PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-27 09:59:04 +00:00
Code Issues Projects Releases Wiki Activity
9,497 Commits 2 Branches 0 Tags
d5af9560c3fc917d64d201eb1bc7bfa71f088f6f
Commit Graph

2172 Commits

Author SHA1 Message Date
tomsellers
d5af9560c3 Add the full ntpd version string, for example v4.2.4p4@1.1520-o, to the 
port's version attributes if the remote service provides it. Also capture
OS info as well as it can provide exact kernel versions in some cases.
 2014-12-20 01:14:34 +00:00
dmiller
9857aa6ac2 Service fingerprint lengths are in hex, not decimal 2014-12-18 03:29:20 +00:00
dmiller
425e407eb3 Use decoding instead of pattern match for protocol checking 2014-12-18 03:23:46 +00:00
dmiller
711f6d97c9 New script, snmp-info for querying snmpv3 services 2014-12-18 00:22:48 +00:00
dmiller
8e8935d2c0 Avoid comparing nil with an integer, potentially 2014-12-18 00:22:42 +00:00
tomsellers
845616623d Add support to 'citrix-enum-apps-xml' for reporting if published applications in the list are enforcing/requiring the level of ICA/session data encryption shown in the script result. This information was already in the XML provided by the server, this change just adds parsing for it. 2014-12-17 11:56:52 +00:00
dmiller
1653d846e6 Don't double-encode ssh key for XML output 2014-12-17 03:32:09 +00:00
dmiller
f9f2829e3c Switch to tail-recursion 2014-12-15 05:20:42 +00:00
dmiller
5f5af2d573 Add XML output to modbus-discover 2014-12-15 05:20:39 +00:00
dmiller
c3579c8b76 Another Raul Fuentes script: targets-ipv6-wordlist 2014-12-03 16:20:22 +00:00
dmiller
918d926913 Remove the unnecessary -recon portion of targets-ipv6 script 2014-12-03 16:02:16 +00:00
dmiller
5d6a024c7b Do a better job spelling people's names. Sorry, Raúl! 2014-12-02 18:36:15 +00:00
dmiller
bb96a09c16 Add one of Raul Fuentes's IPv6 recon scripts 2014-12-02 04:17:50 +00:00
dmiller
bfc9a00800 Let http-server-header send HTTP/1.1 request with Host header to elicit better response 2014-12-01 15:21:57 +00:00
dmiller
f90dd56021 Let tftp-enum substitute host's MAC address into filenames when known 2014-11-29 03:50:07 +00:00
dmiller
fc0337083e nnposter's ssl-date improvements http://seclists.org/nmap-dev/2014/q3/317 2014-11-18 03:53:25 +00:00
dmiller
c85bb0b54f Correct logic on checking for SHA1 certificate in ssl-enum-ciphers 2014-11-10 16:16:29 +00:00
dmiller
4e3baad093 Relax ssl-enum-ciphers' timeout to allow time for server processing 2014-11-10 16:16:27 +00:00
dmiller
e3024a6463 Documentation for new ssl-enum-ciphers rating system 2014-11-07 21:52:49 +00:00
dmiller
8f414cfc3a Correct conversion of DH key size to RSA bit strength equivalent 2014-11-07 21:41:38 +00:00
dmiller
222b2a009d Use internal cipher/handshake scoring system instead of static datafile 2014-11-07 16:39:26 +00:00
dmiller
e11a8609a7 Remove unnecessary vars and redistribute declarations 2014-11-07 16:39:24 +00:00
dmiller
b73dc0e762 Restructure try_params to return all recieved records 
No functional change to the script, but this allows callers to check for
various alerts or other handshake messages (certificate,
server_key_params, client_certificate_request, etc).
 2014-11-05 14:41:50 +00:00
dmiller
9f34a29778 Correct script-args docs for http-virustotal 2014-11-01 12:57:32 +00:00
dmiller
f8ef3f48da Fix detection of CVE-2011-2523 
http://seclists.org/nmap-dev/2014/q4/130
 2014-10-30 13:14:02 +00:00
dmiller
27948e1588 Fix file permissions and missing require in http-avaya-ipoffice-users 2014-10-27 13:04:47 +00:00
dmiller
a1d984a66b Fix a couple off-by-one errors in parsing multiple TLS records 
Reported by Kent Fritz: http://seclists.org/nmap-dev/2014/q4/104
 2014-10-26 16:22:21 +00:00
dmiller
c4ad3ff4d6 Fix some error handling in ssl scripts 2014-10-25 18:58:18 +00:00
tomsellers
e11e03fa50 Add the signature algorithm that was used to sign the target port's x509 (TLS) certificate to the output of ssl-cert.nse 
http://seclists.org/nmap-dev/2014/q4/44
 2014-10-25 18:56:38 +00:00
dmiller
a047985f19 Make SCSV check in ssl-poodle backwards-compatible 2014-10-23 16:01:03 +00:00
dmiller
eeb5f41932 Compatibility check for ssl-poodle 2014-10-23 15:16:45 +00:00
dmiller
e9354a4793 Add TLS_FALLBACK_SCSV checking to ssl-poodle 2014-10-22 17:01:19 +00:00
dmiller
db098b4e8d Fix a bug (false-negative) in ssl-poodle 2014-10-22 17:01:17 +00:00
dmiller
fefcca1623 Add ssl-poodle 2014-10-21 14:08:34 +00:00
paulino
92dc4564db Fixes script output 2014-10-19 20:29:10 +00:00
paulino
c372f9823b Adds http-avaya-ipoffice-users.nse to enumerate user information such as extension display name, full name and extension number in Avaya IP Office systems. 2014-10-19 00:58:31 +00:00
paulino
6acfb753c3 Updates script database after the removal of 'db2-discover.nse' 2014-10-18 04:44:26 +00:00
dmiller
917842059b Check TLS body protocol for compatibility in ssl-enum-ciphers 
Haven't seen this, and it shouldn't happen, but it's possible for a
server to send the same protocol version in the record, but a different
one in the body. This wouldn't be valid, so we should reject it.
 2014-10-16 04:07:07 +00:00
dmiller
cdd61aa874 Fix a bug in ssl-enum-ciphers 
If the last chunk of ciphers was rejected, then all results were
discarded.
 2014-10-15 21:52:36 +00:00
dmiller
ead3649ac5 Remove db2-discover.nse 
Service probe does the same work. See
http://seclists.org/nmap-dev/2014/q3/415
 2014-10-15 18:52:08 +00:00
dmiller
8005bfe83f Improvements and fixes to http-rfi-spider 
patch from nnposter: http://seclists.org/nmap-dev/2014/q3/443
 2014-10-15 18:38:16 +00:00
dmiller
5952b9745b Move url-encoding to url.build_query 
patch from nnposter: http://seclists.org/nmap-dev/2014/q3/427
 2014-10-15 18:12:58 +00:00
dmiller
f60bf5fbc6 Correct CRLF in ftp-brute 2014-10-14 02:30:02 +00:00
sophron
4651a8f4ae [NSE] Updated http-robtex-* scripts to match current robtex API. 2014-10-08 01:39:30 +00:00
dmiller
b4988f1f5b Improvements to http-server-header 
If service scan failed to find a match, the probe responses are cached.
Now http-server-header will look through those responses before sending
a probe of its own. This should result in better detection with fewer
probes sent.

Also changed the Server header string match to case-insensitive.
 2014-10-01 19:54:34 +00:00
dmiller
23d4abd5e9 New docker-version script 
http://seclists.org/nmap-dev/2014/q3/265
 2014-09-24 20:31:42 +00:00
dmiller
a472ea34ab Major improvements to http-form-brute 
Credit nnposter: http://seclists.org/nmap-dev/2014/q3/479
 2014-09-23 13:42:00 +00:00
dmiller
e42409be93 XML structured output for brute.lua and creds.lua 
The @xmloutput section documentation is not done, and I'm not sure how
to best do it, since it will be the same for all brute.lua scripts. This
is how it looks:

metasploit-msgrpc-brute:
<table key="Accounts">
  <table>
    <elem key="username">root</elem>
    <elem key="state">Valid credentials</elem>
    <elem key="password">root</elem>
  </table>
</table>
<elem key="Statistics">Performed 3 guesses in 4 seconds, average tps: 0</elem>

creds-summary:
<table key="127.0.0.1">
  <table key="9929/nping-echo">
    <table>
      <elem key="password">123456</elem>
      <elem key="state">Valid credentials</elem>
    </table>
  </table>
  <table key="55553/unknown">
    <table>
      <elem key="username">root</elem>
      <elem key="state">Valid credentials</elem>
      <elem key="password">root</elem>
    </table>
  </table>
</table>
 2014-09-23 05:23:19 +00:00
dmiller
f37ac44380 Move brute.Account to creds.Account 
In addition to fitting better (brute library is the verb, creds library
is the noun), this will allow creds.lua to use creds.Account internally
where necessary (see subsequent commits)

Also change old references to string argument "OPEN" into
creds.State.VALID.
 2014-09-23 05:23:13 +00:00
dmiller
1d5da8bccb Get rid of redundant/useless tonumber()s in script arg processing 2014-09-20 06:03:25 +00:00