PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-24 16:39:03 +00:00
Code Issues Projects Releases Wiki Activity
13,050 Commits 2 Branches 0 Tags
e263e648207995e491b6ffe3a94e24c3fbd4faba
Commit Graph

2984 Commits

Author SHA1 Message Date
tomsellers
318accba6e NSE add STARTTLS to sslv2 improving detection of SSLv2 and DROWN oracles. Closes #320 2016-03-03 02:06:05 +00:00
dmiller
abb827a759 Let http-title fetch different url via script-args 2016-02-21 14:28:09 +00:00
dmiller
ab79e7ad88 Fix a mistake in merging #36: append items instead of nesting lists 2016-02-17 13:26:29 +00:00
dmiller
0be412e50e Add XML output to http-rfi-spider (nnposter). See #36 2016-02-14 14:42:19 +00:00
dmiller
4da5cfebc7 Avoid blank output from broadcast-dhcp-discover 2016-02-11 23:50:48 +00:00
gyani
cf326ea74f Corrected a spelling. Had misspelt JSON as J0SON. 2016-02-10 20:07:35 +00:00
jah
3da6feda13 Treat stale, unwritable files as unreadable. 2016-02-07 15:28:26 +00:00
jah
a40fe5413c Handle file io error messages on Windows 
which prepends the file path to the error string.
 2016-02-07 15:11:24 +00:00
jah
a9e7f696b9 Improve handling of locally cached assignment data 
so that whois-ip will not make HTTP requests to iana.org unless it is
permitted to write the remote resources to a local file and to
subsequently read from the local file.
 2016-02-07 14:10:09 +00:00
jah
a50e8cfa21 Seperate addr family check for assignment file use 
A problem encountered while obtaining or locally caching a remote IANA
assignment file for one address family will not prevent the use of an
assignment file corresponding to a different address family.
 2016-02-07 14:08:44 +00:00
jah
b7e597ed8f Various non-functional improvements 
such as white space corrections, removal of redundant function arguments
and cetera.
 2016-02-07 14:07:57 +00:00
dmiller
10bddaf1cf Update http-php-version based on scan data 2016-02-05 22:53:43 +00:00
dmiller
3dec95dcf8 Fix host header for http-brute; nsedoc and refactoring 2016-01-19 15:44:20 +00:00
dmiller
26510fe8a7 Remove hardcoded IP from ftp-bounce 
Instead of hard-coding the many-years-invalid IP address of
scanme.nmap.org, look it up via DNS. Even better, you can override the
host used for this purpose, in case you don't want to tip your hand.
 2016-01-15 20:19:55 +00:00
dmiller
4da091f1f0 Update http-robtex-shared-ns 2016-01-15 05:55:16 +00:00
dmiller
709fcfbefa Fix http-robtex-reverse-ip and make it a bit more resilient 2016-01-15 05:55:15 +00:00
dmiller
4f91604e75 Fix some incorrect formatting in @output sections 2016-01-08 19:34:05 +00:00
dmiller
cdb5e5b9d8 New script: ms-sql-ntlm-info 2016-01-08 19:34:04 +00:00
dmiller
1accb103d1 New script: nntp-ntlm-info 2016-01-08 16:17:12 +00:00
dmiller
5a1e018803 New script: pop3-ntlm-info 2016-01-08 16:06:37 +00:00
dmiller
82be9b48ee New script: telnet-ntlm-info 2016-01-08 15:54:53 +00:00
dmiller
1f74fc2550 New script: smtp-ntlm-info 2016-01-08 15:29:54 +00:00
dmiller
70798c2468 New script: imap-ntlm-info 2016-01-08 03:08:26 +00:00
dmiller
2702b4d030 Let http-ntlm-info use smbauth functions for generating and parsing NTLM blobs 2016-01-08 02:57:24 +00:00
dmiller
e43e6fc278 Fix a crash on dns.query failure in dns-client-subnet-scan. Fixes #93 2016-01-07 05:45:48 +00:00
dmiller
b2d67c470f http-vuln-cve2013-6786 RomPager XSS script 2016-01-06 20:47:07 +00:00
dmiller
226a05af31 Replace some deprecated print_verbose with verbose1 calls 2016-01-04 16:48:08 +00:00
dmiller
1a205842fd Reformat ordered lists in NSEdoc 2016-01-02 05:08:05 +00:00
dmiller
1863fd84d3 Update NSEdoc for http-form-brute 2016-01-02 04:52:15 +00:00
dmiller
4e23e6dfde Major upgrade to http-form-brute 
Now can correctly handle complex token-based CSRF protections by grabbing all
fields from the login form and using session cookies from the form request.
These cookies are sent with subsequent redirect-following requests for better
failure detection. On success, cookies are cleared and re-acquired.

A database of known web apps' login forms is used for form detection, helpful
for those whose username and password fields do not begin with "user" and
"pass". Form mangling (to remove cookie checks in one instance) and custom
onsuccess functions are also supported. Tested: django, wordpress, mediawiki.

This *may* be a replacement (upon suitable testing) for http-wordpress-brute and
http-joomla-brute.
 2015-12-31 16:21:03 +00:00
dmiller
e1cf78d57e Fix some issues with http-wordpress-brute 
1. When the hostname script-arg was used, the script would try to
*connect* to that host instead of the target. Now the argument is used
*only* for the Host: header.

2. The http options table is reused for each request, significantly
reducing the load on the garbage collector over many requests.

3. Do not use both creds.Credentials:new() and creds.Account:new(),
since this results in double-reporting found credentials.
 2015-12-29 17:14:37 +00:00
dmiller
8a28707b32 Fix loading devframework fingerprints from script-arg 2015-12-28 17:07:37 +00:00
dmiller
82b765f6fe Fix bad output when rmi.Registry.list fails. Closes #262 2015-12-19 18:01:11 +00:00
dmiller
0b0955994d Add Alex Geana's multicast IPv6 listener script 2015-12-19 15:50:08 +00:00
dmiller
e5871dcc83 Clarify some @usage, fix double --script-args in telnet-brute 2015-12-19 15:25:44 +00:00
dmiller
a11db08325 Every ipOps function validates IP addresses, so no need to do it explicitly 2015-12-19 15:25:43 +00:00
dmiller
566120ca58 Fix some output formatting and a crash 2015-12-18 21:48:44 +00:00
dmiller
0f99596555 Fix a few bugs in targets-ipv6-multicast-mld. http://seclists.org/nmap-dev/2015/q2/250 2015-12-16 17:07:40 +00:00
dmiller
c199828a49 Remove intrusive category from hostmap-bfk 2015-12-15 16:40:01 +00:00
dmiller
73ad899d30 Update hostmap-robtex to current page layout 2015-12-15 16:40:00 +00:00
dmiller
bb07040e21 Add http-vuln-cve2014-3704 'Drupalgeddon'. Closes #226 2015-12-14 21:29:30 +00:00
dmiller
a8f0daaf38 Fix a crash in snmp-interfaces: http://seclists.org/nmap-dev/2015/q4/218 2015-12-13 21:39:48 +00:00
tomsellers
dd503ae2e5 Update script name in help of http-userdir-enum, update CHANGELOG to reflect last commit. 2015-12-13 20:25:50 +00:00
tomsellers
25c891d570 NSE: http-backup-finder.nse Address 3 sources of false positives. Closes #242 2015-12-13 20:18:17 +00:00
dmiller
53d41055c7 Port r35354 changes to ssl-enum-ciphers internal probe 2015-12-07 17:45:55 +00:00
tomsellers
58f00324eb NSE: Prevent http.identify_404 from following HTTP redirects, standardize calls to it. Closes #251 2015-12-05 10:16:51 +00:00
tomsellers
1bba7d4b80 NSE: http-cakephp-version - fix false positive caused by following HTTP redirects. Update call to identify_404 to improve results. 2015-12-04 01:28:11 +00:00
tomsellers
25a27252ec NSE: hnap-info minor code quality improvement 2015-12-04 01:05:28 +00:00
tomsellers
c662f9cbd1 Address false positive in hnap-info.nse Closes #241 2015-12-03 12:16:24 +00:00
dmiller
d2d5a78399 Avoid error output on non-HTTP and non-XMLRPC services. Closes #244 2015-11-29 16:34:33 +00:00