PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-20 14:39:02 +00:00
Code Issues Projects Releases Wiki Activity
6,102 Commits 2 Branches 0 Tags
f181470fac0f70e64b077bb87ac75f4d002cde9c
Commit Graph

6102 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
fyodor
a1fba2c7e0 Move up the priority of a task about fixing option ordering requirements. People shouldn't have to worry about things like making sure -6 always comes before -A. To move it up, I had to detach it from a cluster of feature creeper tasks though, so at least I added a note to it that it is a potential FC tasks. 2011-06-30 01:15:40 +00:00
fyodor
d6ec64ec2c Add an Ncat-portable-related task 2011-06-29 23:49:07 +00:00
shinnok
a1e9bf6683 Add Ncat Portable to CHANGELOG. 2011-06-29 15:03:19 +00:00
fyodor
130e417be9 fix a small nsedoc typo noted by Henri Doreau 2011-06-29 09:05:03 +00:00
fyodor
5ed369d576 Update nmap-mac-prefixes to the latest data as of 2011-06-29 2011-06-29 08:33:42 +00:00
fyodor
a5bfcedda3 Add an idea we talked about in the NSE meeting yesterday 2011-06-29 08:18:13 +00:00
fyodor
009f3fb2e4 Just added a missing period 2011-06-29 06:24:17 +00:00
david
9087668916 Add new OS fingerprint for scanme. 
Shows apparent new Linux TCP windows.
 2011-06-29 04:47:02 +00:00
fyodor
9a2b80c34d Remove ip-geolocation-quova -- it include an API key which apparently required agreeing to the Quova terms of service to obtain (http://developer.quova.com/apps/tos). And those seem to pretty clearly ban this sort of use. So we can only use this script if we get permission from Quova (best option), or we make it so that user is required to pass a key as nsearg 2011-06-29 03:34:47 +00:00
fyodor
53b61dac59 Added a TODO entry with summaries of all 41 (wow!) new NSE scripts! 2011-06-29 01:46:00 +00:00
david
07d1df5d59 Update ca-bundle.crt CHANGELOG entry. 2011-06-29 01:36:58 +00:00
fyodor
a683b6ae69 just added a word to the description 2011-06-29 01:36:34 +00:00
fyodor
511adcb497 Move the brief summary of both vulns into the summary sentence so people see them at a glance from the nsedoc script lists 2011-06-29 01:34:24 +00:00
fyodor
536e00ea42 Went through all the new (since 5.51) scripts and improved (I hope) the nsedoc descriptions a bit and made some other very minor cleanups 2011-06-29 01:29:14 +00:00
paulino
651197768b Adds http-barracuda-dir-traversal - 
Attempts to retrieve the configuration settings from the MySQL database 
dump on a Barracuda Networks Spam & Virus Firewall device using the 
directory traversal vulnerability in the "locale" parameter of 
"/cgi-mod/view_help.cgi" or "/cgi-bin/view_help.cgi".

The web administration interface runs on port 8000 by default.

Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval
Original exploit by ShadowHatesYou <Shadow@SquatThis.net>
For more information, see:
http://seclists.org/fulldisclosure/2010/Oct/119
http://www.exploit-db.com/exploits/15130/
 2011-06-28 23:43:34 +00:00
fyodor
832d1e91fa Update version number for next release (5.59BETA1) 2011-06-28 22:19:31 +00:00
david
21cbe8ffba Use a big enough buffer in traceND. Same as r24365 in 
/nmap-exp/weiling/nmap-nd.
 2011-06-28 21:58:54 +00:00
fyodor
4b67955fd8 Minor CHANGELOG modifications, mostly just moving new NSE scripts together in one place 2011-06-28 08:29:15 +00:00
david
f5fe8fb6e9 Use the proper length in get_srcaddr, not sizeof(sockaddr_in6). 
This was a bug in r24413. The size needs to vary with the address family
on some platforms including OS X. This was noticed by Chris Clements.
 2011-06-28 00:35:01 +00:00
djalal
b9237eac33 If sending the big body message fails, then just assume that this is 
a network error, we are sending more than 50MB, but check and count
the result of the final "<CRLF>.<CRLF>" message.
 2011-06-27 22:24:13 +00:00
patrik
55da9dc683 added the creds-summary.nse script [Patrik] 2011-06-27 21:21:15 +00:00
patrik
baa404b050 improved documentation and added sample code 
add getCredentials function
[Patrik]
 2011-06-27 21:00:11 +00:00
paulino
bb61584d82 Updated CHANGELOG - Added http-majordomo2-dir-traversal and new version of http-trace 2011-06-27 20:46:36 +00:00
paulino
f2bbb0f9e8 Adds to "vuln" category 2011-06-27 20:40:19 +00:00
paulino
5effe4c770 New version of http-trace. It addresses issues discussed: 
* http://seclists.org/nmap-dev/2010/q2/295
    * http://seclists.org/nmap-dev/2007/q3/327
    * http://seclists.org/nmap-dev/2007/q4/610

    Features:
* This version will always show you if TRACE is enabled (Current http-trace only shows headers that are different from the original response causing confusion in cases where TRACE is not reported as enabled because the host did not return any additional headers)
    * Supports redirects.
 2011-06-27 20:38:59 +00:00
paulino
4f60960b29 Adds http-majordomo2-dir-traversal to the repository. This script exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. 2011-06-27 20:22:25 +00:00
fyodor
67ea9053b3 Note a finished task 2011-06-27 20:08:07 +00:00
david
fd259a2422 Use getsockname to get source addresses. 
This was previously gotten by setting the source address to be the same
of the interface address of the matching route. However this can be
wrong; when making a normal socket connection the source address is
chosen differently. We create a SOCK_DGRAM socket, connect it, and read
the local address with getsockname.
 2011-06-27 18:05:39 +00:00
paulino
4445ed7ed1 UPDATED TODO 2011-06-27 04:39:54 +00:00
paulino
29ff392125 Added new entries under 'general' and 'cms' . Extracted from exploit-db archives so the new software added is known to be vulnerable. 2011-06-27 03:40:22 +00:00
paulino
c8bb5ac526 Added more fingerprints under 'general' 2011-06-26 21:43:25 +00:00
djalal
a1eb090664 Changed the script argument 'smtp-vuln-cve2010-4344.command' to 
'smtp-vuln-cve2010-4344.cmd' for consistency reasons.
 2011-06-26 19:01:09 +00:00
paulino
0c3728edd2 Added more fingerprints under 'cms' and 'general' 2011-06-25 23:24:14 +00:00
shinnok
8def3128b1 Attach revision numbers to completed tasks in my TODO. 2011-06-25 10:59:30 +00:00
shinnok
70bcce0855 Update CHANGELOG with two recent Zenmap fixes. 2011-06-25 10:49:53 +00:00
shinnok
03f052d8a8 Task correction in my TODO. 2011-06-25 10:44:49 +00:00
shinnok
9b20fd3555 Update my TODO file. 2011-06-25 10:34:57 +00:00
david
53f46fd746 Note that bin_ip and bin_ip_src work for IPv6 in scripting.xml. 2011-06-25 02:28:01 +00:00
david
b4cdf40769 Make host.bin_ip and host.bin_ip_src work with IPv6 addresses. 2011-06-25 00:51:52 +00:00
djalal
a33b7331fa Update my todo file. 2011-06-24 22:47:33 +00:00
david
90e4b58806 Add link to Colin's updater report. 2011-06-24 20:25:44 +00:00
djalal
0b7e0b7753 Added the smtp-vuln-cve2010-4344 CHANGELOG entry. 2011-06-24 15:41:59 +00:00
djalal
49774ecf10 o [NSE] Added smtp-vuln-cve2010-4344 script that will check and exploit 
two vulnerabilities in the Exim SMTP Server:
  o CVE-2010-4344: A heap overflow vulnerability.
  o CVE-2010-4345: A privileges escalation vulnerability.
 2011-06-24 15:37:53 +00:00
gorjan
fc2f88e2ed Added the nmap.get_ttl() which returns the TTL (time to live) specified with the --ttl option; 
Added the nmap.get_payload_length() function which returns the value specified with the --data-length option
 2011-06-24 01:03:23 +00:00
shinnok
3240e10bb0 Fix MSVC compiler noreturn related warnings and add extra 
safety asserts to the functions that do not return on all
control paths.
 2011-06-23 23:59:52 +00:00
shinnok
e06012af5a Type conversion safety fixes that remove compiler warnings too. 2011-06-23 20:48:06 +00:00
shinnok
2c164c0a20 Changed "Slow comprehensive scan" profile script selection to include 
all scripts in default category as well as all scripts that are both
in discovery and safe categories.
 2011-06-23 20:36:51 +00:00
shinnok
923e026a9d Update my TODO file after meeting with David. 2011-06-23 19:46:06 +00:00
patrik
af03ca03a2 Removed prerule from script [Patrik] 2011-06-23 11:28:14 +00:00
shinnok
68bdff3e54 Minor cosmetic fix. 2011-06-23 11:14:42 +00:00