PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 05:01:29 +00:00
Code Issues Projects Releases Wiki Activity
10,109 Commits 2 Branches 0 Tags
dd503ae2e568896eebedf9f9991ee4a78912d86d
Commit Graph

22 Commits

Author SHA1 Message Date
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
dmiller
9840973b60 Fix format string argument mismatches 
Cases where the format string does not contain any placeholders, but
values are given anyway. Cases where string.format is used without any
placeholders or arguments.
 2015-09-18 12:40:32 +00:00
dmiller
00064a1809 Whitespace/reindent cleanup in NSE. https://secwiki.org/w/Nmap/Code_Standards 2015-05-31 17:37:51 +00:00
paulino
4a95d8f9b2 Removes duplicate credential structure in favor of NSE library creds. Patch submitted by nnposter fixes #58 2015-04-16 18:51:45 +00:00
dmiller
a472ea34ab Major improvements to http-form-brute 
Credit nnposter: http://seclists.org/nmap-dev/2014/q3/479
 2014-09-23 13:42:00 +00:00
dmiller
f37ac44380 Move brute.Account to creds.Account 
In addition to fitting better (brute library is the verb, creds library
is the noun), this will allow creds.lua to use creds.Account internally
where necessary (see subsequent commits)

Also change old references to string argument "OPEN" into
creds.State.VALID.
 2014-09-23 05:23:13 +00:00
dmiller
d518e2dbcb Use http.parse_redirect and allow arbitrary verbs in http-form-brute 
There's no reason we can't use other verbs besides GET and POST. Other
verbs are handled like GET requests (parameters in the URI string). Any
redirect responses will be followed with GET requests, though.
 2014-09-17 21:57:59 +00:00
dmiller
5c9d6a3a75 Let http-form-brute use GET in addition to POST 
Patch from nnposter. http://seclists.org/nmap-dev/2014/q3/262
 2014-09-17 21:57:56 +00:00
dmiller
d7d991477a Move http-form-brute docs from @usage to description 2014-08-10 12:34:55 +00:00
dmiller
ddcfa8cc90 Spellcheck: common misspellings in the entire source tree 2014-02-21 21:10:51 +00:00
dmiller
1b71f75aad Spelling fixes for Lua files 
Mostly in documentation/comments, but a couple code bugs were caught,
including a call to stdnse.pirnt_debug and a mis-declared variable.
 2014-02-19 04:15:46 +00:00
dmiller
d309fecd12 Re-indent some more scripts. Whitespace-only commit 
https://secwiki.org/w/Nmap/Code_Standards
 2014-02-02 15:33:29 +00:00
dmiller
620f9fdb34 Remove trailing whitespace in lua files 
Whitespace is not significant, so this should not be a problem.
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-23 21:51:58 +00:00
dmiller
f42dde7ba2 Document some undocumented script-args 2013-03-05 22:31:39 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
fyodor
c9d610ccea Create a new brute category for brute forcing scripts, move the *-brute scripts from auth category to brute. document it. I don't know what to do with dns-brute so I left it alone (it wasn't in auth category either) 2011-09-30 06:18:55 +00:00
gorjan
4ca48ea450 FIX: Added require 'creds' where it was missing; Mostly where creds.State.<some_state> was used. 2011-07-07 16:22:57 +00:00
patrik
f4bf440b14 o [NSE] Added credential storage library (creds.lua) and modified the brute 
library and scripts to make use of it. [Patrik]
 2011-06-19 17:18:29 +00:00
patrik
5f00edd310 Re-worked the http-form-brute script, the changes include: 
- autodetecting form fields is now a bit more robust
- only the password field is mandatory
- HTTP re-directs are followed in case they're detected
- the detection of incorrect login attempts has been changed and supports
  two new arguments (onsucces, onfailure)
[Patrik]
 2011-06-12 18:52:51 +00:00
patrik
079195122d o [NSE] Applied patch from Daniel Miller that fixes a bug in http-form-brute 
reported by Josh Greenwood. The script would break if autodetection of
  either brute form fields would fail.

  http://seclists.org/nmap-dev/2011/q2/524
 2011-05-11 13:04:20 +00:00
fyodor
a84c2e4498 Did some NSEDoc cleanup on many of the 45 NSE scripts which are new since the 5.35DC1 Nmap release. Emphasis was on the first paragraph of the description, since that is shown on the front page of http://nmap.org/nsedoc and I'm planning to use that description verbatim (except for removing tags like <code>) for the CHANGELOG 2011-01-14 10:20:51 +00:00
patrik
a2c2a3f84c o [NSE] Added two new scripts http-brute.nse and http-form-brute that attempt 
to perform password guessing against web servers and applications. [Patrik]
 2010-08-19 20:53:40 +00:00