04 18:54:38 +00:00
tomsellers
99c192cd1d Fix exception thrown in reverse-index when it is run again a host with no open ports. 
/reverse-index.nse:112: bad argument #1 to 'pairs' (table expected, got nil)
 2012-07-04 17:58:21 +00:00
paulino
bc3eb43f72 Fixes false positive when dealing with web servers returning status 200 for all reqs 2012-07-04 17:57:22 +00:00
robert
1e8babf64a Added Windows 8 to the list of Windows versions we recommend the WinPcap NPF service is started on startup. Our WinPcap installer appears to work fine on Windows 8 and Server 2012 build 8400. 2012-07-04 17:32:14 +00:00
tomsellers
22ae4ae108 Added couchbase matchline that does not require a database name. This is useful when the service response is so large that the database info is pushed outside the capture buffer. This was added *after* the matchline that captures the dbname if it is present. 
Also added space and a ':' to the database name capture character set to allow for when the database is on a windows server.
 2012-07-04 17:09:21 +00:00
tomsellers
97a22758f6 membase-http-info updated to reflect new server header found in current versions of the Couchbase HTTP admin port. Explanation email sent to list. 2012-07-04 15:56:48 +00:00
tomsellers
71439bcfac Patch to fix script issue when scanning HTTP servers that return 200 to every request. This causes the sanity check on line 88 to fail to trigger because the header value Server is nil. 
Implemented a check to if the target is returning 200 to all requests.

Also implemented additional logic on line 84 to verify that the Server header value is not nil.  This is just in case we run into another case where a response is 200 but the Server header does not exist.
 2012-07-04 15:16:46 +00:00
tomsellers
17fe702314 Service detection for Couchbase and Membase NoSQL server's web based administrative portal. By default this is on 8091 but can occur on any port. 2012-07-04 14:57:27 +00:00
patrik
b4caa8ea8c Added category external to http-icloud* scripts 2012-07-04 07:32:08 +00:00
tomsellers
1db5621470 Patch to address false positive generated when the target's httpd responds with a HTTP 200 for every request. Committing after email exchange with Paulino C. 2012-07-04 02:30:18 +00:00
perdo
7443db6f37 Hosts that differ only on the 'www' prefix are now treated as being equal. Also added some documentation for httpspider.useheadfornonwebfiles. 2012-07-03 21:48:26 +00:00
fyodor
288a4dc4ad suggest http.max-cache-size argument for consistency rather than http-max-cache-size (both work) 2012-07-03 19:48:23 +00:00
dmiller
fadfc6b71c Fix assertion failure when logtype==LOG_SKID_NOXLT 2012-07-03 17:22:47 +00:00
henri
f7ba1847cf Enforce proper variable initialization. 2012-07-03 12:19:24 +00:00
henri
1e422f344c Added support for log type bitmasks in log_vwrite(). Also replaced a fatal() 
statement by an assert(0) to get rid of a possible infinite call loop when
passed an invalid log type. [Henri Doreau]
 2012-07-03 11:44:24 +00:00
tomsellers
1c1b257c62 Version detection matchline updates: 
Barracuda HTTP filter    - adjustment to match more versions

GlobalScape CuteFTP sshd - additional match line
Cisco ASA WebVPN         - additional match line
VMware View              - additional match line

Bomgar Remote Access     - new product detection
Sybase SQLAnywhere httpd - new product detection, version string
 2012-07-03 03:47:41 +00:00
tomsellers
2a8f2f4f0d Update Microsoft Exchange detection string for pop3 and imap to indiciate that the current match string also matches Exchange 2010. 2012-07-02 23:58:41 +00:00
dmiller
5178fe236e Format CHANGELOG: wrap text at 80 and hanging indent 2012-07-02 15:39:35 +00:00
fyodor
e97449e062 define IPP 2012-07-02 08:32:51 +00:00
fyodor
6133b64d6c Add a short description of Versant so users know what it is 2012-07-01 23:29:58 +00:00
fyodor
ff73f20356 Add a bit more information about what the STUN protocol is 2012-07-01 23:25:26 +00:00
sean
6f910154b5 Added my name to the changelog to match the rest of the style. Also added a note about the error message WSAENETRESET. 2012-07-01 17:48:46 +00:00
sean
a62e7198f8 Added handling for WSAENETRESET (same as ENETRESET). Currently we just catch it and send the next probe. I wrapped the catch for ENETRESET in the #ifdef WIN32 incase we later want to different handling for WASENETREST and ENETRESET 2012-07-01 17:32:07 +00:00
perdo
e41d4a4e7e Added http-sitemap-generator script which spiders a webserver and displays its directory structure along with number and types of files in each folder. 2012-07-01 09:55:47 +00:00
perdo
9c8bc94c11 Fixed a missing require in http-sql-injection. 2012-07-01 09:48:06 +00:00
perdo
33c3838c45 Fixed a missing require in httpspider. 2012-07-01 09:45:14 +00:00
perdo
a00b104f43 Modified http-sql-injection to load the error strings to search for from a file. 2012-06-30 12:30:41 +00:00
perdo
3b8c88aac4 Added a list of common sql errors. 2012-06-30 12:28:15 +00:00
aca
4030bf6c1a Added metasploit-msgrpc-brute to trunk 2012-06-30 12:02:54 +00:00
kroosec
95f7d0d74a Added firewall-bypass script. 2012-06-30 09:42:12 +00:00
david
6a3295143e Reduced Port size two thirds, not one third. 2012-06-30 02:01:00 +00:00
sean
b8d65571b5 Moved my last change from the bottom to the top 2012-06-30 01:51:41 +00:00