PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity
8,706 Commits 2 Branches 0 Tags
eaf171e7bd85a7da623b9ddb4f24f1a61e23ead6
Commit Graph

158 Commits

Author SHA1 Message Date
jah
eaf171e7bd Add missing argument 'HEAD' to the example pipeline_add call in the library 
documentation.  Change to uppercase method names in the documentation for
pipeline_add.
 2013-11-03 22:56:04 +00:00
jah
78dc01d0e0 Remove some trailing whitespace. 2013-11-03 22:47:28 +00:00
jah
1237013fb0 Make a few minor whitespace changes. 2013-11-03 22:22:23 +00:00
sophron
8477e0586a [NSE] Updated parse_form function to support double quotes and return more attributes. 2013-08-16 20:04:12 +00:00
sophron
23457a77c0 Modifies the cookie header assembling logic to make it more compliant with RFC 6265, Section 4.2.1, which does not allow the trailing semicolon. Patch by nnposter. 2013-08-10 23:09:16 +00:00
sophron
4b8ed158cf Modifies interpretation of the cookie path in nselib/http.lua to make it more compliant with RFC 6265, Section 5.1.4. Patch by nnposter. 2013-08-10 23:02:40 +00:00
david
1ebb9bfe20 Don't include a port number in the Host header. 
We never intend to ask for a service on a port other than the one we
connect to. By my reading of RFC 2616 section 14.23, we can leave the
port number off in this case. Robin Wood reported that
https://twitter.com/ gives you a redirect instead of a page if you send
it
	Host: twitter.com:443
rather than
	Host: twitter.com

http://seclists.org/nmap-dev/2013/q1/267
 2013-03-02 01:05:32 +00:00
david
842f9e6804 Revert "Lower-case scheme comparisons." 
Handle it at the url.parse level.
 2013-02-07 23:43:50 +00:00
david
5273567981 Lower-case scheme comparisons. 
I'm seeing redirects to "HTTP://example.com/".
 2013-02-07 23:37:48 +00:00
david
9434dd7d2f parse_redirect: fill in port number even if authority but not scheme is present. 
For example "//example.com/en/": the function needs to return with
u.port set, just as it would with "http://example.com/en/".
 2013-02-07 23:12:41 +00:00
david
4cdb5301dd 300 and 303 are also HTTP redirects. 2013-02-07 22:28:10 +00:00
david
7c7ffdb756 Typo. 2013-02-02 01:41:50 +00:00
patrik
13411ab6d1 Fixed a bunch of errors related to inproper responses from webservers. 2012-08-31 15:17:14 +00:00
aca
fd32aec639 Merged http-slowloris-check 2012-08-24 09:19:30 +00:00
perdo
7781d39cdf Textarea's name should not be lowercased. 2012-08-05 22:39:05 +00:00
perdo
ba049718b0 Add digest auth support to http-brute (and to http library). Also fix whitespace in sasl.lua. 2012-08-05 22:23:54 +00:00
patrik
6f43ac38b2 SSL overhaul fixing OpenSSL related problems when SSL has not been compiled in 
* replace require function calls with stndse.silent_require
* fixed a bug in nse_main that would fail creating scripts.db when a script
  fails to load
* reworked some code to provide limited functionality even though SSL is not
  present
 2012-08-05 12:05:07 +00:00
henri
d0e684735a Typo (identfy_404 -> identify_404). 2012-08-01 07:53:16 +00:00
perdo
8025ba5a5a Added some checks for http response's body being nil. 2012-07-23 22:47:11 +00:00
perdo
612ca59323 Modify pipelining implementation a bit, allow a user to specify size of the pipeline, fix some debugging messages. 2012-07-23 21:58:40 +00:00
perdo
614077f122 Functions from http library that make requests now always return a table. 2012-07-09 10:18:29 +00:00
paulino
469e6ca5ca Fixes crash when using identify_404() that happened when the status response changes in the second or third request and the return value is the string "<unknown>". 
Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d.
 2012-07-04 20:21:08 +00:00
fyodor
288a4dc4ad suggest http.max-cache-size argument for consistency rather than http-max-cache-size (both work) 2012-07-03 19:48:23 +00:00
patrik
709fce67b1 Applied patches from Dan Miller to fix bugs in http and sslcert libraries; 
http://seclists.org/nmap-dev/2012/q2/696
 2012-06-15 10:07:32 +00:00
patrik
b96ffc0e14 fixed a global variable in http.lua 2012-06-11 21:02:41 +00:00
perdo
106c529dd6 While extracting forms from websites, field names are no longer converted to lowercase (the error was reported by Paulino). 2012-06-11 09:41:58 +00:00
perdo
8a049498d3 Added html forms 'parsing' routines to http.lua 2012-06-10 23:01:29 +00:00
patrik
55572542ef Fix for bug in cookie parsing code reported by Ron Bowes; 
http.lua:757: attempt to perform arithmetic on local 'pos' (a nil value)
 2012-06-07 16:06:58 +00:00
david
aa6717eb1f Lua 5.2 fixed from Daniel Miller. 
http://seclists.org/nmap-dev/2012/q2/525
 2012-05-29 20:11:39 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
batrick
b2f3139284 remove unnecessary escape 2012-03-30 03:14:31 +00:00
patrik
1d2c5cb735 Added additional http redirect documentation to the http library 2012-03-15 06:30:06 +00:00
david
d7f56c9f4c Typo. 2012-03-03 05:57:24 +00:00
patrik
fccccff960 * bugfixes to several http scripts related to new redirect code in http 
library
* added option to httpspider that allows passing the redirect_ok closure to
  the http library
[Patrik]
 2012-02-11 22:37:14 +00:00
patrik
e8dad669ef Fixed bug in redirection code reported by David. The redirect_ok function 
would fail validating a location if the port passed to http.get or http.head
was a number and not a table. [Patrik]
 2012-02-11 17:50:48 +00:00
patrik
48423a8a88 o [NSE] Added redirect support to the http library. All calls to http.get and 
http.head now transparently handle any HTTP redirects. [Patrik]
 2012-02-11 13:37:40 +00:00
henri
78a606b0b7 Fixed typo in comments: 
* respones -> responses
 2012-01-19 22:23:44 +00:00
henri
6f95d9fabe Fixed typos in comments: 
* Thse -> These
  * retunred -> returned
  * pipeling -> pipelining
 2012-01-19 22:22:10 +00:00
patrik
f93b31373a o [NSE] Fixed bug in the http library that would fail parsing authentication 
headers if no parameters were present. [Patrik]
 2011-12-19 18:35:32 +00:00
patrik
34db78528a o [NSE] Added support for detecting whether a http connection was established 
using SSL or not by the http.lua library [Patrik]
 2011-12-06 22:24:58 +00:00
patrik
b66a4849c4 o [NSE] Modified the http library to support servers that don't return valid 
chunked encoded data, such as the Citrix XML service. [Patrik]
 2011-11-07 06:04:13 +00:00
patrik
005322c8d4 o [NSE] Added a new script http-put.nse that allows uploading of local files 
to remote web servers using the HTTP PUT method. Added HTTP PUT support to
  the http library. [Patrik]
 2011-10-20 02:32:51 +00:00
paulino
8215c3420f Fixes the way of creating the request line by changing string.format for regular string concatenation to allow null bytes in the requests. 2011-07-15 23:48:00 +00:00
paulino
47a338c85a * Adds note about a desired feature: cache system for http pipelines 
* Adds note about the new signatures added to http-enum
 2011-07-01 20:45:28 +00:00
paulino
390eb9e4ab * Fixes bug when parsing script-args. The script was only using the value from the argument 'pipeline' but not from 'http-enum.pipeline'. 
* Makes clean_404 a public function. This function is used in the NSE script http-waf-detect to remove text that changes.
 2011-07-01 20:34:01 +00:00
batrick
4444071f03 use # length operator instead of string.len (canonicalize) 
Used this perl command:

$ # perl -pi -e 's/string\.len\((.*?)\)/#\1/g' *.lua

Also fixed one instance where the above command didn't correctly
translate the intended code (string.len(a .. b .. c)).
 2011-05-11 15:08:55 +00:00
patrik
b844caa6cd Changed the way cookie table fields are created in http.lua. This change 
ensures that attribute names are always treated as lower case. [Patrik]
 2011-03-15 21:42:49 +00:00
david
61543b681e Fix to http.validate_options from Sebastian Prengel: The cookies table 
was being iterated over incorrectly.

Also from Sebastian: add "expires" to the list of handled keys in
validate_options.
 2011-02-24 20:16:06 +00:00
batrick
47e6012b15 remove old commented code 2010-12-08 14:19:08 +00:00
patrik
e26eef6533 fixed typo intead -> instead [Patrik] 2010-11-05 10:10:36 +00:00