133 matches found
CVE-2018-1000161
CVE-2018-1000161 affects nmap versions 6.49BETA6 through 7.60 (including SVN r37147). The vulnerability is a Directory Traversal in the NSE script http-fetch that can cause file overwrite when the script is executed by a user, exploitable when a victim runs the NSE http-fetch against a malicious ...
Updated nmap packages fix security vulnerability
Nmap developer nnposter found a security flaw directory traversal vulnerability in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially depending on NSE arguments used cause files to be saved...
Nmap-Vulners - NSE Script Using Some Well-Known Service To Provide Info On Vulnerabilities
NSE script based on Vulners.com API. NSE script using some well-known service to provide info on vulnerabilities. Dependencies: nmap libraries: http json string The only thing you should always keep in mind is that the script depends on having software versions at hand, so it only works with -sV...
smb-enum-services NSE Script
Retrieves the list of services running on a remote Windows system. Each service attribute contains service name, display name and service status of each service. Note: Modern Windows systems requires a privileged domain account in order to list the services. References: Script Arguments randomsee...
smb-protocols NSE Script
Attempts to list the supported protocols and dialects of a SMB server. The script attempts to initiate a connection using the dialects: NT LM 0.12 SMBv1 2.0.2 SMBv2 2.1 SMBv2 3.0 SMBv3 3.0.2 SMBv3 3.1.1 SMBv3 Additionally if SMBv1 is found enabled, it will mark it as insecure. This script is the...
dnaTools dnaLIMS 4-2015s13 Directory Traversal Nmap NSE Script
local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local vulns = require "vulns" local nmap = require "nmap" description = dnaLIMS is prone to the Directory Traversal attack. The viewAppletFsa.cgi seqID parameter is...
ASUS WRT Cross Site Scripting Nmap NSE Script
local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local vulns = require "vulns" local nmap = require "nmap" description = ASUSWRT is a wireless router operating system that powers many routers produced by ASUS...
cics-enum NSE Script
CICS transaction ID enumerator for IBM mainframes. This script is based on mainframebrute by Dominic White . However, this script doesn't rely on any third party libraries or tools and instead uses the NSE TN3270 library which emulates a TN3270 screen in lua. CICS only allows for 4 byte transacti...
vtam-enum NSE Script
Many mainframes use VTAM screens to connect to various applications CICS, IMS, TSO, and many more. This script attempts to brute force those VTAM application IDs. This script is based on mainframebrute by Dominic White . However, this script doesn't rely on any third party libraries or tools and...
tn3270-screen NSE Script
Connects to a tn3270 'server' and returns the screen. Hidden fields will be listed below the screen with row, col coordinates. Script Arguments tn3270-screen.commands a semi-colon separated list of commands you want to issue before printing the screen tn3270-screen.lu specify a logical unit you...
coap-resources NSE Script
Dumps list of available resources from CoAP endpoints. This script establishes a connection to a CoAP endpoint and performs a GET request on a resource. The default resource for our request is code/.well-known/core/core, which should contain a list of resources provided by the endpoint. For...
ipmi-brute NSE Script
Performs brute force password auditing against IPMI RPC server. Script Arguments brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass See the documentation for the brute...
NUUO NVRmini 2 3.0.8 - Remote Code Execution
NUUO NVRmini 2 3.0.8 - Remote Code Execution !/usr/bin/env python NUUO Remote Root Exploit Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with...
vnc-title NSE Script
Tries to log into a VNC server and get its desktop name. Uses credentials discovered by vnc-brute, or None authentication types. If realvnc-auth-bypass was run and returned VULNERABLE, this script will use that vulnerability to bypass authentication. See also: vnc-brute.nse realvnc-auth-bypass.ns...
Ruby-Nmap - A Rubyful interface to the Nmap exploration tool and security / port scanner
A Ruby interface to nmap , the exploration tool and security / port scanner. Features Provides a Ruby interface for running nmap. Provides a Parser for enumerating nmap XML scan files. Examples Run Nmap from Ruby: require 'nmap/program' Nmap::Program.scan do |nmap| nmap.synscan = true...
targets-xml NSE Script
Loads addresses from an Nmap XML output file for scanning. Address type IPv4 or IPv6 is determined according to whether -6 is specified to nmap. Script Arguments targets-xml.iX Filename of an Nmap XML file to import targets-xml.state Only hosts with this status will have their addresses input...
smb-vuln-regsvc-dos NSE Script
Checks if a Microsoft Windows 2000 system is vulnerable to a crash in regsvc caused by a null pointer dereference. This check will crash the service if it is vulnerable and requires a guest account or higher to work. The vulnerability was discovered by Ron Bowes while working on smb-enum-sessions...
http-fetch NSE Script
The script is used to fetch files from servers. The script supports three different use cases: The paths argument isn't provided, the script spiders the host and downloads files in their respective folders relative to the one provided using "destination". The paths argumenta single item or list i...
omron-info NSE Script
This NSE script is used to send a FINS packet to a remote device. The script will send a Controller Data Read Command and once a response is received, it validates that it was a proper response to the command that was sent, and then will parse out the data. Example Usage nmap --script omron-info...
Backdoor access to Techboard/Syac devices
ADVISORY INFORMATION Title: Backdoor access to Techboard/Syac devices Discovery date: 02/04/2014 Release date: 07/07/2014 Advisory URL: http://blog.emaze.net/2014/07/backdoor-techboardsyac.html Credits: Roberto Paleari @rpaleari, Luca Giancane [email protected] VULNERABILITY INFORMATION...