PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 22:21:29 +00:00
Code Issues Projects Releases Wiki Activity
6,102 Commits 2 Branches 0 Tags
f181470fac0f70e64b077bb87ac75f4d002cde9c
Commit Graph

265 Commits

Author SHA1 Message Date
patrik
dd32e88b66 o [NSE] Added brute scripts rlogin-brute and rexec-brute for the rlogin and 
rexec services [Patrik]
 2011-11-04 21:17:33 +00:00
patrik
fee0ddb527 o [NSE] Added broadcast-rip-discover which gets RIPv2 routers and their routing 
information by querying the multicast address [Patrik]
 2011-11-02 10:23:50 +00:00
patrik
ad28a527dc o [NSE] Added dns-zeustracker, which checks whether an IP is part of the Zeus 
botnet. [Mikael Keri]
 2011-10-31 18:11:54 +00:00
david
57fc9a5545 Add ipv6-node-info. 2011-10-29 19:40:21 +00:00
patrik
05187ede6f o [NSE] Added the script irc-brute that performs password guessing against 
password protected IRC servers. [Patrik]
 2011-10-26 21:55:35 +00:00
patrik
1ab0544ab8 o [NSE] Added the script nessus-brute that performs password guessing against 
Nessus using the NTP 1.2 protocol. [Patrik]
 2011-10-26 21:45:33 +00:00
patrik
0270368e69 o [NSE] Added the scripts rtsp-url-brute, rtsp-methods and the supporting rtsp 
library. The scripts check the supported RTSP methods and attempt to brute
  force valid RTSP urls. [Patrik]
 2011-10-26 21:36:37 +00:00
patrik
c9888b6596 o [NSE] Added the http-robtex-reverse-ip script that uses the Robtex service to 
perform a reverse lookup in order to discover all names associated with the
  IP. [riemann]
 2011-10-26 20:52:56 +00:00
patrik
c055b316b0 o [NSE] Updated script.db to correct some of the category changes made 
previously and to remove the accidental addition of non-existing snmp-brute2
  script. [Patrik]
 2011-10-26 20:40:54 +00:00
patrik
b640b1f312 o [NSE] Added a new script krb5-enum-users.nse that performs user enumeration 
against Kerberos. [Patrik]
 2011-10-20 02:49:00 +00:00
patrik
005322c8d4 o [NSE] Added a new script http-put.nse that allows uploading of local files 
to remote web servers using the HTTP PUT method. Added HTTP PUT support to
  the http library. [Patrik]
 2011-10-20 02:32:51 +00:00
david
9b73f3742c Put ms-sql-dump-hashes in "auth". 2011-10-11 20:36:12 +00:00
patrik
46f499d78f o [NSE] Added ms-sql-dump-hashes, a script that dumps the MS SQL hashes in a 
format suitable for offline cracking. [Patrik]
 2011-10-11 06:03:45 +00:00
david
9c30eef1dc Add bitcoinrpc-info by Toni Ruottu. 2011-10-07 23:49:43 +00:00
david
4e912295b1 Add http-cors.nse by Toni Ruottu. 2011-10-04 06:22:27 +00:00
david
9fd21a9342 Put ganglia-info in {"default", "discovery", "safe"} (was {"discovery"}). 2011-10-04 05:45:56 +00:00
david
c077cf781a Add ganglia-info.nse by Brendan Coles. 2011-10-04 05:45:54 +00:00
david
dd2a2677c5 Add tftp-enum.nse by Alexander Rudakov. 2011-10-03 22:17:57 +00:00
david
90d28b0743 Add openlookup-info.nse from Toni Ruottu. 2011-10-03 21:35:30 +00:00
david
859dd32a91 Add amqp-info.nse to "version". 2011-10-03 18:04:19 +00:00
david
43180f6154 Add amqp-info by Sebastian Dragomir. 2011-10-03 18:04:18 +00:00
fyodor
c9d610ccea Create a new brute category for brute forcing scripts, move the *-brute scripts from auth category to brute. document it. I don't know what to do with dns-brute so I left it alone (it wasn't in auth category either) 2011-09-30 06:18:55 +00:00
fyodor
d749de55b1 renamed http-wp-enum and http-wp-plugins to http-wordpress-* for consistency with the naming of http-wordpress-brute 2011-09-30 05:49:53 +00:00
david
c41f53b3b1 --script-updatedb 2011-09-26 20:56:46 +00:00
david
a48b91852c Add version detection to quake3-info.nse, from Toni Ruottu. 2011-09-26 20:56:45 +00:00
david
423beece60 o [NSE] Added quake3-info.nse by Toni Ruottu. This script gets 
information about games and settings for a Quake 3 (or derived game)
  server.
 2011-09-21 22:49:59 +00:00
tomsellers
1c92c03401 Add a few scripts to the "broadcast" script category based on traffic behavior. 2011-09-11 11:58:18 +00:00
fyodor
8b88d901a9 Remove 3 vuln scripts from default category as discussed at http://seclists.org/nmap-dev/2011/q3/732 2011-09-07 20:40:51 +00:00
henri
f2ff9bb728 Added xmpp-info.nse as a replacement for xmpp.nse (script from Vasily Kulikov). 2011-09-04 19:18:22 +00:00
david
113ef12106 Add IPv6 multicast host discovery scripts from Weilin. 2011-09-02 04:11:00 +00:00
henri
afc3d2059c Added http-vuln-cve2011-3192.nse from Duarte Silva. 2011-08-29 21:42:57 +00:00
fyodor
71a3724543 We don't currently have a brute category. I'm not at all against having one though. So if someone wishes to create one, just be sure you put all the *-brute scripts in it 2011-08-25 02:57:17 +00:00
gorjan
b12bb4fba2 Adding address-info.nse, which shows extra information about IP addresses. 2011-08-23 10:36:16 +00:00
paulino
b99a8bbd99 Adds http-awstatstotals-exec, http-joomla-brute, http-wordpress-brute and http-wp-enum. 2011-08-23 06:29:12 +00:00
paulino
172bf91228 Adds http-waf-detect: 
Determines if a web server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or WAF (Web Application Firewall) by probing the web server with malicious payloads and detecting changes in the response code and body.
 2011-08-15 21:38:58 +00:00
patrik
a1d515e548 o [NSE] Added script broadcast-listener that attempts to discover hosts by 
passively listening to the network. It does so by decoding ethernet and IP
  broadcast and multicast messages. [Patrik]
 2011-08-10 16:46:55 +00:00
patrik
89d1f3b8d3 o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs 
brute force password auditing against XMPP (Jabber) servers. [Patrik]
 2011-07-26 06:54:19 +00:00
fyodor
c2c163b856 The *-brute scripts traditionally go in the auth category rather than brute. I think this was an accident, but creating a brute category might not be a bad idea 2011-07-26 01:06:42 +00:00
djalal
950e435921 o [NSE] Make smb-security-mode run by default. 2011-07-25 21:40:31 +00:00
paulino
d4054187e4 Adds http-axis2-dir-traversal: 
http-axis2-dir-traversal exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter <code>xsd</code> (OSVDB-59001). By default it will try to retrieve the configuration file of the Axis2 service <code>'/conf/axis2.xml'</code> using the path <code>'/axis2/services/'</code> to return the username and password of the admin account.
 2011-07-24 21:10:04 +00:00
paulino
c43e0bb970 Added http-litespeed-sourcecode-download: 
http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).

If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
* <code>/index.php\00.txt</code>

References:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
* http://www.exploit-db.com/exploits/13850/
 2011-07-24 20:13:42 +00:00
patrik
cbf959aecc o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover 
message to the broadcast address and collects and reports the network
  information received from the DHCP server. [Patrik]
 2011-07-21 11:56:15 +00:00
patrik
ee7e069e63 o [NSE] Added the script smtp-brute that performs brute force password 
auditing against SMTP servers. [Patrik]

o [NSE] Updated SMTP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:16:20 +00:00
patrik
0453f89779 o [NSE] Added the script imap-brute that performs brute force password 
auditing against IMAP servers. [Patrik]

o [NSE] Updated IMAP library to support authentication using both plain-text
  and the SASL library. [Patrik]
 2011-07-21 06:14:02 +00:00
patrik
c3f94727ad o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs 
library. The cvs-brute-repository script allows for guessing possible
  repository names needed in order to perform password guessing using the
  cvs-brute.nse script. [Patrik]
 2011-07-21 06:01:19 +00:00
fyodor
4c03e43d2f Fix a typo in category name 2011-07-21 05:12:33 +00:00
djalal
2c7cad079b o [NSE] Added smtp-vuln-cve2011-1764 script, which checks the Exim DKIM 
Format String vulnerability (CVE-2011-1764).
 2011-07-18 10:21:01 +00:00
djalal
cc062e2e1e o [NSE] Remove the mac-geolocation script entries since the it was deleted. 
- Update the script.db file.
  - Add the script name to the 'OLD_SCRIPT_NAMES' variable in the Makefile.in file.
 2011-07-18 09:58:50 +00:00
djalal
30bd1681b0 o [NSE] Made the following scripts in the default category: 
giop-info.nse
  vnc-info.nse
  ncp-serverinfo.nse
  afp-serverinfo.nse
 2011-07-18 09:50:18 +00:00
gorjan
9b7d310355 Adding the broadcast-ping script. 2011-07-13 09:38:40 +00:00