tso-enum NSE Script

TSO User ID enumerator for IBM mainframes z/OS. The TSO logon panel tells you when a user ID is valid or invalid with the message: IKJ56420I Userid not authorized to use TSO. The TSO logon process can work in two ways: 1 You get prompted with IKJ56700A ENTER USERID - to which you reply with the...

nje-pass-brute NSE Script

z/OS JES Network Job Entry NJE 'I record' password brute forcer. After successfully negotiating an OPEN connection request, NJE requires sending, what IBM calls, an 'I record'. This initialization record may sometimes require a password. This script, provided with a valid OHOST/RHOST for the NJE...

http-aspnet-debug NSE Script

Determines if a ASP.NET application has debugging enabled using a HTTP DEBUG request. The HTTP DEBUG verb is used within ASP.NET applications to start/stop remote debugging sessions. The script sends a 'stop-debug' command to determine the application's current configuration state but access to R...

http-svn-enum NSE Script

Enumerates users of a Subversion repository by examining logs of most recent commits. Script Arguments http-svn-enum.url This is a URL relative to the scanned host eg. /default.html default: /. http-svn-enum.count The number of logs to fetch. Defaults to the last 1000 commits. slaxml.debug See th...

NSEarch - Nmap Script Engine Search

NSEarch is a tool that helps you find scripts that are used nmap NSE , can be searched using the name or category , it is also possible to see the documentation of the scripts found. USAGE: $ python nsearch.py Main Menu Initial Setup ================================================ | \ | |/ || | ...

http-wordpress-users NSE Script

Enumerates usernames in Wordpress blog/CMS installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others. Original advisory: Script Arguments http-wordpress-users.out If set it saves the username list in this file...

ssl-poodle NSE Script

Checks whether SSLv3 CBC ciphers are allowed POODLE Run with -sV to use Nmap's service scan to detect SSL/TLS on non-standard ports. Otherwise, ssl-poodle will only run on ports that are commonly used for SSL. POODLE is CVE-2014-3566. All implementations of SSLv3 that accept CBC ciphersuites are...

http-avaya-ipoffice-users NSE Script

Attempts to enumerate users in Avaya IP Office systems 7.x. Avaya IP Office systems allow unauthenticated access to the URI '/system/user/scnuserlist' which returns a XML file containing user information such as display name, full name and extension number. Tested on Avaya IP Office 7.027. Script...

Tenda W309R Router 5.07.46 - Configuration Disclosure

No description provided by source. --------------------------------------------------- Exploit Title: Tenda W309R Configuration Enumeration without Authentication Author: SANTHO @s4n7h0 Vendor Homepage: http://www.tenda.cn Product link: http://www.tenda.cn/tendacn/product/show.aspx?productid=382...

s7-info NSE Script

Enumerates Siemens S7 PLC Devices and collects their device information. This script is based off PLCScan that was developed by Positive Research and Scadastrangelove . This script is meant to provide the same functionality as PLCScan inside of Nmap. Some of the information that is collected by...

http-vuln-cve2014-2128 NSE Script

Detects whether the Cisco ASA appliance is vulnerable to the Cisco ASA SSL VPN Authentication Bypass Vulnerability CVE-2014-2128. See also: http-vuln-cve2014-2126.nse http-vuln-cve2014-2127.nse http-vuln-cve2014-2129.nse Script Arguments tls.servername See the documentation for the tls library...

NetSupport Manager Vulnerability Leads to Data Leakage

UPDATE – A vulnerability in older versions of NetSupport Manager, a platform that allows companies to remotely manage machines for desktop support, could yield sensitive configuration settings and lead to compromise. According David Kirkpatrick, the researcher who found the vulnerability, it took...

ssl-heartbleed NSE Script

Detects whether a server is vulnerable to the OpenSSL Heartbleed bug CVE-2014-0160. The code is based on the Python script ssltest.py authored by Katie Stafford [email protected] Script Arguments ssl-heartbleed.protocols default tries all TLS 1.0, TLS 1.1, or TLS 1.2 tls.servername See the...

D-Link Releases Router Firmware Updates for backdoor vulnerability

In October, A Security researcher 'Craig Heffner' discovered a backdoor vulnerability CVE-2013-6027 with certain D-Link routers that allow cyber criminals to alter a router setting without a username or password. Last week, D-Link has released new version of Firmware for various vulnerable router...

Tenda W309R Router 5.07.46 - Configuration Disclosure

Exploit for hardware platform in category web applications --------------------------------------------------- Exploit Title: Tenda W309R Configuration Enumeration without Authentication Author: SANTHO Vendor Homepage: http://www.tenda.cn Product link:...

http-referer-checker NSE Script

Informs about cross-domain include of scripts. Websites that include external javascript scripts are delegating part of their security to third-party entities. Script Arguments slaxml.debug See the documentation for the slaxml library. httpspider.doscraping, httpspider.maxdepth,...

http-coldfusion-subzero NSE Script

Attempts to retrieve version, absolute path of administration panel and the file 'password.properties' from vulnerable installations of ColdFusion 9 and 10. This was based on the exploit 'ColdSub-Zero.pyFusion v2'. See also: http-adobe-coldfusion-apsa1301.nse http-vuln-cve2009-3960.nse...

http-vuln-cve2013-0156 NSE Script

Detects Ruby on Rails servers vulnerable to object injection, remote command executions and denial of service attacks. CVE-2013-0156 All Ruby on Rails versions before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 are vulnerable. This script sends 3 harmless YAML payloa...

murmur-version NSE Script

Detects the Murmur service server for the Mumble voice communication client versions 1.2.X. The Murmur server listens on a TCP control and a UDP voice port with the same port number. This script activates on both a TCP and UDP port version scan. In both cases probe data is sent only to the UDP po...

rpc-grind NSE Script

Fingerprints the target RPC port to extract the target service, RPC number and version. The script works by sending RPC Null call requests with a random high version unsupported number to the target service with iterated over RPC program numbers from the nmap-rpc file and check for replies from t...