85 matches found
stuxnet-detect NSE Script
Detects whether a host is infected with the Stuxnet worm . An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line. See also: smb-vuln-ms10-061.nse Script Arguments stuxnet-detect.save Path to save Stuxnet executable under, with ...
wsdd-discover NSE Script
Retrieves and displays information from devices supporting the Web Services Dynamic Discovery WS-Discovery protocol. It also attempts to locate any published Windows Communication Framework WCF web services .NET 4.0 or later. Script Arguments max-newtargets, newtargets See the documentation for t...
targets-traceroute NSE Script
Inserts traceroute hops into the Nmap scanning queue. It only functions if Nmap's --traceroute option is used and the newtargets script argument is given. Script Arguments newtargets If specified, adds traceroute hops onto Nmap scanning queue. max-newtargets See the documentation for the target...
domcon-brute NSE Script
Performs brute force password auditing against the Lotus Domino Console. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the creds library. brute.credfile,...
afp-serverinfo NSE Script
Shows AFP server information. This information includes the server's hostname, IPv4 and IPv6 addresses, and hardware type for example Macmini or MacBookPro. Script Arguments afp.password, afp.username See the documentation for the afp library. Example Usage nmap -sV -sC Script Output PORT STATE...
qscan NSE Script
Repeatedly probe open and/or closed ports on a host to obtain a series of round-trip time values for each port. These values are used to group collections of ports which are statistically different from other groups. Ports being in different groups or "families" may be due to network mechanisms...
pgsql-brute NSE Script
Performs password guessing against PostgreSQL. Script Arguments pgsql.version Force protocol version 2 or 3. pgsql.nossl If set to 1 or true, disables SSL. passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. Example Usage nmap -p 5432...
ipidseq NSE Script
Classifies a host's IP ID sequence test for susceptibility to idle scan. Sends six probes to obtain IP IDs from the target and classifies them similarly to Nmap's method. This is useful for finding suitable zombies for Nmap's idle scan -sI as Nmap itself doesn't provide a way to scan for these...
http-vmware-path-vuln NSE Script
Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server CVE-2009-3733. The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 . Script Arguments slaxml.debug See the documentation for the slaxml library. http.host,...
snmp-netstat NSE Script
Attempts to query SNMP for a netstat like output. The script can be used to identify and automatically add new targets to the scan by supplying the newtargets script argument. Script Arguments max-newtargets, newtargets See the documentation for the target library. creds.service, creds.global See...
snmp-processes NSE Script
Attempts to enumerate running processes through SNMP. Script Arguments creds.service, creds.global See the documentation for the creds library. snmp.version See the documentation for the snmp library. Example Usage nmap -sU -p 161 --script=snmp-processes Script Output | snmp-processes: | 1: | Nam...
snmp-win32-software NSE Script
Attempts to enumerate installed software through SNMP. Script Arguments snmp.version See the documentation for the snmp library. creds.service, creds.global See the documentation for the creds library. Example Usage nmap -sU -p 161 --script=snmp-win32-software Script Output | snmp-win32-software:...
snmp-win32-shares NSE Script
Attempts to enumerate Windows Shares through SNMP. Script Arguments creds.service, creds.global See the documentation for the creds library. snmp.version See the documentation for the snmp library. Example Usage nmap -sU -p 161 --script=snmp-win32-shares Script Output | snmp-win32-shares: | SYSVO...
http-methods NSE Script
Finds out what options are supported by an HTTP server by sending an OPTIONS request. Lists potentially risky methods. It tests those methods not mentioned in the OPTIONS headers individually and sees if they are implemented. Any output other than 501/405 suggests that the method is if not in the...
lexmark-config NSE Script
Retrieves configuration information from a Lexmark S300-S400 printer. The Lexmark S302 responds to the NTPRequest version probe with its configuration. The response decodes as mDNS, so the request was modified to resemble an mDNS request as close as possible. However, the port 9100/udp is listed ...
db2-das-info NSE Script
Connects to the IBM DB2 Administration Server DAS on TCP or UDP port 523 and exports the server profile. No authentication is required for this request. The script will also set the port product and version if a version scan is requested. Example Usage nmap -sV Script Output PORT STATE SERVICE...
dns-service-discovery NSE Script
Attempts to discover target hosts' services using the DNS Service Discovery protocol. The script first sends a query for services.dns-sd.udp.local to get a list of services. It then sends a followup query for each one to try to get more information. Script Arguments max-newtargets, newtargets See...
afp-showmount NSE Script
Shows AFP shares and ACLs. Script Arguments afp.password, afp.username See the documentation for the afp library. Example Usage nmap -sV --script=afp-showmount Script Output PORT STATE SERVICE 548/tcp open afp | afp-showmount: | Yoda's Public Folder | Owner: Search,Read,Write | Group: Search,Read...
http-favicon NSE Script
Gets the favicon "favorites icon" from a web page and matches it against a database of the icons of known web applications. If there is a match, the name of the application is printed; otherwise the MD5 hash of the icon data is printed. If the script argument favicon.uri is given, that relative U...
dns-random-txid NSE Script
Checks a DNS server for the predictable-TXID DNS recursion vulnerability. Predictable TXID values can make a DNS server vulnerable to cache poisoning attacks see CVE-2008-1447. The script works by querying txidtest.dns-oarc.net see . Be aware that any targets against which this script is run will...