default NSE scripts) which use the 3rd party dns-oarc.net to test
the source port and transaction ID randomness of a discovered DNS
server (assuming it allows recursion at all). These scripts were
contributed by Brandon Enright.
periods itself rather than relying on NSE's old behavior of replacing non-
printable characters with periods. Thanks to Rob Nicholls for reporting the
problem. [Kris]
available rather than lines if neither the "bytes" nor "lines" options are
given. Thanks to Brandon for reporting a problem which he noticed in the
dns-test-open-recursion script. [Kris]
* Merge the "backdoor" category into "malware"
* Add "auth" for authentication credential determination
* Rename "vulnerability" to "vuln"
* Place 12 scripts into their correct categories
It now returns the line as its first argument always, otherwise nil, errmsg
I updated scripts that use make_buffer.
When Lua 5.2 comes out, we may be able to use a function I've added
called stdnse.lines (commented for now). It cannot be used yet because
we cannot yield inside generic for loop. The function is built for
generic for loops. It will work as such:
for line in stdnse.lines(socket) do
...
end
as banner-grabbing (get_banner()) and making a quick exchange of data
(exchange()). 16 scripts were updated to use this library. [Kris]
I have *not* been able to test all of these scripts; however, I have
reviewed them and they should all work properly. I would really like
some more testing, though :)
This commit includes scripting.xml documentation.
* Instead of printing all disallowed entries it now only prints the
first 20. In verbose and debug modes it prints more entries, the exact
number depends on the debug and vebose level
* Prints out the number of disallowed entries
* Prints a message if a robot.txt file exists but has not entries.
* More resilient parsing and duplicate removal code
* Extended the line length to 50 characters so less vertical space used
to transfer. I've only been able to examine the behavior through Wireshark
since I don't have a nameserver that transfers other domains (I always get
"Not Authoritative"). It seems to work fine, though
of scripts chosen from when using -sC (but it's still just another category
and so can be chosen with --script like any other).
On top of updating the docs with information about this new category, I've
also updated sections to emphasize that the "default" category, -sC and -A
are considered intrusive and should not be run against target networks
without permission.
The new list is very similar to the previous "safe,intrusive" list:
Added: finger, ircServerInfo, RealVNC_auth_bypass
Removed: HTTPpasswd
Here are the 21 scripts in this new category:
anonFTP
dns-test-open-recursion
finger
ftpbounce
HTTPAuth
HTTP_open_proxy
ircServerInfo
MSSQLm
MySQLinfo
nbstat
RealVNC_auth_bypass
robots
rpcinfo
showHTMLTitle
showOwner
SMTPcommands
SNMPsysdesr
SSHv1-support
SSLv2-support
UPnP-info
zoneTrans
ports instead of just TCP ports. This made it very slow in the
common case where there are many UDP ports in the open|filtered
state. Thanks to Jason DePriest for reporting the problem and Jah
for tracking it down and fixing it.
