Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

List Archives

Latest Posts

New VA Modules: OpenVAS: 4, Nessus: 12 New VA Module Alert Service (May 24)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (4) ==

r16437 2013/gb_pcoweb_default_root_password.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_pcoweb_default_root_password.nasl?root=openvas&view=markup
CAREL pCOWeb Default root Password

r16437 2013/gb_multiple_dvr_dir_traversal_05_2013.nasl...

[NSE] SSL certificate chain and verification Patrik Karlsson (May 24)
Hi,

The attached patch is an attempt to add the SSL certificate chain and a
potential warning generated upon cert verification to the cert NSE table.
It also updates the ssl-cert script to output the chain and any warning
received. Running against a server with a self-signed cert should now
generate a warning, while running against a site signed by a trusted CA
should not.

In the event you find that this works, is useful and want it committed I...

New VA Modules: OpenVAS: 2, Nessus: 18 New VA Module Alert Service (May 23)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (2) ==

r16419 2013/gb_nginx_http_parse_bof_vuln.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_nginx_http_parse_bof_vuln.nasl?root=openvas&view=markup
Nginx Chunked Transfer Encoding Stack Based Buffer Overflow
Vulnerability

r16419...

Re: New VA Modules: Nessus: 13 Edson Ticona (May 23)
El 14/05/2013 04:57, "New VA Module Alert Service" <postmaster () insecure org>
escribió:

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 22)
Hi Patrik,

I guess I missed your point about using a mutex; I initially didn't think
about implementing it in the ike lib, which makes more sense. I've attached
a patch against SVN that includes mutex. Thanks again for the pointer.

I've also attached an updated ike-info.nse that extracts more information,
specifically the use of aggressive mode authentification and pre-shared
keys (CVE-2002-1623).

- Jesper

New VA Modules: OpenVAS: 29, Nessus: 7 New VA Module Alert Service (May 22)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (29) ==

r16404 865620 2013/gb_fedora_2013_7128_tinc_fc17.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_fedora_2013_7128_tinc_fc17.nasl?root=openvas&view=markup
Fedora Update for tinc FEDORA-2013-7128

r16404 870997 2013/gb_RHSA-2013_0827-01_openswan.nasl...

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
Hi Patrik,

I've looked a bit more into to this, and using a mutex scheme, requires that the two scripts (version detection and
information extraction) sets the mutex. This would solve the problem of both these scripts trying to bind to UDP 500,
but would require other scripts binding to this port to also use this mutex, which could lead to transparency issues.

Would it make more sense to extend the 'bind' method of new_socket,...

New VA Modules: Nessus: 14 New VA Module Alert Service (May 21)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nessus plugins (14) ==

66520 opera_check_adobe_reader_enabled.nasl
http://nessus.org/plugins/index.php?view=single&id=66520
Adobe Reader Enabled in Browser (Opera)

66519 firefox_check_adobe_reader_enabled.nasl
http://nessus.org/plugins/index.php?view=single&id=66519
Adobe Reader Enabled in Browser (Mozilla Firefox)...

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
Hi Patrik,

Thanks for the pointer. I'll look into using this for for the script.

- Jesper

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
Hi Anne,

Thank you for your interest in testing the script. Unfortunately I don't
have any systems available for testing purposes, but if you find any I'd be
very interested in any feedback.

- Jesper

Re: nmaprc.lua? Fyodor (May 21)
Good point! I added this to the list of nmaprc ideas at
https://svn.nmap.org/nmap/todo/nmap.txt

Cheers,
Fyodor

Re: [NSE] IKE information extraction Patrik Karlsson (May 21)
Jesper,

I don't think there is a way to tell if the port is in use or not but if
you want to avoid that the scripts run at the same time you could use a
mutex. There some more information here;
http://nmap.org/book/nse-parallelism.html

/Patrik

On Mon, May 20, 2013 at 6:38 PM, Jesper Kückelhahn <dev.kyckel () gmail com>wrote:

Nmap IPC facilities? Jacek Wielemborek (May 20)
Hi,

I recently had an idea and I thought it'd be nice to get some feedback
from you guys. On the #nmap IRC channel I was discussing introducing
better facilities to interact with Nmap scanning processes. At first,
I was thinking of ways to add more interactivity to the program, like
a keystroke to pause the current task or skip one of hosts.

I found out that there used to be "interactive mode" in Nmap, removed
by David in 2010...

Re: [NSE] IKE information extraction stripes (May 20)
If you have a system I can test it against, I'll test the patch.

-Anne

[NSE] IKE information extraction Jesper Kückelhahn (May 20)
Hi list,

I've attached a script for extracting information from an IKE service and a
patch for ike.lua.

The IKE response might contain useful information such as the internal IP
address, domain name or username, which the script displays. Also matched
vendor IDs are displayed.

The ike.lua.patch adds extra functionality to support the extraction (and
some minor refactoring).

Example outputs:

PORT STATE SERVICE REASON VERSION...

More Lists

Dozens of other network security lists are archived at SecLists.Org.