Daniel Miller bonsaiviking

## tls-extended-random.nse
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local bin = require "bin"
local tls = require "tls"

description = [[
Checks for server support of the Extended Random TLS extension, which was
allegedly created to make exploitation of the Dual EC DRBG weakness easier. The
extension was never widely adopted, and IANA did not assign an ExtensionType

## service_fp.nse
local lpeg = require "lpeg"
local U = require "lpeg-utility"

local getquote = U.escaped_quote()
local unescape = lpeg.P ( {
  lpeg.Cs((lpeg.V "simple_char" + lpeg.V "unesc")^0),
  esc = lpeg.P "\\",
  simple_char = lpeg.P(1) - lpeg.V "esc",
  unesc = (lpeg.V "esc" * lpeg.Cs( lpeg.V "esc" + lpeg.V "specials" + lpeg.V "code" + lpeg.P(1) ))/"%1",
  specials = lpeg.S "trn0" / {t="\t", r="\r", n="\n", ["0"]="\0"},

## ssl-poodle.md

      
              1 file
            
          
              2 forks
            
          
              0 comments
            
          
              0 stars
            
          
                bonsaiviking
                / ssl-poodle.md
            
            
              Last active
              August 29, 2015 14:07
            
              
                Nmap NSE script for detecting POODLE-vulnerable servers (SSLv3 with CBC ciphersuites)
              
          
    Please use the official ssl-poodle NSE script from the Nmap project.

  
## tls-hellofirst.nse
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
local bin = require "bin"
local tls = require "tls"

description = [[
Tries to confuse a TLS server into sending a ClientHello by first sending a HelloRequest.

## newnym.pl
#!/usr/bin/perl

use strict;
use warnings;
use HTTP::Daemon;
use IO::Socket;

my $torport=9051;
my $password="footor";
my $good = HTTP::Response->new(

## cipherstrength.pl
#!/usr/bin/perl

use strict;
use warnings;
use 5.012;

my %kex_scores = (
    NULL => 0,
    anon => 0,
    EXPORT => 40,

## printbomb.nse
description = [[
Print a bunch of pages.
]]

author = "Daniel Miller"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"intrusive", "dos"}

## headless.pl
#!/usr/bin/perl -an

# One-liner version:
# lsof -d txt,0,1,2 | perl -anE'push@g,$F[1]if$F[4]eq"CHR"and$F[8]=~/^.dev.[pt]t[sy]/;$t{$F[1]}=$_ if$F[3]eq"txt"and$F[8]=~/^.(usr.)?bin.((b|d)?a|z|k|c|tc)*sh/;END{delete$t{$_}for@g;say values%t}'

# store the PID of processes that use a PTY/TTY for STDIN, STDOUT, or STDERR
push @g, $F[1] if $F[4] eq "CHR" and $F[8]=~/^.dev.[pt]t[sy]/;

# Store the whole line if the txt file descriptor is a shell
$t{$F[1]}=$_ if $F[3] eq "txt" and $F[8]=~/^.(usr.)?bin.((b|d)?a|z|k|c|tc)*sh/;

## test.nse
description = [[Minimal framework for testing NSE scripts. Modify as needed.]]

author = "Daniel Miller"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"testing"}

prerule = function() return true end

## gist:3077294
$ nmap --script dns-zone-transfer --script-args dns-zone-transfer.domain=zonetransfer.me -p 53 -Pn $(dig +short zonetransfer.me NS | head -1)

Starting Nmap 6.02 ( http://nmap.org ) at 2012-07-09 10:50 CDT
Nmap scan report for ns12.zoneedit.com. (209.62.64.46)
Host is up (0.033s latency).
rDNS record for 209.62.64.46: ns12.zoneedit.com
PORT   STATE SERVICE
53/tcp open  domain
| dns-zone-transfer:
| zonetransfer.me.                                SOA    ns16.zoneedit.com. soacontact.zoneedit.com.
	local nmap = require "nmap"
	local shortport = require "shortport"
	local stdnse = require "stdnse"
	local bin = require "bin"
	local tls = require "tls"

	description = [[
	Checks for server support of the Extended Random TLS extension, which was
	allegedly created to make exploitation of the Dual EC DRBG weakness easier. The
	extension was never widely adopted, and IANA did not assign an ExtensionType
	local lpeg = require "lpeg"
	local U = require "lpeg-utility"

	local getquote = U.escaped_quote()
	local unescape = lpeg.P ( {
	lpeg.Cs((lpeg.V "simple_char" + lpeg.V "unesc")^0),
	esc = lpeg.P "\\",
	simple_char = lpeg.P(1) - lpeg.V "esc",
	unesc = (lpeg.V "esc" * lpeg.Cs( lpeg.V "esc" + lpeg.V "specials" + lpeg.V "code" + lpeg.P(1) ))/"%1",
	specials = lpeg.S "trn0" / {t="\t", r="\r", n="\n", ["0"]="\0"},
	#!/usr/bin/perl

	use strict;
	use warnings;
	use HTTP::Daemon;
	use IO::Socket;

	my $torport=9051;
	my $password="footor";
	my $good = HTTP::Response->new(
	description = [[
	Print a bunch of pages.
	]]

	author = "Daniel Miller"

	license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

	categories = {"intrusive", "dos"}
	#!/usr/bin/perl -an

	# One-liner version:
	# lsof -d txt,0,1,2 \| perl -anE'push@g,$F[1]if$F[4]eq"CHR"and$F[8]=~/^.dev.[pt]t[sy]/;$t{$F[1]}=$_ if$F[3]eq"txt"and$F[8]=~/^.(usr.)?bin.((b\|d)?a\|z\|k\|c\|tc)*sh/;END{delete$t{$_}for@g;say values%t}'

	# store the PID of processes that use a PTY/TTY for STDIN, STDOUT, or STDERR
	push @g, $F[1] if $F[4] eq "CHR" and $F[8]=~/^.dev.[pt]t[sy]/;

	# Store the whole line if the txt file descriptor is a shell
	$t{$F[1]}=$_ if $F[3] eq "txt" and $F[8]=~/^.(usr.)?bin.((b\|d)?a\|z\|k\|c\|tc)*sh/;
	description = [[Minimal framework for testing NSE scripts. Modify as needed.]]

	author = "Daniel Miller"

	license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

	categories = {"testing"}

	prerule = function() return true end
	$ nmap --script dns-zone-transfer --script-args dns-zone-transfer.domain=zonetransfer.me -p 53 -Pn $(dig +short zonetransfer.me NS \| head -1)

	Starting Nmap 6.02 ( http://nmap.org ) at 2012-07-09 10:50 CDT
	Nmap scan report for ns12.zoneedit.com. (209.62.64.46)
	Host is up (0.033s latency).
	rDNS record for 209.62.64.46: ns12.zoneedit.com
	PORT STATE SERVICE
	53/tcp open domain
	\| dns-zone-transfer:
	\| zonetransfer.me. SOA ns16.zoneedit.com. soacontact.zoneedit.com.