ubiquiti-discovery NSE Script

Extracts information from Ubiquiti networking devices. This script leverages Ubiquiti's Discovery Service which is enabled by default on many products. It will attempt to leverage version 1 of the protocol first and, if that fails, attempt version 2. Example Usage nmap -sU -p 10001 --script...

broadcast-ospf2-discover NSE Script

Discover IPv4 networks using Open Shortest Path First version 2OSPFv2 protocol. The script works by listening for OSPF Hello packets from the 224.0.0.5 multicast address. The script then replies and attempts to create a neighbor relationship, in order to discover network database. If no interface...

fox-info NSE Script

Tridium Niagara Fox is a protocol used within Building Automation Systems. Based off Billy Rios and Terry McCorkle's work this Nmap NSE will collect information from A Tridium Niagara system. Example Usage nmap --script fox-info.nse -p 1911 Script Output 1911/tcp open Niagara Fox | fox-info: |...

knx-gateway-discover NSE Script

Discovers KNX gateways by sending a KNX Search Request to the multicast address 224.0.23.12 including a UDP payload with destination port 3671. KNX gateways will respond with a KNX Search Response including various information about the gateway, such as KNX address and supported services. Further...

snmp-info NSE Script

Extracts basic information from an SNMPv3 GET request. The same probe is used here as in the service version detection scan. Script Arguments snmp.version See the documentation for the snmp library. creds.service, creds.global See the documentation for the creds library. Example Usage nmap -sV...

fcrdns NSE Script

Performs a Forward-confirmed Reverse DNS lookup and reports anomalous results. References: Example Usage nmap -sn -Pn --script fcrdns Script Output Host script results: |fcrdns: FAIL 12.19.29.17, 12.19.20.14, 23.10.13.25 Host script results: |fcrdns: PASS 37.58.100.86-static.reverse.softlayer.com...

mtrace NSE Script

Queries for the multicast path from a source to a destination host. This works by sending an IGMP Traceroute Query and listening for IGMP Traceroute responses. The Traceroute Query is sent to the first hop and contains information about source, destination and multicast group addresses. First hop...

hostmap-robtex NSE Script

Discovers hostnames that resolve to the target's IP address by querying the online Robtex service at . TEMPORARILY DISABLED due to changes in Robtex's API. See Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size,...

targets-ipv6-multicast-echo NSE Script

Sends an ICMPv6 echo request packet to the all-nodes link-local multicast address ff02::1 to discover responsive hosts on a LAN without needing to individually ping each IPv6 address. Script Arguments newtargets If true, add discovered targets to the scan queue...

targets-ipv6-multicast-invalid-dst NSE Script

Sends an ICMPv6 packet with an invalid extension header to the all-nodes link-local multicast address ff02::1 to discover some available hosts on the LAN. This works because some hosts will respond to this probe with an ICMPv6 Parameter Problem packet. Script Arguments newtargets If true, add...

ip-geolocation-geoplugin NSE Script

Tries to identify the physical location of an IP address using the Geoplugin geolocation web service . There is no limit on lookups using this service. See also: ip-geolocation-ipinfodb.nse ip-geolocation-map-bing.nse ip-geolocation-map-google.nse ip-geolocation-map-kml.nse...

ip-geolocation-maxmind NSE Script

Tries to identify the physical location of an IP address using a Geolocation Maxmind database file available from . This script supports queries using all Maxmind databases that are supported by their API including the commercial ones. See also: ip-geolocation-geoplugin.nse...

quake3-master-getservers NSE Script

Queries Quake3-style master servers for game servers many games other than Quake 3 use this same protocol. Script Arguments quake3-master-getservers.outputlimit If set, limits the amount of hosts returned by the script. All discovered hosts are still stored in the registry for other scripts to us...

qscan NSE Script

Repeatedly probe open and/or closed ports on a host to obtain a series of round-trip time values for each port. These values are used to group collections of ports which are statistically different from other groups. Ports being in different groups or "families" may be due to network mechanisms...

ipidseq NSE Script

Classifies a host's IP ID sequence test for susceptibility to idle scan. Sends six probes to obtain IP IDs from the target and classifies them similarly to Nmap's method. This is useful for finding suitable zombies for Nmap's idle scan -sI as Nmap itself doesn't provide a way to scan for these...