PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 22:21:29 +00:00
Code Issues Projects Releases Wiki Activity
9,514 Commits 2 Branches 0 Tags
d2622c0396f5fbac6edb42df6b49f23ded21d8e2
Commit Graph

2174 Commits

Author SHA1 Message Date
tomsellers
d2622c0396 Fix reference in rmi-vuln-classloader.nse to point to Metasploit 
Github repo as Metasploit Redmine is deprecated and requires
auth.
 2015-01-01 14:59:35 +00:00
tomsellers
742444b87d Fix a typo in the regex that was truncating the version string. 2014-12-20 01:34:26 +00:00
tomsellers
d5af9560c3 Add the full ntpd version string, for example v4.2.4p4@1.1520-o, to the 
port's version attributes if the remote service provides it. Also capture
OS info as well as it can provide exact kernel versions in some cases.
 2014-12-20 01:14:34 +00:00
dmiller
9857aa6ac2 Service fingerprint lengths are in hex, not decimal 2014-12-18 03:29:20 +00:00
dmiller
425e407eb3 Use decoding instead of pattern match for protocol checking 2014-12-18 03:23:46 +00:00
dmiller
711f6d97c9 New script, snmp-info for querying snmpv3 services 2014-12-18 00:22:48 +00:00
dmiller
8e8935d2c0 Avoid comparing nil with an integer, potentially 2014-12-18 00:22:42 +00:00
tomsellers
845616623d Add support to 'citrix-enum-apps-xml' for reporting if published applications in the list are enforcing/requiring the level of ICA/session data encryption shown in the script result. This information was already in the XML provided by the server, this change just adds parsing for it. 2014-12-17 11:56:52 +00:00
dmiller
1653d846e6 Don't double-encode ssh key for XML output 2014-12-17 03:32:09 +00:00
dmiller
f9f2829e3c Switch to tail-recursion 2014-12-15 05:20:42 +00:00
dmiller
5f5af2d573 Add XML output to modbus-discover 2014-12-15 05:20:39 +00:00
dmiller
c3579c8b76 Another Raul Fuentes script: targets-ipv6-wordlist 2014-12-03 16:20:22 +00:00
dmiller
918d926913 Remove the unnecessary -recon portion of targets-ipv6 script 2014-12-03 16:02:16 +00:00
dmiller
5d6a024c7b Do a better job spelling people's names. Sorry, Raúl! 2014-12-02 18:36:15 +00:00
dmiller
bb96a09c16 Add one of Raul Fuentes's IPv6 recon scripts 2014-12-02 04:17:50 +00:00
dmiller
bfc9a00800 Let http-server-header send HTTP/1.1 request with Host header to elicit better response 2014-12-01 15:21:57 +00:00
dmiller
f90dd56021 Let tftp-enum substitute host's MAC address into filenames when known 2014-11-29 03:50:07 +00:00
dmiller
fc0337083e nnposter's ssl-date improvements http://seclists.org/nmap-dev/2014/q3/317 2014-11-18 03:53:25 +00:00
dmiller
c85bb0b54f Correct logic on checking for SHA1 certificate in ssl-enum-ciphers 2014-11-10 16:16:29 +00:00
dmiller
4e3baad093 Relax ssl-enum-ciphers' timeout to allow time for server processing 2014-11-10 16:16:27 +00:00
dmiller
e3024a6463 Documentation for new ssl-enum-ciphers rating system 2014-11-07 21:52:49 +00:00
dmiller
8f414cfc3a Correct conversion of DH key size to RSA bit strength equivalent 2014-11-07 21:41:38 +00:00
dmiller
222b2a009d Use internal cipher/handshake scoring system instead of static datafile 2014-11-07 16:39:26 +00:00
dmiller
e11a8609a7 Remove unnecessary vars and redistribute declarations 2014-11-07 16:39:24 +00:00
dmiller
b73dc0e762 Restructure try_params to return all recieved records 
No functional change to the script, but this allows callers to check for
various alerts or other handshake messages (certificate,
server_key_params, client_certificate_request, etc).
 2014-11-05 14:41:50 +00:00
dmiller
9f34a29778 Correct script-args docs for http-virustotal 2014-11-01 12:57:32 +00:00
dmiller
f8ef3f48da Fix detection of CVE-2011-2523 
http://seclists.org/nmap-dev/2014/q4/130
 2014-10-30 13:14:02 +00:00
dmiller
27948e1588 Fix file permissions and missing require in http-avaya-ipoffice-users 2014-10-27 13:04:47 +00:00
dmiller
a1d984a66b Fix a couple off-by-one errors in parsing multiple TLS records 
Reported by Kent Fritz: http://seclists.org/nmap-dev/2014/q4/104
 2014-10-26 16:22:21 +00:00
dmiller
c4ad3ff4d6 Fix some error handling in ssl scripts 2014-10-25 18:58:18 +00:00
tomsellers
e11e03fa50 Add the signature algorithm that was used to sign the target port's x509 (TLS) certificate to the output of ssl-cert.nse 
http://seclists.org/nmap-dev/2014/q4/44
 2014-10-25 18:56:38 +00:00
dmiller
a047985f19 Make SCSV check in ssl-poodle backwards-compatible 2014-10-23 16:01:03 +00:00
dmiller
eeb5f41932 Compatibility check for ssl-poodle 2014-10-23 15:16:45 +00:00
dmiller
e9354a4793 Add TLS_FALLBACK_SCSV checking to ssl-poodle 2014-10-22 17:01:19 +00:00
dmiller
db098b4e8d Fix a bug (false-negative) in ssl-poodle 2014-10-22 17:01:17 +00:00
dmiller
fefcca1623 Add ssl-poodle 2014-10-21 14:08:34 +00:00
paulino
92dc4564db Fixes script output 2014-10-19 20:29:10 +00:00
paulino
c372f9823b Adds http-avaya-ipoffice-users.nse to enumerate user information such as extension display name, full name and extension number in Avaya IP Office systems. 2014-10-19 00:58:31 +00:00
paulino
6acfb753c3 Updates script database after the removal of 'db2-discover.nse' 2014-10-18 04:44:26 +00:00
dmiller
917842059b Check TLS body protocol for compatibility in ssl-enum-ciphers 
Haven't seen this, and it shouldn't happen, but it's possible for a
server to send the same protocol version in the record, but a different
one in the body. This wouldn't be valid, so we should reject it.
 2014-10-16 04:07:07 +00:00
dmiller
cdd61aa874 Fix a bug in ssl-enum-ciphers 
If the last chunk of ciphers was rejected, then all results were
discarded.
 2014-10-15 21:52:36 +00:00
dmiller
ead3649ac5 Remove db2-discover.nse 
Service probe does the same work. See
http://seclists.org/nmap-dev/2014/q3/415
 2014-10-15 18:52:08 +00:00
dmiller
8005bfe83f Improvements and fixes to http-rfi-spider 
patch from nnposter: http://seclists.org/nmap-dev/2014/q3/443
 2014-10-15 18:38:16 +00:00
dmiller
5952b9745b Move url-encoding to url.build_query 
patch from nnposter: http://seclists.org/nmap-dev/2014/q3/427
 2014-10-15 18:12:58 +00:00
dmiller
f60bf5fbc6 Correct CRLF in ftp-brute 2014-10-14 02:30:02 +00:00
sophron
4651a8f4ae [NSE] Updated http-robtex-* scripts to match current robtex API. 2014-10-08 01:39:30 +00:00
dmiller
b4988f1f5b Improvements to http-server-header 
If service scan failed to find a match, the probe responses are cached.
Now http-server-header will look through those responses before sending
a probe of its own. This should result in better detection with fewer
probes sent.

Also changed the Server header string match to case-insensitive.
 2014-10-01 19:54:34 +00:00
dmiller
23d4abd5e9 New docker-version script 
http://seclists.org/nmap-dev/2014/q3/265
 2014-09-24 20:31:42 +00:00
dmiller
a472ea34ab Major improvements to http-form-brute 
Credit nnposter: http://seclists.org/nmap-dev/2014/q3/479
 2014-09-23 13:42:00 +00:00
dmiller
e42409be93 XML structured output for brute.lua and creds.lua 
The @xmloutput section documentation is not done, and I'm not sure how
to best do it, since it will be the same for all brute.lua scripts. This
is how it looks:

metasploit-msgrpc-brute:
<table key="Accounts">
  <table>
    <elem key="username">root</elem>
    <elem key="state">Valid credentials</elem>
    <elem key="password">root</elem>
  </table>
</table>
<elem key="Statistics">Performed 3 guesses in 4 seconds, average tps: 0</elem>

creds-summary:
<table key="127.0.0.1">
  <table key="9929/nping-echo">
    <table>
      <elem key="password">123456</elem>
      <elem key="state">Valid credentials</elem>
    </table>
  </table>
  <table key="55553/unknown">
    <table>
      <elem key="username">root</elem>
      <elem key="state">Valid credentials</elem>
      <elem key="password">root</elem>
    </table>
  </table>
</table>
 2014-09-23 05:23:19 +00:00