PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-23 07:59:03 +00:00
Code Issues Projects Releases Wiki Activity
5,629 Commits 2 Branches 0 Tags
e91c17f7a98e26041853173f0b3f487884531fdf
Commit Graph

5629 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
shinnok
e91c17f7a9 Add a new task in my TODO file and note a completed one. 2011-07-13 17:55:24 +00:00
gorjan
9b7d310355 Adding the broadcast-ping script. 2011-07-13 09:38:40 +00:00
gorjan
70b09c9598 Small fix: missed an 'end' 2011-07-13 09:34:19 +00:00
gorjan
c08ca750fa Added default values for the index and length parameters if no value is supplied in the Packet:raw(index,length) function of the nselib/packet.lua library 2011-07-13 09:27:54 +00:00
gorjan
5f3b402cf7 Putting back the old snmp-brute untill I'm finished writing the new one 2011-07-12 23:25:57 +00:00
patrik
aadac7c8d5 * Fixed a bug in the brute library prevented additional passwords from 
being found if run in passonly mode.

* Fixed a bug in the brute library preventing detection of duplicate
  credential entries requested from the iterator.
 2011-07-12 21:23:12 +00:00
patrik
23d2e0d31f o [NSE] Applied patch from Chris Woodbury that adds the following additional 
information to the output of smb-os-discovery:
  + Forest name
  + FQDN
  + NetBIOS computer name
  + NetBIOS domain name
 2011-07-12 06:08:43 +00:00
colin
575c954a12 Updated changelog to reflect changes in ncat r24839 due to merge from nmap-exp/colin/dual_listen 2011-07-12 01:21:37 +00:00
gorjan
59b7ac706a Removed unnecesary variable from l_list_interfaces() in nse_nmaplib.cc 2011-07-11 22:16:05 +00:00
djalal
dbe7a27698 o [NSE] Updated the categories of the following scripts: 
irc-unrealircd-backdoor.nse
  iscsi-info.nse
  wdb-version.nse
  ftp-proftpd-backdoor.nse
  ssl-cert.nse
  ftp-vsftpd-backdoor.nse
  afp-path-vuln.nse
  targets-sniffer.nse
  broadcast-ms-sql-discover.nse
 2011-07-11 22:03:17 +00:00
djalal
bd78274b20 o [NSE] Updated ftp-vsftpd-backdoor documentation since CVE-2011-2523 was just 
assigned to this backdoor.
  Added a final 'exit' command to terminate the remote '/bin/sh', however I don't
  think that this is necessary since the backdoor was very simple: it did not
  fork(), and closing the stdin of the '/bin/sh' will terminate it.
 2011-07-11 19:28:02 +00:00
djalal
c098d5e679 Simplify returned message when ProFTPD is not vulnerable. 2011-07-11 17:10:05 +00:00
djalal
36b535eba2 Removed an extra unused string.format argument :) 2011-07-11 15:33:52 +00:00
luis
66638df069 Note a little bug that I discovered when running nping's test script 2011-07-11 10:35:35 +00:00
paulino
b291f28e62 Added new entries for awstats totals under 'general' 2011-07-11 07:48:16 +00:00
gorjan
25f00f01ec Another possible fix for the NSEDoc arguments in the brute.lua library 2011-07-10 16:20:49 +00:00
patrik
4de3601473 o [NSE] Added script db2-discover into the default category [Patrik Karlsson] 2011-07-10 08:04:52 +00:00
patrik
1feb1bd582 o [NSE] Split script db2-discover into two scripts, adding a new 
broadcast-db2-discover script. This script attempts to discover DB2
  database servers through broadcast requests. [Patrik Karlsson]
 2011-07-10 08:01:26 +00:00
paulino
248b53abfa Adds entries under 'attack' for: 
-OrangeHRM: http://www.exploit-db.com/exploits/17212/
-Tikiwiki: http://www.exploit-db.com/exploits/1244/
 2011-07-09 20:44:22 +00:00
paulino
0528868eb9 Includes new fingerprints for Joomla submitted by Hani, moves drupal signatures to the cms section and adds new ones for Cisco, Airaya and Cirronet routers 2011-07-09 20:29:11 +00:00
paulino
1d150dd875 Fix to use stdnse.get_script_args() instead of getting the arguments from the registry. 2011-07-09 19:59:13 +00:00
patrik
5c43a48121 applied patch to json library from Daniel Miller adding the functions 
make_array and make_object:
http://seclists.org/nmap-dev/2011/q3/15

These functions add support for treating Lua tables as JSON arrays or objects.
 2011-07-09 19:49:05 +00:00
henri
5de4bf5793 Don't add a blank line at the top of the report. Other scripts don't. 2011-07-09 16:39:12 +00:00
fyodor
9c0ed2add3 note that I updated the CHANGELOG and we made the dev release 2011-07-09 00:51:57 +00:00
paulino
52b7dbac5e Updates script.db to include http-google-malware: 2011-07-08 23:45:49 +00:00
paulino
458504c1ab Adds http-google-malware: 
description = [[
http-google-malware checks if hosts are on Google's blacklist of suspected malware and phishing servers. These lists are constantly updated and are part of Google's Safe Browsing service.

To do this the script queries the Google's Safe Browsing service and you need to have your own API key to access Google's Safe Browsing Lookup services. Sign up for yours at http://code.google.com/apis/safebrowsing/key_signup.html

* To learn more about Google's Safe Browsing:
http://code.google.com/apis/safebrowsing/

* To register and get your personal API key: 
http://code.google.com/apis/safebrowsing/key_signup.html
]]

---
-- @usage
-- nmap -p80 --script http-google-malware <host>
--
-- @output
-- PORT   STATE SERVICE
-- 80/tcp open  http
-- |_http-google-malware.nse: Host is known for distributing malware.
--
-- @args http-google-malware.url URL to check. Default: <code>http/https</code>://<code>host</code> 
-- @args http-google-malware.api API key for Google's Safe Browsing Lookup service
---
 2011-07-08 18:45:49 +00:00
paulino
84a4bb2506 Added signature of a Cisco router 2011-07-08 18:44:23 +00:00
paulino
7c75967507 Quits iterating over probes when a valid login for that application has been found. If we don't quit we get the same valid credentials in different paths. 2011-07-08 18:43:51 +00:00
david
f3e5a3f113 Add an enclosing host element in XML output for timed-out hosts. 
The lack of this was noticed by Rémi Mollon.
 2011-07-08 17:08:53 +00:00
gorjan
4ca48ea450 FIX: Added require 'creds' where it was missing; Mostly where creds.State.<some_state> was used. 2011-07-07 16:22:57 +00:00
patrik
880f927fc0 fixed a statistic bug, cleaned up some code 
fixed a setMode bug that wouldn't accept mode 'creds'
changed the creds iterator to take a file handle instead of a table
[Patrik]
 2011-07-07 09:58:54 +00:00
fyodor
c2ff573967 In r23085 (part of the silent require change), the require for ssh2 was accidentally deleted and that broke the script. Restored. 2011-07-07 08:15:08 +00:00
gorjan
04b4baa747 Missing require('creds') 2011-07-06 21:58:16 +00:00
gorjan
519d93da6d Fix for the NSEDoc missing @args 2011-07-06 20:19:20 +00:00
djalal
a3c15ce071 Force the ProFTPD banner check. 2011-07-06 15:12:03 +00:00
patrik
7059623d3a Fixed a bug, reported by Toni Ruottu, for retrieving command line credentials 
for services detected by port and where the service was not identified.
[Patrik]
 2011-07-06 13:11:59 +00:00
patrik
3a3ae7ede1 Added command line support to the creds library 
Changed getCredentials to allow a bitmask filter
Changed getCredentials to return an iterator instead of a table
Modified the brute library to support the changes
[Patrik]
 2011-07-06 12:16:43 +00:00
batrick
b209bfbdfe removed dead code 2011-07-05 18:37:09 +00:00
djalal
cd430fcc9a Update my TODO file. 2011-07-05 16:56:37 +00:00
djalal
bc6155de59 o [NSE] Added a message to let the users know if the backdoor was already triggered. 2011-07-05 16:09:39 +00:00
djalal
e7d45910d9 o [NSE] Clean indentation and make some variables local. 2011-07-05 16:01:03 +00:00
djalal
21abe501ea o [NSE] Added a special function to check if the vsFTPd was backdoored. 
Added a first check to see if the backdoor was already triggered.
  Cleaned the script.
 2011-07-05 15:55:16 +00:00
luis
2324cc4191 Note a couple of bugs that I've found 2011-07-05 10:56:53 +00:00
djalal
ac07e4b3eb o [NSE] Added the ftp-vuln-cve2010-4221 CHANGELOG entry. 2011-07-05 10:13:00 +00:00
djalal
7b0b7c3370 Added the ftp-vsftpd-backdoor entry to the script.db file. 2011-07-05 09:19:59 +00:00
henri
7e1e29ac4f Added ftp-vsftpd-backdoor, which detects a backdoor that was introduced 
into vsftpd-2.3.4 source code distributions. [Daniel Miller]
 2011-07-05 07:16:55 +00:00
paulino
7b83ec9370 TODO update 
Accomplishments:
* Added 117 new signatures to http-enum for a new total of 223! These new signatures are all from vulnerable web applications taken from exploit-db.com's archives from July 1 2009 until May 30 2011. I only checked advisories with more than 300 views to focus on the most popular apps and also did a quick Google search to make sure there are enough installations out there.
* Researched about malware detection methods in HTTP servers.
* Submitted http-default-accounts.nse to nmap-dev
* Fixed a bug in http.lua. The argument 'http.pipeline' was not being read correctly.
* Submitted http-unsafe-host.nse to nmap-dev
* Added more signatures to http-default-accounts
* Submitted http-wp-enum to nmap-dev

Priorities:
* Work on more NSE scripts
* Polish documentation in all my scripts
* Add more signatures to http-default-accounts
 2011-07-05 03:51:39 +00:00
gorjan
abf2a20866 Adding the NSE nmap.list_interfaces() function that lists all interfaces available to Nmap. 2011-07-05 00:01:35 +00:00
shinnok
2a0c839986 Update status on a bunch of tasks in my TODO file. 2011-07-04 21:41:47 +00:00
paulino
4348f6fa07 Adds fingerprints for Drupal and Arris 2307 2011-07-04 21:34:08 +00:00