PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity
4,272 Commits 2 Branches 0 Tags
e8aab6daacb4ba3c807d740106a01326c70a63d8
Commit Graph

644 Commits

Author SHA1 Message Date
david
7d0c08a097 Brief copyediting of NSEDoc for modules. 2010-07-12 19:42:43 +00:00
david
1ff1a4f892 First-pass copyediting on the remaining scripts. 2010-07-12 17:19:26 +00:00
david
4cdc50e95d Do copyediting of NSEDoc up through pgsql-brute. 2010-07-12 06:21:03 +00:00
david
b9633ed69b Do copyediting of NSEDoc. This is a first pass up to ms-sql-xp-cmdshell. 2010-07-09 23:32:18 +00:00
david
0e7f78bcd0 Break off a comment in afp-brute.nse so it doesn't appear as part of the 
@output.
 2010-07-09 17:48:10 +00:00
djalal
98cf1dd7c4 Remove nfs-acls and nfs-dirlist scripts, all their features are supported by nfs-ls.nse script. 2010-07-06 00:56:41 +00:00
djalal
53b2b629dc Merge r18534:r18591 from nmap-exp/djalal/nse-nfs/ 2010-07-06 00:29:54 +00:00
david
5c85f224c0 Accuracy and speed improvements to irc-unrealircd-backdoor.nse. The main 
problem was that the timer was including the time taken by the server to
do reverse-DNS resolution and an ident lookup, before it handled the
magic "AB" sleep command. So if a server took 10 seconds to time out the
ident lookup, the time recorded would be 10 seconds greater than it
should have been. If the timeout was long enough, as server would be
reported as vulnerable even if not. To compensate for this, the delay
was set high, but false positives were still possible and this slowed
down the script.

First, remove the mutex that allowed only one instance of the script to
run at a time. The mutex was meant to provide more accurate timing, but
it wasn't really needed because scritp parallelism wasn't the cause of
inaccuracy.

Next, make sure the server is done sending its initialization messages
(and hence is done with its timeouts) before sending the magic "AB"
sleep command and starting the timer. This is done by sending an
innocuous TIME command immediately upon connection. This is partly
because comm.tryssl has to send something, and partly because we can
detect when the server has processed the TIME command by looking for a
message like ":hostname 451 TIME :You have not registered". Once this is
done, we start the timer and send the "AB" command. If we haven't gotten
a response to TIME in 60 seconds, go ahead and send the "AB" command
anyway.

Finally, reduce the delay to 8 seconds from 25. The delay only has to be
long enough to overcome any network delay, now that confounding timeouts
have been eliminated. In a test of around 600 hosts, the only times I
recorded were 0, 1, 8, and 9 seconds, so this looks like a good enough
safety margin.
 2010-07-01 00:11:59 +00:00
djalal
72a06a3b5c Merge r18160:18278 from nmap-exp/djalal/nmap-nse/ to fix NSE not honoring the exclude directive bug. 2010-06-29 21:56:59 +00:00
djalal
329d9e3c2b Merge r18144:18422 from nmap-exp/djalal/nse-nfs/scripts 2010-06-29 21:06:07 +00:00
ron
4105ee3379 Initial import of irc-unrealircd-backdoor, used to detect Trojanned UnrealIRCd servers. This script still has reliability problems, due to the method of detection. 2010-06-25 20:05:54 +00:00
david
32c8ee9f1f Fix some NSEDoc. 2010-06-24 17:01:55 +00:00
david
acb92d0494 Add Gutek's modifications to http-passwd.nse that enable it to check for 
boot.ini.
 2010-06-23 02:29:24 +00:00
david
5b4e171444 o [NSE] Added ftp-libopie.nse by Gutek. This script checks for an 
off-by-one stack overflow vulnerability in libopie by giving the FTP
  service an overlong name. See
  http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc for
  details.
 2010-06-21 20:25:11 +00:00
david
c50c7a2c0b o Added http-php-version.nse from Gutek. This script retrieves 
version-specific pages through a couple of magic PHP queries, which
  can identify the PHP version even when a server doesn't advertise
  it.
 2010-06-18 22:12:17 +00:00
patrik
b6744a3b6c Fixes crash when attempting to sort services that have no port. 2010-06-15 18:18:09 +00:00
fyodor
fabe05eae6 Change the term 'stolen from' in comments to 'inspired by', which sounds a little less felonious :) 2010-06-15 08:05:28 +00:00
fyodor
1428a1644b We generally put scripts in either safe or intrusive categories, but not both. So I removed intrusive. I also added discovery, as that seems to fit the ssh-hostkey script 2010-06-15 07:49:45 +00:00
drazen
124b4ef13c Merge from /nmap-exp/drazen/nmap-msrpc. This adds checks for MS06-025 and MS07-029 to smb-check-vulns.nse. 2010-06-14 18:42:54 +00:00
drazen
88a1653d72 Revert r18104. This was a broken merge that still had conflict markers. 2010-06-14 17:32:22 +00:00
drazen
79c14d935c Merged smb-check-vulns from my branch to trunk. 2010-06-14 17:03:15 +00:00
drazen
a99aa3b53b Added a check for the MS07-029 vulnerability within "smb-check-vulns". 
Made some small changes to the function descriptions.
 2010-06-13 02:55:26 +00:00
djalal
2ad517622b Add the nfs-ls script entry to the script.db 2010-06-12 23:53:20 +00:00
djalal
921f052f0b Merge r17766:18060 from /nmap-exp/djalal/nselib and nmap-exp/djalal/scripts contains new scripts nfs-ls.nse and lot of new code to the rpc.lua library to check files type and attributes to marshall/unmarshall file attributes and some new high level functions to manipulate NFS objects. 2010-06-12 23:45:59 +00:00
drazen
48ead20324 Added a NOTUP notification if the target service is down (not started). 2010-06-12 22:13:30 +00:00
drazen
0f4d199b1e Fixed a simple bad gameplay in which I attempt to close 
an already closed SMB session.
 2010-06-12 21:45:16 +00:00
drazen
62c2d97f93 MS06-025: 
-- Finished, tested and merged into smb-check-vulns
	-- msrpc.lua contains the code required to interface with the RASRPC interface
 2010-06-12 19:32:50 +00:00
david
e4162e6771 o [NSE] Added dns-cache-snoop.nse by Eugene Alexeev. This script does 
cache snooping by either sending non-recursive queries or by measuring
  response times.
 2010-06-12 02:25:44 +00:00
fyodor
35a28ea343 canonicalize some license text that differed in whitespace or quote character or line-ending or (in a couple cases) the slightly older wording 2010-06-11 06:54:56 +00:00
fyodor
3ceb44b4f7 Moved some information from the license field of these two scripts to the description field. I felt this was a better place since the URL leads to a description of the service rather than license information 2010-06-11 06:49:15 +00:00
fyodor
46a819b034 changed a URL to use %28 and %29 rather than ( and ) to fix an nsedoc parsing issue noted by Jason DePriest 2010-06-10 05:36:39 +00:00
robert
565d6a524d Improved anonymous ftp detection. Now supports ACCT and has improved parsing of server responses. 2010-06-05 12:37:39 +00:00
kris
3a0aa06db1 Fix a bug in qscan.nse which kept a confidence level of 0.9995 from working; 
Marcin Hoffmann reported the problem.
 2010-06-05 00:46:48 +00:00
jah
722f10670a Some improvements based on a review by David: comments, less convoluted code and 
a silly mistake. Also removed some length checks for Mode 7 implementation 2
data which are no longer used.
 2010-06-04 10:05:32 +00:00
jah
cb879a313f Update script.db with added ntp-monlist.nse 2010-06-03 12:37:05 +00:00
jah
5bdc8cda93 ntp-monlist discovers NTP server, peer and client hosts associated with a 
scanned target by sending NTPv2 Private Mode 'monitor' and 'peers' commands to
the target.
 2010-06-03 12:14:15 +00:00
patrik
e411e35fc6 Fixed a bug that would prevent the rpcinfo script from returning any results 
if the rpc program could not be matched to a name.
 2010-06-01 14:09:58 +00:00
fyodor
fb943a04f6 Move some script description text out of the script output section and into the user summary 2010-05-24 03:21:49 +00:00
jah
e307ee691e IANA have moved the IPv4 and IPv6 assignments tables and slightly altered their 
content.
 2010-05-20 19:17:43 +00:00
patrik
b830a036ad o [NSE] Add new DB2 library and two scripts 
- db2-brute.nse uses the unpwdb library to guess credentials for DB2
  - db2-info.nse re-write of Tom Sellers script to use the new library
  [Patrik]
 2010-05-18 21:11:38 +00:00
david
ee5b14967b Set the port state open when dns-resursion.nse gets a response. This 
patch was sent by Olivier Médoc.
 2010-05-03 15:20:25 +00:00
david
52400c1f88 Normalize indentation in dns-recursion.nse. 2010-05-03 15:16:10 +00:00
david
5291f8586d Updates to smtp-commands.nse from Jason DePriest. 
o [NSE] Improved smtp-commands.nse to work against more mail servers,
  made it take an smtp-commands.domain script argument, and rewrote it
  in the style of other smtp scripts. [Jason DePriest]
 2010-04-29 16:42:11 +00:00
robert
fafbf5c704 Removed a duplicate require for stdnse. 2010-04-25 17:35:54 +00:00
patrik
71ca5cceba o [NSE] Improved error handling and reporting and re-designed communication 
class in RPC library with patch from Djalal Harouni. [Patrik]
 2010-04-22 20:25:38 +00:00
ron
cb60803ad1 Fixed a couple bugs in the smb-* scripts involving undeclared variables. These only cropped up if the guest/anonymous accounts were disabled, which I'd never seen before. 2010-04-18 13:43:27 +00:00
david
3915ed94e4 Remove explicit timelimit checking from ms-sql-brute, pgsql-brute, 
mysql-brute, ldap-brute, and afp-brute. The unpwdb library does this
automatically now.
 2010-04-16 02:11:12 +00:00
david
a6e014d42e Change these script arguments to use stdnse.parse_timespec: 
qscan.delay
dns-fuzz.timelimit
mssql.timelimit
A side effect is that the default units for qscan.delay are seconds, not
milliseconds. 0 is now the magic value to disable the time limit in
dns-fuzz.
 2010-04-13 23:09:23 +00:00
kris
f51f1b0154 Add "username" and "password" script args to ftp-bounce.nse 
It has scoped args in the straight form of "ftp-bounce.<arg>" which is
apparently how this works now (at least what other scripts seem to use) instead
of using actual subtables like in http://seclists.org/nmap-dev/2008/q2/567
 2010-04-13 05:13:49 +00:00
david
a34a91f9c5 Add an @output section to auth-spoof.nse contributed by Brandon Enright. 2010-04-13 02:36:56 +00:00