Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the memosaccesstoken function of the UpdateInstanceSetting component when manipulating the additionalStyle or additionalScript arguments. An attacker can gain unauthorized access to sensitive informatio...

CVE-2021-1452

A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...

smb2-time NSE Script

Attempts to obtain the current system date and the start date of a SMB2 server. Script Arguments randomseed, smbbasic, smbport, smbsign See the documentation for the smb library. smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the smbauth library. Examp...

broadcast-ospf2-discover NSE Script

Discover IPv4 networks using Open Shortest Path First version 2OSPFv2 protocol. The script works by listening for OSPF Hello packets from the 224.0.0.5 multicast address. The script then replies and attempts to create a neighbor relationship, in order to discover network database. If no interface...

tso-brute NSE Script

TSO account brute forcer. This script relies on the NSE TN3270 library which emulates a TN3270 screen for NMAP. TSO user IDs have the following rules: - it cannot begin with a number - only contains alpha-numeric characters and @, , $. - it cannot be longer than 7 chars Script Arguments...

fingerprint-strings NSE Script

Prints the readable strings from service fingerprints of unknown services. Nmap's service and application version detection engine sends named probes to target services and tries to identify them based on the response. When there is no match, Nmap produces a service fingerprint for submission...

unittest NSE Script

Runs unit tests on all NSE libraries. Script Arguments unittest.run Run tests. Causes unittest.testing to return true. unittest.tests Run tests from only these libraries defaults to all Example Usage nmap --script unittest --script-args unittest.run Script Output Pre-scan script results: |...

http-iis-short-name-brute NSE Script

Attempts to brute force the 8.3 filenames commonly known as short names of files and directories in the root folder of vulnerable IIS servers. This script is an implementation of the PoC "iis shortname scanner". The script uses ,? and to bruteforce the short name of files present in the IIS...

rpc-grind NSE Script

Fingerprints the target RPC port to extract the target service, RPC number and version. The script works by sending RPC Null call requests with a random high version unsupported number to the target service with iterated over RPC program numbers from the nmap-rpc file and check for replies from t...

broadcast-eigrp-discovery NSE Script

Performs network discovery and routing information gathering through Cisco's Enhanced Interior Gateway Routing Protocol EIGRP. The script works by sending an EIGRP Hello packet with the specified Autonomous System value to the 224.0.0.10 multicast address and listening for EIGRP Update packets. T...

dns-nsec3-enum NSE Script

Tries to enumerate domain names from the DNS server that supports DNSSEC NSEC3 records. The script queries for nonexistant domains until it exhausts all domain ranges keeping track of hashes. At the end, all hashes are printed along with salt and number of iterations used. This technique is known...

ajp-headers NSE Script

Performs a HEAD or GET request against either the root directory or any optional directory of an Apache JServ Protocol server and returns the server response headers. Script Arguments ajp-headers.path The path to request, such as /index.php. Default /. slaxml.debug See the documentation for the...

redis-brute NSE Script

Performs brute force passwords auditing against a Redis key-value store. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the creds library. brute.credfile,...

http-unsafe-output-escaping NSE Script

Spiders a website and attempts to identify output escaping problems where content is reflected back to the user. This script locates all parameters, ?x=foo&y=bar and checks if the values are reflected on the page. If they are indeed reflected, the script will try to insert ghzhzx"zxc'xcv and chec...

ms-sql-dump-hashes NSE Script

Dumps the password hashes from an MS-SQL server in a format suitable for cracking by tools such as John-the-ripper. In order to do so the user needs to have the appropriate DB privileges. Credentials passed as script arguments take precedence over credentials discovered by other scripts. Script...

xmpp-brute NSE Script

Performs brute force password auditing against XMPP Jabber instant messaging servers. Script Arguments xmpp-brute.servername needed when host name cannot be automatically determined eg. when running against an IP, instead of hostname xmpp-brute.auth authentication mechanism to use LOGIN, PLAIN,...

ip-geolocation-ipinfodb NSE Script

Tries to identify the physical location of an IP address using the IPInfoDB geolocation web service . There is no limit on requests to this service. However, the API key needs to be obtained through free registration for this service: http://ipinfodb.com/login.php See also:...

Nmap NSE net: ms-sql-hasdbaccess

Queries Microsoft SQL Server ms-sql for a list of databases a user has access to. The script needs an account with the sysadmin server role to work. It needs to be fed credentials through the script arguments or from the scripts 'mssql-brute' or 'mssql-empty- password'. When run, the script...

quake3-master-getservers NSE Script

Queries Quake3-style master servers for game servers many games other than Quake 3 use this same protocol. Script Arguments quake3-master-getservers.outputlimit If set, limits the amount of hosts returned by the script. All discovered hosts are still stored in the registry for other scripts to us...

dns-fuzz NSE Script

Launches a DNS fuzzing attack against DNS servers. The script induces errors into randomly generated but valid DNS packets. The packet template that we use includes one uncompressed and one compressed name. Use the dns-fuzz.timelimit argument to control how long the fuzzing lasts. This script...