Nmap 6.49BETA4 on Android

I’m working on Android port of Nmap for quite some time now. It was some time ago I did port Nmap 6.47 to Android and you can find that Android binaries here:
http://seclists.org/nmap-dev/2015/q1/45

Almost same process as 6.46 was used to compile 6.47:
https://k0st.wordpress.com/2014/08/17/nmap-6-46-on-android/

In the meantime, 6.49BETA4 got released, so I’ve managed to cross compile the new version as well.

For those who just wants the binaries, they are here (binaries should work on Android 4+ out of the box):
https://s3.amazonaws.com/nmap-dl/nmap-android/nmap-6.49BETA4-android-arm-bin.tar.bz2
https://s3.amazonaws.com/nmap-dl/nmap-android/nmap-6.49BETA4-android-i686-bin.tar.bz2
https://s3.amazonaws.com/nmap-dl/nmap-android/nmap-6.49BETA4-android-mipsel-bin.tar.bz2

Or if you don’t want to bother with this all, you can download Network Mapper application from Play store at following URL:
https://play.google.com/store/apps/details?id=org.kost.nmap.android.networkmapper

Since, I’m using completely different approach in building it from the source, it’s worth mentioning major changes: binaries are now dynamically linked (due to DNS issues) and compiled with PIE support (due to Lollipop support). Dynamic linking is done against minimal number of libraries for DNS to work (mostly libc).

Read more of this post

Advertisements

Identifying and exploiting IBM WebSphere Application Server

IBM WebSphere is application server similar to Tomcat, JBoss and WebLogic. Therefore, it should be interesting to any penetration tester doing enterprise scale work where Websphere might be present. It should be also interesting to anyone who is working on securing enterprise environment since Websphere allows deploying own (malicious or not) code to the server.

I have written NSE scripts to identify IBM Websphere consoles of application servers and to brute force any usernames and passwords. I will also demonstrate basics of WebSphere exploitation.

Read more of this post

Atom package to support Nmap Scripting Engine (NSE) files

Sometimes I use Atom as my secondary editor. I’ve made atom package to support Nmap Scripting Engine (NSE) files. In short, it adds syntax highlighting and snippets to NSE and Lua files in Atom. It is specifically written for writing NSE scripts which are compatible according to Nmap coding style (indentation, soft tabs, etc).

Package is available from the following URL:
https://atom.io/packages/language-nse

Source is available at the following URL:
https://github.com/kost/language-nse

Atom language-nse package

Atom language-nse package

Read more of this post