PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-13 11:19:02 +00:00
Code Issues Projects Releases Wiki Activity
2,636 Commits 2 Branches 0 Tags
fec5bbd4a064072d45a403ceda48c8efad046912
Commit Graph

350 Commits

Author SHA1 Message Date
david
1b2e726629 Sort script.db, remove erroneous smb-check-vulns-2.nse entry. 2009-04-24 18:45:00 +00:00
ron
3882988f7a Removed some debug code 2009-04-21 19:41:02 +00:00
ron
3b11c8696f Fixed a small bug that caused 'checkall' to not actually check all 2009-04-21 19:40:08 +00:00
ron
7793572bc2 Updated the @usage yet again 2009-04-21 19:25:49 +00:00
ron
73b43aed51 Updated 'usage' section again 2009-04-21 19:22:46 +00:00
ron
0df410fb14 Updated the 'usage' section 2009-04-21 19:12:06 +00:00
ron
bc55de0c6e Adding new check for Conficker.C and up, using the peer-to-peer ports. 2009-04-21 18:30:40 +00:00
ron
1fbc9e62cf defaulted to basic login for smb-check-vulns (the test infected box I found doens't like extended logins, not sure whether it's because of Conficker or if it was random chance 2009-04-17 01:13:57 +00:00
ron
dd9f063b1f Updated Conficker.D-detection code 2009-04-17 01:09:29 +00:00
ron
14f2c0c6db Added experimental checks for Conficker.D/E 2009-04-17 00:34:13 +00:00
batrick
918a3955d5 Fixed banner.nse to remove surrounding whitespace in the banner. 
For example, this removed SSH greetings final two characters: carriage return
and newline.
 2009-04-06 16:00:18 +00:00
ron
80b53d8ffa Fixed a comment -- said 'windows 2003' where it should have been 'windows 2000' 2009-04-03 13:29:04 +00:00
david
7e2b32e6ed Fix an error with smb-check-vulns.nse Conficker error help. I was catching the 
error at the wrong level, so not all possible errors were being run through the
help table. Specifically, errors returned msrpc.start_smb and msrpc.bind, which
included at least NT_STATUS_OBJECT_NAME_NOT_FOUND, didn't get the explanatory
text. I made a mistake in testing the error reporting the first time around.
 2009-04-02 17:26:04 +00:00
david
09762c4d85 Add helpful text for the two most common errors seen in the Conficker 
check in smb-check-vulns.nse: NT_STATUS_OBJECT_NAME_NOT_FOUND and
NT_STATUS_ACCESS_DENIED. Ron and I found the best explanations for these
that we could. There is another error, NT_STATUS_NOT_SUPPORTED, which is
less common than these but has been observed. We still don't have a clue
as to the cause of that one.
 2009-04-02 02:27:47 +00:00
ron
dde55ed602 Added a change to eliminate possible false negatives 2009-04-01 12:23:21 +00:00
ron
f157387be1 Changed message when checks are disabled (it seemed to be confusing people) 2009-04-01 03:31:13 +00:00
ron
cf73d9eb03 Fixed a bug where every host showed up as 'infected'.. oops\! 2009-03-31 15:18:03 +00:00
ron
70275c69c3 Fixed a small output bug in smb-check-vulns where it would print 'PATCHED' if an error occurred (in addition to the error message) 2009-03-31 15:04:10 +00:00
ron
f4575514af Updated Conficker detection: change some constants, better error checking for MS08-067 patch (tell the user if the system has a jury-rigged patch instead of a cryptic error) 2009-03-31 14:14:24 +00:00
kris
97028d6a6f wrap a couple of long doc lines 2009-03-30 20:35:38 +00:00
kris
f6f61ecf83 typos in docs/comments: if->is and alse->false 2009-03-30 20:25:45 +00:00
ron
9948b1d7f4 Print Connficker error messages always 2009-03-30 19:16:55 +00:00
ron
67a6886318 Changed spelling of 'Connficker' to 'Conficker' 2009-03-30 15:24:36 +00:00
ron
9060d2fadd Modified smb-check-vulns.nse to check for Connficker infections. Got permission from authors of simple connficker scanner (scs.zip) to post this 2009-03-30 14:46:58 +00:00
jah
de922ab69c Now works for udp again. The port table has a "protocol" field, not "proto". 2009-03-13 03:41:28 +00:00
ron
80591c9cc6 Cleaned up output of smb-server-stats.nse 2009-03-12 14:56:23 +00:00
ron
bb30932c0d Wrapped a long line 2009-03-11 14:13:17 +00:00
ron
45744eddc3 Merge in changes from my private branch, primarily smb-brute.nse and smb-pwdump.nse, among other smaller changes. 2009-03-05 02:03:29 +00:00
david
62aa04c11a In dns-zone-transfer.nse, return "<parse error>" in case domain decoding fails. 
otherwise there is an assertion failure trying to insert a nil into an output
table in tab.lua. Increase the maximum number of message compression pointers
we will follow in dns.lua from 3 to 10, because Brandon found a server that
used 4..
 2009-02-27 20:16:29 +00:00
david
dde083e900 Fix the formatting of the uptime in snmp-ssydescr.nse so it looks like 
"0:03:02.72 (18272 timeticks)", not "0:3:2.72 (18272 timeticks)" (note padding
zeroes).
 2009-02-12 04:23:41 +00:00
david
2d018963ca Use dns.decStr in dns-zone-transfer.nse instead of a custom DNS decoder. This 
avoids an infinite recursion bug present in the old decoder. I raised the
number of compression pointers that dns.decStr will follow from 1 to 3 because
I found a server that sent 2.
 2009-02-10 00:53:26 +00:00
david
590e7b7574 Fix abug in the DNS parser in dns-zone-transfer.nse: All '0' characters in 
domain names were changed to '.', probably as a result of some code that wasn't
updated when surrounding code was. This changed the name net360.example.com to
net36..example.com.
 2009-02-08 04:33:43 +00:00
david
e6d6e8d83e Fixed a DNS decoding bug in dns-zone-transfer.nse that created 
garbage output and could crash Zenmap by including 0x0C bytes in XML
files. The Zenmap crash looked like
  SAXParseException: .../zenmap-XXXXXX.xml:39:290: not well-formed (invalid token)
 2009-02-06 19:25:11 +00:00
david
00b65b7768 Remove script args that are inherited from modules from sript documentation. 
Such args are now included automatically in the generated documentation.
 2009-02-05 23:45:12 +00:00
ron
5ec608507a Backported a couple minor bugfixes from my experimental branch 2009-02-04 22:08:20 +00:00
jah
c622a1518e Pass "ssl" as the third paramater to connect() in pop3.lua capabilities() and 
smtp-commands.nse if version detection set the port service_tunnel to "ssl".
 2009-02-03 02:43:24 +00:00
jah
c8442d3946 Fix error: 
SCRIPT ENGINE (506.424s): ./scripts/pop3-capabilities.nse against a.b.1.47:995
ended with error: ./scripts/pop3-capabilities.nse:32: bad argument #1 to
'pairs' (table expected, got string)

which happens because pop3.lua returns a string error message instead of a table
of capabilities if it can't connect the socket or obtain a response from a
connected socket.
It now returns nil, err_message in these cases and the documentation now reflects
this - pop3-capabilities.nse silently returns and prints a debug message.

Added a 10s timeout for the socket in pop3.lua capabilities - 30s was a bit much.
 2009-02-03 01:15:25 +00:00
david
a5b73cf906 Rename the xampp-default-auth script to ftp-brute. Incorporate some code 
improvements in the script from Vlatko Kosturjak. Remove the nobody/e0e0e0e0
test credentials because I can't find a web source to substantiate them.
 2009-01-26 06:02:45 +00:00
david
81886dc21d Remove id variables from a couple of scripts. 2009-01-26 05:56:49 +00:00
fyodor
197b228b4d remove complex timeout system (based on -T level) of Banner NSE script, and instead always wait five seconds. 2009-01-23 05:22:06 +00:00
david
0844aa18af Remove redundant "Daytime: " from the output of daytime.nse. It looked like 
|_ daytime: Daytime: Mon Jan 19 17:43:18 MST 2009
 2009-01-20 00:42:32 +00:00
david
bad22b8c60 Give the default value ("public") in the NSEDoc for the snmpcommunity script 
argument in snmp-sysdescr.nse.
 2009-01-19 23:23:20 +00:00
david
7307d28e88 Let daytime.nse run against both TCP and UDP port 13. It only did UDP before. 
RFC 867 says the service runs over both protocols.
 2009-01-19 21:55:23 +00:00
david
a384e9016f Document script arguments in 
pop3-brute.nse: pop3loginmethod, userdb, passdb;
snmp-brute.nse: snmpcommunity, snmplist, userdb, passdb;
snmp-sysdecsr.nse: snmpcommunity;
snmp.lua: snmpcommunity;
unpwdb.lua: userdb, passdb.
 2009-01-13 00:10:33 +00:00
kris
5725a169bf Make robots.txt.nse be silent instead of printing reports for a file with no 
disallowed entries
 2009-01-03 16:54:47 +00:00
ron
1c08d02689 Updated the output section for smb-enum-processes.nse 2008-12-24 00:58:52 +00:00
ron
773000b65a Merging changes from my experimental branch; the new versions of this scripts, which have significant changes to their core functionality, managed to hold their own against Brandon's network. More testing would be very helpful, though, especially with credentials (most of Brandon's scans were anonymous). 2008-12-24 00:53:01 +00:00
bmenrigh
c4bebb3a01 Starting in Lua 5.1, string.gfind was renamed to string.gmatch. This commit fixes a warning when gfind is used by using gmatch instead. 2008-12-17 20:43:57 +00:00
batrick
88419b0c6e Cleaned up the creation of the string payload. 2008-12-09 06:00:50 +00:00
ron
86de493a3e Changed smb-enum-shares to detect a host that returns the incorrect value for unknown shares (happened against what appears to be a EMC SANS). Also added a check to stdnse.strjoin() to ensure that the first parameter is either nil or a string, I got the parameters wrong and spent awhile trying to figure otu why. 2008-12-08 03:33:25 +00:00