These version allow returning an extension header or other
non–upper-layer protocol if it is the final header before the end of the
packet. This is used to parse the broken packets sent as part of
protocol scan.
This is for technical reasons; nmap-private-dev programs need to link
against objects files but they can't link against main.o because that
results in a duplicate definition of main.
There is a special test that uses IP IDs to check if a presumed reply
from localhost is actually one of our own probes. However the test
didn't bail out ofter finding one of these matches, so a retransmission
(with a different IP ID) could match and look like a protocol reply from
localhost.
This was a mistake that was cauding later IP ID comparisons to be false
because of truncation. In particular, it could make all protocols appear
to be open when doing a -sO scan against localhost because the outgoing
packets looked like protocol replies.
- autodetecting form fields is now a bit more robust
- only the password field is mandatory
- HTTP re-directs are followed in case they're detected
- the detection of incorrect login attempts has been changed and supports
two new arguments (onsucces, onfailure)
[Patrik]
where the Script.new failed:
chosen_scripts[#chosen_scripts+1] = Script.new(path);
if Script.new returns nil, then the operation is a no-op (as intended). So,
just add the script to the array. Script.new now accepts a selected_by_name
argument so we don't set it manually.
Adjusted an Apache Stronghold matchline
Generated a softmatch for when Apache Stronghold does not present a version string.
Tweaked version detection for IdeaWebServer httpd to work against 302s and various
response configurations. Added matchline to grab X-Powered-By.
Added detection for IdeaPop3Server, IdeaSMTPServer, IdeaImapServer
Consolidated BIG-IP http / http-proxy related matchlines in a http-proxy matchline
that takes into account various responses (302,404, etc). Changed all instances
of the name to be "BIG-IP" in order to be consistent with F5's documentation.
The consolidated matchline is in the HTTP Options probe section as it appears to
be the most likely to generate a response from various versions of the platform.
Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
It's a softmatch as it would match lines like
Server: Apache Tomcat 1.2.3 (blah blah blah)
