PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 04:09:01 +00:00
Code Issues Projects Releases Wiki Activity
8,916 Commits 2 Branches 0 Tags
ddcfa8cc9036efbb4cede856972c217d05462c16
Commit Graph

41 Commits

Author SHA1 Message Date
dmiller
ddcfa8cc90 Spellcheck: common misspellings in the entire source tree 2014-02-21 21:10:51 +00:00
dmiller
1b71f75aad Spelling fixes for Lua files 
Mostly in documentation/comments, but a couple code bugs were caught,
including a call to stdnse.pirnt_debug and a mis-declared variable.
 2014-02-19 04:15:46 +00:00
dmiller
69e343f0aa Reindent the last of the NSE libraries. 
https://secwiki.org/w/Nmap/Code_Standards
 2014-02-04 19:47:26 +00:00
dmiller
620f9fdb34 Remove trailing whitespace in lua files 
Whitespace is not significant, so this should not be a problem.
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-23 21:51:58 +00:00
patrik
16d50c48da Squashed commit of the following: 
commit fb1fa9373592e81ee004b99cf813e07bf253fbe1
Author: Patrik Karlsson <patrik@cqure.net>
Date:   Sun Dec 16 11:49:36 2012 -0500

    Fix bug where brute library failed to report error on invalid iterators
 2012-12-16 16:51:47 +00:00
patrik
6cfa5aea0f o [NSE] Added oracle-brute-stealth which exploits CVE-2012-3137, a weakness 
in the Oracle O5LOGIN authentication scheme. [Dhiru Kholia]
 2012-10-06 19:59:45 +00:00
patrik
655f766445 reverted bad commits 2012-10-06 19:38:15 +00:00
patrik
10a34f626a Squashed commit of the following: 
commit 5de9e4fa623f88a9b48ef0704244ff843005573a
Author: Patrik Karlsson <patrik@cqure.net>
Date:   Sat Oct 6 21:19:08 2012 +0200

    Applied patch from Dhiru Kholia adding oracle-brute-stealth and needed changes

    reworked the patch slightly and added;
    - support for specifying account on command line
    - johnfile argument for writing hashes directly to file
 2012-10-06 19:25:13 +00:00
aca
c6ed7023c4 Brute and unpwdb lib improvements that allow more flexible iterator specifications. Merge from my dev branch. 2012-07-10 16:35:48 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
patrik
588ac4fd32 Disable username as password if passonly option is used [Patrik] 2011-12-31 10:17:42 +00:00
patrik
20575e01b9 Fixed bug that would prevent brute library from stopping to guess passwords 
for an account, even when the correct password was found. [Patrik]
 2011-12-30 20:14:48 +00:00
patrik
8728f181d2 Reverting commit r27082 due to incompatibility with Lua 5.2 [Patrik] 2011-11-13 13:11:39 +00:00
patrik
776a11146e Added code to brute library that picks up the executing SCRIPT_NAME using getfenv [Patrik] 2011-11-13 12:56:29 +00:00
patrik
4edf096715 o [NSE] Added new functionality and fixed some bugs in the brute library: 
- Added support for restricting the amount of guesses performed by the
    brute library against users, to prevent account lockouts.
  - Added support to guess the username as password as incorrectly
    suggested as default behavior by the documentation.
  - Added support to guess an empty string as password if not present
    in the dictionary. [Patrik]
 2011-11-13 09:51:15 +00:00
patrik
77380bd9b0 o [NSE] Fixed bug that would prevent brute scripts from running if no service 
field was present in the port table. [Patrik]
 2011-11-10 20:42:47 +00:00
patrik
cbf71a1668 o [NSE] Fixed a bug where the brute library would not abort even after all 
retries were exhausted [Patrik]
 2011-11-02 09:48:33 +00:00
patrik
6c864bd9f8 Changed command line processing to assume cred mode if credfile was supplied 
and no mode was explicitly given [Patrik]
 2011-09-02 06:12:39 +00:00
patrik
5e954c65a9 Added support for comments in the credential_iterator [Patrik] 2011-07-25 17:59:05 +00:00
patrik
2faca7aed1 Added support for scripts to report invalid (non-existing) accounts back 
to the brute library. This way, they're removed from further guessing.
[Patrik]
 2011-07-21 05:56:58 +00:00
patrik
4356fe16a5 * fixed a bug that would result in unnecessary connects and disconnect for 
discovered accounts

* documented engine options

* added new engine option (nostore) that instructs the library not to store
  the discovered credentials in the credential database
 2011-07-13 20:49:20 +00:00
patrik
aadac7c8d5 * Fixed a bug in the brute library prevented additional passwords from 
being found if run in passonly mode.

* Fixed a bug in the brute library preventing detection of duplicate
  credential entries requested from the iterator.
 2011-07-12 21:23:12 +00:00
gorjan
25f00f01ec Another possible fix for the NSEDoc arguments in the brute.lua library 2011-07-10 16:20:49 +00:00
patrik
880f927fc0 fixed a statistic bug, cleaned up some code 
fixed a setMode bug that wouldn't accept mode 'creds'
changed the creds iterator to take a file handle instead of a table
[Patrik]
 2011-07-07 09:58:54 +00:00
gorjan
519d93da6d Fix for the NSEDoc missing @args 2011-07-06 20:19:20 +00:00
patrik
3a3ae7ede1 Added command line support to the creds library 
Changed getCredentials to allow a bitmask filter
Changed getCredentials to return an iterator instead of a table
Modified the brute library to support the changes
[Patrik]
 2011-07-06 12:16:43 +00:00
patrik
f4bf440b14 o [NSE] Added credential storage library (creds.lua) and modified the brute 
library and scripts to make use of it. [Patrik]
 2011-06-19 17:18:29 +00:00
patrik
b62cebc7b3 o [NSE] Fixed a problem in oracle-brute that would fail due to connection 
exhaustion. Fixed some debugging messages in the brute library [Patrik]
 2011-03-19 08:26:33 +00:00
patrik
eaf01310e7 Replaced an empty password with <empty> in a debug message. 2011-03-13 01:22:32 +00:00
david
5d07bded42 Typo fix. 2011-03-12 23:56:43 +00:00
patrik
72b7fcc299 Fixed bug so that empty passwords are printed as <empty> in script results. 
Bug reported by Toni Ruottu http://seclists.org/nmap-dev/2011/q1/789
 2011-03-12 23:50:57 +00:00
david
9f79aad78f Pass the driver_options whenever constructing a driver in brute.lua. This could 
be required, for example, when running the check method.
 2010-09-27 01:20:52 +00:00
patrik
e3781bb25d Changed the code to be more iterator oriented. Scripts can now add their own 
iterators. Mutliple iterators may be added and the library provides a number
of common ones. [Patrik]
 2010-09-14 19:43:53 +00:00
patrik
8cd97c4103 added additional documentation regarding the Error object 2010-08-20 17:58:13 +00:00
patrik
b5f645c2c7 Added more documentation regarding the Account and Error object. 2010-08-19 22:08:08 +00:00
david
66e1254649 Require -d2 to print out each guess in brute.lua, not just -d1. 2010-08-18 17:13:57 +00:00
david
018c6c5171 Remove the brute.emptypass script argument. We already include the 
empty password in our password list. If you want to turn it off, it
would be better to provide an interface that allows an iterator to throw
out certain passwords.
 2010-08-18 16:01:00 +00:00
david
f7b4d9146c Revise NSEDoc in brute.lua. 2010-08-18 15:52:32 +00:00
david
3c89e089fc Change calls in these forms: 
socket:connect(host.ip, port.number)
socket:connect(host.ip, port.number, port.protocol)

to this:

socket:connect(host, port)

connect can take host and port tables now, and the default protocol is
taken from the port table if possible.
 2010-08-16 18:59:30 +00:00
patrik
40a66945bb changed so that the error message of the Error object is returned when a 
script signals the engine to abort.
 2010-08-14 17:14:32 +00:00
patrik
5f58469ba7 o [NSE] Added a new brute library that provides a basic framework and logic 
for password guessing scripts. [Patrik]
 2010-08-14 14:56:40 +00:00