PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity
2,067 Commits 2 Branches 0 Tags
e09dba77d17f564aace6564328af270bc44de1ae
Commit Graph

279 Commits

Author SHA1 Message Date
david
e09dba77d1 Adjust the output of http-trace and pop3-capabilities to avoid overly long 
lines.
 2008-11-10 23:44:49 +00:00
david
5a418c9c23 Better format the output of smtp-commands.nse. 2008-11-10 23:35:31 +00:00
david
9d97468d48 Update some documenation in smb-check-vulns.nse. 2008-11-10 23:18:20 +00:00
jah
c38aa90312 Fix http.lua which ignores port.protocol and assumes it to be 'tcp' even if it is 'udp'. 
Now http.request() returns nil if port.protocol is not 'tcp'.
Changed the portrule in html-title.nse to accept only TCP ports.

Fixed a redirect rule in html-title.nse which was comparing the string url.port with
the number port.number - which would always be false.
 2008-11-10 22:55:08 +00:00
david
65348958eb Rearrange some symbolic constants in smb-check-vulns.nse so as not to confuse 
NSEDoc. Also fix a couple of typos.
 2008-11-10 21:44:35 +00:00
ron
8e89a0e217 updated scriptdb/CHANGELOG, renamed smb-checkvulns.nse to nse-check-vulns.nse for consistency with the new naming standard 2008-11-10 19:06:50 +00:00
ron
82ce5f2a92 Merge from /nmap-exp/ron/ms08-067-test 2008-11-10 16:23:12 +00:00
fyodor
ce3835a4e3 changing name from identd-owners to auth-owners to match service name in nmap-services. We can always change it back if we change nmap-services 2008-11-08 05:12:44 +00:00
fyodor
fb77d6addd changing name from identd-owners to auth-owners to match service name in nmap-services. We can always change it back if we change nmap-services 2008-11-08 05:12:22 +00:00
fyodor
35ea5808bf add output section to identd-owners nsedoc 2008-11-08 05:02:17 +00:00
david
5f166e19ec Don't use empty parentheses when referring to functions by name in NSE 
documentation.
 2008-11-07 22:49:49 +00:00
david
e8adfb9599 o http-auth.nse now properly checks for default authentication 
credentials. A bug prevented it from working before. [Vlatko
  Kosturjak]
 2008-11-07 17:16:20 +00:00
david
69d8577cb6 Little typo fix. 2008-11-07 04:40:52 +00:00
fyodor
989f48be6d mostly documentation cleanup, though I also moved ftp-anon into the safe category since I don't think it is any more intrusive than other scripts in that category 2008-11-07 04:35:22 +00:00
fyodor
43fa2ded58 add to the discovery category. I'm not certain this is a good move, but html-trace is in the category, so we presumably need to either remove it from html-trace or add it to http-title, robots.txt, etc. 2008-11-07 00:31:15 +00:00
fyodor
cd40532297 add to discovery category 2008-11-07 00:29:15 +00:00
fyodor
c73dfd173a o Renamed irc-zombie.nse to auth-spoof and improved its description 
and output a bit. [Fyodor]
 2008-11-06 21:58:29 +00:00
david
c1cc2c3dcd Change the message in ftp-anon from "FTP: Anonymous login allowed" to 
"Anonymous FTP login allowed".
 2008-11-06 05:03:21 +00:00
david
a44a66c68a Change some of the output of sniffer-detect.nse and add an @output section. 2008-11-06 03:49:39 +00:00
david
6fbc8868a9 Rename scripts (almost all of them) to make their names more consistent and 
make them look better in output. The full list of changes is
  anonFTP => ftp-anon
  ASN => asn-query
  brutePOP3 => pop3-brute
  bruteTelnet => telnet-brute
  daytimeTest => daytime
  dns-safe-recursion-port => dns-random-srcport
  dns-safe-recursion-txid => dns-random-txid
  dns-test-open-recursion => dns-recursion
  ftpbounce => ftp-bounce
  HTTPAuth => http-auth
  HTTP_open_proxy => http-open-proxy
  HTTPpasswd => http-passwd
  HTTPtrace => http-trace
  iax2Detect => iax2-version
  ircServerInfo => irc-info
  ircZombieTest => irc-zombie
  MSSQLm => ms-sql-info
  MySQLinfo => mysql-info
  popcapa => pop3-capabilities
  PPTPversion => pptp-version
  promiscuous => sniffer-detect
  RealVNC_auth_bypass => realvnc-auth-bypass
  robots => robots.txt
  showHTMLTitle => html-title
  showOwner => identd-owners
  skype_v2-version => skypev2-version
  smb-enumdomains => smb-enum-domains
  smb-enumsessions => smb-enum-sessions
  smb-enumshares => smb-enum-shares
  smb-enumusers => smb-enum-users
  smb-serverstats => smb-server-stats
  smb-systeminfo => smb-system-info
  SMTPcommands => smtp-commands
  SMTP_openrelay_test => smtp-open-relay
  SNMPcommunitybrute => snmp-brute
  SNMPsysdescr => snmp-sysdescr
  SQLInject => sql-injection
  SSH-hostkey => ssh-hostkey
  SSHv1-support => sshv1
  SSLv2-support => sslv2
  strangeSMTPport => smtp-strangeport
  UPnP-info => upnp-info
  xamppDefaultPass => xampp-default-auth
  zoneTrans => zone-transfer
 2008-11-06 02:52:59 +00:00
fyodor
ddf146cb30 o Removed ripeQuery.nse because we now have the much more robust 
whois.nse which handles all the major registries. [Fyodor]
 2008-11-06 01:09:05 +00:00
david
4863d506c1 Remove script ids. Scripts are identified by file name in output (just the 
basename without ".nse", or the full path with debugging level 2 or higher).
This includes documentation changes in scripting.xml.
 2008-11-05 00:52:55 +00:00
david
14fc84bd49 Update finger.nse in scripting.xml to match the latest version of the script. 
Also take the example script out of a sect2 and put it directly in the
enclosing sect1 (the sect1 was empty except for the sect2).
 2008-11-04 22:47:17 +00:00
david
0ed2134ea7 Include some missing or incorrect script ids in @output sections. 2008-11-04 20:46:57 +00:00
ron
7a36a20c4c Noticed the id was set in two places, removed the second 2008-11-04 17:08:15 +00:00
ron
c3ac9337cc Fixed a bug in the smb session enumeration where users wouldn't get added to the list if we couldn't look up the users' timestamps (which happens with guest accounts for sure) 2008-11-04 17:05:18 +00:00
david
12290c86cd Qualify some "I"s in script documentation to attribute them to their author, to 
reduce confusion when many scripts are presented together. Also make a few
other miscellaneous documentation cleanups.
 2008-11-04 16:41:12 +00:00
fyodor
c22c9ca885 o Removed showSSHVersion.nse. Its only real claim to fame was the 
ability to trick some SSH servers (including at least OpenSSH
  4.3p2-9etch3) into not logging the connection.  This trick doesn't
  seem to work with newer versions of OpenSSH, as my
  openssh-server-4.7p1-4.fc8 does log the connection. Without the
  stealth advantage, the script has no real benefit over version
  detection or the upcoming banner grabbing script. [Fyodor]
 2008-11-04 05:04:12 +00:00
david
ae27b48ffb Just refer to the smb module documentation for the smb* script args rather than 
duplicating it in every script. This may not be the way we keep doing it, but
it's needed for now to keep from having excessive duplication in the printed
output.
 2008-11-04 00:01:20 +00:00
david
12892ad59a Add @output to scripts/popcapa.nse. 2008-11-03 23:50:46 +00:00
david
9d1b588e4b Fix a few little formatting errors in SQLInject.nse. 2008-11-03 21:37:08 +00:00
david
e01984b2f5 Proofread and format the smb-* scripts. This was mostly done by Ron already. 2008-11-03 21:36:07 +00:00
david
78cc76e9f8 Update script.db. 2008-11-03 20:01:11 +00:00
david
cc7a58cd7a Merge from /nmap-exp/ron/nmap-smb. This adds the new scripts 
smb-serverstats.nse, smb-enumsessions.nse, and smb-enumshares.nse.
 2008-11-03 20:00:24 +00:00
david
2cceb5184c Separate the first paragraph from the rest of the description with a blank 
line, not "\n\n", in the SMB and MSRPC scripts and modules. There are newer
versions of these files pending review, so this is just a quick measure to let
me use first paragraphs as summaries rather than first sentences.
 2008-11-03 16:17:07 +00:00
david
4175c0a930 Give bruteTelnet.nse a less generic name "Telnet brute force" instead of 
"bruteforce".
 2008-11-03 16:03:17 +00:00
david
f8b4fc4cc1 Fix a couple of duplicate words found with the duplicate-words script. 2008-10-30 17:28:14 +00:00
kris
c51f495a84 o The SSLv2-support NSE script no longer prints duplicate cyphers if 
they exist in the server's supported cypher list.
 2008-10-29 22:58:06 +00:00
david
49843daf56 Update some code excerpts in docs/scripting.xml. Make small changes to 
scripts/showOwner.nse for the purpose of better presentation. Remove the subtle
bug in the portrule example. We shouldn't put bad examples in print.
 2008-10-27 17:52:50 +00:00
david
f32ed8acfe Remove an ineffectual setting of port.version.fingerprint to nil in 
scripts/PPTPversion.nse.
 2008-10-27 17:16:53 +00:00
david
84afa54d3a Update and proofread documentation of all the scripts, with the exception of 
nbstat.nse and smb-*.nse, which Ron is going to do.
 2008-10-25 03:11:25 +00:00
david
879b33ad75 Replace showHTTPVersion.nse in scripting.xml with skype_v2-version.nse, a 
better example of a version-detection script. I made a few small changes to the
script: shortening long lines and removing some non-functional ones. See
http://seclists.org/nmap-dev/2008/q4/0311.html.
 2008-10-25 01:20:04 +00:00
david
15d0add1fe Remove RealVNC_auth_bypass.nse from the "malware" category. It doesn't have to 
do with any malware, just a security vulnerability. It remains in "default" and
"vuln". I think it was in "malware" because it used to be in the old "backdoor"
category.
 2008-10-24 22:04:30 +00:00
david
3ee17ecb5c Fix NSEDoc error messages, except for some "documenting undefined parameter" 
that happen when one function is defined to be another by assignment.
 2008-10-24 17:05:40 +00:00
david
efed9cf1a8 Update the documentation for some scripts and modules that I used in the NSEDoc 
section of scripting.xml.
 2008-10-24 00:23:46 +00:00
david
295ff830a3 Reformat ASN.nse using new markup. \n is now usually unnecessary. The three 
main uses of \n are now done differently: paragraph breaks are now signaled by
a blank line, lists are done with the "* " syntax, and preformatted code should
be delimited with <code></code> tags.
 2008-10-22 23:49:44 +00:00
david
b03230218d Commit a few NSE documenation changes I made while testing the new markup 
parser; they work now.
 2008-10-22 23:31:47 +00:00
david
837c1e95ca Make a few script documentation whitespace changes. 2008-10-20 23:45:33 +00:00
fyodor
f6fb4d971c o Removed some unecessary "demo" category NSE scripts: echoTest, 
chargenTest, showHTTPVersion, and showSMTPVersion.nse.  Moved
  daytimeTest from the "demo" category to "discovery".  Removed
  showHTMLTitle from the "demo" category, but it remains in the
  "default" and "safe" categories. This leaves just showSSHVersion and
  SMTP_openrelay in the undocumented "demo" category. [Fyodor]
 2008-10-20 22:54:43 +00:00
fyodor
7ead36a64e remove demo category from showHTMLTitle 2008-10-20 21:47:24 +00:00