PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-12 02:39:03 +00:00
Code Issues Projects Releases Wiki Activity
4,871 Commits 2 Branches 0 Tags
d9d47eb93da991e4b8770f17b2714bac8d65b11d
Commit Graph

816 Commits

Author SHA1 Message Date
david
1046dcab57 Patch to hddtemp-info by Toni Ruotto that keeps reading past the first 
byte if there's a delay and supports different separator characters.
 2010-12-29 22:37:20 +00:00
david
77c5cd9d9a Use ftp.read_reply in ftp-proftpd-backdoor. Also, do a read_reply after 
sending the magic shell string but before sending a shell command.
Michael Meyer reported that the script would sometimes fail to report a
backdoor; I tracked this down to the sends happening in too-close
succession. The ProFTPD process could receive both sends
("HELP ACIDBITCHEZ\r\nid;\r\n"), read the first line, and execute the
shell, but then the shell would get no input because the "id;\r\n" had
already been read.

This causes a delay up to the timeout when there is a backdoor, but it
still returns right away when there is no backdoor.
 2010-12-29 21:24:53 +00:00
david
e2f8d1f5cb Move the read_reply function out of ftp-anon.nse and into a new library 
ftp.lua.
 2010-12-29 21:24:52 +00:00
david
be20b513af Update @output of gopher-ls. 2010-12-29 18:47:17 +00:00
david
e6c8691007 Whitespace in gopher-ls.nse. 2010-12-29 18:46:20 +00:00
david
80f7754d01 Separate gopher-ls entries with newlines instead of commas. 2010-12-29 18:46:18 +00:00
david
0658e53070 Add gopher-ls.nse by Toni Ruotto. 2010-12-29 18:46:16 +00:00
robert
c2305f23a5 Added hashes for PHP 5.2.15 and 5.2.16. 2010-12-26 13:48:06 +00:00
david
87d8a793f3 Use stdnse.get_script_args for modbus-discover.aggressive. 2010-12-16 08:59:19 +00:00
david
41a81e1789 Documentation and whitespace in modbus-discover.nse. 2010-12-16 08:59:18 +00:00
david
ad40df2c9b Add modbus-discover.nse from Alexander Rudakov. 2010-12-16 08:59:16 +00:00
david
ddf05d7e1f Whitespace in lexmark-config.nse. 2010-12-15 18:57:22 +00:00
patrik
c9ba464c28 Renamed domino-enum-passwords script to http-domino-enum-passwords 2010-12-15 08:52:31 +00:00
david
fffe597ece Typo fix. 2010-12-13 18:16:06 +00:00
david
008a43e7e0 User shortport.version_port_or_service instead of just 
shortport.port_or_service in netbus-version.nse.
 2010-12-13 18:00:07 +00:00
david
573088f99c Change categories of netbus-auth-bypass from {"default", "vuln", "safe"} 
to {"auth", "intrusive", "vuln"}. The first categories are the same as
in realvnc-auth-bypass, which would seems to be a very similar script,
but netbus-auth-bypass can have the additional side effect of breaking
future authentication attempts for all users, which is solidly
intrusive.
 2010-12-13 18:00:06 +00:00
david
d6a89a6674 Fix capitalization of NetBuster. 2010-12-13 18:00:04 +00:00
david
90a2819a04 o [NSE] Added scripts by Toni Ruotto communicating with the NetBus 
remote administration/backdoor program.
  - netbus-info: gets configuration information.
  - netbus-brute: guesses passwords.
  - netbus-version: distinguishes NetBus from NetBuster, a program
    that mimics the protocol but doesn't actually allow any
    operations.
  - netbus-auth-bypass: Checks for a bug in the server that allows
    connecting without a password.
 2010-12-13 18:00:02 +00:00
david
a7e80b4cf3 Update script.db. 2010-12-13 17:30:08 +00:00
david
ccd901f918 Put realvnc-auth-bypass.nse in "auth" category. 2010-12-13 17:30:06 +00:00
david
00652cb231 o [NSE] Added stuxnet-detect.nse by Mak Kolybabi, which detects 
infections of the Stuxnet worm and can optionally download the
  Stuxnet executable.
 2010-12-12 22:40:42 +00:00
patrik
b484d08cfa Merged Martin Swende's patch to domino-enum-passwords that splits output 
based on different hash types.
 2010-12-11 06:47:49 +00:00
patrik
46cdf28fce o [NSE] Added a new iSCSI library and the two scripts iscsi-info and 
iscsi-brute. [Patrik]
 2010-12-10 23:20:59 +00:00
patrik
38a21c4d17 o [NSE] Add new script broadcast-ms-sql-discover and removed broadcast 
support from ms-sql-info. [Patrik]
 2010-12-10 23:12:27 +00:00
robert
eedd069c9e Added the new hash for PHP 5.3.4 credits and extended the elephant logo hash to include this new version. 2010-12-10 12:14:25 +00:00
david
528681c04a Take out "other" in "X other hosts had status Y" in http-vhosts.nse. It 
looks funny when it's the only line and I think it still looks fine this
way when there are multiple lines.
 2010-12-08 00:54:46 +00:00
david
e947e5dedf Patch to http-vhosts.nse from Carlos Pantelides: collapse multiple 
responses bearing the same code into one line.
 2010-12-08 00:54:45 +00:00
david
722fd3a89a Fix script argument name. ftp-proftpd-backdoor.cmd 
instead of ftp-proftp-backdoor.cmd.
 2010-12-07 22:44:06 +00:00
david
4744f6b747 Patch from Mak Kolybabi: let ftp-proftpd-backdoor bail out early if 
version detection has been done and doesn't show a potentially
backdoored version. Also update strings to match the new script name.
 2010-12-07 22:44:04 +00:00
david
adc460fc22 o [NSE] Added the ftp-proftpd-backdoor.nse script by mak Kolybabi, 
which checks for a backdoor in ProFTPD 1.3.3c.
 2010-12-07 00:22:01 +00:00
david
f8530814ab o [NSE] Added http-vhosts.nse from Carlos Pantelides. This script 
brute-forces virtual hosts by sending different Host headers to the
  same server.
 2010-12-06 05:19:35 +00:00
robert
e43a866bea Tweaked the versions slightly (removed 4.3.1 from the bunny hash as it looks wrong and hasn't been corroborated), based on 0php.com data. 2010-11-30 09:25:04 +00:00
fyodor
6c62ce69e8 note some of the information obtained from hddtemp service 2010-11-30 01:56:39 +00:00
david
77a4235fc4 Fixes to firewalk.nse from Henri Doreau: "The first one was due to my 
ignorance that the first index of lua arrays is 1 (and not 0). Because
of that, I was setting a too high ttl value when retrieving it from
traceroute results. The second one was a syntax error on a
nmap.log_write() call."
 2010-11-29 19:16:49 +00:00
david
f8b17ae441 o [NSE] Added the hddtemp-info script from Toni Ruotto, which gets 
hard drive temperatures from the hddtemp service.
 2010-11-29 19:00:11 +00:00
robert
a92eacec1d Added all missing PHP 5.x hashes and tidied up the output (grouped ranges and made it consistently use a dash). 
Hashes are now arranged in order, to make it easier to find manually.

For a list of all the PHP 5 hashes I generated see: http://seclists.org/nmap-dev/2010/q4/518
 2010-11-27 11:21:36 +00:00
patrik
a8efdad527 fixed usage typo. change port number from 5900 to 1352. 2010-11-24 20:56:43 +00:00
robert
485ee4aded Added a new credits hash for PHP/5.2.2 based on testing with php-5.2.2-Win32.zip. 2010-11-24 15:51:39 +00:00
david
21d0324c5b Updates to rmi-dumpregistry.nse and rmi.lua from Martin Holst Swende. 2010-11-23 17:45:58 +00:00
fyodor
3652bd6939 Rename a couple http scripts to make it more clear that they use the http protocol and for consistency with other script names 2010-11-20 04:22:51 +00:00
fyodor
ddcc972443 Update some text in scripts in preparation for rename of these two scripts 2010-11-20 04:19:16 +00:00
fyodor
10d85c1a6b Removed broadcast-upnp-info and broadcast-dns-service-discovery from the default category. With these running by default, I was getting a bunch of information about printers and stuff on my LAN. Which is great info, and I love the scripts, but that's not what I'm really looking for when just trying to scan scanme.nmap.org 2010-11-20 02:04:00 +00:00
patrik
68643a2946 applied patch from Thomas Buchanan containing bugfixes and some re-factoring 
http://seclists.org/nmap-dev/2010/q4/447
 2010-11-19 19:31:50 +00:00
david
c0b8514b4d In realvnc-auth-bypass, check the status in socket receive operations 
instead of checking for result == "TIMEOUT".
 2010-11-18 22:54:16 +00:00
david
1766507ecf Add a new http-php-version.nse version from a server that said: 
X-Powered-By: PHP/5.1.6
 2010-11-17 22:05:04 +00:00
ron
f4769f75e9 Fixed a bug in http-userdir-enum (was missing an argument to http.pipeline_add()) 2010-11-17 20:24:48 +00:00
david
fb0aa3f1e3 Add more http-passwd payloads from Ange Gutek. 2010-11-11 19:02:17 +00:00
patrik
734f938b04 o [NSE] Added a new Web Service Dynamic Discovery library (wsdd) and the two 
scripts broadcast-wsdd-discover and wsdd-discover. [Patrik]
 2010-11-10 22:35:13 +00:00
david
a92f1cb8a4 Update to firewalk.nse from Henri Doreau to use a more polymorphic style 
of supporting multiple protocols.
 2010-11-06 01:54:30 +00:00
david
ccce86a1a7 Add an http-passwd.root script argument. Patch by Ange Gutek. 2010-11-05 21:18:23 +00:00