Lucene search
+L
NmapMost viewed

607 matches found

Nmap
Nmap
•added 2019/08/05 6:30 a.m.•654 views

dicom-ping NSE Script

Attempts to discover DICOM servers DICOM Service Provider through a partial C-ECHO request. It also detects if the server allows any called Application Entity Title or not. The script responds with the message "Called AET check enabled" when the association request is rejected due configuration...

10CVSS9.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2018/06/23 7:46 p.m.•647 views

broadcast-jenkins-discover NSE Script

Discovers Jenkins servers on a LAN by sending a discovery broadcast probe. For more information about Jenkins auto discovery, see: Script Arguments broadcast-jenkins.address address to which the probe packet is sent. default: 255.255.255.255 broadcast-jenkins.timeout socket timeout default: 5s...

10CVSS9.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2011/07/21 10:4 a.m.•642 views

imap-brute NSE Script

Performs brute force password auditing against IMAP servers using either LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5 or NTLM authentication. Script Arguments imap-brute.auth authentication mechanism to use LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5 or NTLM passdb, unpwdb.passlimit, unpwdb.timelimit,...

10CVSS0.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2010/03/04 7:10 p.m.•641 views

ldap-search NSE Script

Attempts to perform an LDAP search and returns all matches. If no username and password is supplied to the script the Nmap registry is consulted. If the ldap-brute script has been selected and it found a valid account, this account will be used. If not anonymous bind will be used as a last attemp...

10CVSS9.4AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2010/12/06 5:19 a.m.•639 views

http-vhosts NSE Script

Searches for web virtual hostnames by making a large number of HEAD requests against http servers using common hostnames. Each HEAD request provides a different Host header. The hostnames come from a built-in default list. Shows the names that return a document. Also shows the location of...

10CVSS0.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2017/06/29 9:27 p.m.•638 views

ssh-publickey-acceptance NSE Script

This script takes a table of paths to private keys, passphrases, and usernames and checks each pair to see if the target ssh server accepts them for publickey authentication. If no keys are given or the known-bad option is given, the script will check if a list of known static public keys are...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
•added 2014/05/26 1:28 a.m.•633 views

http-cisco-anyconnect NSE Script

Connect as Cisco AnyConnect client to a Cisco SSL VPN and retrieves version and tunnel information. Script Arguments slaxml.debug See the documentation for the slaxml library. smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the smbauth library...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/07/09 8:50 a.m.•633 views

sip-call-spoof NSE Script

Spoofs a call to a SIP phone and detects the action taken by the target busy, declined, hung up, etc. This works by sending a fake sip invite request to the target phone and checking the responses. A response with status code 180 means that the phone is ringing. The script waits for the next...

10CVSS9.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/12/17 3:59 p.m.•623 views

mysql-enum NSE Script

Performs valid-user enumeration against MySQL server using a bug discovered and published by Kingcope . Server version 5.x are susceptible to an user enumeration attack due to different messages during login when using old authentication mechanism from versions 4.x and earlier. Script Arguments...

10CVSS9.4AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2011/07/24 8:13 p.m.•622 views

http-litespeed-sourcecode-download NSE Script

Exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension CVE-2010-2333. If the server is not vulnerable it returns an error 400. If index.php i...

10CVSS9.2AI score0.99448EPSS
Exploits36
Nmap
Nmap
•added 2012/01/02 11:21 a.m.•607 views

http-proxy-brute NSE Script

Performs brute force password guessing against HTTP proxy servers. Script Arguments http-proxy-brute.url sets an alternative URL to use when brute forcing default: http-proxy-brute.method changes the HTTP method to use when performing brute force guessing default: HEAD creds.service, creds.global...

10CVSS0.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2013/07/25 12:57 a.m.•590 views

whois-domain NSE Script

Attempts to retrieve information about the domain name of the target See also: whois-ip.nse Example Usage nmap --script whois-domain.nse This script starts by querying the whois.iana.org which is the root of the whois servers. Using some patterns the script can determine if the response represent...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/03/22 12:9 a.m.•588 views

http-drupal-enum-users NSE Script

Enumerates Drupal users by exploiting an information disclosure vulnerability in Views, Drupal's most popular module. Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames. For...

10CVSS9.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2011/12/11 7:44 p.m.•579 views

http-grep NSE Script

Spiders a website and attempts to match all pages and urls against a given string. Matches are counted and grouped per url under which they were discovered. Features built in patterns like email, ip, ssn, discover, amex and more. The script searches for email and ip by default. Script Arguments...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2008/11/06 2:52 a.m.•579 views

ms-sql-info NSE Script

Attempts to determine configuration and version information for Microsoft SQL Server instances. SQL Server credentials required: No will not benefit from mssql.username & mssql.password. Run criteria: Host script: Will always run. Port script: N/A NOTE: Unlike previous versions, this script will...

10CVSS9.5AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2015/08/14 12:34 p.m.•576 views

http-fetch NSE Script

The script is used to fetch files from servers. The script supports three different use cases: The paths argument isn't provided, the script spiders the host and downloads files in their respective folders relative to the one provided using "destination". The paths argumenta single item or list i...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2011/11/04 9:17 p.m.•571 views

rlogin-brute NSE Script

Performs brute force password auditing against the classic UNIX rlogin remote login service. This script must be run in privileged mode on UNIX because it must bind to a low source port number. Script Arguments rlogin-brute.timeout socket timeout for connecting to rlogin default 10s passdb,...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2014/01/16 7:7 p.m.•552 views

sstp-discover NSE Script

Check if the Secure Socket Tunneling Protocol is supported. This is accomplished by trying to establish the HTTPS layer which is used to carry SSTP traffic as described in: - Current SSTP server implementations: - Microsoft Windows Server 2008/Server 2012 - MikroTik RouterOS - SEIL Example...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2011/06/20 1:45 a.m.•545 views

ip-geolocation-ipinfodb NSE Script

Tries to identify the physical location of an IP address using the IPInfoDB geolocation web service . There is no limit on requests to this service. However, the API key needs to be obtained through free registration for this service: http://ipinfodb.com/login.php See also:...

10CVSS0.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2011/01/09 3:43 a.m.•540 views

nrpe-enum NSE Script

Queries Nagios Remote Plugin Executor NRPE daemons to obtain information such as load averages, process counts, logged in user information, etc. This script attempts to execute the stock list of commands that are enabled. User-supplied arguments are not supported. Script Arguments nrpe-enum.cmds ...

10CVSS9.5AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/05/22 7:53 p.m.•539 views

distcc-cve2004-2687 NSE Script

Detects and exploits a remote code execution vulnerability in the distributed compiler daemon distcc. The vulnerability was disclosed in 2002, but is still present in modern implementation due to poor configuration of the service. Script Arguments cmd the command to run at the remote server...

10CVSS9.7AI score0.99448EPSS
Exploits42
Nmap
Nmap
•added 2018/10/24 4:14 p.m.•537 views

smb-webexec-exploit NSE Script

Attempts to run a command via WebExService, using the WebExec vulnerability. Given a Windows account local or domain, this will start an arbitrary executable with SYSTEM privileges over the SMB protocol. The argument webexeccommand will run the command directly. It may or may not start with a GUI...

10CVSS0.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2017/07/28 9:1 a.m.•534 views

smb2-vuln-uptime NSE Script

Attempts to detect missing patches in Windows systems by checking the uptime returned during the SMB2 protocol negotiation. SMB2 protocol negotiation response returns the system boot time pre-authentication. This information can be used to determine if a system is missing critical patches without...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
•added 2010/02/21 8:52 a.m.•534 views

ldap-rootdse NSE Script

Retrieves the LDAP root DSA-specific Entry DSE Example Usage nmap -p 389 --script ldap-rootdse Script Output PORT STATE SERVICE 389/tcp open ldap | ldap-rootdse: | currentTime: 20100112092616.0Z | subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=cqure,DC=net | dsServiceName: CN=NTDS...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2008/11/06 2:52 a.m.•534 views

http-passwd NSE Script

Checks if a web server is vulnerable to directory traversal by attempting to retrieve /etc/passwd or \boot.ini. The script uses several technique: Generic directory traversal by requesting paths like ../../../../etc/passwd. Known specific traversals of several web servers. Query string traversal...

10CVSS9.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/05/14 9:34 p.m.•533 views

gkrellm-info NSE Script

Queries a GKRellM service for monitoring information. A single round of collection is made, showing a snapshot of information at the time of the request. Example Usage nmap -p 19150 --script gkrellm-info Script Output PORT STATE SERVICE 19150/tcp open gkrellm | gkrellm-info: | Hostname: ubu1110 |...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2011/12/28 12:57 a.m.•529 views

telnet-encryption NSE Script

Determines whether the encryption option is supported on a remote telnet server. Some systems including FreeBSD and the krb5 telnetd available in many Linux distributions implement this option incorrectly, leading to a remote root vulnerability. This script currently only tests whether encryption...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2017/07/28 9:1 a.m.•527 views

smb2-capabilities NSE Script

Attempts to list the supported capabilities in a SMBv2 server for each enabled dialect. The script sends a SMB2COMNEGOTIATE command and parses the response using the SMB dialects: 2.0.2 2.1 3.0 3.0.2 3.1.1 References: Script Arguments randomseed, smbbasic, smbport, smbsign See the documentation f...

10CVSS0.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/04/09 9:40 p.m.•526 views

http-robtex-shared-ns NSE Script

Finds up to 100 domain names which use the same name server as the target by querying the Robtex service at . The target must be specified by DNS name, not IP address. TEMPORARILY DISABLED due to changes in Robtex's API. See Script Arguments slaxml.debug See the documentation for the slaxml...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/05/14 9:30 p.m.•524 views

ajp-brute NSE Script

Performs brute force passwords auditing against the Apache JServ protocol. The Apache JServ Protocol is commonly used by web servers to communicate with back-end Java application server containers. Script Arguments ajp-brute.path URL path to request. Default: / creds.service, creds.global See the...

10CVSS0.4AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2017/07/18 2:26 a.m.•523 views

openwebnet-discovery NSE Script

OpenWebNet is a communications protocol developed by Bticino since 2000. Retrieves device identifying information and number of connected devices. References: Example Usage nmap --script openwebnet-discovery Script Output | openwebnet-discover: | IP Address: 192.168.200.35 | Net Mask: 255.255.255...

10CVSS0.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2017/02/09 9:30 p.m.•521 views

tls-ticketbleed NSE Script

Detects whether a server is vulnerable to the F5 Ticketbleed bug CVE-2016-9244. For additional information: Script Arguments tls-ticketbleed.protocols default tries all TLSv1.0, TLSv1.1, or TLSv1.2 tls.servername See the documentation for the tls library. smbdomain, smbhash, smbnoguest,...

10CVSS0.1AI score0.99448EPSS
Exploits40
Nmap
Nmap
•added 2011/12/26 2:22 p.m.•519 views

dns-blacklist NSE Script

Checks target IP addresses against multiple DNS anti-spam and open proxy blacklists and returns a list of services for which an IP has been flagged. Checks may be limited by service category eg: SPAM, PROXY or to a specific service name. Script Arguments dns-blacklist.services string containing a...

10CVSS0.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2010/06/12 2:25 a.m.•519 views

dns-cache-snoop NSE Script

Performs DNS cache snooping against a DNS server. There are two modes of operation, controlled by the dns-cache-snoop.mode script argument. In nonrecursive mode the default, queries are sent to the server with the RD recursion desired flag set to 0. The server should respond positively to these...

10CVSS9.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2008/11/06 2:52 a.m.•519 views

sniffer-detect NSE Script

Checks if a target on a local Ethernet has its network card in promiscuous mode. The techniques used are described at . Example Usage nmap -sV --script=sniffer-detect Script Output Host script results: | sniffer-detect: Likely in promiscuous mode tests: "11111111" Requires nmap stdnse string tabl...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/05/19 5:33 p.m.•515 views

mysql-query NSE Script

Runs a query against a MySQL database and returns the results as a table. Script Arguments mysql-query.noheaders do not display column headers default: false mysql-query.query the query for which to return the results mysql-query.username optional the username used to authenticate to the database...

10CVSS9.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2018/03/10 7:23 a.m.•514 views

hostmap-crtsh NSE Script

Finds subdomains of a web server by querying Google's Certificate Transparency logs database . The script will run against any target that has a name, either specified on the command line or obtained via reverse-DNS. NSE implementation of ctfr.py by Sheila Berta. References:...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
•added 2010/04/04 10:11 a.m.•505 views

ms-sql-brute NSE Script

Performs password guessing against Microsoft SQL Server ms-sql. Works best in conjunction with the broadcast-ms-sql-discover script. SQL Server credentials required: No will not benefit from mssql.username & mssql.password. Run criteria: Host script: Will run if the mssql.instance-all,...

10CVSS0.1AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/07/09 8:57 a.m.•501 views

sip-methods NSE Script

Enumerates a SIP Server's allowed methods INVITE, OPTIONS, SUBSCRIBE, etc. The script works by sending an OPTION request to the server and checking for the value of the Allow header in the response. Script Arguments sip.timeout See the documentation for the sip library. Example Usage nmap...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
•added 2013/11/08 9:19 p.m.•499 views

http-server-header NSE Script

Uses the HTTP Server header for missing version info. This is currently infeasible with version probes because of the need to match non-HTTP services correctly. Example Usage nmap -sV Script Output PORT STATE SERVICE VERSION 80/tcp open http Unidentified Server 1.0 PORT STATE SERVICE VERSION 80/t...

10CVSS0.6AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2008/11/11 11:59 a.m.•495 views

banner NSE Script

A simple banner grabber which connects to an open TCP port and prints out anything sent by the listening service within five seconds. The banner will be truncated to fit into a single line, but an extra line may be printed for every increase in the level of verbosity requested on the command line...

10CVSS9.4AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2010/04/04 10:11 a.m.•493 views

ms-sql-xp-cmdshell NSE Script

Attempts to run a command using the command shell of Microsoft SQL Server ms-sql. SQL Server credentials required: Yes use ms-sql-brute, ms-sql-empty-password and/or mssql.username & mssql.password Run criteria: Host script: Will run if the mssql.instance-all, mssql.instance-name or...

10CVSS0.6AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2010/04/04 1:41 p.m.•484 views

dns-fuzz NSE Script

Launches a DNS fuzzing attack against DNS servers. The script induces errors into randomly generated but valid DNS packets. The packet template that we use includes one uncompressed and one compressed name. Use the dns-fuzz.timelimit argument to control how long the fuzzing lasts. This script...

10CVSS9.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/03/02 12:28 p.m.•482 views

mongodb-brute NSE Script

Performs brute force password auditing against the MongoDB database. Script Arguments mongodb-brute.db Database against which to check. Default: admin passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See...

10CVSS0.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2016/01/08 3:29 p.m.•481 views

smtp-ntlm-info NSE Script

This script enumerates information from remote SMTP services with NTLM authentication enabled. Sending a SMTP NTLM authentication request with null credentials will cause the remote service to respond with a NTLMSSP message disclosing information to include NetBIOS, DNS, and OS build version...

10CVSS0.99448EPSS
Exploits33
Nmap
Nmap
•added 2012/01/02 11:27 a.m.•481 views

redis-info NSE Script

Retrieves information such as version number and architecture from a Redis key-value store. Script Arguments creds.service, creds.global See the documentation for the creds library. Example Usage nmap -p 6379 --script redis-info Script Output PORT STATE SERVICE 6379/tcp open unknown | redis-info:...

10CVSS9.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2015/05/31 6:34 p.m.•480 views

http-vuln-misfortune-cookie NSE Script

Detects the RomPager 4.07 Misfortune Cookie vulnerability by safely exploiting it. See also: http-vuln-cve2013-6786.nse Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline,...

10CVSS9.2AI score0.99448EPSS
Exploits45
Nmap
Nmap
•added 2017/07/28 9:1 a.m.•479 views

smb2-time NSE Script

Attempts to obtain the current system date and the start date of a SMB2 server. Script Arguments randomseed, smbbasic, smbport, smbsign See the documentation for the smb library. smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the smbauth library. Examp...

10CVSS9.2AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2015/07/04 7:26 a.m.•479 views

http-cross-domain-policy NSE Script

Checks the cross-domain policy file /crossdomain.xml and the client-acces-policy file /clientaccesspolicy.xml in web applications and lists the trusted domains. Overly permissive settings enable Cross Site Request Forgery attacks and may allow attackers to access sensitive data. This script is...

10CVSS9.3AI score0.99448EPSS
Exploits33
Nmap
Nmap
•added 2011/01/14 3:15 p.m.•478 views

dns-update NSE Script

Attempts to perform a dynamic DNS update without authentication. Either the test or both the hostname and ip script arguments are required. Note that the test function will probably fail due to using a static zone name that is not the zone configured on your target. Script Arguments dns-update.te...

10CVSS9.3AI score0.99448EPSS
Exploits33
Total number of security vulnerabilities607