Home page logo
/
nmap-dev logo
Nmap Development Mailing List

Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
2014358573490
2013422534664337
20127399931068533
201111481303925638
201012481035916793
20099288461116732
20085689111038809
2007305509479832
2006410497447326
2005175257202251
200417380131178
20035811314191
200258905977
20011835146
20007720

Latest Posts

Re: [NSE] http-form-brute enhancement Daniel Miller (Sep 23)
I committed this (with an minor update for compatibility with a change I
made last night) in r33703. Thanks for all your hard work on this!

Generally, it's easiest to review a set of sequential patches (like a
series of git commits, for instance), each of which adds or modifies a
single feature. This would have sped up this particular review, since there
were so many individual changes involved. Also, while I appreciate your
good coding...

New VA Modules: Nessus: 19, OpenVAS: 1 New VA Module Alert Service (Sep 23)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Nessus plugins (19) ==

77780 powerdns_3_6_1.nasl
http://nessus.org/plugins/index.php?view=single&id=77780
PowerDNS Recursor 3.6.0 DoS

77779 bugzilla_4_5_5.nasl
http://nessus.org/plugins/index.php?view=single&id=77779
Bugzilla < 4.0.14 / 4.2.10 / 4.4.5 / 4.5.5 CSRF Vulnerability

77778 openSUSE-2014-549.nasl...

Re: [nmap-svn] r33686 - nmap/docs Jacek Wielemborek (Sep 22)
W dniu 19.09.2014 o 06:32, commit-mailer () nmap org pisze:

Here's one more spot:

nsock/examples/nsock_telnet.c: * The nsock parallel socket event library
is (C) 1999-2013 Insecure.Com *
nsock/examples/nsock_test_timers.c: * The nsock parallel socket event
library is (C) 1999-2013 Insecure.Com *
nsock/src/gh_heap.c: * The nsock parallel socket event library is (C)
1999-2013 Insecure.Com *
nsock/src/nsock_proxy.h: * The nsock parallel...

New VA Modules: OpenVAS: 7 New VA Module Alert Service (Sep 22)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== OpenVAS plugins (7) ==

r696 105007 gb_starttls_imap.nasl
https://wald.intevation.org/scm/viewvco.php/scripts/gb_starttls_imap.nasl?root=openvas-nvts&view=markup
IMAP STARTTLS Detection

r696 105009 gb_starttls_ftp.nasl...

[ncat] Listening Unix domain socket and UDP dies on Connect John Schwarz (Sep 21)
Hi guys,

I'm encountering a really weird problem with the latest ncat version
taken from your SVN sources, and hopefully you guys could help me (or
otherwise confirm this is a bug?)

I have an haproxy process which is configured to send logs to a specific
unix domain socket located at some path at the HD. Prior to running the
haproxy, I start a ncat process like so:

ncat --unixsock <path> --output /tmp/logs --listen --unix -vvv

Once...

New VA Modules: MSF: 6 New VA Module Alert Service (Sep 21)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Metasploit modules (6) ==

c6c37fe7
https://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/multi/http/getSimplecms_upload_exec.rb
GetSimpleCMS PHP File Upload Vulnerability

003c1276...

Re: [NSE] Improved HTML conformance for http.parse_form() Daniel Miller (Sep 20)
Thanks for another great patch! I committed this in r33693 and followed it
up with another function to generate the case-insensitive patterns
required, since they are prone to typos. I also used this (and the better
patterns you came up with) in grab_forms, so that should be another
improvement.

Dan

Re: [nmap-svn] r33690 - nmap/scripts Daniel Miller (Sep 20)
Paul and Rob,

You are listed as authors on this script, so I'm addressing you directly.
The copy of this script that was committed was clearly not the one you
tested with: the action function had no return value, so it would never
provide any output. I think I've corrected that, but I don't have a
vulnerable device to test with.

The script looks like it's a bit incomplete. The username and password are
retrieved, but only...

New VA Modules: Nessus: 11, OpenVAS: 30 New VA Module Alert Service (Sep 20)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Nessus plugins (11) ==

77760 cisco_tandberg_mxp_unsupported.nasl
http://nessus.org/plugins/index.php?view=single&id=77760
Unsupported Cisco MXP Series Device

77759 cisco-sa-20140908-ucse.nasl
http://nessus.org/plugins/index.php?view=single&id=77759
Cisco UCS Integrated Management Controller < 2.3(1) DoS...

Re: [NSE] http-form-brute enhancement Daniel Miller (Sep 20)
This looks great! I had just integrated a few of your changes from that
thread, but I am really excited about this update.

I apologize for the delays. I'm working through script submissions now, but
I had been focused on a few portability issues for the past couple weeks.
Hopefully some of the other devs can step in and review these and other
scripts as they are submitted, but rest assured, I will catch up with them
all.

Dan

[NSE] http-form-brute enhancement nnposter (Sep 19)
I got inspired by the recent list thread about GET support in
http-form-brute to take a closer look at the script. I believe that
I have identified several opportunities for enhancement.

The attached version implements features listed below. (It is a
substantial rewrite so a patch would be larger and more difficult to
review than the end result.) Any constructive feedback is appreciated.

* Both The form auto-detection and submission now also...

New VA Modules: Nessus: 18 New VA Module Alert Service (Sep 19)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Nessus plugins (18) ==

77750 ida_pro_multiple_vulns.nasl
http://nessus.org/plugins/index.php?view=single&id=77750
IDA Pro Multiple Memory Corruption Vulnerabilities

77749 macosx_SecUpd2014-004.nasl
http://nessus.org/plugins/index.php?view=single&id=77749
Mac OS X Multiple Vulnerabilities (Security Update 2014-004)...

Re: [Branch] --ignore-after Daniel Miller (Sep 18)
I definitely see what you mean: my suggestion has a pretty rotten
worst-case. But let's keep in mind that any algorithm which ignores hosts
is a time improvement over the current behavior. After all, the service
discovery and script scanning phases can take up a lot of time. So I think
the primary goal should be "properly detecting and ignoring a host which is
lying to us." That is to say, we don't want to ignore a host that...

Re: [Branch] --ignore-after Jay Bosamiya (Sep 18)
Hi Dan, List,

I realize why you feel that the idea of percentage calculation done over
the *number of ports scanned so far* as opposed to the *total number of
ports intended to be scanned* might be better, however, I propose the
following example to show why the idea of percentages becomes redundant
then.

Assuming the case of calculation done over *number of ports scanned so
far*; let us assume the case of ports being scanned in the order...

New VA Modules: MSF: 3, Nessus: 18 New VA Module Alert Service (Sep 18)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Metasploit modules (3) ==

e3a67823
https://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/post/windows/gather/enum_patches.rb
Windows Enumerate Applied Patches

cdabfb84
https://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault