headers
Zisis Sialveras | 9 Feb 22:24
Picon
Gravatar

GSoC 2012

Hello everyone.  :)

I don't know if i post on the correct list - if it is not, my bad. ;-/
I am interested to participate in Google Summer of Code this year and I 
want - if it is possible - to have a chat with the potential mentors. :-)

Have fun
Z
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Permalink | Reply | 0 comments |
headers
New VA Module Alert Service | 9 Feb 19:00

New VA Modules: OpenVAS: 2, Nessus: 6

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (2) ==

r12678 103412 gb_zenphoto_51916.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_zenphoto_51916.nasl?root=openvas&view=markup
Zenphoto Multiple Security Vulnerabilities

r12678 103411 gb_samba_51713.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_samba_51713.nasl?root=openvas&view=markup
Samba Memory Leak Local Denial Of Service Vulnerability

== Nessus plugins (6) ==

57863 realplayer_15_0_2_71.nasl
http://nessus.org/plugins/index.php?view=single&id=57863
RealPlayer for Windows < 15.0.2.71 Multiple Vulnerabilities

57862 hp_data_protector_media_operations_code_exec.nasl
http://nessus.org/plugins/index.php?view=single&id=57862
HP Data Protector Media Operations Server 'DBServer.exe' Remote Code
Execution

57861 iseries_settings.nasl
http://nessus.org/plugins/index.php?view=single&id=57861
IBM iSeries Credentials

57859 symantec_pcanywhere_unsupported.nasl
http://nessus.org/plugins/index.php?view=single&id=57859
(Continue reading)

Permalink | Reply | 0 comments |
headers
Patrik Karlsson | 9 Feb 17:08

[NSE] redirect support in http.lua

Hi all,

I'm attaching a patch that I would like to apply to the http library. It
adds support for HTTP redirects to the http.get and http.head functions.
The default behavior will be to follow 5 levels of redirects before bailing
out. The no_follow_redirect can be passed as an option to disable redirect
support.
The new functionality checks whether it should follow redirects or not
based on code from http-title that I've modified slightly.
Basically this is how it works:
1. http.get or http.head requests a page
2. if the server returns a 301, 302 or 307 the handle_redirect function
will validate the location with redirect_ok
3. if the redirect_ok passes all the tests, it will allow http.get or
http.head to proceed fetching the new location
4. http.get or http.head continues to do 1-3 until it no longer receives a
redirect, exceeds the max redirect count or fails to validate the location
url
5. http.get or http.head returns the redirected response (transparently to
the script) and sets a new response table field "location", a table, with
an entry for each redirect that lead to the final page.

Unless someone finds problems with this design or otherwise disagrees, I'll
commit this change within the next few days.

Cheers,
Patrik
--

-- 
Patrik Karlsson
http://www.cqure.net
(Continue reading)

Permalink | Reply | 3 comments |
headers
Johannes Nixdorf | 8 Feb 13:33
Gravatar

nmap's bundled libpcre and automake

Hi,

the way you modify the copy of libpcre you distribute is confuses
autoreconf into thinking automake can be run because configure.ac still
uses the AM_INIT_AUTOMAKE macro, which fails since you removed Makefile.am
from it.

I attached a patch fixing this by removing AM_INIT_AUTOMAKE from
libpcre's configure.ac

Best regards,

Johannes Nixdorf


diff -r -u nmap-5.51.orig/libpcre/configure.ac nmap-5.51/libpcre/configure.ac
--- nmap-5.51.orig/libpcre/configure.ac	2012-02-08 13:01:16.799758211 +0100
+++ nmap-5.51/libpcre/configure.ac	2012-02-08 13:01:31.934673128 +0100
@@ -14,7 +14,6 @@
 AC_PREREQ(2.57)
 AC_INIT(PCRE, pcre_major.pcre_minor[]pcre_prerelease, , pcre)
 AC_CONFIG_SRCDIR([pcre.h.in])
-AM_INIT_AUTOMAKE([dist-bzip2 dist-zip])
 AC_CONFIG_HEADERS(config.h)

 # The default CFLAGS and CXXFLAGS in Autoconf are "-g -O2" for gcc and just

_______________________________________________
(Continue reading)

Permalink | Reply | 2 comments |
headers
Tom Sellers | 8 Feb 04:25
Gravatar

[NSE] ms-sql-info: dependency on ms-sql-discover

All,
	ms-sql-info has a dependency on ms-sql-discover at line 109.  ms-sql-discover was
removed from the repo 3/19/2011 (Rev 22680) based on the following discussion:

http://seclists.org/nmap-dev/2011/q1/725

A quick glance at the code and the related discussions gives me the impression that this
dependency can be removed.

Similarly, the following scripts also show a dependency on ms-sql-discover:

ms-sql-brute.nse
ms-sql-config.nse
ms-sql-dump-hashes.nse
ms-sql-empty-password.nse
ms-sql-hasdbaccess.nse
ms-sql-query.nse
ms-sql-tables.nse
ms-sql-xp-cmdshell.nse

Unfortunately I can't review the code at this time to suggest a course of action and will
have to just bring it to the group's attention.

Thoughts?

Thanks much,

Tom
_______________________________________________
Sent through the nmap-dev mailing list
(Continue reading)

Permalink | Reply | 1 comment |
headers
Fyodor | 8 Feb 01:09

Nmap in CBS show Person of Interest

Hi folks.  David Maynor just let me know that Nmap was shown on last
Thursday's episode of the CBS crime drama "Person of Interest"[1].  I
don't know if this should go on the Nmap movies page[2], since it's a
TV show, but it is still great publicity for Nmap!

Apparently the show aired at 9:00 PM EST in the US on Thursday Feb 2,
and the Nmap scene was around 9:25.  Unlike some othe Nmap cameos
where you really need to look to spot it, Nmap is shown quite clearly
here as the largest component on the screen.  I attached a screenshot
that David sent.

Cheers,
Fyodor

[1] http://en.wikipedia.org/wiki/Person_of_interest
[2] http://nmap.org/movies.html

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Permalink | Reply | 0 comments |
headers
New VA Module Alert Service | 7 Feb 19:00

New VA Modules: Nessus: 10

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nessus plugins (10) ==

57856 ubuntu_USN-1356-1.nasl
http://nessus.org/plugins/index.php?view=single&id=57856
USN-1356-1 : linux-ti-omap4 vulnerabilities

57855 suse_11_tomcat6-120206.nasl
http://nessus.org/plugins/index.php?view=single&id=57855
SuSE Security Update: tomcat6 (2012-02-06)

57854 suse_11_kernel-120130.nasl
http://nessus.org/plugins/index.php?view=single&id=57854
SuSE Security Update: kernel (2012-01-30)

57853 suse_11_kernel-120129.nasl
http://nessus.org/plugins/index.php?view=single&id=57853
SuSE Security Update: kernel (2012-01-29)

57852 freebsd_pkg_309542b550b911e1b0d800151735203a.nasl
http://nessus.org/plugins/index.php?view=single&id=57852
FreeBSD : bugzilla -- multiple vulnerabilities
(309542b5-50b9-11e1-b0d8-00151735203a)

57851 debian_DSA-2405.nasl
http://nessus.org/plugins/index.php?view=single&id=57851
Debian DSA-2405-1 : apache2 - multiple issues
(Continue reading)

Permalink | Reply | 0 comments |
headers
New VA Module Alert Service | 6 Feb 19:00

New VA Modules: NSE: 1, OpenVAS: 7, Nessus: 20

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (1) ==

r28027 asn-to-prefix http://nmap.org/nsedoc/scripts/asn-to-prefix.html
Produces a list of prefixes for a given ASN.

== OpenVAS plugins (7) ==

r12637 863717 gb_fedora_2012_0916_bip_fc15.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_fedora_2012_0916_bip_fc15.nasl?root=openvas&view=markup
Fedora Update for bip FEDORA-2012-0916

r12637 831536 gb_mandriva_MDVA_2012_006.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2012_006.nasl?root=openvas&view=markup
Mandriva Update for firefox MDVA-2012:006 (firefox)

r12637 831537 gb_mandriva_MDVA_2012_007.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2012_007.nasl?root=openvas&view=markup
Mandriva Update for firefox MDVA-2012:007 (firefox)

r12637 831535 gb_mandriva_MDVSA_2012_013.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2012_013.nasl?root=openvas&view=markup
Mandriva Update for mozilla MDVSA-2012:013 (mozilla)

r12637 840884 gb_ubuntu_USN_1355_1.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_ubuntu_USN_1355_1.nasl?root=openvas&view=markup
Ubuntu Update for firefox USN-1355-1
(Continue reading)

Permalink | Reply | 0 comments |
headers
CheesStick peak | 6 Feb 12:14
Picon
Gravatar

Lua issues

Hello

Im currently working with the nmap script engine and with lua.
Im more into perl but i wanted to give lua a try so I started scripting a
bit.

Now it looks for me that the nse is not working like normal lua. I have an
example according my work with tables:

local table= { 123, 231 , "aaa" , xxx = { "x1", "x2"} , 666 , test="showme"
, 777 }

now when I do:
for i,v in ipairs(table) do print(i,v) end

it gives me:
1    123
2    231
3    aaa
4    666
5    777
(the same does table.concat(table,"\n") btw.)

BUT, according to different lua sites it should be:
1      123
2      231
3      aaa
4      table: 0035xxxx
5      666
test  showme
(Continue reading)

Permalink | Reply | 2 comments |
headers
Alok Upadhyay | 6 Feb 08:03
Picon
Gravatar

Some work for a beginner

Hi There,

I am a new to the nmap-dev list and also to the world of open source
development. I am really interested in working under the nmap's hood.

I was looking for some easy headway into the development side by
trying to solve a bug etc., but wasn't quite able to figure out stuff.
I am good in programming using Java, Python and C. And I have some
experience in socket programming as well. For a better gauge of my
abilities, my CV can be found in the following Google doc:

https://docs.google.com/open?id=0B-Uv5F76BAkZNzJlMjc0NmQtODA0Yi00OTRjLWFlNTEtYjBlMWU3MjQxM2Nm

Can someone please suggest or hand me out some beginner level
project/assignment which will help me know NMAP better and also
contribute to it.

Cheers,

Alok Upadhyay
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Permalink | Reply | 1 comment |
headers
New VA Module Alert Service | 5 Feb 19:00

New VA Modules: NSE: 2, MSF: 1, Nessus: 1

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (2) ==

r28013 rsync-brute http://nmap.org/nsedoc/scripts/rsync-brute.html
Performs brute force password auditing against rsync.

r28013 rsync-list-modules http://nmap.org/nsedoc/scripts/rsync-list-modules.html
List modules available for rsync synchronization

== Metasploit modules (1) ==

r14692 http://metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/server/capture/javascript_keylogger.rb
Man-in-the-middle JavaScript Keylogger

== Nessus plugins (1) ==

57826 websphere_iscdeploy_permissions.nasl
http://nessus.org/plugins/index.php?view=single&id=57826
IBM WebSphere Application Server iscdeploy Script Insecure Permissions
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Permalink | Reply | 0 comments |

Gmane