PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity
2,236 Commits 2 Branches 0 Tags
d4b0fa6ece2b7b2bcfc9adb81ea2f03e01ef971e
Commit Graph

54 Commits

Author SHA1 Message Date
ron
773000b65a Merging changes from my experimental branch; the new versions of this scripts, which have significant changes to their core functionality, managed to hold their own against Brandon's network. More testing would be very helpful, though, especially with credentials (most of Brandon's scans were anonymous). 2008-12-24 00:53:01 +00:00
david
c3ee93f056 Sort script.db entries by file name to make diffs comprehensible. Their 
previous unsorted state was due to their coming straight out of opendir.
 2008-11-15 00:58:36 +00:00
david
0d7243ad5a Add banner.nse to script.db. 2008-11-15 00:55:59 +00:00
david
dd586b90bd Remove smb-check-vulns.nse from the vuln category, leaving it in intrusive. 2008-11-11 00:48:48 +00:00
david
03c9145785 Take smb-check-vulns.nse out of discovery and put it in vuln. 2008-11-11 00:35:41 +00:00
ron
8e89a0e217 updated scriptdb/CHANGELOG, renamed smb-checkvulns.nse to nse-check-vulns.nse for consistency with the new naming standard 2008-11-10 19:06:50 +00:00
david
6fbc8868a9 Rename scripts (almost all of them) to make their names more consistent and 
make them look better in output. The full list of changes is
  anonFTP => ftp-anon
  ASN => asn-query
  brutePOP3 => pop3-brute
  bruteTelnet => telnet-brute
  daytimeTest => daytime
  dns-safe-recursion-port => dns-random-srcport
  dns-safe-recursion-txid => dns-random-txid
  dns-test-open-recursion => dns-recursion
  ftpbounce => ftp-bounce
  HTTPAuth => http-auth
  HTTP_open_proxy => http-open-proxy
  HTTPpasswd => http-passwd
  HTTPtrace => http-trace
  iax2Detect => iax2-version
  ircServerInfo => irc-info
  ircZombieTest => irc-zombie
  MSSQLm => ms-sql-info
  MySQLinfo => mysql-info
  popcapa => pop3-capabilities
  PPTPversion => pptp-version
  promiscuous => sniffer-detect
  RealVNC_auth_bypass => realvnc-auth-bypass
  robots => robots.txt
  showHTMLTitle => html-title
  showOwner => identd-owners
  skype_v2-version => skypev2-version
  smb-enumdomains => smb-enum-domains
  smb-enumsessions => smb-enum-sessions
  smb-enumshares => smb-enum-shares
  smb-enumusers => smb-enum-users
  smb-serverstats => smb-server-stats
  smb-systeminfo => smb-system-info
  SMTPcommands => smtp-commands
  SMTP_openrelay_test => smtp-open-relay
  SNMPcommunitybrute => snmp-brute
  SNMPsysdescr => snmp-sysdescr
  SQLInject => sql-injection
  SSH-hostkey => ssh-hostkey
  SSHv1-support => sshv1
  SSLv2-support => sslv2
  strangeSMTPport => smtp-strangeport
  UPnP-info => upnp-info
  xamppDefaultPass => xampp-default-auth
  zoneTrans => zone-transfer
 2008-11-06 02:52:59 +00:00
fyodor
ddf146cb30 o Removed ripeQuery.nse because we now have the much more robust 
whois.nse which handles all the major registries. [Fyodor]
 2008-11-06 01:09:05 +00:00
fyodor
c22c9ca885 o Removed showSSHVersion.nse. Its only real claim to fame was the 
ability to trick some SSH servers (including at least OpenSSH
  4.3p2-9etch3) into not logging the connection.  This trick doesn't
  seem to work with newer versions of OpenSSH, as my
  openssh-server-4.7p1-4.fc8 does log the connection. Without the
  stealth advantage, the script has no real benefit over version
  detection or the upcoming banner grabbing script. [Fyodor]
 2008-11-04 05:04:12 +00:00
david
78cc76e9f8 Update script.db. 2008-11-03 20:01:11 +00:00
david
15d0add1fe Remove RealVNC_auth_bypass.nse from the "malware" category. It doesn't have to 
do with any malware, just a security vulnerability. It remains in "default" and
"vuln". I think it was in "malware" because it used to be in the old "backdoor"
category.
 2008-10-24 22:04:30 +00:00
fyodor
f6fb4d971c o Removed some unecessary "demo" category NSE scripts: echoTest, 
chargenTest, showHTTPVersion, and showSMTPVersion.nse.  Moved
  daytimeTest from the "demo" category to "discovery".  Removed
  showHTMLTitle from the "demo" category, but it remains in the
  "default" and "safe" categories. This leaves just showSSHVersion and
  SMTP_openrelay in the undocumented "demo" category. [Fyodor]
 2008-10-20 22:54:43 +00:00
fyodor
7ead36a64e remove demo category from showHTMLTitle 2008-10-20 21:47:24 +00:00
david
2f1898fe49 Whoops, SSH-weak_key.nse isn't a merged script. I just had an unversioned copy in my scripts directory. Remove it from script.db. 2008-10-09 00:45:42 +00:00
david
cb00282519 --update-scriptdb to add SSH-hostkey.nse and SSH-weak_key.nse. 2008-10-08 23:10:33 +00:00
david
ae7455279e Add a new msrpc.lua module, plus new scripts smb-enumdomains.nse, 
smb-enumshares.nse, and smb-enumusers.nse. Also enhance the netbios.lua and
smb.lua modules. Remove the smb-enum.nse script. All these changes are from Ron
Bowes.
 2008-10-04 21:58:39 +00:00
david
f054d25d1f Adjust the categories of the new SMB scripts. Also fix a couple of 
documentation typos.

smb-os-discovery.nse
-categories = {"version","default"}
+categories = {"default", "discovery", "safe"}
 
smb-enum.nse
-categories = {"version","intrusive"}
+categories = {"discovery", "intrusive"}
 
smb-security-mode.nse
-categories = {"version"}
+categories = {"discovery", "safe"}
 2008-09-15 18:10:00 +00:00
david
9eff25bbc4 Add Ron Bowes's netbios and smb NSE modules and new scripts that use them. They 
were introduced in http://seclists.org/nmap-dev/2008/q3/0827.html.
 2008-09-15 17:58:38 +00:00
fyodor
c95a9935bb latest generated files 2008-09-12 08:22:09 +00:00
david
d6e3760151 Add HTTP_open_proxy.nse to the external script category, because it potentially 
involves traffic between the target and a third-party host. It's fairly
innocuous because there's no third-party traffic from the scanning computer, so
I left it in the default category.
 2008-09-09 17:10:45 +00:00
david
06c7264e2e Put the following scripts in the new "external" category: 
ASN.nse
dns-safe-recursion-port.nse
dns-safe-recursion-txid.nse
ripeQuery.nse
whois.nse
 2008-09-09 05:13:24 +00:00
fyodor
28df4b4416 change Nmap version number to 4.69BETA1 and regenerate files 2008-09-06 07:17:04 +00:00
david
205e7ab28b Add the latest ASN.nse script. This version uses the new Nmap-specific query 
servers, groups output intelligently, and supports IPv6. See sample output at
http://seclists.org/nmap-dev/2008/q3/0675.html.
 2008-09-06 02:47:46 +00:00
fyodor
dd1e76c2a7 o Added whois.nse, which queries the Regional Internet Registries 
(RIRs) to determine who the target IP addresses are assigned
  to. [Jah]
 2008-09-05 18:43:27 +00:00
fyodor
966b9fa0d2 rename SNMPsysdesr.nse to SNMPsysdescr.nse 2008-09-05 06:53:00 +00:00
fyodor
2ba3a3878d o Added dns-safe-recursion-port and dns-safe-recursion-txid (non 
default NSE scripts) which use the 3rd party dns-oarc.net to test
  the source port and transaction ID randomness of a discovered DNS
  server (assuming it allows recursion at all).  These scripts were
  contributed by Brandon Enright.
 2008-09-05 02:04:07 +00:00
david
b9c3cc90d4 Uncommit some files accidentally committed in r9869. 2008-08-30 21:09:01 +00:00
david
20f38fcf15 Add CHANGELOG entry for higwidgets move. Rewrap another entry to 70 columns. 2008-08-30 21:07:38 +00:00
fyodor
5751967a43 rebuild some generated content 2008-06-29 09:13:57 +00:00
kris
ac5138b975 NSE re-categorization 
* Merge the "backdoor" category into "malware"
* Add "auth" for authentication credential determination
* Rename "vulnerability" to "vuln"
* Place 12 scripts into their correct categories
 2008-06-21 06:34:03 +00:00
david
d924d3c0e0 Undo the change to scripts/script.db accidentally committed in r7967. 2008-06-06 04:36:32 +00:00
david
a2229c1228 Remove the share/icons and share/pixmaps from zenmap.spec.in because those are 
now subdirectories of share/zenmap.
 2008-06-06 04:34:23 +00:00
kris
c7eb8011d9 NSE now has a "default" category for scripts. This category holds the set 
of scripts chosen from when using -sC (but it's still just another category
and so can be chosen with --script like any other).

On top of updating the docs with information about this new category, I've
also updated sections to emphasize that the "default" category, -sC and -A
are considered intrusive and should not be run against target networks
without permission.

The new list is very similar to the previous "safe,intrusive" list:

Added: finger, ircServerInfo, RealVNC_auth_bypass
Removed: HTTPpasswd

Here are the 21 scripts in this new category:

anonFTP
dns-test-open-recursion
finger
ftpbounce
HTTPAuth
HTTP_open_proxy
ircServerInfo
MSSQLm
MySQLinfo
nbstat
RealVNC_auth_bypass
robots
rpcinfo
showHTMLTitle
showOwner
SMTPcommands
SNMPsysdesr
SSHv1-support
SSLv2-support
UPnP-info
zoneTrans
 2008-05-28 07:16:32 +00:00
kris
ee876ada98 o Replaced kibuvDetection.nse with version detection match lines which 
work better than the script. [Kris, Brandon]
 2008-05-25 23:30:21 +00:00
kris
e7eafc8928 Whoops, I missed running --script-updatedb for r7439 (removing mswindowsShell.nse) 2008-05-11 05:49:02 +00:00
ejlbell
7f58dc082c Switched bruteTelnet to the vulnerability category so it is not executed by default. Prompted by a bug report stating bruteTelnet failed on windows but switching is a good idea anyway as the script takes a long time to run. 2008-03-15 21:09:29 +00:00
fyodor
980d9ddd8d o Added UPnP-info NSE script by Thomas Buchanan. It gathers 
information from the UPnP service (UDP port 1900) which listens on
  many network devices such as routers, printers, and networked media
  players.
 2008-01-10 22:12:11 +00:00
fyodor
de9a7e8215 Added rpcinfo.nse script, which contacts a listening RPC portmapper 
and reports the listening services and port information (like
rpcinfo -p does).  The script was written by Sven Klemm.  Fyodor
then enhanced the RPC number list with all of the entries from
nmap-rpc.
 2007-12-20 23:13:07 +00:00
kris
a988d26982 Adding new MySQLinfo NSE script for printing MySQL server information 2007-12-19 07:23:59 +00:00
fyodor
088f7022a4 new script from Judy Novak at Sourcefire 2007-11-28 22:09:40 +00:00
fyodor
39e2f3ed61 New PPTP version detection script from Thomas Buchanan 2007-11-14 23:30:22 +00:00
david
9d6a94d6ea Remove an entry for a test script from script.db. 2007-11-08 07:44:49 +00:00
david
50c4981934 Remove the first-generation OS detection and nmap-os-fingerprints. 2007-11-03 01:31:02 +00:00
kris
7c3448c1f7 Trying to keep script.db tidy when running --script-updatedb. This sorts the script filenames before writing script.db. Tested on Linux and Windows 2007-09-15 01:01:35 +00:00
kris
baf7e98c7f Adding my HTTPtrace.nse script. Simply put, it sends an HTTP TRACE method and examines the response for modifications 2007-09-02 00:25:33 +00:00
fyodor
31b16ba562 latest scripts DB 2007-08-30 20:56:30 +00:00
kris
199f7f9285 Adding my /etc/passwd directory traversal script (HTTPpasswd.nse) 2007-08-28 22:33:09 +00:00
fyodor
f025e86b0b merge soc07 r5085:5094 - removed a period which could lead to slightly confusing output such as 'Read data files from: ..' when they are read from the current directory; Always print a message when the script database is updated successfully; Added a whole bunch of entries to the CHANGELOG in preparation for the first soc07 release; latest auto-generated files; add a question mark to a textual question 2007-08-11 05:14:52 +00:00
fyodor
475393bc2c merge soc07 r5049:5063 - added string split/join methods; Bruteforce telnet script; fixed a few typos; updated to escape some common url constructs; refactored shorport library; Added a family of string buffer functions to nselib as concatenation is not efficient; Updated a couple of scripts to use string buffers; resolved a couple of naming conflicts 2007-08-11 04:58:05 +00:00
fyodor
3e86212fee merge soc07 r5002 - New IRC server info script 2007-08-11 04:43:12 +00:00