broadcast-versant-locate NSE Script

Discovers Versant object databases using the broadcast srvloc protocol. Example Usage nmap --script broadcast-versant-locate Script Output Pre-scan script results: | broadcast-versant-locate: | vod://192.168.200.222:5019 Requires srvloc table local srvloc = require "srvloc" local table = require...

rpcap-brute NSE Script

Performs brute force password auditing against the WinPcap Remote Capture Daemon rpcap. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the creds library...

socks-auth-info NSE Script

Determines the supported authentication mechanisms of a remote SOCKS proxy server. Starting with SOCKS version 5 socks servers may support authentication. The script checks for the following authentication types: 0 - No authentication 1 - GSSAPI 2 - Username and password Example Usage nmap -p 108...

socks-brute NSE Script

Performs brute force password auditing against SOCKS 5 proxy servers. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the creds library. brute.credfile,...

broadcast-pc-anywhere NSE Script

Sends a special broadcast probe to discover PC-Anywhere hosts running on a LAN. Script Arguments broadcast-pc-anywhere.timeout specifies the amount of seconds to sniff the network interface. default varies according to timing. -T3 = 5s Example Usage nmap --script broadcast-pc-anywhere Script Outp...

http-unsafe-output-escaping NSE Script

Spiders a website and attempts to identify output escaping problems where content is reflected back to the user. This script locates all parameters, ?x=foo&y=bar and checks if the values are reflected on the page. If they are indeed reflected, the script will try to insert ghzhzx"zxc'xcv and chec...

http-apache-negotiation NSE Script

Checks if the target http server has modnegotiation enabled. This feature can be leveraged to find hidden resources and spider a web site using fewer requests. The script works by sending requests for resources like index and home without specifying the extension. If modnegotiate is enabled defau...

metasploit-xmlrpc-brute NSE Script

Performs brute force password auditing against a Metasploit RPC server using the XMLRPC protocol. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the creds...

openvas-otp-brute NSE Script

Performs brute force password auditing against a OpenVAS vulnerability scanner daemon using the OTP 1.0 protocol. Script Arguments openvas-otp-brute.threads sets the number of threads. Default: 4 passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the...

bitcoin-getaddr NSE Script

Queries a Bitcoin server for a list of known Bitcoin nodes Script Arguments max-newtargets, newtargets See the documentation for the target library. Example Usage nmap -p 8333 --script bitcoin-getaddr Script Output PORT STATE SERVICE 8333/tcp open unknown | bitcoin-getaddr: | ip timestamp |...

irc-botnet-channels NSE Script

Checks an IRC server for channels that are commonly used by malicious botnets. Control the list of channel names with the irc-botnet-channels.channels script argument. The default list of channels is loic Agobot Slackbot Mytob Rbot SdBot poebot IRCBot VanBot MPack Storm GTbot Spybot Phatbot Wargb...

dns-zeustracker NSE Script

Checks if the target IP range is part of a Zeus botnet by querying ZTDNS @ abuse.ch. Please review the following information before you start to scan: Example Usage nmap -sn -PN --script=dns-zeustracker Script Output Host script results: | dns-zeustracker: | Name IP SBL ASN Country Status Level...

xmpp-info NSE Script

Connects to XMPP server port 5222 and collects server information such as: supported auth mechanisms, compression methods, whether TLS is supported and mandatory, stream management, language, support of In-Band registration, server capabilities. If possible, studies server vendor. Script Argument...

http-awstatstotals-exec NSE Script

Exploits a remote code execution vulnerability in Awstats Totals 1.0 up to 1.14 and possibly other products based on it CVE: 2008-3922. This vulnerability can be exploited through the GET variable sort. The script queries the web server with the command payload encoded using PHP's chr function:...

broadcast-db2-discover NSE Script

Attempts to discover DB2 servers on the network by sending a broadcast request to port 523/udp. Script Arguments max-newtargets, newtargets See the documentation for the target library. Example Usage nmap --script db2-discover Script Output Pre-scan script results: | broadcast-db2-discover: |...

http-majordomo2-dir-traversal NSE Script

Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. CVE-2011-0049. Vulnerability originally discovered by Michael Brooks. For more information about this vulnerability: Script Arguments http-majordomo2-dir-traversal.rfile Remote file to download. Default:...

Nmap NSE net: afp-path-vuln

Detects the Mac OS X AFP directory traversal vulnerability, CVE-2010-0533. This script attempts to iterate over all AFP shares on the remote host. For each share it attempts to access the parent directory by exploiting the directory traversal vulnerability as described in CVE-2010-0533. The scrip...

sip-enum-users NSE Script

Enumerates a SIP server's valid extensions users. The script works by sending REGISTER SIP requests to the server with the specified extension and checking for the response status code in order to know if an extension is valid. If a response status code is 401 or 407, it means that the extension ...

dns-brute NSE Script

Attempts to enumerate DNS hostnames by brute force guessing of common subdomains. With the dns-brute.srv argument, dns-brute will also try to enumerate common DNS SRV records. Wildcard records are listed as "A" and "AAAA" for IPv4 and IPv6 respectively. See also: dns-nsec3-enum.nse...

Lexmark X651de - Printer Ready Message Value HTML Injection

Lexmark X651de - Printer Ready Message Value HTML Injection source: https://www.securityfocus.com/bid/45688/info Lexmark Printer X651de is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successfu...