entries:
o [NSE] Raw packet sending at the IP layer is now supported, in addition to
the Ethernet sending functionality. Packets to send start with an IPv4
header and can be sent to arbitrary hosts. [Kris]
o [NSE] Added the ipidseq script to classify a host's IP ID sequence numbers
in the same way Nmap does. This can be used to test hosts' suitability for
Nmap's Idle Scan (-sI), i.e. check if a host is an idle zombie. This is
the first script to use the new raw IP sending functionality in NSE. [Kris]
o [NSE] Added the function nmap.is_privileged() to tell a script if, as far
as Nmap's concerned, it can do privileged operations. For instance, this
can be used to see if a script should be able to open a raw socket or
Ethernet interface. [Kris]
o [NSE] Added the function nmap.get_ports() to allow a script to iterate
over a host's port tables matching a certain protocol and state. [Kris,
Patrick]
recommendation from Daniel Roethlisberger. TRACE is interesting because
it can be used to get cookies or authentication data in a cross-site
scripting attack. See http://www.owasp.org/index.php/Cross_Site_Tracing.
methods it discovers are in (GET, HEAD, POST, OPTIONS, TRACE). In
verbose mode, or if any other method is discovered, it prints all
methods (and optionally retests them). See
http://seclists.org/nmap-dev/2010/q1/401.
make use of it. Added 5 scripts that use the new libraries:
- snmp-netstat shows listening and connected sockets
- snmp-processes shows process information including name, pid, path and
parameters
- snmp-win32-services shows the names of running Windows services
- snmp-win32-shares shows the names and path of Windows shares
- snmp-win32-software shows a list of installed Windows software
- snmp-win32-users shows a list of local Windows users
the script indicating where to download it if it is not available. Make
the script check whether the file is the normal binary from 5.20 or
before, or the XOR-encoded binary from 5.21.
This script sends an HTTP OPTIONS request to get the methods
supported by the server, and optionally tests each method to see if
they are restricted by IP address or something similar.
Holst Swende. mongodb-info gets information like the version number,
memory use, and operating system. mongodb-databases lists the
databases and their size on disk.
in order to keep the script from running against the actual database instances.
Also modified the debugging output so that the bulk of the information is
generated at -d 4 or higher.
on TCP or UDP port 523 and exports the server profile. No authentication is required for
this request. The script will also set the port product and version if a version scan is
requested. [Patrik Karlsson, Tom Sellers]
I copied parse_url_relative from favicon-survey.nse. Ron Meldau reported
that this error is raised:
http-favicon.nse:141: variable 'dirname' is not declared
It happens when a web page specifies a relative icon URL in a link
element. (dirname is used to absolutize the URL.)
Also, I changed to code to be sure to pass a plain string and number for
the host and port to parse_url_relative. Otherwise parse_url_relative
may return the tables that it receives and complicate the matching code
to decide if a URL should be followed.
parsing mostly. Response parsing is centralized, and fewer operations
are done on raw HTTP data.
The biggest user-visible change is that http.request goes back to
returning a parsed result table, not raw HTTP data. I believe this is
how the function worked in the past; it's what the NSEDoc for the
function says. The only thing that used http.request was citrixxml.lua,
and this commit alters it to match the new expectations.
The other change is that the http.pipeline function no longer accepts
the "raw" option. The only script that used that was sql-injection.nse,
and this commit modifies that script as well.
