Nmap Development mailing list archives
Gyani's Status Report - #17 of 17
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Sat, 22 Aug 2015 17:31:40 +0530
Hi, It was a fun and productive Summer of Code. Learned a lot over the summer. Through this post I would like to summarize my SoC. I might have missed something, sorry about that! Code Committed To Trunk: * xmlrpc-methods[NEW]: This script is used to perform introspection of XMLRPC services. This script starts by querying the system.listMethods method and then tries to run system.methodHelp on each method listed by system.listMethods. * http-methods[UPDATE] : Sometimes the options method is disabled or outputs an incomplete set of methods. This script was modified to test every method individually in case options is disabled. * http-fetch[NEW]: This script supports three use cases, fetching all content on a server, fetching files that match a pattern and fetching files as specified in the command line. * http-drupal-enum[UPDATE]: Earlier we had a script called http-drupal-modules, I added support for enumeration of themes and extended the database from 9k modules to 18k modules. * ganglia-info[UPDATE]: The script would earlier try to parse the xml with multiple gsub calls. Now the script uses the slaxml library to do the parsing. * http-svn-enum[NEW]: This script is used to enumerate users of a subversion repository by using the "REPORT" method. It also reports number of commits per user, last revision committed to and the date on which the commit was made. * http-svn-info[NEW]: This script tries to gather information about an svn repository. The output is similar to the command line svn info <target>. * http-grep[UPDATE]: The script now works on multiple patterns and supports builtin patterns like email, ssn, ip, credit card number with the required validation functions. The script covers the functions of http-email-harvest and so http-email-harvest was removed. * ssl-enum-ciphers[BUGFIX]: Fixed a bug that would occur when Nmap was compiled without ssl support. * http-brute[UPDATE]: Brute now supports NTLM authentication, which is an extension to the digest and basic support earlier. * smbauth[UPDATE]: Added a function that generates an ntlm v2 session response for ntlmv1 authentication. This is used by the NTLM authentication code in http.lua. * http[UPDATE]: Added support for NTLM authentication in http.lua. Now you can send http requests with NTLM authentication enabled. * http-crossdomain-policy[UPDATE]: This script earlier had support for cross domain policy files now it even supports client access policy files. The xml parsing is now handled by the SLAXML library. * http-put[UPDATE]: Relaxed checks for successful posts. Earlier was set to 200 now anything between 200 and 210 is considered succesful. * hnap-info[NEW] : The script queries /HNAP to find hnap devices and list information about them. Useful for routers and other such devices. * http-enum[UPDATE]: Added fingerprints for hnap-auth-bypass. Some hnap devices are prone to an authentication bypass attack by querying a specific URL. * slaxml[NEW]: A tiny xml parser originally written by Phrogz (Gavin Kistner), supports both DOM and SAX. I ported this to NSE, added some documentation and made a few functions globally available. * http-webdav-scan[NEW]: This script is used to discover webdav instances. It lists methods exposed to non authenticated users, internal ips and files indexed by the WEBDAV instance. * http-vuln-cve2015-1427: A script that checks for Remote Code Execution Vulnerabilities in Elastic Search instances. Yet to be Committed: * osinfo[NEW]: A library that parses OS version strings to generate CPE and OS name. smb-os-discovery has been modified to use osinfo. * cctv-dvr-brute[NEW]: A script that performs brute force attack on cctv dvr installations. * cctv-auth-bypass[NEW]: A script that tries to exploit an auth bypass vulnerability in CCTV DVR installations to enumerate ppoe,ddns,ftp and web interface credentials. * http-mirror[NEW]: A script that tries to generate a static mirror of a Website. Will probably be added as an extension to http-fetch. * http-webdav-perms[NEW]: The script tries too see if the server supports DELETE, MKCOL, MOVE and PUT for non authenticated users by uploading a few files and renaming them. * opentracker-stats[NEW]: Tries to enumerate information from opentracker installations. * http[UPDATE]: Added support for automatic authentication. This is done via credentials specified by command line or by credentials existing in the registry. Also several scripts affected by the autoauth changes lie in the /autoauth directory. * smtp-commands[UPDATE]: Earlier the parsing was done by multiple gsub calls. Changed how parsing is done, also added xmloutput. Priorities: * Clean up http-spider documentation. * Review scripts that are posted to the mailing list. * Figure out what to work on next. The http spider redesign, looks like a very nice project! * Review and commit SoC work that hasn't been committed yet. * Take some time off.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Gyani's Status Report - #17 of 17 Gyanendra Mishra (Aug 22)