38 matches found
http-unsafe-output-escaping NSE Script
Spiders a website and attempts to identify output escaping problems where content is reflected back to the user. This script locates all parameters, ?x=foo&y=bar and checks if the values are reflected on the page. If they are indeed reflected, the script will try to insert ghzhzx"zxc'xcv and chec...
reverse-index NSE Script
Creates a reverse index at the end of scan output showing which hosts run a particular service. This is in addition to Nmap's normal output listing the services on each host. Script Arguments reverse-index.mode the output display mode, can be either horizontal or vertical default: horizontal...
http-put NSE Script
Uploads a local file to a remote web server using the HTTP PUT method. You must specify the filename and URL path with NSE arguments. Script Arguments http-put.file - The full path to the local file that should be uploaded to the server http-put.url - The remote directory and filename to store...
lltd-discovery NSE Script
Uses the Microsoft LLTD protocol to discover hosts on a local network. For more information on the LLTD protocol please refer to Script Arguments lltd-discovery.interface string specifying which interface to do lltd discovery on. If not specified, all ethernet interfaces are tried...
http-vuln-cve2011-3192 NSE Script
Detects a denial of service vulnerability in the way the Apache web server handles requests for multiple overlapping/simple ranges of a page. References: See also: http-slowloris-check.nse http-slowloris.nse Script Arguments http-vuln-cve2011-3192.path Define the request path...
broadcast-ping NSE Script
Sends broadcast pings on a selected interface using raw ethernet packets and outputs the responding hosts' IP and MAC addresses or if requested adds them as targets. Root privileges on UNIX are required to run this script since it uses raw sockets. Most operating systems don't respond to...
creds-summary NSE Script
Lists all discovered credentials e.g. from brute force and default password checking scripts at end of scan. Script Arguments creds.service, creds.global See the documentation for the creds library. Example Usage nmap -sV -sC Script Output | creds-summary: | 10.10.10.10 | 22/ssh | lisbon:jane -...
smb-mbenum NSE Script
Queries information managed by the Windows Master Browser. Script Arguments smb-mbenum.format optional if set, changes the format of the result returned by the script. There are three possible formats: 1. Ordered by type horizontally 2. Ordered by type vertically 3. Ordered by type vertically...
targets-sniffer NSE Script
Sniffs the local network for a configurable amount of time 10 seconds by default and prints discovered addresses. If the newtargets script argument is set, discovered addresses are added to the scan queue. Requires root privileges. Either the targets-sniffer.iface script argument or -e Nmap optio...
epmd-info NSE Script
Connects to Erlang Port Mapper Daemon epmd and retrieves a list of nodes with their respective port numbers. Example Usage nmap -p 4369 --script epmd-info Script Output PORT STATE SERVICE 4369/tcp open epmd | epmd-info.nse: | epmdport: 4369 | nodes: | rabbit: 36804 | ejabberd: 46540 Requires nmap...
dns-update NSE Script
Attempts to perform a dynamic DNS update without authentication. Either the test or both the hostname and ip script arguments are required. Note that the test function will probably fail due to using a static zone name that is not the zone configured on your target. Script Arguments dns-update.te...
http-domino-enum-passwords NSE Script
Attempts to enumerate the hashed Domino Internet Passwords that are by default accessible by all authenticated users. This script can also download any Domino ID Files attached to the Person document. Passwords are presented in a form suitable for running in John the Ripper. The passwords may be...
ms-sql-query NSE Script
Runs a query against Microsoft SQL Server ms-sql. SQL Server credentials required: Yes use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or mssql.instance-port script arguments are used...
qscan NSE Script
Repeatedly probe open and/or closed ports on a host to obtain a series of round-trip time values for each port. These values are used to group collections of ports which are statistically different from other groups. Ports being in different groups or "families" may be due to network mechanisms...
ldap-search NSE Script
Attempts to perform an LDAP search and returns all matches. If no username and password is supplied to the script the Nmap registry is consulted. If the ldap-brute script has been selected and it found a valid account, this account will be used. If not anonymous bind will be used as a last attemp...
ntp-info NSE Script
Gets the time and configuration variables from an NTP server. We send two requests: a time request and a "read variables" opcode 2 control message. Without verbosity, the script shows the time and the value of the version, processor, system, refid, and stratum variables. With verbosity, all...
ftp-anon NSE Script
Checks if an FTP server allows anonymous logins. If anonymous is allowed, gets a directory listing of the root directory and highlights writeable files. See also: ftp-brute.nse Script Arguments ftp-anon.maxlist The maximum number of files to return in the directory listing. By default it is 20, o...
asn-query NSE Script
Maps IP addresses to autonomous system AS numbers. The script works by sending DNS TXT queries to a DNS server which in turn queries a third-party service provided by Team Cymru using an in-addr.arpa style zone set up especially for use by Nmap. The responses to these queries contain both Origin...