PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
5,872 Commits 2 Branches 0 Tags
d2bce72beeefea796e264aa46fd38c9db359e45c
Commit Graph

5872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
david
d2bce72bee Doc typo in address-info.nse. 2011-09-11 21:05:57 +00:00
fyodor
2ff08a24a1 Update some script nsedoc descriptions for consistency. The description should almost always start with an active verb and never with the script name or 'this script'. Admittedly that makes the first sentence a fragment. The first sentence should be capitalized 2011-09-11 20:50:56 +00:00
fyodor
a5d81c3b35 Improve some NSEDoc descriptions 2011-09-11 20:44:07 +00:00
fyodor
bff90f3d55 minor updates to the nsedoc descriptions for some scripts 2011-09-11 18:26:37 +00:00
tomsellers
24c8c06f1b Added support to nmap-service-probes for Microsoft SQL 2008 R2 RTM and SP1. 
Added softmatch line for Microsoft SQL 2008 R2.

Added specificity to CPE data on Microsoft SQL Server matchlines.
Removed auto flag on the os cpe lines for MS SQL Server
 2011-09-11 16:18:06 +00:00
tomsellers
03e49171dd Added ms-sql-brute.brute-windows-accounts to script documentation. Adjusted existing documentation to improve rendered result on NSEDOC web page. 2011-09-11 14:14:08 +00:00
tomsellers
22a029c21b Updating CHANGELOG info on recent changes. 2011-09-11 12:49:54 +00:00
tomsellers
035ae9e9b1 Updated account status text in brute force password discovery scripts in an effort to make the reporting more consistent across all scripts. This will have an impact on any code that parses these values. 
In the case of a few of these scripts the only thing that was updated was the example text as the scripts relied on the creds library which handles the strings internally.
 2011-09-11 12:13:13 +00:00
tomsellers
1c92c03401 Add a few scripts to the "broadcast" script category based on traffic behavior. 2011-09-11 11:58:18 +00:00
tomsellers
2c8d24b557 Added error handling to catch and gracefully handle error when script was called via category instead of explicitly. The error was due to the backorifice-brute.ports script arg not being specified and the script trying to concat the value (nil). 2011-09-11 11:49:28 +00:00
henri
2c47d52262 Fixed/Added CPEs for Cisco products 2011-09-10 08:40:27 +00:00
henri
67505e22fb Report more precise CPE for the distribution/OS if possible 2011-09-10 08:23:00 +00:00
david
f0dc4ebd99 Something I just thought of: NSE should have access to CPE results. 2011-09-10 01:27:07 +00:00
tomsellers
ee676fab14 Added support for specifying a UPN suffix to be appended to usernames when brute forcing Microsoft Active Directory accounts. This should provide more reliable tests against domains that have been heavily organized into OUs or have child domains with a single UPN suffix. The UPN suffix can guessed or found via a null LDAP bind by ldap-rootdse.nse. 2011-09-09 23:57:21 +00:00
david
04069e6166 Merge r26341:26417 from /nmap-exp/david/nmap-cpe. 
This adds CPE output support.
 2011-09-09 23:24:14 +00:00
batrick
c4d6d12be7 \x is not a valid escape sequence... 2011-09-09 19:08:13 +00:00
david
bf51635ae3 Name typo. 2011-09-09 08:51:50 +00:00
david
5574f50bf4 Free TOps_AVs and TWin_AVs between OS rounds. 
This was leaking a small amount of memory when OS detection was repeated
on a host.
 2011-09-09 08:24:47 +00:00
fyodor
1697e714fe Add some new infrastructure tasks we're working on 2011-09-08 23:32:20 +00:00
david
fd7f625ea8 Fix a matchline backreference. 2011-09-08 20:17:12 +00:00
david
a1f3a6429d Fix matchline typo. 2011-09-08 20:12:52 +00:00
david
063dca724d Fix a service match backreference. 2011-09-08 19:46:11 +00:00
david
4d0a8a27b1 Show a visible error when targets-ipv6-* are run without an interface. 2011-09-08 16:11:21 +00:00
david
4937b2e063 Use strcasecmp, not strcasestr, in hostcmp. 
hostcmp is documented to determine whether "a and b are considered the
same hostnames." But what it's really doing is testing whether a
contains b. This isn't even symmetric, so I think it's wrong.
 2011-09-07 21:10:47 +00:00
fyodor
8b88d901a9 Remove 3 vuln scripts from default category as discussed at http://seclists.org/nmap-dev/2011/q3/732 2011-09-07 20:40:51 +00:00
david
b1e75e504c Expand a scanme fingerprint. 2011-09-06 20:49:29 +00:00
david
539525c21a Fix some OS "Class" versions that were overly specific. 2011-09-06 18:25:37 +00:00
tomsellers
3dec74248f Add support for saving search results to a CSV file via a new script argument 'ldap.savesearch'. 2011-09-05 22:50:27 +00:00
tomsellers
c193cadac7 Fix a typo 2011-09-05 22:44:08 +00:00
tomsellers
f6dc7a160d ldap.lua - added support for saving search results to CSV. 
Also added support for decoding certain time formats found in Microsoft AD such as lastLogon,pwdLastSet, etc
 2011-09-05 22:39:03 +00:00
david
7ad3893ad1 NSEDoc fixes in oracle-brute. 2011-09-05 17:00:48 +00:00
patrik
ae75aa7fd3 o [NSE] Added new default credential list for Oracle and modified the 
oracle-brute script to make use of it. [Patrik]
 2011-09-05 08:13:34 +00:00
patrik
4e9265b883 fixed a bug that would prevent the library from authenticating against 
Oracle 10.2.0.1.0 XE [Patrik]
 2011-09-05 07:52:30 +00:00
henri
f2ff9bb728 Added xmpp-info.nse as a replacement for xmpp.nse (script from Vasily Kulikov). 2011-09-04 19:18:22 +00:00
tomsellers
e20ea237ef Added ability to save discovered credentials to a file via the creds nse library. 2011-09-04 18:01:45 +00:00
tomsellers
5b6d151787 Add function saveToFile to allow scripts to save credential tables to a file. 
Extend the account state tables to include expired, host and time limited accounts.
 2011-09-04 17:43:42 +00:00
robert
9abdc958ed Added the new hash for PHP 5.3.7 and 5.3.8 credits and extended the elephant logo hash to include the new versions. PHP 5.3.7 contained a nasty bug (https://bugs.php.net/bug.php?id=55439) and was quickly replaced by 5.3.8 after a couple of days. 2011-09-04 14:41:53 +00:00
david
0804560126 Limit scope of recvfrom address. 2011-09-03 18:48:12 +00:00
david
52de87b974 Use a sockaddr_storage for recvfrom in get_rpc_results. 
Previously it was hardcoded to be sockaddr_in, which is obviously wrong
for IPv6. This was only used to filter out packets from other than the
host we are scanning. It may have still been succeeding by accident if
part of the IPv6 address had the bytes 00000000, because for me the port
number is at the same offset in sockaddr_in and sockaddr_in6, and
target->v4host().s_addr returns 00000000 for an IPv6 host.
 2011-09-03 18:48:11 +00:00
david
e6bb524f18 Use u32 rather than unsigned long to define RPC packet structure. 
RPC scan was broken on some 64-bit architectures because unsigned long
is 8 bytes, not 4.
 2011-09-03 18:08:20 +00:00
david
a13313ad2f Don't double-count RTA_LENGTH in netlink messages. 
For each rtattr we add to the netlink message, we were adding
RTA_LENGTH(rtattr->rta_len) to the length of the netlink message. But
rtattr->rta_len was already calculated as RTA_LENGTH of something, and
doing RTA_LENGTH twice made the length 4 bytes longer than it should be.
This caused a log in dmesg:
	netlink: 4 bytes leftover after parsing attributes.
or
	netlink: 8 bytes leftover after parsing attributes.
if there was an IPv6 scope ID (because that causes two rtattrs instead
of one).

The new code is consistent with the rtnetlink(3) man page, which does
	rta->rta_len = sizeof(unsigned int);
	req.n.nlmsg_len = NLMSG_ALIGN(req.n.nlmsg_len) + RTA_LENGTH(sizeof(unsigned int));
We do the equivalent
	rta->rta_len = sizeof(unsigned int);
	req.n.nlmsg_len = NLMSG_ALIGN(req.n.nlmsg_len) + rta->rta_len;
 2011-09-03 17:22:07 +00:00
tomsellers
7205f00499 When combined with the previous commit to smb.lua these changes add support to smb-brute.nse for detecting valid credentials for accounts that have expired and time/logon host restrictions. 2011-09-03 17:11:04 +00:00
tomsellers
b5cb7a96fc Modified start_session_basic so as to return the 
status code text when the variable status is not
nil.  This mimics the behavior of start_session_extended.

This should provide more reliable results to smb-brute
concerning the nature of login failure reasons.

More detail has been sent to the mailing list.
 2011-09-03 17:01:13 +00:00
weilin
f1ef57e961 o [NSE] Check the link type of the interface before sending the multicast host discovery probe. 2011-09-03 12:57:37 +00:00
djalal
fbd74b9d46 o [NSE] Use nmap.get_interface_info() to retrieve the interface information. 2011-09-03 10:38:38 +00:00
tomsellers
5b512f0914 ldap-brute: Added feedback to -vv output when a valid 
user/password combination is found.
 2011-09-03 04:15:28 +00:00
david
1ef0db4b33 Define CMSG_ALIGN, CMSG_SPACE, and CMSG_LEN for old Solaris. 
This was reported by Dagobert Michelsen and comes from
http://wiki.opencsw.org/porting-faq#toc10.
 2011-09-03 01:51:35 +00:00
david
d18c149e8c o Relaxed the XML DTD to allow validation of files where the verbosity 
level changed during the scan. [Daniel Miller]
 2011-09-02 22:21:12 +00:00
david
b2eefcfe69 o Made a service confidence of 8 (used when tcpwrapped) and indeed any 
number between 0 and 10 be legal in XML output according to the DTD.
  [Daniel Miller]
 2011-09-02 21:35:16 +00:00
patrik
6c864bd9f8 Changed command line processing to assume cred mode if credfile was supplied 
and no mode was explicitly given [Patrik]
 2011-09-02 06:12:39 +00:00