PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-10 09:49:05 +00:00
Code Issues Projects Releases Wiki Activity
11,778 Commits 2 Branches 0 Tags
ebf083cb0bfc239a000aea7764cdca42f016affe
Commit Graph

238 Commits

Author SHA1 Message Date
dmiller
ebf083cb0b Fix a crash in http scripts when following redirects 2018-11-27 04:43:16 +00:00
dmiller
0500811f5a Move string utility functions to stringaux.lua 2018-10-18 01:08:19 +00:00
dmiller
dcc0e3ed7e New tableaux library containing table auxiliary functions. 2018-10-17 15:34:30 +00:00
dmiller
0d18bcdbc2 Remove bin.lua calls from some scripts and libraries 2018-08-29 03:06:40 +00:00
dmiller
d84ddbe3fd Remove bit library from a few more libs 2018-08-28 03:52:55 +00:00
dmiller
9c3e676871 Strictly obey URI scheme when available, e.g. no SSL if scheme is http, no plain if https 2018-08-27 15:34:19 +00:00
dmiller
069c76a1de Handle https://example.com:80 and http://example.com:443 cases 
The shortport.ssl check can be expensive (6-second timeout on HTTP
services if you don't use -sV), so we want to avoid it if possible. As
discussed at
b2deb019ed (commitcomment-30289632)
this commit restores the SSL check in cases where it might matter (http
and https default ports) and adds a bypass when the URI scheme is
explicitly requested, as in http.get_url and when following redirects.
 2018-08-26 18:24:43 +00:00
dmiller
b2deb019ed Don't use shortport.ssl to determine Host header. 
The only reason this was used was to determine if port 443 was HTTPS.
Simply dropping the port if it's 80 or 443 yields the same outcome.
Maybe we want to be more clear, but then we'd need to have the caller
pass in the URI scheme, too. This is faster and avoids the new SSL
probes in shortport.ssl.
 2018-08-11 21:23:58 +00:00
dmiller
622c14c115 Some fixes for script crashes due to updated shortport.ssl 2018-07-12 04:14:35 +00:00
dmiller
5318e42481 New script-arg http.host to force a particular Host header. Closes #1251 2018-07-12 03:43:11 +00:00
nnposter
f6790a865e Allows HTTP response status lines without a reason phrase. RFC 7230, 
section 3.1.2, syntactically requires its presence but prescribes that
clients should ignore it regardless. Some real-world servers do not
use it so NSE could not interact with them without this change.
 2018-06-18 20:57:43 +00:00
nnposter
356501dcd0 Converts unit test case definitions from lists to hash tables for better readability 2018-06-18 20:29:21 +00:00
nnposter
23d61f5baa Improves Set-Cookie header parser compliance with RFC 6265 2018-04-25 22:46:35 +00:00
nnposter
90230ed85d Fixes a comment typo 2018-04-01 23:04:47 +00:00
nnposter
59f80c31eb Allows parsing of empty attributes in Set-Cookie header. Fixes #1169 2018-04-01 22:47:25 +00:00
nnposter
089a76952b Improves unit testing for parse_set_cookie (parser for Set-Cookie header) 2018-04-01 22:40:26 +00:00
rewanth
6ee953a5ff Removes trailing spaces in 69 files. Closes #971. 2017-08-23 08:52:40 +00:00
rewanth
c2a9a5bbe3 Removes parse_url from http.lua and makes url.parse more functional. Closes #952. 2017-08-14 20:30:57 +00:00
nnposter
cf56f93d95 Fixes a blank nsedoc line 2017-07-29 01:50:42 +00:00
nnposter
da4d624572 Refreshes the main documentation section for http.lua. Fixes #933 2017-07-29 01:31:33 +00:00
dmiller
9d90970c61 Cache result of identify_404 for each service. 
We already use the web cache, so the requests weren't being sent more
than once in many situations, but since the "random" requests were
generated using a timestamp, they change after 1 second, resulting in
more requests and cache bloat. So instead, we cache the result of the
function call, since that should be stable for the lifetime of the
service. Still using the web cache to avoid multiple requests in a
1-second timespan.
 2017-07-27 18:21:10 +00:00
nnposter
6f1f87d700 Disables default use of persistent connections with HTTP 1.0 targets. Fixes #935 2017-07-22 00:23:10 +00:00
nnposter
7cfccf7399 Adds HTTP protocol version as a new member of the HTTP response table. Closes 934 2017-07-21 23:15:39 +00:00
nnposter
d1e8388b7e Trivial documentation clean-up 2017-07-07 20:11:53 +00:00
nnposter
78486c1b89 Removes potentially confusing comment 2017-07-07 19:19:00 +00:00
vinamra
2c98b309a8 Corrects URL-Redirection in Relative Paths closes #918 2017-06-24 19:04:06 +00:00
nnposter
d478199ada Allows cookies to have unrecognized attributes (see RFC 6265, Section 5.2). Fixes #866 2017-04-29 14:36:46 +00:00
nnposter
0b36ba5cea Allows unquoted cookie values to contain whitespace, as defined in RFC 6265. Fixes #844 2017-04-29 14:05:57 +00:00
dmiller
5953b817ac A couple tests for http.lua; see #844 2017-04-27 17:28:46 +00:00
nnposter
b9aac1d6ba Cleans up inline documentation for the default HTTP redirect behavior. Fixes #831 2017-04-19 18:42:51 +00:00
nnposter
cfa57758ad Changes the redirect rule to return false in case of a missing path. This 
change aligns the code with the corresponding comment. Fixes #830
 2017-04-19 18:39:20 +00:00
nnposter
ab96f9c2e7 Corrects a default HTTP redirect rule for hostname/domain matching. Fixes #829 2017-04-19 18:35:31 +00:00
nnposter
17c37b7e8d Corrects a default HTTP redirect rule: 
A redirect should not be carried out if credentials are embedded in the URL.
Fixes #826
 2017-04-19 18:30:13 +00:00
nnposter
e80976a13a Provides a common function, url.get_default_port(), for obtaining 
the default port number for a given scheme. Fixes #781
 2017-04-19 18:00:36 +00:00
nnposter
af6bbc35bb Changes the port type returned from url.parse() to an actual integer, as 
opposed to a string that represents an integer. Fixes #833, fixes #817.
 2017-04-19 17:02:32 +00:00
nnposter
e4d923f076 Allows the port to be a simple number 2017-04-01 22:33:37 +00:00
nnposter
3a9b4d93af Allows the port to be a simple number 2017-04-01 22:05:36 +00:00
nnposter
11a8c315ed Includes port information in the Host header for non-standard ports. Fixes #766 2017-04-01 14:33:54 +00:00
nnposter
1bdbc2a680 Improves parsing of the HTTP status line. Fixes #772 2017-04-01 14:25:36 +00:00
nnposter
af5f88dd00 Implements a new member, fragment, of the HTTP response body. It contains 
a partially received body (if any) when the overall request fails to complete.
 2017-03-29 15:58:39 +00:00
nnposter
b34eaabb3b Allows the HTTP Set-Cookie parser to handle a trailing semicolon. Fixes #731 2017-03-21 13:46:30 +00:00
nnposter
bbfb5dfed6 Corrects a debug message. Removes confusion about any_af. 2017-03-16 19:36:50 +00:00
nnposter
99fa80851c Preserves targetname for connections requested with option any_af. 
Relocates option any_af to comm.lua to make it more broadly available.
 2017-03-05 15:41:46 +00:00
nnposter
2be31d5f49 Allows processing of HTTP responses with malformed headers. Such header lines are still captured in the rawheader list but skipped otherwise. Closes #573. 2016-10-30 18:40:15 +00:00
nnposter
ec3f6f9ac4 Adds a notice that pipeline_go() may not return all responses. 2016-09-27 18:29:00 +00:00
nnposter
d834d652ac Removes a hint that HTTP pipeline only handles GET requests 2016-09-27 16:05:48 +00:00
nnposter
06a25384b6 Fixes additional stale pipeline_go references 2016-09-27 16:01:39 +00:00
nnposter
88f6ddc596 Corrects handling of empty pipelines, expressed as nil. Fixes #538 2016-09-12 16:14:33 +00:00
dmiller
3c7fe1e452 Remove some unused functions 2016-09-08 13:31:24 +00:00
nnposter
45ba24dfe2 Corrects another stale http.pipeline_go() reference 2016-09-02 14:03:21 +00:00