PenTest/nmap - nmap - Ols Gitea: How about a cup of tea while we code?

mirror of https://github.com/nmap/nmap.git synced 2025-12-14 19:59:02 +00:00

Author	SHA1	Message	Date
batrick	4d131d2217	Fix a pattern mixup. \ --> / found by klaudiu@freenode. I added some short test asserts to confirm the pattern works.	2014-07-07 17:36:17 +00:00
dmiller	9ac14c97df	Fix some globals and name mismatches in telnet-brute	2014-07-07 17:15:13 +00:00
devin	7dbf13ab3e	Modified http-affiliate-id to follow amzn.to tinyurls.	2014-06-30 19:00:14 +00:00
devin	d68396d823	Merged Lpeg branch	2014-06-26 20:12:54 +00:00
claudiu	39def56cde	Fix false positives with SSL/TLS implementations that are not OpenSSL	2014-06-20 10:20:24 +00:00
dmiller	ec9074f718	Correct "it's" to "its" where necessary it's = it is its = belonging to it	2014-06-19 04:58:46 +00:00
dmiller	e69325c0f8	Add s7-info script, for more SCADA/ICS enumeration	2014-06-18 02:53:29 +00:00
dmiller	8f6cd9ccc5	Restore STARTTLS support in ssl-ccs-injection	2014-06-12 12:28:08 +00:00
claudiu	2eaf0f83cc	New script detecting CCS Injection vulnerability in OpenSSL	2014-06-11 13:43:28 +00:00
patrik	0b0109d4af	commit 7dae4affc23f9fd70e916bc461e45eafe4bcf99a Author: Patrik Karlsson <patrik@cqure.net> Date: Thu May 29 21:33:18 2014 -0400 fix to detect non ASA devices and unsupported versions	2014-05-30 01:46:59 +00:00
devin	5e6c9d5f78	NSE enhanced output patch	2014-05-29 03:22:59 +00:00
dmiller	415e2671ab	New NSE script for SCADA/ICS, bacnet-info	2014-05-28 13:54:05 +00:00
devin	53ca0c01dd	Added checks to prevent scripts from indexing a nill value when scanning localhost.	2014-05-28 02:29:31 +00:00
patrik	c950dcb154	Squashed commit of the following: commit a78b6142449b71ccd1cd7061b5363f6882b2e00b Author: Patrik Karlsson <patrik@cqure.net> Date: Sun May 25 21:19:22 2014 -0400 fix indentation commit 5e61eba30f98343fb172687bd377acae6cb9e242 Merge: d446fa7 9696dd5 Author: Patrik Karlsson <patrik@cqure.net> Date: Sun May 25 21:15:50 2014 -0400 Merge branch 'master' into anyconnect commit d446fa76181d97287604b48719dd3f714987b775 Author: Patrik Karlsson <patrik@cqure.net> Date: Sun May 25 21:15:09 2014 -0400 Update CHANGELOG commit 1590b8a8598bfd06c767c31312dc56c8e306c556 Author: Patrik Karlsson <patrik@cqure.net> Date: Sun May 25 21:13:27 2014 -0400 update script.db commit 93eb927e21d3e3702da36668628b70c42f14f0db Author: Patrik Karlsson <patrik@cqure.net> Date: Sun May 25 21:09:51 2014 -0400 update anyconnect library to better capture version add missing libraries http-cisco-anyconnect.nse add new scripts to detect vulnerabilities cve2014-2126 through 2129 commit 92fecad07d340e60abbe502a4541d6e4f71af224 Author: Patrik Karlsson <patrik@cqure.net> Date: Sat May 24 09:09:14 2014 -0400 initial commit	2014-05-26 01:28:38 +00:00
dmiller	ed22166b3f	Add enip-info NSE script for EtherNet/IP A contribution from the folks at Digital Bond (http://www.digitalbond.com/), part of their Redpoint Project (https://github.com/digitalbond/Redpoint/).	2014-05-22 18:25:09 +00:00
dmiller	ba5f207d94	Fix NSEdoc generation problems due to block ordering Reported here: http://seclists.org/nmap-dev/2014/q2/258 Complicated parsing issue, but short version is this: The NSEdoc for scripts must not be followed by a local declaration, or it will not be accepted. Easiest way is to be sure the block with @usage, @output, @args, @xmloutput, etc. comes right before the author line.	2014-05-21 19:06:50 +00:00
dmiller	974b4430e2	Pass dates directly to format_timestamp, avoid timestamp overflow Should fix: http://seclists.org/nmap-dev/2014/q2/184	2014-05-21 15:04:13 +00:00
sophron	2f30c8f9db	[NSE] Corrected file name for framework fingerprints.	2014-05-11 11:35:54 +00:00
robert	3beb66bfaa	Updated script.db to include new and renamed scripts.	2014-05-04 15:49:21 +00:00
robert	02e00968f6	Added Paul Amar's NSE script that exploits a vulnerability in Netgear WNR1000v3 allowing credentials to be obtained. Note, it doesn't currently add the credentials to the creds database.	2014-05-04 15:43:30 +00:00
robert	926f3f7375	Tweaked the disclosure date in http-vuln-cve2012-1823 for consistency with other scripts that make use of the vulnerability library.	2014-05-04 15:13:57 +00:00
robert	32930ef6e6	Renamed the Zimbra LFI script to use the assigned CVE (and updated example output/usage).	2014-05-04 15:11:23 +00:00
robert	17ef614c49	Added Paul Amar's Webmin File Disclosure NSE script (CVE-2006-3392).	2014-05-04 15:00:06 +00:00
sophron	a64a785d79	[NSE] http-passwd should also send the payloads without appending NULL bytes. There are cases, (for example in PHP => 5.3.4) that include functions do not accept paths with NULL in them, hence all of the script's payloads would fail even if the app was vulnerable.	2014-05-02 12:49:40 +00:00
tomsellers	4e572fadb2	Change http-default-accounts.nse from safe to intrusive as it attempts to login to the target.	2014-04-27 12:33:10 +00:00
jah	c4fc2529a8	Update the way queries to ARIN are formed: from "+ <IP>" to "n + <IP>". Update CHANGELOG with recent improvements to whois-ip.nse.	2014-04-21 14:20:36 +00:00
jah	338dca4cff	Add a pattern for a "no match found" type of response from LACNIC.	2014-04-21 14:03:57 +00:00
jah	c47fff6fc2	Fix a problem which happens when a referred-to response cannot be understood, causing an unhandled error.	2014-04-21 13:59:46 +00:00
jah	0623907188	Fix some indentation which went awry in r32677 and r32704 and some which has always been less than ideal.	2014-04-21 13:22:12 +00:00
fyodor	2fb139161f	Update categories of dns-update from discovery and safe to vuln and intrusive	2014-04-19 07:50:38 +00:00
patrik	91e1d21cc1	add nil checks to address bug discovered by Mike http://seclists.org/nmap-dev/2014/q2/120	2014-04-17 01:00:01 +00:00
dmiller	a343ea24cd	Extend ssl-heartbleed to use every TLS cipher, prevent false negatives	2014-04-14 19:42:59 +00:00
patrik	3dbe66e9be	Change heartbeat request size from 0x0fe9 to 0x4000	2014-04-12 21:31:08 +00:00
dmiller	7170837c8b	Add @usage nsedoc to UDP scripts (default is missing -sU in this case)	2014-04-11 16:42:26 +00:00
dmiller	b3b0bf2389	Handle multiple messages in a single record (ssl-heartbleed)	2014-04-10 20:53:14 +00:00
dmiller	353291aeba	Remove hardcoded TLSv1.1 from heartbeat message build	2014-04-10 20:53:12 +00:00
dmiller	3fd18f7752	Use tls.lua functions to build messages in ssl-heartbleed	2014-04-10 15:14:14 +00:00
dmiller	e8d81eb8b4	Alert on missing tls library, better diagnostics for not-vulnerable sites	2014-04-10 15:14:10 +00:00
dmiller	80ea0d5f10	Don't try ssl-heartbleed on protocol mismatch	2014-04-09 21:54:27 +00:00
dmiller	233b1fca71	STARTTLS support for ssl-enum-ciphers	2014-04-09 18:02:01 +00:00
dmiller	c69afa24aa	Enable ssl-heartbleed to connect to STARTTLS services	2014-04-09 17:34:39 +00:00
dmiller	d1a86b7f57	Remove unnecessary pcall and unsupported SSL 3.0 from ssl-heartbleed	2014-04-09 16:49:18 +00:00
patrik	c0078965e9	add TLS 1.0, 1.1 and 1.2 support and some error checking	2014-04-09 16:16:22 +00:00
dmiller	e38d9618a3	Adjust heartbleed payload size to minimum required to trigger	2014-04-09 15:58:09 +00:00
dmiller	cd0ed4ff7f	Expand the binary blobs in ssl-hearbleed to allow tweaking	2014-04-09 14:37:35 +00:00
dmiller	9b93706cf3	Whitespace/indentation fixes for ssl-heartbleed	2014-04-09 13:51:57 +00:00
dmiller	f07e623835	Fix some globals in ssl-heartbleed.nse	2014-04-09 13:51:55 +00:00
patrik	20eb77d6d2	o [NSE] Add ssl-heartbleed script to detect the Heartbleed bug in OpenSSL CVE-2014-0160 [Patrik Karlsson]	2014-04-09 01:49:29 +00:00
dmiller	413bbf6e96	Revert r32789 in favor of lib-level fixes nmap.new_try() shouldn't be used in libraries. It results in Lua errors being thrown that the script can't recover from without resorting to pcall(). It has been replaced in proxy.lua with proper error handling which did not require any changes to the scripts (http-open-proxy and socks-open-proxy) that used it.	2014-04-07 18:10:10 +00:00
dmiller	1332949c3d	Fix bug in socks-open-proxy, TIMEOUT or EOF when SOCKS5 not supported	2014-04-04 21:46:21 +00:00

1 2 3 4 5 ...

2041 Commits